[liberationtech] BB in the news again

Wed Aug 10 05:39:02 PDT 2011

This is a great post explaining the difference between enterprise vs non-enterprise RIM crypto and lawful access.

http://www.christopher-parsons.com/blog/technology/decrypting-blackberry-security-decentralizing-the-future/

It is also unclear currently exactly what is being handed over by RIM, but Simon McKay's analysis seems correct to me. However if the riots continue, I wouldn't be surprised if different routes were used.

Under the Regulation of Investigatory Powers Act (RIPA), police can apply for details of a customer's phone records, including their location, details of calls made and received, and internet activity.

But requests must be made for each suspect on a case-by-case basis.

Police would be unable to carry out a broad-based search, identifying, for example, every person who was in Clapham Junction sending the word "riot".

Continue reading the main story
“
Start Quote

Similar to other technology providers in the UK we comply with the Regulation.”

Patrick Spence
Blackberry
"They would have to say we want this individual's comms data and these are the reasons why," said solicitor advocate Simon McKay, who has written a book on the subject.

"When it comes to the next person they would have to look at that completely separately and re-apply."

Initial identification data would likely need to be taken from video, photographs, CCTV footage and other intelligence.

Those limits mean telecoms subscriber data becomes useful additional evidence, rather than a first port of call.

Mr McKay explained that, when considering requests, the issue of collateral intrusion also had to be taken into account - specifically, how much of other people's data might inadvertently be disclosed, along with that of the suspect.

http://www.bbc.co.uk/news/technology-14465546

Eric

On 10 Aug 2011, at 01:30 PM, liberationtech at lewman.us wrote:

> On Tue, Aug 09, 2011 at 02:26:14PM -0400, katrin at mobileactive.org wrote 1.7K bytes in 46 lines about:
> :  David Lammy, Britain's intellectual property minister, also called
> :  for a suspension of Blackberry's encrypted instant message service.
> :  Many rioters, exploiting that service, had been able to organize mobs
> :  and outrun the police, who were ill-equipped to monitor it. "It is
> 
> Just a thought, the BB messenger service is like any other instant
> messaging service where the users all connect and chat through a central
> server. In this case, RIM runs the servers. The data is encrypted
> between the user and the RIM servers, but not between users. Therefore,
> RIM should be able to see all of the text contained in the chats. If RIM
> has any sort of logs, they could potentially compile a list of all those
> rioting, or hand this data over the UK Police (once requested properly). 
> 
> I realize the police are ill-equipped to decrypt these conversations
> as they fly through the air from the user's handset to the tower to
> RIM's servers.
> 
> Another possibility is that the UK police could do basic traffic
> analysis of transmissions and figure out what a BBM chat looks like
> over the air/tower compared to phone calls to narrow down the set of
> people from which to request data.
> 
> -- 
> Andrew
> pgp key: 0x74ED336B
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
> 
> You will need the user name and password you receive from the list moderator in monthly reminders.
> 
> Should you need immediate assistance, please contact the list moderator.
> 
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20110810/1eee0f52/attachment.html>