1. Reed McLay's Avatar
    Information Warfare Monitor (Citizen Lab and SecDev Group) Announces RIM Monitoring Project

    Information Warfare Monitor (Citizen Lab and SecDev Group) Announces RIM Monitoring Project

    Recently a number of governments have threatened to ban Research in Motion’s BlackBerry services if the company does not make encrypted BlackBerry data and other content available to state authorities. A major concern of these regimes is that BlackBerry data can be encrypted and routed through servers located outside of their jurisdictions. Unconfirmed reports have circulated that RIM has made data sharing agreements with India and Saudi Arabia and the United Arab Emirates. Other countries are also requesting the company locate data centres within their jurisdictions.

    The RIM Check (https://rimcheck.org/) Web site is a research project designed to gather information on how traffic exits the BlackBerry network depending on the country in which the user is located. The findings from this project will be published and made publicly available.

    The project is being conducted by the Information Warfare Monitor and the Web site is maintained by the Citizen Lab at the Munk School of Global Affairs, University of Toronto.

    ...
    Bloomberg:

    Citizen Lab is teaming to perform the research with Information Warfare Monitor, a venture between the university and SecDev Group, an Ottawa-based think tank focused on security issues. The lab helped uncover a cyber-espionage plot against India’s government earlier this year that involved computers in China.
    https://rimcheck.org/

    This will be very interesting, data can be collected, particularly from Europe, the Middle East, Asia and the Pacific region. The Browser connection is secure and private. It reports back only technical information about your BlackBerry to establish the endpoints of connection to the 'net.

    The information will establish a base line condition. If anything changes, we will all know about it.

    The IP address reported can be decoded at:

    IP Address Lookup (IPv4 & IPv6)

    Canada reports:

    IP : 68.171.235.176
    Host : 68-171-235-176.rdns.blackberry.net
    Country : Canada
    UK contact reports: UK

    Australia contact reports:

    IP : 206.53.152.2
    Host : 206-53-152-2.rdns.blackberry.net
    Country : Canada
    Qatar contact reports:
    IP : 78.100.***.***
    Host : ?
    Country : Qatar
    10-23-10 10:44 AM
  2. JRSCCivic98's Avatar
    Didn't Jim Balsillie graduate from UT?
    10-23-10 03:18 PM
  3. stuaw11's Avatar
    I have a real issue with RIM on this one. They come out criticizing people like Apple for having too much control over their users, but then they go telling countries how to run their countries. I get some things Apple does- no porn in apps or itunes content. I get that, there is no good way failsafe way to prevent underage kids from downloading it, and if they did Apple as distributer could be sued. I get some of their restrictions, or at least the basis for it.

    Now I'm not saying I personally agree with the way other countries operate, but that's their right to operate that way, and not any nation (or RIM's) right to change their culture and political setup. This sounds a lot like the US invading Iraq and trying to change them to be another "us." Yes Sadaam was terrible, but I dont think forcing them into our way of life is the answer either, we have no right to police the world. I don't know the laws in those countries but I know in very few do people have the amounts of freedoms we have in the US (and Canada).

    I dont think RIM has any right to tell any government how to treat it's citizens. If they want control over the data then they do. I believe in privacy and all the Constitutional rights, but better dang believe if hypothetically the US government could prevent big crimes and death then Im all for them getting the data (emails, texts, etc) to prevent that. If youre doing something bad you want to hide, any electronic communications isnt best the answer anyways.
    Last edited by stuaw11; 10-23-10 at 03:35 PM.
    10-23-10 03:26 PM
  4. avt123's Avatar
    I would prefer to keep the US government (or any government) as far away from my personal life as possible. But, they know everything already anyways.
    10-23-10 03:31 PM
  5. stuaw11's Avatar
    As would I, but if that means they can, when they have good reason, access data to prevent horrible events, then Im all for them at least having the option to access that.

    There are too many people in most nations for everything, or even anything, you do to be spied on at all times. The theory of this is really to prevent harm to other people and prevent things that can be prevented
    10-23-10 03:36 PM
  6. JRSCCivic98's Avatar
    I have a real issue with RIM on this one. They come out criticizing people like Apple for having too much control over their users, but then they go telling countries how to run their countries. I get some things Apple does- no porn in apps or itunes content. I get that, there is no good way failsafe way to prevent underage kids from downloading it, and if they did Apple as distributer could be sued. I get some of their restrictions, or at least the basis for it.

    Now I'm not saying I personally agree with the way other countries operate, but that's their right to operate that way, and not any nation (or RIM's) right to change their culture and political setup. This sounds a lot like the US invading Iraq and trying to change them to be another "us." Yes Sadaam was terrible, but I dont think forcing them into our way of life is the answer either, we have no right to police the world. I don't know the laws in those countries but I know in very few do people have the amounts of freedoms we have in the US (and Canada).

    I dont think RIM has any right to tell any government how to treat it's citizens. If they want control over the data then they do. I believe in privacy and all the Constitutional rights, but better dang believe if hypothetically the US government could prevent big crimes and death then Im all for them getting the data (emails, texts, etc) to prevent that. If youre doing something bad you want to hide, any electronic communications isnt best the answer anyways.
    I agree with the bold part. However, I don't think it's right to have any country out there chastise a perticular sex because they can. (i.e. treating women like isht, which is what Muslim based countries do) And no, this has no bearing on my sex at all, it has to do with it being 2010 and you really need to find something more constructive to do with your brain then come up with stupid isht like covering up your women and beating them for going out into the public.

    However, with all that said, the US and free countries for that matter have a bad idea when it comes to trying to improve the ways of other countries. The US tends to go in and impose Democracy as a way of life and THIS is what the other countries have a problem with. What we should be doing is going in there and figuring out why they're so stupid to think the way they do for some things in life. Just because someone wrote some crap in a book which was written so many years ago, doesn't mean you need to be following that crap in today's world. There is NOTHING in ANY religious book that dictates what is best for the human life AS a human life. It's all based on control of one over another, even the idea of GOD is that... the control of an overlord over someone of lesser quality. That's BS man! That's the crap that causes conflict in the world. We should be practicing "betterment of mankind", not belief in a GOD that's not EVER proven to be true.

    But now I'm sidelining this entire thread a bit... sorry for that, but I wanted to share my view of where we really need to be in the 21st century... after all, we're not exactly rubbing sticks together to make fire anymore.
    10-23-10 03:47 PM
  7. stuaw11's Avatar
    No I agree Civic but its that country's politics and legal system if and how they get access to private communications. They dont follow the US constitution, rights to privacy, warrants, etc. where we have a lot of rights as citizens to protect us from the government.

    But RIM simply cant refuse to comply with other governments who don't follow our way of political and legal system because they dont agree with it or some corporate montra.
    10-23-10 03:49 PM
  8. JRSCCivic98's Avatar
    No I agree Civic but its that country's politics and legal system if and how they get access to private communications. They dont follow the US constitution, rights to privacy, warrants, etc. where we have a lot of rights as citizens to protect us from the government.

    But RIM simply cant refuse to comply with other governments who don't follow our way of political and legal system because they dont agree with it or some corporate montra.
    Ya, but what happens to people who aren't citizens of said countries when they enter those countries. Are we supposed to give up our rights as citizens of the US and its Constitutional rights simply because we're now under the umbrella of another country for a set period of time? This is where International law gets involved, but a lot of these countries bend those rules and even impose different views on what visitors of their country can and cannot do. Some of these views aren't even criminalistic ones (not real crimes anyway). So, should tourists or business travelers be considered citizes of their own country of origin and be protected by those rights or should we be considered temporery citizes of the country we're entering and be held to those standards, regardless of what they may be? Also, should that consideration be one of "elective manner" (i.e. choosing to respect the rules of where you are simply because you choose to do out of respect rather then one of being forced to do it) or should it be an imposed thing that we're just expected to follow if we want to enter those countries.

    In situations like this, when technology is involved, it's often VERY hard to design a dynamic system which can change the way it behaves based on certain criteria. For example, a human official may elect to allow a person not of their country to behave in a certain manner or to have certain provisions which go against their local juristictional processes (something like diplomatic immunity), but how much custom programming and how much "AI" like behavior can you put into a non-biased computer system to treat conditional aspects such as these? That's the problem here really. A program is Ones and Zeros, Black and White, it's very hard to program the grey area at our current intellectual level.
    10-23-10 04:01 PM
  9. CanuckBB's Avatar
    Ya, but what happens to people who aren't citizens of said countries when they enter those countries. Are we supposed to give up our rights as citizens of the US and its Constitutional rights simply because we're now under the umbrella of another country for a set period of time? This is where International law gets involved, but a lot of these countries bend those rules and even impose different views on what visitors of their country can and cannot do. Some of these views aren't even criminalistic ones (not real crimes anyway). So, should tourists or business travelers be considered citizes of their own country of origin and be protected by those rights or should we be considered temporery citizes of the country we're entering and be held to those standards, regardless of what they may be? Also, should that consideration be one of "elective manner" (i.e. choosing to respect the rules of where you are simply because you choose to do out of respect rather then one of being forced to do it) or should it be an imposed thing that we're just expected to follow if we want to enter those countries.
    It's actually quite clear. When in a foreign country, you are under the laws of that country. Full stop. The only exceptions are diplomatic staff, and that protection can be withdrawn by the home country.
    10-23-10 11:26 PM
  10. TheScionicMan's Avatar
    Wasn't it the NOC List that Tom Cruise was trying to get a hold of in Mission Impossible? Be careful with this project...

    10-24-10 12:51 AM
  11. the_sandman_454's Avatar
    It will be interesting to see where RIM's servers really are located.

    The idea that RIM may somehow be compelled to give up encrypted or other data strikes me as unacceptable.

    I hope I don't live to see the day the general public in the US welcomes Government snooping into their lives, even if it will prevent bad things. They know entirely too much as it is.

    I was really hoping to see RIM say no to all requests for further access.
    10-24-10 01:11 AM
  12. CanuckBB's Avatar
    I don't like the decision either, but from a business point of view, it makes sense.

    They're giving access to BBM and BIS. It affects mainly local users. Users using BES are unaffected as RIM does not have the BES keys.
    10-24-10 10:26 AM
  13. JRSCCivic98's Avatar
    So, what makes a BES user better then a BIS user? Why should they be treated differently simply because RIM can decript one transmission and not another? Why should they play favorites on those two camps of users because countries ask them to?

    Basically what's happening here is RIM has sold out BIS in favor of keeping BES users onboard so that they don't loose that business in those countries. Am I missing something here? I don't think so...
    10-24-10 10:51 AM
  14. nomi1978's Avatar
    I think this is all speculation. I am going to reserve comment until I really know what transpired. Some people say they got servers in the local countries other are saying something else. So we really don't know what has happened. Secondly, every country has their own laws, and you have to be bound by them. All manufacturers must be doing something, RIM just got dragged into the public eye.

    And correct me if I am wrong but all data goes through the Carriers would they not have the ability to look at data if they were required to by the government. We see all these articles and on 20/20 how the US basically taps anyones line that they see is a security risk, how is this any different. I am just trying to understand the whole issue.
    10-24-10 10:59 AM
  15. JRSCCivic98's Avatar
    I think this is all speculation. I am going to reserve comment until I really know what transpired. Some people say they got servers in the local countries other are saying something else. So we really don't know what has happened. Secondly, every country has their own laws, and you have to be bound by them. All manufacturers must be doing something, RIM just got dragged into the public eye.

    And correct me if I am wrong but all data goes through the Carriers would they not have the ability to look at data if they were required to by the government. We see all these articles and on 20/20 how the US basically taps anyones line that they see is a security risk, how is this any different. I am just trying to understand the whole issue.
    Well, one thing to remember is at one time US BIS users had IPs that belonged to Canadian networks. Since about 1-1.5 years ago, that's changed with indication that IPs for BIS browser users are not US based for US handsets. So, while that change could have been done to allow network traffic to work for regional limited programs (some streaming radio apps didn't allow CA based access, so BB access for everyone in the US would be locked out as well) it's not hard to see that BIS proxy servers can be placed anywhere if need be. We can't even be sure where they may be in terms of who's building it's in. Is it a RIM building? Is it a carrier building?

    The NOC infrastructure is so diverse that it's no longer as simple as handset>carrier network>internet. For BB it's handset>carrier network>NOC>internet. The big question is that NOC location is not always a single hop and could be quite diverse in terms of where it is and who has access to it. As far as I'm concered, RIM is saying BES is safe, but BIS isn't... so, what makes BB a better solution over another platform when it comes down to the consumer level? I think this is what most people are concerned about, especially since we were told one thing when we bought a BB or saw one advertised or depicted in terms of security of the device in the news and press. Remember that there's quite a few BIS users out there that have a work email account configured on it via BIS. If that traffic can now be sniffed simply because the BIS server does the polling, that now makes that device and connection less secure then another handset that would be making direct SSL connections to the mail server itself rather they relay though a polling server (which is what BIS is). This is I think the real problem here.
    10-24-10 11:14 AM
  16. Reed McLay's Avatar
    I think this is all speculation. I am going to reserve comment until I really know what transpired. Some people say they got servers in the local countries other are saying something else. So we really don't know what has happened. Secondly, every country has their own laws, and you have to be bound by them. All manufacturers must be doing something, RIM just got dragged into the public eye.

    And correct me if I am wrong but all data goes through the Carriers would they not have the ability to look at data if they were required to by the government. We see all these articles and on 20/20 how the US basically taps anyones line that they see is a security risk, how is this any different. I am just trying to understand the whole issue.
    That is exactly the point of this research.

    One of two conditions exists. Either Research in Motion maintains a single NOC located in Canada, or it doesn't.

    So far, none of our members have reported an endpoint IP address that is not located in Canada.

    10-24-10 12:07 PM
  17. WillieLee's Avatar
    So, what makes a BES user better then a BIS user? Why should they be treated differently simply because RIM can decript one transmission and not another? Why should they play favorites on those two camps of users because countries ask them to?

    Basically what's happening here is RIM has sold out BIS in favor of keeping BES users onboard so that they don't loose that business in those countries. Am I missing something here? I don't think so...
    You're missing a lot.
    10-24-10 01:05 PM
  18. JoelTruckerDude's Avatar
    You're missing a lot.
    Then why don't you enlighten us....
    10-25-10 05:25 AM
  19. Branta's Avatar
    I dont think RIM has any right to tell any government how to treat it's citizens.
    AFAIK this has never been the RIM position, and they will cooperate with legitimate government requests. Practicality and cost are the problem, particularly with arrogant demands for "instant access" (see the recent reports mostly from middle east and asia). Instant gratification... No! Properly planned and implemented solutions... Negotiable.
    10-25-10 09:14 AM
  20. Branta's Avatar
    Ya, but what happens to people who aren't citizens of said countries when they enter those countries. Are we supposed to give up our rights as citizens of the US and its Constitutional rights simply because we're now under the umbrella of another country for a set period of time?

    Your question works both ways... should citizen-residents of other countries keep their home-nation rights when they visit USA, or are they subject to local US law?

    The answer is simple. Follow the laws applicable to you, wherever you happen to be.
    10-25-10 09:26 AM
  21. i7guy's Avatar
    Ya, but what happens to people who aren't citizens of said countries when they enter those countries. Are we supposed to give up our rights as citizens of the US and its Constitutional rights simply because we're now under the umbrella of another country for a set period of time? [snip].
    It's actually very clear. Take a flight to Singapore, exit the airport, chew gum and then spit it out in front of the police.

    Unless you are granted diplomatic immunity you are always bound by local laws.
    10-25-10 09:37 AM
  22. Reed McLay's Avatar
    Qatar contact reports:
    IP : 78.100.***.***
    Host : ?
    Country : Qatar
    10-25-10 11:20 AM
  23. the_sandman_454's Avatar
    Qatar contact reports:

    So basically, that looks promising so far for everyone not in Qatar or other areas that have been giving RIM grief about better access.

    At least I would assume it means that they only get to see the local traffic from the local telecom companies that gets routed through their own national BIS NOC. The other way RIM would have had to find a way to segregate traffic on the Canadian servers by nation the subscribers were from or throw everybody under the bus.

    Interesting...
    10-25-10 11:31 AM
  24. Reed McLay's Avatar


    This is BlackBerry Internet Service (BIS) as documented.

    Access to the Internet is through the NOC in Canada. Prior to that, they are encrypted packets on the carriers network. That is subject to interception at the source, but a challenge to interpret.

    I suspect my Qutar contact is reporting the results of a BES connected device. It would make sense for his corp/gov host to supply the Internet connection.

    10-25-10 12:45 PM
  25. stuaw11's Avatar
    AFAIK this has never been the RIM position, and they will cooperate with legitimate government requests. Practicality and cost are the problem, particularly with arrogant demands for "instant access" (see the recent reports mostly from middle east and asia). Instant gratification... No! Properly planned and implemented solutions... Negotiable.
    Well I didn't mean they are literally telling a government what to do.

    The issue, as shown in the new Turkey "conflict" is even with a good reason/warrant/whatever you want to call it, the data is still encrypted requiring RIM to unencrypt it an their unwillingness to honor that.

    It's more honoring other country's requests, and not interjecting RIM's own morality standards on what or what should not be unencrypted and given out. It sounds like RIM is more trying to police people's data rather than letting their respective countries and laws dictate that, which is how it should be. We (or they RIM) may not agree with other country's laws (or lack there of) regarding warrants, privacy, etc.; but that's no excuse not to honor them.
    Last edited by stuaw11; 10-25-10 at 02:12 PM.
    10-25-10 02:07 PM
27 12
LINK TO POST COPIED TO CLIPBOARD