11:33 AM

U.K. Police Seek BlackBerry Messages Following Riots

BlackBerry maker Research In Motion has offered to help the police with their investigation, but has not specified what data will be shared.

Strategic Security Survey: Global Threat, LocalPain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
Much of the current rioting and looting in London has been coordinated not just via Facebook and Twitter, but also via BlackBerry smartphones that use encrypted communications, according to British authorities.

Using social networks to coordinate protests is nothing new. But when it comes to BlackBerry devices, authorities would have difficulty cracking related communications, and in particular the BlackBerry Messenger (BBM) instant messaging system that is reportedly being favored by protestors.

But on Monday, BlackBerry manufacturer Research In Motion (RIM) said that it had offered to assist investigators. "We feel for those impacted by this weekend's riots in London. We have engaged with the authorities to assist in any way we can," said RIM global sales and regional marketing managing director Patrick Spence, in a statement.

"As in all markets around the world where BlackBerry is available, we cooperate with local telecommunications operators, law enforcement, and regulatory officials," he said, adding that RIM would comply with all relevant U.K. laws, as well as the U.K. government and police forces.

Some of the BBM messages, which can be broadcast from one person to many addresses, and transferred anonymously, have been reposted on social networks and across the Web. One BBM message, for example, read: "Police are NOT ON DIS TING. Everyone meet at 7 at Stratford park and let's get rich."

By many accounts, BlackBerry smartphones are a favored device for coordinating the riots, which largely seem to comprise teenagers and people in their twenties. The choice of smartphone, then, isn't surprising, since BlackBerry smartphones account for 37% of the teenage market share in Britain. That's according to a new Communications Market Report from Ofcom, the independent regulator and competition authority for the United Kingdom. "Anecdotal evidence suggests that this preference is driven by the BlackBerry messenger service (BBM) which offers a free alternative to texting (SMS)," according to the report, which was released on Thursday.

How might U.K. law enforcement agencies recover BBM messages, without RIM's overt offer to help? For starters, they'd have to apply for a court order requiring RIM to turn over requested communications. But RIM, based in Canada, wouldn't necessarily have to comply with those requests.

Law enforcement agencies in the United States also face procedural hoops requesting such data. "Law enforcement must use legal process to obtain information transmitted via BlackBerry," said Christopher Wolf, director of the privacy and information management practice at law firm Hogan Lovells and co-chair of the Future of Privacy Forum. "They cannot just present themselves and say, 'Let me see the data traffic.' For a CIO or telecom manager who might receive a demand from the police for access, the first thing he or she should do is call the company's lawyer for help."

In its statement, RIM didn't specify how it would work with British police. Furthermore, the company wasn't immediately available to respond to requests for comment, including details of how it would protect the privacy of people in Britain who may have communicated about--but not participated in--the riots, as well as whether it would share historical location information for subscribers.

The London riots broke out on Saturday. They were apparently triggered after a 29-year-old man, Mark Duggan, was shot in a minicab in the Tottenham area of London by police officers as part of what they termed a "planned operation," on Thursday, investigating gun crime. But details of his shooting remain unclear. That lack of clarity appears to have triggered the initial riots, leading to widespread looting, numerous fires, and multiple confrontations between protestors and police officers. By Monday night, after three days and nights of incidents, the rioting had spread to eight more areas, including the cities of Liverpool and Birmingham.

U.K. police have said they will prosecute anyone who used Twitter or Facebook to instigate violence. Interestingly, however, people in areas affected by the violence have turned to Twitter to coordinate cleanup efforts. By Tuesday, the Twitter account "Clean Up London" (@Riotcleanup) had attracted more than 70,000 followers.

Attend Enterprise 2.0 Santa Clara, Nov. 14-17, 2011, and learn how to drive business value with collaboration, with an emphasis on how real customers are using social software to enable more productive workforces and to be more responsive and engaged with customers and business partners. Register today and save 30% off conference passes, or get a free expo pass with priority code CPHCES02. Find out more and register.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-09
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.

Published: 2015-10-09
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.

Published: 2015-10-09
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

Published: 2015-10-09
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

Published: 2015-10-09
The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.