While it is not “VoIP security,” per se, much of the communications market is buzzing this week with news that calls made on Blackberry smartphones can be intercepted by the U.S. government. Many stories have been written, but here’s one:
While many of us in the security community have known that national governments could obtain calls on mobile devices by obtaining a warrant and working with the carrier, the article I linked to mentions the big difference with RIM:
RIM is in an unusual position of having to deal with government requests to monitor its clients because it is the only smartphone maker who manages the traffic of messages sent using its equipment. Other smartphone makers — including Apple Inc, Nokia, HTC and Motorola Corp — leave the work of managing data to the wireless carrier or the customer.
RIM’s encrypted, or scrambled, traffic is delivered through secure servers at its own data centers, based mostly in its home base of Canada. Some corporate clients choose to host BlackBerry servers at other locations.
The issue here seems to be from the articles I’ve read that the United Arab Emirates government is claiming that RIM is not granting them the same surveillance capabilities as other governments.
Not having any connection whatsoever to the situation, I can’t really comment on what all is going on… but it does continue to point out the challenges in our globally interconnected world. Here are mobile devices being used wherever… routing their email messages back through servers apparently in Canada… and desired to be read by governments around the world. All sorts of jurisdiction issues … and so much more…
If you found this post interesting or helpful, please consider either subscribing via RSS or following VOIPSA on Twitter.
can anyone quote case law, precedents, where such communications were obtained through a proper court order in US or anywhere else? large percentage of the people commenting on the RIM vs. UAE seem to think Blackberry communications are impenetrable…
I would like to point out that there are different point of view regarding this situation of RIM:
– India want to intercept and told RIM that they had removed BB if they did not started proving wiretapping service
– UAE want to intercept and told RIM that they had removed BB if they did not started proving wiretapping service
– Saudi want to intercept and told RIM that they had removed BB if they did not started proving wiretapping service
– Russia want to intercept and RIM had to make an agreement with FSB before commercialization
But there are other point of view:
– France blacklisted RIM for government use because of risk related to espionage done by foreign governments ‘friend of RIM’
– Germany blacklisted RIM for government use because of risk related to espionage done by foreign governments ‘friend of RIM’
So it can be understood that different governments have different issues when discussing about RIM.
That’s because RIM is not only a manufacturer but also a service provider.
I wrote some week ago Blackberry Security and Encryption: Devil or Angel:
http://infosecurity.ch/20100707/blackberry-security-and-encryption-devil-or-angel/
where i put some consideration on blackberry security.
Regards,
Fabio Pietrosanti
p.s. i am developing a voice (VoIP) ZRTP encryption client for Blackberry, so i had to knew the platform much in details.