

Schneier on UAE to Ban BlackBerrys - bensummers
http://www.schneier.com/blog/archives/2010/08/uae_to_ban_blac.html

======
RyanMcGreal
Bonus feature: "For the record, I have absolutely no idea what this quote of
mine from the Reuters story really means".

~~~
konad
It means the person listening to Bruce had absolutely no idea what he was
saying so when s/he paraphrased it, they just took words out.

~~~
philwelch
And they complain that journalism is a dying profession.

------
oozcitak
Related: In 2009, Etisalat prompted its UAE BlackBerry users to install a
surveillance application disguised as a performance update[1]. The update
resulted in crashes and lowered battery life resulting in RIM to issue its own
update to remove it.

[1]: <http://news.bbc.co.uk/2/hi/8161190.stm>

------
adolph
Schneier and WSJ seem to put an emphasis on the concept of government interest
in monitoring its citizens (or subjects in the U.A.E. I guess). The internal
motivations for this action may be different. For example, maybe the U.A.E.
sees BB as a bit of critical infrastructure that they don't want other
countries to be able to monitor.

First article: "The U.A.E. acted after RIM refused to set up a proxy server in
the country as required by its 2007 contract with telecom provider Emirates
Telecommunications Corp., a majority of which is owned by the government,
according to the person familiar with the situation."

Second article: "The U.A.E. wanted RIM to locate servers in the country, where
it had legal jurisdiction over them; RIM had offered access to the data of
3,000 clients instead, the person said."

~~~
poiuyhgrftghjk
It can also have other legal implications. We (a non-US company) just got
informed by legal that we shouldn't email copies of our patents internally
because our email supplier is in the US - and any of our patents could be
regarded as US property.

So a contract sent on a Blackberry between two UAE parties - could come under
Canadian law.

------
Herring
_> RIM makes a big deal about how secure its users' data is, but I don't know
how much of that to believe:_

It sounds like RIM is describing normal public key encryption. I'm not sure
why Schneier thinks they have the plaintext, though admittedly "customer data"
could refer to anything.

~~~
unwind
Since you're presumably entering the data (i.e., email text) using a
BlackBerry device, running an RIM-developed operating system, device drivers
and so on, RIM most likely "have" your data.

At least that was how I interpreted it, and it makes sense to me.

~~~
jonknee
Especially considering on the other end your email comes out as plain text
(it's not a requirement to send to other BB devices). Perhaps their messager
service works completely encrypted, but as far as emails go that's surely not
the case.

------
sspencer
He makes an excellent point about that nonsense 'even we at RIM don't see the
unencrypted data' which RIM seems to think convinces people. How can makers of
the software doing the encryption not know the plaintext?

~~~
bensummers
By not having control over the endpoints where the data is encrypted and
decrypted, and being trustworthy.

Microsoft don't have the plaintext of Windows user's SSL encrypted web
browsing, but they could if they changed their software to send them the
plaintext too.

------
atomical
How would a startup go about selling monitoring services to the UAE
government?

~~~
brown9-2
Considering that the traffic is encrypted between the devices and RIM's
servers, you'd have to try to 1) break the encryption or 2) gain access to
RIM's internal network, and 3) check your morals at the door. Good luck.

~~~
atomical
I wasn't asking specifically about this situation. I was considering niche
markets like P2P. I know the government blocks torrents but I have seen many
clients on the Gnutella network that are from the UAE.

------
CamperBob
RIM should sit tight and do nothing, IMO. Those 500,000 users are likely to be
the most important movers and sheik'ers in the Saudi kingdom. When their
Blackberry service goes dark, the government absolutely will be held
accountable.

------
GrandMasterBirt
To be completely honest, I think this is a ploy by RIM to make them seem
insanely secure. So secure that paranoid countries want to ban them because
they can't evesdrop on their people.

