RIM Helps Indian Authorities Access BlackBerry Messages

judgecorp writes "RIM has set up a surveillance facility in India to help the authorities monitor users' BlackBerry messages, according to reports. This comes after a long argument in which RIM at first tried to resist opening up to Indian government scrutiny."

Are people still buying blackberries

[Synerg1y]

http://www.informationweek.com/news/mobility/business/231300237 [informationweek.com]

xnews.com/scitech/2011/10/27/class-action-suit-filed-against-rim-after-blackberry-outage/ http://www.itworld.com/mobile-wireless/216895/more-bad-news-rim-playbook-os-update-delayed-4-months-or-maybe-forever

My google search: "RIM News", not "RIM Bad News", http://www.google.com/search?q=RIM+news [google.com]

Google & MS would just laugh at the silly indians and their depreciation of individual privacy.

Re:

[Synerg1y]

Is your argument serious or are you just trolling?

Either way your completely speaking out of your ass. We're talking about the Indian government here, RIM is not based there, MS is based in the states, I'm still unclear as to whether your head is really that far up your ass to not be able to tell the difference between the two governments.

Also customers are #1 to an organization, try landing a real job that pays non-monopoly money to learn that or something. No customers, there is no organization for the

Re:

[WNight]

Lobbying for favorable laws opens up markets, and part of getting favorable laws is doing whatever you're asked. So to get those #1 customers they'll do anything, even provide them a cut-rate service by allowing warrantless wiretapping, etc.

And they'll bow to whatever special interest makes it more profitable to deal than fight, from government to church groups.

There's no risk for the companies that do this. If someone was discovered to be in the KKK they might get beaten or killed, but build a product that

RIM sales already decreasing;not sure this'll help

[youn]

one of the only reasons it sales were still up was through enterprise phones which had insurance their communications were encrypted

Re:

[ackthpt]

one of the only reasons it sales were still up was through enterprise phones which had insurance their communications were encrypted

They appear to have nails being hammered into their coffin at a brisk pace.

I'd say this makes them a takeover target for ... Microsoft.

Re:

[wiedzmin]

Oh please, like other companies (Google, Microsoft, AT&T) don't let other governments (UK, Canada, US) read your "encrypted" email whenever they feel like it.

Re:

[priegog]

Do you any sources to back these claims up? I'm genuinely interested...

Re:

[wiedzmin]

Here you go:

http://www.dslreports.com/shownews/ATT-Repeatedly-Helped-FBI-Break-Communications-Law-106553 [dslreports.com]
http://www.wired.com/threatlevel/2007/03/fbi_confirms_co [wired.com]
http://www.itworld.com/security/216565/google-admits-it-would-give-your-data-feds-93-times-out-100 [itworld.com]
http://www.pcworld.com/article/190438/microsoft_stool_pigeon_for_the_cops_and_fbi.html [pcworld.com]

Re:

[Opportunist]

Huh? Who gave Google, MS and AT&T my private PGP key?

Re:

[youn]

Blah Blah blah :)... Dude, chill... this is slashdot... no one reads the articles even when there is just one... you actually want me to read 3 haha, you're funnnyyyy :) .. Some of us have a life you know :p... I swear I get out of the basement sometimes. YOu should try... your skin won't sparkle like a vampire, i promise. Anon, zometimez you can really be a pain in the butt/ annoying :p

Don't glare at RIM

[ackthpt]

The Indian government (among others) will twist arms of any and all carriers to get what they want. Even in the US the gummint will get what it wants one way or another.

Want privacy? Write your own encryption and scramble everything you share with your mates.

Re:

[Flyerman]

You think they won't come knocking once they see that shit on the web?

Re:

[Synerg1y]

No they won't, your tinfoil hat is on too tight.

Re:

[Synerg1y]

Name one example in context of OP newb. Too scared to login coward?

Re:

[CanHasDIY]

Want privacy? Write your own encryption and scramble everything you share with your mates.

Makes sense for the 99.999% of the global population who aren't cryptophiles...

Re:

[shutdown -p now]

Makes sense for the 99% of the population who don't really care all that much about privacy - at least as far as government access goes.

Re:

[bill_mcgonigle]

The Indian government (among others) will twist arms of any and all carriers to get what they want.

Twisting arms is exactly what it will take to get plaintext from a carrier that's carrying properly configured IMAP/TLS traffic, except it has to be the arm of the user or the server admin - all the carrier can do is block it.

RIM's architecture puts it as the weakest link in the real security model. Serious people have known this for a decade. So much so, that the Indians are only going to catch stupid and

Re:

[Sean]

TLS? That's backdoored if the client accepts keys signed by one out of a huge list of trusted CAs. And that's pretty much every major client.

Re:

[bill_mcgonigle]

TLS? That's backdoored if the client accepts keys signed by one out of a huge list of trusted CAs. And that's pretty much every major client.

Yeah, like I said, "properly configured IMAP/TLS traffic". I think the organized criminals who have hundreds of millions of dollars at stake aren't going to be making these mistakes.

Setting up a CA is trivial at this point, and client-certificate TLS is getting better support. I guess one should inspect his mail client's source to make sure it properly prevents spoo

Re:

[sitkill]

Are you sure about that?

And more to the fact, why would they? I don't believe any of their message transfering is encrypted, so why would India need to ask them for it? Note, blackberries encrypt by default. Also note, in the articles linked, they talk about Nokia giving access, so this isn't a blackberry only thing.

RIM is also not giving them access to the BES servers it seems, so they are pushing back....and to be honest, this ENTIRE slashdot submission is pretty much just here for more blackberry ba

Re:

[CodeBuster]

Write your own encryption and scramble everything you share with your mates.

It's not necessary to write your own encryption. In fact, doing so is dangerous because without specialized knowledge and very careful programming, bugs or other weaknesses are all too easily introduced. No, there are already many fine open source implementations of various ciphers which are known to be secure. The problem in real world situations is always the key management. Indeed, most known breaches of modern ciphers have mainly come not from brilliant cryptanalysis, but rather attacks on the key manag

Re:

[ajo_arctus]

If you want to guarantee that your secrets can be decrypted, write your own encryption.

Unless you are a genuine cryptography expert, any encryption scheme you come up with will be easily breakable. You could maybe use one time pads that are longer than your messages and swap/synchronise them in a safe way -- that'd be secure -- but it still won't work. If "they" want to know what's going on, they'll just torture you.

This is perfectly fine

[idiot900]

Nobody in the Indian government would ever consider misusing this surveillance capability. As we all know, Indian government workers do not take bribes, the rich and powerful only have the same rights as anybody else, and the Indian government has a long history of the utmost integrity. There is no reason for anyone using BlackBerry who is concerned about their privacy to switch to another provider.

Re:

[Kulfaangaren!]

"Nobody in the US government would ever consider misusing this surveillance capability. As we all know, US government workers do not take bribes, the rich and powerful only have the same rights as anybody else, and the US government has a long history of the utmost integrity. There is no reason for anyone using BlackBerry who is concerned about their privacy to switch to another provider."

There, fixed it for you.

Re:

[Opportunist]

Mine.

Vote me for dictator!

Don't worry

[mr1911]

This will be restricted to only legitimate reasons for data. There is absolutely no way it will be abused.

Re:

[Opportunist]

I believe you.

Of course, my definition of "legitimate" might differ from theirs...

It won't work in India...

[Anonymous Coward]

The last time India had a major terrorist attack, the perps used cell phones & sim cards that had never been used before. So there was nothing to tap until the day of the attack.

Terrorists aren't always dumb.

I read this as

[blair1q]

Here's what I saw in that article: "Rim entraps customers into paying to be spied on by their own government, and happily profits from it."

Because leaving profits on the table to do something ethical? Not Rim's business model.

Re:

[blair1q]

Is RIM the only manufacturer allowing the government to monitor traffic?

Or is it just the only one who tried to fight it, or could?

I suspect the government already has a sniffer on all the other systems.

Doesn't change my view of RIM's capitulation. They tried to keep their entire subscriber base, now they're willing to profit from delivering up those who haven't bailed.

Re:

[TheGratefulNet]

all carriers and equip makers must give governments (and even powerful companies) ability to do DPI and MitM Bad Things(tm).

just routing packets is not 'fun' for companies anymore, nor profitable. they are ALL in the spy business. anything with a cpu, these days (ie, more than the $10 silicon home gig-e switches) will be doing DPI and triggering with hardware assist.

the new hotness is users (ie, owners, ie governments) writing their OWN apps that run *inside* the router/switch.

yeah, think of the great thi

Re:

[ve3oat]

I read it differently. Since the Indian government can already read the communications from all other brands of mobile phone, they have now asked RIM to help them break into the more secure transmissions from Blackberries. It was inevitable.

And the next step?

[TubeSteak]

How long until criminal organizations setup Enterprise Blackberry servers?

Re:

[hawkbat05]

Another option is to write an app implementing PGP using BB PIN messages with a BBM style UI. The only text they would intercept is a public key and base 64 encoded encrypted data. Even of they got one persons private key they'd only see half a conversation. Also, they wouldn't need their own server because they would just use RIM's as the transport. This probably wouldn't be too difficult for the more sophisticated groups. The problem with lawful access is it only catches the dumb ones, but still exposes

Why BB especially?

[doston]

The US government is able to go into any of the cell providers data side and look at anything with no warrant and no notice to the carrier. Both carriers I worked for provided back doors into the SMS/MMS platforms. The feds even had their own cutesy username (Leo) and password was equally adorable. Why bother with a warrant when you can just go look at the info, then if you see anything interesting, ask for the warrant. Apparently it saves Leo time. Marriage of corporations and governments = what?? Th

Re:

[jimicus]

Because Blackberry, IIRC, provide a messaging service comparable to SMS but using the phone's data connection. This messaging service offers end-to-end encryption.

Correction: Blackberry's marketing claimed it offered end-to-end encryption and that there was no way they could snoop on messages. IIRC they also told the Indian authorities something similar. The fact that this story is able to exist demonstrates that this is not true.

Can't say I'm particularly surprised myself. Telephony providers are more-or-l

Re:

[narcc]

Had you actually read the article (this is Slashdot, I know) then you'd know that, as always, BES users are still secure.

See, RIM couldn't give them access to BES users data no matter how badly they wanted to. They simply don't have the keys.

To avoid the current privacy issues, BIS users in India can make use ot the many of third-party apps that provide additional security to contacts, sms, etc.

So, yes, in India (and just about everywhere else for that matter) Blackberry is still the only real choice when

Re:

[jimicus]

Funny, I could have sworn the iPhone (and Android for that matter) will happily check the certificate chain when establishing an SSL connection to their email server.

Re:

[narcc]

There is a lot more to messaging security than just an SSL connection, you know.

Re:

[Opportunist]

Mmm... given my experience with tech support, all they have to do is talk in English and nobody will be able to break the cypher.

When do the other shoes drop?

[tqk]

Does India's justice system have an equivalent requirement for warrants prior to wiretaps?

I wonder when the DHS and (Canada's) CSIS get their own monitoring centres?

Re:

[GameboyRMH]

You think they don't already have the capability? LOL!

Re:

[tqk]

I wonder when the DHS and (Canada's) CSIS get their own monitoring centres?

You think they don't already have the capability?

Up until a few months ago RIM was insisting that, due to the way BBs work, such monitoring centres were simply impossible - it couldn't be done.

Sad. I suspect this sounds the death knell for RIM.

Re:

[shutdown -p now]

According to this [dot.gov.in], which, as I understand, is the current Indian law on the subject:

"On the occurrence of any public emergency, or in the interest of the public safety, the Central Government or a State Government or any officer specially authorized in this behalf by the Central Government or a State Government may, if satisfied that it is necessary or expedient so to do in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public or

Re:

[Jiro]

However, my understanding is that material obtained through such wiretapping is not directly admissible in the court, so it cannot itself be used as a proof of wrongdoing.

They will probably just use the standard dodge that's already used in the US: once they look at the inadmissible evidence and figure out who they want to search, claim to have received an "anonymous tip" implicating that person and search them based on the "anonymous tip".

Re:

[TheGratefulNet]

india's justice system.

hmmm.

I know those words on their own, but for the life of me, I just can't make sense of them together as a phrase.

Ahh, the challenges of RIM

[bobstreo]

Secure and highly available..

Didn't RIM claim this wasn't possible?

[Sark666]

I thought I read RIM claimed that how their network is setup in such a way that the encryption is done on the device and they don't have a means of accessing the contents?

Re:

[Anonymous Coward]

That is how the Blackberry ENTERPRISE SERVER (BES) works. Indian gov't got access to Blackberry INTERNET Services which is what you use if you don't proactively connect to a BES server.

S/MIME

[mr100percent]

All the more reason to use S/MIME or PGP/GPG to encrypt your email, and keep it out of government hands.