Schneier on Security
A blog covering security and security technology.
« Seventh Harry Potter Hacked? |
| Vulnerabilities in the DHS Networks »
June 22, 2007
The French Government Bans BlackBerries
The French government wants to ban BlackBerry e-mail devices, because of worries of eavesdropping by U.S. intelligence.
Posted on June 22, 2007 at 6:37 AM
• 51 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Can you steal bread over a phone?
I heard that and immediately laughed. Then I thought "What's the real reason?". Even the French (along with every other foreign country on Earth) must know that US intelligence can eavesdrop on any wireless communication on the planet. If they're really worried about communications security vs. US intelligence gathering, then they ought to switch over to exclusive use of land lines.
Actually, the reason given by the French Government is that some civil servants used to babble a bit too much on their Blackberries about state secrets. And that said state secrets were then used by... ahem... "foreign" firms to win contracts that French companies were also interested in.
Whether said servants should be babbling on insecure communication devices (whether Blackberries or GSM phones) is, of course, a valid question. What I'd like to know is when, and how, said civil servants/governement members are going to get fired.
Dan, there has been some allegations of industrial espionage from American and French companies against each other for as long as I can remember, especially in aerospace. There could be tech protectionism at play, although it wouldn't be surprising that fears of industrial espionage were all that was needed for this policy.
Because although the Server Crackberry communication is encrpted (and passes at least some dinky FIPS standard I think), the Mail Server is through SMTP and definately not encrypted.
By having that traffic routed through servers in the US and UK, you are giving the NSA carte blanch to read your email.
"... US intelligence can eavesdrop on any wireless communication on the planet"
Whahahaha!! Dream on....
Despite what both french & british media "IT experts" say, it is not some airwaves eavesdropping that worries the SGDN, but the fact that all Blackberry trafic flows through RIM servers (which are, for european customers, located in the UK) and could be (is ?:) ) read by foreign intelligence agencies.
Its just the French trying to ban the use of anything non-French. Not a surprise. This will either force RIM to install a bank of servers in France or they will switch over to an upstart company founded in France, probably by a family member of the guy who introduced this legislation. :)
We all know how politicians work.
@Nicholas Weaver, could you please cite the references that give you such confidence the SMTP is "definitely not encrypted". As a Blackberry-carrying corporate infosec geek I have many reasons for wanting, or needing, to know.
THANKS in advance!
Ironicaly I think the only EU country where BB are popular is France. I have never seen one, and its not like we don't all get around.
All the data communication between a Blackberry and a corporate server are encrypted, including e-mail. They use AES-256 or TDES.
I pulled up blackberry(dot)com(slash)security when I first heard about this the other day to figure this stuff out for myself.
@ Nicholas Weaver wrote "By having that traffic routed through servers in the US and UK, you are giving the NSA carte blanch to read your email."
Actually it's the other way around. The NSA is authorized to spy outside the US but needs special permissions to eavesdrop within the US or on US persons.
(The question of whether the NSA or the US government adheres to these laws is another matter. )
DSD in Australia wrote a nice paper on Blackberry security some time back... a very interesting read:
The main concern (for me) is around the data going through RIMs Canadian servers with me, the client, having no control over its exposure at this point.
(Oh and regarding SMTP, it would be in-the-clear unless you use TLS over SMTP with the STARTTLS SMTP command).
Wow ... lot of people don't know how blackberries work. Most companies and government agencies have blackberry communication servers. These servers communicate to blackberry's network and to the companies/government's e-mail systems.
Step 1: e-mail arrives at government's agency SMTP server
Step 2: e-mail is forwarded to Blackberry server on that government agency's network
Step 3: e-mail is sent over an encrypted channel over blackberry's network to carriers network to blackberry device.
Yes it goes over blackberry's network but it goes over a server to device encrypted channel. There are issues with blackberry's but snooping these things is as easy as snooping an SSL connection to your bank.
"The question of whether the NSA or the US government adheres to these laws is another matter."
I believe the NSA has a reciprocal arrangement with the spooks at GCHQ in the UK. GCHQ taps US traffic and passes it to the NSA and vice versa.
One other comment - unlike to almost every other device out there (i.e. windows mobile devices) - blackberrys have built in firewalls and can be centrally controlled by a policy server. In addition - I can order a blackberry device wiped if we suspect if the device was lost or compromised in some way.
The french probably are planning their own device or they are ticked at canada for some reason (not enough of them speak french?)
@Harry: "Actually it's the other way around. The NSA is authorized to spy outside the US but needs special permissions to eavesdrop within the US or on US persons."
The NSA is not supposed to spy on US citizens, but it has no limitations within the United States. Diplomatic messages or whatever other foreign communication (e.g., telephone traffic that is routed through the US, or via US satellites) they can get their hands on is fair game.
Read James Bamford's Puzzle Palace for details.
My favorite story from that book is where they declared 100 sqare miles of Virginia a radio free zone, so that they could build a 600ft radio dish to pick up Russian communication as it bounced off the Moon.
The book is a bit dated, but the mind boggles when you extrapolate NSA's capabilities into today.
Yoshi, thanks for the lucid explanation.
However, it's not clear to me where the server-to-device authentication is controlled. If Blackberry's network is in charge of mediating authentication, then Alice and Bob would be vulnerable to Charles' usual Man-In-The-Middle games. I'm guessing the French won't take anyone else's word that there is no Charles. Given the liberties taken by the NSA with a Greek mobile-phone network three years ago, I can't say I blame them.
Oh, and as to smug "The French are up to their usual paranoid/xenophobic/protectionist/statist tricks" theories: there may be some of that going on, but they certainly have no monopoly on that kind of nonsense -- compare the Congressional hyperventilating paranoid delusions of Chinese government espionage that surrounded Lenovo's aquisition of IBM's personal computer business. Remember all those government laptops that were going to phone home to Beijing with their harvest of government secrets?
Carlo: Was any evidence ever produced that the NSA was responsible for the Greek mobile phone problem?
I tried to post a link earlier to a BlackBerry security whitepaper that RIM wrote. My post got spam filtered though. If you go to blackberry.com/security and click on the link on the right side of the page you can read the details of the crypto protocols.
There is no MITM because the server and Blackberry share a symmetric 'master key' that is negotiated when the device is registered for service.
They want to be considered de-mure :-)
could the real reason be that they want the trendy new iPhones? :)
if it's really to mitigate American intelligence efforts then they are more foolish than i thought. oui
(Yes, even some otherwise non-French speaking Canadians will get that joke.)
No actual evidence I'm aware of, I was recalling a plausible conjecture. Having just briefly reviewed the coverage now, I can see NSA was one among several conjectured perps, and possibly not even the most likely one. Nonetheless, the point --- a network not controlled by known-friendlies is a potential vulnerability --- stands.
As to MITM, point taken. However, the software at the server is presumably Blackberry's proprietary, binary-only package. Control of, or access to BB's network could conceivably give Charles the opportunity to "upgrade" that software, depending on the level of security that attends transactions on the trusted network, and on the level of paranoia with which the code was written to withstand standard network attacks (buffer overflows etc.). It would be somewhat surprising if some nations' intelligence agencies weren't already trying something like this, given the value of information that might be expected to be sent around on BB's network.
By the way, do the devices accept firmware upgrades from the network?
Added the G because there seems to be more than one Dan posting...
@Alex : What I mean when I say landline (now realizing that really isn't specific enough) is POTS Plain Oldfashioned Telephone Service. At least that way, the network used to transmit messages is entirely within France and thus (theoretically) under French control. It is also insulated, and requires some kind of tap (either into the line or a bug at the location) to listen in.
another thought: maybe the french are not averly amused and feel rather humiliated.
Not so far off with the US eavesdropping on anyone they possibly can.
[which is, to make a point, quite an ***hole policy. sorry to tell you, but it just is. image yourself being humiliated all the time, what would you fell like and do? Image your "firend" stealing your business secrets and making money off it][just like bruce says: "liberty is security" one can argue: "showing respect and kindness for others is preemptive security"]
have a nice weekend, ya all over there. Take care.
not intending to offend anyone, just trying to make a point and rallying some support for more humanity on this planet
@PorkBellyFutures: "There is no MITM because the server and Blackberry share a symmetric 'master key' that is negotiated when the device is registered for service."
Maybe I misunderstand MITM. Wouldn't this negotiation-phase be the perfect place for MITM, with all future communications quietly forwarded through the NSA (or whomever)?
It's not as if the NSA didn't have enough raw computing power to handle all Blackberry traffic in the world, simultaneously.
And we definitely know the U.S. Government has a history (http://en.wikipedia.org/wiki/Inslaw) of subverting software sold to and used by foreign governments.
Or maybe the French know something about Blackberry "the company" that we don't.
Remember that many recent "surveillance scandals", in the US and the EU, were aided by telco companies, willingly cooperating with espionage agencies. I wouldn't be surprised if, after the Blackberry affaire came up, their intel agencies examined the company a bit more scrupulously.
The title of this post is annoyingly misleading.
Fascinating. One Dan wrote:
"Its just the French trying to ban the use of anything non-French. Not a surprise."
To the contrary, "c'est cool" to have American gadgets. Ignorance and knee-jerk racism won't help the security situation. The US can't understand its supposed friends, let alone its enemies. The USA are doomed.
So you are accusing US bureaucrats and elected officials of being arrogant (and perhaps the posters in this room)? And the French versions aren't?!?!?
Every trip I've made to France has been wonderful, the people are great, the food is great, most everything is great with one exception - every time I hear or have to deal with a French bureaucrat I want to kick a puppy.
IMHO - this bureaucrat doesn't understand the problem. His problem is his people leaking information. He has chosen to go after one vendor. What about other mobile devices? The problems don't exist there either? The problems don't exist on laptops traveling everywhere? He doesn't understand the problem and therefor will not be able to deal with it.
It isn't a big secret that the French economy is lacking due to the govt doing whatever possible to remain "French" at heart. I believe this was a big point in Sarkozy's election, the French people are ready for change.
I wouldn't classify my post as ignorant, nor racist (is "French" a race, Daniel?).
I've actually visited France a few times, and I have nothing against the people. Doesn't mean I don't have my opinions about its govt (or my own).
Racism? Really? Do you have any idea how many Americans can claim a French heritage? The words you quote speak clearly of "the French" as a nation, not as a people. Don't conflate that with racism.
@DanG: I asked 'define landline' because many forget that most of the connections we call 'landlines' might use at some point a microwave radio relay. Particularly in France the connections through the Alpes to Switzerland and Italy. And if it goes through the air.....
The concerned French, unless they're crazy to be cool, aren't likely to opt for iPhones, which require service from surveillance-friendly AT&T.
@yoshi - I didn't use the word arrogant, or mention US bureaucrats. The word I used is ignorant, which I accused a poster to be.
@Dan - there is no such thing as race.
@Alex - good point that. Even 'landlines' aren't nearly as secure as we'd think.
I think it would help everyone if we'd just calm down a second, and admit that there may be very good strategic reasons for France's top bureaucrats to want to avoid reliance on a US-vendor for communications between civil servants involving state secrets.
National pride, economic protectionism and bureaucratic stupidity may all play a role. I maintain that assuming these as the primary drivers without more information about this particular case is ignorant and/or hateful.
Let me ask... given the history of mutual industrial espionage between the French and Americans, how would you feel if top American bureaucrats were to use a closed-source French server to have private conversations involving top-secret trade matters?
Actually, some German government agencies have also decided to ban Blackberry quite a long time ago ... French aren't the first ;)
I do not say that this is a wise decision or not, what i mean is that you should stop flame Frogs :)
A frog !
@DanG: It's also about how close to you the US intelligence are. It's not possible for someone to eavesdrop on wireless communications from anywhere. They need to be intercepting somewhere in between the connection. As you said, even wired connection is not tamper proof, particularly if they know where you are. That's why people in movies always use payphone or mobile phones with prepaid sim.
@Daniel: I think it would help everyone if we'd just calm down a second, and admit that there may be very good strategic reasons for France's top bureaucrats to want to avoid reliance on a US-vendor for communications between civil servants involving state secrets.
You may be right, but what US vendor are you speaking of?
De-mure, heh heh...
>eavesdropping by U.S. intelligence.
Shouldn't that be "eavesdropping by Canadian intelligence"?
Suddenly I want to go watch "The President's Analyst" again.
@Daniel: "...there may be very good strategic reasons for France's top bureaucrats to want to avoid reliance on a US-vendor for communications between civil servants involving state secrets."
Dozens, possibly hundreds, of US vendors make software and hardware used in various places in the information and communications infrastructure of almost every government in the industrialized world. The same could be said of plenty of Chinese vendors.
Their goat is with the fact that the encrypted messages get routed through the UK. They probably have some crypto guys who told them that the UK government might do traffic analysis on French government messages (not sure if that's possible, but it seems likely). Possibly their also concerned about the UK having the ability to disable their Blackberries, or at least the e-mail function on them.
Thats pretty much the end of the story. They sell it better by raising the spectre of industrial espionage and hinting at ECHELON and the NSA, which fuels plenty of paranoid speculation, and means they don't have to explain to the average Jacques Bureaucrat what the hell 'traffic analysis' is. It also goes over well with their own protectionism-mind folks, because God knows France has enough of those.
For goverment authorities it is important to have all data processing in their own country. If your data is under another juridistion, you have lost control to your data.
Recently Swedsh military asked for permission to monitor all international traffic. This caused quite a lot worries in Finland as some companies had consolideted their email processing to data centres Sweden. Even if that proposal is now post-poned, Telia-Sonera (Swedish-Finnish telco) moved email servers of Finnish customers back to Finland.
For goverment IT outsourcing, data must be physically in the same country even if some tasks are offshored.
First off I bet the Greek Gov wished it had not used a mobile phone system from another country for it's ministers etc 8)
TO answer the question about the NSA etc,
Yes the NSA can spy on FNats, but not US Nationals. Likewise so can the other signitories to the original BRUSA agrement.
What BRUSA gave all of them was the cosy arangment where they would spy for each other. Therefore the Brits (the BR in BRUSA) would spy on chosen American citizens and the NSA etc would spy on chosen British citizens and then they would pass the data over.
This cozy arangment alows the Politicos (in the know) and the heads of the security services to tell (unkowing) oversite commities that "No we do not spy on our citizens".
What do you seriously think the "Special Relations" the UK and US (supposedly) have was originaly based on?
If you want to know more google on terms like BURSA with other terms like WASP.
In more detail it is known that U.S. Signals Intelegence provide high end equipment to the likes of the U.K. Australia and the other BURSA signitories and a few other (WASP countries) and that the raw data gets slurped back to the U.S. Where (presumably) the NSA does the analysis and sends back selected data.
As for the French (Not a WASP Country), a little history about economic warfare etc. A previous head of one of their security services quite openly admitted to a U.S. television crew that France had been involved with economic spying on the U.S. and other countries for many years, and noted that is was less expensive than R&D.
It is belived that the Russian Koncordski (as it was refered to at the time) clone of the Concord that crashed at the Paris air show was due to the Russians not stealing the right information from Britain and France.
Subsiquently information has leaked out about two French military aircraft getting to close and causing un-natural turbulance that may have brought it down. What where the French aircraft doing, again supposadly taking photographs to see how the Russian aircraft's winglets performed.
Speaking of the Russians they (again) supposedly spyed on U.S. traders radio phones so that they could manipulate the price of grain on more than one occasion due to crop failures in the Ukrain etc.
All countries spy on each others major technological and industrial organisations to get bleading edge information, without having to spill much blood in the process.
The French also do active warfare type activities during demonstrations of equipment etc where large Military or other contracts are at stake which involve French companies.
It has also been said that for many many years certain large American Companies have received Intel from the U.S. Gov on their competitors as part or alternative payment on other activities.
Ask your self a question, what are all those "cold war analysts" etc upto these days, only a few went to the labour exchange so what are the rest doing?
So yes spying is just a normal part of everyday business as the French and Swiss well know.
The explanation is very simple : RIM has the keys and so they have all the mails (and maybe more with the servers they put in your intranet). So even if crypto and protocols are perfect, the MITM attack works. Who manages the keys, can read the data.
The RIM Phone OS is proprietary and can be administrated by RIM. Even if you put your own keys (pgp over RIM) they can be intercepted by RIM software.
Easy game for NSA...
Not easy, really...
Almost all these comments have some kind of jokes (I hope it's only jokes) ... about French people ! ... I am French, and I don't feel like racist, nationalist, anti-US or anything like this. I feel quite OK with the rest of the world, and it's the same for nearly all the people I know. But sometimes, when we read your posts on, it's quite sad. Because you defintly don't know anything about the France (I don't know anything about US), but you're acting like you know us so good !
I don't know why most of you have to quote such things in your posts (maybe it's just for the fun), but if it is not... You then don't know anything about the world around you !
To get back to the main topic, I am no that surprised by this decision. I don't think it's really because we are affraid that Jack Bauer and his friend could read our mails... As I told you, we are not your enemies, we came from the same planet ! It's just because it's part of national security, that national secret data are handled nationaly. It's absolutly rational, and doesn't show any kind of xenophobia. That would be a conclusion really too simple.
I mean... Do you think your governement (whatever your country is) would like to get his sensitive data treated at a few thousands of miles away ? On another continent, by another nation who shouldn't have to deal with your national security ! This is not logical ! ... That's all. It's not because we hate Canada, US, UK, or anybody. If you could just stop your paranoia ! (who said French were paranoid ?!)
Now if you really don't want to understand anything and keep going like : "french are so god damn stupid... they are racists", or whatever like that... it's just sad for you. Sure they are some racists in France, but they are also in any other country of the world... Now, the main French culture is just a little above these considerations ! (and I really hope you guys are not a sample of your nation main culture) ...
Please, think a little before you post something about a whole nation. Thank you !
@Sthepane: I don't think it's a clever decision to forbid the balckberry stuff...
I think the French government is missing two important facts:
1. If users need any kind of mobility you cannot say "no" to a device/technology without giving any alternative... The users will continue to use what they have (because they need it) and your security will not be improved... but degraded.
2. I cannot believe that every communication between government's employees is a country secret. I'm pretty sure that France, like every other modern country, has is own classification of information. So why forbid every usage of such a device instead of forbid only communications classified as secret?
Anyway there are so many non-british/usa company (and army too) that are using this technology... it sound a little bit weird that french experts are the only clever guys outside british/usa world ! Don't you think?
What about the third parties that certified the security of blackberry solution?
I'm not saying that a government have to trust a foreign solution to communicate secrets, I'm just saying that seems stupid (I don't want to offend anybody - it's just my point of view) to not use it for day by day job.
Have any French company a more robust/secure solution?
@MyOpinion, I never said it was clever or smart to ban this solution, but maybe a local server would have been a good compromise.
I work for a british company, but in a French office, in Paris, and we have to work all day long on UK servers. (not only blackberry, by the way... AD, Exchange, everything). It's really not a good solution, in terms of reactivity, to have this kind of deportation between the service provider and the users.
But anyway, it's a really good technology and I'm quite sure it's safe and really well secured. That's why I'm not saying french experts are more clever than other. I would never say that ! I don't want to compare anyone ! It's only about the localisation of the main server. It can makes all the difference between a good and reliable service, and a nightmare you have to deal with day after day after day after day... (trust me ! sniff) ... For example, right now, I should give access to a mailbox to one of our user... My citrix tool doesn't work for some strange reason... So I have to ask one of my collegue in UK to do it for me ! ... Loss of time !
So just on this particular point (because I don't agree with all the decisions of my government... really not... but it's the game !), I wanted to maybe explain a little more what (to my mind) is the reason of this reject. Or could/should be the reason !!
Now, if we have any other similar solution in France... I don't think. No,we don't have. French companies use blackberries or pocketPCs (onto one of our 3 cellphones provider), but we don't have anything else. And the government uses the old system of avian carriers :
(works quite well !)
@Cathy: Interesting thought. Here we have a high-placed figure slagging a product for its security -- even though it is the most secure product in its class by a significant margin -- with oblique and poorly substantiated claims about secret threats.
Come to think of it, it smells like just about every Microsoft FUD campaign I've ever heard of...
I sure don't know what the French think is going to be better then the BlackBerry for mass market mobile communications. I guess they could buy some sort of military style of radio gear but I think they need to do a better risk assement..... If they need better security I would guess they should not use any cell based device or even landline connections for that communication.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.