For further information...
Indonesia has joined Middle Eastern states to put pressure on RIM to provide authorities with BlackBerry interception capabilities. Today its communications regulator toned down earlier rhetoric, however, saying "so far there is absolutely no plan" to follow the UAE and Saudi Arabia in threatening to restrict BlackBerry …
.... there is the data and encryption centre in Egham, just outside Loondoon.....
All of Africa's traffic is routed there, avoiding the need to route /everything/ to Waterloo.
Few hardware based encryption systems are government-intrusion proof and this includes RIM.
RIM servers are scattered around the world, not all traffic is routed through RIM Canada. The ever nosey Canadian Government's Communications Security Establishment Canada performs some functions as does the GCHQ. They have an interesting document here: < http://www.cse-cst.gc.ca/its-sti/publications/itsb-bsti/itsb57-eng.html>.
Note the following extract: "Although PIN-to-PIN messages are encrypted using Triple-DES, the key used is a global cryptographic “key” that is common to every BlackBerry device all over the world. This means any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device, if the messages can be intercepted and the destination PIN spoofed. Further, unfriendly third parties who know the key could potentially use it to decrypt messages captured over the air. Note that the “BlackBerry Solution Security Technical Overview” document [****] published by RIM specifically advises users to “consider PIN messages as scrambled, not encrypted”. "
[****] BlackBerry Enterprise Solution: Security Technical Overview, for BlackBerry Enterprise Server Version 4.1 Service Pack 5 and BlackBerry Device Software Version 4.5, Document Part #17930884 Version 2, Research-In-Motion, 2008. < http://docs.blackberry.com/en/admin/deliverables/3317/BB_Ent_Soln_Security_4.1.5_STO.pdf >
In other words RIM can, and does, provide the means to monitor in-country traffic.
If you want secure comms see < http://blogs.forbes.com/firewall/2010/05/25/android-app-aims-to-allow-wiretap-proof-cell-phone-calls/ >.
Isn't that part of your 'buuuundle'?
I think I'll just stick with my computer where I can use encrypt my email (with TrulyMail, PGP, or whatever else I want) and anyone who intercepts it only gets garbled junk.
Since we can't trust the phone makers, we must trust other tools. Luckily, there are other tools.
Biting the hand that feeds IT © 1998–2018