The agreement, which involves placing a BlackBerry server inside Saudi Arabia, would allow the government to monitor users’ messages and allay official fears the service could be used for criminal purposes.[From Saudi Arabia halts plan to ban BlackBerry instant messanging – Telegraph]
I don’t know whether it’s a good thing for messages to be in the clear or not. If I were an investment banker negotiating a deal, I might worry that someone at the Ministry of Snooping might pass my messages on to his brother at a rival investment bank, for example. After all, the idea that only authorised law enforcement officers would have access to my private information is absolutely no comfort at all.
A drugs squad detective, Philip Berry, sold a valuable contacts book containing the personal details of the criminal underworld to pay off his credit card debt, a court heard.[From Corrupt drugs detective ‘sold underworld secrets to pay debt’ – Telegraph]
The idea that law enforcement would be helpless to stem the tide of international crime unless they can tap every call, read every email, open every letter, is (if you ask me) suspect. If I am sending text messages to a known criminal, you do not need to be able to read those message to decide that you might want to obtain a warrant to find out who I am calling or where I am. The fact that I am using a prepaid phone does not, by itself, render me immune to law enforcement activity.
Beyene’s role in the heist was to buy so-called dirty telephones and hire a van to use as a blocking vehicle,[From Gunman jailed for 23 years over Britain’s biggest jewellery robbery – Telegraph]
In fact this gang was caught because the police found one of the mobile phones they had been using. It contained four anonymous numbers, and from these the police were able to track down the gang members. It wasn’t revealed how, but there at least two rather obvious ways to go about it: get a warrant to track the phones and correlate their movements with known criminals or get a warrant to find out which numbers those other phones have been calling and follow the chain until you get to a known number. Yes, this might require some police work, which is more expensive than having everything tracked automatically on a PC, but it is better for society. This reminds of a recent discussion about anonymous prepaid phones. I’m in favour of them, but plenty of people are against them. (Same for prepaid cards.) Ah, but you and the authorities in some countries might ask: how can you catch criminals who use anonymous prepaid phones? Forcing people to
Earlier this month, the FBI revealed that the suspected Times Square bomber had used an anonymous prepaid cell phone to purchase the Nissan Pathfinder and M-88 fireworks used in the bomb attempt.[From Senators call for end to anonymous, prepaid cell phones]
Setting aside the fact that this guy was caught (despite the dreaded “anonymous prepaid call phone”) and had been allowed on a flight despite being on the no-fly list, the politicians are, I’m sure, spot on with their informed and intelligent policy. In fact, one of them said:
“We caught a break in catching the Times Square terrorist, but usually a prepaid cell phone is a dead end for law enforcement”.[From Senators call for end to anonymous, prepaid cell phones]
Amazingly, the very same issue of the newspaper that reports on the captured UK armed robbers contains a story about a Mafia boss caught by… well, I’ll let you read for yourself:
One of Italy’s most wanted mafia godfathers has been arrested after seven years on the run after police traced him to his wife’s mobile registered in the name of Winnie the Pooh[From Winnie the Pooh leads to gangster’s arrest – Telegraph]
So, basically, if you require people to register prepaid mobile phones then you raise the cost and inconvenience for the public but the criminals still get them (because they bribe, cheat and steal: that’s criminals for you). I imagine that in the Naples branch of Carphone Warehouse the name “Winnie the Pooh” on a UK identity card looks perfectly plausible: they would have no more chance of knowing whether it’s real or not than the Woking Carphone Warehouse would when looking at an Italian driving licence in the name of Gepetto Paparazzo. Again it’s not clear exactly what the police did, but from elements of the story it appears to be something like: the police discovered (through intelligence) that the godfather’s wife was calling an apparently random mobile phone number at exactly the same time every two weeks. From this they determined which phone was hers (the “Winnie the Pooh” phone) and they tracked it to Brussels. But suppose some foolproof method for obtaining the correct identities of purchasers were to be found. Would this then stop crime in, say, Italy? Of course not.
In an attempt to combat the cartel-related violence, Mexico enacted a law requiring cell phone users to register their identity with the carrier. Nearly 30 million subscribers didn’t do this because of a lack of knowledge or a distrust of what could happen to that information if it fell into the wrong hands. Unfortunately, the doubters were proven right, as the confidential data of millions of people leaked to the black market for a few thousand dollars, according to the Los Angeles Times.[From Did Mexico’s cell phone registration plans backfire?]
The law just isn’t a solution. It might even make things worse.
Let’s face it, RIM couldn’t possibly have afforded all of the advertising they’ve got over the last few days. What does the story say to the average punter? “Hey, they’re not banning Nokias or iPhones, so if you use one of those then your e-mail will end up in the hands of your competitors”. So with the new arrangements in place, the police will have no problem intercepting dastardly criminal conspiracies being formulated using e-mail, right? Well, no. A friend of mine recently asked me how he could e-mail so partners that he was thinking about starting a business with without his current employer knowing (he periodically needed to contact them in working hours, and knowing nothing about IT, he assumed that his public sector employer was reading his e-mail) so I directed him to Hushmail (disclaimer: some years ago I was a non-executive advisor to Hushmail).
Right now there’s no way to encrypt your email using PGP on the iPhone through the Mail program. Instead, consider using Hushmail, which supports PGP encryption. It’s a webmail service, so you can access it from Safari.[From Secure Your iPhone | Mac|Life]
Surely most criminals, though, will simply use SSL connections to Google Mail, Hotmail and so on. This is what I never understood about the RIM/UAE story when it first blew up, until I read in the FT that
A statement from CITC on Sunday saying mobile operators’ servers were being tested suggested that RIM and the Saudi authorities may be focusing on personal use of the BlackBerry messaging service.[From FT.com / Middle East – Saudi Arabia fails to impose BlackBerry ban]
In the article I read on Saturday, it said that there were concerns about boys and girls messaging each other. Anyway, what does all of this mean? Well, if you provide a trapdoor in service, even for the very best of reasons, it will eventually be exploited.
Apparently, Chinese “hackers” were found it rather easy to break into the e-mail accounts of human rights activists and so forth, because Google had been forced to build a system to do precisely that.[From Digital Identity: Privacy and Security]
Dean Bubley is surely right when he says that all of this fuss — UAE Blackberry ban, French three strikes etc — will simply drive people how want to keep their communications private (eg, terrorists, file sharers, nazi pedophlles, investment bankers and so forth) to encrypt everything end-to-end and assume that all networks are wholly compromised.
I have a feeling that this whole “interception” approach may backfire spectacularly on those governments trying to enforce it. This could just catalyse the whole market for private crypto solutions, not just on BlackBerries, but on all smartphones.[From BlackBerry BBM intercept – workarounds probable? – Convergence Conversation]
A few weeks ago, Neelie Kroes (the European Commissioner for Digital Europe) talked about bringing European values around privacy to bear on new technology. OK. So what are the European values around electronic messaging and what is the best way for us technologists to implement them?
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]