Re: [Discuss-gnuradio] "A scanner with a digital output" address@hidden pwright.com: @stake wows the wireless rubes...]

[Nick Waterman]

Dave Emery wrote:
>    And too often the actual end user is constrained by economics and
> other circumstances and simply cannot afford to implement and use high
> grade end to end security, or doesn't even appreciate the need for it
> and therefore puts his sensitive traffic in the clear on a trivially
> intercepted link with absolutely no security at all.   And this is sad,
> when there could be at least SOME security there at low cost to the
> carriers involved.

I don't work in the right part of RIM to know, but I suspect you've hit
the nail on the head - this is RIM's cheapest product, where all corners
have been cut to make it as cheap as realistically possible, including
removing the expense of encryption.

For what it's worth, the equivalent product in the EU (office where I
work) does at least have GPRS's hint of air interface encryption -
equivalent of GSM, but I'm sure GnuRadio will catch up with that sooner
or later - look forward to it!   :-)

>    And given the description of the two classes of Blackberry
> customer, I cannot help but wonder if LEAs and TLAs had something to do
> with the decisions involved - clearly very few if any corporate
> customers with BES systems and the whole 9 yards inside their firewalls
> are likely to be criminals (or at least low level stupid criminals
> likely not to get COMSEC right), whilst a significant (albiet small)
> percentage of public Blackberry users will be drug
> dealers/criminals/terrorists of great interest to LEAs and intelligence
> agencies, and probably at least some of those people will assume that
> because corporate Blackberries are secure and encrypted  theirs are too
> and there is no chance of LEAs legally or extra-legally intercepting
> their traffic.   Thus keeping the rf link completely open helps the
> watchers watch, and is something that they can be presumed to have
> quietly pressured to have happen.

Haha! Fantastic! Conspiracy theory!  :-)

Out of curiosity, what's stopping [drug cartel / big gang / bin laden of 
your choice] from buying the secure end-to-end corporate solution? They 
could certainly afford it!

I understand a few US government military departments use the 
(corporate edition) Blackberrys themselves - presumably not for battle 
orders and stuff, but it's nice to know they trust them enough for some 
of their lesser secrets. I seriosuly DOUBT the TLAs were involved in any 
decision-making on the BBIE product but obviously I'd be unlikely to 
know anyway. I'd have thought if they HAD been, they'd have preferred 
one of the simple "encryption honest" methods you described - then they 
could have at least PRETENDED it was difficult to intercept, whilst 
actually it was some trivial hash they'd have the details of.

They normally work that way, those MIBs, don't they?   ;-)

Quite honestly, I suspect design simplicity and thus more importantly 
price to the consumer were the biggest driving factors, and I doubt the 
MIBs had anything to do with it.

... so say RIM added some notional encryption to the next version of the 
cheapie BBIE - wouldn't the conspiracy theorists say "haha! they made it 
secure enough to stop the casual listener-with-cool-software, but not 
secure enough to stop the government! The MIBs made them do it!"?

C'mon, you know it's possible RIM's just a nice company trying to make 
some good honest money by selling some really neat gadgets?   :-)

... still not here to represent RIM...

--
Nick Waterman. Senior Systems Administrator, Research In Motion
mailto:address@hidden  http://noseynick.com/  http://www.rim.net/
AX25:address@hidden   #include <stddisclaimer>  Team *AMIGA*!
Anyone who cannot cope with mathematics is not fully human.