Slashdot Mirror

← Back to Stories (view on slashdot.org)

BlackBerry Will Continue Operations In Pakistan (fortune.com)

Posted by Soulskill on from the walk-it-on-back dept.

An anonymous reader writes: At the end of November, BlackBerry announced it would pull its operations out of Pakistan after the country's government demanded access to BlackBerry's user data. The Pakistan government has now dropped that request, and BlackBerry will continue operating there as a result. In a statement, BlackBerry COO Marty Beard said, "We are grateful to the Pakistan Telecommunication Authority and the Pakistani government for accepting BlackBerry's position that we cannot provide the content of our customers' BES traffic, nor will we provide access to our BES servers."

36 comments

  1. Interesting by 93+Escort+Wagon · · Score: 2, Insightful

    So they won't give to Pakistan what they gave to India, eh? It'd be curious to see where they decided to draw that line, in terms of dollars earned per country.

    --
    #DeleteChrome
    1. Re:Interesting by Dahamma · · Score: 4, Informative

      Very old article, not even true, and refuted by Blackberry.

      http://in.reuters.com/article/...

      "RIM is providing an appropriate lawful access solution that enables India's telecom operators to be legally compliant with respect to their BlackBerry consumer traffic, to the same degree as other smartphone providers in India, but this does not extend to secure BlackBerry enterprise communications"

    2. Re:Interesting by Anonymous Coward · · Score: 2, Interesting

      In the interest of accuracy ...

      Your link is 5 years old. A more recent link (2013) indicates that Blackberry have allowed access to BBM and BIS, but NOT BES enterprise.

      http://www.theregister.co.uk/2013/07/11/blackberry_gives_indian_spooks_access/

      In short, India and Pakistan have been given exactly the same deal.

    3. Re:Interesting by Provocateur · · Score: 1

      As in, Gentlemen, start your SPINengines

      But if it's not spin, at least we know where smarter heads prevailed. Their leaders knew it was a slippery slope to begin with: we have access. Can the other player/terrorist/competing regime/other country gain that same access, with enough dollars or gold to throw at that server?

      --
      WARNING: Smartphones have side effects--most of them undocumented.
    4. Re: Interesting by guruevi · · Score: 1

      They can't give physical access to the clients' BES servers but that doesn't mean they haven't given them a key to unlock intercepted encrypted traffic. If they are okay with giving access to their less paying patrons, why draw the line there?

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    5. Re:Interesting by dissy · · Score: 1

      So they won't give to Pakistan what they gave to India, eh?

      According to the article you posted and this slashdot article, they did give to Pakistan what they gave to India - which was absolutely nothing.

      Didn't you read either one of them?

    6. Re: Interesting by tlhIngan · · Score: 2

      They can't give physical access to the clients' BES servers but that doesn't mean they haven't given them a key to unlock intercepted encrypted traffic. If they are okay with giving access to their less paying patrons, why draw the line there?

      You have to realize how BlackBerries work.

      First, when they're attached to a BES server, the BES server and Blackberry exchange keys. That key is used for all traffic - the BlackBerry itself encrypts traffic using the BES server key, forwards it to the Blackberry network which sends it to the customer's BES installation. BES then decrypts the package and figures out what it needs to do - work email, traffic destined for the internet, etc. All communications are end-to-end encrypted and the Blackberry network just sees data blobs it can't decrypt.

      In a consumer mode, what happens is the Blackberry network exchanges keys with the blackberry. The blackberry sends encrypted payloads to the blackberry network, which then decrypts it and accesses the internet. At this point the traffic is decrypted.

      A "local" blackberry network server like that in India just means the Indian users are routed to that server. If the blackberry is attached to BES, then the indian server forwards it onwards as an encrypted payload as that's all it can do. If it isn't, then it's handled locally and decrypted.

      A blackberry without BES has decrypted network traffic like a regular smartphone - if you're accessing an IMAP server unencrypted, the blackberry will access it unencrypted.

      Pakistan wanted ALL blackberry traffic to be available to it - including BES traffic (India just wanted unattached traffic). That is not in the architecture, which is why Blackberry was shutting down - the design of the network was such that BES traffic could not be decrypted because it was end-to-end. Unattached blackberries are also end-to-end encrypted, except one end is the server attached to the public internet.

    7. Re: Interesting by guruevi · · Score: 1

      I understand how BES works, the issue is that it isn't entirely unfeasible that Blackberry (the entity) doesn't have a master key that could access the data-in-stream to each of it's BES servers. The BES servers are a closed environment, a black box really, we really don't know. What we do know is that by default Blackberry DOES have a global pin which is enabled by default AND that your mobile carrier (could) know your PIN as well.

      The BlackBerry device scrambles PIN messages using the PIN encryption key. By default, each BlackBerry device uses a global PIN encryption key, which allows the BlackBerry device to decrypt every PIN message that the BlackBerry device receives. Your organisation can use a global PIN encryption key, a PIN encryption key that is specific to your organisation, or both.

      And guess how a specific PIN encryption key gets sent out? Encrypted using the global PIN.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  2. Good for them by penguinoid · · Score: 1, Funny

    I heard BlackBerry had been in quite a jam due to a thorny situation, their operations in Pakistan were about to become toast.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  3. Blackberry by Anonymous Coward · · Score: 0

    Blackberry.... Lol

  4. NSA - Yes. India - Yes. Pakistan - No. by Anonymous Coward · · Score: 0

    I guess they are really selective about what countries they allow to get whatever they want.

    Good thing they're so done you can put a fork in them.

    It's not news that Blackberry will keep operating in Pakistan.
    It's news that Blackberry will keep operating at all!

  5. Re:NSA - Yes. India - Yes. Pakistan - No. by Anonymous Coward · · Score: 0

    Was India BIS or BES? There is a distinct difference therefore I am asking you for confirmation.

  6. Re:NSA - Yes. India - Yes. Pakistan - No. by penguinoid · · Score: 1

    NSA -- probably already had the info
    India -- probably wrote their code
    Pakistan -- probably isn't really willing to piss off their citizens and lose a company

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  7. Re:Let the US see Pakistan's BES traffic by Quasimodem · · Score: 1

    You mean just because they are Muslim and own a Blackberry?

  8. Blackberrys BES is one of their few selling points by Anonymous Coward · · Score: 0

    They would be better advised to cut ties with a middling market like Pakistan, rather than do them special favors and alienate their remaining customers.

    The fact that Pakistan backed down is a great advert for Blackberry's security policy.

  9. Keys already available by Anonymous Coward · · Score: 0

    NSA probably agreed to pass along relevant data. They already have the keys.

  10. Bullshit by Anonymous Coward · · Score: 0

    They gave them access, they just needed to announce they didn't for PR reasons. Blackberry can't pull out of any countries, they aren't financially strong enough.

  11. Who? Just kidding. by wjcofkc · · Score: 1

    A long time ago I worked for a carrier. One day someone from Blackberry corporate was there. He had a demo device of their yet to be released all touch screen smart phone. I really kind of liked it. No one said it to his face, but by then we already all knew that it was too late. Then again, I am sure he did too. This would have been a perfect time for Microsoft to buy them just for their technology. Its's too late now though, they are knee deep in the platform they are currently offering.

    --
    Brought to you by Carl's Junior.
    1. Re:Who? Just kidding. by wjcofkc · · Score: 1

      Well damn. I hate to reply to myself but this prompted me to take a look at what they are currently trying to do. I had no idea that they had gone Android. That is a crowded market but perhaps it will be enough. Time will tell.

      --
      Brought to you by Carl's Junior.
    2. Re: Who? Just kidding. by guruevi · · Score: 2

      Their selling point was always encryption but then they sold out their customers to the US government and later other governments as well and all trust in their platform was lost. That and the fact that their functionality is easily replicated by going full SSL and remotely revoked full device encryption (which the iPhone did early on).

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    3. Re: Who? Just kidding. by tmjva · · Score: 1

      Why even bother with such requests nowadays. It should just be easier to hack. Or is it smaller governments lack the budget? Or for a small fee they should get a data feed from NSA!

      --
      Tracy Johnson
      Old fashioned text games hosted below:
      http://empire.openmpe.com/
      BT
  12. Now they'll just hack them instead by kheldan · · Score: 1

    I'm not sure if Pakistan can actually be trusted. Wouldn't be surprised if they just hack into Blackberrys' servers instead now.

    --
    Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
    1. Re:Now they'll just hack them instead by Anonymous Coward · · Score: 0

      Blackberry doesn't have the encryption keys for BES if the server is hosted at the customers site. The individual customers have the responsibility to keep their own servers safe.

  13. Backdoored by Anonymous Coward · · Score: 1

    Blackberrys stance on encryption is well known (this is from November THIS year). They say one thing to customers, and a different thing to Federal agencies:

    http://fortune.com/2015/11/18/blackberry-government-surveillance/

    "BlackBerry’s philosophy about encryption and law enforcement requests is to take a “balanced approach,” according to chief operating officer Marty Beard."

    "Encryption is very important to protect governments, business and individuals from hacking. That’s why so many world leaders and CEOs rely on BlackBerry to protect their data. At the same time, no one wants to see terrorists and criminals taking advantage of encryption to evade detection. That’s why we have always strongly supported law enforcement around the world when they need our help. While we do not support so-called ‘back-doors,’ we and every other tech company bears a responsibility to do all we can to help governments protect their citizens."

    They describe a backdoor and then deny its a backdoor, but its a backdoor.

    And if its a backdoor at the level of Blackberry, then any country where Blackberry operates will demand the keys to that backdoor. China, US, UK.... all of them have extra judicial key grabbing powers.

    1. Re:Backdoored by Anonymous Coward · · Score: 0

      These kind of posts are why I think BES is secure. Unnamed spokeswoman says they cooperate, so there's a backdoor.

      That's some kindergarten level reading comprehension right there.

    2. Re:Backdoored by Anonymous Coward · · Score: 0

      Not unnamed, the conference speaker was the very same BlackBerry COO Marty Beard of this article. The backup comments confirming the backdoor was Blackberry own PR office trying to spin it as a good thing.

      GP (and you) pretends that... even if Blackberry consumer traffic is backdoored, their corporate traffic somehow isn't. Yet the attitude of Blackberry is clear there, they say one thing to customers and another to fed spooks. Pakistan demanded full access, and there's no reason they would exclude higher end devices, and Marty Beard made no distinction between different devices.

      He said one more thing that was enlightening....

      "His comment, reported by FedScoop from a conference of tech and government IT leaders in Washington DC, was aimed at setting BlackBerry apart from rivals that he described as being “all about encryption all the way.”"

      So his competitors are “all about encryption all the way.”, which tells us that his competitors don't do backdoors like Blackberry.

    3. Re:Backdoored by Anonymous Coward · · Score: 0

      its not a backdoor retard, they host the BES servers, of course they can decrypt it .... i didnt think people on slashdot were this technically illiterate, gets worse every year i guess

    4. Re:Backdoored by Anonymous Coward · · Score: 1

      "BES servers, of course they can decrypt it "

      While others offer end to end encryption and cannot be made to decrypt it. End to end is secure, but Blackberry solution is data mined by NSA, GCHQ, Indian and now Pakistan intelligence.

      Adding insults won't fix this, its a back-doored product, even if you don't like the word backdoor.

      Alice talking to Bob, should not have a backdoor to Snooper Kareem.

    5. Re: Backdoored by Anonymous Coward · · Score: 0

      None of you guys know fuck all and should shut the fuck up about taking some meaning that is opposite of what is said.

      BES is on premise with their own keys. BlackBerry doesn't have these keys. The communication doesn't have to leave the business's infrastructure.

      They also have a BES cloud offering, but I suspect that you still get your own keys.

      The Snowden docs revealed they could only get BES traffic when they hacked the endpoint inside the network.

      Now BIS (older pre-BB10) and BBM consumer stuff is a global/shared key, and thereâ(TM)s BlackBerry Protect (find and wipe your phone) service that would be helpful to law enforcement.

      Stop talking generalities and speak specifically if you want to be part of the conversation, but spouting off about shit you don't know about tells me you're a fucking idiot.

  14. Re:Blackberrys BES is one of their few selling poi by RandomFactor · · Score: 2

    Doesn't matter. People compared the heavily limited locked down enterprise blackberry devices with their personal unrestricted iDroids. What a shock, iDroids won by a mile, even while Blackberry was still ahead of them..

    Security? Management? Not part of the end user world view.

    --
    --- Mercutio was right.
  15. I read the headline as by Anonymous Coward · · Score: 0

    Blackberry is moving their HQ and R&D to Pakistan. Interesting choice, but what are the alternatives?

  16. Re:Let the US see Pakistan's BES traffic by unixisc · · Score: 1

    Easier way - just freeze relations w/ Pakistan, and stop accepting ANY Paki citizens. The ones who are not Muslim are not the ones who have access to any of the embassies or consulates - they'd just attempt to get refuge in India - which many have gotten

  17. rofl... by Anonymous Coward · · Score: 0

    only NSA, no one else...

  18. how is it backdoored? by Anonymous Coward · · Score: 0

    They describe a backdoor and then deny its a backdoor, but its a backdoor.

    And if its a backdoor at the level of Blackberry, then any country where Blackberry operates will demand the keys to that backdoor. China, US, UK.... all of them have extra judicial key grabbing powers.

    That's like saying there is a backdoor in SMTP with STARTTLS.

    If you control the RIM/Blackberry server, either via the company BES or the telco, then you can read mail. Governments can get access to those messages with a warrant. This is no hidden way to get at the message in transit.

    It's likely claiming that there's a backdoor in Postfix or OpenSSL since a Unix sysadmin can access the message while it's sitting in the INBOX.

    If you don't want your server admin/s reading your mail use PGP or S/MIME.