• Home
  • About
  • Blog
  • News
  • Events
  • Media
  • Video
  • Glossary
  • Contact
  • Download
  • RSS

Spying on BlackBerries

July 23rd, 2009  |  by elisabeth  |  Published in Future of the Internet  |  2 Comments

Prof. Zittrain has spent this week writing about the dangers of moving computing into the cloud. Another aspect of the same story is the danger of keeping computing on endpoints — PCs, smartphones — if those endpoints become tethered instead of generative. This story illustrates the potential problems. Etisalat, a telecom provider that serves much of the United Arab Emirates, recently sent its BlackBerry-using customers a software patch that it said was related to the transition “between 2G and 3G networks.” When the patch started sucking up the devices’ battery life, users protested. It turned out the patch had no useful functions, wasn’t approved by RIM, and would allow Etisalat — or someone working with Etisalat — to spy on users’ communications. RIM and Etisalat are currently finger-pointing about whose fault this is, and bloggers are speculating over whether Etisalat was operating on the government’s orders.

Chapter 5 of the book predicts situations just like this. Because of security concerns, we gravitate towards “information appliances like … TiVos, iPods, iPhones, and BlackBerries” that can be automatically updated and patched by the vendor or carrier. Meanwhile, also in the name of security, the vendors take away users’ ability to tinker with the devices. The threat of malicious hacker code is sometimes (not always) handled better under these strict regimes — but what about malicious code installed by the manufacturers, or the governments of the world?

Ironically, BlackBerries are considered relatively safe from government surveillance because all BlackBerry emails go through RIM’s servers, encrypted. So they’re harder for an authoritarian government to crack than PCs. What this episode shows, though, is that BlackBerries–like any other tethered device–are still very vulnerable to a few powerful players, like carriers or vendors. And, although the devices are vulnerable to fewer people with bad intentions, fewer people of goodwill can help spot and fix the problems. It’s notable that users only figured this patch was problematic out because the Trojan horse wasn’t well-written; it might have stayed forever if the phones hadn’t started crashing. Moreover, once the Trojan horse was there, it doesn’t look like users could fix the problem on their own. Instead, RIM had to issue a detailed solution. If the vendor and the carrier were both under injunction from the government, users would have no obvious recourse. (This isn’t pure paranoia; even the US government has used tethered devices for surveillance. Check out the story of EchoStar in Chapter 5.)

Putting just a few people in control of our data and computing seems safer, and sometimes it is. But when something goes wrong, we have to hope those people are inclined to help, and are able to do so. And that’s not always the case.

—By Elisabeth Oppenheimer

Responses

Feed
  1. Bertil Hatt says:

    July 24th, 2009 at 8:01 am (#)

    Isn’t RIM the company that shares a building with British secret services? — Anyway. . .

    I don’t think the ability to patch is the problem: most of those are useful, dull and pretty technical to understand. If any user savvy enough can check on what is being done, and alert the public opinion when he sees a problem, then we can presume those patches will only be of the useful kind.

  2. How Many Computer Made Up The First Internet | Internet Business says:

    August 18th, 2009 at 8:17 pm (#)

    [...] The Future of the Internet By Google’s account, Chrome will serve a single essential purpose: to get your computer up fef and running with a Web browser —confusingly also called Chrome—seconds after you’ve turned it on. Now you’ll be greeted each day by Google instead of … Netscape got the idea of bundling software called Java with its browser, which made it powerful enough to take on word processing, spreadsheets, and many other things.  [...]

Blog

  • Controlling Cyberspace

    • This semester, we’re starting an exciting new class, aimed not at lawyers, but undergraduate CS students here at Harvard. It’s called CS42: Controlling Cyberspace – and we’re sharing the syllabus online.  Anything big we’re missing? Read more »

  • Computers Going Wild?

    • Computers Gone Wild: Impact and Implications of Developments in Artificial Intelligence on Society was an informal discussion that took place at Harvard Law School on December 8th, 2011. Hosted by Jonathan Zittrain, Marin Soljačić and the Berkman Center for Internet & Society, we brought together eighteen mostly local guests to discuss the ways that AI is changing society. Unlike futuristic predictions involving the Singularity or the underlying technology, this workshop explored current technology. Sessions included discussions on warfare, finance, education, and labor. Below is a list of attendees and a summary of the discussion.

    Read more »

  • Ideas for a Better Internet
    • Ideas for a Better Internet, or i4bi, is an interdisciplinary course at Harvard and Stanford that challenges students from law, computer science, and public policy to come up with novel and plausible ways to improve the Internet and its use. i4bi centers on immersing participants in Internet history, technologies, and politics, so that students can come up with ideas that help to build a better Internet — however they define “better.” Read more »
  • Microsoft Echoes Apple App Store Requirements

    • Here at Future of the Internet, we’ve already talked a little bit about Apple’s content requirements for both the iOS and Mac App Stores in JZ’s The PC is Dead post. As JZ said,

    “Pulitzer Prize-winning editorial cartoonist Mark Fiore found his iPhone app rejected because it contained “content that ridicules public figures.” Fiore was well-known enough that the rejection raised eyebrows, and Apple later reversed its decision. But the fact that apps must routinely face approval masks how extraordinary the situation is: tech companies are in the business of approving, one by one, the text, images, and sounds that we are permitted to find and experience on our most common portals to the networked world. Why would we possibly want this to be how the world of ideas works, and why would we think that merely having competing tech companies—each of which is empowered to censor—solves the problem?”

    Apple’s approach is an example of a larger phenomenon. Read more »

  • A SOPA compromise is floated
    • Last week several members of Congress — Senators Wyden, Cantwell, Moran, and Paul, and Reps. Issa, Lofgren and Chaffetz — floated a proposal to substitute for the contentious proposed Stop Online Piracy Act, previously discussed here.  Sen. Wyden’s office has commented on the compromise, and TechDirt has a writeup and a copy of the document here. The proposal omits the elements of SOPA that had run into the most resistance. Gone is tinkering with fundamental Internet architecture such as the use of the domain name system. Gone is the involvement of the Attorney General. Gone is the criminal copyright streaming provision that could, theoretically, make a teenage Justin Bieber a felon for streaming amateur videos featuring his renditions of songs by his favorite artists.In all these ways, the Wyden compromise is significantly better than SOPA. So what’s left? Read more »
About Jonathan Zittrain

jonathan zittrain

Jonathan Zittrain is Professor of Law at Harvard Law School and co-founder of the Berkman Center for Internet and Society at Harvard Law School

RSS Tweets from Z

  • An error has occurred; the feed is probably down. Try again later.

Blog Archives

Creative Commons BY-NC-SA Jonathan Zittrain unless otherwise noted.
Powered by WordPress using Gridline Lite.