India: We DO have the BlackBerry encryption keys Indian government officials have apparently claimed that Research in Motion has handed over the skeleton keys used to encrypt BlackBerry communications – once again ignoring the fact that such keys don't exist. The Times of India has reported that RIM "agreed to hand over its encryption keys" to the Asian nation, and allowed …
As the article indicates,
1. if they set up a Blackberry controlled communication server (whether it's called BIS, BES or something else) in India that handsets not using their own BES communicate through and
2. if Blackberry hand over the decryption keys to that server
then yes, Indian government has the "master keys".... to a limited (but probably still sizable) subset of all handsets.
It's just that any miscreant with any ounce of sense would run his own server to avoid that.
Wouldn't that be rather a two edged sword?
This might be reassuring to the technophobe "conservative" type of voter who would probably rather wish that the whole electronic revolution since the wireless set had never been invented.
To the typically younger. more affluent modern Indian this is likely to be as reassuring as having security cameras installed in every changing room.
I wouldn't be all that surprised if someone did propose cameras in changing rooms.
A few years ago, the police in the north Indian town of Shimla suggested that all hotel rooms (and there are a lot) in the old Raj summer capital be fitted with webcams to allow the cops to catch 'miscreants' in the act. They didn't specify what "the act" was, but broadly inferred thieving by staff.
After a very loud public outcry, the plan was hastily dropped, not least as it came only a couple of years after a minor scandal in which a series of CDs came to light featuring "local" girls getting rogered in hotel rooms, unaware their boyfriends were using hidden cameras to catch the action, with the results selling like hot cakes under the counter on local market stalls under titles such as "Miss Shimla", "Miss Kullu" etc. Some of those involved eventually had their collars felt, including (to no ones real surprise) one or two cops, although I think they mysteriously managed to avoid court in the end.
Indian cops, electronics and surveillance don't usually add up to "reassuring", and the population know it.
The indian government's history is repleat with lies, hyperboly and general mis-information...
Its probably one of the most corrupt governments in the developing world.
Talking of which, didn't i read about a mars trip sometime in 2014? How can the government afford such a luxury when millions of its population is living in abject poverty without basic sanitation. More importantly, why are we still sending millions of £€$ in aid. In aid of what, claiming potential resources on a distant planet??
Stinks of shit big time stylee IMHO.
That the Worlds Largest Democracy is also the one with the most corruption should not be that surprising. All large bureaucratic systems (be they notionally democratic or otherwise) have large problems. I doubt that I know 5% of what the UK government is doing though so I cannot make much comment about a government 1/3 of a world away.
Worse than Britain under Blair or USA under Bush?
Yes. Because India did all their dirt at home. Blair only corrupted his legal advisers and kept some 300 people in the dark long enough to get what he wanted, trousered by the USA; fondled gently in the little linen folds hanging beside the genitalia of a monkey.
And Bush only had to stay out of the drunk tank long enough to appear sober, to get what he wanted: All the bananas.
Methinks you're understating a tad the nefarious activities of Mssrs Blair and Bush. As far as I can see there appears to be cause for inviting them for a grilling in The Hague.
Both actively lied to their government by knowingly "sexing up" intelligence reports into something that would support a war, and both were not above going after people who dared to voice the truth (Valerie Plame, David Kelly)..
If the keys/backdoors didn't exist then I think it would be safe to assume that the FBI / CIA / NSA would never have allowed RIM into the states.
Whether or not a set of encryption keys actually exist is of no importance, the importance lies in the fact that the communications can indeed be intercepted and read by the powers that be.
Government Lawyer: We need the Blackberry encryption keys.
RIM India: Sorry we can't give you them. They're owned and generated by each individual organisation that uses our sof...
Government Lawyer: I don't care about that. We *need* the keys.
RIM India: But I told you we don't have...
Government Lawyer: Let me put it this way; give us the keys, or go to prison.
RIM India:I don't... well [thinks for a second] um, okay, here are the keys.
Scribbles random characters on a bit of paper and passes it over to the lawyer
Government Lawyer: See how much easier things are when you co-operate with us?
RIM India: *sigh*
every Blackberry enabled device runs software managing its keys which belongs to Blackberry. They can easily just send the keys out or use a fixed standard key.
Besides even if you don't accept that RIM might be malevolent, getting the keys to the largest RIM and or Privider run BES is already enough to catch 99% of the people. People who know about security most likely use IMAP4 of their own servers anyhow.
1 - Where do these stories come from? The press.
2 - If a reporter needs a story, how easy is it for him to find a friend who works for the government in some minor capacity, and get him to say, off the record, that the government can do 'x', where 'x' is anything? Very.
3 - story delivered.
4 - profit...
EVERY official telecomms operator in the world has to obtain a license to operate, and all those licenses demand legal intercept capability. If the company wants a license it needs to comply, if it doesn't it is in breach of license and can, worst case, be shut down.
Ergo, any kit they install and any service they offer MUST be backdoored in a controller way or they don't even get to run it - so why would RIM based services suddenly be exempt? Answer: they are not, but it's a nice illusion to sell.
If the relevant Indian telco doesn't have insight in RIM traffic they will get RIMmed by their government - if it's a government organisation (don't know how India runs its telecomms) the question is already academic. It's kinda cute that RIM wants to keep up the illusion, but every government service in the world uses their own keys and servers, and their Blackberries are not going to use the default blackberry.net (nice route to global intercept, btw).
You don't even need to see the technology, just look at the license conditions. Do you really thing telco's will forego their massive profits for something as trivial as your privacy? Not a chance.
> legal intercept capability
Sure, the UK government demands legal intercept on my Internet connection. That doesn't mean they can easily see my https conversations with the bank, it certainly doesn't mean they can easily see my SSH conversations as I call home from around the world.
All the legal intercept would give is the cipher text and some traffic details.
If India really did have such a key, you'd expect them to keep quiet about it so people would continue using it in a vain attempt to protect secrets from them. On the other hand, if RIM *did* have a master key or some way of generating one, we'd expect them to deny its existence for similar reasons...
With the tight network integration, even BES still involves RIM-controlled servers in the traffic. Now, that might be a purely opaque encrypted tunnel, with the RIM kit only knowing which BES server a handset is contacting, and vice versa, but since it's a proprietary protocol, who knows? With a tame CA, you can do a man-in-the-middle 99% of people won't be able to detect: how do we know there isn't some equivalent in the BES/BIS protocol, allowing the Indian government to have the equivalent of a wildcard SSL certificate?
Ultimately, either the Indian government is lying and doesn't really have the key, RIM were lying to them and provided a duff key, or they really do have a genuine working key. The middle option should become obvious as soon as they try using the duff key and crack down on the handsets and RIM themselves...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
