Indian telecoms secretary Siddhartha Behura has confirmed the country is not seeking a ban on the use of BlackBerrys, as the government continues talks with operators about lawful interception. The suggestion that RIM's emailing handheld might be banned from the subcontinent surfaced last Friday when Tata Teleservices was …
Strong encryption vs Random Garbage
Making it a crime to not reveal the key to encrypted material is ultimately still a futile exercise.
The mere possibility that the file could be a piece of garbage generated by a random number generator raises too many loopholes.
So I have received a file containing a lot of apparently random numbers form a person that cannot be traced (say someone working behind a spoofed email address).
- If this file is truly garbage, there is no way in the world for me to provide a key that makes it readable, so I would go to jail. - the perfect way to frame en innocent person.
- If the file is actually an encrypted message, this will only be revealed if I provide the correct key. I can have a seperate key that I use for all other communication, which will not open this file. I can claim that it must be some random garbage sent to me to frame me. If you want to build a stronger case for this argument you get somebody to start sending anonymous messages with random garbage to random people just so you can hide in the crowd.
So governments frantically insisting that nothing is encrypted, only really works if you they don't care that they are putting innocent people in jail.
If only RIM were to offshore in India
may be India is not used to having things not being done under its jurisdiction, that must seen as a sin to rely on foreign tecknologies.
Hang on, just a second...
So does that mean that all the data coming in and out of Indian Call-centres is unencrypted? My Bank Details, Credit Card Details, Health Records, Phone Records. The Full Monty. And it's done that way so that a foreign government can intercept easily? MY Government needs (allegedly) a warrant to do this, but a country that is in direct competition for our jobs gets it on a plate?
Any further comment is redundant. Just like we will be...
Doesn't the Data Protection Act require that all data that leaves the EU/UK go only to 'Safe Harbours'? Surely, that implies decent encryption
Paris = Puzzled.
...what about our data handled by call centres? - How is it secured in the light of this?
So I think my Blackberry comms might be safe from both Mexican and US prying eyes.... and given the increased surveillance on part of the Mexican gov't, that might be even better.
I'd be concerned though ... why would the Indian gov want so much control on this?
RIM isn't able to decrypt, even if they wanted to
This Indian government doesn't understand how blackberries work (neither did the French government when they tried to ban them).
If you use the Blackberry Enterprise Server (and you should), the handheld & server exchange keys without anyone else ever having them.
RIM and the mobile carrier just the carry the encrypted message - RIM can't decrypt it even if they wanted to. RIM could be located in India and it wouldn't make any difference. RIM never has the keys.
The blackberry platform has been audited from end-to-end by NATO and the governments of the USA, Canada, Austria, UK, New Zealand and Australia. It is a very solid platform.
The Indian government simply doesn't want its citizens to have strong encryption technology that they can't break.
The USA tried that a decade ago. It's not possible.
The possible, revised
@ AC and the impossible
it's been 10 years. the NSA has (according to some rumors) more computation capacity than the rest of the world combined. it may take up a good chunk of their resources, but if they want to, they can supposedly decrypt things other organizations can't touch. it may also take a few weeks, but i feel certain they've found a way.
BB may be a highly secure platform (use it myself), but nothing is completely proof against decryption (theoretically). the gov't of India appears to be technologically ignorant, as most governments are.
it can't be that difficult to get cooperation from Canada, they rolled over for GWBush, didn't they? India just needs to try a bit harder, and they can have their intercept. decrypting it is another matter. if they can't be bothered to develop the capacity, they'll have to live with the disadvantage. i am not at all sympathetic, and i used to be MI.
too bad, so sad, guess you'll have to rely on HUMINT. you were trained in intelligence work, first by the British, and later, the Russians; in a nation of almost a billion people, you should be doing a lot of that already.
Does anyone care??
Well, if they government want to look at my eMails, they're welcome. I'm sure they'd be fascinated by what they learn. That i'm an honest, hard-working IT tech, no threat to national security, I have a sister and a fiance to buy Birthday gifts for soon and I need to go to Manchester in the not-too distant future to fix a printer. And I subcribe to the El Reg Digests...Earthshattering....
I do sometimes think that encrypting email is rather like putting documents in an envelope marked "Top Secret". It ensures the other people know which communications are of interest and allowed them to effectively target any attacks. If you have a million emails to sort through looking for terrorist messages I think you might just start with the thousand or so encrypted ones. Nice of someone to point out which ones are worth intercepting and reading by encrypting them, wasn't it?
Of course, encryption is only half the battle. If the message is cyphered as well then what they get back (after time cracking the encryption key - which will be harder if they are looking for the "the right gibberish", rather than recognisably cohearant data) may well be too obscure for anyone other than the intended recipient to glean any accurate meaning from. Especially if the meaning is further obscured by synonyms and substitute words etc. They may well learn that "the hippo is one who ate the racing car - munch!" (meaning "the attack (hippo) is on the 18th (one-ate) of March (racing car) in Munich (Munch)". But will that mean anything to anyone?
Just a thought. I do think that higher-level encryption is, arguably, a good idea for corporate security reasons. But I also suspect it would be quite easy to just mug the bloke who holds the blackberry for it's contents. This completely compromises security and will just look like a street robbery if done properly.
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Analysis Pity the poor Windows developer: The tools for desktop development are in disarray
- Chromecast video on UK, Euro TVs hertz so badly it makes us judder – but Google 'won't fix'
- Product round-up Ten Mac freeware apps for your new Apple baby
- Review Tough Banana Pi: a Raspberry Pi for colour-blind diehards