MeeGo for the Enterprise? Part 1: RIM Takes a Hit

Open Source and commercial interest can be odd bedfellows.  The former depends of course on transparency and high access to thrive, while the latter tends to fall back on secrecy just to survive.  Detractors of Open Source will even claim that there’s no such thing as a successful open source project, especially a profitable venture.

There are certainly exceptions to that broad allegation.  Red Hat is an oft-cited one.  So was MySQL even before (and likely the reason) Oracle snapped it up.  And the list definitely doesn’t stop there (read the comments after this linked article)

But stronger still has been the resistance to certifying mobile devices in general for corporate use, much less anything running an open sourced operating system.  RIM and its highly-touted secure, proprietary messaging system have had a virtual lock on the enterprise world for years… at least in the Americas.

Nokia’s Maemo has never even come close.  The N900 was positioned more as a mobile computer than phone of any type, and its largely-open approach to communications (drivers and certain binary blobs notwithstanding) scared network security wonks– even as it endeared itself to IT trench warriors.  One problem was its lack of support for Microsoft Provisioning for Exchange, as was bemoaned ad nauseum at talk.maemo.org.  And so far no competitor has come close to threatening RIM.  Not even Microsoft.

Talk enterprise communications for a growing part of the world, and you mean Blackberry.

And so I found it scary, fascinating and highly ironic when the United Arab Emirates (UAE) banned the popular Blackberry because, basically, of the one thing that makes it so damned attractive to corporate interests: its security.  The article states:

The government cited a potential security threat because encrypted data sent on the devices is moved abroad, where it cannot be monitored for illegal activity.

Which is funny considering that the one time Blackberries were any sort of security risk in the UAE, it was due to a local carrier sending spyware out to their customers.

You can’t make this stuff up.

The government paranoia is quickly spreading in the region, too, and could possibly go far beyond the Middle East both politically and of course economically.  RIM may very well require the region for growth.

Which brings us down to the actual point.  The transparency and openness of Linux-based operating systems like Maemo and now MeeGo is seen as a risk in some quarters, and a godsend in others. 

Openness is a two-way street, however.  Data traffic that can be monitored by governments can be seen by citizens too– as well as other parties.  So there are two extremes in play here, each with distinctly attractive and even necessariy different philosophies and no real middle ground.  Even President Obama encountered a tough time getting his Blackberry onto a White House network (this was solved using a customized device), so the issue is certainly not limited to more conservative nations.

The Blackberry ban is scary because of what’s being designated illegal by officials involved.  Pornography, one of the biggest drivers of the Internet, is one such cited activity.  That’s an easy target, and even understandable based on some aspects.  But the rationales go even further, to the point that any communications that can’t be easily monitored by a sovereign body is considered a problem.

Things are getting interesting in RIM’s usual space in general, with Android and Apple’s iOS starting to chip away at Blackberry’s home turf, the American enterprise.  It’s too soon to dig any graves for Canada-based RIM, but there’s no doubt the company has its work cut out for it, as will its up-and-coming competitors if the war on Blackberries spreads across global and corporate boundaries.

So what might any of this mean for MeeGo?  That’s next.

About these ads

21 responses to “MeeGo for the Enterprise? Part 1: RIM Takes a Hit

  1. The RIM/UAE thing seems to me to likely not be about what it appears to be about.

    After all, what is the practical difference between:
    a) Using a [secured with proprietary but known-of algorithms] RIM protocol to push/pull messages between a phone in UAE and RIM’s server in Canada, and

    b) Using an SSL-secured IMAP connection to push/pull messages between a phone in UAE and an IMAP server that’s not inside the UAE government’s scope of control

    ????

    Perhaps things are being driven by clueless bureaucrats that heard noises about “RIM secure protocols” that don’t grasp that open protocols can still secure data against those bureaucrats’ desire to read it.

    But that assumes more stupidity than seems safe.

    It seems more likely that it’s a “shakedown” that’s of an economic nature, in much the same way that noises by nuclear powers get called ‘saber rattling,’ as they’re weren’t notably desirous to nuke each other ’til they glow.

  2. I think MeeGo does not have to provide Security.

    But it hase to give me the opportunity to use an SSL encrypted IMAP connection, use the webmailer on my own server via https and encrypt data on my device with third party (free) software like TrueCrypt or encfs. If I can encrypt the whole system or home partition (as I do it always with my laptops), the better. I also need to encrypt my email using GnuPG. For copying data in a secure way, I can use scp.

    I don’t think, open protocolls mean no security. The possibilities I see, using MeeGo are more, than fixed to one service offered by Nokia or Intel.

  3. Also missing from Maemo and Meemo is support for Lotus Sametime while using the built-in instant messenging client. There are plugins (haze) in extras(-devel?) but they just manage to crash.

    “Enterprise ready” phone without Sametime support? Lol.

  4. Proprietary system can’t be secure, by definition. Because YOU and cryptographic experts just can’t check if everything implemented correctly and without backdoors. Then you can’t check how your data (including sensitive ones) are handled and due to proprietary nature of system, you can’t set up your own server running only open (and therefore trusted) software (which you or independent experts can audit) in your enterprise. So, imho RIM is cheating when mumbling about security in hope to fool incompetent people.

    • I don’t follow your logic at all. Literally nothing you’ve said seems true to me.

      I don’t have to build in backdoors to my proprietary software.

      I can absolutely check how my data is handled.

      I can absolutely set up my own server running open (open != trusted) software.

      I can absolutely have independent experts audit my software if I wish (NDA anyone?).

      • allnameswereout

        “I can absolutely check how my data is handled.”

        Are you kidding?

        In some way the US government and RIM have a deal about the issue UAE (and other governments) are worried about. We do not know the details of the deal.

        In a top-down hierarchy you must know the right people in order to get things down.

        In a bazaar-style hierarchy anybody with the right intelligence can be hired by you to fix the problem.

        One is good for transparency, freedom, and economy. The other one isn’t.

        Now, we are not able to figure out the client, the network, nor the server on RIM products since we do not have the source.

        However, if we run an open source client we are free to pick another, we can debug the client on our open system, we cannot sniff the encrypted network, and we can pick our own IMAPS server anywhere around the world (hence following that legislation + the one where client resides). Ofcourse, the admin of this IMAPS server can be forced to to do Bad Things but you decide who this admin is, and you decide where this server is running, and which software implementation (and version and settings) of IMAPS.

        Whether you’re working for a government, an NGO, a criminal, a business, or just don’t want to be part of some kind of data mining program it is in your advantage to make above choices.

        If the secret service wants to track you they can do this via oldschool methods. They can bug your phone, your keyboard, your monitor, track where the IMEI is at (which they follow already anyway), backdoor your phone, etc etc. They’re just trying to target as many people as possible, in a lazy manner (methods I described cost more money per individual), and RIM is an easy target. The thousands of IMAPS servers out there are not an easy target though.

  5. You touched a number of quite sensitive issue here… And I’m not even sure of what’s your final point. It’s not difficult to understand that you think cryptography is for pedos and terrorists, and that free software means unencrypted data, and therefore security against pedos, and would also mean it’s bad for POTUS to use.

    First of all, an open platform like MeeGo/Maemo is the perfect place to develop your own trustworthy and advanced personal cryptography tools. I have my GPG key, and I am always puzzled that nobody seems to use it or care about it. Only FLOSS developers use it to sign stuff… But anyway, I would never trust secrets to closed tools.

    And regarding pr0n, I download my share of it and it’s not anybody’s business. No, I don’t do kiddie porn.

    And I would like to read a few more details about how was the dialog between Blackberry and UAE. Did Blackberry at any moment said something like “no, we will never jeopardize the security of out customers!!” No chance of Blackberry ever creating a different version of their products to sell there, like maybe Google accepting China’s terms? And wouldn’t this same government think about banning Meego if they found out someone made an app for sending encrypted mail? Or maybe if they learn about stuff like Tor? Will they ban Linux if some terrorist pedophile freak watch kiddie porn on a Linux machine some day down there? And what about Windows??? Is it OK because it has tons of security holes?

    The world is upside down.

    • nlw0, this whole subject is in such a state of uncertainty I’m not sure of the final point myself. That’s probably obvious from the rambling nature of the post… ;) . I’ll drill down a bit more in the follow-up but there are more unknowns than knowns, I think…

      • “nlw0, this whole subject is in such a state of uncertainty I’m not sure of the final point myself. That’s probably obvious from the rambling nature of the post… ”

        Thats the beauty of “part 1″. Your point doesn’t have to come until the “end” (even if you were trying to get one across in the beginning) and nobody is the wiser.

      • ;) Mark.

        Only problem is, I think I jumped too quick with this one. Part 2 is taking too long to gel, and I have other articles in draft…

  6. Rim will probably negotiate something that will benefit them and the UAE. Best of luck to them

  7. Well, I really tried to follow this up… but lack of progress in the MeeGo handset area and Nokia’s embrace of Windows Phone 7 derailed me. Maybe one of these days…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s