RIM proposes crypto forum to dodge India BlackBerry ban RIM has prosed that an industry forum be established to help governments manage lawful intercept, in the hope of forestalling India's threatened ban. The proposed body would be led by RIM, but the company is clearly hoping that others will join in. There's strength in numbers and India has made it clear that Skype and Google …
With more than 600 million mobiles in India, I don't think there's the capacity to read every text message or email - or that very much of interest to the intelligence services would be revealed by doing so (far too many false positives). Effectively unbreakable encryption technology is widely available and searching for words such as 'bomb' is easily defeated by the simple us of code words, e.g. concealing a terrorist attack as wedding arrangements.
The reason security services dislike RIM is that *everything* is encrypted. If I use plain text for 99% of my messages, the 1% that are encrypted will stand out - and ordinary traffic analysis may be revealing. Similarly, if I encrypt everything but 99% of the population don't, that will again draw unwanted attention. Widescale use of RIM devices will defeat either of these types of monitoring.
It's no wonder governments (and their traditional sidekicks from the packet-inspection industry) are so leery of operations like Google and RIM owning so much of the network. Nations are going, from being providers of the Internet's backbones, to being customers of it.
For instance, while China controls China Telecom, it can buy whatever creepy hardware it wants from the likes of Arbornet, and the US government can just quietly give the deal the nod. After all, selling network monitoring hardware is just business, right? But when the likes of RIM or Google start to extend great chunks of their own networks deep into government territory (and quite patently never buy anything from any of the traditional, state-approved, network monitoring solutions) the spooks begin to panic. The lines of communication are still there, to be controlled, but they are no longer controlled by the governments.
The interesting thing, here, is that RIM has a mutual interest, with the other corporate players, in presenting a unified front against this sort of pressure, because they have a common interest in being able to provide best-in-business levels of security to their customers. Each government, on the other hand, must act in its own interests, when trying to tear down these levels of security, because their motivation for doing so comes, in part, from their desire to spy on other governments. (The UAE may call for the same rights to the data as Saudi Arabia, for instance, but their reason for doing so is that they may want the ability to read messages going in and out of the Saudi Arabian embassy, at some point.)
Time may yet come, where governments are asking for those parts of the corporate networks that THEY make use of, be put into special encrypted tunnels, so that no one else can get at it! By implication, national security then becomes a function of what service plan you can afford.
I know it's all a bit blindingly obvious, but I may as well say it anyway...
Once it becomes widely publicised that such monitoring is (or at least may) be taking place and that devices such as the Blackberry are now effectively compromised, then Jo Public will just use a local application like PGP (or whatever the mobile version of it is) to encrypt their email, or use a third-part email client that will provide encrypted connection to their email.
Not that I am of any criminal intent, but it is precisely this sort of thing that strongly discourages me from buying a Blackberry. I run my own email server with SSL connections in both directions (though the connection from my server to others isn't necessarily encrypted) mostly because I'm paranoid, and it's "fun" (in a geeky kind of way), and to stop any possible localised snooping. I don’t have much to hide, but that's not the point; like my snail-mail, my email is nobody else's business. As far as I can tell, using a Blackberry means you MUST go through their servers, and this immediately and demonstrably compromises any security that one may implement. I don’t want to give RIM (or anyone else) access to my IMAP server, and if I don’t want anyone intercepting my email. And that's a point, if the government is given access to the RIM servers then they could (and probably do) also have access to the login credentials of the customer's mail and so are free to snoop on anything in there; not just the email sent via his/her Blackberry.
Banning such devices (or blocking the email service of them) is a non-starter and will achieve nothing other than annoying RIM's customers and turning them away from Blackberries to something with some other email client with local encryption. Indeed, I suspect this publicity has already convinced some people to do exactly that already.
The thing about using a Blackberry is that encryption is *easy*, which is not the case with most encryption solutions. As someone who runs your own IMAP server, you've already identified yourself as outside the run of normal users; that option is either not available or not appealing to most people. Maybe they *should* care enough to do so, but they won't.
It's a question of principle, i.e. i don't want anyone snooping in on my stuff (banal to the outsider as it may be). Besides, what irks me is the fact that the people/crimes all these measures are aimed at will (a) be warned by the public debate and (b) find other ways to hide their shady business.
Trusting any web-based system for confidentiality because between the Plod/government on one side and you ob the other the Plod will always be accommodated.
Using encryption at both ends is much more less likely to be detected/intercepted or decrypted. It's what the FBI does, as well as other government agencies, using software.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
