[liberationtech] the Blackberry and Surveillance?
ale fernandez
skoria at gmail.com
Wed Jun 12 06:51:28 PDT 2013
I remember also during the UK riots last year people started using BBM and it was much more effective than other networks also partly due to not being as obvious or closely tracked as facebook posts etc.
Ale
On Wed, 12 Jun 2013 14:15:33 +0100
Michael Rogers <michael at briarproject.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 12/06/13 09:14, michael gurstein wrote:
> > I haven`t been watching that closely but in the course of my
> > following the current discussions on surveillance I have yet to see
> > a reference to RIM/Blackberry...
> >
> > Is this because it`s recent loss of market share means it isn`t of
> > particular interest (I would have thought the up to recent user
> > demographics would rather make it of particular interest), because
> > of some features which put it outside of the current surveillance
> > stream, have I missed it in the current discussion, other?
>
> Hi Mike,
>
> As far as I know, the situation with BlackBerry is as follows. If
> you're an enterprise customer, you generate your own encryption key
> for BBM (I don't know whether it's used for email too), and run your
> own server. RIM claimed in August 2010 that it didn't have access to
> the encryption keys generated by enterprise customers and couldn't
> observe the content of their communication. The statement didn't say
> whether RIM could observe metadata.
>
> http://blogs.thenational.ae/business/beep-beep/full-rim-customer-statement-on-blackberry-security-issues
>
> If you're a non-enterprise customer, your BBM messages are scrambled
> with a key that's built into all BlackBerry devices and known to RIM.
>
> https://mailman.stanford.edu/pipermail/liberationtech/2013-April/008293.html
>
> RIM has come under pressure from several governments to decrypt BBM
> messages, so I think it's safe to assume that the key used for
> scrambling non-enterprise BBM messages is widely known by now.
>
> For both enterprise and non-enterprise customers, if you use a
> third-party email provider, that provider will have access to content
> and metadata regardless of what device you're using.
>
> I don't know whether wireless carriers can observe the metadata of BBM
> messages; they could collect the scrambled messages of non-enterprise
> customers, for descrambling by anyone who knows the key.
>
> Cheers,
> Michael
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQEcBAEBAgAGBQJRuHR1AAoJEBEET9GfxSfMfm4IAJYUc9eD5yZJr4G7kAC5wJSl
> ZXwrATajTYS+VIxY6yHPe5tQoOMHBXbMF/41No/oua6CoOoU2UU++BHAtGsVarHE
> koKujVdtn3Tp18Jy6uEru/5qHaNx7+n8FF7lcr72k/yRfgzBKREVH2hge6s2pCYO
> NcEya2PxKGcwiCk1f3901JwqVoeYxjEVNn2Wjx65lFppX0imn23UALZgnPHQaxX3
> t20BYNwz1g1iSiJg2ngxkdOgTeSXelwI0do4h1mEZtFtapfChdjRb9/rAWi1NOwS
> T8Kos128nDk/0cDuqObONxZD01UjgPIUFxBVVnfjJnKm220r6z7IBpelmrgWi6Y=
> =9cNa
> -----END PGP SIGNATURE-----
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
More information about the liberationtech
mailing list