[zephyr613]

I sent an email to Tami Erwin. VP of Wireless Operations I got an email that someone on her staff will contact me tomorrow.
------------------------------------------------------------------------------------
Tami,

I'm really hoping that you can help put this matter to rest quickly. My concern is that Verizon doesn't care about maintaining security of the phones they sell. Security and bug patches sent by the manufacturers to Verizon don't get to the end user.

I've gone through this problem with Verizon many times in the past, but recently, this has gotten much worse. Case in point... The Blackberry Priv got it's last update in the beginning of June. Since then there are 221 CVE items (NIST vulnerability reports) patched by Blackberry and sent to Verizon which were never distributed. Many are level 5 and higher (really bad ones).
I tried working with customer support and have gotten unacceptable answers. I ended up putting in an FCC complaint (#1130455) and have kept this open for over a month. All I wanted was a statement that this problem was being addressed and an expected time. What I got were statements like "That's proprietary" and "If the phone makes calls and texts then there is nothing more we have to do". The FCC agent has shown serious concern about the answers I was getting. The agent is watching my interaction closely and suggested I also make a complaint to the FTC, so I did (#76118606).

My concern is that Verizon is willfully keeping the phone insecure which means.
* Personal information can be stolen from the device.
* It opens it up for Identity Theft.
* It allows bots or other malicious programs to be inserted (using up data and Verizon bandwidth).
* It prevents fixes for performance and battery issues.

For the Priv, Verizon is the only carrier that is not fully patched. See: https://community.verizonwireless.co...%2Freload.html

Blackberry has been doing it's part to prevent this situation:
https://community.verizonwireless.co...id-patching%2F
https://community.verizonwireless.co...%2520bulletins

The Blackberry is just a prime example, I can list out other phones that get similar treatment.

This problem is becoming very hot on the MobileNations and even the Verizon community forums (I have started posting at https://community.verizonwireless.com/thread/913697).

Since AT&T is blowing Verizon away in the patch arena, this could be a PR coup for them.

This is not the way I wanted things to progress but comes after months of trying to resolve this through normal channels.

Regards,

EXCELLENT!!

[Gray]

Also mention #VZWizards in your post. More about #VZWizards their crowd sourcing support. I've tweeted @VZWSupport 3 times today. https://twitter.com/hashtag/VZWizards?src=hash

[SideScrollin14]

I sent an email to Tami Erwin. VP of Wireless Operations I got an email that someone on her staff will contact me tomorrow.
------------------------------------------------------------------------------------
Tami,

I'm really hoping that you can help put this matter to rest quickly. My concern is that Verizon doesn't care about maintaining security of the phones they sell. Security and bug patches sent by the manufacturers to Verizon don't get to the end user.

I've gone through this problem with Verizon many times in the past, but recently, this has gotten much worse. Case in point... The Blackberry Priv got it's last update in the beginning of June. Since then there are 221 CVE items (NIST vulnerability reports) patched by Blackberry and sent to Verizon which were never distributed. Many are level 5 and higher (really bad ones).
I tried working with customer support and have gotten unacceptable answers. I ended up putting in an FCC complaint (#1130455) and have kept this open for over a month. All I wanted was a statement that this problem was being addressed and an expected time. What I got were statements like "That's proprietary" and "If the phone makes calls and texts then there is nothing more we have to do". The FCC agent has shown serious concern about the answers I was getting. The agent is watching my interaction closely and suggested I also make a complaint to the FTC, so I did (#76118606).

My concern is that Verizon is willfully keeping the phone insecure which means.
* Personal information can be stolen from the device.
* It opens it up for Identity Theft.
* It allows bots or other malicious programs to be inserted (using up data and Verizon bandwidth).
* It prevents fixes for performance and battery issues.

For the Priv, Verizon is the only carrier that is not fully patched. See: https://community.verizonwireless.co...%2Freload.html

Blackberry has been doing it's part to prevent this situation:
https://community.verizonwireless.co...id-patching%2F
https://community.verizonwireless.co...%2520bulletins

The Blackberry is just a prime example, I can list out other phones that get similar treatment.

This problem is becoming very hot on the MobileNations and even the Verizon community forums (I have started posting at https://community.verizonwireless.com/thread/913697).

Since AT&T is blowing Verizon away in the patch arena, this could be a PR coup for them.

This is not the way I wanted things to progress but comes after months of trying to resolve this through normal channels.

Regards,

AMAZING - Let us know if/when you get a response!

[zephyr613]

Also mention #VZWizards in your post. More about #VZWizards their crowd sourcing support. I've tweeted @VZWSupport 3 times today. https://twitter.com/hashtag/VZWizards?src=hash

Thanks added them to the "tweet" listing

[newcollector]

I would switch to Verizon from AT&T if they would commit to updating the Priv! That would be two customer increase. I am sure there would be at least two more. Verizon coverage is better than AT&T where I preach.

[1linuxfreak]

I sent an email to Tami Erwin. VP of Wireless Operations I got an email that someone on her staff will contact me tomorrow.
------------------------------------------------------------------------------------
Tami,

I'm really hoping that you can help put this matter to rest quickly. My concern is that Verizon doesn't care about maintaining security of the phones they sell. Security and bug patches sent by the manufacturers to Verizon don't get to the end user.

I've gone through this problem with Verizon many times in the past, but recently, this has gotten much worse. Case in point... The Blackberry Priv got it's last update in the beginning of June. Since then there are 221 CVE items (NIST vulnerability reports) patched by Blackberry and sent to Verizon which were never distributed. Many are level 5 and higher (really bad ones).
I tried working with customer support and have gotten unacceptable answers. I ended up putting in an FCC complaint (#1130455) and have kept this open for over a month. All I wanted was a statement that this problem was being addressed and an expected time. What I got were statements like "That's proprietary" and "If the phone makes calls and texts then there is nothing more we have to do". The FCC agent has shown serious concern about the answers I was getting. The agent is watching my interaction closely and suggested I also make a complaint to the FTC, so I did (#76118606).

My concern is that Verizon is willfully keeping the phone insecure which means.
* Personal information can be stolen from the device.
* It opens it up for Identity Theft.
* It allows bots or other malicious programs to be inserted (using up data and Verizon bandwidth).
* It prevents fixes for performance and battery issues.

For the Priv, Verizon is the only carrier that is not fully patched. See: https://community.verizonwireless.co...%2Freload.html

Blackberry has been doing it's part to prevent this situation:
https://community.verizonwireless.co...id-patching%2F
https://community.verizonwireless.co...%2520bulletins

The Blackberry is just a prime example, I can list out other phones that get similar treatment.

This problem is becoming very hot on the MobileNations and even the Verizon community forums (I have started posting at https://community.verizonwireless.com/thread/913697).

Since AT&T is blowing Verizon away in the patch arena, this could be a PR coup for them.

This is not the way I wanted things to progress but comes after months of trying to resolve this through normal channels.

Regards,

Very good, composing one tomorrow. I'm escalating this to the top.

[dpeters11]

AMAZING - Let us know if/when you get a response!

I wouldn't expect much based on my experience with other companies, it's basically a CSR with maybe some more ability to give you a credit.

[ggendel]

I got another form rejection to the FCC today. This was my response.
=================================================
I thought this was important enough to warrant including the response here. My comments are added afterwards.

September 09, 2016
Dear Ms. Wright,

This letter is in response to the above-referenced complaint filed by Gary Gendel. Thank you for referring it to our office for review. Mr. Gendel expressed concern regarding the latest Android sotware update, Marshmallow, not being made available to Blackberry Priv users.

It was explained to Mr. Gendel that rolling out a new release takes a great deal of planning as it is important that Verizon Wireless deploy a fully tested release to avoid any customer impacting issues. Testing and approval requires input from many test organizations and stakeholders so we can ensure our releases align with our customers' expectations. At this time we do not have an estimated release date of the Marshmallow software for Blackberry Priv users.

----------------
Sharon, this has been said many times before. The problem is that, I did not specifically ask for Marshmallow, but asked for security updates, which just happens to include Marshmallow. Verizon has several times cherry-picked one detail and reject the complaint outright. I haven't seen a single reply to the problem of security patches. As indicated, so far Verizon is 221 security patches behind every carrier IN THE WORLD. Somehow Verizon is the only carrier unable to provide timely patches. For example, since my entry on August 19th, the current patch levels are found here: Reload BlackBerry Priv OS - Global. Lets compare only the three US carriers. T-Mobile: AAG191, AT&T: AAG202, Verizon: AAF055. This indicates that Verizon is over 140 build revisions behind.

Level 5 and higher CVEs are critical to fix. They indicate that the phone is easily compromised. Without patches Verizon is allowing:
* Personal information to be gathered.
* Identity Theft
* Malicious programs to be installed to facilitate tracking, command and control (DDOS), and so on.
* Destroying the phone outright.
* Pilfer the customer's data quota.
* Congest Verizon's network with phone traffic not requested by the user.

In addition, there are patches that fix know bugs in the phone. For example, the Priv has a documented problem of overheating. So far, batteries haven't exploded, but no one can guarantee that this won't happen when the phone hits this condition. However, even having this problem dramatically lowers the lifetime of the electronics. Again, I need to point out that Verizon is the only hold-out for these patches as well.

I suggest that Verizon lets Blackberry provide updates. This way, if there are any problems Verizon is free to point the problem on Blackberry. Right now they are doing a disservice to Blackberry since they tout security as the main premise of their phones.
What Makes BlackBerry More Secure? Part 1: Rapid Patching | Inside BlackBerry
Search Results | BlackBerry Knowledge Base

Since the hardware is fixed and the radios have already been tested and approved by the FCC, and Verizon, I'm not sure why testing is so difficult. I worked with a team of 3 to design and build a complete and functioning software defined radio (SDR) device for the military. We did design, implementation, testing, documentation, and field deployment in under 4 months. Verizon has accomplished nothing in 4 months other than to:
* blame my phone for not getting updates.
* blame Blackberry saying that they never got updates.
* blame Blackberry saying that they don't do monthly updates.

Others that have complained to Verizon have been told just to "upgrade" to another device. I've included his letter from Verizon:

When Verizon Wireless deploys a new software release, it must be a fully tested release to avoid
any customer impacting issues. Testing and approval requires input from many test organizations
and stakeholders so we can ensure our releases align with our customers expectations of the best
devices on the most reliable network. Issues identified during testing may result in postponing a
release, so it not possible to provide a release date until all testing stages are complete. Should
Mr. XXXXX choose to do so, he is eligible to upgrade to another device of his choosing. At this
time, there is no further action required by Verizon Wireless.

This is a callus request just so Verizon can continue to avoid support for this phone. Note that the letters that Verizon are sending are for the most part form letters. I can include several other letters that state the same thing.

I have some new questions for Verizon. Maybe they'll read this and answer what I actually ask?

Given that scheduling is hard, why hasn't Verizon has put together such a plan? They won't even acknowledge that they have a plan or are even considering a plan. I guess deciding to make a plan is too hard for them as well? Are there project managers in Verizon that know how to use planning tools like Microsoft Project or make a spread-sheet? When they started selling the Priv why didn't they plan for future updates. I have been a project manager and I have always included time and resources for product maintenance.

I am an extremely patient person, I have tried to concisely describe the serious and detrimental ramifications for customers and manufacturers by Verizon's laissez-faire attitude. They are regulated and as such are beholden to the rules and regulations set forth by the FCC and appropriate business practices.

Sara, I would appreciate you sending a copy of this complaint including the full thread to Tami Irwin as I have alerted her to this situation and would like her to have full access to this.

[ggendel]

FYI, someone mentioned a class action suite so I decided to investigate. Bottom line is Verizon prevents this.

Your contract with Verizon contains an arbitration clause with a class action waiver provision that prohibits you from bringing a class action lawsuit against Verizon. Sound unfair? It is.

The U.S. Supreme Court's June 13, 2013 opinion in American Express Co. v. Italian Colors Restaurant, ruled that corporations can use the fine print of contracts to grant themselves a license to steal and violate the law.

As the Association for American Justice stated in the aftermath of the Supreme court's decision: �It is imperative that Congress and federal agencies act to protect individuals and small businesses from the abusive practice of forced arbitration. Without Congressional action, all federal and state civil rights, employment, antitrust, and consumer protections are at risk of being wiped away by the fine print.�

The only thing you and other consumers can do is put pressure on your Congressmen to pass legislation prohibiting class action waivers in arbitration clauses.

[clou83]

What a thread!

Posted via the CrackBerry App for Android

[bluesqueen23]

I'd be interested to know how many BB VZW Priv's are in use. Maybe they don't see the need to push MM to a small number of devices. The again, I also wonder what's the latest Android device to receive MM on VZW's network.

[zephyr613]

I have been thinking that I may take an alt route on this but let me run it by you guys:

Here in DC we have many TV stations (local but part of major chains such as NBC) that have their own "I-TEAM" - they investigate consumer issues and complaints and shed light in a National spectrum and audience. I can contact them but I do believe the insist on interviewing the complainant on camera.

Can't do that...

Thoughts on maybe submitting it anonymously?

[Uzi]

I have been thinking that I may take an alt route on this but let me run it by you guys:

Here in DC we have many TV stations (local but part of major chains such as NBC) that have their own "I-TEAM" - they investigate consumer issues and complaints and shed light in a National spectrum and audience. I can contact them but I do believe the insist on interviewing the complainant on camera.

Can't do that...

Thoughts on maybe submitting it anonymously?

Go for it!

[newcollector]

Anonymous usually doesn't work. You have to be willing to stand up and be counted for the investivative reporter to take the complaint seriously. They like to put the face of the "little guy" that is fighting the "big guy" on the screen.

[Chuck Finley69]

I have been thinking that I may take an alt route on this but let me run it by you guys:

Here in DC we have many TV stations (local but part of major chains such as NBC) that have their own "I-TEAM" - they investigate consumer issues and complaints and shed light in a National spectrum and audience. I can contact them but I do believe the insist on interviewing the complainant on camera.

Can't do that...

Thoughts on maybe submitting it anonymously?

Why not go all in? Call 60 minutes or 20/20.

Posted via CB10

[mrjmc99]

The problem with going the media route is that the public doesn't care about blackberry or its users. They will just say go buy an iPhone and get out of the stone age of phones. Believe me I hear it every day with the " I didn't know they still make blackberries" why don't you have an android or iPhone.

We are just going to have to wait for Verizon to release the update, or switch carriers if it bothers you that much.

Posted via the CrackBerry App for Android

[zephyr613]

Why not go all in? Call 60 minutes or 20/20.

Posted via CB10

Because that would put you and Fiona and Jessie in grave danger

[ggendel]

I have been thinking that I may take an alt route on this but let me run it by you guys:

Here in DC we have many TV stations (local but part of major chains such as NBC) that have their own "I-TEAM" - they investigate consumer issues and complaints and shed light in a National spectrum and audience. I can contact them but I do believe the insist on interviewing the complainant on camera.

Can't do that...

Thoughts on maybe submitting it anonymously?

I'm only a few hours drive to DC. I might be persuaded to fill in for you.

[Gray]

I spoke to VZW Support via direct messages on Twitter last night. They confirmed that they have Marshmallow and are testing it for release. The tech wouldn't say when it would be released but confirmed that they have it.

[zephyr613]

After my tweets of yesterday, I am now being followed by a certain Verizon Corporate person. I will not identify whom, but the description of the twitter account is:

"Corporate, medium and indirect channel marketing for Verizon Enterprise Solutions. Tweets are my opinions and not those of Verizon."

[newcollector]

After my tweets of yesterday, I am now being followed by a certain Verizon Corporate person. I will not identify whom, but the description of the twitter account is:

"Corporate, medium and indirect channel marketing for Verizon Enterprise Solutions. Tweets are my opinions and not those of Verizon."

So the stock answer that they are testing is that tweeted's opinion and Verizon cannot be held responsible or accountable. Hmmmmmmmm.

[Chuck Finley69]

Because that would put you and Fiona and Jessie in grave danger

That's awesome....with that response, I'd file the complaint but I'm not a Verizon customer anymore.

Posted via CB10

[zephyr613]

So the stock answer that they are testing is that tweeted's opinion and Verizon cannot be held responsible or accountable. Hmmmmmmmm.

Actually, no. I think it is the persons personal Twitter account and just added the disclaimer and the title.

[newcollector]

Actually, no. I think it is the persons personal Twitter account and just added the disclaimer and the title.

Gotcha. Reasonable. Hopefully they will become reasonable in improving the process in releasing OS updates and security patches. keep tweeting so they stay active.

[CharlieV]

750 posts over several months and no update. Absurd.

Ride or die:  PRIVelege-acy