BlackBerry encryption 'too secure': National security vs. consumer privacy

BlackBerry encryption 'too secure': National security vs. consumer privacy

Summary: India's intelligence services cannot intercept BlackBerry encrypted data, citing this as a risk to national security. What's more important: national security, or consumer privacy - and why?

SHARE:

Research in Motion, the creator of the widely used enterprise-come-consumer BlackBerry device, has an uncertain position in India.

The Indian government's internal security and intelligence services cannot break the encryption of the device, which makes countering terror threats and national security matters difficult - especially for a region which faces constant threats and attacks from domestic Maoist insurgents and extremist Islamic groups.

Nearly two years ago, around 170 people were killed in the 2008 Mumbai attacks which lasted two days, and was reported primarily by citizens on the ground through citizen journalism; posting updates to Twitter and Facebook through their mobile devices.

Another issue RIM faces is the concern of the United Arab Emirates which claims that BlackBerry phones' data being stored overseas and outside the legal territory of the UAE not only violates their law, but makes it difficult or impossible to ensure national security by intercepting potentially vital terror-combating intelligence.

Update (1st August 2010, 12:55 GMT): The BBC confirmed via the UAE's state media that come October, all half a million BlackBerry users in the region will have some services suspended unless a "solution compatible with local laws is reached", amid national security concerns.

The encryption key developed by BlackBerry's manufacturers was partly designed to ensure secrecy during corporate business deals as so they were not compromised.

Now consumers have jumped on the BlackBerry bandwagon, this poses a wider issue for less-developed or funded intelligence services.

As a criminology student focusing and specialising in areas of terrorism, specifically the use of technology within terror organisations and the use of social media, I can see this in two minds in regards to this:

  1. RIM wants to ensure user privacy, but of course wouldn't want a terror attack to take place at any given place or time.
  2. India also wants to prevent such terror attacks, but it's losing the battle by not being able to read highly encrypted data.

It's a tricky one, I will admit.

India faces a multitude of terror threats, just as many fast-developing economies and countries around the world. The increased use in technology to better communications in order to orchestrate acts of terror are clearly being used as the rest of ordinary society does.

India's intelligence services need to be able to access encrypted data to prevent attacks in a 'constant setting': where attacks are likely and have occurred regularly. The ability for governments to intercept or read data sent to and from their citizens is common place in Western societies.

The NSA for the US and GCHQ for the UK are two common examples of these. But better resources and technologies allow encryption to be broken - regardless of RIM's intervention or preventative measures.

The US and the UK have had very few terrorist attacks since September 11th, as a benchmark, though not proving a connection between intercepted data and preventing attacks, but makes the case more likely.

Text messages are not secure. Phone calls are not secure. Emails sent via Exchange and POP/IMAP are generally not secure, though BlackBerry emails are considered so.

BlackBerry Messenger, however, is secure. It's so secure, that though China has state controlled press and broadcasting media, along with issues of censorship and Internet filtering, even data sent across BlackBerry Messenger cannot be read by the Chinese government. This, of course, makes it highly popular with their booming younger generation of users (so a RIM spokesperson told me).

With consumer privacy being a constant hot topic, especially in the rise of publicly available data and the need to share your own information to gain others - social networking being a prime example, the individual right to privacy of communications takes personal precedence.

So interestingly, it boils down to diplomatic tit-for-tat. I am fully aware that my own government of which I helped in democratically electing monitors my communications in a secure, fair and justified way. Though my government expects a terrorist attack, we haven't had a successful one since the 2007 Glasgow Airport bombing of which no civilians died.

One civilian beat the living crap out of a flaming terrorist though.

But those in an area of uncertainty around terrorism and national security, the need to accept certain 'breaches' in civil liberties are almost necessary to prevent societal damage. Of course, there is a line to be crossed, and only local culture can determine that as so.

I'll bite. I'll ask the million dollar question, and anything goes. What's more important: national security, or consumer privacy - and why?

Topics: Social Enterprise, Hardware, Legal, Mobility, BlackBerry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

64 comments
Log in or register to join the discussion
  • Privacy Trumps Security Every Time

    "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety"
    Attributed (perhaps mistakenly) to Benjamin Franklin
    sismoc
    • Yeah and 300 years ago that held water...

      @sismoc I hate it when people trot out quotations from the founding fathers every single time an issue like this comes up. For some reason everyone gets the impression that they were these pure and noble souls who would never do anything like whatever the hot button issue of the moment is. In this case you're dead wrong. Every government since time immemorial has had an interest in intercepting data from antagonistic elements. The British did it to the French and vice versa during the Napoleonic Wars and you can bet we did it too. Our nation was not founded by an act of mutual agreement amongst the citizenry. There were still pro British elements amongst us, spies if you will, and our nation at the time was in a very precarious position. It is sheer folly to think they did not intercept data, granted that was back when you had to catch the messenger and then find the sealed letter but, the point remains that all governments were doing it and still are doing it to this day. The only difference between then and now is that the messenger is a global network and the sealed letter is encrypted data. It still baffles me how, in this day and age of social networks and cloud computing, we still expect data privacy.

      This is just a classic case of wanting to have your cake and eat it too. You can have as much privacy as you can possibly get just by disconnecting your computer form the internet and cancelling your phone service. There you go privacy but, if you want to utilize the modern conveniences of this day and age then you have to accept the fact that your data is being tracked, not just by the government but by corporate America as well.

      Now for my quote, the author of which is unknown but that sums up this whole ridiculous discussion nicely
      "In the war for individual rights, common sense becomes the first and major casualty." An unknown but apparently very wise individual.
      Str0b0
      • Without really stepping into this discussion....

        @Str0b0

        I will say however that when we look at human conduct, both present and past, "common sense" (and "conventional wisdom" for that matter) are two of the most blatant oxymorons.
        Economister
      • RE: BlackBerry encryption 'too secure': National security vs. consumer privacy

        @Str0b0 And I hate when people write without thought. That quotation, slightly altered, is inscribed on a plaque in the stairwell of the pedestal of the Statue of Liberty: ?They that can give up essential liberty to obtain a little safety deserve neither liberty nor safety.?
        ALISON SMOCK
  • Always there are alternatives

    OK, even if BB encryption is weaken, we can always use other personal business privacy tools with strong encryption like B-Folders. What's the point of dealing with BB?
    olafohman
  • RE: BlackBerry encryption 'too secure': National security vs. consumer privacy

    "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety"
    mgdvt
    • RE: mgdvt

      @mgdvt@... Though Franklin wanted to make a point with this, it doesn't really relate to post-modern society. A saying or a theory is all good and well, but in practice things can be very different.

      Similarly, I was talking to a friend of mine, a priest in the CofE, who though liberal, young and modern as he is, recognises that ancient scripture such as the Bible is old, outdated, and though contains many of the moral codes we abide by today, it's aimed at a much different time.

      Point is - ten years is a long time in technology. It's a very long time, and many countries can't keep up with it. Therefore Franklin's quote though may be true back in the day in the spirit it was meant; today, it's worth very little except for historical value.
      zwhittaker
      • RE: BlackBerry encryption 'too secure': National security vs. consumer privacy

        @zwhittaker IT TOTALLY RELATES TO MODERN SOCIETY. I don't trust governments who feel they need to treat me like a criminal by tapping my phone without cause. Blackberry provides the most secure communications platform ever built. It is the main reason it continues to dominate iOS and Android devices in market share.
        condelirios
      • RE: BlackBerry encryption 'too secure': National security vs. consumer privacy

        @zwhittaker
        "The more things change, the more they stay the same".

        Some things are temporary, here today, irreleveant tomorrow. But some things are timeless, always true no matter when it is. The quote about trading freedom for security attributed to Ben Franklin is one thing that will always be true.

        Amongst everything else, Ben Franklin studied history. Clearly, you must have neglected those studies (or fallen asleep in them like so many other students). If you had paid attention, you'd understand why Franklin was right.

        The reason Franklin is right is that those who would trade their rights for temoprary security generally end up losing those rights permently while any security they gain ends up being fleeting at best.

        Ask yourself this: Would you become a slave for a day if it meant you were secure for that day? What about a week? A month? A year? 10 years? A life time? And there lies the problem. If you're willing to give up your rights even for an hour, you're already on a slippery slope. The only way to keep your rights is to remain eternally vigilant. This is what Franklin, in context at the time, was talking about.
        mheartwood
      • RE: mheartwood

        @mheartwood The bill of rights which allows those to bear arms and defend themselves was written in a time where it took over 1 minute 30 to reload. I doubt whether your founding fathers would have made the same decision nowadays.
        zwhittaker
      • I would rather be free than safe...

        @zwhittaker
        1. The turn around time for a gun reload is not the point of the amendment. In the past a sword kill could take less than a second but even that is irrelevant. The point is governments, no matter how well conceived, are pron to corruption. Only when citizens have the rights and the tools to fight corruption, and oppression do governments behave better. Not only would the framers put the same amendment in place if they knew about automatic guns, they would still have encouraged people to have them. It's like nuclear deterrence if you have a gun and the other guy has a gun, you are both more likely to be polite and law abiding. But if only the other guy has a gun, you have a better chance of being a slave.

        As for encryption, I don't trust my government, I don't trust other people's government so I think strong encryption is key. As for allowing the criminals to use it as well, I think this is a non-issue. Most of the real criminals have made in-roads to their local/national governments anyway so realistically they are protected anyway. Sure some of the street level criminals aren't protected but chances are they will screw up somewhere else and get caught. Also criminal or not, it is not a crime to talk and communicate. I am tired of people equating talking with actually doing. If some says they are going to do something and don't actually do it, they are not a criminal.
        mr1972
      • RE: mr1972

        @mr1972 "If some says they are going to do something and don't actually do it, they are not a criminal." - Well, no - that's "conspiracy to commit". It would be down to the defence to prove that the conspired act could or would have never taken place, and it's down to the prosecution to claim that if indeed it was conceived, then practically it could be accomplished.

        Saying you will rob a bank could be considered "conspiracy to commit robbery" but, just saying it could be the first step of the plan. Just because you didn't get round to it (or proving that's the case) doesn't mean it wasn't going to happen.
        zwhittaker
      • What my government really wants is your IP

        @zwhittaker ... The CIA wants to know everything your government and the people within it are up to, to make sure you're following orders from Washington and buying our military hardware and following our foreign policy instructions.
        Keeping tabs on everyones phones and data is part of that effort. Allowing you to secure your data against the US governments prying eyes runs counter to that.
        The same goes for the rest of the world.
        So shut the hell up and keep printing this propaganda we script for you about how it's all about terrorists.
        HollywoodDog
      • RE: BlackBerry encryption 'too secure': National security vs. consumer privacy

        @zwhittaker
        That has nothing to do with technology. Privacy trumps security 100% of the time, or there is no freedom. If technology changes fundamental rights, then is it OK to murder as long as you use a technologically advanced weapon? For people to have liberty, the government must be forbidden from spying and searching without probably cause; whether they do it with old technology or new.
        RedVeg
      • RE: BlackBerry encryption 'too secure': National security vs. consumer privacy

        @zwhittaker

        Sorry but you are swallowing the government line. All governments play the safety/security card whenever they want to steal a little of our freedom and increase their power.

        The Indian Government lets 170 people die every day (perhaps every hour) of starvation, bad sanitation and unavailable medical care. It is hard to credit their concern about the insignificant loss to those state sponsored terrorists.

        The fight isn't with terrorists, it is between citizens and their government to limit government power and maintain freedom.
        wmscarpenter
      • RE: BlackBerry encryption 'too secure': National security vs. consumer privacy

        @wmscarpenter, well I doubt how much monitoring BB will achieve the prevention of terrorism. But your logic is strange, if some people dies of starvation, does it mean it is ok to let some more people die of terrorism?
        kparicharak
      • RE: BlackBerry encryption 'too secure': National security vs. consumer privacy

        @zwhittaker

        Absolute power corrupts absolutely. The ability to invade an individual's privacy at will allows absolute power over that individual. Whether it be the authority to listen to my phone calls, read my texts, email or regular mail or examine the contents of my hard drive, memory cards, camera, media players, wallet, pockets, car home or body cavities, I am not willing to accept that in this day and age I should allow any governing body the absolute authority to do this. And I am not willing to let others make that decision for me for my own good or "for the greater good".
        techadmin.cc@...
  • Then they should use an Apple iPhone

    I hear they're not all that secure from what I've read about the iPhone :)
    John Zern
  • RE: BlackBerry encryption 'too secure': National security vs. consumer privacy

    Blackberry should, of course, be made illegal until all the security services have cracked the encryption. After all it's much more important that these security services have access to all your messages even if it takes them a few years to crack it. ;)
    Agnostic_OS
  • RE: BlackBerry encryption 'too secure': National security vs. consumer privacy

    So why is it India and United Arab Emirates who have complained about this? Two countries with a hotbed of terrorists/freedom-fighters/....

    Notice how this crap won't fly in the modern/Western countries who [officially] allow privacy for communication devices.

    Maybe one day RIM may add servers elsewhere.
    Gis Bun