India's government has given up pestering RIM and is now asking the country's network operators to provide lawful intercept capability, despite their inability to do so. Having demanded that Research In Motion provide access to BlackBerry communications, and seen several deadlines pass without the issue resolved, the Wall Street …
Route all enquiries by the Goverment about incterception to a call centre miles away where noone understands their accent.
Most operators already....
Route all enquiries <snip> to a call centre miles away where noone understands their accent.
So what are they doing to demand next? That all ISPs must intercept all types of SSL communications? May as well get on the case and start banning HTTPS, IMAPS, all forms of PGP, etc etc etc right now, because that simply isn't going to hapen, regardless of how hard they try.
They are clealry not living in the real world.
They clearly live in a real world
However in their real world an IT person is not supposed to say NO as an answer to a question.
Intercept of SSL is easy
SSL intercept is easy as many companies are already doing by routing traffic through a BlueCoat i.e. man in the middle attack. Could be done very easy by ISP's
Don't think so
If both client and server have their own keys (determined before-hand) then MITM won't work.
Give them the traffic
The encrypted traffic - there ya go boss, intercepted 100%
And then they just get a nice sized GPU enabled cluster to do a brute force break of the key.
Oh wait. This is India, not the NSA.
If you have nothing to hide, you have nothing to fear
But we want the right and ability to read it anyway, just on the offchance?
Why not provide the govt with the encrypted emails - still encrypted. It won't do them any good but at least you have provided what was requested.
It can be argued in either way, but had this been the U.S. government questioning under a security threat 'bending over' would have been mandatory (with bonkers and why not a rudimentary suggestion) eh? It is called the power of polite persuasion..
Perhaps half the problem here is a cultural one - I know in my dealings with India you quite often get people unable to accept a no. They seem to think it means you do not want to do it, rather than you cannot do it.
Anon, cos some of those guys are probably looking at this site
Madness/Cultural issue ?
@AC and there was I thinking it was common PHB ignorance, coz I see it from yank managers, WASP/materialist often. Seems the suits from any big org think that techs say no for the fun of it, not because of physics, resources, technical feasibility and other such trivia. We all get this; the PHB who thinks yelling/nagging/insulting us at 02:00 local time will make the problem go away.
You can't have dealt with many indians then. You may even have made a valid point but what's the fact that they may be looking at this site got to do with your anonymity ?
Scared they might stick a fatwa on your arse ?
That's the other brown guys you're thinking off.
Clearly there are no limits to your ignorance.
well, it could be because (s)he has to still deal with them in the morning, and if they read it and realize it's him/her they will be harder to deal with then normal.
oh, no, you must be right, (s)he ignorently must confusing indians with Iranians.
screw RIM, it's only those manager bozo's who use BB anyway.
i think part of the problem has to do with RIM being a Canadian company. canada didn't exactly do it's credibility any favours when they deliberately botched the Kanishka bombing investigation.
say what you want, when it comes to matters of national security, india has as much right as any other western (read white) nation to do all it can to protect it's citizens. now if RIM cannot appreciate this, they are free to leave.
encryption, yeah, I nos it.
India can demand anything they want, It doesn't mean the RIM has the ability to provide it. They might as well be asking you to provide the keys.
RIM is incapible of providing the keys because they do not have them. Every western nation understands that you cannot ask someone for something they don't have, if you (and india) do not understand that you (and they) are free to be mocked by those of us who live in the real world.
mock all you want son..
"As you know in Canada, when the police or security agencies present evidence to a judge and obtain a warrant, they are able to intercept telephone calls and other forms of communication,"
those are words from Peter Van Loan, google him in your "real" world to know who he is.
the issue is that the indian agencies want real time access and not access after getting a court order. their argument is that they need to prevent terrorist attacks *before* they happen and people are killed.
btw, it's "incapable". i'm assuming you know how to spell in your "real" world?
and wtf does RIM NOW have to do with the screw-ups that were our security services 26 years ago?
ohh... "son" I see what you did there!
Yes, they can intercept anything they want, and they end up with an encrypted bitstream. Your point?
RIM only has the keys to the bitstreams going to servers they own. Which India has been given the rights to access. They do not have the user-configured keys. India is telling RIM to provide keys they do not possess.
As long as we're picking nits, your period should be inside the quotes, and you need to capialize the first letter of each sentence.
Regarding SSL intercept, Blue Coat requires the installation of a client side root certificate in order for the client to trust the emulated certificate from the SSL proxy server.
If this is the case then surely if this was being done at the ISP level there would have to be some collusion with certificate authorities and/or OS developers to get around the certificate trust issue? Either way you skin it the SSL proxy has to make itself part of the SSL certificate chain and doing this without alerting the user could be difficult. It's easy on an enterprise network where end ponts are under your control and managed by policies but how would this work on a distributed public network where the end points are out of your control?
@Anonymous Coward - SSL Intercept requires a client side root certificate to be installed on the client device for the intercepting server that is emulating the original SSL handshake. My understanding is that Blue Coat SSL Proxy admins must install these client side root Certs on their users machines to make the process completely transparent. If a Government wanted to do this then surely they would need the compliance of OS developers to ensure the necessary root CA's were pushed to the client machine? Otherwise they are gonna get a security warning relating to an invalid trust with the server certificate?!
I think it would be difficult for SSL to be intercepted completely seamlessly by an ISP alone without any client side interaction to trust the emulated cert produced by the intercepting server.
- Updated Microsoft Azure goes TITSUP (Total Inability To Support Usual Performance)
- Review Apple takes blade to 13-inch MacBook Pro with Retina display
- Munich considers dumping Linux for ... GULP ... Windows!
- Game Theory The agony and ecstasy of SteamOS: WHERE ARE MY GAMES?
- Pic iPhone 6 flip tip slips in Aussie's clip: Apple's 'reversible USB' leaks