Blackberry and

Alexander Hanff no2dpi at googlemail.com
Sat Jul 18 21:25:41 BST 2009 

signup at bealoid.co.uk wrote:
> Question first, because there's a huge chunk of text.
>
> q: Imagine some telco did similar in England.  What laws would they 
> have broken, what would happen to that telco, would individuals have 
> any avenue for action?
>
> q: Now imagine the same situation gone further - the malware has been 
> activated, and is harvesting email/text/etc.  What laws would have 
> been broken etc.
>
> q: How likely is this event in the UK?  Would any UK supplier think 
> this kind of thing is acceptable?
>
> Thanks.
> (Second link is more technical)
>
> http://www.itp.net/news/561962-etisalats-blackberry-patch-designed-for-surveillance 
>
>
> [begin]It appears as though the use of such software is widespread 
> among telecom operators, and according to SS8?s website, its products 
> are used by ?some of the largest service providers in the world?.[end]
>
> [begin]The battery-sapping "performance patch" that Etisalat sent to 
> its BlackBerry subscribers over the last few days was designed to give 
> the UAE operator the ability to read its customers emails and text 
> messages[end]
>
> http://www.veracode.com/blog/2009/07/blackberry-spyware-dissected/
>
> [begin]We?re not sure why the software was delivered in both .jar and 
> .cod form. The .cod file is a RIM proprietary format that contains the 
> compiled Java classes along with a signature. Therefore it?s not even 
> necessary to send the .jar, but they did, completely unobfuscated. 
> Arrogance or incompetence?[end]
>
> [begin]It also provides a way to remotely enable/disable the spyware 
> itself using the commands ?start? and ?stop"[end]
>
>
>
>
>
Isn't this already the case in the UK?  My understanding was that the UK 
enabled relevant sections of RIPA to force providers to log all cellular 
traffic data including sms messages back in October 2007 and as Peter 
stated s12 of RIPA covers this.  Granted they only record traffic data 
(where you were, who you were sending too, what time etc.) and not data 
content but there really is not a great deal of difference in my mind.

Alexander Hanff

More information about the ukcrypto mailing list