Anyone who knows me knows that I have been apprehensive about Blackberry “security” since day 1. While I recognized the potential strengths, I was 90% confident of significant weaknesses, the primary of which was that the allegedly secure messaging system of Blackberry might be able to be read by a third party without the knowledge of the two parties communicating. In short: Blackberry could read your private messages, or your company could read them if you are on Blackberry enterprise.
I had been led to this conclusion by circumstantial evidence: a massive adoption by government agencies – organizations who are bound to record all messages as potential public documents; use of Blackberry in places like France and India which have significant government intrusion into cryptographic protections in the name of “national security”; and the observation that nobody else ever really even tried to build a competitor to the Blackberry messaging system. These things happened, I conclude, because it was known from the get-go that Blackberry messages were subject to easy snooping, and it made sense to me that public Blackberries could be snooped by simply showing up at Blackberry with a warrant, or maliciously without a warrant.
Even I realized that was a bit paranoid, but I’m a security guy, so a bit of paranoia is healthy… sometimes they really are coming to get you 🙂
But it turns out I was right! Little did I realize that the warrant was optional, it was just a matter of asking nicely.
I had one of the first Blackberries – a two-way pager for which users had to write their own email gateway. When my contract was up, I dumped it and never looked back. And every time Blackberry hits the news, it seems to confirm that I made the right decision.