The German government has advised ministers not to use BlackBerry and iPhone devices due to “a dramatic increase of attacks against” its networks. A general ban on the use of smartphones in certain German ministries is also being considered, Federal Interior Minister Thomas de Maizière confirmed to the country’s business daily …
Class, please reconcile these two statements:
"Privacy is a fundamental requirement of a democratic state, in order to assure that citizens are able to vote in a free and fair environment, so that the best government is elected, and thus ensure the perpetuity of the state."
"It is essential that security services are able to access every unencrypted byte of information, anywhere, anytime, so as to prevent terrorism, organised crime, fraud etc, and thus ensure the perpetuity of the state."
Some parts can be
> organised crime, fraud etc
That is, the normal doings of politicos. Can't see any conflict here, guv.
Who said the second quote ?
The German Government funded the development of the GPG program, presumably because someone with the budget used for this had more concern for security of state communications and privacy of individual's and corporate communications than the ability of state security agencies to monitor and decrypt such communications.
If the second quote was from a German Government source perhaps it was from another agency or department of the same government. A corporate entity does not have a single view especially over multiple contexts, never did and never will. You will find many different views within any organisation.
Begs the question
will the 'elite' who have their communication devices actually consent to use a phone which has had camera, bluetooth, gps & wifi removed.
I understand the point of removing 3 out of 4 of these features, but the 'movers and shakers' want their premium features installed.
What are they planning...
"Berlin expressed concern that data for the BlackBerry smartphone passes through two Research in Motion centres in the UK and Canada."
Hmmm what are ze Germans planning that they are concerned about data going to the allies.. I mean the UK & Canada..
Title is misleading
So it's a German goverment thing, for their employees.
In the context of the Saudi Arabia ban, this title is misleading.
"bans" is not the same as "advise not to use". Even the "ban" being considered will be applied to "certain German ministries".
But hey, they've got our attention.
Germany bans BlackBerrys and iPhones on snooping fears
OK I'm going....
How does 'advised against' and 'considering' equate to the headline's "BANS"?
Anonymous Coward so true
'you can't see what we are doing, but we are permitted to look at everything you do'
German government recommends using technology provided by German company (T-Systems is part of Deutche Telekom) rather than foreign companies under the guise of "security".
Yeah, right. And why would the T-Systems stuff be any more immune to attack than RIM's?
...because the servers are very firmly on German ground? The issue here is not whether any device is absolutely secure, just an attempt to make sure that comms do not pass unencrypted through networks belonging to people we shouldn't trust too much. After all, the states now demanding their own BB-servers may not have all that many interests in common with Germany...
Where does RIM host its servers?
If the answer is "not Germany" then the reason Germany security might prefer a domestic carrier is obvious.
We need encryption on our devices, but we should not have to rely on foreign companies not being evil.
Personally I encrypt my emails with GPG, trouble is, not everyone uses it...
I love the way they've all just suddenly realised this.
I mean, did none of these governments do a basic security audit before deciding to issue Blackberries to their key personnel? Many years later, the server location hits the headlines, and they all panic.
"Proactive system management? We've heard of that...."
Guess what OS runs on the phone...
..because that's the real reason behind chosing it. The BSI is notoriously known for warning against anything non-Windows as soon as they can find a reason. Security holes in Windows or IE have nearly never been of any concern for them.
Wonder who pays their bills.
Well, they are also known for having little competence when it comes to IT. Surprise.
"Germany bans BBs and iphones"
then in the first sentence it seems that ministers have been advised not to use BBs and iPhones....
the ban is NOT in place - just being considered.
Talk about hyperbole in order to increase read rate.
So blackberry which is encrypted as standard is being shunned. But those normal phones that aren't smart that use SMS which isn't encrypted are being pushed, along with some fancy, 'possible' brown envelope supplier is being favoured because some other department says so.
Hmmm I smell fish.
Either way, Leicester council with their "I MUST have Ipads to continue to function" attitude, take note.
Those 'encrypted' communications through the blackberry are also routed through Canada or UK where it has been shown recently that various governments can have access to the unencrypted versions of those communications.
So, use 'encrypted' blackberry comms from say one office in Berlin to another office in Berlin that route through foreign soil where those foreign governments can get the unencrypted data, or send an unencrypted SMS which doesn't leave German soil.
Or even better use a smartphone that uses the local cell network (again doesn't leave German soil) and use encryption technologies on that comms stream.
but why iphone?
i understand they are concerned about the blackberry data going through the RIM servers elsewhere, but surely the iPhone data either goes over their network providers just like any other phone, or through their own servers if they set them up themselves. it doesn't all get routed via Cupertino does it?
One word: Malware.
In the case of the iPhone, Germany is probably worried about a phone getting trojaned (as the iPhone is actively targeted for both malware and bypassing application signing), thus giving an attacker access to potentially-confidential information.
Not just email
Think of all the iPhone apps and all the possibilities for a malicious app to steal your personal phone logs, or your emails or your pictures and send them off to some random destination. Just look at the recent jailbreak page to see how even a random drive-by attack could accomplish it.
Every smart phone OS has the same issues BTW. The only way to minimize the possibility of attack is to lock the phone down. Toss out the marketplace, google apps, twitter, facebook etc. mandate VPN only internet, force web browsing through a proxy, disable the camera & GPS, harden security settings etc.
"Every smart phone OS has the same issues BTW. The only way to minimize the possibility of attack is to lock the phone down. Toss out the marketplace, google apps, twitter, facebook etc. mandate VPN only internet, force web browsing through a proxy, disable the camera & GPS, harden security settings etc."
The Blackberry does this when you use BES. And the hoi polloi BIS also does the encrypted network; the only concern that the German gov't is showing is that the traffic comes out unencrypted in another country, and that that country might be snooping on that endpoint.
Can I just clarify something?
Is The Reg officially a balls-out, shameless red-top tabloid these days, or are you just having trouble curbing the baser instincts of some of your headline writers?
Re: Can I just clarify something?
Well, we've had the red top for a while now.
American Press: insufficient red-tops read for the number of red-bottoms deserved.
Not surprised really
If I were a government, any government, I would ban anyone dealing with sensitive data from conducting official business with off-the-shelf smart phones. I might even ban them entirely depending on the role and position.
Smart phones are incredibly leaky, broadcasting all sorts of personal & sensitive data and are extremely vulnerable thanks to their ability to run 3rd party apps. Even the blackberry has had its fair share of issues. Even Obama couldn't use one until certain unspecified changes happened.
The only way I can see security services allowing smart phones is if the phone is flashed from scratch and locked down. Theoretically that might give Android an advantage but a lot of things that make a smart phone "smart" would have to go - google apps, market place, games etc.
But the cure doesn't help
...maybe you are right in not trusting these devices. Trusting the BSI and the T-Com is however even more silly. They can't even tell secure from insecure systems.
And as others have pointed out: using existing encryption software would have solved the problem. But at the BSI there is nobody who would even know how to get this software.
It is not so much about trust re: BSI and T-Com as it is about control. The German government can legislate about what German based entities can and cannot do with German citizens' data - and can back this up with some serious legal punishments including massive fines and imprisonment for transgressors.
However, The German government has basically no say in what foreign companies do in foreign countries - all they could do is mandate a set of criteria before they are allowed to do business in Germany (in the way Saudi and the UAE are doing with RIM).
It is likely that the German authorities don't want to get into a pissing contest with Apple, RIM and similar as it would prove massively difficult to enforce and would be very unpopular with the German voters if Apple / RIM called their bluff and millions of German citizens lost access to their iPhone or Blackberry.
Yes, encryption etc would help to a point, but it still wouldn't allow Germany to control German citizens' data.
I think that one important point here is........
the Germans wish to prevent "others" evesdropping on some government employees. They are not "banning" these phones nor are they (in contrast to certain other nations) demanding the right to intercept communications that go via these phones on pain of shutting down the phone network concerned in the whole of Germany if the company concerned does not comply. They are simply ensuring, on the basis of what we see in this article, that security and confidentiality are protected within certain government institutions. Advising employees to be carefull about which phones they use and how they use them is common sense is it not? I know of many private companies that impose VERY strict limits on how "smart" the phones that their staff use are and the degree to which these phones are permitted to interact with company systems.
"I know of many private companies that impose VERY strict limits on how "smart" the phones that their staff use are and the degree to which these phones are permitted to interact with company systems."
And I doubt they are very fond of visitors with "smart" technology either. Research labs have the same problem.
Thanks I appreciate it........
.......and further to your point about visitors I know of at least two companies (R n' D) who insist that any visitors switch off their phones and hand them over until they leave!
How far do you go?
How far do you lock down existing features in the name of security before you start preventing people from doing their job, and just plain 'ole pissing them off?
Going on some of the comments here, the only secure way is to take away electronic communications altogether and supply two cups and a string.
No wait, that's hackable too.
Better to irk the workers...
...than to irk the clients. After all, who doles out the dough?
Perhaps the sanest approach with a potentially dangerous device or communication situation is to make deny by default and then make a whitelist. After all, you know your communications are safe when no communications can be made. Work from there. Take each instance where necessary communication is blocked and see just how little is needed to get it done and then allow just that and no more (say setting up an isolated internal WiFi network or the like).
Now, can it be reasonably done in the real world? Depends on the situation. New installations are easier to properly lock down than retrofits, and if situations change (say a department suddenly requires a lockdown), complications can arise. But for some institutions (like governments), "good enough" isn't really good enough, if you get my drift.
Isn't it an irony of almost breathtaking proportions that a nation like Saudi Arabia starts a drains-up of who exactly is spying on who? It's not exactly a secret that the UK and the US are hand-in-hand when it comes to sharing information that isn't theirs to have, in defiance of even their own national laws, so the RIM issue was only a matter of time.
What puzzles me is that this is the same German that is more than happy to publicly support data theft by not only rewarding criminals with money, but even with complete new identities. Or have they suddenly realised that their own details could thus become valuable too?
Why should us as the members of the public be watched by the government and have to accept its for our own good, yet governments don't want to be watched by companies, we can say that companies just want to make money so their objectives are quite obvious but governments can be quite idelogical and punitive in their actions, their actions are determined by acient gripes and the elite few.