8月 042010
 

Research In Motion executives are fond of saying that their platform is more secure than other mobile providers. For example, Scott Tzoke, RIM's VP of Security was recently quoted as saying that BlackBerrys are “secure right out of the box” (meaning that no additional mobile security protection is needed) and that RIM offers enterprises with the most secure mobile computing option thanks to the ability to create security settings for all enterprise users via its BlackBerry Enterprise Server (BES).

This official position is not without its critics, particularly among some mobile security researchers such as Tyler Shields whose presentation at ShmooCon 2010 showed how standard BlackBerry settings could “access and leak sensitive information using only RIM-provided APIs and no trickery or exploits at all.”

All of these security questions are moot, however, if you're using your BlackBerry to send its highly touted encrypted emails to or from the Russian Federation, the Peoples Republic of China; or, shortly, India, Saudi Arabia and the UAE.

On November, 2007, in order to sell its devices inside Russia, RIM provided its encryption keys to Mobile TeleSystems (MTS) which, in turn, provided access to the Federal Security Service (FSB). The official Russian law which mandates this supervision is Order № 6 from 16.01.2008 “About the statement of Requirements for telecommunication networks for operational and search activities.”

In January, 2008, RIM China announced that BlackBerry sales through China Mobile were on track although 2007 was the expected start date. The delay was due to the fact that “RIM needed to satisfy Beijing that its handsets posed no security threat to China's communication networks, according to sector analysts.” There's only one way to satisfy the Chinese government regarding “security threats” and that's to comply with Chinese law regarding supervision and monitoring.

On July 28, 2010, India told RIM to either allow New Delhi to monitor its customers encrypted e-mails and SMS messages or they will terminate RIMs authorization to sell in India. Indian intelligence services want the same privileges enjoyed by other foreign intelligence services including, reportedly, the U.S. and Chinese governments.

According to this Associated Press report, RIM declined to disclose details of talks it has had with regulators in the more than 175 countries where it operates, but defended its phones' security features as “widely accepted by customers and governments”. In the same article, a RIM statement claims that it “respects both the regulatory requirements of government and the security and privacy needs of corporations and consumers.”

Really? I'd love to hear RIM explain how they can give a country's security services its encryption keys and, at the same time, protect the privacy of its customers using BlackBerry devices within the borders of those countries. One way that might be done is if RIM has advised all of its customers of the specific countries whose security services are monitoring BlackBerry users' e-mail traffic. Are there any BlackBerry users out there who have received such a message from Research In Motion? I'm guessing the answer to that question is “nyet”, “bu shi”, “na”, and “no.”

 回复

您可以使用这些 HTML 标签和属性: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>