Feeds

back to article India: We DO have the BlackBerry encryption keys

Indian government officials have apparently claimed that Research in Motion has handed over the skeleton keys used to encrypt BlackBerry communications – once again ignoring the fact that such keys don't exist. The Times of India has reported that RIM "agreed to hand over its encryption keys" to the Asian nation, and allowed …

COMMENTS

This topic is closed for new posts.

Aren't you confusing BES and BIS servers? The Consumer/Public portion of RIM's network is the BlackBerry Internet Server (BIS). It is an entirely different creature to the BES.

0
0
Stop

BES for BIS?

I didn't think the BlackBerry Internet Service (i.e the stuff consumers use) was a BES server, or at least, not in the same respect companies have them? BIS has a much smaller subset of services that runs as a black box as far as users are concerned?

0
0
Facepalm

How do they "not" exist...

There *IS* keys for the BES in Canada; as well as the one in the UK.... the keys exist;

Maybe RIM has lost/destroyed them but they existed at some point.

0
7
Devil

Re: How do they "not" exist...

Otherwise, the company which sees security as its last standpoint is storing users data in plain text...

Forgot to point that out in the original posting ;D

0
1
Bronze badge
Mushroom

Re: How do they "not" exist...

As the article indicates,

1. if they set up a Blackberry controlled communication server (whether it's called BIS, BES or something else) in India that handsets not using their own BES communicate through and

2. if Blackberry hand over the decryption keys to that server

then yes, Indian government has the "master keys".... to a limited (but probably still sizable) subset of all handsets.

It's just that any miscreant with any ounce of sense would run his own server to avoid that.

0
0
Silver badge

The Indian government is trying to reassure its population

Wouldn't that be rather a two edged sword?

This might be reassuring to the technophobe "conservative" type of voter who would probably rather wish that the whole electronic revolution since the wireless set had never been invented.

To the typically younger. more affluent modern Indian this is likely to be as reassuring as having security cameras installed in every changing room.

5
2
Anonymous Coward

Re: The Indian government is trying to reassure its population

I wouldn't be all that surprised if someone did propose cameras in changing rooms.

A few years ago, the police in the north Indian town of Shimla suggested that all hotel rooms (and there are a lot) in the old Raj summer capital be fitted with webcams to allow the cops to catch 'miscreants' in the act. They didn't specify what "the act" was, but broadly inferred thieving by staff.

After a very loud public outcry, the plan was hastily dropped, not least as it came only a couple of years after a minor scandal in which a series of CDs came to light featuring "local" girls getting rogered in hotel rooms, unaware their boyfriends were using hidden cameras to catch the action, with the results selling like hot cakes under the counter on local market stalls under titles such as "Miss Shimla", "Miss Kullu" etc. Some of those involved eventually had their collars felt, including (to no ones real surprise) one or two cops, although I think they mysteriously managed to avoid court in the end.

Indian cops, electronics and surveillance don't usually add up to "reassuring", and the population know it.

13
0
Silver badge
Unhappy

Re: The Indian government is trying to reassure its population

The indian government's history is repleat with lies, hyperboly and general mis-information...

Its probably one of the most corrupt governments in the developing world.

Talking of which, didn't i read about a mars trip sometime in 2014? How can the government afford such a luxury when millions of its population is living in abject poverty without basic sanitation. More importantly, why are we still sending millions of £€$ in aid. In aid of what, claiming potential resources on a distant planet??

Stinks of shit big time stylee IMHO.

10
0

Re: The Indian government is trying to reassure its population

That the Worlds Largest Democracy is also the one with the most corruption should not be that surprising. All large bureaucratic systems (be they notionally democratic or otherwise) have large problems. I doubt that I know 5% of what the UK government is doing though so I cannot make much comment about a government 1/3 of a world away.

3
0
FAIL

Re: The Indian government is trying to reassure its population

They didn't specify what "the act" was, but broadly inferred thieving by staff.

Implied, not inferred.

7
0
Bronze badge

The Indian government is probably one of the most corrupt governments in the developing world.

Worse than Britain under Blair or USA under Bush?

Yes. Because India did all their dirt at home. Blair only corrupted his legal advisers and kept some 300 people in the dark long enough to get what he wanted, trousered by the USA; fondled gently in the little linen folds hanging beside the genitalia of a monkey.

And Bush only had to stay out of the drunk tank long enough to appear sober, to get what he wanted: All the bananas.

3
3
Silver badge

Re: The Indian government is probably one of the most corrupt governments in the developing world.

I'm not saying the UK and USA governments are innocent, but how much finicial assistance do we recieve from India???

1
0
Anonymous Coward

Re: The Indian government is probably one of the most corrupt governments in the developing world.

Methinks you're understating a tad the nefarious activities of Mssrs Blair and Bush. As far as I can see there appears to be cause for inviting them for a grilling in The Hague.

Both actively lied to their government by knowingly "sexing up" intelligence reports into something that would support a war, and both were not above going after people who dared to voice the truth (Valerie Plame, David Kelly)..

3
1
Anonymous Coward

Re: The Indian government is trying to reassure its population

I think you'ļl find that some bureaucracies are worse than others, regardless of size.

Seems that developing (or previously developed) countries are usually the worst....

http://www.transparency.org/cpi2010/results

0
0
Silver badge
Black Helicopters

The Semantics Game

If the keys/backdoors didn't exist then I think it would be safe to assume that the FBI / CIA / NSA would never have allowed RIM into the states.

Whether or not a set of encryption keys actually exist is of no importance, the importance lies in the fact that the communications can indeed be intercepted and read by the powers that be.

2
4

Backdoors

> RIM has resolutely resisted informal requests to create a back-door in their software

How do you know that? Have you seen the source?

2
3
Joke

Electricity

They've no power anyway, so what difference does it make?

3
0
Silver badge
Facepalm

How It Actually Went

Government Lawyer: We need the Blackberry encryption keys.

RIM India: Sorry we can't give you them. They're owned and generated by each individual organisation that uses our sof...

Government Lawyer: I don't care about that. We *need* the keys.

RIM India: But I told you we don't have...

Government Lawyer: Let me put it this way; give us the keys, or go to prison.

RIM India:I don't... well [thinks for a second] um, okay, here are the keys.

Scribbles random characters on a bit of paper and passes it over to the lawyer

Government Lawyer: See how much easier things are when you co-operate with us?

RIM India: *sigh*

23
0

Re: How It Actually Went

You're forgetting the 16 forms that would need to be signed in triplicate by random government employees that only accept the ‘official’ bribes on the second Tuesday of every month that are needed to request permission to attempt to threaten a prison sentence.

4
0
Silver badge

Re: How It Actually Went

Or more likely - RIM offshored their operations to an outfit in India and somebody wrote the keys on a whiteboard

2
0
Silver badge
Facepalm

Probably someone in the Indian Government thought "Well if we *say* that we have the encryption keys, maybe that will put people off using Blackberry which we can't monitor and get them using something we *can* monitor..."

9
0
Anonymous Coward

@Graham Marsden

That's exactly what I thought!

3
0
Stop

Real Criminals Use

GnuPG.

http://www.gnupg.org/

But yeah, *maybe* the 30-virgings-waiting-in-paradise guys are too stupid to put that onto an eeePC.

Have fun, Indiagov to "get the keys" for that setup.

0
0
Anonymous Coward

Re: Real Criminals Use

Sorry, I read GNU and 30-*-virgins and inserted "year-old" in there.

1
0
Silver badge
Trollface

Re: Real Criminals Use

I think there are 72 virigins?

Maybe Hindu terrorists (of which India has a share) just get 30. Shame.

0
0
Silver badge

Re: Real Criminals Use

Where are all these virgins coming (no pun intended) from and, more importantly, how do i get there?

0
0
Silver badge

I'm sorry, but....

every Blackberry enabled device runs software managing its keys which belongs to Blackberry. They can easily just send the keys out or use a fixed standard key.

Besides even if you don't accept that RIM might be malevolent, getting the keys to the largest RIM and or Privider run BES is already enough to catch 99% of the people. People who know about security most likely use IMAP4 of their own servers anyhow.

0
2
Silver badge
FAIL

What we have here is a failure to communicate...

1 - Where do these stories come from? The press.

2 - If a reporter needs a story, how easy is it for him to find a friend who works for the government in some minor capacity, and get him to say, off the record, that the government can do 'x', where 'x' is anything? Very.

3 - story delivered.

4 - profit...

1
1
Anonymous Coward

Easy solution

India can just buy the rapidly shrinking RIM and install a back orifice.

0
0
Anonymous Coward

Oh puhleeze - just read the ANY telecomms license.

EVERY official telecomms operator in the world has to obtain a license to operate, and all those licenses demand legal intercept capability. If the company wants a license it needs to comply, if it doesn't it is in breach of license and can, worst case, be shut down.

Ergo, any kit they install and any service they offer MUST be backdoored in a controller way or they don't even get to run it - so why would RIM based services suddenly be exempt? Answer: they are not, but it's a nice illusion to sell.

If the relevant Indian telco doesn't have insight in RIM traffic they will get RIMmed by their government - if it's a government organisation (don't know how India runs its telecomms) the question is already academic. It's kinda cute that RIM wants to keep up the illusion, but every government service in the world uses their own keys and servers, and their Blackberries are not going to use the default blackberry.net (nice route to global intercept, btw).

You don't even need to see the technology, just look at the license conditions. Do you really thing telco's will forego their massive profits for something as trivial as your privacy? Not a chance.

1
0
Silver badge

Re: Oh puhleeze - just read the ANY telecomms license.

> legal intercept capability

Sure, the UK government demands legal intercept on my Internet connection. That doesn't mean they can easily see my https conversations with the bank, it certainly doesn't mean they can easily see my SSH conversations as I call home from around the world.

All the legal intercept would give is the cipher text and some traffic details.

0
0
Anonymous Coward

Re: Oh puhleeze - just read the ANY telecomms license.

Well, 3GPP TS 33.106 is still in draft: http://www.3gpp.org/ftp/Specs/html-info/33106.htm

0
0
Anonymous Coward

Consumers are issued a key by RIM

> "Consumers are issued a key by RIM"

So what keys are these? And what is the use of it if not for encryption/decryption. And if it is for encryption then there has to be something at the other end to decrypt it.

0
0
Anonymous Coward

Re: Consumers are issued a key by RIM

Maybe they were just the keys to the khazi, they just got a bit confused. Incidentally, does the Mars Mission have an inside toilet, or are they just gonna squat near some old rail lines ..... ahh... perhaps not ...

0
0
Bronze badge

Dilemma

If India really did have such a key, you'd expect them to keep quiet about it so people would continue using it in a vain attempt to protect secrets from them. On the other hand, if RIM *did* have a master key or some way of generating one, we'd expect them to deny its existence for similar reasons...

With the tight network integration, even BES still involves RIM-controlled servers in the traffic. Now, that might be a purely opaque encrypted tunnel, with the RIM kit only knowing which BES server a handset is contacting, and vice versa, but since it's a proprietary protocol, who knows? With a tame CA, you can do a man-in-the-middle 99% of people won't be able to detect: how do we know there isn't some equivalent in the BES/BIS protocol, allowing the Indian government to have the equivalent of a wildcard SSL certificate?

Ultimately, either the Indian government is lying and doesn't really have the key, RIM were lying to them and provided a duff key, or they really do have a genuine working key. The middle option should become obvious as soon as they try using the duff key and crack down on the handsets and RIM themselves...

0
0
Anonymous Coward

This is the same country that wants foreign companies to use POTS and not IP telephony between private PBX units for example for phone convos between Indian and other country offices, so that their telcos will make more dough, of course everyone ignores them ;)

0
0
This topic is closed for new posts.