[chopachain]

That has nothing to do with my point. This is not new story here, what is new story is Blackberry willingly GIVING OUT THEIR GLOBAL KEY WHICH MEANS ANY GOVERNMENT CAN SPY ON ANY INDIVIDUAL INDISCRIMINATELY NO MATTER IF HE SUSPECTED CRIMINAL OR NOT. What happens if key leaks to hackers? We already know how unsafe government servers are. We sure as hell know that since they stayed in Pakistan, it only means they caved in and gave out their key.

What Apple is trying to do now is to remove itself from the equation with no security keys kept on their servers, this way requests for information would be futile since the only way of opening a phone or intercepting an encrypted message would require owner to willingly give out his password under court of law.

Meaning I CHOOSE if I want to give out my information to authorities and nobody else.

This is how it should be not forcing companies to do government's bidding without our consent.

We live in a surveillance state. Until humanity gets off their arsis and does something about it. We don't get to choose.

[ronfc]

OT: Cobra-Commander, do you use encryption on Cobra-issued devices?

[Doggerz]

The BlackBerry can do no wrong people are one of two types:

Type 1: no phone is secure
(I agree with this argument)

Type 2: yeah you cant trust BlackBerry but you can trust BBM Protected or BES.
(This is total BS. If you can't trust someone you can't trust them. Chen can get into your physical phone. He can monitor BES, or BBM Protected )

If you were Chenned once, shame on Chen. But if you're Chenned twice then shame on YOU.

Z5 - E6853 / Android 6.0 / T-Mobile USA

[blueberrymerry]

As said before, if BB can quietly give out keys to BBM while still touting its "security", what else can the company do? Is BES really that secure?

Apple's cloud services are encrypted point-to-point but not at rest, so Apple can hand over data on their servers to whoever comes knocking. It's not a question of Apple being worse than BB, it's that BB's only selling point is security when they actually have little of it.

[togarika]

This encryption issue gets me wondering a lot. Here we are arguing about a system that is so secure that governments require cooperation from BlackBerry to get access to information, that is then used to bring to book misguided elements within our society. Calling a law abiding a corporation, bad whilst praising those that are refusing to help, but are selling our information to the highest bidder?

I think we need a reality check.

BB10 or Nothing! BlackBerry Forever!

[web99]

That has nothing to do with my point. This is not new story here, what is new story is Blackberry willingly GIVING OUT THEIR GLOBAL KEY WHICH MEANS ANY GOVERNMENT CAN SPY ON ANY INDIVIDUAL INDISCRIMINATELY NO MATTER IF HE SUSPECTED CRIMINAL OR NOT. What happens if key leaks to hackers? We already know how unsafe government servers are. We sure as hell know that since they stayed in Pakistan, it only means they caved in and gave out their key.

What Apple is trying to do now is to remove itself from the equation with no security keys kept on their servers, this way requests for information would be futile since the only way of opening a phone or intercepting an encrypted message would require owner to willingly give out his password under court of law.

Meaning I CHOOSE if I want to give out my information to authorities and nobody else.

This is how it should be not forcing companies to do government's bidding without our consent.

So this goes back to my earlier point. All phone manufacturers cooperate with the law enforcement authorities. Your cellphone carrier, email, social media and Internet provider do as well.

So I get your anger about BlackBerry, but where does that leave you? What other company are you going to use if they all do it? Ranting on a phone enthusiast forum is rather pointless.

Posted via my BlackBerry Priv

[MmmHmm]

There is a huge difference between complying with a warrant to give access to a particular suspect's communications, and opening a back door for law enforcement to freely access all users' communications. Based on my understanding of the situation, BlackBerry gave a global key to law enforcement to read anyone and everyone's BBM communications. I realize that this happened a number of years ago when the political climate was a little different, but Blackberry is still defending this as consistent with its current stance on the issue. So BlackBerry gives backdoor access to governments with respect to all users, not just particular suspects pursuant to a warrant (unless you pay blackberry a fee for things like Blackberry protected). Good to know.

BlackBerrys stance on this is much less protective of security and privacy than competing tech companies, wherein the trend is toward more security and privacy. So BlackBerrys marketing and touting of itself as the most secure and private is just marketing and nothing more. Again, good to know.

[ADGrant]

The issue here is that for consumers BB phones are less secure than iPhones. So why would a consumer buy a BB phone? What advantage does it offer other than a PKB which seems less useful on a consumer device.

[Foreverup]

The issue here is that for consumers BB phones are less secure than iPhones. So why would a consumer buy a BB phone? What advantage does it offer other than a PKB which seems less useful on a consumer device.

Wow you realize they are different things. BBM is a chat app, which is no different than other one out there. Apple refused to bypass on device security, same as BlackBerry has on there devices.

These aren't the same thing comparing then is like apples and oranges.

[web99]

The issue here is that for consumers BB phones are less secure than iPhones. So why would a consumer buy a BB phone? What advantage does it offer other than a PKB which seems less useful on a consumer device.

All phones can be hacked if one is determined enough to do it. But that is a minority of the reasons why security breaches occur.

Where most security breaches occur is through user involvement such as not setting a password, downloading rogue applications. Another cause is through deliberately modifying the device by jail breaking or rooting a device, which weakens it's security.

Just buying an iPhone, or a BlackBerry or Windows Phone or Android does not necessarily guarantee security. It all comes down to how it is being used and whether or not security policies are being followed..

Posted via my BlackBerry Priv

[Doggerz]

The issue here is that for consumers BB phones are less secure than iPhones. So why would a consumer buy a BB phone? What advantage does it offer other than a PKB which seems less useful on a consumer device.

This is what I asked myself when choosing between the Priv and the Sony Z5 Premium. Once I tried the Priv keyboard and found it to not be the quality of a 9900 (or even close) the. PKB went out of the equation and the Z5 won in all other respects. When you factor in that BlackBerry / Chen works to actively diminish your security it makes leaving BlackBerry an even easier choice.

No phone is secure but why support a company that doesn't even try. At least iPhone had to be cracked from outside. Their CEO isn't a government stooge.

Chen is a disgrace.

Z5 - E6853 / Android 6.0 / T-Mobile USA

[MmmHmm]

Wow you realize they are different things. BBM is a chat app, which is no different than other one out there. Apple refused to bypass on device security, same as BlackBerry has on there devices.

These aren't the same thing comparing then is like apples and oranges.

There is a difference between chat apps. Some use end to end encryption, like iMessage and WhatsApp. Some don't, like BBM. A global key that can simply be handed to law enforcement is a good example of reasons end to end encryption is better. In an apples to apples comparison of chat apps, BBM falls short on security and privacy. I don't trust BlackBerry anymore when it comes to security and privacy, and that's a big problem for BlackBerry, since it is trying to market itself as secure and private. The CEO keeps commenting in ways that contradict the marketing. It's bizarre.

[Dunt Dunt Dunt]

The problem for Chen is...

1) Who decides what governments to support?
2) Who decides what "crimes" warrant BlackBerry stepping in? Chen may have to hire hundreds of lawyers and tech support people...
3) What happens if a request is turned down by BlackBerry, and that suspect goes on to kill 100 people in a plane?

I guess if BlackBerry can charge for their "law enforcement support" they might be able to find a way to increase earnings?

[anon(9188202)]

And a once-iconic Canadian company dies just a little more...

[Tabdus]

OT: Cobra-Commander, do you use encryption on Cobra-issued devices?

Looooooooool......I'm dead!

Posted via CB10

[anon(9188202)]

Donald Trump should hire Chen to head up his team's public relations.

Posted via CB10 with my awesome Passport

[Troy Tiscareno]

In the case of iCloud, the data is encrypted - well - but Apple holds the keys, and will comply with (what Apple determines to be) valid law enforcement requests for access to data from specific accounts. What they do not do is allow wholesale access by giving away the encryption keys.

[Dunt Dunt Dunt]

Donald Trump should hire Chen to head up his team's public relations.

Posted via CB10 with my awesome Passport

I don't know about Trump.....

But it is funny the way Chen says something kind of matter of factly, and they soon after has to revisit what he said with some positivity clouded in vagueness. I think Chen want's to be more honest and open with shareholders and customers... than is really wise in his position. And the PR team has a tough time keeping him in check.

[early2bed]

So, does the Priv really offer more privacy than most smartphones? Highly debatable. BlackBerry would have been better of naming it the Keybo.

[Superdupont 2_0]

The problem for Chen is...

1) Who decides what governments to support?
2) Who decides what "crimes" warrant BlackBerry stepping in? Chen may have to hire hundreds of lawyers and tech support people...
3) What happens if a request is turned down by BlackBerry, and that suspect goes on to kill 100 people in a plane?

I guess if BlackBerry can charge for their "law enforcement support" they might be able to find a way to increase earnings?

I fully agree with you and the OP.

Maybe back in 2010 there was a "situation", so it was perhaps in everybodys best interest to share the 3DES encryption key for consumer BBM with LEA. And that is the past and we could actually forget about it, but John Chen's recent opion (in short: sharing the key with LEA okay) is just a shock for me!

A few months ago he was saying "We don't ever share the content, we only share the data surrounding the content, locations, who's talking to whom, etc. For every day good people, you have nothing to fear about privacy with us."
See http://forums.crackberry.com/blackbe...video-1054648/

He could have added "but we don't control this process, because LEA has the encryption keys, which is okay for us."


For various good reasons the normal procedure should be that LEA asks BBRY to decrypt selected and specific traffic based on a proper warrant... that means the lawyers from BBRY must doublecheck, whether LEA has a legitimate reason to invade the privacy of the concerned user(s).
And typically BBRY should be able to charge for that extra work.

It seems many criminal organisations and corrupted enterprise have used BBM in the past, but sorry, you have to this extra work.

[web99]

I don't know about Trump.....

But it is funny the way Chen says something kind of matter of factly, and they soon after has to revisit what he said with some positivity clouded in vagueness. I think Chen want's to be more honest and open with shareholders and customers... than is really wise in his position. And the PR team has a tough time keeping him in check.

In terms of CEO Chen, he does have the tendency for make "off the cuff" remarks, but then again it's the way he has always been. Even from his days as CEO of Sybase. So that aspect of his personality is nothing new.

Regarding the shareholders, Prem Watsa initially brought him into BlackBerry from out of retirement and the shareholders approved his appointment.

At the annual BlackBerry shareholders meeting they do have the opportunity to either approve or reject John Chen remaining as BlackBerry CEO. At the last 2 meetings they have unanimously approved him remaining as CEO and chances are that they will approve him at the meeting in June of this year.

My point is that if the shareholders had any doubt in what he was saying or lack of faith in the direction he was talking BlackBerry, he would have been ousted long ago.

The perception of CEO Chen on CB does not necessarily align with the perception of him among BlackBerry's shareholders.

Posted via my BlackBerry Priv

[app_Developer]

In the case of iCloud, the data is encrypted - well - but Apple holds the keys, and will comply with (what Apple determines to be) valid law enforcement requests for access to data from specific accounts. What they do not do is allow wholesale access by giving away the encryption keys.

They don't have access to keys anymore. This was all changed a couple of years ago, in part because many of us wouldn't have participated with Apple Pay if they didn't change this.

Currently the way keys are shared between devices is by sending the keys as messages from device to device (your iPad to your new iPhone, for example). So those keys are not visible to Apple. So for the content that is in iCloud, Apple never sees the keys used to encrypt that content.

You can choose to backup the keystore itself in case you lose all of your Apple devices at once. In that case the keystore is encrypted with a key derived from your iCloud security password and an external HSM which Apple doesn't control. If you're particularly paranoid, and don't trust the Apple doesn't control the HSMs, then you can even omit that part by using a stronger random iCloud password on your own. If you do that, the Apple omits the HSM step, and the only way to restore your keychain is with your own strong key.

The parts around Apple Pay are omitted from the backup process and can only be sent device to device directly using the hardware keys on each device.

(And of course in an enterprise environment all of this syncing can be disabled if needed.)

[dejanh]

I've been saying for years that BlackBerry just claims security but does not substantiate it with anything. While lack of proof isn't proof in itself, a responsible entity that wants to maintain trust between it and the users of its services would have done something to demonstrate how or why they are a better choice for the users than the competition. BlackBerry has never done that, and even worse, has eroded that trust even further with some of the more recent statements, positions on important matters, and similar.

[app_Developer]

I've been saying for years that BlackBerry just claims security but does not substantiate it with anything. While lack of proof isn't proof in itself, a responsible entity that wants to maintain trust between it and the users of its services would have done something to demonstrate how or why they are a better choice for the users than the competition. BlackBerry has never done that, and even worse, has eroded that trust even further with some of the more recent statements, positions on important matters, and similar.

To me it's a little like car safety. When I was a kid, here in the US, you bought a Mercedes or Volvo if you wanted to keep your family safe. Some of that was marketing, but there were also things like airbags and ABS and crumple zones and multilink suspensions which were introduced on these cars and weren't available on other cars. There were real technical reasons that they were safer than the average family car.

Now it's changed. Mercedes are still quite safe, but all these safety features are also easily available on many other cars. So many cars have collision detection. All cars have airbags. Most cars have stability controls. Most cars have brakes that exceed the tire's capacity to slow down, at least in street use. So it's not so clear now that you should buy a Mercedes to keep your family safe.

I think we're seeing a similar narrowing of the gap in phones. I don't know that using an iPhone is really less safe now than using a BB.

[bakron1]

To me it's a little like car safety. When I was a kid, here in the US, you bought a Mercedes or Volvo if you wanted to keep your family safe. Some of that was marketing, but there were also things like airbags and ABS and crumple zones and multilink suspensions which were introduced on these cars and weren't available on other cars. There were real technical reasons that they were safer than the average family car.

Now it's changed. Mercedes are still quite safe, but all these safety features are also easily available on many other cars. So many cars have collision detection. All cars have airbags. Most cars have stability controls. Most cars have brakes that exceed the tire's capacity to slow down, at least in street use. So it's not so clear now that you should buy a Mercedes to keep your family safe.

I think we're seeing a similar narrowing of the gap in phones. I don't know that using an iPhone is really less safe now than using a BB.

I tend to agree with you on this one, it seems like every month we are seeing another software bug whether it's Android, IOS or any other platform that can affect your personal security on your devices. Bottom line is you don't download attachments and/or accept any emails or text from folks you don't know and have strong passwords.

But with the way that technology is changing so fast, that may not be enough defense into the future? This latest S7 exploit is serious and the carriers have known about it for some time, as far as I concerned with the money these carriers are making on a yearly basis, they should make sure the cell networks are secure from future exploits like the S7 bug.