[Gambit_DE]

Hi People and Blackberry fans!
I came across this and would like to share.
Digital Dao: Guess Who Owns The Patent to RSA's Backdoor Algorithm? Blackberry

Sounds to me, as if a subsidiary of BlackBerry owns a patent to a Backdoor in Ellyptic Curve Cryptography. I have no information in which way this Backdoor is usable or if it is implemented in any BlackBerry Product. An official statement would be desirable.

What do you think?

[badiyee]

The blog post was cleverly designed to paint a smear campaign against BlackBerry.


Points to note:

1. Quote 1

The existence of this patent does not mean that Brown and Vanstone were responsible for Dual EC. In fact, the generator appears to be an NSA invention, and may date back to the early 2000s. What this patent demonstrates is that some members of the ANSI committee, of which RSA was also a member, had reason to at least suspect that Dual EC could be used to create a wiretapping backdoor. (Update: John Kelsey confirms this.)

2. The company Certicom was in business circa 1985.

3. BlackBerry acquired Certicom in... 2009.

4. Date filed for patent: 2006. Granted in 2013.


So clearly BlackBerry did not design this, but the post is made as if BlackBerry is the mastermind behind this.


*slow clap*
Well played. Well... played.

[Superfly_FR]

BlackBerry owns many patents regarding ECC.
I'm not sure how this can be implying that they promote any kind of backdoor.
Sounds to me as a lazy mix.
As it is both sensible and highly complex, I'll ask my BlackBerry contacts about it and will be back.

Thanks for sharing.

edit: they're at it, editing soon.

[Sith_Apprentice]

NSA licenses patents related to ECC, which they in turn license out to agencies etc. if there IS a backdoor in ECC (not convinced), BlackBerry had nothing to do with it. ECC is going to be the algorithm used in the future. why would they build a backdoor into it for NSA, they arent under NSAs jurisdiction so they have little incentive to.

[Sith_Apprentice]

Title updated, has little to nothing to do with BlackBerry.

[Superfly_FR]

Long due, but here you go with BlackBerry official answer to the Globe and Mail later article that was based on the same assumption.

"Reactive Media Statement
BlackBerry does not use the Dual EC DRBG algorithm in our products. We work closely with certification authorities around the world to validate the security of our products, and remain confident in the superiority of our mobile platform for customers using our device and enterprise server technology. BlackBerry public statements and principles have long underscored that there is no 'back door' to our platform. Our customers can rest assured that BlackBerry mobile security remains the best available solution to protect their mobile communications"

Posted via CB10

[THBW]

Thanks to all those BlackBerry fans and perhaps Mr. Chen for shutting down this sloppy piece of reporting in less than 2 hours. It was obviously a planted story and of course the G&M which now hires high school students as their tech reporters ran with it. Well they got handed their arse today and lost a few more readers.

Posted via CB10

[BCITMike]

Long due, but here you go with BlackBerry official answer to the Globe and Mail later article that was based on the same assumption.

Posted via CB10

Haha, they didn't deny anything to do with a backdoor in someone else's implementation, only denied it in their own. I totally think this is just word picking, but thought it was funny given the way people pick over denials and lack of denials, etc.

[THBW]

Haha, they didn't deny anything to do with a backdoor in someone else's implementation, only denied it in their own. I totally think this is just word picking, but thought it was funny given the way people pick over denials and lack of denials, etc.

So, your argument is that companies massively larger than BlackBerry are too lazy to screen open source encryption software for flaws. Would you like my tin foil hat?

Posted via CB10

[BCITMike]

So, your argument is that companies massively larger than BlackBerry are too lazy to screen open source encryption software for flaws. Would you like my tin foil hat?

Posted via CB10

No argument being made, just pointing out that people are going to make a deal out of what wasn't said, rather than what was said.

But to answer your irrelevant question, yes, I can conceivably believe there are companies much larger than BlackBerry who are "too lazy to screen open source encryption software for flaws." They trust that others already did the work for them to save a buck. Some will pay "experts" to advise them, and all experts are not equal. They pay expecting they are acting in their best interest, but if there is subterfuge...

[cjcampbell]

Haha, they didn't deny anything to do with a backdoor in someone else's implementation, only denied it in their own. I totally think this is just word picking, but thought it was funny given the way people pick over denials and lack of denials, etc.

Why would they make any statements regarding anyone but themselves? The statement was put out to say that the article does not apply to them. What others use is of no concern.

Posted via CB10

[savvy_cowgirl]

I just read the first Globe & Mail article yesterday and have been so upset. I was willing to have a smaller choice of apps in BB appworld than what adroids have because BB usually just comes with the things I really need and use, and because of security. I was always impressed that BBM was secure, so secure that I had understood they were banned in some countries because the governments couldn't spy on their people. I was worried when BBM went cross platform because I didn't see how it would be able to remain that secure. Then I read this, and it sounded like the whole phone is insecure. I found the second Globe & Mail article, it sounds to me like BB is saying they themselves don't use the flawed system in their own phones. Would that be even the newer OS 10 phones also? I've been trying to talk friends into getting a BB rather than an adroid, because they were secure. No spying allowed. Do I apologize or keep urging them towards BlackBerry?

[DaSchwantz]

BlackBerry says they don't use it so there is no backdoor.

24C28DD7

[reversekcid]

Please calm down.

http://m.theglobeandmail.com/report-...service=mobile

Posted via CB10

[savvy_cowgirl]

yes, I had found and read that one as well. But in the course of hunting for info, I ran across this 2010 article where it sounds as though BlackBerry itself is saying it works with the governments of countries. Article here Is RIM Allowing Government Spying Or Not? - BerryReview

[badiyee]

yes, I had found and read that one as well. But in the course of hunting for info, I ran across this 2010 article where it sounds as though BlackBerry itself is saying it works with the governments of countries. Article here Is RIM Allowing Government Spying Or Not? - BerryReview

Great! Now we're reviving a dead horse topic which was about BlackBerry setting up servers in countries like India and Indonesia so that the governments can monitor BIS when they have proper warrants without going to the USA / Canada or whatever foreign country to request a monitor of data(not extract) or risk getting banned from operating in these countries (BES and BIS) and fast forward to 2014, this is "evidence" that the NSA is spying on all BlackBerry users.

Great, just great.

[savvy_cowgirl]

No,,,,,that's not evidence. No evidence is needed. I suppose one could just take the NSA at their word. NSA spying flap extends to contents of U.S. phone calls | Politics and Law - CNET News!
They have said what they are doing, well, after they got caught. My question was, if in other countries RIM (at the time) turned over the information asked for in specific warrants, then since the NSA wants everybody's everything, phone, text and probably BBM, would or has BB already turned over the code, keys, whatever so that a BB is now no more secure, or any different than your average android? I'm sorry the question upset you. I'm just trying to sort all this security stuff out. The longest I've managed to make it with an android was about a month or so. I mean seriously, the phone needs permission to access my contacts to use a memo pad app? I like BB, I've had several of them. I'm just trying to sort out what is what. I had thought BBM was secure. It just annoys me that there is no privacy anymore for average citizens and it has become a matter of state security when people BBM their husband to bring milk home from town.

[reversekcid]

AFAIK, BBM allows lawful interception. The term lawful interception is however misleading as shadow courts and shadow legislation are IMHO not lawful but some politicians have a difference opinion on this.

In that sense BBM does not provide more protection against state sponsored adversaries. But unlike some of its competition it provides protection against eavesdropping by non state sponsored criminals ...

I read somewhere that BlackBerry will release a new BBM product for BES which, I guess, will protect enterprise chats with corporate encryption keys so that intelligence agencies can not simply fish BBM for trade secrets.

Posted via CB10

[badiyee]

No,,,,,that's not evidence. No evidence is needed. I suppose one could just take the NSA at their word. NSA spying flap extends to contents of U.S. phone calls | Politics and Law - CNET News!
They have said what they are doing, well, after they got caught. My question was, if in other countries RIM (at the time) turned over the information asked for in specific warrants, then since the NSA wants everybody's everything, phone, text and probably BBM, would or has BB already turned over the code, keys, whatever so that a BB is now no more secure, or any different than your average android? I'm sorry the question upset you. I'm just trying to sort all this security stuff out. The longest I've managed to make it with an android was about a month or so. I mean seriously, the phone needs permission to access my contacts to use a memo pad app? I like BB, I've had several of them. I'm just trying to sort out what is what. I had thought BBM was secure. It just annoys me that there is no privacy anymore for average citizens and it has become a matter of state security when people BBM their husband to bring milk home from town.

If you install a server there, physically the server is under the rules and regulations of the said country. However, the data may not.

Let me point the case of Malaysia. In Malaysia telcos are required to keep a 6 month record of all calls and sms-es. They are not allowed to reveal data. They can say the data originated from so and so, and went to so and so, but they cannot reveal what is in the data, because its considered hacking. In the case of BBM and BIS, it was an efficient, but thin line of legal defense when you have everything that went through a certain amount of encryption, in this case almost double layer (from ISP, and from BIS).

The only legal point the law enforcement can make is when the data was physically there when it was seized, not when it is in transport. This was the key in certain countries trying to gain access to BIS and BES, but BES is a much tougher nut to crack and BlackBerry (back then called RIM) had repetitively restated that even BlackBerry do not have the keys to the BES.
In US i'm made to understand that as long as the data has entered USA, even for passing by, its legal for them to intercept them. Or can somebody enlighten me?