[liberationtech] the Blackberry and Surveillance?
Robert Guerra
rguerra at privaterra.org
Wed Jun 12 07:10:35 PDT 2013
Michael & Ale,
I gave numerous interviews back in 2010 when Blackberry started openly co-operating with governments to keep their service online. The concerns raised then, to this day then remain unanswered by the company.
Given the company's unwillingness to constructively engage and be open regarding on their practices regarding data sharing has led me to recommend to activists to AVOID their devices and services at all costs. Other far more secure solutions exist, such as the open source Guardian Project. Their secure solutions for Android are excellent and quite respected by digital security practitioners.
regards
Robert
Refs:
BlackBerry has reportedly reached an agreement with Saudi Arabia to continue messaging services in the country. It's unclear what data will now be shared.
(August 10, 2010)
http://www.csmonitor.com/World/Global-News/2010/0810/BlackBerry-caved-to-Saudi-demands-rights-group
The Guardian Project: Secure Mobile Apps and Open-Source Code for a Better Tomorrow
https://guardianproject.info/
--
R. Guerra
Phone/Cell: +1 202-905-2081
Twitter: twitter.com/netfreedom
Email: rguerra at privaterra.org
On 2013-06-12, at 9:51 AM, ale fernandez wrote:
> I remember also during the UK riots last year people started using BBM and it was much more effective than other networks also partly due to not being as obvious or closely tracked as facebook posts etc.
>
> Ale
>
> On Wed, 12 Jun 2013 14:15:33 +0100
> Michael Rogers <michael at briarproject.org> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 12/06/13 09:14, michael gurstein wrote:
>>> I haven`t been watching that closely but in the course of my
>>> following the current discussions on surveillance I have yet to see
>>> a reference to RIM/Blackberry...
>>>
>>> Is this because it`s recent loss of market share means it isn`t of
>>> particular interest (I would have thought the up to recent user
>>> demographics would rather make it of particular interest), because
>>> of some features which put it outside of the current surveillance
>>> stream, have I missed it in the current discussion, other?
>>
>> Hi Mike,
>>
>> As far as I know, the situation with BlackBerry is as follows. If
>> you're an enterprise customer, you generate your own encryption key
>> for BBM (I don't know whether it's used for email too), and run your
>> own server. RIM claimed in August 2010 that it didn't have access to
>> the encryption keys generated by enterprise customers and couldn't
>> observe the content of their communication. The statement didn't say
>> whether RIM could observe metadata.
>>
>> http://blogs.thenational.ae/business/beep-beep/full-rim-customer-statement-on-blackberry-security-issues
>>
>> If you're a non-enterprise customer, your BBM messages are scrambled
>> with a key that's built into all BlackBerry devices and known to RIM.
>>
>> https://mailman.stanford.edu/pipermail/liberationtech/2013-April/008293.html
>>
>> RIM has come under pressure from several governments to decrypt BBM
>> messages, so I think it's safe to assume that the key used for
>> scrambling non-enterprise BBM messages is widely known by now.
>>
>> For both enterprise and non-enterprise customers, if you use a
>> third-party email provider, that provider will have access to content
>> and metadata regardless of what device you're using.
>>
>> I don't know whether wireless carriers can observe the metadata of BBM
>> messages; they could collect the scrambled messages of non-enterprise
>> customers, for descrambling by anyone who knows the key.
>>
>> Cheers,
>> Michael
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iQEcBAEBAgAGBQJRuHR1AAoJEBEET9GfxSfMfm4IAJYUc9eD5yZJr4G7kAC5wJSl
>> ZXwrATajTYS+VIxY6yHPe5tQoOMHBXbMF/41No/oua6CoOoU2UU++BHAtGsVarHE
>> koKujVdtn3Tp18Jy6uEru/5qHaNx7+n8FF7lcr72k/yRfgzBKREVH2hge6s2pCYO
>> NcEya2PxKGcwiCk1f3901JwqVoeYxjEVNn2Wjx65lFppX0imn23UALZgnPHQaxX3
>> t20BYNwz1g1iSiJg2ngxkdOgTeSXelwI0do4h1mEZtFtapfChdjRb9/rAWi1NOwS
>> T8Kos128nDk/0cDuqObONxZD01UjgPIUFxBVVnfjJnKm220r6z7IBpelmrgWi6Y=
>> =9cNa
>> -----END PGP SIGNATURE-----
>> --
>> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
More information about the liberationtech
mailing list