Indian telecoms secretary Siddhartha Behura has confirmed the country is not seeking a ban on the use of BlackBerrys, as the government continues talks with operators about lawful interception. The suggestion that RIM's emailing handheld might be banned from the subcontinent surfaced last Friday when Tata Teleservices was …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Friday 14th March 2008 12:11 GMT Claus P. Nielsen

Strong encryption vs Random Garbage

Making it a crime to not reveal the key to encrypted material is ultimately still a futile exercise.

The mere possibility that the file could be a piece of garbage generated by a random number generator raises too many loopholes.

An example:

So I have received a file containing a lot of apparently random numbers form a person that cannot be traced (say someone working behind a spoofed email address).

- If this file is truly garbage, there is no way in the world for me to provide a key that makes it readable, so I would go to jail. - the perfect way to frame en innocent person.

- If the file is actually an encrypted message, this will only be revealed if I provide the correct key. I can have a seperate key that I use for all other communication, which will not open this file. I can claim that it must be some random garbage sent to me to frame me. If you want to build a stronger case for this argument you get somebody to start sending anonymous messages with random garbage to random people just so you can hide in the crowd.

So governments frantically insisting that nothing is encrypted, only really works if you they don't care that they are putting innocent people in jail.

0 0
Friday 14th March 2008 12:27 GMT Anonymous Coward

If only RIM were to offshore in India

may be India is not used to having things not being done under its jurisdiction, that must seen as a sin to rely on foreign tecknologies.

0 0
Friday 14th March 2008 12:53 GMT Dave

Hang on, just a second...

So does that mean that all the data coming in and out of Indian Call-centres is unencrypted? My Bank Details, Credit Card Details, Health Records, Phone Records. The Full Monty. And it's done that way so that a foreign government can intercept easily? MY Government needs (allegedly) a warrant to do this, but a country that is in direct competition for our jobs gets it on a plate?

Any further comment is redundant. Just like we will be...

0 0
Friday 14th March 2008 14:43 GMT Matthew

DPA

Doesn't the Data Protection Act require that all data that leaves the EU/UK go only to 'Safe Harbours'? Surely, that implies decent encryption

Paris = Puzzled.

0 0
Friday 14th March 2008 17:27 GMT richard

Terrifying Prospect

...what about our data handled by call centres? - How is it secured in the light of this?

0 0
Friday 14th March 2008 21:15 GMT Daniel B.

Hm...

So I think my Blackberry comms might be safe from both Mexican and US prying eyes.... and given the increased surveillance on part of the Mexican gov't, that might be even better.

I'd be concerned though ... why would the Indian gov want so much control on this?

0 0
Friday 14th March 2008 23:50 GMT Anonymous Coward

RIM isn't able to decrypt, even if they wanted to

This Indian government doesn't understand how blackberries work (neither did the French government when they tried to ban them).

If you use the Blackberry Enterprise Server (and you should), the handheld & server exchange keys without anyone else ever having them.

RIM and the mobile carrier just the carry the encrypted message - RIM can't decrypt it even if they wanted to. RIM could be located in India and it wouldn't make any difference. RIM never has the keys.

The blackberry platform has been audited from end-to-end by NATO and the governments of the USA, Canada, Austria, UK, New Zealand and Australia. It is a very solid platform.

http://www.blackberry.com/select/get_the_facts/security.shtml

The Indian government simply doesn't want its citizens to have strong encryption technology that they can't break.

The USA tried that a decade ago. It's not possible.

0 0
Saturday 15th March 2008 05:34 GMT b shubin

The possible, revised

@ AC and the impossible

it's been 10 years. the NSA has (according to some rumors) more computation capacity than the rest of the world combined. it may take up a good chunk of their resources, but if they want to, they can supposedly decrypt things other organizations can't touch. it may also take a few weeks, but i feel certain they've found a way.

BB may be a highly secure platform (use it myself), but nothing is completely proof against decryption (theoretically). the gov't of India appears to be technologically ignorant, as most governments are.

it can't be that difficult to get cooperation from Canada, they rolled over for GWBush, didn't they? India just needs to try a bit harder, and they can have their intercept. decrypting it is another matter. if they can't be bothered to develop the capacity, they'll have to live with the disadvantage. i am not at all sympathetic, and i used to be MI.

too bad, so sad, guess you'll have to rely on HUMINT. you were trained in intelligence work, first by the British, and later, the Russians; in a nation of almost a billion people, you should be doing a lot of that already.

0 0
Monday 17th March 2008 20:57 GMT Gordon

Does anyone care??

Well, if they government want to look at my eMails, they're welcome. I'm sure they'd be fascinated by what they learn. That i'm an honest, hard-working IT tech, no threat to national security, I have a sister and a fiance to buy Birthday gifts for soon and I need to go to Manchester in the not-too distant future to fix a printer. And I subcribe to the El Reg Digests...Earthshattering....

I do sometimes think that encrypting email is rather like putting documents in an envelope marked "Top Secret". It ensures the other people know which communications are of interest and allowed them to effectively target any attacks. If you have a million emails to sort through looking for terrorist messages I think you might just start with the thousand or so encrypted ones. Nice of someone to point out which ones are worth intercepting and reading by encrypting them, wasn't it?

Of course, encryption is only half the battle. If the message is cyphered as well then what they get back (after time cracking the encryption key - which will be harder if they are looking for the "the right gibberish", rather than recognisably cohearant data) may well be too obscure for anyone other than the intended recipient to glean any accurate meaning from. Especially if the meaning is further obscured by synonyms and substitute words etc. They may well learn that "the hippo is one who ate the racing car - munch!" (meaning "the attack (hippo) is on the 18th (one-ate) of March (racing car) in Munich (Munch)". But will that mean anything to anyone?

Just a thought. I do think that higher-level encryption is, arguably, a good idea for corporate security reasons. But I also suspect it would be quite easy to just mug the bloke who holds the blackberry for it's contents. This completely compromises security and will just look like a street robbery if done properly.

0 0