RIM In Trouble For Not Violating Privacy 278
sufijazz writes "The US government is not alone in wanting to snoop on everything citizens do over email/phone. The Indian government wants that right too. RIM is stating they have no means to decrypt, no master key, and no back door to allow the government to access email." The article notes that 114,000 BlackBerries are in use on the Indian subcontinent. The government is concerned about attacks by militants and sees the BlackBerry as a security risk.
Re:This could set a precedent (Score:4, Informative)
This message contains proprietary information... (Score:4, Informative)
... and is protected from disclosure.
So, what happens when trade secrets leak because some gov employee got bribed to access them and pass them to a competitor?... I would assume RIM could also be held liable for loss. And its harder to sue (and win) against a government, esp. somewhere like India. A lot easier to drag RIM in front of a jury in the US.
Re:This could set a precedent (Score:2, Informative)
The Blackberry uses whatever telco you subscribe to but the data portion is end-to-end encrypted. And they're a Canadian company so US laws don't apply. Same goes for Hushmail if memory serves.
Blackberry privacy is only for large enterprises (Score:5, Informative)
Blackberry privacy is only for large enterprises. If you have a corporate Blackberry server, the keys are between the client units and the server, and RIM doesn't have them. If you use Blackberry's public servers, RIM has your E-mail. India only wants "non-corporate emails". [indiatimes.com]
Re:This could set a precedent (Score:3, Informative)
Unless their implementation is buggy, that's got nothing to do with crackability. PGP (and any credible) security is in the key, not the algorithm.
>Will they be faced with the dilemma of changing their architecture versus being banned?
I sure hope not. Hushmail and Skype are applications/service providers. They don't maintain the physical infrastructure of fiber and copper cables. They are not "common carriers."
Re:can't work even if they wanted it to (Score:5, Informative)
Yes, but blackberries make it easy to communicate securely. You don't have the hassle of a PKI infrastructure with S/MIME certificates, or using PGP.
Incidentally, blackberries support PGP and S/MIME on top of their existing security.
Re:can't work even if they wanted it to (Score:5, Informative)
Its just when Tata Teleservices offered to provide the service that this suddenly became a 'terrorism' issue. Airtel and Hutch now Vodaphone have been providing blackberry since 2004.
This is not about terrorism but corporate politics and influence peddling which is the way of business in India. RIM just has to pay some money to the right people and this will die a natural death or ask Airtel/Vodaphone to stop their lobbying against Tata Tele.
Terrorism is fast becoming a favoured excuse and people should be a tad more skeptical before jumping to conclusions about threats that may not exist. Terrorists have many ways of communicating without resorting to blackberry. You can't stop technology because it can be abused.
Re:The gov't listens to everything (Score:4, Informative)
http://en.wikipedia.org/wiki/Wikipedia:Articles_for_deletion/America_Deceived [wikipedia.org]
And even if they could snoop... (Score:2, Informative)
A: "Thank you Mohammed. I should water them."
M: "For best results, wait until after the 15th of May."
What does this hypothetical conversation mean? Heck if I know, nor does anyone else. Simple coded language will defeat the global governments and their growing desire to snoop in the name of terrorism. Even if they make encryption illegal, they won't break coded language if they don't know the code, nor will they be able to detect the more clever steganography algorithms.
Re:Summary is indicative of the problem (Score:3, Informative)
But between the government and its people, only republican (not the party) governments do not have rights. Monarchies have rights secured by god(s).(Which is a dubious claim because I've never seen a god testify in court that he granted said rights.) Democracies are a bit of a gray area, where popular vote can take anything it wants with a simple majority (of those that vote). This would then seem to mean that you have no rights, but neither does the government, and both the people and the government are a bit wishy-washy.
Unfortunately, we gave up the republic long ago.
Re:can't work even if they wanted it to (Score:3, Informative)
The others support SSL-encrypted IMAP and SMTP. I just don't see the appeal of the way BB does this stuff....
Re:End to End Encryption - independent of location (Score:2, Informative)
http://economictimes.indiatimes.com/RIM_agrees_to_pass_BlackBerry_content_on_condition/rssarticleshow/3056271.cms
Re:can't work even if they wanted it to (Score:3, Informative)
Re:can't work even if they wanted it to (Score:1, Informative)
Re:can't work even if they wanted it to (Score:4, Informative)
What? You didn't drink the kool-aid? Seriously, I used to wonder the same thing, but the blackberry is a far better platform.
You're right, lots of mobile devices can do POP/IMAP/SMTP with SSL. So, you've got your mobile device, and you want to see if you've got email. You click the "check email" function, or it runs in the background all the time, checking every five minutes for new mail. That's called "pull" email, and it means you run up a considerable data bill, even when you're not sending email. There was some poor guy bought an iphone immediately when it came out, activated it with AT&T, then took his shiny new iPhone to Europe on a trip. The default for the iPhone is to check for new email every 5-10 minutes, even if the phone is not "on". So this poor sucker gets a huge international roaming data bill even if he didn't send/receive a single email.
By comparison, the blackberry is "push" email. There is no need to check for new messages. If your email account gets a new message, the server pushes it to your device. Unless you are sending/receiving a message, your data usage is zero. If the guy had a blackberry instead of the iphone, his international data bill would have been zero. Lots of people & companies like that, especially those of us who live in countries with ridiculously high data rates (like Canada - we are in the dark ages when it comes to mobile phones & services).
Does your nokia/treo/ericsson sync your todo list, calendar and address book in real time with your desktop?
In a large company with 50,000 employees, a blackberry can look up email addresses in active directory or notes.
RIM also realized the limitations of the handheld form factor. Even with a big screen handheld, you don't want or need the full html-ized email that most people send these days - it's not going to display well. So, why send all this data that doesn't display well? When the email arrives at the blackberry server, the server strips out most of the html fluff (which can reduce the size by 50%-90%), then compresses the message with a conventional compression algorithm, then encrypts the message with AES, then sends it to the blackberry device. That reduces the data bill even further. Beancounters like that.
Since big attachments aren't going to display well on a small handheld screen, the blackberry server compresses & modifies the attachment to a form that will display well on a small screen. Does your nokia/treo/ericsson do that?
What about device security? Does your nokia/treo/ericsson store the pop/imap email securely on the device in encrypted form? Nope. Blackberries can do that.
Does your nokia/treo/ericsson support PGP and S/MIME for extreme paranoia? No, but blackberries do.
RIM provides full documentation and a developer kit to build your own applications. You don't have to beg apple please pretty please can I write an application and put it on my own phone.
What if you lose your blackberry with all your important company secrets on it? The blackberry server can remotely lock the handheld, or even wipe the entire thing with a single command. Does your nokia/treo/ericsson do that?
Some companies are required by law (like investment banks) to track all communications that staff have with clients. Does your nokia/treo/ericsson do that? Blackberries can track every phone call, email, SMS, IM and PIN message.
Can you prevent your staff from installing software on a nokia/treo/ericsson? You can with blackberries.
Can you prevent your staff from using the internet, bluetooth, memory cards, cameras, GPS, or long-distance calls with a nokia/treo/ericsson? You can with blackberries.
Don't get me wrong, blackberries aren't needed by everyone. But they are very handy, and the best mobile messaging platform, by far.
Re:can't work even if they wanted it to (Score:3, Informative)
SMS is cheap? It's something like a billion dollars a gig. That is how they are making profit---not through data charges, but through nickel and diming people who don't realize they're being screwed.