RIM's Encryption 'Too Secure' For Indian Government's Taste

climenole writes "Research in Motion, the creator of the widely used enterprise-cum-consumer BlackBerry device, has an uncertain position in India. The Indian government's internal security and intelligence services cannot break the encryption of the device, which makes countering terror threats and national security matters difficult — especially for a region which faces constant threats and attacks from domestic Maoist insurgents and extremist Islamic groups." Does it make you wonder how much safer everyone would be if parkas, mailing envelopes, cash, and superglue were all evaluated on the same basis?

And GnuPG?

[ciaran_o_riordan]

What about sending email with GnuPG?

Re:

[Anonymous Coward]

Dot. (For good measure.)

Re:

[stephanruby]

And so most European governments except the UK I take it. All European governments (except for the UK) have warned their own government officials and company executives NOT to use BlackBerry/RIM.

The main problem is that if you send a text, an IM, an email, or anything to the person sitting next to you in any European country you might be located in, it's encrypted all-right, but your blackberry will always route that message to the UK first (and the Canadian company Research In Motion is able to decrypt th

Re:

[Runaway1956]

"keep this trojan horse around their neck"

I find your mixed metaphor rather interesting. Are you into bestiality, or what? A little Freudian slip there?

No one does

[Rix]

So they don't care.

Re:

[JSlope]

Usually I think that it's too complicate to configure for an average user and it's a show stopper for most of them.

Not just GPG

[AtillaTheMagyar]

If your point is what about other encryption services (including GPG, PGP, TrulyMail, etc.) then you are right. There is nothing someone can do to prevent EVERY way of keeping messages private. The fact that RIM is talking about (or has already) given the keys to the kingdom to some governments clearly shows that they *can* knock off some tools, but not all of them. If your point is only for GPG than I agree with JSlope that it is way too difficult for the non-technical user to configure. Luckily, there ar

dupe

[phantomfive]

Wow, I haven't seen a dupe this bad [slashdot.org] in a long time. The story is still on the front page. Add to it the story of being detained at the border, Verizon changing router passwords, and the hacker tapping phones for $1500, and today is privacy Sunday, eh guys?

Re:

[Darkness404]

Um, I'm a bit confused on how the UAE is related to India, last time I checked they were entirely different regions of the world.

Re:

[Michael Kristopeit]

that story did say they were following india's example... so it's worse than a dupe... it's breaking a story that another story already referenced in the past tense.

Re:

[Anonymous Coward]

Read the original story - India is mentioned.

Re:

[Anonymous Coward]

Also, summary.

Re:dupe

[phantomfive]

Heh, so you are one of those guys who only reads the title and not the summary, I see. Sign up to be a Slashdot editor, they need more people like you.

Re:

[Anubis IV]

timothy is on a roll.

Re:

[Peach Rings]

Don't you mean on a role? Wait, augh! Too much slashdot!

enterprise-come-consumer

;_; What are they doing to you my poor language?

Re:

[EdIII]

What are they doing to you my poor language?

You act like the English Language is just in the beginning parts of that movie Deliverance. Sorry to break this to you Nizzle, but the English Language has already been metaphorically sold into brutal slavery and is currently wearing cheap leapstick, dirty lingerie, and is waiting for the next sweaty john to take her for a ride.

I don't know how much animation you watch, or perhaps Serenity, but I have the strong impression that communications 50 years from now wi

Re:

[suman28]

It is typically written as "enterprise-cum-consumer", meaning "enterprise as well as / with consumer", but in the US? not sure about Europe, that word has becum known for other things besides the cleaner version

Re:

[Peach Rings]

Yeah I know, that's my point. Some overzealous copy checker seized upon that word and corrected it to "come."

Re:

[worx101]

I have to ask, who was the guy who sat down and decided how English should be spoken? And, do we speak the same English today that was spoken 500 or even 200 years ago.

Re:

[chilvence]

If we did then we'd be able to speak a lot better german...

Re:

[unixan]

today is privacy Sunday, eh guys?

It's DefCon weekend.

Re:

[EmagGeek]

When did India and UAE become the same country?

That's what I get for sleeping in on Sunday...

Re:

[phantomfive]

Read the summary.

Re:

[Ethanol-fueled]

The problem is that, when wide snooping infrastructures are in place, organizations other than the native government learn to listen in.

Remember the Greek phone-tapping fiasco? [wikipedia.org]

When governments attack, only one thing matters

[countertrolling]

How can we can keep private, secure communications from being blocked?

Re:

[Michael Kristopeit]

not rely on a corporation to provide the service for you

Re:

[countertrolling]

Gee, thanks! Now find a non-corporate internet provider that can stay out of reach of government tentacles. In fact find a publicly accessible internet connection that is non-corporate at all. You neighbor's wifi doesn't count for obvious reasons. We'll have to build our own.. from scratch... that's invincible... We need people with the resources that are willing to do so.

Re:

[countertrolling]

Read the 9th Amendment... The government only has the authority explicitly written into the document. But that doesn't matter since I'm talking of a global scale, which isn't subject to American law (so it thinks). And all written law, and our rights are toothless without a weapon to back them up. That's life in a world run by savages...

Re:

[Michael Kristopeit]

unlike a world where encryption is necessary to communicate? what are you afraid of?

Re:

[countertrolling]

The savages make the encryption necessary. What are you talking about?

Re:

[countertrolling]

i suppose you can protect me from these "savages" for a price?

Yep... Let's see if you can make worth my trouble

Re:

[EdIII]

Privacy and Anonymity are a right, and yes it is in the Constitution. Furthermore, it is a basic human right.

Re:

[Michael Kristopeit]

it's not very practical to expect privacy while broadcasting on a public network.

Re:

[MysteriousPreacher]

By that logic no-one should complain if wiretaps were to be installed in restaurants. It's not reasonable to expect that no-one will overhear a conversation in a public place but quite reasonable to expect that there won't be microphones in your beef satay - at least not without proper judicial oversight.

Re:

[countertrolling]

Insurance... against those don't respect our rights.

Re:

[countertrolling]

Ya takes yer chances... Life's a gamble... No guarantees... I make the effort, hope for the best.. and expect the worst.. That way I'm never disappointed. I derive no benefit from simply lying down and living the lie. Yours may be a different story... Whatever makes you confortable

Re:

[countertrolling]

you're an idiot.

From you, I'll take that as a complement...

Now please, go take some reading lessons.

Re:When governments attack, only one thing matters

[countertrolling]

you are NOTHING

Ahhh, excellent :-) That's what I've been waiting for. What took you so long?

Re:

[LaRainette]

braodcasting on a private network with encrypted protocols ?

Try to hack encrypted information from any company in the world and we'll see if someone wasn't expecting "privacy"... when your ass rots in jail.

Re:

[Michael Kristopeit]

no, they were expecting someone to try and view their data... that is why they encrypted it... and then someone did make that attempt, just like they planned for... and from the way you describe it, it sounds like your jail rotter was not successful....

it sounds more like a trap to me.

Re:

[LaRainette]

I just I didn't made myself very clear.
What i'm saying is the following : it's not because you use a public network (internet) that your communications are not private.
Indeed Most of the companies and NGO, government agencies and such USE internet with encrypted protocols and they DI intend they telecommunications to stay private (i.e. not decrypted by people who shouldn't)

Now the thing is if private corporations are allowed to encrypt their communications on a public network (and indeed they are) WH

Re:

[LaRainette]

Yes I agree, but I was justresponding to the :
"LULZ YOU USEZ TEH INTARWEB AND THINKZ YOU CAN HAV PRIVACY n00bZ rolfmao !"

This is bullshit, end of story. Now of course nobody is entitled to be offered privacy as a service, but anyone encrypting anything on the internet is guaranteed by the laws of (most if not) all the democracies in the world the right for this data to stay encrypted.

Or in other words : it is as illegal to decrypt encrypted data as it is to open a scealed letter that wasn't meant fo

Re:

[kilfarsnar]

Really? See the 9th Amendment. Just because it's not in the Constitution doesn't mean that I don't have the right.

Re:

[LaRainette]

you fail to understand what technical aspects are at stake.
I access the internet through a corporate ISP but it doesn't mean I cannot use encrypted protocols to communicate.

RIM doesn't provide internet access. It provides comminucation protocoles and server infrastructure for services. (and smartphones) The same way you could use free FLOSS decentralised solutions for encrypted communication adn that wouldn't be provided by a corporation of any kind. So his point stands.

But seriously the issue here

Re:

[JSlope]

My experience shows that unfortunately most people are not interested in their privacy. You'll have to find a lot of enthusiasts to implement to build your own ISP.

Re:

[dooode]

I am not sure which country you are from. But if you are from US, there is a high probability the government already has access to all your emails, cellphone communications and messages. It is not that government cares about who you are, or people whom you talk to. Your communications are merely data nodes where these data elements are part of large networks that go through regular network analysis for keywords. If you happen to be some one from Sudan or Pakistan, with close association defined by your name

Re:

[WCguru42]

Now, you may call it a privacy breach. But if this analysis saves lives, why the heck should government not do that?

And if US is allowed to do that, its duplicity to cry foul when India asks for the same?

It is a privacy breach, and no the government shouldn't be doing it. The US might do it, but that doesn't mean it should be allowed to do so.

Re:

[selven]

Encryption by default. And steganography by default (eg. Truecrypt's nested volumes).

Re:

[fuzzyfuzzyfungus]

While perhaps commendable for its honestly, a policy of implying that concern for individual privacy is a "left-wing bias" is arguably not the best of strategies...

Re:

[Gonoff]

Well it certainly is not a right wing bias!

In actual fact, possly no unnacountable, large and secretive organisation is 100% keen on individual privacy. Corporates are much better at lying about it though. They are less bothered by FOI requests.

Re:

[phantomfive]

What's the matter, are you an Indian-government apologist, or something? The title summarizes exactly what the Indian government wants.

It's not left-wing, either: neither the right nor the left in America wants the government to control communications (I'm not talking about congress people, of course).

Re:

[dooode]

You are ignorant my dear friend...

Your emails, messages and communications are regularly analyzed by DOD for keywords. You won't even realize the amount of money and effort US agencies spend on network analysis, and the amount of funding available for such projects.

What disses me off is so much hypocrisy by American companies. They would co-operate with US federal agencies and provide the required data discretely, but would keep cribbing when other agencies ask for the same.

Re:

[phantomfive]

You won't even realize the amount of money and effort US agencies spend on network analysis, and the amount of funding available for such projects.

That is true, I don't realize the amount of money and effort US agencies spend on this stuff. Do you have numbers, or are you just making stuff up?

Re:

[dooode]

> That is true, I don't realize the amount of money and effort US agencies spend on this stuff. Do you have numbers, or are you just making stuff up?

- DARPA grants from their tactical and strategic technology offices alone exceeded $40 million for network analysis related projects involving 8 universities. Data for these varies from emails to social network nodes.
- US military projects to IBM are worth above $100 million this year. A big fraction of these deals with data analysis.
- ONR sanctioned more th

Re:

[Ethanol-fueled]

Try Fox News. [foxnews.com]

It's fair and balanced, with non of the media's liberal bias.

Re:

[Anonymous Coward]

Try Fox News. [foxnews.com]

It's fair and balanced, with none of reality's liberal bias.

FTFY

Re:

[Andorin]

That doesn't make it okay.

Re:

[Delarth799]

There is no clear cut solution to this. On the one hand people want privacy for their communications and they don't want people or the government being able to read what they are sending. On the other hand, the Indian government also has to worry about extremist threats from many groups based inside the country against the government and its people. Intercepted information from known or suspected terrorists could be used to prevent attacks if the government can decrypt it. If the blackberry has an encryptio

Re:

[Andorin]

Unfortunately, the smart extremists will keep away from communications methods the government can monitor. India's government basically just publicly told terrorist groups that if they want to safely organize a bombing or assassination, they should use a Blackberry.

Cum, not come

[jone_stone]

Am I really the first to point this out? The proper word there is "cum", not "come". Come on, people! Latin!

-David

Re:

[misexistentialist]

True, one need only watch the documentary Caligula to put the "cum" in "enterprise-cum-consumer" in context.

Re:

[Anonymous Coward]

Yes, come on people! Preferably, women. On their tits.

Re:

[MobileTatsu-NJG]

Am I really the first to point this out? The proper word there is "cum", not "come". Come on, people! Latin!

*smirk*

Indian English

[RandySC]

It is an Indian English issue.

"Tea Boy cum Houseboy cum cleaner wanted"

"My head is paining me" 'pain' used as a verb

"he is not lifting the instrument" 'He is not answering the phone"

2 BHK flat wanted 'BHK' = bedroom + hall + kitchen

Re:

[nashv]

Being an Indian, and an English speaker , "My head is paining me" isn't Indian-English, it's just wrong. The others are remnants of the language during the Raj. A living room would be called a "hall" which is just not in vogue anymore though technically correct. Lifting the instrument comes from a transposition of "picking up the phone", as in old school landline days. "Cum" however is a perfectly valid expression. Latin for "with, together with, along with". Don't see how that is Indian-English.

Re:

[RandySC]

I am in an area with a large Indian population (particularly Keralite). I see these ads (BHK/cum) all the time on the bulletin board at the super market, and I hear pain used as a verb all the time. I even heard a Filipina use this phrase, but she is married to an Indian:)

As pointed out in the other article on the FP

[ducomputergeek]

India wants a RIM NOC in their country like the Chinese got.

Re:

[tehcyder]

No offence, but your sig makes you sound like a twat.

Of course the funny thing

[Sycraft-fu]

Is that the very secure nature of the Blackberrys is precisely why the US government loves the things so much. They are RIM's biggest customer. They love all the security features BBs have, and love the Exchange integration.

Re:

[CxDoo]

Exchange integration is cool but I think they love it for Echelon integration.

Fancy-ass terrorists

[airfoobar]

I'm sure all terrorists use Blackberries. After all, it's a high-income job, right?

Re:

[dooode]

Cellphone services are cheap in India. (Blackberry services start from Rs 249 per month == $5).

Government can't crack the encryption?

[CompMD]

Boo-fucking-hoo.

Stay out of people's lives.

Re:

[dakameleon]

So given that this is being raised in the context of intelligence agencies attempting to monitor communications between suspected terrorists, if/when an attack occurs will you say the same thing?

(Not that I'm in favour of the whole PATRIOT act thing, but all too often those saying "government should stay out of people's lives" are those who clamour the most for increased power to intelligence agencies.)

Re:

[mano.m]

I`d prefer my government not stay out of the lives of insurgents and of terrorists from across the border. India`s been fighting terrorism far longer than the word has been a part of the daily vocabularies of Americans.

Re:

[dooode]

Boo-fucking-hoo to your post.

I want my Government to save me from terrorist threats. Tracing calls from Terrorists has been one of the important tool. And in the past they have. If these telecom providers can cooperate with US agencies, why the heck Indian Govt not expect the same.

Ans seriously, who needs blackberry. Google, Apple, Nokia all provide decent alternatives...

Re:

[bhagwad]

The privacy of Indian citizens is much more important than saving a few lives

Re:

[Joey Vegetables]

Life and liberty are seldom if ever competing goals; they are almost always one and the same. The freedom of over a billion law-abiding Indian citizens, and the many lives that would be saved if murderous terrorist organizations called "governments" did not have the ability to spy on them, or to inspire the creation of competing terrorist organizations, go hand in hand.

BB Really much more secure than IMAPS/SMTPS

[simpz]

..to a server outside the country.

Or is it that most people when using other smartphones don't know or just don't bother to use the SSL versions of these services.

Re:

[jimicus]

Have you seen your average smartphones' implementation of IMAP (SSL or not)?

"Shocking" doesn't even begin to cover it. It's a minor miracle it works at all, and fancy features like IDLE are frequently not supported in any form. Frankly, even if I think it's an absurd reinvention of the wheel, I can see why IMAP on smartphones has never caught on.

Just the beginning

[joeszilagyi]

Any communications product, vendor, or service that can't be backdoored by government(s) will be banned.

Re:

[BangaIorean]

http://timesofindia.indiatimes.com/india/BlackBerry-server-in-China-India-wants-a-monitoring-unit-too/articleshow/6230540.cms

Extract from the article:

This is the second time that the (Indian) government has threatened to block the operations of BlackBerry. In the earlier instance, tensions were defused after RIM agreed to provide its encryption code to security agencies burdened with having to monitor the chatter among increasingly tech-savvy terrorists. The fresh confrontation comes after reports that RIM was ready to set up a server in China to address Chinese security concerns. Officials here believe that if the Canadian company can take care of China's concerns by reportedly setting up a server there, it can do the same for India which is an equally big market for BlackBerry.

Re:

[jeti]

Didn't the frequency hopping algorithms for standard cellphones have to be modified to make eavesdropping more easy? I'm quite certain that happened in Germany and I suspect in the rest of the world as well.

China angle

[shadows83]

Indian government have been trying to find a solution for this for last 2 years with BB. Now there is urgency as BB has set up infra in China and all Indian calls will be routed via this infra. I am all for privacy but I will prefer Indian govt snooping on my data rather than china. And, as others have said, there is a legitimate requirement for Indian Govt to monitor all communications.

Oh don't go there...

[FatdogHaiku]

Does it make you wonder how much safer everyone would be if parkas, mailing envelopes, cash, and superglue were all evaluated on the same basis?

Well, before they start messing with things like parkas, I hope they take a moment to remember Why Raincoats are Yellow... [blogspot.com]

And

[mahadiga]

In America, Govt officials address you as Sir.
In India, you've to address Govt officials as Sir.

Re:

[mahadiga]

In America, rules and regulations are used to facilitate citizens.
In India, rules and regulations are used to harass citizens.

In Good Company

[necro81]

Well, India is in good company. It appears that the United Arab Emirates will ban Blackberries starting in October [nytimes.com] because the government can't eavesdrop through the encryption, and Saudi Arabia may do the same.

Blackberry finally decided to open its code

[dooode]

http://economictimes.indiatimes.com/infotech/hardware/BlackBerry-to-open-code-for-security-check/articleshow/6249666.cms [indiatimes.com]

Btw, India is indeed in the right company. Things are no different for US.