[liberationtech] BlackBerry and CALEA-II

[Jacob Appelbaum]

Griffin Boyce:
> Jacob Appelbaum <jacob at appelbaum.net> wrote:
> 
>>> You already know this, but for the benefit of the list <snip>
>>
>> Unless these are on a BES server - it's all insecure - if it is on a BES
>> server, it may still be insecure depending on a few factors.
>>
> 
>   Depends on whether they enable SMS logging, but that only requires
> setting a flag. Phone call metadata is stored by default. The multitude of
> things stored on / synced with is extensive, and includes email, address
> book, browser history, and list of all apps installed.  It can also access
> the Password Keeper file remotely (you'd still need to brute force the main
> password, but it's likely trivial).
> 

Right - so without a BES server - the entire cell phone network would
get this data, with a few exceptions.

>   If a user sets up sync, someone spoofing their phone could retrieve the
> whole shebang, including all messages.

Spoofing? I mean, I suspect impersonating a phone requires knowledge of
secret keys on the telephone. So to own the phone as you suggest, I
think you'd have to have the phone already or control the BES.

> 
>> What REALLY scares me about this is how many medical providers use
>>> Blackberry products in their practices.
>> Well, sure. It would be as bad as every other BlackBerry device
>> normally. A real joy, I tell you.
>>
> 
> Maybe.  I'd wager it's much worse.  Depends on those affected.

Ok... was there something here that I'm missing? If you can downgrade
the security that the BES would otherwise offer, you'd end up with...
the default BlackBerry "security" protections.

> 
> 
>> There are obviously degrees of secure.
>>
> 
>   There are also degrees of availability/access/usability.  As a tech guy
> with a lot of non-techy friends, the amount of work involved to get my
> close friends using Pidgin+OTR has been non-trivial.  For many options,
> there are usability issues, class issues, that keep adoption pretty low.
> 

Install Gibberbot, OTR comes for free. The same is true for Adium. It
will soon be the case when I get around to importing pidgin-otr into
pidgin's hg repository.

>   And what does it mean to be one of a privileged subset who can get ahold
> of eg a VOIP STE or buy a set of Cryptophones.  For the first, you need
> connections, and for both you need to be an advanced user (not to mention
> have the money to afford them).  Most people would picture the costs of
> adoption to be greater than the benefits of adoption.
> 

Neither requires an advanced user - both are so simple as to not require
anything beyond remembering a single password, which can even be set to
something simple, if you wanted.

Yes, both are more expensive than free but compared to a BlackBerry
device with a BES? Negligible cost differences.

> I suggest you check out Cryptophone
> 
> 
>   I've considered getting a pair for my girlfriend and myself, but other
> options have proven to be a better fit.

Oh? How so? What did you go with and how does it contrast? For example
the new Android Cryptophone has a baseband firewall - does your kit have
something similar?

> 
> GibberBot with OTR provides the same set of features without all of the
>> home rolled crypto problems, the web related problems or a third party
>> that you're not already using on a daily basis.
>>
> 
>   Well, I'm using it on a daily basis.  We're both biased in different
> directions ;-)
> 

I'm not sure that I'd call my choice a bias.

Many people use XMPP/Jabber already and they get federation for free -
just as they do with email and in some cases, it is the same address for
both email and Jabber.

The crypto is similarly not subject to the bleeding edge Javascript
crypto world; I'm sure there are issues with everything though recently
the Stanford Javascript library did sorta accidentally break uh, what,
everything using it?

All the best,
Jacob