Awal permasalahan adalah berita tentang ancaman pemblokiran BlackBerry (BB) di Saudi Arabia, United Emirat Arab dan India oleh Otoritas masing-masing negara, dengan alasan bahwa Sever BlackBerry ada di Kanada yang menyimpan data yang di-enkripsi, sehingga pihak2 otoritas di negara2 itu tidak dapat melakukan Penyadapan yang legal (Lawful Interception).
Negara2 tersebut menuntut Research In Motion (RIM) Kanada, perusahaan penyelenggara layanan BlackBerry untuk memindahkan Server BB ke masing2 negara tersebut. Tuntutan serupa juga kemudian di-ikuti oleh Otoritas Indonesia, dengan alasan utama agar dapat melakukan Lawful Interception terhadap berita-berita (email, messages) yang dilewatkan via BB.
Ternyata dari penjelasan RIM bahwa pihaknya bersifat transparan terhadap berita-berita yang dilewatkan via Server BB, dan hanya sedikit sekali yang di-enkripsi sebagaimana dijelaskan dibawah ini, sehingga tuntutan negara2 tersebut diatas menjadi gugur:
1. BlackBerry Internet Service Encription.
Pihak RIM menyatakan secara tegas bahwa semua email Internet yang dilewatkan ke server BlackBerry (BlackBerry Internet Server) tidak dilakukan enkripsi oleh RIM. Bila email itu ditransmisikan melalui jaringan Wireless (Seluler) milik operator, maka enkripsinya akan mengikuti enkripsi operator itu, bila ada.
2. BlackBerry Enterprise Server Encription.
Bila HP BB Anda tergabung dalam jaringan BlackBerry Enterprise Server milik perusahaan Anda, maka berita-berita yang dilwatkannya akan di-enkripsi, dimana yang memegang kunci enkripsi itu adalah Perusahaan Anda tersebut.
Bilamana HP BB anda juga bergabung dengan jaringan BlackBerry Internet Service untuk menyalurkan email dari Internet, maka email-email ini tidak di-enkripsi oleh RIM.
3. BlackBerry Messenger dan PIN-to-PIN Messages.
Enkripsi-nya tergantung dari Admin Server BES masing-masing Perusahaan pelanggan BB. Secara default, maka RIM menyediakan enkripsi global yang dapat diberikan kepada Otoritas Telekomunikasi untuk bisa membukanya.
Kesimpulannya, layanan messaging melalui Server BlackBerry sifatnya adalah transparan tanpa enkripsi, kecuali messaging bagi Perusahaan2 pelanggan BB yang melakukan/tidak melakukan enkripsi tergantung kebijakan masing-masing perusahaan itu, dan kewenangan memberikan kunci enkripsi ada di fihak Perusahaan-perusahaan pelanggan BB, dan bukan RIM.
Dengan demikian alasan tuntutan menyediakan Server BB di masing-masing negara itu menjadi batal adanya.
Penjelasan lengkap tentang Enkripsi di BB ada dibawah ini:
BlackBerry Internet Service Encryption
RIM clearly states this in their knowledge base:
Email messages sent between the BlackBerry Internet Service and the BlackBerry Internet Service subscriber’s BlackBerry smartphone are not encrypted. When transmitted over the wireless network, the email messages are subject to the existing or available network security model(s).
That means that the only protection is what your carrier offers by encrypting their wireless traffic using the standard 3G and 2G protocols. If a carrier is tapping the line and giving the government access to sniff the traffic then they are seeing all of this communication in the clear. RIM has even admitted that they would provide such a wiretap if they were required by a court order though they would not decrypt the traffic which is not necessary since it is not encrypted in the first place.
BlackBerry Enterprise Server Encryption
Now you might ask what is encrypted. If your device is on a BlackBerry Enterprise Server then all email sent between the BES server and your device is encrypted using Triple DES (3DES) or AES encryption. Please note that if you have both BES and BIS email on your device ONLY the BES email is encrypted. This encryption for BES email means that ONLY your company can decrypt these messages. RIM does not and cannot provide these keys to a government organization. Other applications that are designed and let you choose to work over your BES MDS connection can also make use of the Transcoder API to also communicate securely but by default applications usually DO NOT use this API.
BlackBerry Messenger and PIN to PIN messages
When it comes to PIN messaging and BlackBerry Messenger there is a bit of confusion. RIM clearly states that:
The BlackBerry device scrambles PIN messages using the PIN encryption key. By default, each BlackBerry device uses a global PIN encryption key, which allows the BlackBerry device to decrypt every PIN message that the BlackBerry device receives. Your organization can use a global PIN encryption key, a PIN encryption key that is specific to your organization, or both.
That means that it is up to your BES admin to decide if messages between users on your BES server are encrypted with RIM’s global key that they can provide governments or a private organization key that will encrypt messages within your company with a key that RIM does not know.
So all in all I think these governments that are banning BlackBerrys need to truly understand how this all works. For example, ActiveSync is the technology most other devices use to sync Exchange data over the air. That by default is not encrypted but just as easily can use a certificate. Other email protocols like POP3 and IMAP are also not encrypted by default but can just as easily add an SSL certificate to encrypt that traffic. RIM truly is not unique in this since even Gmail’s website now uses SSL traffic for all email by default… While SSL might be easier to crack it is all based on the same encryption concepts so they are relatively similar.
Post a Comment