• Home
  • About
  • Blog
  • News
  • Events
  • Media
  • Video
  • Glossary
  • Contact
  • Download
  • RSS

Spying on BlackBerries

July 23rd, 2009  |  by elisabeth  |  Published in Future of the Internet  |  2 Comments

Prof. Zittrain has spent this week writing about the dangers of moving computing into the cloud. Another aspect of the same story is the danger of keeping computing on endpoints — PCs, smartphones — if those endpoints become tethered instead of generative. This story illustrates the potential problems. Etisalat, a telecom provider that serves much of the United Arab Emirates, recently sent its BlackBerry-using customers a software patch that it said was related to the transition “between 2G and 3G networks.” When the patch started sucking up the devices’ battery life, users protested. It turned out the patch had no useful functions, wasn’t approved by RIM, and would allow Etisalat — or someone working with Etisalat — to spy on users’ communications. RIM and Etisalat are currently finger-pointing about whose fault this is, and bloggers are speculating over whether Etisalat was operating on the government’s orders.

Chapter 5 of the book predicts situations just like this. Because of security concerns, we gravitate towards “information appliances like … TiVos, iPods, iPhones, and BlackBerries” that can be automatically updated and patched by the vendor or carrier. Meanwhile, also in the name of security, the vendors take away users’ ability to tinker with the devices. The threat of malicious hacker code is sometimes (not always) handled better under these strict regimes — but what about malicious code installed by the manufacturers, or the governments of the world?

Ironically, BlackBerries are considered relatively safe from government surveillance because all BlackBerry emails go through RIM’s servers, encrypted. So they’re harder for an authoritarian government to crack than PCs. What this episode shows, though, is that BlackBerries–like any other tethered device–are still very vulnerable to a few powerful players, like carriers or vendors. And, although the devices are vulnerable to fewer people with bad intentions, fewer people of goodwill can help spot and fix the problems. It’s notable that users only figured this patch was problematic out because the Trojan horse wasn’t well-written; it might have stayed forever if the phones hadn’t started crashing. Moreover, once the Trojan horse was there, it doesn’t look like users could fix the problem on their own. Instead, RIM had to issue a detailed solution. If the vendor and the carrier were both under injunction from the government, users would have no obvious recourse. (This isn’t pure paranoia; even the US government has used tethered devices for surveillance. Check out the story of EchoStar in Chapter 5.)

Putting just a few people in control of our data and computing seems safer, and sometimes it is. But when something goes wrong, we have to hope those people are inclined to help, and are able to do so. And that’s not always the case.

—By Elisabeth Oppenheimer

Responses

Feed
  1. Bertil Hatt says:

    July 24th, 2009 at 8:01 am (#)

    Isn’t RIM the company that shares a building with British secret services? — Anyway. . .

    I don’t think the ability to patch is the problem: most of those are useful, dull and pretty technical to understand. If any user savvy enough can check on what is being done, and alert the public opinion when he sees a problem, then we can presume those patches will only be of the useful kind.

  2. How Many Computer Made Up The First Internet | Internet Business says:

    August 18th, 2009 at 8:17 pm (#)

    [...] The Future of the Internet By Google’s account, Chrome will serve a single essential purpose: to get your computer up fef and running with a Web browser —confusingly also called Chrome—seconds after you’ve turned it on. Now you’ll be greeted each day by Google instead of … Netscape got the idea of bundling software called Java with its browser, which made it powerful enough to take on word processing, spreadsheets, and many other things.  [...]

Blog

  • Dropbox Ran Afoul of Apple’s App Store Review Guidelines: So What?

    • Last week, a number of developers reported that Apple was rejecting iOS applications that used Dropbox, a popular cloud file storage and backup system. An initial thread on the Dropbox developers’ forum has led to a outpouring of tech news full of hyperbolic claims. However, none of this reporting has covered the real problem – Apple is now more concerned about protecting its business model than serving its users or its developers.  Read more »

  • Help pioneer Casebook: The Next Generation

    • We at the H2O project are seeking a full-time Project Manager. H2O is an online platform for textbook development and distribution, currently in a pilot stage. H2O is based on the open source model – instead of locking down materials in formalized textbooks, we believe that course books can be free (as in free speech) for everyone to access and, equally important, build upon.

    Using H2O, professors can freely pull together materials for a course by selecting cases, editing those cases to the sections that are most relevant, and grouping them into readings. Once the materials are assembled, they can be copied in part or in whole by other interested faculty and then edited further.  H2O has been successfully piloted in JZ’s 1L Torts class, and will be rolling out further over the coming year.

    H2O’s project manager will play a leading role in shepherding H2O into its next phase, which will focus on developing new materials and incorporating additional features, in order to expand the platform beyond its law school roots.

    H2O is a  joint project of the Berkman Center for Internet & Society and the Harvard Law School library.  The Project Manager will be housed at the HLS Library and work in close collaboration with lead members of the Library Innovation Lab team; he/she will also work closely with the Berkman Center and current H2O teams. More info and job posting here.

  • Meme patrol: “When something online is free, you’re not the customer, you’re the product.”

    • I participated in the Berkman Center’s fascinating HyperPublic symposium in the summer of 2011.  When moderating a panel I invoked the aphorism that “When something online is free, you’re not the customer, you’re the product.”  It’s a way of encapsulating the idea that online free services usually make money by extracting lots of data from users — and then selling that data, or using it for targeted availability of those users for advertising, to advertisers.  In that sense, the advertisers are the clients, and the users enjoying free content are what’s being sold.  (Of course, sometimes that happens even when the user pays.)

    I didn’t coin the phrase, and since it was featured (and attributed to me!) in wordsmith.org’s wildly popular “word a day” as a thought for the day accompanying the word “enceinte” — I sought to nail down its provenance.

    The first use of the quote that we can find is as a comment within the famed MetaFilter community  in August 2010. The user’s name is blue_beetle, who might be someone named Andrew Lewis.  It’s entirely possible I saw it there, as MeFi is one of my five favorite sites on the Web.

    Similar sentiments (whether drawn from that source or independently invented) have been expressed by Bruce Schneier in October 2010 and by Douglas Rushkoff in September ’11.

    The phrase “you’re the product” also apparently appeared in a 1986 speech by President Reagan about the drug war.

    Just say know.

    –KA and JZ

  • OS X Mountain Lion and Gatekeeper

    • This week, Apple announced that it was moving to a new, faster OS X operating system development cycle, starting with the release of Mountain Lion next summer.  It previewed a number of features for the OS, and released some parts in beta.

    Mountain Lion is slated to include a feature called Gatekeeper as part of the security and privacy settings. Gatekeeper allows administrators (those with full privileges on a Mac) to limit the applications that can run on the Mac.  They can choose among allowing apps downloaded from the Mac App Store only, or apps from outside the Store so long as they are digitally signed to Apple’s satisfaction by their developers, or apps from anywhere.  (The latter has been the way both Mac and Windows PCs have worked, for better or worse, since the introduction of the Apple II in 1977.) Read more »

  • GPS-based Insurance Rates: The Devil is in the (Data) Details

    • A British insurance company called Motaquote has teamed up with TomTom, the GPS manufacturer to offer insurance prices based on data gathered by GPS. Fair Pay Insurance, Motaquote’s new program, is an opt-in insurance pricing scheme where drivers will get a free GPS unit in return for potentially lower (but possibly higher) premiums. The GPS unit will provide all the traditional navigational services as well as warn drivers when they corner too sharply or brake too hard. Read more »

About Jonathan Zittrain

jonathan zittrain

Jonathan Zittrain is Professor of Law at Harvard Law School and co-founder of the Berkman Center for Internet and Society at Harvard Law School

RSS Tweets from Z

  • An error has occurred; the feed is probably down. Try again later.

Blog Archives

Creative Commons BY-NC-SA Jonathan Zittrain unless otherwise noted.
Powered by WordPress using Gridline Lite.