To infringe on our basic personal rights and freedom. Its not rocket science.

Govern= to govern, control , power over
Ment= mente , mind , humans most powerful tool.

Put 2+2 together and you just scratched thr surface

thats the kind of world we live in now. plus in the middle east alot of countries are paranoid and are trying to control what their people do and talk about and say to make sure nothing bad happens.

Nice A-Team Reference

Your statement - " If a government wants to know what messages flow to and from corporate BlackBerry devices attached to a BES, they will need to show up and seize the company's mail server that is the only location where the unencrypted messages can be found." is correct but if the Govt. wants to know about the messages flowing between terrorists, how can they do that? As they don't have the access to their mail servers. So they need to have some type of access between device and BES Server.Isn't it?

Once the BlackBerry device and BES securely exchanged the encryption key, all traffic is encrypted. The weak point however seems to be the initial exchange of the encryption key. Is it possible to initiate a "man in the middle" attack against the initial key exchange?

BIS does by default not support the S/MIME support package for email but I think it does support PIN messages (you can S/MIME encrypt PIN messages I believe).

You can also add encryption to BlackBerry devices without running BES. This can be helpful for example if you are using Linux. See for example: http://www.djigzo.com/blackberry.html

The UAE is the last place that should be worried about terrorism, its just a bulls**t excuse to cover the fact that the only reason they want access to these messages etc, is so they can monitor what everyone is up to. As a large demographic of people in the UAE have BlackBerry's, they see it fit that too many people are talking, and they can't read it, and kick-out/punish the people that talk about things they deem inappropriate. Someone's going to have to give in, hopefully the UAE does, just like the Facebook ban, and the Alcohol ban..

Very good article Isaac! Hopefully this will help people understand Blackberry IS still secure.

I don't disagree with your second paragraph opening statement: "As global terrorism rages, ...", but please also state on the record "... and as individual freedoms expand and communication technologies undermine oppressive regimes' iron-fisted control over the populace..." or "... and as leaders of theocratic regimes lose control over the hearts and minds of the masses" etc.

This is probably 30% about counter-terrorism, and 69% percent about making sure the populace live under constant 'big-brother' style paranoia about their benign actions in their personal lives being scrutinized by "morality police" that will break down their doors and arrest them for "immorality", regardless of whether or not all parties involved are consenting adults.

The other 1 percent is just some government twats trying to prove that they're being "proactive" about stuff... not actually trying to improve the lives of their citizens, but rather just showing off to score political points for their personal aggrandizement.

Probably the most paranoid country right now over security issues is the US of A , and probably with some justification. I am an Indian and I know the security issues facing my country . So if I have to give up my Blackberry connections ( I have three blackberry accounts with different carriers ) it's really not a big deal. I was in Mumbai when the terrorist strikes took place and really only those who have faces such incidents first hand can appreciate such concerns.

But surely the idea of terrorism is too terrorise and change our day to day leaving isn't that what they've already done? Our lives are chamging they have won, they have achieved what they wanted. There's no winning against these silly and horrible selfish people who wrap the kindness of man to spread there illogical hate. If you really want to tackle the problem start with the bottom and social problems and immagration.

Latest news out of India is that they intend to go after Google, Skype (and any other major VOIP), and corporate VPN communications next.

Maybe this is too simple of a solution, but when all of this 'government wanting access' stuff started, i thought, what if the government set up their own BES and had every blackbery that was on their network go through that? I guess the problem would be people who smuggle underground blackberries (which i find funny AND ridiculous to say ... as if it actually WAS crack) to use? And if that were the case, wouldn't there be a way for the network to detect which phones are part of the BES or not? They'd have to keep some sort of list of the phone that were on there, and then when an IMEI logs onto the network that isn't on that list, they know.

good article Isaac. I have always wondered about the BES keys though. It would only take about 4 lines of Java code on the BB for RIM to send the BES encryption keys to themselves.

No one can say for sure they do not do that....

could they? yes. do they? probably not...

hay i love the pin and bbm too.. but come on people come look at the gaping hole in Manhattan where many of my friends and coworkers were taken from us im all about security when needed but when that same security is being used by murders and drug dealers .... well when your kids are taken from you and you cry how did the police and government not know i hope your satisfied with the answer " they were using blackberry ".

oh and for the a-team breakdown way to go let them as@$^%es work it out for them selves don't spell it out for them right now every cyber fruit cakes running around best buy trying to buy a cheep laptop.

that's just me i say give them access if the president wants to see pics of my ass i send to friends when i get drunk so be it, if they see corporate maleficent and signs of embezzlement let them secrets are only secret because you mostly scared your going to get caught doing something that will get you in trouble.

love the article Isaac keep them coming :)

love the article Isaac keep them coming :)

Politics is about control and money,not about security.Anyhow you can always use PGP.

I for one have no issue with some government agency trawling my person emails as many that come to my hotmail account only wish to enlarge my genitalia... If they viewed my blackberry messenger transcripts they would only find topic-less conversations of no real interest to anybody. Now if Mrs Jones from next door could do they same it would be a different matter as i can be personally related to by that person and i would feel my privacy was invaded.

My point mainly is.... i would much prefer a system government agency's could use to monitor encrypted devices for the purpose of terrorism prevention than loose one life in an attacks like 9/11..

Personal freedom and privacy is a wonderful myth...and i wonder what the many 1000's who have died as a result of some right to privacy red tape think about it now.

Good article and well balanced.

But, with respect, here is where you are wrong. The REAL issue is that RIM "cooperates" (I will explain) with certain Western Govts for years to allow them access to both BIS AND BES comms (of course, with warrants or national security letters). Comms between the US, UK, Canada (and, indeed all of Western Europe) and select other places have been accessible to US or other Governments for a while.

How so ? Goes back to the word "cooperate". While it is true that each device has its own 256K encryption key, the encrypted message has to leave the closed BES system and, eventually, enter the public domain (e.g., ATT, Verizon, Orange). In order to send the message to the right recipients AND insure accuracy, the networks can (and DO) use a backdoor to the encryption algorithm.

Don't believe me ? Fine. I used to work programs like these. Also ask yourself -- why isnt the FBI and GCHQ asking for the same information that the UAE and India (and others) are asking for ? That's right -- they already have it.

In United Arab Emirates and Saudi Arabia they are banned. Black Berry messaging is encrypted. Its a nation
acai energy