The great smartphone email fail.

If you’re a fan of high-powered mobile devices then you’ve probably heard about the proposed bans on BlackBerry services in Asia and the Middle East. I myself am of the opinion that the concerns of these governments are justified, as they are only seeking access to the same levels of surveillance that already exist here in North America.

Permit me to illustrate with three popular smartphone makers and their hosted email solutions:

Android

It is a known fact that Chinese cyber-attacks on Google were made possible through a back-door mandated by the United States Government. From CNN:

In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts.

This is not to say (necessarily) that Gmail users are constantly being spyed upon, but that the opportunity is there for the taking at the very least.

BlackBerry

Same deal — though if you got a BlackBerry as an electronic leash to the office it’s more likely to be your boss spying on your email than Homeland Security.

iPhone

Sorry, Apple’s crippled Internet appliance is subject to my own ban, for reasons explained on one of this blog’s very first posts.

Nokia

Just to show I’m not playing favourites here, Nokia is giving the government of India the ability to monitor traffic on its own hosted messaging service. No doubt they would do the same in the USA and Canada, had the service enough users to warrant it. Yeah, I went there…

To be clear, I’m not a fan of excessive government surveillance anywhere. But if Uncle Sam can spy on BlackBerry users in the Middle East, why can’t local authorities enjoy the same privilege?

And I’m not so naive to think that email traffic through my desktop computer is exempt from being tapped, though in Canada I do have a few rights to privacy via the Personal Information Protection and Electronic Documents Act.

I guess my point is that this type of surveillance should be a matter between your government and your ISP — adding a hosted, possibly monitored email service into the mix gives Big Brother a leg up and you less control over your own data.

For users and their privacy the simple POP clients found on many dumb phones may well end up being the smartest way to get email on the go…

3 comments:

  1. The problem of insecure mobile email does not lie with the backdoors so much (except in the case of RIM). Email is inherently insecure. Everything you send is unencrypted and goes through more listening posts than you could imagine.

    The only way to be secure is to encrypt your mail. The fail on the smartphone end is that noone (except RIM) has a decent solution for encryption, and as we see above, RIM, as a company, can be compromised by the allure of lucrative business deals. The real fail is that there are not decent mail apps for smartphones that support encryption like S/MIME and PGP/GnuPG. And a fail on the author’s part for not including his public key as an example so we can communicate with him in a secure manner.

    Still, this is good food for thought, and I hope it raises awareness of the inherent insecurity of email.

    BTW, my PGP key is 02DBEC51

  2. Hey, if anyone could school me on this it’d be you — Kevin is a security expert at Juniper Networks, if you didn’t know.

    And re: my PGP key, I think I tried using one with Eudora back in 2003, but couldn’t get anyone to test it with me. I’m just this second loading my IMAP folders into KMail, so I’ll have to get back to you on that…

Comments are closed.