I see that BBM has been associated with spreading of the riot.
I also recall that some governments, notably UAE, Saudi Arabia and India, previously asked RIM to hand over their encryption technology so that contents of BBM can be examined.
I understand that BBM texts are encrypted and are passed only via RIM servers in Canada. So govt. needs to request to RIM if they want to track the contents of message, sender's and recipient's info.
But same logic applies to emails sent via Gmail, Yahoo etc. and any instant messaging system. So what makes Blackberry special and more risky?
|
Gmail, Yahoo, Hotmail et al, Emails are not encrypted and can be ( and are when required ) read live on the fly through network interception techniques, or pulled from servers in plain text.
You cant do that with BB mail or texts, they are encrypted from handset outwards. Sniffing (live capture) or recovery from servers just reveals encrypted data. You need to have a BB key and access to BB servers.
Which GCHQ have.
Last edited by: VxFan on Wed 10 Aug 11 at 12:48
|
>> Gmail, Yahoo, Hotmail et al, Emails are not encrypted
If someone is sending sensitive messages, won't he encrypt it anyway?
I understand that people do send plain text mails by default, but government won't bother reading every Tom, Dick, Harry's mails anyway.
|
>> >> Gmail, Yahoo, Hotmail et al, Emails are not encrypted
>>
>> If someone is sending sensitive messages, won't he encrypt it anyway?
If using the phone you dont have the option. No encryption client on the phone because there is no encryption client at the other end.
>> I understand that people do send plain text mails by default, but government won't bother
>> reading every Tom, Dick, Harry's mails anyway.
In the normal run of things of course not. They will selectively target according to the threat and other intel. BUt they can target by area of dispatch!
Good encryption stumps the power to be. Kiddy porners are now encypting hard drives, and without the key the stuff remains hidden and is styming the authorities. Ditto encrypting emails.
No key no instant access.
|
I see this in newspapers
Unlike social networks such as Facebook and Twitter, messages sent through BBM cannot be traced back to the sender.
Are they not traceable even by RIM?
|
|
Maybe in an emergency the government should simply have the power to shut down all non-official communication systems?
|
>> Maybe in an emergency the government should simply have the power to shut down all
>> non-official communication systems?
They have the power and the means. Its a feature built into the mobile phone networks. That kills the mobile comms systems dead. All that's left is the home internet which is not mobile and very hard to kill.
Last edited by: Zero on Wed 10 Aug 11 at 10:37
|
>>
>> They have the power and the means. Its a feature built into the mobile phone
>> networks. That kills the mobile comms systems dead. All that's left is the home internet
>> which is not mobile and very hard to kill.
>>
And if they don't want to kill it dead but monitor traffic all mobile networks have a lawful interception gateway provided for the purpose.
|
>> I see this in newspapers
>>
>> Unlike social networks such as Facebook and Twitter, messages sent through BBM cannot be traced
>> back to the sender.
>>
>> Are they not traceable even by RIM?
Yes they are. In theory they don't have to be because its peer to peer messaging, but to get from one peer to another it has to go through a server. It could just be passed through with no staging but its not.
|
I cant think of the law at the moment, but there is a law requiring holders of encrypted data to hand over the key to the courts or face porridge.
I suspect they might wave this in RIM UK's direction or even use it against the individuals - i.e. you sent this encrypted data, what is the key - of course they won't know what it is, so hopefully automatic porridge!
Sorry, should stop the wishful thinking!
|
I see the Blackberry website was hacked with a message basically saying "help the police and your employees will suffer".
www.infowars.com/blackberry-website-hacked-as-company-pledges-to-help-cops-find-brit-rioters/
and many other news sites
|
The UK has a large centre in Cheltenham which I suspect regularly decodes encrypted messages...
And lots of CCTV
And computers to scour blogs and Facebook etc...
And no doubt an alanlysis of ebay sales...
|
>> And no doubt an analysis of ebay sales...
>>
...for DSS & HMRC uses!
|
...I cant think of the law at the moment, but there is a law requiring holders of encrypted data to hand over the key to the courts or face porridge...
There is such a law, and this lad was locked up for defying it:
www.dailymail.co.uk/news/article-1318103/Teenager-jailed-refusing-police-password.html
|
>> I understand that people do send plain text mails by default, but government won't bother
>> reading every Tom, Dick, Harry's mails anyway.
>>
>>
But they will be scanned for key words.
|
>> regularly decodes encrypted messages
AFAIK, BBM messages are almost impossible to decode even with military power.
That's why so many countries are pressuring RIM to hand over their encryption details.
Many encryption mechanisms of today are uncrackable. They require brute force power to decrypt and even with supercomputers may take several years.
|
Yeah, you need the key.
But for the UK and US RIM have agreed to provide access. It was a requirement of getting gov contracts,
|
|
Maybe I'm missing something but why can't the police use the phones of the rioters they have arrested, to receive the BB messages that are broadcast widely?
Last edited by: merlin on Wed 10 Aug 11 at 13:41
|
|
Probably infringes their human rights.....
|
Gmail uses SSL for its email service.
Not 100% secure of course, but enough for ordinary communication.
|
Emails sent from Google to somewhere else is not encrypted - the message will be as text. Your connection to Google's email servers when using a web browser will be encrypted. Two different things.
If you need to send a message that is encrypted and cannot be intercepted I suggest you use something like PGP.
|
I use Thunderbird and Gmail's pop & smtp servers. I do not use Gmail as web-mail, unless away from my home PC, or if I wish to check on a message which I have deleted from Thunderbird, but left on my Gmail account as back-up.
Outgoing and incoming mail to my PC IS encrypted - in fact I have to allow for this in the settings of my Avast! Internet Security, as SSL communications may not normally be scanned by anti-virus programs. (Avast! can do this, if set up so to do).
|
>> Outgoing and incoming mail to my PC IS encrypted
What encryption do you use? PGP? Unless you use an encryption method like that, somewhere along the line from sender to recipient, you have your pants down. Might as well not bother.
Last edited by: Zero on Wed 10 Aug 11 at 17:13
|
Zero, that's exactly what I was getting at. He thinks his emails are encrypted and they will be between him and Google. From then on it isn't encrypted. Since the backbone of email sending (as you know Z) is SMTP, the messages are sent unencrypted.
Hence why I mention PGP.
|
Regarding Blackberry Messenger - Zero
