I would fully trust an encrypted communication system only if it is (1) end-to-end encrypted, (2) open source (or at least with source code available and buildable from source), and (3) based on a sound security design. Having said that, however, you're being very hard on Research In Motion (now called BlackBerry Ltd).
From everything I read and know about RIM, the enterprise level BlackBerry systems were unbreakable to governments and the keys were generated and controlled entirely by the customers (not by RIM). The pissed-off governments demanded access and threatened to ban RIM--the market leader at the time. I think the first to demand access was India and RIM put up a years-long fight against them before they capitulated.
It's easy to say that they should have taken a principled stand and lost the market. (In a similar vein, RIM had to pay a slimy patent troll $612.5 million dollars [not a typo, more than half a billion!] by a certain deadline otherwise the judge in the case would have banned them from the entire US market until they had a trial. The patents in question were ludicrously obvious and should never have been granted. I'd like to have seen RIM take a stand and fight the troll, but I can forgive them for having chosen not to go bankrupt.)
At the other extreme of corporate misconduct, are you aware that AT&T has been giving the call records (meta data) of every person in the United States to the NSA for decades? If Snowden's info is correct, they even allowed live tapping into phone calls for every phone call that passed through their network.
Furthermore, here's a quote from the article you linked to: "RIM, unlike rivals Nokia and Apple, operates its own network through secure servers located in Canada and other countries such as Britain." I have a high degree of respect for Apple (and somewhat for Nokia), but isn't it odd that RIM was being targeted by the host country but Nokia and Apple weren't? Perhaps they had a way to monitor communications (or at least get meta data) on Nokia and Apple phones, but they couldn't monitor RIM because RIM maintained its servers outside of the country.
In summary, cut some slack on RIM. RIM did use good encryption and did put up a fight. Many other companies have done and are doing much much worse.
Those are great criteria. But I would add that it should be P2P, with anonymized addresses. Such as Tox or Ring, where users run Tor onion services.
And if there must be central servers, they should also have anonymized addresses, and the owners and admins should be anonymous. Adversaries can't coerce people, if they can't identify or locate them. Even so, having central servers is a weakness to be avoided.
Just as with RIM:
> RIM, unlike rivals Nokia and Apple, operates its own network through secure servers located in Canada and other countries such as Britain.
Those were not secure servers. Because RIM was coerced into compromising them.
The issue here is not that other companies have worse security, we can rightfully assume thats true. The issue here is that by specifically releasing the keys to such a gov't they could have put peoples lives in danger that specifically relied on their lauded security and encryption.
So I agree with you fully, but I also do not have to cut them any slack as what they did was shitty.
I hadn't seen that story, thanks for linking it. Just to clarify, that story is about consumer BlackBerrys which were known to be insecure, where the keys were at the mercy of RIM's willingness to protect them.
I was talking about enterprise BlackBerry systems being unbreakable to governments. That story does not contract this. However, it's saddening to hear that RIM apparently coughed up the keys for consumer BlackBerrys even though it didn't face an existential threat. If they had refused, I doubt that they would have been banned in Canada, being their home turf and a darling of the Canadian industry at the time.
I believe you are correct. Blackberrys connected to a BES were end-to-end encrypted before that became mainstream. The key was only stored on the device and on the server.
For consumer services the story is very different.
From everything I read and know about RIM, the enterprise level BlackBerry systems were unbreakable to governments and the keys were generated and controlled entirely by the customers (not by RIM). The pissed-off governments demanded access and threatened to ban RIM--the market leader at the time. I think the first to demand access was India and RIM put up a years-long fight against them before they capitulated.
It's easy to say that they should have taken a principled stand and lost the market. (In a similar vein, RIM had to pay a slimy patent troll $612.5 million dollars [not a typo, more than half a billion!] by a certain deadline otherwise the judge in the case would have banned them from the entire US market until they had a trial. The patents in question were ludicrously obvious and should never have been granted. I'd like to have seen RIM take a stand and fight the troll, but I can forgive them for having chosen not to go bankrupt.)
At the other extreme of corporate misconduct, are you aware that AT&T has been giving the call records (meta data) of every person in the United States to the NSA for decades? If Snowden's info is correct, they even allowed live tapping into phone calls for every phone call that passed through their network.
Furthermore, here's a quote from the article you linked to: "RIM, unlike rivals Nokia and Apple, operates its own network through secure servers located in Canada and other countries such as Britain." I have a high degree of respect for Apple (and somewhat for Nokia), but isn't it odd that RIM was being targeted by the host country but Nokia and Apple weren't? Perhaps they had a way to monitor communications (or at least get meta data) on Nokia and Apple phones, but they couldn't monitor RIM because RIM maintained its servers outside of the country.
In summary, cut some slack on RIM. RIM did use good encryption and did put up a fight. Many other companies have done and are doing much much worse.