9 Comments

Zis is vot ve call projection, from ze nation zat gave us bugged first-class Air France cabins.

I’m in doubt as to the accuracy of the charges in this story. There’s just not enough information there to know for sure, but I’m still in doubt. First of all, you cannot just “pick up” a Blackberry transmission en route (of course, I’m assuming that’s what they meant by “pick up” in the story i.e. packet sniff the transmission… I could be wrong, they might not be intercepting “en route”…). Blackberry traffic is very well encrypted, and no, folks can’t make up some dumb story about mysterious NSA computers that can decrypt anything. The level of encryption available to even the average user today is a practical defeat of any amount of computing power available in these times (i.e. takes on the scale of centuries to millenia to forcibly decrypt). At any rate, the traffic is well encrypted, so you’d have to compromise the traffic at the endpoints (the Blackberry itself, the sender or recipient of the mail, or the mail server).

Can the NSA have access to the mail servers? I don’t know the *legal* aspects, but my opinion is that they’d need explicitly allowed access by the server owners (i.e. the server administrator creates an account for them to access the server, or logs them in, or does some conscious action to allow an NSA agent access). Why do I believe that? Because it’d be a stupidly huge challenge to force access (i.e. “hack” the server), that’s why. Mail servers nowadays can be very well secured, so while a compromise of a server is possible, the length of time it would take would be hideously prohibitive. So in short, due to security features available in just about any modern messaging system – like Microsoft Exchange, or Lotus’s products, which are the most likely ones in place when you’re talking Blackberries – make technical forcing problematic. You’re better off having the admins “hand over the keys”, so to speak, unless you don’t mind waiting on the order of years before being able to read the mail. And that’s if you can keep an email server administrator from taking deliberate actions when compromise attempts are detected.

On top of that: PGP is available for Blackberrys (Link…). So while it’s possible to read mail if someone coerces a mail server administrator to let you into the server, if you PGP your message, you’ll still be unreadable.

Is this story really being driven by a security concern? Or did some purchasing agent in the French government come across some other technology he or she liked better and tried to force a replacement with a security argument? I work for an entity that was hit by all sorts of wireless messaging companies marketing trying to fill the Blackberry niche, and they are agressive. I’d sooner believe this is a bureaucratic issue with the security aspect being a red herring than I’d believe that someone compromised technical security.

Of course, I have to admit: If agents are explicitly allowed access by the server owners, everything’s out the window. The question is, is that what the French government feared? That NSA agents were in bed with whomever ran the stateside and UK servers in question?

I laughed when I read that report. I work for a defense contractor that provides technology services to the DoD. Several years ago, the FBI briefed us about espionage against companies like mine. Some of it comes from other corporations but many of the worst offenders were nations who had a policy of using their intelligence assets to steal American corporate technology. France was specifically mentioned as one of the worst offenders*. Simply put – if you’re traveling to France, don’t carry a laptop with private information on it unless you can keep the laptop in your possession at all times. If you leave it in your room, odds are one of the “cleaning staff” will examine it while you’re gone.

*China, Israel, and Japan were also mentioned as major offenders.

Whoops. Error:

“On top of that: PGP is available for Blackberrys (Link…). So while it’s possible to read mail if someone coerces a mail server administrator to let you into the server, if you PGP your message, you’ll still be unreadable.”

Change that to:

“On top of that: PGP is available for Blackberrys (Link…). So while it’s possible to read mail if someone coerces a mail server administrator to let them into the server, if you PGP your message, you’ll still be unreadable.”

Sorry… stream of consciousness composition there. Didn’t stop to think about the pronoun problems.

Thanks for the update, ElMondo. I haven’t seen anything anywhere as instructive about this “controversy.”

ElMondo,

One Acronym – CALEA

Funnily enough, Blackberrys are officially banned in Russia (although I’ve used mine there as a foreigner…go figure).

They say that this is for ’security reasons’.

Maybe they’re only banned in countries that go out of their way to support the mullahs, and then get economic incentives in return? Strange that the UK and Germany allow people to use them, if that is indeed the case…

No problem Roger. Anytime.

——

DanM: CALEA? Yes, that’s exactly what I meant by administrators handing over the keys. Otherwise, without the server administrators’ cooperation, the regular security imparted by the encryption makes “tapping” or sniffing difficult to the point of being a practical impossibility. But anyway, the point is that it would take more than access to the network the mail server is on; you’d have to have access to the server itself. Which, reading what I can find on CALEA, is something that act allows for, but I’m not sure what the mechanism is to actually invoke that.

Anyway, that’s also why I mentioned PGP. If a message is encrypted by the Blackberry end user, it doesn’t matter to what degree the admins are in bed with the intelligence agents; cracking it is so difficult it becomes a practical impossibility, so an agent given complete administrative access to the message on the server is still screwed. That’s also why I’m amazed at the story; a simple, relatively inexpensive program solves the security problem, if en-route interception or coerced adminmistrator access is the worry.

The real security worry is the user’s Blackberry getting stolen. Forget encryption, packet sniffing, blah blah blah… if I really wanted someone’s email on their Blackberry, I’m picking their pocket for it.

LarryJ: Governments being hypocritical? Yeah, I laughed too; I was thinking “Pot, kettle, black” when I read that.

cool links, thanks!, Whole Wheat Pasta Nutrition Info, [url="http://celidee.iquebec.com/whole-wheat-pasta-nutrition-info.html"]Whole Wheat Pasta Nutrition Info[/url], http://celidee.iquebec.com/whole-wheat-pasta-nutrition-info.html Whole Wheat Pasta Nutrition Info, jcbf, Yam Who Mix, [url="http://pozohonddo.iquebec.com/yam-who-mix.html"]Yam Who Mix[/url], http://pozohonddo.iquebec.com/yam-who-mix.html Yam Who Mix, 2191, Whole Mount In Situ Hybridization, [url="http://clarrisa.iquebec.com/whole-mount-in-situ-hybridization.html"]Whole Mount In Situ Hybridization[/url], http://clarrisa.iquebec.com/whole-mount-in-situ-hybridization.html Whole Mount In Situ Hybridization, 529281, Wholesale Auto Brokers Inc Idaho, [url="http://carrrion.iquebec.com/wholesale-auto-brokers-inc-idaho.html"]Wholesale Auto Brokers Inc Idaho[/url], http://carrrion.iquebec.com/wholesale-auto-brokers-inc-idaho.html Wholesale Auto Brokers Inc Idaho, gfm, Woman Who Watch Man, [url="http://gaalvezz.iquebec.com/woman-who-watch-man.html"]Woman Who Watch Man[/url], http://gaalvezz.iquebec.com/woman-who-watch-man.html Woman Who Watch Man, 157341, Whole Wheat Oatmeal Cookie, [url="http://celidee.iquebec.com/whole-wheat-oatmeal-cookie.html"]Whole Wheat Oatmeal Cookie[/url], http://celidee.iquebec.com/whole-wheat-oatmeal-cookie.html Whole Wheat Oatmeal Cookie, >:-[, Whole Mount Immunofluorescence Protocol, [url="http://celidee.iquebec.com/whole-mount-immunofluorescence-protocol.html"]Whole Mount Immunofluorescence Protocol[/url], http://celidee.iquebec.com/whole-mount-immunofluorescence-protocol.html Whole Mount Immunofluorescence Protocol, mtsx, Whole Number Operations, [url="http://clarrisa.iquebec.com/whole-number-operations.html"]Whole Number Operations[/url], http://clarrisa.iquebec.com/whole-number-operations.html Whole Number Operations, :OOO, Woman Whose Bra Straps Fall Down, [url="http://pozohonddo.iquebec.com/woman-whose-bra-straps-fall-down.html"]Woman Whose Bra Straps Fall Down[/url], http://pozohonddo.iquebec.com/woman-whose-bra-straps-fall-down.html Woman Whose Bra Straps Fall Down, rztuly, Wholesale Boston Acoustics, [url="http://carrrion.iquebec.com/wholesale-boston-acoustics.html"]Wholesale Boston Acoustics[/url], http://carrrion.iquebec.com/wholesale-boston-acoustics.html Wholesale Boston Acoustics, , Wholesale Lanyards, [url="http://salcido.iquebec.com/wholesale-lanyards.html"]Wholesale Lanyards[/url], http://salcido.iquebec.com/wholesale-lanyards.html Wholesale Lanyards, 225722, You Dont Even Know Who I Am Family Guy, [url="http://gurule.iquebec.com/you-dont-even-know-who-i-am-family-guy.html"]You Dont Even Know Who I Am Family Guy[/url], http://gurule.iquebec.com/you-dont-even-know-who-i-am-family-guy.html You Dont Even Know Who I Am Family Guy, znsnk, Word Whoomp, [url="http://carddenas.iquebec.com/word-whoomp.html"]Word Whoomp[/url], http://carddenas.iquebec.com/word-whoomp.html Word Whoomp, %D, Whole Person Healing, [url="http://clarrisa.iquebec.com/whole-person-healing.html"]Whole Person Healing[/url], http://clarrisa.iquebec.com/whole-person-healing.html Whole Person Healing, %-]]], Wholesale Bubble Mailer, [url="http://carrrion.iquebec.com/wholesale-bubble-mailer.html"]Wholesale Bubble Mailer[/url], http://carrrion.iquebec.com/wholesale-bubble-mailer.html Wholesale Bubble Mailer, 614888, Whole Number, [url="http://clarrisa.iquebec.com/whole-number.html"]Whole Number[/url], http://clarrisa.iquebec.com/whole-number.html Whole Number, 04505, Whole Sale Travel Com, [url="http://salcido.iquebec.com/whole-sale-travel-com.html"]Whole Sale Travel Com[/url], http://salcido.iquebec.com/whole-sale-travel-com.html Whole Sale Travel Com, 4534, Women Who Have Had Abortions, [url="http://gurule.iquebec.com/women-who-have-had-abortions.html"]Women Who Have Had Abortions[/url], http://gurule.iquebec.com/women-who-have-had-abortions.html Women Who Have Had Abortions, 17471, Women Who Are Submissive, [url="http://ruudolph.iquebec.com/women-who-are-submissive.html"]Women Who Are Submissive[/url], http://ruudolph.iquebec.com/women-who-are-submissive.html Women Who Are Submissive, nfvzv, Whole Sale Item, [url="http://salcido.iquebec.com/whole-sale-item.html"]Whole Sale Item[/url], http://salcido.iquebec.com/whole-sale-item.html Whole Sale Item, 0527, Whole Sale Pocket Bikes, [url="http://clarrisa.iquebec.com/whole-sale-pocket-bikes.html"]Whole Sale Pocket Bikes[/url], http://clarrisa.iquebec.com/whole-sale-pocket-bikes.html Whole Sale Pocket Bikes, 813, Woman Who Wear Girdle, [url="http://gaalvezz.iquebec.com/woman-who-wear-girdle.html"]Woman Who Wear Girdle[/url], http://gaalvezz.iquebec.com/woman-who-wear-girdle.html Woman Who Wear Girdle, 8242, Wyatt Whoso, [url="http://carddenas.iquebec.com/wyatt-whoso.html"]Wyatt Whoso[/url], http://carddenas.iquebec.com/wyatt-whoso.html Wyatt Whoso, lpi, Wholegrain Cereals, [url="http://celidee.iquebec.com/wholegrain-cereals.html"]Wholegrain Cereals[/url], http://celidee.iquebec.com/wholegrain-cereals.html Wholegrain Cereals, 227, You Are Who You Were When, [url="http://ruudolph.iquebec.com/you-are-who-you-were-when.html"]You Are Who You Were When[/url], http://ruudolph.iquebec.com/you-are-who-you-were-when.html You Are Who You Were When, mkw,