BlackBerry Helps Indian Gov't Spy On Users' Messages

hypnosec writes "The longstanding stalemate between the Government of India and BlackBerry (formerly RIM) is over after the government reportedly accepted the solution provided by BlackBerry regarding lawful interception of messages sent using BBM and internet emails sent using BlackBerry Internet Services (BIS). As a result of this, the government will now be able to monitor e-mails in real-time sent using BlackBerry services and messages on BlackBerry Messenger. According to Economic Times, which claims to have reviewed a copy of the internal Department of Telecom document, 'Baring a few minor points for improvement of viewers, the lawful interception system for BlackBerry Services is ready for use.' The initial demands of the government also included the ability to intercept and monitor emails and messages sent using BlackBerry Enterprise Server, but it seems that this demand have been shelved for now."

Human Rights

[Valentinial]

Probably every constitution in the world should be amended to guarantee people the right to private, secure communication. This is probably more important than the right to bear arms when defending people's rights against rogue governments.

Article 8, European Convention on Human Rights

[auric_dude]

May well cover this point https://en.wikipedia.org/wiki/Article_8_of_the_European_Convention_on_Human_Rights [wikipedia.org] & https://en.wikipedia.org/wiki/European_Convention_on_Human_Rights#Article_8_-_privacy [wikipedia.org] but YMMV.

Re:

[Anachragnome]

[responding to a post near top of thread to prevent the use of "forum sliding" tactics--refer to article in my signature if you are unaware of the tactic]

While the mainstream US media largely ignores NSA/US spying, other news has to take the place of those stories--something bigger and "better", so to speak.

Let's start with the train wreck in Lac Megantic--not a single story in mainstream media regarding SCADA systems used on most trains these days. Why not?

http://www.getransportation.com/rail/rail-product [getransportation.com]

Re:

[interval1066]

in the us, encryption **IS** a weapon... this is why we have export laws on RSA...

We did, they were rescinded in 2000 becuase they were stupid. The Fed. was hamstringing our own companies whereas everyone else could export what technology they wanted. Oh, and its a weapon in the US, becuase we have a paranoid Government. Do you eat up everything the Gov. tells you?

Re:

[Lennie]

They want to bring it back and I'm fairly certain they are going to try it too.

Who defines "rogue"?

[Zontar_Thing_From_Ve]

Probably every constitution in the world should be amended to guarantee people the right to private, secure communication. This is probably more important than the right to bear arms when defending people's rights against rogue governments.

Who gets to define "rogue governments"? When George W. Bush was president, the lunatic left was insistent that he "stole" the 2000 election for sure, he probably stole the 2004 Ohio election (yet oddly the Republican candidates were unable to steal the state in 2008 and 2012) and thus the general election, he had no respect for individual rights, wasn't going to leave office willingly, and on and on. Fast forward to today and some of the same people who blew off such talk are now saying that Barack Obama

Re:

[vikingpower]

Amen. If the pen is mightier than the sword, then a stream of bytes should be sharper than a Ronin's sword. BTW & FYI : "rogue" includes "US", "British", "French" e tutti quanti altri, not only "Iranian", "Syrian" and "Kazakh".

Re:

[jodido]

And they'll find a "legal" reason why that right has to be violated under certain circumstances. No law can protect you against what the ruling class wants to do to you.

Pile on USA

[dickplaus]

Damnit, India now too? Now we can't just pile on the USA, Bush, Obama, Rush Limbaugh, Fox News, Eric Holder and the likes.

Re:

[nhat11]

Now? It's always been like that and in many parts of the world.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[rwise2112]

Now Blackberry will have abysmal sales numbers in India instead of non-existent.

Actually, when I was there last year they seemed quite popular.

i'm all in

[perryizgr8]

i'm all for the government tapping into all of my communications if it translates to zero terrorist attacks forever. otherwise, fuck them.

Re:

[perryizgr8]

i'm an indian. we have never been a great nation recently.

Re:

[loom_weaver]

They lost a lot of good will because of that.

I remember at the time I considered RIM to be good for business and good about security and privacy. Then they sold out.

Re:

[Arker]

True, but it's a mistake to make this too much about RIM. Any for profit company in their situation would be very likely to do the same - or worse. At least they publicised the problem.

But that just points back to a basic fact. If we want secure communications we cannot rely on for-profit companies to provide that, at least not in the current environment. An alternative infrastructure is required - one that doesnt require trusting an organisation which isnt capable of resisting government pressure.

Re:

[JakartaDean]

They lost a lot of good will because of that.

I remember at the time I considered RIM to be good for business and good about security and privacy. Then they sold out.

Did they? They gave the Indian government access to some types of messages, but not others AND THEY TOLD EVERYONE WHICH ONES ARE STILL SECURE. Anyone caring about security can use BES, and those not caring can use BBM. It's not as convenient, but those for whom security is important still have it. Since it's business users who pay their rent, and it's business users who use BES their core interest is protected, and India can say they have access to terrorist communications, since terrorists presumably d

US media fully involved as well...

[Anachragnome]

Take a look at the Guardian (US version);

http://www.guardiannews.com/ [guardiannews.com]

Then take a look at RT News:

http://rt.com/ [rt.com]

Then take a look at CNN:

http://www.cnn.com/ [cnn.com]

Or even the New York Times:

http://www.nytimes.com/ [nytimes.com]

Notice a pattern? Apparently, the Zimmerman trial is all we Americans care about. The media is as complicit as Microsoft, et al. I start with the foreign news outlets, then head to CNN and other mainstream US media for comparison--what is missing from mainstream US media is the real news.

I fully expect "Cold Fjord" to be spewing his disinformation--with earnest--after the latest Prism revelations. If Microsoft is fucked, so is the NSA.

Re:

[Anonymous Coward]

Your point being that we (the US) is already just like Communist China:
http://www.nybooks.com/blogs/nyrblog/2013/jul/10/censoring-news-before-happens-china/

Re:

[TheGratefulNet]

mainstream US 'news' is pure entertainment and a grab for ratings.

it stopped being about news something like 10 or 15 years ago.

I gave up on US 'news'. I don't spend even a minute watching tv news or reading US newspapers (online or otherwise).

sad to see the news industry give up, but they have. they have given up trying and now just want to top each other on ratings.

Re:

[cold fjord]

I fully expect "Cold Fjord" to be spewing his disinformation--with earnest--after the latest Prism revelations. If Microsoft is fucked, so is the NSA.

What a pity. I was hoping that you had put aside the crackpot theories involving me and other people that have different views from you. Since you continue down this path, it looks like I'll need to see what other nonsense you've posted. You kind of have a Senator Joseph McCarthy vibe going: "I hold in my hand a list of NSA plants on Slashdot!" I think it is time to ask the question raised by Army counsel Joseph Welch [slashdot.org] to Senator Joseph McCarthy:

" Have you no sen

Sensationalize much?

[ArhcAngel]

India currently does this on all mobile carriers. RIM/BlackBerry is a mobile carrier as well as a device manufacturer. RIM was the only carrier that resisted (that I am aware of) the monitoring of their network (BlackBerry Internet Services or BIS). The Indian government threatened to suspend their network altogether if they didn't capitulate. RIM agreed to discuss the matter further and have been in negotiations for the last 2 years. Since BB 10 doesn't even use BIS I suspect BlackBerry is just giving India what is is asking for. This does not in any way effect enterprise deployments using a BlackBerry Enterprise Server (BES) as the encryption keys are generated at the server and kept only by the enterprise.

Nothing to see here...move along.

Re:

[sl4shd0rk]

Nothing to see here...move along.

On the contrary. No matter how hard RIM tried to "do good" in the end they "did bad" and as far as I'm concerned if they did it for India, they'll do it for anyone other high bidder for that matter. Just shows they are as douchey a corporation as Verizon, AT&T and anyone else engaged in all of this Orwellian crap finally coming to light.

Re:

[LordLimecat]

You missed the more important second part, where it doesnt matter because this affects BIS (the ghetto sort-of-blackberry experience), not BES (the main reason to get a blackberry).

If youre using BES, unlike 99% of other email providers, there is NO WAY to intercept the email in-transit-- not breaking SSL, not forging an SSL cert, not subpoenaing the wireless provider. BES uses symmetric per-device keys, and if you do not have the key for a particular blackberry, you are stuck bruteforcing AES encryption.

B

Re:

[ImprovOmega]

Not anymore. Now BB10 uses ActiveSync with standard SSL-based encryption for its emails.

Re:

[ArhcAngel]

BB 10 still has BES support but BB 10 has ended BIS support as the original need for it in developed countries (high mobile data costs and SLOW speeds) has mostly ceased to exist. BB has not ended support for BB OS 7 nor BIS since they still have a huge market for it in developing countries. They are releasing a new device [crackberry.com] in a few months that looks like a ruggedized BOLD.

Re:

[gl4ss]

rim is a mobile carrier as much ms and samsung are.. that is: they are not. they are however selling something of an email messaging service in india. so I would suspect it doesn't matter what service you use there, if it has local presence it is tapped.

Re:

[ArhcAngel]

BIS [crackberry.com] is an ISP for BlackBerry phones up to BB OS 7. Unlike iOS or Android BB OS 7 accesses the internet through BlackBerry NOT the carrier the phone is on. Since BlackBerry knows the device it is serving a web page to it also knows what content the phone can handle. As such when you request a web page on a BB the BIS only sends data the phone can process and it compresses the data as well. A web page that clocks in at 500K may only take 5K to transmit to a BB. So it's a little bit more than an email messagin

Re:

[Just Some Guy]

This does not in any way effect enterprise deployments using a BlackBerry Enterprise Server (BES) as the encryption keys are generated at the server and kept only by the enterprise.

Well, one set is. Have you read the source to see whether there's a second keypair?

What a News scoop!

[sdinfoserv]

This is like 4 years old. Blackberry within minutes of India shutting down RIM, and they capitulated to the Indian ministry of Information. One of the requirments was Indian Governement back door to all messaging... At the time we thought... Oh, look at the evil Indian overlord Govt... all the while our Govt sh#t bags were doing the same to us...

Invalid argument

[Dogbertius]

This affects BIS, not BES. This exact story is re-hashed every year on /. Must be a slow news day.

http://crackberry.com/blackberry-101-lecture-2-bes-and-bis-whats-difference [crackberry.com]

Re:

[TheSkepticalOptimist]

No, because iMessage or Google services are already easily tappable in those countries. No other IM is, or was, as secure as BBM which is the only reason why BlackBerry fell into the bad graces of countries like India and forced them to open up their protocol.

Just stop.

[thePowerOfGrayskull]

What a predictable clickbait title. I come by here every few weeks (less and less often, honestly - too much crap is just filtering through from populate media conglomerates) and am always able to find something on the front page that reminds me why I've taken to staying away.

But for old time's sake, I'll bite.

- RIM gave access to BIS communications when lawfully requested. This isn't new - they do it for every major government that submits legal requests. The fact that they'd do it for India was resolved months ago, in mid-2012 I think.
- RIM still has not and cannot give access to BES communications. THAT is what the battle with India is about - INdia said "you will give us ALL communications". RIM said "SOrry, we literally just can't do that.". India said "Do it or GTFO". RIM said "Sorry, we really just... can't". India realized this was true, and a big deal was made about the fact that theyr eceived BIS access (like any other government, for any service - not just RIM).
- It was face-saving, because they could not get what they actually insisted on getting - BES. Because the claim was that *BES* was used to planning subversive activities, not consumer BBM and email.
- they've given India no more than another other government. And they give the US government considerably less than any other government.

On that topic: you'll also notice that BlackBerry is NOT on the list of companies assisting NSA with Prism efforts. They do comply with lawful requests for specific data (as long as it's not BES, which they have no access to). But they do NOT hand over data in bulk, unlike all of their competition.

Re:

[LordLimecat]

But they do NOT hand over data in bulk

Because as you said they CANT. Historically if you got a blackberry, you were using BES, and if youre using BES NOONE can spy on your communication without either your device key or a magical AES crack.

Old news + old FUD

[LordLimecat]

The initial demands of the government also included the ability to intercept and monitor emails and messages sent using BlackBerry Enterprise Server, but it seems that this demand have been shelved for now."

...Because for the 8 millionth time, that is not possible since RIM does not possess the encryption keys for any BES setup.

Also, this story is only what, 5 years old?

Morale of the story...

[InvalidError]

All the first-party IM/mail services are tapped or highly likely to get tapped by governments so if you want some reasonable shot at privacy, you have to use one of the lesser-known privacy-oriented 3rd-party apps and networks. Preferably a decentralized open-source application and network so governments cannot shut it down nor insert backdoors without a high probability of getting caught.

Come on people smarten up!

[TheSkepticalOptimist]

"OMG BlackBerry voids human rights! I'm glad I use my beloved non-BlackBerry phone", an idiot might say.

Look, BlackBerry was the only company that offered a messaging service that was so secure that most governments could not hack it, and so threatened to not allow BlackBerries to be sold in their country. I mean POTUS prefered a BlackBerry over any other phone for this very reason.

Note, that this means that your beloved iPhone, Windows Phone, or Android, has messaging services that ALREADY allow governme

As Blackberry stated recently

[houbou]

We will find ways to make money...

RIMM suicide

[ElitistWhiner]

RIM supplies the final nail to the coffin in the platform otherwise known as Blackberry.