BlackBerry maker Research in Motion Ltd on Thursday faced more demands to open up its smartphones to government scrutiny as Lebanon joined India, Saudi Arabia and the UAE in raising concerns over security.

RIM’s co-CEO Michael Lazaridis fought back in an interview with the Wall Street Journal, accusing foreign officials of picking on smartphones to score political points.

“This is about the Internet,” Lazaridis was quoted as saying in the Journal interview. “Everything on the Internet is encrypted. This is not a BlackBerry-only issue. If they can’t deal with the Internet, they should shut it off.”

Shares of RIM fell nearly 2 percent in trading on the Nasdaq and Toronto stock exchange. The stock has lost about 8 percent of its value since the United Arab Emirates threatened over the weekend to ban BlackBerry email, messaging and Internet services after three years of negotiations with RIM over access to encrypted user data.

The BlackBerry also faces a potential ban in Saudi Arabia as early as Friday if RIM is unable to reach a compromise there. RIM and Saudi officials met on Thursday ahead of the pending ban.

Lebanon raised concerns over the smartphone on Thursday, saying it was studying security concerns related to the BlackBerry and would begin talks with RIM.

Media reports earlier had said that Indonesia was also pressing on RIM to allow monitoring of BlackBerry data, though the country’s communications minister said it was not banning the service.

India, worried that BlackBerry’s highly secure messaging services could be misused by militants, has demanded more access for its security agencies, and the country’s telecoms minister said it had not yet reached an agreement with the company.

The Indian government may block the BlackBerry messenger service but allow emails and voicemails if a solution is not reached, the Times of India said on Thursday, citing unnamed sources.

A broadening stand-off with global governments could hurt sentiment on RIM on Wall Street, which had initially been reassured that a ban by the Gulf states would affect a tiny portion of the BlackBerry’s more than 41 million subscribers.

Lazaridis acknowledged the company was in discussions with various governments, and said the issue will likely get resolved.

RIM has said BlackBerry security is based on a system where customers create their own key and the company neither has a master key nor any “back door” to enable RIM or third parties to gain access to crucial corporate data.

The company said Wednesday it has never provided anything unique to the government of one country and cannot accommodate any request for a copy of a customer’s encryption key.

Exclusive The first person jailed under draconian UK police powers that Ministers said were vital to battle terrorism and serious crime has been identified by The Register as a schizophrenic science hobbyist with no previous criminal record.

His crime was a persistent refusal to give counter-terrorism police the keys to decrypt his computer files.
The 33-year-old man, originally from London, is currently held at a secure mental health unit after being sectioned while serving his sentence at Winchester Prison.

In June the man, JFL, who spoke on condition we do not publish his full name, was sentenced to nine months imprisonment under Part III of the Regulation of Investigatory Powers Act (RIPA). The powers came into force at the beginning of October 2007.

JFL told The Register he had scrambled the data on several devices as part of security measures for his business, a small software company.

He was arrested on 15 September 2008 by officers from the Metropolitan Police’s elite Counter-Terrorism Command (CTC), when entering the UK from France. Sniffer dogs at Gare du Nord in Paris detected his Estes model rocket, which was still in its packaging and did not have an engine.

On arrival at St Pancras, JFL was detained under the Terrorism Act and taken to Paddington Green police station, a highly secure facility where UK police hold their most dangerous suspects.

He was returning to the UK for an appointment with customs officials, to surrender after a missed bail appearance. This separate customs investigation – since dropped without charges – surrounded a failed attempt to enter Canada, and JFL missed bail following a move to the Netherlands. This contact with British authorities was apparently part of CTC’s decision to arrest JFL.

While interviewing him, CTC, the unit that in 2006 replaced Special Branch as the UK’s national counter-terror police, also seized more luggage. JFL had sent packages separately via Fedex to the Camden Lock Holiday Inn, where he had booked a room.

Throughout several hours of questioning, JFL maintained silence. With a deep-seated wariness of authorities, he did not trust his interviewers. He also claims a belief in the right to silence – a belief which would later allow him to be prosecuted under RIPA Part III.

A full forensic examination found nine nanograms of the high explosive RDX on his left hand, but JFL was given police bail. His passport was seized, however.

JFL says he does not know how the RDX, which has has military and civil applications, came to be on his hand. A result of five nanograms or less is routinely discounted by forensics and no charges were ever brought over his result of nine nanograms.

He returned to Paddington Green station as appointed on 2 December, and was re-arrested for carrying a pocket knife. During the interview CTC officers told JFL they wanted to examine the encrypted contents of the several hard drives and USB thumb drives they had seized from his Fedex packages.

Again he maintained silence. Police then warned him they would seek a section 49 notice under RIPA Part III, which gives a suspect a time limit to supply encryption keys or make target data intelligible. Failure to comply is an offense under section 53 of the same Part of the Act and carries a sentence of up to two years imprisonment, and up to five years imprisonment in an investigation concerning national security.

Following the warning he was bailed again, to reappear on 4 February.

GCHQ, home of NTAC

JFL did not attend the bail date. Instead he moved to Southampton, living in a series of temporary homes. He says he felt harassed by authority and helpless against police he believed were determined to pin a crime on him.

His disappearance led to a raid on 7 March this year. Officers bearing sub-machine guns broke down the door of JFL’s flat. He rang local police before realising CTC had come for him.

At the local Fareham police station he was served with the section 49 notice. Signed by CTC’s Superintendent Bell, it said: “I hereby require you to disclose a key or any supporting evidence to make the information intelligible.”

JFL maintained his silence throughout the one hour time limit imposed by the notice. He was charged with ten offences under section 53 of RIPA Part III, reflecting the multiple passphrases needed to decrypt his various implementations of PGP Whole Disk Encryption and PGP containers.

The list had been compiled by the National Technical Assistance Centre (NTAC), part of the intelligence agency GCHQ, which attempts to decipher encrypted files for intelligence and law enforcement agencies.

In his final police interview, CTC officers suggested JFL’s refusal to decrypt the files or give them his keys would lead to suspicion he was a terrorist or paedophile.

“There could be child pornography, there could be bomb-making recipes,” said one detective.

“Unless you tell us we’re never gonna know… What is anybody gonna think?”

JFL says he maintained his silence because of “the principle – as simple as that”.

He was also charged for his February missed bail appearance and for two attempts to get a new passport falsely claiming his was lost. He says CTC told him he would not get the one they had seized back, so he applied for a new one.

After three months on remand JFL faced trial on 2 June. He pleaded guilty to all the charges, wrongly believing he would be released that day with an electronic tag thanks to time served. Instead, taking into account the passport offences and missed bail, he received a total of 13 months.

Before finishing what would have been a six-and-a-half-month prison term during September, JFL was sectioned under the Mental Health Act. He now does not know when he will be released from hospital.

In his judgment, Judge Hetherington accepted JFL was no threat to national security and noted his outsider lifestyle. “You… wished to involve yourself in a world which was largely based upon the access to the internet and using computers and not really interacting with other people in the ordinary outside world to any great extent,” he said.

Steal This Book – ‘How to make pipe bombs’

“It is said on your behalf that you lead an existence rather akin to that of a monk, and that there is nothing sinister in any of this but it is essentially private matters and you do not see why you should have to disclose anything to the authorities.”

The judgment also took note of JFL’s unusual hobbies and interests. He describes himself as an “amateur scientist” and his Fedex packages contained lab equipment, putty, devil bangers (which explode with a snap when thrown to the ground and are sold in joke shops), a metal detector and body armour. He also had a book on gun manufacture, a book on methamphetamine production and an encryption textbook. All are available from Amazon.

JFL also had a copy of Steal This Book, Abbie Hoffman’s 1970s counter-culture bestseller. Judge Hetherington described it as “a book that detailed how to make a pipe bomb”.

Images of the evidence haul were sent to the Defence Science and Technology Laboratory (DSTL), an MoD agency that carries out assessments in explosives cases. A scientist wrote: “Some of the contents of the luggage could [DSTL's emphasis] be used for the manufacture of explosives or explosive devices but none of the items (as far as I could tell from the images) were obviously for this purpose and, with the exception of the throwdowns [devil bangers] and model rocket they all appeared to have other non-explosive uses.”

Judge Hetherington backed CTC’s initial suspicions. Added to the encrypted files, he said, the luggage made it “understandable in those circumstances that the various authorities were highly concerned initially as to whether there was some link to terrorism and a threat to national security”.

During sentencing, the judge seemingly confirmed that NTAC staff had been unsuccessful in their attempts to crack the encrypted files – or had not bothered trying. “To this day no one really has any idea as to what is contained in that equipment,” he said. One file encrypted using software from the German firm Steganos was cracked, but investigators found only another PGP container.

The suspicion of terrorism was dropped long before trial and JFL was sentenced under RIPA Part III as a general criminal rather than a threat to national security. Although he admitted guilt, JFL argues he did nobody any harm and the offences were all related to not cooperating fully with police.

Despite referencing his solitary existence, Judge Hetherington appeared not to know about JFL’s mental health problems and criticised him for not speaking to authorities.

Jack Straw – ‘We knew that terrorists were going to use this”

Abandoning normal court procedures, he said: “It was because I was satisfied you would not tell the Probation Service anything significant further that I saw no purpose in obtaining a pre-sentence report which is normally a prerequisite for someone of no previous convictions who has not previously received a prison sentence,” he said.

Sticking to normal procedure might have helped explain much of JFL’s behaviour in interviews and while on bail. Pre-sentence reports include mental health records and JFL himself sought psychiatric treatment once before, while a computer science student.

His given reason for not cooperating with CTC – the fact that a section 49 notice overrides the right to silence – echoes the original debate over RIPA and encryption. When the law was drafted at the end of the last decade it sparked protests from civil liberties groups and security experts.

In September 2001, shortly after his stint as Home Secretary, when he had introduced RIPA, Jack Straw took to the airwaves to defend the powers.

“It was government trying to put in place increased powers so that we could preserve and sustain our democracy against this new kind of threat,” he said in a Radio 4 interview.

“We needed to take powers so that we could de-encrypt commercially encrypted e-mails and other communications. Why? Because we knew that terrorists were going to use this.”

News that the first person jailed for the offence of not talking in a police interview has been judged no threat to national security and suffers from a mental condition associated with paranoia and a fear of authorities is unlikely to win RIPA Part III new supporters.

It will also be news to at least the part of government that administers the justice system. On 3 November, Claire Ward, a junior Minister in the Ministry of Justice told Parliament (http://www.theyworkforyou.com/wrans/?id=2009-11-03c.296657.h&s=ripa#g296657.r0): “Up to the end of 2007 (latest available) there have been no persons reported to the Ministry of Justice as being cautioned, prosecuted or convicted under section 53 of the Act in England and Wales.

“The government are satisfied that offenses set in RIPA are appropriate and that the legislation is being used effectively”.

This computer, made by the Cray corp.called the thinking machine, was paid for by the U.S. tax payers for the NSA and resides in a two story building on the secretive agencies campus.
The first story contains the huge water cooling system, all this water gets pumped upstairs to the computer itself to cool a non-conductive liquid that apparently flows directly onto the circuitry of this huge NSA code breaking computer……….I wonder how much this thing cost.
Yes, Very Expensive, but very cool.

The creators of the in-development technology say they’ll be able to crack GSM encryption with only about $1,000 worth of equipment.

Security researchers presenting recently at the Black Hat D.C. conference in Washington, D.C., demonstrated technology in development that they say will be able to greatly decrease the time and money required to decrypt, and therefore snoop on, phone and text message conversations taking place on GSM networks.

Many mobile operators worldwide use GSM networks, including T-Mobile and AT&T in the United States. The 64-bit encryption method used by GSM, known as A5/1, was first cracked in theory about 10 years ago, and researchers David Hulton and Steve, who declined to give his last name, said today that expensive equipment to help people crack the encryption has been available online for about 5 years.

Until now, however, it’s been prohibitively expensive for people to get their hands on this technology. If it works, the technology Hulton and Steve are developing should be able to crack GSM encryption in less than 30 minutes with about $1,000 worth of equipment, or in about 30 seconds with $100,000 worth of equipment. The technology could potentially be helpful to law enforcement investigators, but could also be taken advantage of by malicious hackers. Hulton says he plans to commercialize the more expensive version of the technology.

Other hardware Hulton and Steve referenced uses two different techniques to snoop on GSM calls and can cost between $70,000 and $1 million. So-called “active” systems simulate a GSM base station and don’t rely on encryption because they trick phones into connecting to the GSM network through them. Other, so-called “passive” systems snoop on the traffic and are far more expensive.

Hutton and Steve’s technology relies on the use of an array of devices known as field programmable gate arrays to first create a table of all the possible encryption keys — in this case 288 quadrillion — and then decrypt each of those over the course of three months. The resulting tables of keys could then be used by software to decrypt GSM communications, which first have to be intercepted using a receiver that can listen in on GSM frequencies.

During their talk, Hulton and Steve also discussed the vulnerabilities of mobile device SIM cards, noting that GSM networks broadcast SIM cards’ unique IDs in unencrypted text, which can tell attackers or law enforcement what kind of phone someone is using. The GSM network also can tell snoopers how far a phone is from a base station, within 200 meters of error. They noted that SIM cards run Java Virtual Machines that operators have access to, and suggested that it could be possible for malicious attackers to install applications on user’s phones without them ever knowing, potentially rerouting traffic to a third party who listens in to phone conversations.

The GSM Association, a trade group representing more than 700 GSM operators, said it could not comment on the specific claims Hulton and Steve are making. However, spokesman David Pringle said in an e-mailed statement that while researchers have showed how A5/1 could be compromised in theory, none of their academic papers have led to “practical attack capability that can be used on live, commercial GSM networks.” He also noted that more advanced encryption is beginning to be deployed for GSM networks and that other networks, including 3G networks, don’t use A5/1.