Comment Re:Back to your assertion, please provide evidence (Score 1) 107
Hi, I can help you understand many of these subjects. HIPAA as put forth by Centers for Medicare Services on behalf of the US Government has partnered with NIST to establish controls for protection of patient data. The end result being that HIPAA data is protected by FIPS-140-2 standards. PHIPA - I'm assuming the name I threw in, is the health regs modeled on the US HIPAA but used in Canada. The Ministry of Health decided to use US NIST FIPS 140-2 standards or better as well. Military uses a mix of FIPS 140-1 to 3 for normal stuff. Funny how the National Institute of Standards and tech would implement standards for the nation.
Lazy example 1 you provided is an inaccurate example, I don't think you read the last paragraph, or that you understand the difference between breaking encryption on the phone vs breaking the transmission protocol from phone to carrier. Any phone besides blackberry on the carrier to phone has next to nothing. Lazy example 1 has been mitigated by blackberry.
Lazy example 2 - Ok, that is a good example os poor implementation. But so incredibly easy to mitigate, I'm not sure why you linked it. I don't know anyone who uses blackberry desktop, not a BES server. And even if you did use blackberry desktop, your hard drive will already be encrypted to nist fips-140-2 standars if you are in this business anyway. Thanks for the link, I didn't see it. But stupid example.
Trolling? I'm open to a nice discussion, you know, what slashdot is supposed to be. IT folks exchanging information. The information I would exchange back to you - in your threat assesment of Blackberry, look at the statistics involved in risk management on this subject. The biggest risk is loss/theft of the physical device. Not backups, not data transmission. You know, #1 in the NIST/FIPS security cycle- Identify the problem.
Next line- no phone is secure. Agreed, if there are no wires and no radios, the more it is like a hunk of granite, a device is more secure. But there are more secure devices than others and I stand by my premise that a blackberry is more secure than an iphone and a google phone.
I was trying to use an easy example to show you that one device was more secure than the other with the youtube search. I guess the youtube numbers game was not a good choice to try to convince you.
I am aware of many problems with modern encryption. Most require more $ worth of GPU power than my data is worth. I'm not interested in the theoretical fun you are. I'm interested in the practical implementation of these technologies. I am also interested in protecting my company from monetary losses incurred from failing to observe federal regulations for processing patient data. I suppose the big difference is that I'm prepared for a US court, you are prepared for what, writing a book about conspiracy theory? At this point I abandon my customer service practice and move on to begging you to put your tinfoil hat back on. (don't forget to run a line to earth ground or it doesn't work)