1. chalx's Avatar
    It doesn't matter on which side of the fence a company is, every single one will deliver any data requested by court or government agencies. Public declaration of beliefs is just a form of PR.
    Its like an tax paying, no one wants to pay, but all are paying.
    11-24-15 03:22 AM
  2. Superfly_FR's Avatar
    Hum.
    To me, the important word is "targetted". Lawfull is just another requirement, that is related to generic privacy.

    What I mean is that you have more to worry about your privacy when anyone (friends, family, social contacts) can be bulk spied. Even if your device is locked like Fort Knox, the sum of information "spies" (legit or not) can collect (and/or extrapolate) and use against you is enough to get your life exposed in a significant magnitude.
    Security is a "chain"; the weakest will be the target. And if you're the strongest, chances are you will aspire your neighborhood in your troubles. In a way, you become responsible for their privacy invasion.

    I believe I might be influenced my home country (France, Europe) state of "lawful actions" where privacy is one rule that applies to anything considered as "private correspondence" and severely punished if you break into (that is : jail). Even FaceBook, Google and Apple are required to bend their T&C's and fulfill our regulation rules. It might be different in N.A or other continents. [and that might be the point to discuss about, in the first place ?]

    So, it might occur that some unfunded "lawful" actions are led to individuals.
    But at the end of the day, I prefer a 5 decimals percentage than a massive spying system leading to virtually 100%.

    Related - FWIW : Google can remotely give cops access to at least 74% of all Android devices
    note : #Priv not exposed (5.1 + default encryption)
    Last edited by Superfly_FR; 11-24-15 at 04:56 AM.
    anon(8063781) and zephyr613 like this.
    11-24-15 04:41 AM
  3. Omnitech's Avatar
    I read this and I'm not really sure how this relates to internet privacy. If you could provide some commentary in addition to the link, that would be helpful.
    Unfortunately with wikipedia pages the content comes and goes, and I noticed the current page doesn't make much of an effort to explain the analogy.

    The main point is that just because a person is not themselves targeted by an over-reaching law-enforcement or "police state", does not mean that the fact that they escaped personal harm once or twice, means that they will perpetually avoid harm by that police-state.

    Recent example: Donald Trump recently expressed support for rules to exclude from consideration political refugees to enter the USA simply because of their religion. (Muslim in this case) He also expressed support for the idea of a "database" of Muslims living in the USA, presumably because the simple fact of their religion makes them suspicious.

    If, say, a Jewish person claimed that that was fine because they were afraid of Muslims being terrorists and didn't mind it because it didn't target their religion for persecution, this is what is called a "slippery slope": we can either have religious freedom in this society which applies to everyone, or we cross the line and start discriminating about this religion or that religion, we end up endangering the liberty of all religions. Because it establishes a precedent which, once that "line is crossed", makes it easier and easier to start passing all sorts of discriminatory laws. (Remember we are talking about placing people under suspicion for the sole reason they are a member of an ethnic group, a follower of a particular religion, etc... not because of any actual criminal acts or suspicious acts or behavior)

    So when they come for your Muslim neighbor and you didn't mind because you're not Muslim, and then they came for your black neighbor and you didn't mind because you're not black... etc... sooner or later they are likely to come for you too. For [insert reason here].. eg, because of what you looked at on the internet, because of who you talked to last week, because of where you traveled last month, because of something hypothetical you said at school while in politics class, etc etc etc.
    Last edited by Omnitech; 12-03-15 at 03:22 AM. Reason: Missing word
    11-24-15 04:23 PM
  4. sorinv's Avatar
    My tin foil hat is telling me the security agencies in the US pressured carriers to drop their support of BlackBerry because they could not intercept communications like they could with iOS and Android.

    Now that BlackBerry is offering a less secure Android, suddenly the carriers are all jumping back on board.

    Perhaps this is the only way BlackBerry can maintain its support with the carriers.

    Time to add another layer of tin foil.

    Posted via CB10
    My understanding was that it started with the London riots of 2011 when the British police could not intercept the BBM messages of the rioters...

    http://www.theguardian.com/media/201...ter-blackberry
    11-27-15 07:23 AM
  5. conite's Avatar
    BlackBerry has agreed to obey court orders. Nothing to see here.

    If you're worried, use ProtonMail and subscribe to BBM Protected.
    11-27-15 07:46 AM
  6. Clemens28's Avatar
    It does not matter whether you support it or not (eventually every mobile company will more or less abide by court orders)... It is just something you should not advertise in public if you consider privacy as your key selling point - this was just plain stupid by the COO - IMHO

    Posted via the CrackBerry App for Android
    11-27-15 09:55 AM
  7. Dave Bourque's Avatar
    It does not matter whether you support it or not (eventually every mobile company will more or less abide by court orders)... It is just something you should not advertise in public if you consider privacy as your key selling point - this was just plain stupid by the COO - IMHO

    Posted via the CrackBerry App for Android
    It's not eventually... EVERY mobile company abides to court orders. There's no exception...

    Z30STA100-5/10.3.2.2639
    11-27-15 11:52 AM
  8. tickerguy's Avatar
    There is a difference between abiding a court order and aiding them before they are issued.

    I used to get subpoenas and similar all the time when I ran MCSNet. Of course we complied; I'm not going to jail because one of my customers is a jackass and allegedly did something illegal. That could get me not only nailed for non-compliance but theoretically at least as an accessory before or after the fact.

    However, I don't have to design my systems to make the job of the cops easier. That is, I don't have to build into my business systems features that enhance their ability to retrospectively look at things. If I happen to have such a business record for some other legitimate purpose that I am engaging in (e.g. a billing record of use) and I get subpoenaed, so sorry and so sad for you.

    But that's entirely different from building and maintaining such records for the explicit purpose of assisting in investigations prior to the service of such process.

    What Beard said can be reasonably construed as the latter, and if so he needs to be fired NOW​. If not then Chen needs to get on this and make clear exactly where the line actually is.
    Omnitech and Yertie like this.
    11-27-15 12:14 PM
  9. Superfly_FR's Avatar
    Please read, digest, think again. Answer inside.
    Why BlackBerry is Exiting Pakistan | Inside BlackBerry
    11-30-15 10:07 AM
  10. Omnitech's Avatar
    Please read, digest, think again. Answer inside.
    Why BlackBerry is Exiting Pakistan | Inside BlackBerry

    A) That only affects BES, which is not a factor for probably 80% or more of the people that spend time on Crackberry forums.

    B) Pakistan is a small market for Blackberry, and easy to give up. I would be more interested in specific details about what sort of "assistance" the company provides to other national governments in countries which are #1: not "enemies" of the west like Pakistan is, and #2: much larger markets. Case in point: India allegedly asked for similar accomodations from BlackBerry as well, and also threatened to kick the company out of the country over it too. What did they ultimately agree to provide to them to make the Indian authorities happy?

    At this point I think it's safe to say that BlackBerry is seen geopolitically as heavily involved with and supporting western governments, which is why we see almost no deployment or customer base in places like China (which is also the largest mobile market in the world by far today), and Russia. Why do you think that is?

    Therefore their animosity towards giving access to their customers data to Pakistani authorities - given the fairly high likelihood that most of those customers are either western-based or at least western-friendly, isn't much of a surprise at all.

    Now if the same thing happened in Europe, or Japan, or South Korea, or Israel, etc... that would be different. But it hasn't. Neither does BlackBerry publicly discuss those security arrangements in the least detail, far less post about them publicly like they did here.
    12-03-15 03:40 AM
  11. sorinv's Avatar
    A) That only affects BES, which is not a factor for probably 80% or more of the people that spend time on Crackberry forums.

    B) Pakistan is a small market for Blackberry, and easy to give up. I would be more interested in specific details about what sort of "assistance" the company provides to other national governments in countries which are #1: not "enemies" of the west like Pakistan is, and #2: much larger markets. Case in point: India allegedly asked for similar accomodations from BlackBerry as well, and also threatened to kick the company out of the country over it too. What did they ultimately agree to provide to them to make the Indian authorities happy?

    At this point I think it's safe to say that BlackBerry is seen geopolitically as heavily involved with and supporting western governments, which is why we see almost no deployment or customer base in places like China (which is also the largest mobile market in the world by far today), and Russia. Why do you think that is?

    Therefore their animosity towards giving access to their customers data to Pakistani authorities - given the fairly high likelihood that most of those customers are either western-based or at least western-friendly, isn't much of a surprise at all.

    Now if the same thing happened in Europe, or Japan, or South Korea, or Israel, etc... that would be different. But it hasn't. Neither does BlackBerry publicly discuss those security arrangements in the least detail, far less post about them publicly like they did here.
    I don't know the details of these agreements, but as far as China goes, I think that Chen let it slip recently that because BlackBerry secures the communications of all the 5eye governments, there are restrictions on selling to China. I would assume the same goes for Russia.

    I watched the interview on BBC with Mike Lazaridis in 2011 when he was asked about the demands of the Indian government. He vehemently denied that they would give them access to encryption keys.
    I think the problem was with the London riots of 2011? When the British government must have put pressure on them because of BBM-RIOTERS-COMMUNICATION-METHOD-CHOICE.

    This may be one of the reasons why BB10 launched without encryption and BIS.
    12-03-15 04:19 AM
  12. Omnitech's Avatar
    I don't know the details of these agreements, but as far as China goes, I think that Chen let it slip recently that because BlackBerry secures the communications of all the 5eye governments, there are restrictions on selling to China. I would assume the same goes for Russia.

    Given BlackBerry's reputation and associations, I doubt it would make much difference if there were sale restrictions for those markets. I doubt the Chinese or Russian authorities would want them there anyway unless they opened their system up to scrutiny.


    I watched the interview on BBC with Mike Lazaridis in 2011 when he was asked about the demands of the Indian government. He vehemently denied that they would give them access to encryption keys.
    Research in Motion in 2011 was a very different era and a different company from the BlackBerry of today. That said, BES operators pick their own encryption keys and if BlackBerry were to have a known backdoor in that architecture no security-sensitive customer in their right mind would buy it. Whether BlackBerry does or does not have a backdoor like that, they'd be pretty darn stupid to admit it publicly.

    This in fact is a big problem for most of the US-based cloud and web service providers today: post-Snowden knowledge of widespread NSA access to US-based providers has made it extremely difficult for those companies to sell those services overseas today, just the same as if BlackBerry had admitted it had a BES backdoor. It will cost US businesses billions of dollars either directly through lost business, or indirectly because of the capital expenditures and costs involved with building dedicated datacenter operations in all of their major overseas markets (Microsoft just did this in Germany), in order to comply with new national requirements to keep citizen data within the country. (And hopefully as a result, out of NSA clutches)

    John Chen is actually far more geopolitically connected than Lazaridis and Balsillie ever were. He hobnobs with people at the very very highest echelons in western government and business, and not just because he works for BlackBerry these days. It's probably one of the key reasons why he has managed to keep the company going the last couple of years in a very challenging situation.


    I think the problem was with the London riots of 2011? When the British government must have put pressure on them because of BBM-RIOTERS-COMMUNICATION-METHOD-CHOICE.
    Ironically BBM encryption in those days was not very good at all, and BlackBerry freely admits that these days. They don't even refer to it as encryption, they call it "scrambling", and with a tiny bit of insider knowledge you could basically decrypt anyone's BBM traffic back then, if you had access to the raw data stream. (Thing is, a lot of their competitors at the time had no kind of encryption or scrambling whatsoever. )


    This may be one of the reasons why BB10 launched without encryption and BIS.
    I doubt it. BB10 has always "had encryption", I have no idea what you mean by that specifically. And BBM encryption under BB10 is much much better than it was on BBOS - it actually uses a real, TLS encryption tunnel for everything but video streams in some conditions. As for the reasons they dropped BIS, you may want to read this.
    Last edited by Omnitech; 12-03-15 at 04:57 AM.
    12-03-15 04:43 AM
  13. Superfly_FR's Avatar
    A) That only affects BES, which is not a factor for probably 80% or more of the people that spend time on Crackberry forums.

    B) Pakistan is a small market for Blackberry, and easy to give up. I would be more interested in specific details about what sort of "assistance" the company provides to other national governments in countries which are #1: not "enemies" of the west like Pakistan is, and #2: much larger markets. Case in point: India allegedly asked for similar accomodations from BlackBerry as well, and also threatened to kick the company out of the country over it too. What did they ultimately agree to provide to them to make the Indian authorities happy?

    At this point I think it's safe to say that BlackBerry is seen geopolitically as heavily involved with and supporting western governments, which is why we see almost no deployment or customer base in places like China (which is also the largest mobile market in the world by far today), and Russia. Why do you think that is?

    Therefore their animosity towards giving access to their customers data to Pakistani authorities - given the fairly high likelihood that most of those customers are either western-based or at least western-friendly, isn't much of a surprise at all.

    Now if the same thing happened in Europe, or Japan, or South Korea, or Israel, etc... that would be different. But it hasn't. Neither does BlackBerry publicly discuss those security arrangements in the least detail, far less post about them publicly like they did here.
    Well, as often, we have to consider statements as the only reference, this was my point (thus I did not discuss further). In the article, we can read how BlackBerry is (and always has been) positioned :
    "As we have said many times, we do not support “back doors” granting open access to our customers’ information and have never done this anywhere in the world."
    [...]
    “BlackBerry provides the world’s most secure communications platform to government, military and enterprise customers. Protecting that security is paramount to our mission. While we recognize the need to cooperate with lawful government investigative requests of criminal activity, we have never permitted wholesale access to our BES servers.”
    TBH, I'm not sure how they can (technically) stand this quite schizophrenic position but at the end of the day - if possible - they shouldn't advertise it in public.

    Interesting, though, is the weight of BlackBerry's decision and how things seems to evolve ...
    Note: Since this post, the Government of Pakistan has notified BlackBerry that it has extended its shutdown order from November 30 to December 30. BlackBerry will delay its exit from the Pakistan market until then.
    "Who needs who the most ?" seems to be another valuable question right now
    12-03-15 06:00 AM
  14. Omnitech's Avatar
    Well, as often, we have to consider statements as the only reference, this was my point (thus I did not discuss further). In the article, we can read how BlackBerry is (and always has been) positioned :

    TBH, I'm not sure how they can (technically) stand this quite schizophrenic position but at the end of the day - if possible - they shouldn't advertise it in public.

    Interesting, though, is the weight of BlackBerry's decision and how things seems to evolve ...

    "Who needs who the most ?" seems to be another valuable question right now

    If you read the comments to Marty Beard's blog post and filter out the usual trolls and fanboys, there are quite a few astute points made there. I agree with several of them that BlackBerry's credibility deserves to be questioned, especially since Saudi Arabia, UAE, India and other countries all recently threatened to kick BlackBerry out of their respective countries if they were not given access to BlackBerry customer data. The only public statements we ever see from RIM/BlackBerry on such matters are directly and blatantly self-serving ones, so I don't blame people for questioning the veracity and accuracy of their statements.

    Another point someone made is that apparently the Pakistan telecom authority has stated that the entire userbase of BlackBerry in the country is 4000-5000 people. If true (and as I surmised in my prior post, it wouldn't surprise me if their userbase there is quite small), then (as some other commenters on the blog also pointed-out and I pointed-out earlier), BlackBerry can easily afford to "grandstand" on this issue, attempt to make Pakistan look like the "bad guy" and BlackBerry the "hero", with very little commercial damage. (In fact, one could look at this as a PR move and form of advertising their security to potential western clients)

    As for "lawful interception", this is as you mentioned a bit hilarious and ironic, since every locale can pass any laws they see fit, including requiring access to all mobile data communications if they so choose. So is this just "western imperialist" talk, eg that BlackBerry takes it upon themselves to decide that for example because in France access is "lawful" because a search warrant is required to access mobile data, whereas in Pakistan it becomes "unlawful" because they expect to have access to everything at all times and France doesn't? And what about in the USA, where the "public law" says a search warrant should be required for various things, but the "black law" we now know gives access to "3-letter agencies" whether or not it meets the "public law" standards??

    Lastly, while certainly no one would wish an event like the recent attacks in Paris on 11/13 to be considered minor or trivial, in comparison with the massive scale of terrorist activity in Pakistan and surrounding areas these days, it is actually not that substantial. Pakistan has a huge problem with terrorism, warlords, jihadis, separatists etc... every day, every month, every year. Their measures are more draconian because the situation is more draconian. The USA itself continuously engages in extrajudicial killings in Pakistan on a massive scale, using drones etc, many of which are probably not revealed to the Pakistan authorities until the act occurs.

    In short, I think what is going on there with BlackBerry right now is more a reflection of their political relationship with the west than anything else. And an opportunity for BlackBerry to do some grandstanding at little commercial cost to them.
    12-03-15 06:31 AM
  15. Pinot2015's Avatar
    We are just talking about Pakistan that BES will no longer be used. Not sure what the big debate is here. BlackBerry would rather not be in a country than give up full access.
    If there are individuals being watched that's a different story as BlackBerry would forward that information to officials in certain cases. Pakistan does want that, they want to watch everyone and anyone on BES servers at anytime..
    Let's not forget most western defence departments still use BlackBerry BES because of security on their mobile devices.

    Posted from my Priv!
    12-03-15 06:47 AM
  16. sorinv's Avatar
    Given BlackBerry's reputation and associations, I doubt it would make much difference if there were sale restrictions for those markets. I doubt the Chinese or Russian authorities would want them there anyway unless they opened their system up to scrutiny.




    Research in Motion in 2011 was a very different era and a different company from the BlackBerry of today. That said, BES operators pick their own encryption keys and if BlackBerry were to have a known backdoor in that architecture no security-sensitive customer in their right mind would buy it. Whether BlackBerry does or does not have a backdoor like that, they'd be pretty darn stupid to admit it publicly.

    This in fact is a big problem for most of the US-based cloud and web service providers today: post-Snowden knowledge of widespread NSA access to US-based providers has made it extremely difficult for those companies to sell those services overseas today, just the same as if BlackBerry had admitted it had a BES backdoor. It will cost US businesses billions of dollars either directly through lost business, or indirectly because of the capital expenditures and costs involved with building dedicated datacenter operations in all of their major overseas markets (Microsoft just did this in Germany), in order to comply with new national requirements to keep citizen data within the country. (And hopefully as a result, out of NSA clutches)

    John Chen is actually far more geopolitically connected than Lazaridis and Balsillie ever were. He hobnobs with people at the very very highest echelons in western government and business, and not just because he works for BlackBerry these days. It's probably one of the key reasons why he has managed to keep the company going the last couple of years in a very challenging situation.




    Ironically BBM encryption in those days was not very good at all, and BlackBerry freely admits that these days. They don't even refer to it as encryption, they call it "scrambling", and with a tiny bit of insider knowledge you could basically decrypt anyone's BBM traffic back then, if you had access to the raw data stream. (Thing is, a lot of their competitors at the time had no kind of encryption or scrambling whatsoever. )




    I doubt it. BB10 has always "had encryption", I have no idea what you mean by that specifically. And BBM encryption under BB10 is much much better than it was on BBOS - it actually uses a real, TLS encryption tunnel for everything but video streams in some conditions. As for the reasons they dropped BIS, you may want to read this.
    My BB10 phone and SD card are encrypted because I did it. They are not encrypted by default.

    I have not verified if they were in BBOS because I never stored anything on my phone in those days. It wasn't a computer like my Passport is.

    I am not an expert on BlackBerry encryption, nor an insider to verify, but clearly, based on the reports of the day, the British police were unable to read the rioters BBM communications and that is why it took them several days to calm things down. This was very well documented in the Guardian and I provided a link a week or so ago in this or some other thread on the topic.
    BBM and BlackBerry were singled out for that. That does not mean that the encryption was better than what BB10 uses.
    12-03-15 06:57 AM
  17. Omnitech's Avatar
    My BB10 phone and SD card are encrypted because I did it. They are not encrypted by default.

    I have not verified if they were in BBOS because I never stored anything on my phone in those days. It wasn't a computer like my Passport is.

    Encryption can apply to many different things. That includes encryption in the web browser for SSL/TLS enabled websites, encryption in the email and messaging apps for communicating with mail servers and messaging networks, encryption of OS files to prevent tampering with the OS, encryption of data traveling over either wireless carrier networks or WiFi networks, etc etc etc.

    So I see now that you are referring to storage encryption.

    That sort of facility was not very common on mobile devices until recent years, in part because of users lack of interest, the complexity of the technology and limited processing power of older devices. (Making it less practical, potentially slowing down performance dramatically, etc)

    As people store more and more critical data on mobile devices, and become more and more aware of the liability of loss of this confidential data to malicious parties, more people are demanding encryption on their mobile devices, and more device makers are enabling it by default. The downside is - and one of the key reasons why older BlackBerries did not enable this by default - is that if a person forgets or loses their encryption key, all their data is toast. This is not a trivial matter. People lose and forget things. So BlackBerry simply made it a user-configurable option.

    It has only been since last year that any of the major smartphone platforms have turned encryption on by default. (In that case, it was Apple) Now Android devices will follow suit: in Android 6.0 "Marshmallow", any reasonably powerful smartphone (eg like the Priv - something powerful enough to encrypt data without ruining performance) are required to have encryption enabled by default. But the same warning applies: if you forget or lose your encryption key, all your data is gone.



    I am not an expert on BlackBerry encryption, nor an insider to verify, but clearly, based on the reports of the day, the British police were unable to read the rioters BBM communications and that is why it took them several days to calm things down. This was very well documented in the Guardian and I provided a link a week or so ago in this or some other thread on the topic.
    BBM and BlackBerry were singled out for that. That does not mean that the encryption was better than what BB10 uses.

    As I said earlier, as of that time, BlackBerry was one of the few vendors that was using any form of encryption or 'scrambling' of messaging data. It was not a very powerful measure by modern standards, but many (probably most) of the other popular messaging platforms of the time (AIM, MSN Messenger, Yahoo Messenger, etc) were not using any protection at all. The fact that the British authorities didn't know how to access the BBM traffic was not necessarily because what BlackBerry was doing was bulletproof, they probably just never bothered to pursue the matter until they had a civil unrest problem.
    12-03-15 07:29 AM
  18. sorinv's Avatar
    We are in agreement.
    There is another problem with encrypting files. You can no longer copy them with Blend.
    For me that is fine, because I rate privacy and security over laziness.
    For others, for example who use the file manager to view and/or copy their files from a PC or Mac and vice-versa (if the Mac is encrypted) , it could be a show stopper.

    It is interesting that encryption does not have any impact if I transfer files via ghostcommander to and from a remote computer, even if my files are encrypted on the phone.
    I am not sure if that is not a flaw in encrypting the device and card.
    12-03-15 08:36 AM
  19. Doggerz's Avatar
    I'll give BlackBerry one thing. At least they're being honest. They used to (maybe not intentionally) create a a sense of security from anyone or anything. Especially if you were using BES.

    All the other phone makers are in cahoots with American LE, the military and prison industrial complexes. So it's great BlackBerry is being honest.

    To the people who think LE is your friend you seem as crazy to me as the OP and the people who are more terrified of LE seem to you.

    When I go down the street am I worried about ISIS? Do I think I'm going to be killed in a 9/11 style terror attack? No. But if I see a cop car or blue lights behind me I KNOW my life is in danger.

    I know all the American agencies have way too much power and could disappear nearly anyone they wanted. Or just bankrupt them and have them rot in jail by railroading them.

    Way more afraid of my own government than I am any other entity in existence. I'm an army veteran. There used to be a time when I put my life in their hands. The Late 80's after seeing Reagan have the good sense to get the hell out of Lebanon instead of do what the Bushes and every Republican since Reagan would have done which is send our kids into Muslim lands to further provoke the sons of bitches.

    If we left a their land and used alternative energy and let them all fight against each other and kill each other instead of making us do it for them the we'd not have to worry about terrorism.

    Americans are scared of everything and we gave away our privacy on 9/11 to the American government to protect a country of scared babies. The terrorists won on 9/11. Killing Bin Laden didn't change that. They forever changed our way of life that day.

    Give me a phone that is protected against any American agency. Give me at least a fair battlefield. That's all I'd ask of a company. Give me a shot at privacy. Not because I'm a terrorist. But because our government is.

    Let's fund a pool of money for Edward Snowden to develop such a device.

    Z30STA100-5 / 10.3.2.2789 / T-Mobile USA
    12-03-15 10:17 AM
  20. crucial bbq's Avatar
    First of all if you honestly think that any device out there is 100% safe from any government intervention and prying eyes, your smoking some serious ****!!! Sure companies can stand up and say we are not going to cave in and allow you to have a secret backdoor access to our code, but trust me, at the end of the day they don't need to. These agencies hire the brightest minds, code crackers and programmers that the world has to offer and Mr Snowden has already showed us that.
    I seriously don't think you understand just how insane the encryption keys are these days. To give you an example, it has been estimated that it would take the biggest, baddest, supercomputer over 140M years just to crack the SecuSmart encryption by brute force alone because there are over 1,000,000,000,000,000,000,000,000,000,000,000,000 different possible combinations. Heck, it would take over 200K tries to brute force a basic four letter undercase password, which is exactly why BBOS/BB10 gives ten tries or else--mathematically it would be very much not likely probable to crack within ten tries (also because the attacker is most likely to try "common" passwords such as "abcd", initials, birthdays, and so on. You would honestly have better luck just randomly selecting four letters each time. By the way, that is why the combination of 1, 2, 3, 4, 5 will never be drawn in a lottery (well, not Power Ball or Mega) even though it has just as an equal chance of being drawn as another other combo.

    Knowing how the keys are generated is not enough because you still have to guess at what it is for each device as each key is randomly generated per device. Now, that does not mean that going forward the encryption could not be removed from future devices, or that the encryption is generated in such a way on future devices as to allow for a "key to the lock", then again this would put a dent into the whole "upgrade your device every year" model that vendors want us to participate in.

    It doesn't matter on which side of the fence a company is, every single one will deliver any data requested by court or government agencies. Public declaration of beliefs is just a form of PR.
    Its like an tax paying, no one wants to pay, but all are paying.
    Wasn't Tim Cook on record saying something to the effect of "they'll have to cart my dead body away long before I provide a back door"? Meaning that even if he did provide a backdoor because of the unique encryption methods that even if the knowledge of how it works was given they still would not be able to decrypt the info considering that the encryption is unique to each device.

    Cook also very recently said two other things:

    1. Removing encryption (or making it easier to access data/info) will allow hackers easier access to your data, too.
    2. That "bad guys" could just encrypt their own devices because it is easy to do so, anyways. So it is a moot point all around.

    Hum.
    To me, the important word is "targetted". Lawfull is just another requirement, that is related to generic privacy.

    What I mean is that you have more to worry about your privacy when anyone (friends, family, social contacts) can be bulk spied. Even if your device is locked like Fort Knox, the sum of information "spies" (legit or not) can collect (and/or extrapolate) and use against you is enough to get your life exposed in a significant magnitude.
    Security is a "chain"; the weakest will be the target. And if you're the strongest, chances are you will aspire your neighborhood in your troubles. In a way, you become responsible for their privacy invasion.

    I believe I might be influenced my home country (France, Europe) state of "lawful actions" where privacy is one rule that applies to anything considered as "private correspondence" and severely punished if you break into (that is : jail). Even FaceBook, Google and Apple are required to bend their T&C's and fulfill our regulation rules. It might be different in N.A or other continents. [and that might be the point to discuss about, in the first place ?]

    So, it might occur that some unfunded "lawful" actions are led to individuals.
    But at the end of the day, I prefer a 5 decimals percentage than a massive spying system leading to virtually 100%.
    After the recent events in Paris, one of the programs on NPR hosted a round table discussion consisting of representatives from various civil rights agencies and "tin foil" hat wearers. Essentially, Liberals and Conspiracy nuts. They all agreed, however, that all the NSA, CIA, FBI, etc. can do is to see who you are "talking" to and that is about it. If they see that you are talking to someone that perhaps you should not be all the "authorities" have to do is park down the street and use old tech (and a heckofalot cheaper, too) to listen in on your "analog" conversations, steal your snail mail, "bump" into you at the store, and so on. Seriously people, are you that entrenched in mobile tech that you forgot about reality?


    This in fact is a big problem for most of the US-based cloud and web service providers today: post-Snowden knowledge of widespread NSA access to US-based providers has made it extremely difficult for those companies to sell those services overseas today, just the same as if BlackBerry had admitted it had a BES backdoor. It will cost US businesses billions of dollars either directly through lost business, or indirectly because of the capital expenditures and costs involved with building dedicated datacenter operations in all of their major overseas markets (Microsoft just did this in Germany), in order to comply with new national requirements to keep citizen data within the country. (And hopefully as a result, out of NSA clutches)
    Not sure if this is relevant but as an aside this is a problem for U.S. citizens. Let's say if Google backs up your Gmail to a server in say, Canada, then you can potentially be charged with illegally transferring information across an international border, if the nature of your emails would warrant such.

    I didn't realize there was a push to keep citizen data within the country but I would imagine doing so would make it easier to obtain info as needed. I mean, does a U.S. court, no matter how high, have the authority to issue search warrants on a Canadian business? I don't think so and usually when international law is involved it is between governments and not local law enforcement agencies.

    John Chen is actually far more geopolitically connected than Lazaridis and Balsillie ever were. He hobnobs with people at the very very highest echelons in western government and business, and not just because he works for BlackBerry these days. It's probably one of the key reasons why he has managed to keep the company going the last couple of years in a very challenging situation.
    Yup, which is why it baffles me that Chen could not get BB10 "to sell". I don't think many realize just how prestigious and connected Chen is. Then again, perhaps this is why BB10 remains for "high security" and Android on BlackBerry for the masses?


    My BB10 phone and SD card are encrypted because I did it. They are not encrypted by default.

    I have not verified if they were in BBOS because I never stored anything on my phone in those days. It wasn't a computer like my Passport is.

    I am not an expert on BlackBerry encryption, nor an insider to verify, but clearly, based on the reports of the day, the British police were unable to read the rioters BBM communications and that is why it took them several days to calm things down. This was very well documented in the Guardian and I provided a link a week or so ago in this or some other thread on the topic.
    BBM and BlackBerry were singled out for that. That does not mean that the encryption was better than what BB10 uses.
    The Director of CIA has always demanded access to info and backdoors after every incident such as this, Paris, the Navy Yard in DC, and so on. And every single time he is denied. The FBI already has a high track record of catching "bad guys" as it is, something like 97%. For that 3% or so it is more a matter of either misinterpreting the intel or acting on it too late. And that is just the FBI; surely the CIA and NSA are much better and must I point out that all of them had very sophisticated and robust "data collection", surveillance techniques, and yada yada well before the "digital age"?

    Bottom line: if they want your info they can get it with it or without cracking your smartphone's encryption.
    12-03-15 11:50 AM
  21. crucial bbq's Avatar
    I'll give BlackBerry one thing. At least they're being honest. They used to (maybe not intentionally) create a a sense of security from anyone or anything. Especially if you were using BES.

    All the other phone makers are in cahoots with American LE, the military and prison industrial complexes. So it's great BlackBerry is being honest.
    The DoD leases BlackBerry patents relating to encryption and a few others. They then tweak a little themselves to create a more robust encryption but I guaranty you one thing: the DoD definitely does not want the FBI, CIA, NSA, and so on having the ability to read, let alone crack, their own encryptions. None of them do. With that, the DoD alone is likely to prevent to any attempt to crack BB encryption or to allow for backdoors on U.S. soil.

    As for LEO, NYC has the only LEO that I know of who specifically demands the back doors, too.
    12-03-15 12:00 PM
  22. Superfly_FR's Avatar
    Bottom line: if they want your info they can get it with it or without cracking your smartphone's encryption.
    Absolutely. That's part of the "targeted" equation. You just can't spy everybody this way, unless 80% of the population is a NSA employee ... wait a minute ... we knew that in [next door] Eastern Germany; NSA was STASI and "everyone" was a spy.

    Security rule number one : watch your back.

    P.S: kudos for all the arguments exchanged in this thread; while it's a bit hard to determine wether or not we can like a post as a whole, we get a lot of interesting insights here.

    P.P.S: I refrained posting about the French events and I believe we should stay away from these particular and terrible dramas, at least avoid to mention them specifically. I know they are part of the equation and feeding the debate we're talking about. So far so good, we've not moved into excessively muddy territory but this might happen sooner than we'd like.
    This would probably lead to thread closing, so let's be cautious, please.
    SF
    12-03-15 06:45 PM
  23. anon9133023's Avatar
    I don't know... I have tinfoil hat theory that since NSA had iOS hacked so thoroughly, they may have helped Apple's rise to stardom, and let BlackBerry fall to the wayside since they weren't. There was a comment from a director at a TLA that essentially said BlackBerry did it to themselves by being too secure, and clearly had a "read between the lines" sentiment for Apple.

    So now they are playing ball, and now BlackBerry's market penetration will rise again.

    Posted via CB10

    Edit: MGDania seems to know what I mean..

    Oddly, I'd read a somewhat opposite opinion - suggesting when BB gave BIS over to the Middle East so they could intercept and read private messages, or risk losing BB approval en masse there, people who understood exactly what that meant for privacy dropped them and never looked back. This includes large Institutions which would have traded their stock and own vast positions, domestic and foreign.

    I can't vouch for it, but it does make sense.
    12-03-15 08:39 PM
  24. BCITMike's Avatar
    Oddly, I'd read a somewhat opposite opinion - suggesting when BB gave BIS over to the Middle East so they could intercept and read private messages, or risk losing BB approval en masse there, people who understood exactly what that meant for privacy dropped them and never looked back. This includes large Institutions which would have traded their stock and own vast positions, domestic and foreign.

    I can't vouch for it, but it does make sense.
    Link? Because the reported stories say that they provided lawful interception, not handed over the BIS system. They WANTED the system handed over, but that wasn't the case. They setup a process for which lawful intercepts could occur by BlackBerry upon legal request.
    12-03-15 09:21 PM
  25. anon9133023's Avatar
    Don't have a link, it was at least 3 years ago, and may have even been here, and is irrelevant except as discussion point.

    I do believe, in fact, the system was handed over, and the Middle East runs it's own BIS servers at this time. We will never really know.

    Regardless, the confidence in the system was broken, and lawful intercepts in The Kingdom are frequent and inquisitive as opposed to passive and investigative. Thus deep pockets stopped investing in a system that no longer protected them. I am not positive, but I believe Americans working there were also affected if using Blackberry.
    12-03-15 09:47 PM
50 12

Similar Threads

  1. BlackBerry Browser
    By Jiggy1971 in forum Android Apps
    Replies: 23
    Last Post: 12-31-15, 07:53 AM
  2. My BlackBerry Z10 is not turning on, if I plug to charge it is charging.
    By CrackBerry Question in forum Ask a Question
    Replies: 36
    Last Post: 12-04-15, 04:43 AM
  3. Replies: 5
    Last Post: 11-23-15, 03:53 PM
  4. blackberry ID does not update
    By berriez in forum BlackBerry Curve Series
    Replies: 0
    Last Post: 11-21-15, 10:33 PM
  5. BlackBerry Curve 8520 - can I get some help with a BB ID problem?
    By CrackBerry Question in forum BlackBerry Curve 8530/8520 Themes
    Replies: 0
    Last Post: 11-21-15, 09:26 PM
LINK TO POST COPIED TO CLIPBOARD