RIM Reaches Temporary Agreement With India

Canadian_Daemon writes with news that India has granted a 60-day reprieve for their threat to ban BlackBerry devices while the government evaluates RIM's proposal for "lawful access" to users' encrypted data. "The Ministry of Home Affairs said in a statement it would review the situation in 60 days after the Department of Telecommunications studies the feasibility of routing BlackBerry services through a server in India. India wants greater access to encrypted corporate e-mails and instant messaging, though it remains unclear precisely what concessions Research In Motion agreed to in order to avert the ban. About one million BlackBerry users would have been affected in India. 'RIM have made certain proposals for lawful access by law enforcement agencies and these would be operationalized immediately. The feasibility of the solutions offered would be assessed thereafter,' the ministry said."

makes sense

[prashanthch]

India faces as much terrorism risk as any other nation, Indian security forces need to be able to access information that they need in order to prevent acts of terrorism. I can see cases where the information will be abused but such risks are no match for the benefits. I recall watching a documentary on the Mumbai terrorist attacks from 2 years ago where we can hear the chilling instructions to kill hostages being given to the terrorists on the ground from *our friends across the border*. Such evidence would be impossible to get if the intelligence agencies do not get access to communications data.

Re:Also Banning IMAP+SSL?

[iammani]

Gmails defaults to HTTPS and gmail is the most popular one.

Useless security theater

[losttoy]

First, as an Indian, I am least shocked at what the government is trying to do. This is what bureaucrats in India do best, that is, fleece money from businesses by pulling up arcane/useless laws and regulations. Behind closed doors, RIM must have bribed dozens of bureaucrats in at least half a dozen government departments. My father worked for an Indian company and was in charge of setting up a power generation plant. He said he had to bribe a dozen different ministries just to get the paperwork moving on prospecting for the site. What's the value of Indian law enforcement agencies being able to tap into RIM? Zilch, squat, none, nada, nil, shunya! After all the circus around this issue, what brain-dead criminal will use blackberry to cover up tracks? This will mostly be used by politicians to settle scores, dig up dirt on each other and sell trade secrets of one business to other or harass them. As any Android or iPhone owner will know, just go to Android market place or iTunes store and there are dozens of apps for encrypting text messages and files. Not happy with closed source apps? Use openssl, gpg or half a dozen other opensource tools to encrypt communications such that no law enforcement agency can crack it in a timely manner to help with an investigation. Much less Indian law enforcement agencies that can barely use computers much less have access to super computers to do any cracking. As for Indians, they are mostly pro-government on this issue. Why? Because RIM acceded to similar demands by UAE and Saudi Arabia so now their national pride is hurt when a foreign company complies with laws of tiny Emirates but not their mighty nation. People in India are tired of a non-functional government that does not take foreign corporations to task for even mass murder (read Bhopal Gas leak). So when they see a government department screw a foreign corporation, they cheer like this will somehow help. It WON'T!!!

Re:Why BIS is bad

[sensationull]

Incorrect, BES talks to RIM's servers which in turn talk to the Blackberry devices. if this was not the case then why previously when the RIM servers went down for a couple of days was everyone including BES users up in arms about their email not working and being so reliant on an external system.

Nokia E series, Windows Mobile, iPhone etc all use a system which works by a direct connection to your provider/companies server over Microsofts ActiveSync protocol to provide push email, calander, etc along with SMS sync in later versions.

These may seem safer untill you realise that most are encrypted using keys from certification providers that can be compelled by governments to give out your encryption key rendering your own encryption transparent to them. The best bet is private keys generated by a trusted internal certification server if you actually want some form of privacy.