Subscribe via RSS
Archives by Date
June 2009
May 2009
April 2009

See all Archives
Archives by Category
'Canes
Afghan Update
Ammo and Munitions
Armor
Around the Globe
Av Week Extra
Axe in Iraq (and Elsewhere)
Bizarro
Blimps
Blog Bidness
Body Armor Blues
Bomb Squad
Brownshoes in Action
Bubbleheads, etc.
Cammo Green
Catch the "Buzz"
Chem-Bio
Civilian Apps
Cloak and Dagger
Commandos
Comms
Contingency Ops
Cops and Robbers
Cyber-warfare
Data Diving
Defense Tech Poll
Defense Tech Radio
Dissent Tech
Door Kickers
Drones
DT Administrivia
Eat DT's Dust
Extra! Extra!
Eye on China
Fast Movers
FCS Watch
Fire for Effect
FOS Files
Friday Funnies
Gadgets and Gear
Going Green
Grand Ole Osprey
Ground Vehicles
Guns
Homeland Security
In the Weeds with Eric
Info War
Iraq Diary
Jarhead Jazz
JSF Watch
Just War Theories
Lasers and Ray Guns
Less-lethal
Logistics
Los Alamos and Labs
M4 Monopoly
Medic!
Mercs
Missiles
Money Money Money
Most Wanted
MRAP Edge
Net-Centric
Nukes
Old Skool
Our Shrinking Planet
Planes, Copters, Blimps
Podcast
Politricks
Polmar's Perspective
Popular Mechanics
Rapid Fire
Raptor Watch
Red Team
Retro-Futuro
Robots
Roll Your Own
Sabra Tech
Ships and Subs
Snipertech
Soldier Systems
Space
Special Ops
Star Wars
Strategery
Stray Trons
Tactical Development
Terror Tech
The Deadlies
The Defense Biz
The Peoples' Site
The Sunday Paper
The Tanker Tango
The View from Av Week
Those Nutty Norks
Training and Sims
Trimble on the Case
Video Lounge
War Update
Ward'z Wonderz
You can run...

See all Archives
Newsletters

Edited by Christian Lowe | Contact

France Fears Blackberry Snooping by U.S.

Blackberry.jpg

(AP) PARIS - BlackBerry handhelds have been called addictive, invasive, wonderful - and now, a threat to French state secrets.

That, at least, is the fear of French government defense experts, who have advised against their use by officials in France's corridors of power, reportedly to avoid snooping by U.S. intelligence agencies.

"It's not a question of trust," French lawmaker Pierre Lasbordes told The Associated Press. "We are friends with the Americans, the Anglo-Saxons, but it's economic war."

Le Monde newspaper, which broke the story, described BlackBerry withdrawal among those who have given them up. "We feel that we are wasting huge amounts of time, having to relearn how to work in the old way," the daily quoted a ministry office director as saying.

E-mails sent from "Le BlackBerry" pass through servers in the United States and Britain, and France fears that makes the system vulnerable to snooping by the U.S. National Security Agency, Le Monde reported. The company that makes BlackBerrys, however, denies such spying is possible.

Lasbordes, who was commissioned in 2005 by then-Prime Minister Dominique de Villepin to look into such issues, said he alerted the government to this "weakness" months ago. He said he met with BlackBerry maker Research In Motion Ltd. to discuss the problem in the course of preparing his report on the security of French information systems.

The Canadian company "admitted that there was a certain fragility in the protection of information when you use the e-mail system" and promised it would be resolved, said Lasbordes, adding: "That was more than a year ago."

BlackBerrys pose "a problem with the protection of information" and "the risks of interception are real," Alain Juillet, in charge of economic intelligence for the government, told Le Monde.

Research In Motion insisted that BlackBerry e-mails cannot be read by the NSA or other organizations. The e-mails are more heavily encrypted than online banking Web sites, Research In Motion said in a statement.

"No one, including RIM, has the ability to view the content of any data communication sent using the BlackBerry Enterprise Solution," the company said.

The BlackBerry system has been accredited by security agencies in the United States, Australia, New Zealand, Austria and Canada, Research in Motion said, adding that a certification process is under way in the Netherlands and Germany.

In France, the circular on BlackBerries from the General Secretariat for National Defense applies in theory to all ministries, and "it's up to everyone to be responsible," Lasbordes said.

Another official in a major ministry who got rid of his BlackBerry following the order said authorities are looking at other types of hand-held computers to use instead.

The prime minister's office would not confirm that it and the presidential palace were included in the circular, as Le Monde reported. But a spokesman, Severin Naudet, cited the General Secretariat for National Defense as saying that no type of hand-held computer is risk-free.

"It's not a problem if you're writing to your mother-in-law," Lasbordes said. But "one can imagine a minister coming from a meeting of the G-8 or G-7, et cetera, or a meeting in Brussels, and he sends information to his colleagues. It goes via Canada and the United States and that's it, game over."

Suspicion goes both ways. At a Group of Eight summit in Germany this month, White House aides were instructed to leave their wireless e-mail devices behind, apparently for fear of Russian eavesdropping.

(Cross-posted at Military.com)
June 21, 2007 05:49 AM | Info War |  Bookmark and Share

Comments

A BES (Blackberry enterprise server) has encrypted end-to end communications to the Blackberry.
So mort larger organizations will have this.
The BES is inside the organizations network.
The Blackberry itself uses 128bit encryption on its traffic, and can optionally encrypt all data
on the blackberry with a different 128 bit key,
and will erase itself rather than allow repeated
password attempts.
The only weakness there is a hypothetical trapdoor to allow password recovery from inside a snatched blackberry.
Judging from the security policy Australia's DSD promulgate which turns OFF content encryption, I guess that if such a thing exists only US agencies know about it.

The blackberry hardware has built-in anti-tamper and won't run a doctored system image.

Organizations can impose security policies that enforce any or all of these features.

Posted by: Tim at June 24, 2007 06:55 PM


Communications Traffic Data analysis i.e. who emails whom and when and from where, is surely much more interesting than the actual contents of most of these Blackberry emails ?

Encryption, of whatever alleged strength, to and from servers physically and legally located in a foreign country, provides no protection against this (the same is true of Skype etc.)

Posted by: Watching Them, Watching Us at June 24, 2007 05:35 AM


"IT security is based upon randomness, complexity, and secrecy... that is, until somebody finds a decoder ring in a box of Cracker Jacks."

Incorrect. IT Security is based upon setting priviledges, enforcing those as well as policies, ongoing detection of compromise attempts, distribution and enforcement of secure practices and encryption of anything that is beyond control of the system or network adminstrator. If someone tries to base their security model on randomness, complexity, and secrecy, that someone should be fired.

"...the only question is the amount of time needed to break encryption."

That's true, and with current encryption standards, that time equals centuries to millenia. Not practical for real-time intelligence, and for all practical purposes, unbreakable within a human lifetime.

Look, everyone is hyperventilating over interception of Blackberry traffic, and everyone doing it doesn't know a thing about IT security. The *real* security hole is the device itself. Why bother wasting time trying to decrypt an intercepted message when the timeframe for decryption is beyond my lifetime? Why not just steal the damn device? **THAT'S** the real security hole: The end user's practices. That's **ALWAYS** the real security hole. Not the infrastructure in-between.

The governments in question should worry about **that**, not about some obscure technical issue they don't understand, and which can be addressed with products like PGP anyway.

Posted by: ElMondoHummus at June 22, 2007 02:19 PM


Easy way: Use a smartphone with a SSH client (preferably an open-source one, eg. PuTTY). Then use SSH to connect to your mailserver, and use a console based email program there - pine or mutt are the most common alternatives. Pretty secure (if you check the certificates to avoid MITM), pretty fast even over slow lines, pretty cheap as not much data is transferred back and forth. There are Java SSH clients (eg. MidpSSH, available for free) that run even on most of the standard cellphones; entering text via numeric keypad is an annoyance but it does the job.

Not a pointclickistic solution for mouseheads, but clearly superior to most alternatives.

Posted by: Shad at June 21, 2007 10:48 PM


face it folks, every keystroke, and every electronic means of communicating is "breakable"; hence, insecure.

period.

the only question is the amount of time needed to break encryption.

noting beat a "one time pad" made of wax. old, but absolute.

Posted by: campbell at June 21, 2007 06:55 PM


"War. War Never Changes."
http://www.youtube.com/watch?v=_mcJAI6oRYY

My guess, is their bucking for a private, or maybe public, Cackberry network to be setup in France. Eh, I could be wrong though.

IT security is based upon randomness, complexity, and secrecy... that is, until somebody finds a decoder ring in a box of Cracker Jacks.

It's all funny stuff, but C'est la vie.

Posted by: Camp at June 21, 2007 03:18 PM


"If so, although the RIM Blackberry path may be perfectly secure, the Mail RIM path could easily be wide open. And the Blackberry -> Mail path is also wide open, becaues that goes back to SMTP at RIM before going onto the net."

The answer can be found here:

http://na.blackberry.com/eng/ataglance/security/features.jsp

Assuming a Blackberry Enterprise Server is involved - that, admittedly is not a piece of information given here - then the message is secured with end-to-end encrption:

"Data sent to the BlackBerry smartphone is encrypted by BlackBerry Enterprise Server using the private key retrieved from the user's mailbox. The encrypted information travels securely across the network to the smartphone where it is decrypted with the key stored there.

Data remains encrypted in transit and is never decrypted outside of the corporate firewall"

Posted by: ElMondoHummus at June 21, 2007 02:02 PM


Just because it is certified for government use doesn't mean it should be used. Look at Diebold's voting machines...

IMO such a critical piece of communication infrastructure should not cross national boarders if you care about your security. I think France is being very sensible here.

Especially since I need to look into it further, but is mail TO RIM just through SMTP?

If so, although the RIM Blackberry path may be perfectly secure, the Mail RIM path could easily be wide open. And the Blackberry -> Mail path is also wide open, becaues that goes back to SMTP at RIM before going onto the net.

And given the universal tradition (France is notoroious for this, so I'd expect them to expect it of others) of economic espionage as well as espionage on allies, the Crackberries seem very dangerous for national security of non-US countries because of the basic architecture which routes all traffic through the US/Canada for the servers.

Posted by: Nicholas Weaver at June 21, 2007 09:34 AM


Australia's DSD actually can certify Blackberrys for government use. So I don't know what France is worried about. surely its a simple matter of getting their local Defence Disgnals Directorate to install a encryption tool?

Posted by: HUKI365 at June 21, 2007 08:39 AM


this is all very valid paranoia. of course RIM is going to say it's secure, but there's really no telling what the agencies are capable of. there aren't a lot of organizations other than the intelligence orgs that hire entire departments of people just to figure out how to bust encryption.

and yes, Boeing and Airbus are both considered vital to the national security of the US and France, respectively.

Posted by: C at June 21, 2007 08:35 AM


Of course the NSA reads Blackberry email. And of course this information is disseminated from NSA to Dept of Commerce to Boeing.

Keeping Boeing going is viewed as a vital national security interest.

Posted by: Hoax Meister at June 21, 2007 07:56 AM


I suspect RIM is, ummm, playing fast and loose with the truth.

The central server to blackberry communication may be nicely encrypted, but they probably have CALEA hooks or similar.

Worse, if the mail TO the central server is sent through SMTP, well, thats all in the clear. So yeah, NSA can have serious fun with that.

Posted by: Nicholas Weaver at June 21, 2007 07:42 AM


Yet Another reason why they Should be useing emoze to push emails to their devices!

emoze offers a free mobile email solution for thousands of mobile devices,
including pocket pc’s, PDA’s, Smartphones & POP3 devices.

emoze is the simplest, most efficient and most versatile free push-email service on the market.

Most Importantly, At no time is the data stored on the emoze servers, this causes the highest form of security available when pushing emails and data to your mobile devices…

Downlod emoze v1.4 at www.emoze.com

Posted by: Oren T at June 21, 2007 06:24 AM


Post a comment




Remember Me?


Please enter the code as seen in the image below to post your comment.