The United Arab Emirates has decided that BlackBerry handsets constitute a threat to national security, and is considering an outright ban. The UAE regulator has made explicit its fears, in a statement to local media picked up by the Associated Press, that users might "abuse" the BlackBerry service to place their communication …
"managed by a foreign, commercial organisation"
thank you, this is the reason I have an issue with EU and even USofA officials using the BlackBerry, it might not be foreign entity to them, but it is a "commercial" entity.
oh, and before someone point the finger at the UAE, remember that the USofA already have access to those servers. The more worrying part is... the USofA have access to EVERYONEs emails as long as they are routed though the US servers. The UAE at the very least, just wants access to their own emails.
"oh, and before someone point the finger at the UAE, remember that the USofA already have access to those servers."
... except they don't, because those servers are in Canada.
If the servers are located in Canada then the US can do whatever they please to them. If you were Canadian you'd know that our government sold our sovereignty to the Americans a long time ago. I disapprove strongly of our weak-willed American-pandering government, but I do recognise reality for what it is.
Canadian-based RIM servers are for all intents and purposes based in the US. The only difference (might) be that the requesting agency fill out an additional form before gaining access.
Remember that Halliburton has moved to the UAE and they may have taken Canada with them as backup air conditioning for their iPads. That's what I would have done.
Daniel B.'s Geography FAIL
".. except they don't, because those servers are in Canada."
srp.na.blackberry.net seems to be in the USA, not Canada.
So the implication of all this is...
So the implication of all this is that the authorities in the United Arab Emirates already have full access to everything all UAE iPhone and Android users do/say/store on their phones. Great!
AC, 27th July 2010 15:04 GMT
I don't know how to break this to you, but law enforcement agencies *need* to have the ability to check your emails and SMSs, as long as they have a reason to do so. The problem here is, they can't do this even if they have a court order.
since the servers are in the USofA and the UK, both countries are not complaining. But other countries are having a problem. Drug dealers can just buy BlackBerrys and they will be beyond the eyes of law enforcements, unless the law enforcements agencies get their hand on the physical handset.
that is why some countries wish to host their own RIM servers, so that law enforcement agencies can carry out their duties (hopefully with a court order).
Who is reading your email?
Yes - and not just iPhones and Androids but Internet access in general. Their problem with Blackberries is that communication between the device and the outside world is via a proprietary and encrypted server connection with RIM servers - effectively, a VPN.
Bear in mind, that RIM (and by implication, the US authorities) routinely have access to all email traversing RIM's servers. Organisations running a BES as dictated by RIM, within their corporate network may have also exposed those networks to the same audience....
All the UAE have to do is block access to the various IP ranges corresponding to RIM's Blackberry servers around the world and tell RIM they'll have to set some servers up in UAE where their onward Internet traffic can then be monitored or filtered.
They probably have acces to everything.
Since the telecoms providers are dictator-owned then they will likely have access to any data passing through any point in the UAE in an unencrypted form -- much as the UK government do. The difference here is that the dictator of the UAE can do it completely openly and there are no laws against it and no checks an balances.
Think China with less people in charge.
Do they really?
No government that is less rational than a robotic Vulcan ought to be trusted with the power to intrude upon the private communications of any citizen it chooses, because that is a great, terrible, and easily abused power, and to place it in the hands of a government not fit to wield it reasonably is about as wise as placing a submachine gun in the hands of a mentally unstable six-year-old, except that, in the worst possible case, at least the six-year-old will run out of ammunition quickly. That in mind, is the government of the United Arab Emirates--or any country on Earth, for that matter, even the ones where Wahhabism *isn't* popular--rational enough to wield such power?
If you're worried about espionage or something similar that might somehow threaten the sovereignty of your country, then pencils, paper, one-time pads, and ordinary shortwave news radios should be the things that keep you up at night. If, on the other hand, you think that police should have such power just to stop drug dealers, then maybe you should take a moment to think about your country's drug policy.
Access to phone contents
With most handsets (and indeed laptops), if the police seize the physical device they can read the contents - whatever encryption you might use over the Internet, the data gets stored locally in unencrypted form. Not always - computers can use encrypted filesystems (FileVault/BitLocker/Linux loopback) and the later iPhones can too - but mostly.
The UAE is hardly the first to have a problem with this; the French government went much further a few years back, and of course we have some rather draconian rubber-hose crypto provisions in the notorious RIP Act motivated by exactly the same fears.
But most countries need a warrant.
The data on a Blackberry is, apparently, actually encrypted so that only someone who knows the password can retrieve it -- they have an auto-erase (DOD style) built in for a given number of bad password attempts, etc..
So, assuming Blackberry devices are actually secure without having access to the BES, every law enforcement agency has the same problem.
The difference is that, in the "civilised" world, it's legal to hold data that the government can't read casually without a warrant.
Simple: Program in family groups
As men who are unknown to females shouldn't try to make contact they could have female RIM users have a list of approved contacts with all others blocked until a male member of a woman's family has read any messages and approved them for forwarding.
Similarly, female RIM users would be permitted interaction between each other, without blocking unless a male relative objected.
Men, naturally, would have no restrictions on their use of their RIMs.
This would promote equality, Arab style, and not disturb the status quo.
Other features could include compass roses, driven by GPS, pointing to Mecca and alarms to signal when to get the mats out.
NewsFlash......Scurvey breaks out in UAE....
After Ruling Elite decide that ALL things Fruity are to be BANNED!!!
UAE suddenly starts importing Horseradish to compensate lack of Blackberrys, Strawberrys, Rasberrys, Apples n Pears and even Kiwi;s
but there's one exception to the fruity ban
.......the hugely popular Disco under the Hyat Hotel, where everynight, everything on offer is Fruity and $250 a go.....
even Paris could get pulled.. in there ;P
USofA? I thought RIM was Canadian? Surely Canadian servers would be OK?
The difference is academic. There are so many data sharing treaties that if the servers are in Canada a US agency can get exceedingly timely access on the flimsiest of pretexts. Canada doesn’t have much in the way of sovereignty anymore.
This is about the UAE not being able to read mail.
The security issue is that the UAE security services can't read peoples mail, and they are bitching about it.
What they want is a nice cosy server in the UAE, so they can read all the mail of people there and look for excuses to arrest people. I am sure BB's are really popular with the local population because they know that the morality police can't intercept their flirty txts.
This is about an oppressive government wanting to spy on their citizens and they can.
RIM is Canadian, but I am sure they have servers in the US as well.
I for one hope they tell the UAE govt to kiss off
There are simply two problems
The way RIM has implemented it does not allow for legal intercept. I would not want to venture into the why and how, but law enforcement has a problem if it's non-US. But that's only half the problem.
The other half is that most of the RIM traffic appears to be hauled back to the US, which means that the US have yet another route for uncontrolled espionage. As the US espionage efforts have reached somewhat ridiculous proportions I can appreciate any non-US government expressing distrust in anything hauling back information to the US.
In that context it's interesting to observe that, for instance, the UK government uses MessageLabs for email filtering, which means MessageLabs get a copy of every single email going in and out of the government email gateway..
Is this exclusively a RIM problem? Nah, I suspect that Apple is probably reading a lot more than it should as well - just read their revised T&Cs.. It's as if Data Protection principles simply never existed..
Re: There are two problems...
"The other half is that most of the RIM traffic appears to be hauled back to the US, which means that the US have yet another route for uncontrolled espionage. As the US espionage efforts have reached somewhat ridiculous proportions I can appreciate any non-US government expressing distrust in anything hauling back information to the US."
Umm... what? The central RIM servers are in Canada. And US espionage efforts are "ridiculous" in comparison to what? There isn't anywhere in the middle east where gov't even needs a judge to review any access to any telecom records. Syria, Egypt, Iran, UAE.... these are not nice places. Yes, the US gets in the news a bit, when their intelligence agencies get into the cookie jar. But that is because it is against the law. If I was working in security services in Egypt, and I wanted your email, I'd get. But not if you are using a Blackberry, because the data is encrypted between the the device and the mail servers in Canada. No place within Egypt to intercept. And Canada would need an extradition treaty, and a search warrant created in Canada.
I was in Canada working for an ISP, with a user involved with the NASA hacking a few years ago. It took a year between the breach and when the US produced evidence in a Canadian court to get a local search warrant. There is an extensive process, that allows for law enforcement to do their job, and catch bad guys, but also block fishing expeditions.
Reading your emails
OK, I agree we don't want people reading our emails without good cause.
But do you seriously think anyone is reading all that email just because they can?
Given there are 85 squillion emails sent every day and 95% of them are spam, it all just get's filtered though big crunchers looking for keywords.
If GCHQ, CIA, UAE or anyone wants to buy some Viagra I'm sure they get enough of there own email offers without needing to steal mine.
The only way to have a private conversation is in person. Anything else can and will be intercepted (hopefully with appropriate controls)! (caveat - yes, it can be encrypted, but as we all know, all encryption can be broken. Eventually!)
VPN is routinely used by a large number of business travellers
Also on other devices; also in UAE.
So what's all the fuss about?
Or did I miss something?
VPN in the Middle East
I think you will find that the use of VPNs terminating abroad is illegal in several countries in the Middle East.
Data Sharing Treaties
I think it's quite certain and obvious that all internet access, eMail and phone conversations are monitored, otherwise why would the NSA or GCHQ require such numbers of state-of-the-art-plus super computers. The technology to do this is there, and if anything inconvenient comes up like a national boundary or legal issues about spying on their own country, they just do as they've always done and ask one of the other countries in the loop to do it and pass back the data.
They'll have algorithms to watch out for certain patterns of communications, and certain areas and nationalities will have higher sensitivities.
Don't forget you are dealing with some extremely cunning people. After all, didn't the British and American governments hand over captured German Enigma machines to 'friendly' governments after the war saying they were unbreakable! If any Windows uses want me to explain that, just buy a history book.
Won't the security drones sell the commercial information they get from the e-mails to rival companies - or give it for free to companies run by local princes. This could be a serious threat to international companies working in the UAE.
Respect to RIM
Decent level of encyrption as standard. I just thought they were crap looking phones with a rubbish interface designed for businesses that don't let you turn off some form of notification for SMS and calendar appointments and missed calls and anything else that you want to be put to silent in a meeting. Our exec meeting is like an ann summers party with the amount of vibrations because you CAN'T TURN IT OFF.