Sunday, November 22, 2015

Not Buying a Blackberry Priv

Recently, I've been telling my friends that I was excited about the Blackberry Priv; a smart phone running Android that had a physical keyboard.

Many years ago, I switched to Sprint and got a Samsung Epic 4G. There are two things about this phone that make it different from most of the smart phones that I've seen my friends and family carrying around:
  1. It has a full slide-out QWERTY keyboard.
  2. It only supports WiMax 4G networks.
To make a long story short, WiMax was Sprint's attempt to go their own way on 4G connectivity. Their attempt failed, but it did not fail quietly. As for me, I connected to the WiMax 4G network a single time, during a trip to Chicago. Other than this, I never used the 4G network. That's probably why, I didn't really miss it when Sprint decided to shut it down.

So why not get another phone that supported 4G LTE?

Good question! I'm glad that you asked! The answer is: I LOVE the physical keyboard in my Epic 4G. And it's not that I use it every day, or even every month. It's more like a snow shovel; it may sit unused for 9 months, but when I want to use it, I am very happy that I have it available.

Most smart phones don't have physical keyboards. I chalk this up to simple free market capitalism: physical keyboards cost more to make than customers are willing to pay extra to have. It seems that I am part of a minority when it comes to physical keyboards. I'm willing to pay extra, but most people are not.

So, I was very excited the first time that I saw a picture of the Blackberry Priv. A modern smartphone, running Android, that was going to have a nice physical keyboard! I could finally ditch my Samsung Epic 4G (running Android 2.3!) for a modern Android! Yes!

I WAS excited, until this afternoon...

Blackberry Offers 'Lawful Device Interception Capabilities'

... the Slashdot headline points out "The company may see this as a way to differentiate themselves from the competition."

Indeed, it has differentiated itself from the competition in one very important way. Their competitors, offering products with Zero Knowledge Encryption, are products that I want to buy. Blackberry is offering products that I do not want to buy.

Am I worried about the government getting a warrant and looking through my phone? No. I'm a pretty boring person. My phone usage is mostly SMS messages to figure out when I'm supposed to pick somebody up, or what else I'm supposed to buy at the grocery store while I'm there.

The problem is, that by definition, lawful interception requires the capability to intercept (period). This means that devices can be divided into two types:

- Devices that cannot be intercepted

- Devices that can be intercepted


Or, to write that another way:

- Devices that are secure (cannot be intercepted)

- Devices that are not secure (can be intercepted)

If Blackberry has my encryption keys to give to law enforcement on demand, then by definition they have my encryption keys. They can also...

  1. Accidentally give them to law enforcement when a proper warrant hasn't been obtained.
  2. Accidentally give them to someone posing as law enforcement; with or without fake warrants to back up their story.
  3. Accidentally give them to hackers who break into Blackberry servers.
  4. Accidentally leak them to the public at large by leaving them on an insecure server that gets indexed by Google or another search engine.
  5. Have a rogue employee steal them and sell them on the black market; maybe some bad guy can now use my phone to send a message without me even knowing about it!
  6. Have a regular employee mess up and accidentally send my keys in response to a lawful request for somebody else's information.
  7. Etc...
You know what prevents all of these scenarios?

Not holding your customer's encryption keys, at all, for any reason.
(i.e.: The way Apple now does it.)

So... Sorry Blackberry. You almost had a customer for the Blackberry Priv.
But, I don't buy products that are defective by design.

No comments:

Post a Comment