back to article Indian gov denied BlackBerry snoop

Research In Motion (RIM), the Canadian company behind the BlackBerry handheld, has refused to give the Indian government special access to its encrypted email services. Indian authorities have previously evinced concern that terrorists or criminals might use BlackBerries to communicate free from government interception. …

COMMENTS

This topic is closed for new posts.
  1. George
    Gates Halo

    Surprising...

    It's pretty surprising that a system designed to distribute messages cannot be read at any point by anyone.

    Its no wonder when its down its down for so long...they have no idea whats going on on their network. They can't even send a test message because they can't see the content!

    And to think that no third party would be able to read the messages is a little naive.

    Bill because even he is more open than this!

  2. Anonymous Coward
    Thumb Up

    Adopt this as a standard

    "Government Interception Forbidden" should be adopted as a standard by all telecom and email service providers.

  3. Henry Cobb
    Unhappy

    Warentless wiretaps?

    I bet that Lawsuits in Motion is one of the fat cats that Bush is working so hard to protect from warentless wiretap lawsuits.

  4. Anonymous Coward
    Anonymous Coward

    Not "unreadable"...

    The encryption has been designed so that only the owner of the public key can decrypt the message easily. No encryption is ever 100% safe. However, to break a 256bit encryption, you will need some serious supercomputing horsepower.

  5. Anonymous Coward
    Black Helicopters

    Re: "Adopt this as a standard"

    I think you need a few history lessons. There's no better way to stimulate uptake of a potentially breached method of communication than to create a proxy fight between providers and the state.

    Everyone wins: the provider gets free publicity and population brownie points, the government gets its intercepted method accepted by more companies and end users than otherwise would be the case, saving it the hassle of breaking something that would be *really* secure. I have my doubts about Skype for that reason.

    Just keep an eye on this case: it won't rumble on for years as it should, it will vanish in a couple of days.

    This is the primary reasons why I've heard of a lot of companies ripping out everything US originated, to the point of even removing MessageLabs so they will no longer directly get a copy of every email message the company sends and receives (nice benefit of offering a filtering service - this is why it is so funny they filter all UK government email).

    The US government (with a good helping from MS) has totally lost the confidence of anyone intelligent doing business. They are neck deep in depth and use defaulting on it as a threat, they have no respect for privacy or any rule of law in general and somehow the world just has to agree to that. Would you do business with someone you can't respect or trust? Only at arms length, and with payment upfront..

    And not in dollars, thank you.

  6. Anonymous Coward
    Black Helicopters

    Cyphering Turned Off

    In India a few weeks ago, my nice little Sony told me that the Cyphering was "not active", good job I never talk business on my mobile!

  7. daniel
    Flame

    Smelly fish anyone?

    you know that government agencies can listen in to your phones and texts, but suddenly a secure messaging system arrives.

    National security goes ape and requests access: The supplier cannot refuse if he want's to keep on selling their kit (like they did for the French).

    So, they craft a press release informing the whole world that they refused to give the indians read access to their pushmail system, so would-be terrs and diverse baddies go and grab a blackberry.

    First of all, the government would probably request information on new blackberry lines opened in the week or so of this announcement, and secondly, of course they have access to this information - just this way,they get the idiots gullable enough to believe that they don't...

  8. amanfromMars Silver badge

    US in the Doldrums.

    "Would you do business with someone you can't respect or trust? Only at arms length, and with payment upfront. And not in dollars, thank you." ..... By Anonymous Coward Posted Tuesday 27th May 2008 10:23 GMT

    AC,

    It would be Kinder and more Beneficial to All to do business for a mountain of dollars to prove that IT can be done for nothing of any real value. The Irony in Success would be that the dollar would then be considered worthy, through no effort of its Own, which given Uncle Sam's lamentable handling of Money Supply, would be a Definite Boost.

    Give IT to somebody else to Spend Beta is Pretty Obviously Necessary, even to a Blind Man on a Galloping Horse.

  9. Pascal Monett Silver badge

    "master key" to be given to Indian officials

    So just like Lotus did with France then ?

    More of the same. Frankly, with the incredible amount of terrorists that have been caught because of their mobile phone/Internet usage, I cannot help but think that this is all just a load of crock. Give us our 2048-bit encryption keys already, if the Government is snooping on me it has a lot more to do with RIAA then with Osama !

  10. Anonymous Coward
    Black Helicopters

    RIMBLX

    "The BlackBerry security architecture for enterprise customers is purposefully designed to exclude the capability for RIM or any third party to read encrypted information under any circumstances"

    So how do they process spam!. RIM email is encrypted from the device and too the device, the stage in the middle is free form text, at least upon all the EU and US(Canadian) servers when my friend worked there - still the case. As such RIM do have the ability to dish out all emails that run thru there servers - you cant add extra encryption beyond what the device does and thats a key fixed by RIM, the only key opon the device that you have any input with is the memory encryption preventing anybody from reading the emails upon the device without it. but emails sent too and indeed from your RIM device whilst encrypted is based solely upon a key deviced by RIM. Now if they were to apply for a injunction in the UK or indeed CAN then they could legaly get access to the email of suspect A,B,C... etc. Though this is hosted email. Now 3rd party intergration will still be open, at least upto the point it hits the RIM network were it is processed by pretty standard albiet slightly modified applications like,sendmail. Indeed there spam processing would be pretty screwed if it couldn't read beyond the headers, or indeed scan attachments.

    But hey this is a company that says it does QA, which is realy debatable now isn't it,even given consumer level information.

    But hey its a system that works and compared to the rest, it works well, dosn;t mean its perfect and certainly dont mean your email is totaly safe. One could ask does the NSA have any input or control and given the number of USA high-up's politicaly who use the devices, there would have to be some form of yes answear. Now if the KGB were to ask for the key, would they get it, well nope, they wouldn't, but thats only because it would upset there `other` important customers.

    Bottom line nothing is secure - only percieved secure, simple fact of life.

    But if India realy want to know what is going on, then why dont they do what China does which is the same that the states does only there a little bit more open about how they do it.

    Now EU/UK email retention/access laws vs RIM, wonder how long it will be until RIM end up doiung a pirate-bay type hosting just to avoid govermental incompetance/shortfall. But hey catching the minority at the expense of the majority is alwaysthe govermental stance, is it not.

  11. David Pollard
    Black Helicopters

    @Daniel re:Fishy Smell

    It's all too easy to appear paranoid, but you may well be right.

    From time to time I've wondered about an episode that occurred a decade or three ago. There was a sudden vogue among users of recreational substances for dialling a certain number which purportedly tested if a 'phone was tapped. If it wasn't tapped it would ring twice (or something like that) shortly after the receiver was replaced. Was there a data-logger on the other end?

  12. Jethro
    Boffin

    please, please, please rtfm

    @ Anonymous Coward

    Posted Tuesday 27th May 2008 13:31 GMT

    "The BlackBerry security architecture for enterprise customers is purposefully designed to exclude the capability for RIM or any third party to read encrypted information under any circumstances"

    So how do they process spam!."

    BlackBerry's infrastructure for enterprise customers doesn't filter spam. Your getting confused between enterprise and RIM's other offerings. With enterprise the encryption secures traffic from the handset to the customers server not just to the relay (see: http://na.blackberry.com/eng/ataglance/security/bes_diag_large.jpg). The encryption for prosumer (internet customers) works from handset to relay. Beyond this security is specified by the integrated account (POP, IMAP or OWA).

    This doesn't mean the RIM relay can't store enterprise encrypted messages it routes for later cracking although as stated you'd need some serious computing power (NSA style) and if these kind of boys are after you I'd probably be inclined to not send e-mail at all for sensitive communication.

    Or for the paranoid what's to say the BES software doesn't automatically send a copy of users keys back to the relay so copies of encrypted messages can be decrypted stored and forwarded to your black helicopter agency of choice.

    I refer all interested parties to:

    http://na.blackberry.com/eng/ataglance/security/certifications.jsp

  13. Steve

    @David Pollard

    Sounds like a BT test number. People think it can show if they're being tapped? That's more a reflection on what 'recreational substances' can do to your brain :)

  14. David Pollard

    @Steve

    Quite: the logic was flawed and people didn't realise. A chum 'tested' my line before I had time to stop him. (Welcome to the club, mate.)

    The example I gave was in support of @Daniel's scenario, above; from a time when telecomms equipment was rather less sophisticated.

    A number of people (for some of whom prophylactic paranoia might have been beneficial if used appropriately) *did* indeed seem to think that a standard line test would show if their line was being tapped. Whether or not the potential results of the 'vogue', as I called it, were used I don't know. Nevertheless it would have been technically simple, at that time, to conduct a 'self-administered trawl', similar to that which @Daniel describes, from which a database of potential suspects could have easily been assembled.

This topic is closed for new posts.

Other stories you might like