RIM has only hours left to achieve the impossible, with the Indian government reiterating threats of retaliation if it's denied access to corporate emails tomorrow. The Indians gave RIM until the end of January to provide lawful intercept capabilities to emails sent from BlackBerry handsets, and since then has been pointedly …
So much for "example of a developing democratic state"
Seriously, I hope this backfires right in the face of India. Corporate email *should* be private within that company.
If the government want to snoop, then they should get a court order to do so, or monitor emails leaving the company only (which is what China do).
Are they demanding companies give them access so they can monitor emails flying over Exchange Activesync (also encrypted between server and handset)?
I really hope that the government suddenly discover that their own BB servers suddenly fuck up and back down. Wankers.
If only it applied here
After write my MP about the police attempting to get data out of google without a court warrant, I have found out that the data protection act has get out clauses for them, and they are well within their rights to order companies to hand over our data provided that have made up the just cause. So show you want the data protection act is good for.
This isn't news
You didn't think that the Data Protection Act was intended to hamper law enforcement investigations, I suppose? There are exemptions available for investigations, and for national security, if one can get a minister of the Crown to sign up for them. The protections are good enough to stop the police from undertaking mere fishing expeditions.
Re: If only it applied here
"After write my MP about the police attempting to get data out of google without a court warrant, I have found out that the data protection act has get out clauses for them"
Well yes, if you keep your data in the Cloud, don't be surprised if it's hard to keep control over it. If you want to keep your data private, keep it on your own machines.
If plod wants to see it they'll then have to ask you for it. Yes, you may still have to let them see it, but at least you'll know they want it, and that alone might even put them off asking in the first place.
Seems reasonable to me...
If a large group of people are using an encrypted communications network outside your borders, but you require the ability to lawfully intercept their communications for the prevention and detection of crime or economic intelligence gathering... then your only option is to restrict the use of encrypted communications across your border (or bug all the devices involved).
Otherwise, you are (effectively) tolerating the ideal communication solution for international crooks, drug dealers, spies, and terrorists. Buy an enterprise Blackberry server licence, escape unwanted surveillance.
Which is a remarkable co-incidence because that'sexactly the same reason why legitimate business might use Blackberry products.
What a dilemma.
a dilemma for the stupid politicians in charge... hell yeah
Indeed a dilemma. But it's not upto politicians to tamper with the tools used. I mean are you taking Ford to the courts because some bankrobbers used a ford to rob some bank? Or even worse, is the goverment suing a weapons manufacturor because some citizen used a gun from that manufacturor to shoot someone else?
The fact is that India is divided between the filthy rich and utterly poor. This is the best soil to create terrorism, anarchy and chaos. Again this shows how far off politicians live and think these days. They completely lost touch with their ppl so the only way to control the ppl is to restrict their freedom. Banning internationally acclaimed communication services will only create economical problems and make matters worse.
Also don't forget that the rich Arab-community have much more money to force RIM todo something they want. The Indian government isn't as financially well-equipped to enforce these things. So they will fail. If the Indian government really wants to enforce things upon RIM it's best that they seek allies in their quest and do things at much larger scale (globally/ pan-european/pan-assian or whatever).
But that's just my thought.
'but you require the ability to lawfully intercept their communications for the prevention and detection of crime or economic intelligence gathering'
If you want to lawfully intercept my private communications to get detect a crime which you think I am committing get a court order, otherwise go f*** yourself. If you don't think I have committed a crime but just want to do some 'economic intelligence gathering' you be told to go f*** yourself whether you have a court order or not (since when has that ever been legal in any sane democracy?).
The government does not have the right to enter your home or tap you phones just because it bloody wants to. It should be the same for electronic communication.
India will fail?
Surely they'll do just like every other governments do and make it illegal, go after those companies and individuals they can who then facilitate illegality.
India doesn't have to force RIM to do what it wants, it just has to prevent RIM doing what the government doesn't want. They can make ownership of devices illegal and presumably RIM have some sort of infrastructure that can be powered-off and have padlocks put on the doors.
What a dilemma. Not
Whatever happened to Innocent until proven guilty? Also using encrypted communications maybe to protect them from other companies or media.
Just look at the levels the murdock papers will stoop to!
re. Seems reasonable to me...
WTF is "economic intelligence gathering"? And how might it ever be lawful to obtain it?
And how would you "restrict the use of encrypted communications across your border"? Block the HTTPS port?
They are accusomed to locally designed and implemented software
They are simply not accustomed to:
1. A request on an IT matter being given a NO answer
2. A system designed properly with proper audit of the design
3. A system implemented properly with proper audit of the implementation
I guess someone needs to explain to them the cultural differences and the consequences from said cultural differences when applied to products.
It is a pity that even if someone tries to explain that to the Indian government, none of our best beloved blue chips will pay attention to the explanation and why it was necessary in the first place.
"In Greek mythology Sisyphus (pronounced /ˈsɪsəfəs/; Greek: Σίσυφος Sísyphos) was a king punished by being compelled to roll an immense boulder up a hill, only to watch it roll back down, and to repeat this throughout eternity. He is also found in Roman mythology."
If you ban RIM, you should consider banning all other half-brained cellphone like the Nokia 6300. I have technology in my bedroom that will drive the folks at NSA nuts and all it needs is a 6300 or something equivalent.
Not yet intimidated ?
Think of Feistel Ciphers with function F() being *user-defined*
Each cryptogram would have a different, user-chosen function F(). Not just a different key, not just secret s-boxes. Maybe s-boxes, but maybe
So you better ban any cellphone which can perform GPRS. Nokia 6300s are much cheaper than BBs, but they can perform the above for any text message of 1000 bytes in a second.
RE: Dear India
Maybe in the Feistel cipher's s-boxes, simply take the bitstring down, flip it and reverse it?
The Feistel Function F() can be any function. Many functions would be stupid, though:
F(x) = x
IDEA does not use s-boxes whatsover, yet it is considered quite strong. But the class of functions F(x) using s-boxes is actually a small subset of all functions. Important, but not all. Keeping the s-boxes secret and make them part of the key is the idea of the GOST algorithm.
DES/3DES have been weakened on purpose.
RE: @colinm: Feistel
Alas my obscure xkcd comic references (http://xkcd.com/153/) appear to be too obscure...
I forgot to say
..that I do not intend to release this thing, as it could help people I do not like. But if the governments really want to break the truce with the software community, they can certainly get what they want. Not three ciphers to break (DES, AES and RC4), but say, three billion ciphers.
Keep the status quo and the software people will also keep it.
...pass a law demanding that companies hand-over crypto keys for local services. Or, that such keys must be handed over upon request and that failure to do so is (in itself) an offence.
That'll work, won't it?
Herp derp derp
I have just one thing to say to these pencil-pushers:
So this is the same India that all of the consumer supplier companies have outsourced...
...account management to?
The same companies that have our bank details, date of birth, address etc?
So it seems that those indian call centres of which there are many may not be so safe after all
More than a handful of my mates in India have pointed out this interesting conundrum: just about every Indian businessman, politician and 'anyone of influence' uses an encrypted Blackberry service.
So if RIM are indeed punished by having their services taken down, it is exactly those same enforcers that will cut off their own noses.
They may be wrong, but all the connected Indians I've spoken to think their Government is bluffing and that RIM have nothing major to fear.
The next thing you know...
The Indian government will want to have a tap on my two tin cans and a string. That is where this is going.
I'd put up a "Joke Alert" icon, but as things are going it doesn't seem that way!
Indian Government listening
Since they are so intent on gaining access to RIM communications, it makes you wonder what other communications they are already intercepting. Name a call centre industry they don't provide ?
It makes AC wonder.......
AC wrote "it makes you wonder what other communications they are already intercepting. Name a call centre industry they don't provide ?"
Hmm......... And what percentage of contacts with Indian call centres result in a satisfactory resolution of the problem giving rise to the call?
The charitable write the experience off to the crass incompetence of the call centre staff.
The cynics doubt whether with all their investment in technology India is capable of using any significant proportion of it to good effect. Lots of uncoordinated activity of questionable value and to no apparent useful purpose.
Cargo cult country
India is like one of those south sea cargo cults but scaled up to country size. It's got all the trappings of a real country yet in fact it's just a cess pit full of idiots who think that red tape and government bureaucracy will make them appear efficient. This is them throwing their toys out of the pram because they don't think RIM is taking them seriously enough and giving them enough respect as a sovereign nation.
It's similar to the problem with Indian outsourcing
It's similar to the problem with Indian outsourcing - a lot of the people concerned don't really understand the technology or what it is used for.