Forgot your password?
typodupeerror
Privacy Communications Encryption Wireless Networking Your Rights Online

Blackberry Gives India Access To Servers 182

Posted by timothy
from the good-thing-we-can-trust-governments dept.
Meshach writes "As happened earlier in Saudi Arabia Blackberry has reached a deal that allows Indian authorities access to the transmissions of hand held devices. Much of the fear comes from worries about terrorists: Pakistani-based militants used mobile and satellite phones in the 2008 attacks that killed 166 people in Mumbai."
This discussion has been archived. No new comments can be posted.

Blackberry Gives India Access To Servers

Comments Filter:
  • How long... (Score:5, Insightful)

    by Anonymous Coward on Saturday August 14, 2010 @12:34AM (#33248818)

    How long before every country decides that in order to allow RIM to operate they need to open up their servers?

    • by Jazz-Masta (240659) on Saturday August 14, 2010 @12:37AM (#33248832)

      How long before every country decides that in order to allow RIM to operate they need to open up their servers?

      Monday.

      • by Anonymous Coward on Saturday August 14, 2010 @11:30AM (#33250860)

        The difference between US and India is that with Indian authorities this was released to the press. US instead puts a gag order and then probably gets everything they want.
        NSA probably has a back room in blackberry - or has the encryption codes itself.. !

        "Despite what we are hearing, and considering the public track record of this administration, I simply do not believe their claims that the NSA's spying program is really limited to foreign communications or is otherwise consistent with the NSA's charter or with FISA," Klein's wrote. "And unlike the controversy over targeted wiretaps of individuals' phone calls, this potential spying appears to be applied wholesale to all sorts of internet communications of countless citizens."

        One of the documents is titled "Study Group 3, LGX/Splitter Wiring, San Francisco," and is dated 2002. The others are allegedly a design document instructing technicians how to wire up the taps, and a document that describes the equipment installed in the secret room.

        Read More http://www.wired.com/science/discoveries/news/2006/04/70619#ixzz0wavMN6aB"

    • Re: (Score:2, Interesting)

      by vlueboy (1799360)

      This will be pretty interesting in shaping the expansion of future multinational companies: how long until every country decides that your "private" T1 connecting New York to Tokyo needs to pass through traffic sniffing tools so that both countries are sure nobody is using private corporations for terrorist activities? Far fetched? AlQaida is a private corporation on its own way. You just need some sleeper cells properly situated at both ends of the wire inside a fortune 500 company, especially an outsource

      • Re: (Score:3, Interesting)

        by davester666 (731373)

        Of course, there are only a billion or so trivial ways to privately communicate using a public network, from one-time pads, to stenography [in text, images, video, or other binary files], to using ssh, or https.

        And for all you higher and mightier Americans using IMAP, I'm sure you know the police can request any email, without a warrant, for any email stored on a server for more than 180 days (and now believes that they can also get any email stored on the server for less than 180 days if you've read it) ht [wired.com]

        • by Xenographic (557057) on Saturday August 14, 2010 @03:34AM (#33249424) Homepage Journal

          Verizon has delegated enough authority to let the UAE write SSL certificates impersonating any site [eff.org] which will get automatically accepted by most browsers, so don't you think it's getting hard to know if your communications are actually secure from eavesdropping?

          Part of the problem of secure communications is that there are too many governments who don't want people to have them because people can (and do) plot nefarious things with them.

          • by idiot900 (166952) *

            That's absolutely terrifying.

            This also highlights the fact that Verizon can impersonate any site, and that there is little chance they haven't granted a private key to US intelligence and law-enforcement agencies.

            I guess the moral of this story is that if you want to communicate securely, without every government under the sun listening, you have to manage the encryption yourself.

            • if you want to communicate securely, without every government under the sun listening, you have to manage the encryption yourself.

              So the CA system has been demonstrated untrustworthy, with rogue roots in the wild. Now how does one validate the first contact with a given party? There is the OpenPGP global web of trust, but as I understand it, joining it requires flying to key-signing parties, and a lot of people don't have the finances to fly often.

      • by jon3k (691256)
        "how long until every country decides that your "private" T1 connecting New York to Tokyo needs to pass through traffic sniffing tools so that both countries are sure nobody is using private corporations for terrorist activities?"

        Who cares [cisco.com]?
    • Re: (Score:2, Troll)

      by jbssm (961115)
      I'ts generally accepted that most of the 1st world countries actually don't need that. USA, Russia, Israel, China, etc, all have the means to decrypt those communications in real time and that's why they never needed to demand access from RIM.
      • Re: (Score:3, Funny)

        by Anonymous Coward

        Just curious how any government would go about decrypting a 128 bit RSA message in real time? Was there an article proving P == NP while I wasn't paying attention?

    • Gag order (Score:5, Insightful)

      by traindirector (1001483) on Saturday August 14, 2010 @12:44AM (#33248866)

      The better question may be "where has this already happened with a gag order attached to the request?"

    • The United States (Score:5, Informative)

      by KingSkippus (799657) on Saturday August 14, 2010 @01:45AM (#33249124) Homepage Journal

      Can you believe the unmitigated nerve of those crappy little backwards countries and their oppressive Big Brother-ish monitoring of their citizens!!? Thank god nothing like this could ever happen in the United States, where we actually give a rat's ass about protecting our privacy from the government!

      Oh, wait... Well, shit. [wired.com]

    • Re:How long... (Score:5, Insightful)

      by chrb (1083577) on Saturday August 14, 2010 @04:23AM (#33249542)

      How long before every country decides that in order to allow RIM to operate they need to open up their servers?

      The vast majority of countries with cell networks already have laws in place that require cell providers to enable lawful intercept of calls and messages. RIM were an anomaly because they provided no lawful intercept capability to these countries. Now, they do.. RIM devices in the USA and EU are already subject to lawful intercepts - these moves are just providing the same capability to other nations.

      • Uh-huh. Which only goes to show that people who use the cell phone to plot against the government are idiots. There are a lot of more secure methods of communication - some of them right on the internet. Of course, NOTHING is completely immune to being intercepted. It would be a bitch if the government intercepted the keys you sent for your buddy to decrypt all those files hidden in the picture of Obama admiring the Lincoln memorial, LOL

    • by Dan541 (1032000)

      A terrorist will just use PGP to encrypt their emails. So will allot of legitimate businesses making it hard to tell friend from foe.

  • Phfft. (Score:4, Insightful)

    by kylemonger (686302) on Saturday August 14, 2010 @12:45AM (#33248872)
    This is like banning box cutters on planes because the 9/11 terrorists used them, as if terrorist can't figure out how to enocde their messages in other ways. Terrorism isn't the reasons for this, repression is.
    • Re:Phfft. (Score:5, Insightful)

      by Ziekheid (1427027) on Saturday August 14, 2010 @12:51AM (#33248908)

      Terrorism has become the best argument for invading privacy nowadays.

    • That's very true. Terrorists, as any group of people, have many ways of communicating with each other. Some forms of communication are more convenient, but for an evil crime organisation, convenience is not the top priority. As you mentioned with box cutters, banning them didn't make it one bit harder for terrorists to make attempts on planes, but just made it much more troublesome for the many honest airline passengers.

      The governments know this won't do anything for security. Either they are trying to tric

      • by sznupi (719324)

        ...box cutters, banning them ... just made it much more troublesome for the many honest airline passengers

        I can't help but wonder - how? (especially "many")

        And you know, India is the biggest democracy around...

        • Re:Phfft. (Score:5, Insightful)

          by Hognoxious (631665) on Saturday August 14, 2010 @03:06AM (#33249358) Homepage Journal

          I can't help but wonder - how? (especially "many")

          Plenty, since the TSA extended the definition of box cutters to include nail clippers, pencils & baby milk.

        • by Yetihehe (971185)
          For me for example. I didn't knew you can't have any tools onboard (not only box cutters) and my pincers got confiscated.
        • by Bucc5062 (856482)

          India is a democracy, ah...So all those wonderfully democratic people who get their Blackberry cut off because RIM took a stand and said, "No, we are not going to allow government access to our servers" will rise up and vote leaders out of office?

          Right.

          Governments, even those labeled democratic, have understood that the masses will not really do anything to stop these steps to limit freedoms. RIM's in it for the money, I get that. But had they took a stand (and why now are governments asking for this, RIM

        • ...box cutters, banning them ... just made it much more troublesome for the many honest airline passengers

          I can't help but wonder - how? (especially "many")

          I used to be able to get to the airport and go through check-in 30 minutes, maybe an hour, before takeoff. But now I wouldn't get there later than 2 hours before. I dehydrate easily and so I always carry a drink with me. Now I can't take my drink on board. I grew up always having a pocket knife guess where? In my pocket. Taking that on board is out

      • You missed another obvious explanation. The government wants you to BELIEVE that you are beholden to them for your security. Note all the press releases, in which one official or another brags about the measures his agency has taken to protect you. They WANT you to feel dependent on the government.

        You could look at welfare for a similar situation. Welfare has it's place - that is, no one should ever starve in any civilized country. But, today, welfare benefits come pretty close to what the lower middle

    • Re: (Score:3, Informative)

      Box cutters and WATER. Oh god I hope I never get a job handing out bottles of water in earthquake ravaged haiti, HOW will I get the water there and how will I open the packaging!?!?!

      Or can you put water in a cargo plane? But wouldn't all that water just blow up even more??

      • you can put the water in a boat. Boats are much more efficient cargo carriers anyway.

        Of course, if that boat full of water should sink on it's way, you can imagine the jokes....

  • Oh, I get it ... (Score:4, Insightful)

    by kbahey (102895) on Saturday August 14, 2010 @12:47AM (#33248880) Homepage

    Oh, I get it now ...

    If it is Saudi Arabia and the UAE, it is all about censorship ...

    But if it is India, it is a move against the terrorists ...

    It is all about spin ...

    • by sdnick (1025630) on Saturday August 14, 2010 @02:22AM (#33249240)
      India actually did get hit recently by Muslim terrorists who received intelligence, coordination and orders from neighboring Pakistan over mobile phones for several days as they moved through Mumbai targeting non-Muslims and racking up a body count of 166.

      Saudi Arabia and the UAE didn't suffer any recent attacks coordinated and made possible by mobile phone technology, and both have historically been far more willing to curtail free speech than India (which isn't anywhere near US standards for free speech itself).

      RIM should have hung tough and refused India's request, but at least India had a legitimate reason to ask. "All about spin" - yeah, darn that annoying reality and how it gets in the way of the narrative you prefer.
      • by beh (4759) * on Saturday August 14, 2010 @02:50AM (#33249314)

        Ah - and decrypting the messages would have solved the problems, as it is phyiscally impossible to write plaintext 'in-code' AND encrypting it?

        The whole thing is bloody nonsense - if I were to plan any attacks, I certainly wouldn't just trust the encryption by a mobile provider as my 'safe haven'...

        • Re: (Score:2, Informative)

          by Mashiki (184564)

          Nor would I. But India's parliament doesn't exactly work the same way as others do, and many of them are behind the times on their core understanding of technology. Even more-so then in other countries, where government lags on average of 10yrs behind both what the public is saying/thinking, and what they should actually be doing.

        • Actually, the attackers in Mumbai just spoke over the phone with their coordinator. They have the tapes. [youtube.com] There was no encryption or plaintext or whatever. They basically called their leader in Pakistan and asked for instructions and provided updates on their slaughtering. The leader was providing real time info based on TV news or something.

        • by Nemyst (1383049)
          They'll put anyone who encrypts their messages under a watch list. After all, you don't need to encrypt your messages if you've nothing to hide, right? Right?...
  • by Tjp($)pjT (266360) on Saturday August 14, 2010 @12:48AM (#33248890)
    By overtly giving access to these governments they can scan for US or European business partners (hopefully RIM limits to the local to that country traffic). This allows them an unfair competitive advantage as they can then direct local companies often state owned or controlled to change bids or marketing approaches. Saudi Arabia this might apply to leveraging better prices from suppliers or from gaining a better advantage in the financial sector, and in India it means they can now cherry pick information related to manufacturing deals to gain advantage over the people looking for competitive bids between India and other outsource manufacturing (and outsource software development).

    This is not good. Corporations should strongly consider if RIM is a viable solution at this point.
    • by Ziekheid (1427027)

      How about agreements on sharing international banking data, it's far more worrying.

    • Re: (Score:3, Interesting)

      by khchung (462899)

      By overtly giving access to these governments they can scan for US or European business partners (hopefully RIM limits to the local to that country traffic). This allows them an unfair competitive advantage as they can then direct local companies often state owned or controlled to change bids or marketing approaches.

      Yes, and as we all know, the US and Europe (incl UK) governments are such bastion of moral behavior that they had never and would never ever use data collected through immoral means (e.g. spying, wire-tapping, etc) to assist their own businesses.

      A more cynical person (who might have read about such abuses by various western governments in the past) would more likely to think that by gaining such access, these governments would simply be "leveling the playing field" rather than gaining any "unfair advantage"

  • Indians and those who think like them must think folks bent to do bad things (read harm society), are fools. To defeat any kind of snooping, all bad people have to do is to communicate in code.

    That is: "Let's have dinner tonight." to mean "The materials will arrive next week Tuesday."

    Now defeat that.

    • Re: (Score:3, Insightful)

      anyone truly needing encryption will manage their own layered end-to-end solution or have someone competant handle that for them.

      the rest of us will be denied our privacy and the government will come off looking like its 'tough on crime'.

      oh, and a private corporation gets to keep a huge marketshare and shit on its customers. or maybe its customers' customers.

      ie, business as usual.

      • anyone truly needing encryption will manage their own layered end-to-end solution or have someone competant handle that for them.

        Online shopping customers need encryption so that criminals don't intercept information that could be used to forge purchases. What sort of end-to-end solution do you recommend for web merchants if rogue root CAs have made HTTP over TLS untrustworthy?

    • by AHuxley (892839)
      The real deal is the number, who has the number, what was sent and any new numbers connected. The days of pre or post conference Soviet limo chatter are over. But the friends of friends of people of interest are so worth the effort. Welcome to CryptoAG in your hand :)
    • by westlake (615356)

      To defeat any kind of snooping, all bad people have to do is to communicate in code.
      That is: "Let's have dinner tonight." to mean "The materials will arrive next week Tuesday."

      The first problem is the code book.

      There are only so many words and phrases you can keep in your head before you have to write them down.

      The second is weaving the key words and phrases into a message that doesn't come across as stilted and unnatural - or worse.

      "Let's have dinner tonight" implies an intimacy that can be easily tested.

      T [americanheritage.com]

  • by Gopal.V (532678) on Saturday August 14, 2010 @01:03AM (#33248962) Homepage Journal

    I know RIM is only providing meta-data on the content, but honestly, are you telling me that this *wont* be used to spy on a corporate competitor?

    India is corrupt in a very "Who me?" way. This law has only abuses, in a country where you can buy a SIM for 5 dollars, with a photocopy of just about anybody's id. The terrorists don't need to bother with the BB or anything even remotely expensive - the underworld maybe (The D Company [wikipedia.org]), but not the "kill them all and let God sort them out" category of terrorists.

    But it's not like India is the first place to do this. Echelon was used similarly, I guess to spy on foreign firms.

    • Re: (Score:3, Funny)

      I guess to spy on foreign firms.

      my eyes must be going. at fist, I read it as foreign films and I'm thinking, hmmm, is there some DRM angle to this? maybe something about region codes?

      yes, I must get new glasses soon.

    • >>> Echelon was used similarly, I guess to spy on foreign firms.

      Although I am nobody special, just some text on a screen for you, as a disgruntled ex-secret 3 letter agency worker drone formerly living in Australia, I can confirm that your musings never happened on my watch for a decade or so very late last century. I only wanted to know if UFO's existed anyway - I even managed to mention this during my interview. Indeed I was as surprised as anyone when they said "Okay, you can work for us, here's

      • if you had stayed longer, they would have given you the approved plasma-resistant gloves out of the box of post toasties (maybe that's changed, not sure, myself). the post toasties only comes after 15 years of service, though.

  • Lesser evil? (Score:2, Informative)

    by cestmoa (1335613)

    I somewhat can understand the concern of law enforcement that a secure mail environement makes their job more difficult. On the other hand, giving access to the RIM infrastructure implies that you are no longer innocent until proven otherwise, but you are now suspect until your innocence is proven. BAD

    While Internet Service and PIN2PIN messages seem to be encrypted with the same key for everybody, RIM always claimed that enterprise mail is encrypted with a unique key end to end from the enterprise server to

    • Re: (Score:1, Troll)

      by flyingfsck (986395)

      "RIM always claimed that enterprise mail is encrypted with a unique key end to end from the enterprise server to the device and that nobody else has this key" ...and you believed that?

  • by ricky1962 (149006) on Saturday August 14, 2010 @01:25AM (#33249052)

    They can always go back to using number stations on the shortwave bands. Just a thought.

  • I understand its just business, and $ win, but you have lost a customer.

    Keep it up, and I hope you go bankrupt.

  • Just how many of the Mumbai attackers were using Blackberrys? And how many will, as already pointed out, just use something else. Plain old walkie-talkies and code words maybe?
  • I understand RIM has business interests, but there should be very specific details about where, when and how that information can be decrypted. If foreign governments who have embassies in India will be subject to the same decryption methods. If american subsidiaries will be subject to this etc...

    This affects more than the security of India. It affects every bit of interest (government, business, individual) that uses BlackBerry coming in and out of the area.

  • Hello, I m a Indonesian Blackberry usr.
    My country is spyin on me and I got 2 get a lot of $$$ out of the country.
    Plz help. Let me store sum $$$ in ur bank 4 a bit.
    txt me the acnt num, U can has interest 4 thx.

  • Does are these countries also Banning SSL? Anyone that gave a shit could easily set up webmail with any one of thousands of hosts. I don't see how this does anything except make RIM look like a giant bunch of pussies. Most companies force their employees to use blackberries for the very reason that they think they are secure. Is that going to continue when not only are they insecure but they are publicly being monitored by countries that are world renown for their corruption? What happens when I fly to thes
  • Given that RIM never actually lets go of the handsets after their sale, I have always felt a little uncomfortable about their vendor lock-in model. After all, it is a model that makes even Apple and Microsoft jealous as they have managed to pull it off without too much discussion or resistance at all. The only time you hear about it is when their network servers go down for a global blackout. And even then people complain "dumb network model" and not "greedy business model."

    We don't know the limits of th

  • Much of the fear comes from worries about terrorists

          I suspect that the rest of the fear comes from worries about pedophiles.

          I mean, those are the two biggest excuses to subvert freedom and expand government power in the West, so why not in India, right?

  • I assume that every single electronic communications system in the world is compromised.

    We should be moving to a standard where every single communication is encrypted, not by the carrier, but by the user. It needs to be ubiquitous.

    Is there an app for the iphone to encrypt calls?

  • with al the effort by government to get access to the comm transmissions on Blackberry's, that SEEMS TO INDICATE that they already have access on other mainstream networks and brands.

    this is really worrying.

    g

  • by PPH (736903) on Saturday August 14, 2010 @01:17PM (#33251522)

    I know a number of people with corporate-issued Blackberrys. One of the featuures that made these attractive to corporate customers was that RIM set them up with their own server infrastructure. This placed encryption and data security in the hands of their IT departments. While the networks over which data traffic travels might be intercepted by foreign officials, those messages remain encrypted until they arrive at the company servers. RIM is out of the loop.

    How do these governments deal with such networks?

    • by lennier (44736)

      I know a number of people with corporate-issued Blackberrys. One of the featuures that made these attractive to corporate customers was that RIM set them up with their own server infrastructure. This placed encryption and data security in the hands of their IT departments.

      Sure about that? With a standard BES install, data to and from the device gets routed via Blackberry's corporate servers, so if they could crack the encryption they'd have a copy of every corporate email ever. Supposedly it's AES encrypted at the endpoints, yes. But how is an admin going to verify how strong the crypto really is in a server binary that you don't have source code to? I know I'm not smart enough to do that. I would feel a little safer if the BES talked directly to the device through the layer

      • by PPH (736903)

        The point is that corporate systems treat all networks (Blackberry company networks included) as untrusted. The messages may route through Blackberry systems, but only in encrypted form.

  • Now if I want to send a private messages to my militant friend who is going to blow something up in India, I encrypt it BEFORE I send it.

    Problem solved.

"I'm not afraid of dying, I just don't want to be there when it happens." -- Woody Allen

Working...