Simon Says – Musings of a Technology CTO

Following on from a failed state-wide “hack” of the Blackberry system, where the state-controlled telco etisalat tried to distribute a “performance enhancing patch” to Blackberry users (which turned out to be a state-controlled back door program), The United Arab Emirates is threatening to block e-mail sending and IM delivery on Blackberries, and Saudi Arabia is threatening to block Blackberry-to-Blackberry IM.

According to BBC News:

Both nations are unhappy that they are unable to monitor such communications via the handsets. This is because the Blackberry handsets automatically send the encrypted data to computer servers outside the two countries.

While this is obviously going to ruffle some feathers, it’s hardly new behavior – before the “General Software Note” appeared in the Wassenaar Treaty in 1998, it was quite common for nation states to put pressure on Encryption Vendors to implement government controlled back doors in security software. It’s usually a given that a nation, while respecting due process and legality, has the right to eavesdrop on her citizens and visitors to preserve sovereignty and national security.

Now that export of so-called “dual-use goods”, cryptographic products in the public domain, or freely available, or usable without significant assistance is deregulated (more through lack of any effective regulation than by desire), we’re used to being able to hide things from our elected leaders – don’t think it’s because they agree with the premise though.

We’ll see if the UAE and Saudi Arabia make good on their promise to disable these services over the next few months, but regardless of the outcome here, it should be remembered that the consumerization of IT seems to be an unstoppable force, which in some cases is eroding traditional security practices our nations use to preserve our saftey.

An example of this is of course the good old wired telephone. Though we have effective regluation and controls for example on wiretapping in the USA, laws, checks-and-balances, court orders etc prior to any tap being put in place on your traditional home phone, there’s no technological way of snooping an encrypted VOIP or Skype call even if the court Judge agrees it’s appropriate. What happens if the mass of consumers move away from wired connections to new IP based technology? Will Skype get banned or escrowed?

We’ll have to see I guess.