[liberationtech] the Blackberry and Surveillance?
Michael Rogers
michael at briarproject.org
Wed Jun 12 06:15:33 PDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/06/13 09:14, michael gurstein wrote:
> I haven`t been watching that closely but in the course of my
> following the current discussions on surveillance I have yet to see
> a reference to RIM/Blackberry...
>
> Is this because it`s recent loss of market share means it isn`t of
> particular interest (I would have thought the up to recent user
> demographics would rather make it of particular interest), because
> of some features which put it outside of the current surveillance
> stream, have I missed it in the current discussion, other?
Hi Mike,
As far as I know, the situation with BlackBerry is as follows. If
you're an enterprise customer, you generate your own encryption key
for BBM (I don't know whether it's used for email too), and run your
own server. RIM claimed in August 2010 that it didn't have access to
the encryption keys generated by enterprise customers and couldn't
observe the content of their communication. The statement didn't say
whether RIM could observe metadata.
http://blogs.thenational.ae/business/beep-beep/full-rim-customer-statement-on-blackberry-security-issues
If you're a non-enterprise customer, your BBM messages are scrambled
with a key that's built into all BlackBerry devices and known to RIM.
https://mailman.stanford.edu/pipermail/liberationtech/2013-April/008293.html
RIM has come under pressure from several governments to decrypt BBM
messages, so I think it's safe to assume that the key used for
scrambling non-enterprise BBM messages is widely known by now.
For both enterprise and non-enterprise customers, if you use a
third-party email provider, that provider will have access to content
and metadata regardless of what device you're using.
I don't know whether wireless carriers can observe the metadata of BBM
messages; they could collect the scrambled messages of non-enterprise
customers, for descrambling by anyone who knows the key.
Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJRuHR1AAoJEBEET9GfxSfMfm4IAJYUc9eD5yZJr4G7kAC5wJSl
ZXwrATajTYS+VIxY6yHPe5tQoOMHBXbMF/41No/oua6CoOoU2UU++BHAtGsVarHE
koKujVdtn3Tp18Jy6uEru/5qHaNx7+n8FF7lcr72k/yRfgzBKREVH2hge6s2pCYO
NcEya2PxKGcwiCk1f3901JwqVoeYxjEVNn2Wjx65lFppX0imn23UALZgnPHQaxX3
t20BYNwz1g1iSiJg2ngxkdOgTeSXelwI0do4h1mEZtFtapfChdjRb9/rAWi1NOwS
T8Kos128nDk/0cDuqObONxZD01UjgPIUFxBVVnfjJnKm220r6z7IBpelmrgWi6Y=
=9cNa
-----END PGP SIGNATURE-----
More information about the liberationtech
mailing list