Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Blackberry Communications Government Privacy Security Your Rights Online

RIM Helps Indian Authorities Access BlackBerry Messages 74

Posted by Soulskill
from the giving-up-the-ghost dept.
judgecorp writes "RIM has set up a surveillance facility in India to help the authorities monitor users' BlackBerry messages, according to reports. This comes after a long argument in which RIM at first tried to resist opening up to Indian government scrutiny."
This discussion has been archived. No new comments can be posted.

RIM Helps Indian Authorities Access BlackBerry Messages

Comments Filter:
  • http://www.informationweek.com/news/mobility/business/231300237 [informationweek.com]

    xnews.com/scitech/2011/10/27/class-action-suit-filed-against-rim-after-blackberry-outage/ http://www.itworld.com/mobile-wireless/216895/more-bad-news-rim-playbook-os-update-delayed-4-months-or-maybe-forever

    My google search: "RIM News", not "RIM Bad News", http://www.google.com/search?q=RIM+news [google.com]

    Google & MS would just laugh at the silly indians and their depreciation of individual privacy.

  • one of the only reasons it sales were still up was through enterprise phones which had insurance their communications were encrypted

  • Don't glare at RIM (Score:4, Insightful)

    by ackthpt (218170) on Friday October 28, 2011 @04:38PM (#37874274) Homepage Journal

    The Indian government (among others) will twist arms of any and all carriers to get what they want. Even in the US the gummint will get what it wants one way or another.

    Want privacy? Write your own encryption and scramble everything you share with your mates.

    • by Flyerman (1728812)

      You think they won't come knocking once they see that shit on the web?

    • Want privacy? Write your own encryption and scramble everything you share with your mates.

      Makes sense for the 99.999% of the global population who aren't cryptophiles...

      • Makes sense for the 99% of the population who don't really care all that much about privacy - at least as far as government access goes.

    • The Indian government (among others) will twist arms of any and all carriers to get what they want.

      Twisting arms is exactly what it will take to get plaintext from a carrier that's carrying properly configured IMAP/TLS traffic, except it has to be the arm of the user or the server admin - all the carrier can do is block it.

      RIM's architecture puts it as the weakest link in the real security model. Serious people have known this for a decade. So much so, that the Indians are only going to catch stupid and

      • by Sean (422)

        TLS? That's backdoored if the client accepts keys signed by one out of a huge list of trusted CAs. And that's pretty much every major client.

        • TLS? That's backdoored if the client accepts keys signed by one out of a huge list of trusted CAs. And that's pretty much every major client.

          Yeah, like I said, "properly configured IMAP/TLS traffic". I think the organized criminals who have hundreds of millions of dollars at stake aren't going to be making these mistakes.

          Setting up a CA is trivial at this point, and client-certificate TLS is getting better support. I guess one should inspect his mail client's source to make sure it properly prevents spoo

    • Write your own encryption and scramble everything you share with your mates.

      It's not necessary to write your own encryption. In fact, doing so is dangerous because without specialized knowledge and very careful programming, bugs or other weaknesses are all too easily introduced. No, there are already many fine open source implementations of various ciphers which are known to be secure. The problem in real world situations is always the key management. Indeed, most known breaches of modern ciphers have mainly come not from brilliant cryptanalysis, but rather attacks on the key manag

    • If you want to guarantee that your secrets can be decrypted, write your own encryption.

      Unless you are a genuine cryptography expert, any encryption scheme you come up with will be easily breakable. You could maybe use one time pads that are longer than your messages and swap/synchronise them in a safe way -- that'd be secure -- but it still won't work. If "they" want to know what's going on, they'll just torture you.

  • by idiot900 (166952) * on Friday October 28, 2011 @04:41PM (#37874300)

    Nobody in the Indian government would ever consider misusing this surveillance capability. As we all know, Indian government workers do not take bribes, the rich and powerful only have the same rights as anybody else, and the Indian government has a long history of the utmost integrity. There is no reason for anyone using BlackBerry who is concerned about their privacy to switch to another provider.

    • "Nobody in the US government would ever consider misusing this surveillance capability. As we all know, US government workers do not take bribes, the rich and powerful only have the same rights as anybody else, and the US government has a long history of the utmost integrity. There is no reason for anyone using BlackBerry who is concerned about their privacy to switch to another provider."

      There, fixed it for you.
  • by mr1911 (1942298) on Friday October 28, 2011 @04:41PM (#37874310)
    This will be restricted to only legitimate reasons for data. There is absolutely no way it will be abused.
  • by Anonymous Coward

    The last time India had a major terrorist attack, the perps used cell phones & sim cards that had never been used before. So there was nothing to tap until the day of the attack.

    Terrorists aren't always dumb.

  • Here's what I saw in that article: "Rim entraps customers into paying to be spied on by their own government, and happily profits from it."

    Because leaving profits on the table to do something ethical? Not Rim's business model.

    • by ve3oat (884827)
      I read it differently. Since the Indian government can already read the communications from all other brands of mobile phone, they have now asked RIM to help them break into the more secure transmissions from Blackberries. It was inevitable.
  • How long until criminal organizations setup Enterprise Blackberry servers?

    • Another option is to write an app implementing PGP using BB PIN messages with a BBM style UI. The only text they would intercept is a public key and base 64 encoded encrypted data. Even of they got one persons private key they'd only see half a conversation. Also, they wouldn't need their own server because they would just use RIM's as the transport. This probably wouldn't be too difficult for the more sophisticated groups. The problem with lawful access is it only catches the dumb ones, but still exposes
  • Why BB especially? (Score:2, Interesting)

    by doston (2372830)
    The US government is able to go into any of the cell providers data side and look at anything with no warrant and no notice to the carrier. Both carriers I worked for provided back doors into the SMS/MMS platforms. The feds even had their own cutesy username (Leo) and password was equally adorable. Why bother with a warrant when you can just go look at the info, then if you see anything interesting, ask for the warrant. Apparently it saves Leo time. Marriage of corporations and governments = what?? Th
    • by jimicus (737525)

      Because Blackberry, IIRC, provide a messaging service comparable to SMS but using the phone's data connection. This messaging service offers end-to-end encryption.

      Correction: Blackberry's marketing claimed it offered end-to-end encryption and that there was no way they could snoop on messages. IIRC they also told the Indian authorities something similar. The fact that this story is able to exist demonstrates that this is not true.

      Can't say I'm particularly surprised myself. Telephony providers are more-or-l

      • by narcc (412956)

        Had you actually read the article (this is Slashdot, I know) then you'd know that, as always, BES users are still secure.

        See, RIM couldn't give them access to BES users data no matter how badly they wanted to. They simply don't have the keys.

        To avoid the current privacy issues, BIS users in India can make use ot the many of third-party apps that provide additional security to contacts, sms, etc.

        So, yes, in India (and just about everywhere else for that matter) Blackberry is still the only real choice when

        • by jimicus (737525)

          Funny, I could have sworn the iPhone (and Android for that matter) will happily check the certificate chain when establishing an SSL connection to their email server.

          • by narcc (412956)

            There is a lot more to messaging security than just an SSL connection, you know.

  • Does India's justice system have an equivalent requirement for warrants prior to wiretaps?

    I wonder when the DHS and (Canada's) CSIS get their own monitoring centres?

    • You think they don't already have the capability? LOL!

      • by tqk (413719)

        I wonder when the DHS and (Canada's) CSIS get their own monitoring centres?

        You think they don't already have the capability?

        Up until a few months ago RIM was insisting that, due to the way BBs work, such monitoring centres were simply impossible - it couldn't be done.

        Sad. I suspect this sounds the death knell for RIM.

    • According to this [dot.gov.in], which, as I understand, is the current Indian law on the subject:

      "On the occurrence of any public emergency, or in the interest of the public safety, the Central Government or a State Government or any officer specially authorized in this behalf by the Central Government or a State Government may, if satisfied that it is necessary or expedient so to do in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public or

      • by Jiro (131519)

        However, my understanding is that material obtained through such wiretapping is not directly admissible in the court, so it cannot itself be used as a proof of wrongdoing.

        They will probably just use the standard dodge that's already used in the US: once they look at the inadmissible evidence and figure out who they want to search, claim to have received an "anonymous tip" implicating that person and search them based on the "anonymous tip".

    • india's justice system.

      hmmm.

      I know those words on their own, but for the life of me, I just can't make sense of them together as a phrase.

  • Secure and highly available..

  • I thought I read RIM claimed that how their network is setup in such a way that the encryption is done on the device and they don't have a means of accessing the contents?

    • by Anonymous Coward

      That is how the Blackberry ENTERPRISE SERVER (BES) works. Indian gov't got access to Blackberry INTERNET Services which is what you use if you don't proactively connect to a BES server.

  • All the more reason to use S/MIME or PGP/GPG to encrypt your email, and keep it out of government hands.

Money is the root of all wealth.

Working...