August 4, 2010

BlackBerry Data Is (Not?) Secure

Phred Dvorak, on WSJ.com:

RIM said the BlackBerry network was set up so that no one, including RIM, could access” customer data, which is encrypted from the time it leaves the device.

All good right? Many (including myself) have been working under the assumption that BlackBerry devices — specifically their communications tools — are always encrypted.

However, something seems iffy when Bruce Schneier writes:

While the data is encrypted between RIMs servers and the BlackBerrys, it has to be encrypted by RIM — so RIM has access to the plaintext.

This is similar to how Opera Mini handles encryption: although everything coming to and from Opera servers is encrypted, the servers themselves need see what’s going on to do its magic.

Note that I don’t think BlackBerry has a security issue. But by making a statement that seems technically inaccurate they’re setting themselves up for scrutiny from the users that should be supporting them right now.


Geek Security