1. miller1861's Avatar
    Someone help me. I am trying to find out if my messages on Messenger are private. People tell me that if my company has a Blackberry Enterprise Server, that they could monitor my messages. But I need more information. Are the last three years of my messages sitting on that server? Or can they just see that I am messaging? Does the server hold and store every message? Or do the messages really not go through the server, but through the internet or some other main RIM server? No one is really giving me an answer. I am just told that the company might be able to monitor my messages if it wanted to? I can't believe that messages are being held in the server, like email that has a central repository via the server. I am going to stop using Messenger, but I need some peace of mind that my history is not sitting somewhere in perpetuity. thanks.
    06-09-08 09:55 PM
  2. kickinitlive247's Avatar
    Sounds like a guilty conscience

    Posted from my CrackBerry at wapforums.crackberry.com
    06-09-08 10:31 PM
  3. BBman_south's Avatar
    Didnt the mayor of detroit use his Blackberry to message his... ah well maybe YOURS is private
    06-09-08 10:35 PM
  4. Reed McLay's Avatar
    You might find the RIM vs India discussion of interest.

    Indian Government Issues Ultimatum to RIM | CrackBerry.com

    BlackBerry uses end to end security. The message will pass through cell networks into Internet nodes and through the BlackBerry system then back following the same path to the recipient.

    Along the way, they are protected by 128 bit encryption. Nobody can read the messages, not RIM, NSA, KGB, China or the lawful demands of the Government of India.
    Last edited by Stoner; 06-09-08 at 10:56 PM.
    06-09-08 10:51 PM
  5. Bla1ze's Avatar
    You might find the RIM vs India discussion of interest.

    BlackBerry uses end to end security. The message will pass through cell networks into Internet nodes and through the BlackBerry system then back following the same path to the recipient.

    Along the way, they are protected by 128 bit encryption. Nobody can read the messages, not RIM, NSA, KGB, China or the lawful demands of the Government of India.

    Hate to break it to ya Stoner, but that has no bearing here, if you are on a BES, your company can see all should they choose too, it's their BES and just for future reference....one of the only parts of the BlackBerry system that is NOT encrypted is BBM, BBM messages are sent as plain text through the servers and readable by anyone who has axxs, recent upgrades to BES servers allow for encryption but as default, they are NOT encrypted.

    Can a BES administrator read my PIN and/or SMS messages and see my phone call logs?

    Yes, if the BES is version 4.1 or newer and the device is o/s code 4.1 or later. - Starting with BES 4.1, the BES admin can log all PIN and SMS messages to the BES server, including the content of those messages.
    BlackBerry Messenger messages and conversations can also be audited by the BES administrator.
    In addition the administrator can view all phone calls made/received to the device including date/time number dialled and the name of the person you are calling or have called you if that name is listed in your contact list
    Last edited by Bla1ze; 06-09-08 at 11:05 PM.
    06-09-08 10:56 PM
  6. kickinitlive247's Avatar
    Very interesting, and I believe the mayor of detroit was using sms texts, which your service provider has access to. One time I called cs w/ a question and the csr was reading me back the sms messages I sent, it was a little embarrassing!

    Posted from my CrackBerry at wapforums.crackberry.com
    06-09-08 11:02 PM
  7. jenaywins's Avatar
    Well... I would just be careful about what is said through any kind od message on the phone if I were you. Besides.. If you're being good, what do you have to worry about?

    Posted from my CrackBerry at wapforums.crackberry.com
    06-09-08 11:19 PM
  8. Reed McLay's Avatar
    Much appreciated Bla1se.

    I was under the impression secure end to end was part of the package.
    06-10-08 11:00 AM
  9. tcpetersesq's Avatar
    What if you are on BES, but you send emails through one of your separate email accounts (not the "BlackBerry" account)? Aren't those messages secure (and beyond the prying eyes of an IT administrator)? I would think that none of us sign up for a total deprivation of privacy once we start using BES.
    06-10-08 11:13 AM
  10. CrackdBanker's Avatar
    Since all data, if you're on BES, goes through BES it is probably a good idea to assume all of it is accessible by the admin.

    Posted from my CrackBerry at wapforums.crackberry.com
    06-10-08 11:26 AM
  11. tcpetersesq's Avatar
    Well that's not so good. If RIM is so concerned about privacy, shouldn't there at least be a way to allow BES users at least some minimal channel for private communications. Ultimately, the user's IT administrator might have veto power, but this issue raises some very interesting privacy right questions.
    06-10-08 11:29 AM
  12. SilverSurfR's Avatar
    If you are using an employers IT equipment, don't expect any privacy. I can't quote specifically and may be just plain wrong, but I believe there are laws that allow employers to monitor all activities on their computers, network, etc.

    quick google search came up with an article by a lawyer. note: it's LONG Monitoring Employee Communications
    06-10-08 12:06 PM
  13. Reed McLay's Avatar
    This is what RIM said a week ago.

    India, RIM meet again to discuss security concerns | Technology | Internet | Reuters

    RIM said last Friday it does not have a copy of the customer's encryption key and would "simply be unable to accommodate" any such request.

    "The BlackBerry security architecture was also purposefully designed to perform as a global system independent of geography," the company said in a letter.

    "The location of data centers and the customer's choice of wireless network are irrelevant factors from a security perspective since end-to-end encryption is utilized."

    ...
    If I understand correctly, an E-mail message composed on one BlackBerry is encrypted before it is transmitted through the carrier and placed on the Internet by BlackBerry Network Opps Center to BES and the clients Exchange, or similar mail system. The process is reversed to send a message back to the device.

    Along the way, the signal can be intercepted and the data stream recorded, but with the advanced encryption used, not decrypted.

    The decryption takes place at BES where the contents are logged in clear text, presumably inside of a secure environment.
    Last edited by Stoner; 06-10-08 at 12:44 PM.
    06-10-08 12:35 PM
  14. tcpetersesq's Avatar
    If you are using an employers IT equipment, don't expect any privacy. I can't quote specifically and may be just plain wrong, but I believe there are laws that allow employers to monitor all activities on their computers, network, etc.

    quick google search came up with an article by a lawyer. note: it's LONG Monitoring Employee Communications
    I understand that employers can monitor their own equipment/network, etc. This is where it becomes interesting, however. What if the employee uses his or her own blackberry and the employer has BES. Can't the blackberry also use a separate email address (that doesn't go through BES)? I know there are different web browsers - the BlackBerry Browser goes through BES, but the Internet Browser does not.
    06-10-08 12:42 PM
  15. bellavino's Avatar
    Well... I would just be careful about what is said through any kind od message on the phone if I were you. Besides.. If you're being good, what do you have to worry about?

    Posted from my CrackBerry at wapforums.crackberry.com
    Because sometimes I am bad.
    So... that being said... if I am NOT on a BES with work and just have an independent BB with a legitimate cell carrier, how traceable are the direct BB to BB as opposed to text and sms?

    In other words someone could tap into my network or wireless *sms & txt) and read posts, but how easy/hard would it be to break into my BB to BB messages?? I am in the typical theory that nothing is private on-line, but I thought the BB to BB was really encryped.

    Inquiring minds want to know... please if anyone has info this would be great to know... (i.e. protection from stalker ex's etc)
    06-11-08 02:48 AM
  16. amazinglygraceless's Avatar
    Another CB member said it best in another thread.

    And I am paraphrasing ( too lazy to look it up )
    "Anything you don't want to see on a 4ft x 4ft white board in court is probably best not typed on your BB, or anywhere else for that matter"
    06-11-08 07:21 AM
  17. tcpetersesq's Avatar
    So once again, this all begs the question.... can a BlackBerry on BES also use BIS to send and receive data?? It seems to me that even if one is using BES, it doesn't necessarily follow that everything that is sent/received uses BES. Otherwise, why would a BES user be given the option of using the "Internet Browser" as opposed to the "BlackBerry Browser"? From what I understand, the BlackBerry browser goes through BES, but the internet (and media) browsers do not. If that is true, then why couldn't it also be the case that BES would handle only those emails going through BES, and leave other separate email accounts alone? Perhaps one of our genius residents can respond.
    06-11-08 08:31 AM
  18. Q-fugee#CB's Avatar
    It's not that BES or BIS are secure or not secure, it's that they are configurable.

    As a consumer using BIS, messages go from your POP3-providing ISP to the BIS server to your phone. Your cellphone carrier rents the BIS server directly from RIM. It's unlikely that your cellphone carrier saves these messages since there are billions of them, but they could since it's configurable. Ask them. The ISP that hosts your POP3 email account is a bigger worry, really. The over the air transmissions are encrypted, if they configure it that way.

    If your company runs a BES server, again, its configurable. If they allow "Split Pipes" or access to the carrier internet, they won't see your personal email coming directly from a BIS server, but if they don't allow it and they force all internet access to the outside world through company firewalls, they'll see it all. If the BIS-to-phone connection is encrypted by your carrier, your company will see it through their firewall and know what it is but not see the content. You have to ask your company's IT department.

    Here are some pictures of how BIS and BES work:

    BlackBerry - BlackBerry | Wireless Handheld Devices, Software & Services from Research In Motion (RIM)

    What the two pictures show is BES and BIS. What they don't show is the "Split Pipe" connection that allows both. They also don't show your carrier BIS email going through the company firewall thru the BES server to your phone, but they could configure it that way.

    If you are a consumer using only BIS, fear not, but you can ask your carrier if you're paranoid. If you're a corporate drone using BES, you have to ask your IT weenies if they allow "carrier internet access" or "split pipes." It's all configurable, but not by the end user.

    --Qfg
    Last edited by Q-fugee; 06-11-08 at 08:49 AM.
    06-11-08 08:44 AM
  19. Hankster's Avatar
    Hate to break it to ya Stoner, but that has no bearing here, if you are on a BES, your company can see all should they choose too, it's their BES and just for future reference....one of the only parts of the BlackBerry system that is NOT encrypted is BBM, BBM messages are sent as plain text through the servers and readable by anyone who has axxs, recent upgrades to BES servers allow for encryption but as default, they are NOT encrypted.

    SOURCE[/CENTER]
    This is 100% correct. I used to work in corporate America and all the managers who had BB were told all information going through their BB were monitored.
    06-11-08 09:42 AM
  20. tcpetersesq's Avatar
    Thanks for the explanation Q-fugee. I'm afraid my IT person doesn't know much. I've asked, and he says he only fixes it when it's broken. He has no idea what/how he can access the data that is transmitted through BES. If I'm hearing you correctly though, it is possible to have a set-up where BES is in place, but the user can also have separate access internet access that does not pass through BES. I'm not really paranoid, just curious. I find it all very interesting.
    06-11-08 10:19 AM
  21. Q-fugee#CB's Avatar
    Thanks for the explanation Q-fugee. I'm afraid my IT person doesn't know much. I've asked, and he says he only fixes it when it's broken. He has no idea what/how he can access the data that is transmitted through BES. If I'm hearing you correctly though, it is possible to have a set-up where BES is in place, but the user can also have separate access internet access that does not pass through BES. I'm not really paranoid, just curious. I find it all very interesting.
    Exactly. Ask your IT guy to look at this:

    http://www.blackberry.com/developers..._Handhelds.pdf

    And ask him if the IT Policy of "AllowSplitPipeConnections" or "AllowExternalConnections" are set to TRUE.

    If they are set to FALSE, but there is a specific application you'd like to grant direct access to, ask them to set up per-application access permission:

    BlackBerry Search Results

    Also, IT Support guys love it when end-users search the web and bring solutions directly to them. More than doctors love patients who look stuff up on WebMD and come to them convinced they are dying. Be prepared to earn their eternal trust and gratitude. I got a plaque from mine.

    --Qfg
    06-11-08 11:53 AM
  22. tcpetersesq's Avatar
    Thanks Qfg, I will. And trust me, I know how much he appreciates the google searching I have done. I've probably spent more time researching various problems than he has. As I tend to change handheld units with relative frequency (at least 2x a year), I learned how to go into the BB manager and resend my own password. Maybe I can check on the IT policy myself?? I will take a look. Thanks again.
    06-11-08 12:06 PM
  23. miller1861's Avatar
    All wonderful posts. Ultimately, it still appears that messages can only be read by the employer if they have activated the audit function - in which case the user will see a sent mail in his or her bb that shows that the bb sent the report. Can someone prove me wrong that I would know if I was being audited? Being logged just shows usage, not content.
    06-23-08 09:23 PM
  24. tcpetersesq's Avatar
    All wonderful posts. Ultimately, it still appears that messages can only be read by the employer if they have activated the audit function - in which case the user will see a sent mail in his or her bb that shows that the bb sent the report. Can someone prove me wrong that I would know if I was being audited? Being logged just shows usage, not content.
    That's very interesting - I wasn't aware of that. As I have all of my sent messages hidden, I guess I wouldn't be aware then.
    06-24-08 07:11 AM
  25. Plazmic Flame's Avatar
    Wow... this is all very interesting and good to know stuff.
    06-24-08 07:50 AM
32 12
LINK TO POST COPIED TO CLIPBOARD