Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Blackberry Privacy

RIM Agrees To Hand Over Its Encryption Keys To India 164

Posted by samzenpus
from the lets-see-what-you-got-there dept.
An anonymous reader writes "BlackBerry maker Research in Motion's (RIM) four-year standoff with the Indian government over providing encryption keys for its secure corporate emails and popular messenger services is finally set to end. RIM recently demonstrated a solution that can intercept messages and emails exchanged between BlackBerry handsets, and make these encrypted communications available in a readable format to Indian security agencies. An amicable solution over the monitoring issue is important for the Canadian smartphone maker since India is one of the few bright spots for the company that has been battling falling sales in its primary markets of the US and Europe. In India, RIM has tripled its customer base close to 5 million over the last two years,"
This discussion has been archived. No new comments can be posted.

RIM Agrees To Hand Over Its Encryption Keys To India

Comments Filter:
  • by Sir_Sri (199544) on Thursday August 02, 2012 @07:24PM (#40863177)

    Part of the appeal of RIM was that you knew governments weren't out there stealing secrets sent across your network. I understand that India has a legitimate security need to be able to wiretap communications and so on. But this isn't going to 'help' RIM. This takes away the only major competitive advantage they had, which was that using RIM meant you knew no one in the indian government was going to steal your work and sell it to someone else (which is a serious concern in india).

    If anything, this just levels the playing field. And that's bad for RIM, because they aren't competitive.

  • by Moblaster (521614) on Thursday August 02, 2012 @07:30PM (#40863237)

    It's pretty clear what happened. They kept the keys secret and held out for a long time on "principle" because that was the best business decision at the time. Then, as the onslaught of iPhone and Android took its toll, the principle changed to survival, because that became the new best business decision.

    It's sad, but at this point, it hardly affects any country but India anyway!

  • Moral of the story (Score:5, Insightful)

    by characterZer0 (138196) on Thursday August 02, 2012 @07:37PM (#40863289)

    Moral of the story: If you do not control end-to-end encryption yourself, it is not secure.

  • by Opportunist (166417) on Thursday August 02, 2012 @07:47PM (#40863375)

    In this case you don't even control ANY part of the encryption, not even on your end. Something that is the absolute bare minimum for any kind of security.

  • by jago25_98 (566531) <[jago25_98] [at] [hotmail.com]> on Thursday August 02, 2012 @08:25PM (#40863649) Homepage Journal

    I think we need to make clearer what exactly the impact of this is.

    Does an Indian businessman who bought a Blackberry in SouthAmerica and is working in Europe be assured on some level of privacy on communications?

    Does an American businessman with a Blackberry bought in the USA visiting India on the way to China need to rethink how company documents are transmitted?

    Not very clear, especially as the BIS keys can't and therefore haven't been handed over.

    So we have a new server in India, but what is being routed through it?

  • by Anonymous Coward on Thursday August 02, 2012 @08:59PM (#40863867)

    Are you saying you trust your smart phone to have only real, valid intermediate ssl certificates? Or are you so ignorant to think that governments aren't trying to man-in-the-middle SSL like crazy, especially on mobile networks.

  • by LordLimecat (1103839) on Thursday August 02, 2012 @09:19PM (#40863995)

    Once again. For the last time....
    RIM does NOT have the encryption keys used by BES servers. Those keys are held internally by businesses only, and those are then used (along with "random" data) to generate the device keys. Even if RIM somehow had the organization's master key, they wouldnt have access to the "random" data that was used to derive the device key (which is pulled from that "wiggle your mouse around for a while" procedure).

    In other words, BES servers continue as unaffected as before. Call me when India figures out how to large-scale crack AES256 with unknown keys.

  • Re:Sell now (Score:5, Insightful)

    by bill_mcgonigle (4333) * on Thursday August 02, 2012 @10:40PM (#40864471) Homepage Journal

    It seems to me VPN or IMAP over SSL has all the advantages of BB without the risk they'll sell you out. And has for some time.

    yeah, I was pointing this out to clients as early as 2004. I had a working IMAPS client on a Treo 650 at the time. They wanted Outlook integration over security (despite always talking about their multi-billion-dollar IP that had to be protected at all costs). Lesson learned: most people don't care about security, they just say they do.
     

  • by Prune (557140) on Thursday August 02, 2012 @11:39PM (#40864727)
    They only have the keys to the non-business service. Corporate users deploying Blackberry Enterprise Server create their own key pairs when registering each handset with the company's BES server, and so control the encryption end-to-end. There are no third parties with access to these keys, making this far more secure than SSL, for example. The article is FUD.
  • by gl4ss (559668) on Friday August 03, 2012 @01:44AM (#40865175) Homepage Journal

    sure that they don't ship a backdoor? that's essentially what they're asking for "This satisfies India's core demand that RIM provide intelligence and security agencies with automatic solutions to monitor all communication on BlackBerry smartphones on a real-time basis, an official aware of the development said."

    it's a pretty crazy requirement for a device that allows programmable code and tcp/ip though.

Brain damage is all in your head. -- Karl Lehenbauer

Working...