back to article BlackBerry to bug out of Pakistan by end of year

Blackberry will pull out of Pakistan on New Year's Eve in protest of its government's demand to intercept and decrypt people's communications. The Canadian company refuses to open what it considers a backdoor in its BlackBerry Enterprise Service (BES). Pakistan's Telecommunication Authority in July asked BlackBerry and other …

  1. Anonymous Coward
    Anonymous Coward

    Sounds like a good move on the face of it

    Wonder if the BB users will get able to get that policy reversed.

  2. Anonymous Coward
    Anonymous Coward

    Blackberry is considered a "mobile operator"?

    Don't they just essentially provide cloud email? So Pakistan is presumably making the same request of Google (GMail) and Microsoft (Office365) right? Or are they just picking on Blackberry alone because almost no one in Pakistan uses their devices, so it is a low risk way for the government to appear that it is doing something about terrorism without actually offending anyone?

    1. Mark 85

      Re: Blackberry is considered a "mobile operator"?

      I thought I read that BB was used heavily by "government types"? Might be that they need to watch them more than the common people. The numbers aren't huge, IIRC, but out of all the users a significant number were government types.

      If I'm wrong I'll admit it. as I'm not finding the links at this moment except for several about the government leaders using the BB.

      1. Anonymous Coward
        Anonymous Coward

        Re: Blackberry is considered a "mobile operator"?

        The numbers aren't huge, IIRC, but out of all the users a significant number were government types

        The problem that Pakistan has is that it has no genuinely functioning democracy (and little cultural acceptance of Western democratic structures), and the security services (ISI) are a power player in their own right, widely believed to be in cahoots with domestic terrorists, insurgents in Afghanistan, and supporting (for example) the Mumbai terror attacks.

        The difficulty of this request is that it may not be clear (even in Pakistan) who is the prime mover of the request, why they want this, nor what they will do with the intelligence. The worst and perhaps most likely case is that the ISI want the powers to cement their own power base and to subvert what limited democracy does exist, whilst continuing to support terrorism and failing to stop meddling in Afghanistan.

        I'd guess that BB asked the Canadian and perhaps US authorities about this, and were told that it was a very bad idea, so bad that retreat was better than acceding to the request.

  3. Anonymous Coward
    Anonymous Coward

    Decryption

    "assisted law enforcement in other ways. Decrypted BlackBerry messages were provided to British police"

    So there is a backdoor into BlackBerry email.

    1. Dan 55 Silver badge

      Re: Decryption

      Those are Blackberry services over BIS, not BES.

      BES is for enterprise, the enterprise has all the keys and everything's encrypted.

      BIS is for consumers. With BIS the operator and/or Blackberry have the keys but it doesn't really matter as not much at all is encrypted.

      1. Anonymous Coward
        Anonymous Coward

        Re: Decryption

        If the Blackberry firm can decrypt any email it wishes that go via it's 'public' services (rather than via Enterprise BES), then it's still a backdoor isn't it!

        1. Dan 55 Silver badge

          Re: Decryption

          BB10 uses the common-or-garden IMAP servers anyway, there's no Blackberry server in the middle.

    2. auburnman
      Stop

      Re: Decryption

      I remember El Reg making this allegation in the original article(s), they added nothing to support it at the time beyond a quote from the company that said something along the lines of "Blackberry is cooperating with law enforcement services" which is pretty standard boilerplate PR.

      I didn't find any links confirming messages had been handed over and most other news agencies were reporting that BB's cooperation was mainly to suspend messaging services in London temporarily so they couldn't be used to organise riots.

  4. dave 76

    BB Messenger vs BES

    I believe that the difference is between BB Messenger and Blackberry Enterprise Service.

    With BB Messenger, the keys are held by BB so they can decrypt messages.

    With BES, the keys are held on the Enterprise server which is in the customer's possession so BB can't decrypt.

    Two different services.

    1. Anonymous Coward
      Anonymous Coward

      Re: BB Messenger vs BES

      In either case, what the ISIL Sponsors Incorporated (abbreviate it yourself) want is all keys to decrypt themselves instead of a case by case basis.

      That is a non-starter as it will allow them to snoop on BB communications outside the territorial boundaries of Pakistan. Their need for it is clearly understandable as it will provide them with an early warning so they are not surprised by midnight raids to execute international terrorists they are hiding inside Pakistan. I do not see why we should cater for this need.

    2. Anonymous Coward
      Anonymous Coward

      Re: BB Messenger vs BES

      Like I said - a backdoor into BlackBerry services. It the 'man in the middle' (in this case Blackberry) can decrypt all emails sent through it, then this is a backdoor in the product.

      TRUE encryption prevents anyone but the sender and the intended recipient from reading the mail.

      Even web browsing via SSL (https) is not actually secure. It's based on the TRUST that the certificate authority, or one of their approved subordinate CAs, which issued the web certificate has been issued only to the valid site owner. There is nothing stopping that CA owner from issuing another cert with the same name from the same CA (either by malice, stupidity or at the request of the spooks) and it being used in a man-in-the-middle attack.

      1. gnarlymarley

        Re: BB Messenger vs BES

        "There is nothing stopping that CA owner from issuing another cert with the same name from the same CA"

        I am curious as to why nobody has asked the question if the Certificate Authorities keep a copy of the private cert somewhere on tape for purpose of delivering to any government.

      2. Anonymous Coward
        Anonymous Coward

        Re: BB Messenger vs BES

        Implementing your own BES means you control the keys on both server and device. BlackBerry just relay the traffic between the BES server and the device. This means that between the BES server and the device, no-one else can read the email. Of course, there's many steps before email gets to the BES server, but that is down to an organisation.

        BlackBerry have provided details of how BBM Protected operates, including dataflows, key usage (key agreement and storage) and the impact of different devices. That allows you to understand how it is implemented, and is an interesting read to see how complex such things are in real life. The document is simply titled "Security Note BBM Protected". I wish some other vendors would read it and take notes!

  5. Lennart Sorensen

    Blackberry only holds the keys to the servers they operate, not the ones enterprises run themselves. It seems when India was demanding access, blackberry put a server in India for consumer users there so that India could make requests for access to that data for users in India. This of course didn't do anything for access to messages for corporate users since they tend to have their own blackberry server with their own keys. Seems India thought that was good enough for them. Sounds like Pakistan wants a lot more than that which no one has ever gotten. If you want to access the messages going to a corporate blackberry server, bring a warrant to the company, not blackberry. I seem to recall blackberry said they would leave India too when they were demanding everything until they got a clue and accepted what blackberry said they could provide.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like