Operators should...
Route all enquiries by the Goverment about incterception to a call centre miles away where noone understands their accent.
India's government has given up pestering RIM and is now asking the country's network operators to provide lawful intercept capability, despite their inability to do so. Having demanded that Research In Motion provide access to BlackBerry communications, and seen several deadlines pass without the issue resolved, the Wall …
So what are they doing to demand next? That all ISPs must intercept all types of SSL communications? May as well get on the case and start banning HTTPS, IMAPS, all forms of PGP, etc etc etc right now, because that simply isn't going to hapen, regardless of how hard they try.
They are clealry not living in the real world.
@AC and there was I thinking it was common PHB ignorance, coz I see it from yank managers, WASP/materialist often. Seems the suits from any big org think that techs say no for the fun of it, not because of physics, resources, technical feasibility and other such trivia. We all get this; the PHB who thinks yelling/nagging/insulting us at 02:00 local time will make the problem go away.
You can't have dealt with many indians then. You may even have made a valid point but what's the fact that they may be looking at this site got to do with your anonymity ?
Scared they might stick a fatwa on your arse ?
That's the other brown guys you're thinking off.
Clearly there are no limits to your ignorance.
Regards
an indian
screw RIM, it's only those manager bozo's who use BB anyway.
i think part of the problem has to do with RIM being a Canadian company. canada didn't exactly do it's credibility any favours when they deliberately botched the Kanishka bombing investigation.
say what you want, when it comes to matters of national security, india has as much right as any other western (read white) nation to do all it can to protect it's citizens. now if RIM cannot appreciate this, they are free to leave.
India can demand anything they want, It doesn't mean the RIM has the ability to provide it. They might as well be asking you to provide the keys.
RIM is incapible of providing the keys because they do not have them. Every western nation understands that you cannot ask someone for something they don't have, if you (and india) do not understand that you (and they) are free to be mocked by those of us who live in the real world.
"As you know in Canada, when the police or security agencies present evidence to a judge and obtain a warrant, they are able to intercept telephone calls and other forms of communication,"
those are words from Peter Van Loan, google him in your "real" world to know who he is.
the issue is that the indian agencies want real time access and not access after getting a court order. their argument is that they need to prevent terrorist attacks *before* they happen and people are killed.
btw, it's "incapable". i'm assuming you know how to spell in your "real" world?
Yes, they can intercept anything they want, and they end up with an encrypted bitstream. Your point?
RIM only has the keys to the bitstreams going to servers they own. Which India has been given the rights to access. They do not have the user-configured keys. India is telling RIM to provide keys they do not possess.
As long as we're picking nits, your period should be inside the quotes, and you need to capialize the first letter of each sentence.
Regarding SSL intercept, Blue Coat requires the installation of a client side root certificate in order for the client to trust the emulated certificate from the SSL proxy server.
If this is the case then surely if this was being done at the ISP level there would have to be some collusion with certificate authorities and/or OS developers to get around the certificate trust issue? Either way you skin it the SSL proxy has to make itself part of the SSL certificate chain and doing this without alerting the user could be difficult. It's easy on an enterprise network where end ponts are under your control and managed by policies but how would this work on a distributed public network where the end points are out of your control?
@Anonymous Coward - SSL Intercept requires a client side root certificate to be installed on the client device for the intercepting server that is emulating the original SSL handshake. My understanding is that Blue Coat SSL Proxy admins must install these client side root Certs on their users machines to make the process completely transparent. If a Government wanted to do this then surely they would need the compliance of OS developers to ensure the necessary root CA's were pushed to the client machine? Otherwise they are gonna get a security warning relating to an invalid trust with the server certificate?!
I think it would be difficult for SSL to be intercepted completely seamlessly by an ISP alone without any client side interaction to trust the emulated cert produced by the intercepting server.