RE: [Discuss-gnuradio] "A scanner with a digital output" address@hidden pwright.com: @stake wows the wireless rubes...]

[Ettus, Matt]

  What inspired me 
> to make my
> comment was that the two class model of the Blackberry marketing plan
> seemed to awfully nicely dovetail with the LEA view of the world -
> proles should not have even the slightest figleaf of privacy from LEAs
> (and don't need much real privacy from anyone else of course, 
> either), but
> trusted privilaged folk should be using strong encryption in order to
> protect the infrastructure.

I don't know what LEAs are, but anyone can go out and buy the small business
package from blackberry ( or from Earthlink, Verizon, Cingular, etc.)

>       And I cannot resist observing that it is almost certain that
> most or all corporate clients of the high price version get orders of
> magnitude more screening and general vetting by RIM than someone who
> comes in off the street at a wireless shop and buys a consumer
> Blackberry - so a criminal or terrorist enterprise buying the 
> corporate
> version has to be a lot better about cover and legend lest their
> true nature come through and cause RIM to quietly tip off the FBI.

Here's where we differ again.  You "observe" something without seeing it.
You are "speculating".  In reality, the fact that RIM sees the value of
encrypting customer secrets to the point that they cannot view them should
be lauded.  Few other companies go to that level.
 
>       And while I cannot even start to speculate about whether there
> was in fact any LEA pressure on Blackberry in this situation, the fact
> that most all paging networks in the USA and many digital cell phones
> remain completely in the clear unprotected by even weak link 
> encryption
> does make me wonder sometimes.  

Maybe the fact that before blackberry came out, pagers were nearly dead, and
there was no money to be made in it, and no customers were asking for
encryption, could explain it too.

>       And this says nothing about 3rd party friendly governments
> running intelligence operations in the US - THEY clearly can't request
> FISL or other CALEA court orders (at least yet - maybe I missed
> something in the USA Patriot act) and thus it is greatly in the THEIR
> interest to have the NSA and others quietly push to leave stuff in the
> clear or weakly encrypted. And if we scratch their back, well 
> maybe they
> will do the same for us in their countries... or at least not be quite
> so mad at us for intercepting their citizens traffic...

I would believe the NSA would spy on citizens.  I can't believe they would
want to help foreign governments (ALL foreign governments, not just friendly
ones) spy on our citizens and (more importantly to them) our businesses.

>       I rued my rather too hastily written comments on method
> (I had to collect my son at after-school and was in a real 
> hurry when I
> wrote them).   Suppose that each Blackberry contained a simple boring
> 168 bit secret individual random 3DES key in EEROM.  NO interception
> based on collecting the rf link traffic alone would work - there is no
> practical way to attack 168 bit key 3DES. Any intercept would have to
> start with obtaining the targets key by some other method than
> interception.

3DES isn't so simple on an embedded device with 1 month+ battery life on a
AAA, while continuously receiving and decrypting.

>       I think this language is a bit strong.  I was merely speculating
> on a possibility (and we do know as a matter of historical 
> fact that the

Perhaps I was a bit harsh.  But again, you intermingle speculation and
observation to form accusations without evidence.