鈥淭ruly a case of the biter bit.鈥 That was the response of computer security researcher Ross Anderson at the University of Cambridge to reports last week that the French national security agency (SGND) has banned government ministers from using their BlackBerry PDAs. The agency says phone calls and emails routed through BlackBerry servers in the US and UK are too easy to intercept.
Leaving aside the fact that BlackBerry maker Research In Motion has its servers in the UK and Canada, not the US, Anderson is bemused by the SGND鈥檚 sudden concern for digital security. It was French opposition to strong cryptographic algorithms that left calls from all GSM cellphones, including BlackBerries, vulnerable to eavesdropping. 鈥淭he delicious irony in this is that the A5 algorithms used to encrypt GSM traffic came from France and are now fairly easy to break. It was the French authorities who pressed harder than anyone for the strength of generally available cryptography to be limited during the 1990s,鈥 he says.
So if Echelon 鈥 the signals intelligence operation of the US, UK, Australia, Canada and New Zealand governments 鈥 wanted to hear what French ministers were saying on their BlackBerries, they鈥檇 have the French government to thank for making it easier. A million dollars鈥 worth of electronics can break GSM keys 鈥渋n under a minute鈥, Anderson says.
Advertisement
However, RIM security chief Scott Totzke says BlackBerry email is harder to crack since it uses AES256, a far stronger cryptographic algorithm than that used for GSM voice calls.