Blackberry Gives India Access To Servers 182
Meshach writes "As happened earlier in Saudi Arabia Blackberry has reached a deal that allows Indian authorities access to the transmissions of hand held devices. Much of the fear comes from worries about terrorists: Pakistani-based militants used mobile and satellite phones in the 2008 attacks that killed 166 people in Mumbai."
How long... (Score:5, Insightful)
How long before every country decides that in order to allow RIM to operate they need to open up their servers?
Re:How long... (Score:5, Funny)
How long before every country decides that in order to allow RIM to operate they need to open up their servers?
Monday.
Not true - it happend long back (2002 !) (Score:4, Insightful)
The difference between US and India is that with Indian authorities this was released to the press. US instead puts a gag order and then probably gets everything they want.
NSA probably has a back room in blackberry - or has the encryption codes itself.. !
"Despite what we are hearing, and considering the public track record of this administration, I simply do not believe their claims that the NSA's spying program is really limited to foreign communications or is otherwise consistent with the NSA's charter or with FISA," Klein's wrote. "And unlike the controversy over targeted wiretaps of individuals' phone calls, this potential spying appears to be applied wholesale to all sorts of internet communications of countless citizens."
One of the documents is titled "Study Group 3, LGX/Splitter Wiring, San Francisco," and is dated 2002. The others are allegedly a design document instructing technicians how to wire up the taps, and a document that describes the equipment installed in the secret room.
Read More http://www.wired.com/science/discoveries/news/2006/04/70619#ixzz0wavMN6aB"
Re: (Score:2, Interesting)
This will be pretty interesting in shaping the expansion of future multinational companies: how long until every country decides that your "private" T1 connecting New York to Tokyo needs to pass through traffic sniffing tools so that both countries are sure nobody is using private corporations for terrorist activities? Far fetched? AlQaida is a private corporation on its own way. You just need some sleeper cells properly situated at both ends of the wire inside a fortune 500 company, especially an outsource
Re: (Score:3, Interesting)
Of course, there are only a billion or so trivial ways to privately communicate using a public network, from one-time pads, to stenography [in text, images, video, or other binary files], to using ssh, or https.
And for all you higher and mightier Americans using IMAP, I'm sure you know the police can request any email, without a warrant, for any email stored on a server for more than 180 days (and now believes that they can also get any email stored on the server for less than 180 days if you've read it) ht [wired.com]
Are you sure it's *securely* encrypted? (Score:5, Interesting)
Verizon has delegated enough authority to let the UAE write SSL certificates impersonating any site [eff.org] which will get automatically accepted by most browsers, so don't you think it's getting hard to know if your communications are actually secure from eavesdropping?
Part of the problem of secure communications is that there are too many governments who don't want people to have them because people can (and do) plot nefarious things with them.
Re: (Score:2)
That's absolutely terrifying.
This also highlights the fact that Verizon can impersonate any site, and that there is little chance they haven't granted a private key to US intelligence and law-enforcement agencies.
I guess the moral of this story is that if you want to communicate securely, without every government under the sun listening, you have to manage the encryption yourself.
How to get into the web of trust now? (Score:2)
if you want to communicate securely, without every government under the sun listening, you have to manage the encryption yourself.
So the CA system has been demonstrated untrustworthy, with rogue roots in the wild. Now how does one validate the first contact with a given party? There is the OpenPGP global web of trust, but as I understand it, joining it requires flying to key-signing parties, and a lot of people don't have the finances to fly often.
Re: (Score:2)
That would have been a hit to the business, but would have earned the respect from companies AND governments around the world that want that level of trust.
The equation is unevenly weighted:
a) "Respect" is nothing tangible to shareholders, and can be easily lost by failings later on
b) "Business" loss in one whole country means big revenue loss, and can't be easily gained. Losing it by earning temporary "respect" is a losing proposition.
Re: (Score:2)
Who cares [cisco.com]?
Re: (Score:2, Troll)
Re: (Score:3, Funny)
Just curious how any government would go about decrypting a 128 bit RSA message in real time? Was there an article proving P == NP while I wasn't paying attention?
H1B1: isn't that some sort of flu? (Score:2)
h1b1
Is this supposed to be some sort of portmanteau between "H-1B visa" and the naming scheme for Influenzavirus A strains, such as H5N1 "bird" flu or H1N1 "swine" flu?
Re: (Score:2)
Let's think about this. The corporation has a job to be done. They look at the applicants, some of which come from thousands of miles away - India for example. If they hire local people, they have to pay local wages. They don't much like that, so they apply to the government for permits, allowing them to import cheap labor from thousands of miles away. The government may or may not care - but if they actually CARE about their constituents, they can always be bought.
With every foreigner approved, we hav
Re: (Score:2)
The US is not purely capitalist. Did you not read about all those banks that were "to big to fail"?? If we were to allow capitalism to rule, unfettered, those banks would have gone down. Instead, we had a taste of corporate socialism, the government stepped in and "saved" all those failures.
If things were run purely along capitalistic lines, there would be no Indians here at all. Travel expenses would negate any savings in labor costs.
Minimum wage laws are another example. They are completely contrary
Re: (Score:2)
Sounds a little like you are beating your own chest there. Much like the Mexicans who are undercutting the American job market. That purchasing power you mention makes it profitable for them to pay 5 or 10 thousand dollars for a coyote to sneak them into the country. They can recoup that payment in months, or at most a couple of years - then continue to live and work here ILLEGALLY for another 20 years. Sure, while they live here, they live below the average American's "standard of living". But, all th
Re: (Score:2)
Fair enough - sorry to have brought illegal aliens into the argument.
But - the fact remains that Indians coming to the US are being subsidized in part by the US government. http://www.computerworld.com/s/article/72848/H_1B_Is_Just_Another_Gov_t._Subsidy [computerworld.com]
And, the fact remains that activists in Washington can afford to promote those special interests who will profit from the program, while ignoring the needs of American workers.
Re: (Score:2)
I don't care about corporations being "up in arms". In the United States, the constitution gives the vote (and voice) to citizens. Corporations aren't citizens. Every law maker who represents a corporate interest, rather than citizens interests, is a prostitute. He whores himself to the corporation, rather than legitimately representing his constituents.
Corporations are happy to exploit people, along with the law.
Re: (Score:2)
Corporations aren't citizens, but they are merely a collective of citizens, hence a "corporate interest" (which is really the interests of the collective) is technically a citizens interest.
Gag order (Score:5, Insightful)
The better question may be "where has this already happened with a gag order attached to the request?"
Re:Gag order (Score:5, Funny)
I'll tell you:
uA)u2j2la*jh2o(*&seH uj* jj3&m*j3hH
(and, yes, someone at RIM has just run that thru their indiaFilter() and are laughing at the joke. sorry, I can't explain it to you.)
Re: (Score:2)
The United States (Score:5, Informative)
Can you believe the unmitigated nerve of those crappy little backwards countries and their oppressive Big Brother-ish monitoring of their citizens!!? Thank god nothing like this could ever happen in the United States, where we actually give a rat's ass about protecting our privacy from the government!
Oh, wait... Well, shit. [wired.com]
Re:The United States (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Supersonic Re:The United States (Score:2)
Whooosh
Re: (Score:2)
Ah, good old appeal to emotion. Works like a charm, every time.
Person 1: "I support the death penalty"
Person 2: "You wouldn't support it if your child was put on death row!!"
Person 1: "I am against the death penalty"
Person 2: "You wouldn't be against it if the murderer had killed your child!!"
Re: (Score:2)
Re: (Score:2)
There are worse things that can happen than losing a bit of your privacy to a government you cant trust.
And what reason do I have to trust the government here?
government (Score:2)
There are worse things that can happen than losing a bit of your privacy to a government you cant trust.
How many people have terrorists killed? Now how many people have governments killed? In the past century NAZIs killed more than 600,000 Jews alone. At the same tyme Stalin's Soviet Union killed 20 million and Mao 60 million in China. More recently, from 1975 to '79 the Khmer Rouge [wikipedia.org] beat the NAZIs body count, estimates of more than a million [wikipedia.org] were executed. At the same tyme with the support of the US In
Re: (Score:2)
It starts with tapping your phones. Where does it stop?
Re: (Score:2)
I think you misunderstood my point.
Here in the United States, we see stories like this and think (mainly because it's the reaction the media is eliciting), "What a godforsaken narrow-minded place!" when in fact, our own government is doing much worse to us.
My point was twofold. First, people in glass houses shouldn't throw stones. Second, to try to help bring a little awareness to the abuses of our own government. It really wasn't mean as a judgment on India or Saudi Arabia, it could have been any countr
Re:How long... (Score:5, Insightful)
How long before every country decides that in order to allow RIM to operate they need to open up their servers?
The vast majority of countries with cell networks already have laws in place that require cell providers to enable lawful intercept of calls and messages. RIM were an anomaly because they provided no lawful intercept capability to these countries. Now, they do.. RIM devices in the USA and EU are already subject to lawful intercepts - these moves are just providing the same capability to other nations.
Re: (Score:2)
Uh-huh. Which only goes to show that people who use the cell phone to plot against the government are idiots. There are a lot of more secure methods of communication - some of them right on the internet. Of course, NOTHING is completely immune to being intercepted. It would be a bitch if the government intercepted the keys you sent for your buddy to decrypt all those files hidden in the picture of Obama admiring the Lincoln memorial, LOL
Re: (Score:2)
A terrorist will just use PGP to encrypt their emails. So will allot of legitimate businesses making it hard to tell friend from foe.
Phfft. (Score:4, Insightful)
Re:Phfft. (Score:5, Insightful)
Terrorism has become the best argument for invading privacy nowadays.
Re:Phfft. (Score:5, Insightful)
Terrorism and pedophiles has become the best argument for invading privacy nowadays.
FTFY
Re: (Score:2)
That's very true. Terrorists, as any group of people, have many ways of communicating with each other. Some forms of communication are more convenient, but for an evil crime organisation, convenience is not the top priority. As you mentioned with box cutters, banning them didn't make it one bit harder for terrorists to make attempts on planes, but just made it much more troublesome for the many honest airline passengers.
The governments know this won't do anything for security. Either they are trying to tric
Re: (Score:2)
...box cutters, banning them ... just made it much more troublesome for the many honest airline passengers
I can't help but wonder - how? (especially "many")
And you know, India is the biggest democracy around...
Re:Phfft. (Score:5, Insightful)
Plenty, since the TSA extended the definition of box cutters to include nail clippers, pencils & baby milk.
Re: (Score:2)
Re: (Score:2)
India is a democracy, ah...So all those wonderfully democratic people who get their Blackberry cut off because RIM took a stand and said, "No, we are not going to allow government access to our servers" will rise up and vote leaders out of office?
Right.
Governments, even those labeled democratic, have understood that the masses will not really do anything to stop these steps to limit freedoms. RIM's in it for the money, I get that. But had they took a stand (and why now are governments asking for this, RIM
Re: (Score:2)
I can't help but wonder - how? (especially "many")
I used to be able to get to the airport and go through check-in 30 minutes, maybe an hour, before takeoff. But now I wouldn't get there later than 2 hours before. I dehydrate easily and so I always carry a drink with me. Now I can't take my drink on board. I grew up always having a pocket knife guess where? In my pocket. Taking that on board is out
Re: (Score:2)
You missed another obvious explanation. The government wants you to BELIEVE that you are beholden to them for your security. Note all the press releases, in which one official or another brags about the measures his agency has taken to protect you. They WANT you to feel dependent on the government.
You could look at welfare for a similar situation. Welfare has it's place - that is, no one should ever starve in any civilized country. But, today, welfare benefits come pretty close to what the lower middle
Re: (Score:3, Informative)
Box cutters and WATER. Oh god I hope I never get a job handing out bottles of water in earthquake ravaged haiti, HOW will I get the water there and how will I open the packaging!?!?!
Or can you put water in a cargo plane? But wouldn't all that water just blow up even more??
Re: (Score:2)
you can put the water in a boat. Boats are much more efficient cargo carriers anyway.
Of course, if that boat full of water should sink on it's way, you can imagine the jokes....
Oh, I get it ... (Score:4, Insightful)
Oh, I get it now ...
If it is Saudi Arabia and the UAE, it is all about censorship ...
But if it is India, it is a move against the terrorists ...
It is all about spin ...
No, obviously you don't get it. (Score:4, Informative)
Saudi Arabia and the UAE didn't suffer any recent attacks coordinated and made possible by mobile phone technology, and both have historically been far more willing to curtail free speech than India (which isn't anywhere near US standards for free speech itself).
RIM should have hung tough and refused India's request, but at least India had a legitimate reason to ask. "All about spin" - yeah, darn that annoying reality and how it gets in the way of the narrative you prefer.
Re:No, obviously you don't get it. (Score:4, Insightful)
Ah - and decrypting the messages would have solved the problems, as it is phyiscally impossible to write plaintext 'in-code' AND encrypting it?
The whole thing is bloody nonsense - if I were to plan any attacks, I certainly wouldn't just trust the encryption by a mobile provider as my 'safe haven'...
Re: (Score:2, Informative)
Nor would I. But India's parliament doesn't exactly work the same way as others do, and many of them are behind the times on their core understanding of technology. Even more-so then in other countries, where government lags on average of 10yrs behind both what the public is saying/thinking, and what they should actually be doing.
Re: (Score:2)
Actually, the attackers in Mumbai just spoke over the phone with their coordinator. They have the tapes. [youtube.com] There was no encryption or plaintext or whatever. They basically called their leader in Pakistan and asked for instructions and provided updates on their slaughtering. The leader was providing real time info based on TV news or something.
Re: (Score:2)
Re: (Score:2, Informative)
... India is also 60% Muslim ...
15%
Re: (Score:2)
no ... far from 60. Even if you include Bangladesh.
Re: (Score:2, Informative)
Corporate reactions will come... (Score:5, Insightful)
This is not good. Corporations should strongly consider if RIM is a viable solution at this point.
Re: (Score:2)
How about agreements on sharing international banking data, it's far more worrying.
Re: (Score:2)
Why would they leave themselves out of such game? [europa.eu] (warning: pdf)
Re: (Score:3, Interesting)
By overtly giving access to these governments they can scan for US or European business partners (hopefully RIM limits to the local to that country traffic). This allows them an unfair competitive advantage as they can then direct local companies often state owned or controlled to change bids or marketing approaches.
Yes, and as we all know, the US and Europe (incl UK) governments are such bastion of moral behavior that they had never and would never ever use data collected through immoral means (e.g. spying, wire-tapping, etc) to assist their own businesses.
A more cynical person (who might have read about such abuses by various western governments in the past) would more likely to think that by gaining such access, these governments would simply be "leveling the playing field" rather than gaining any "unfair advantage"
Sounds like a lost cause... (Score:2)
Indians and those who think like them must think folks bent to do bad things (read harm society), are fools. To defeat any kind of snooping, all bad people have to do is to communicate in code.
That is: "Let's have dinner tonight." to mean "The materials will arrive next week Tuesday."
Now defeat that.
Re: (Score:3, Insightful)
anyone truly needing encryption will manage their own layered end-to-end solution or have someone competant handle that for them.
the rest of us will be denied our privacy and the government will come off looking like its 'tough on crime'.
oh, and a private corporation gets to keep a huge marketshare and shit on its customers. or maybe its customers' customers.
ie, business as usual.
Online merchants (Score:2)
anyone truly needing encryption will manage their own layered end-to-end solution or have someone competant handle that for them.
Online shopping customers need encryption so that criminals don't intercept information that could be used to forge purchases. What sort of end-to-end solution do you recommend for web merchants if rogue root CAs have made HTTP over TLS untrustworthy?
Re: (Score:2)
Self-signed?
If a merchant uses a self-signed TLS certificate to take customers' payment information, how should the merchant send the fingerprint of its certificate to the customer so that a man in the middle can't substitute his own certificate to eavesdrop on this payment information?
Then what until DNSSEC arrives? (Score:2)
DNSSEC
So what should a self-signing merchant use to take payment information between August 18, 2010, and the day when both the major home ISPs and the installed base of home PC operating systems have implemented DNSSEC?
Re: (Score:2)
Re: (Score:2)
To defeat any kind of snooping, all bad people have to do is to communicate in code.
That is: "Let's have dinner tonight." to mean "The materials will arrive next week Tuesday."
The first problem is the code book.
There are only so many words and phrases you can keep in your head before you have to write them down.
The second is weaving the key words and phrases into a message that doesn't come across as stilted and unnatural - or worse.
"Let's have dinner tonight" implies an intimacy that can be easily tested.
T [americanheritage.com]
Excuse for corporate espionage, really (Score:5, Interesting)
I know RIM is only providing meta-data on the content, but honestly, are you telling me that this *wont* be used to spy on a corporate competitor?
India is corrupt in a very "Who me?" way. This law has only abuses, in a country where you can buy a SIM for 5 dollars, with a photocopy of just about anybody's id. The terrorists don't need to bother with the BB or anything even remotely expensive - the underworld maybe (The D Company [wikipedia.org]), but not the "kill them all and let God sort them out" category of terrorists.
But it's not like India is the first place to do this. Echelon was used similarly, I guess to spy on foreign firms.
Re: (Score:3, Funny)
I guess to spy on foreign firms.
my eyes must be going. at fist, I read it as foreign films and I'm thinking, hmmm, is there some DRM angle to this? maybe something about region codes?
yes, I must get new glasses soon.
Re: (Score:2)
Re: (Score:2)
if you had stayed longer, they would have given you the approved plasma-resistant gloves out of the box of post toasties (maybe that's changed, not sure, myself). the post toasties only comes after 15 years of service, though.
Lesser evil? (Score:2, Informative)
I somewhat can understand the concern of law enforcement that a secure mail environement makes their job more difficult. On the other hand, giving access to the RIM infrastructure implies that you are no longer innocent until proven otherwise, but you are now suspect until your innocence is proven. BAD
While Internet Service and PIN2PIN messages seem to be encrypted with the same key for everybody, RIM always claimed that enterprise mail is encrypted with a unique key end to end from the enterprise server to
Re: (Score:1, Troll)
"RIM always claimed that enterprise mail is encrypted with a unique key end to end from the enterprise server to the device and that nobody else has this key" ...and you believed that?
Other modes of communication (Score:3, Interesting)
They can always go back to using number stations on the shortwave bands. Just a thought.
Re: (Score:2)
Dump the WIFI-g, dude. You're obsolete. You want WIFI-n. Oh - wait - they've already done that, haven't they? Crap, let's go with WIFI-y. I think it has a nice ring to it! ;^)
Fuck you RIM (Score:2)
I understand its just business, and $ win, but you have lost a customer.
Keep it up, and I hope you go bankrupt.
Have to wonder ... (Score:2)
Re: (Score:2)
"Just using proper English would confuse the fuck out of most Americans"
FTFY
And, I'm more serious than you probably think. I can sit in any public place, and listen to a group of young kids (you know, young kids - twenties and thirties) talking, and not understand a word they've said. Buncha little pricks learned NOTHING in school!
Re: (Score:2)
"Just using proper English would confuse the fuck out of most Americans"
FTFY
And, I'm more serious than you probably think. I can sit in any public place, and listen to a group of young kids (you know, young kids - twenties and thirties) talking, and not understand a word they've said. Buncha little pricks learned NOTHING in school!
And get off my lawn!
Re: (Score:2)
You have 23,408 new text messages. (Score:2)
Hello, I m a Indonesian Blackberry usr.
My country is spyin on me and I got 2 get a lot of $$$ out of the country.
Plz help. Let me store sum $$$ in ur bank 4 a bit.
txt me the acnt num, U can has interest 4 thx.
so... (Score:2)
And I quit using Blackberry already (Score:2)
Given that RIM never actually lets go of the handsets after their sale, I have always felt a little uncomfortable about their vendor lock-in model. After all, it is a model that makes even Apple and Microsoft jealous as they have managed to pull it off without too much discussion or resistance at all. The only time you hear about it is when their network servers go down for a global blackout. And even then people complain "dumb network model" and not "greedy business model."
We don't know the limits of th
Yes that's always it, isn't it (Score:2)
Much of the fear comes from worries about terrorists
I suspect that the rest of the fear comes from worries about pedophiles.
I mean, those are the two biggest excuses to subvert freedom and expand government power in the West, so why not in India, right?
Everything should be encrypted by the users. (Score:2)
I assume that every single electronic communications system in the world is compromised.
We should be moving to a standard where every single communication is encrypted, not by the carrier, but by the user. It needs to be ubiquitous.
Is there an app for the iphone to encrypt calls?
So, they already have access to other devices comm (Score:2, Interesting)
with al the effort by government to get access to the comm transmissions on Blackberry's, that SEEMS TO INDICATE that they already have access on other mainstream networks and brands.
this is really worrying.
g
Only RIM Blackberrys? (Score:3, Interesting)
I know a number of people with corporate-issued Blackberrys. One of the featuures that made these attractive to corporate customers was that RIM set them up with their own server infrastructure. This placed encryption and data security in the hands of their IT departments. While the networks over which data traffic travels might be intercepted by foreign officials, those messages remain encrypted until they arrive at the company servers. RIM is out of the loop.
How do these governments deal with such networks?
Re: (Score:2)
I know a number of people with corporate-issued Blackberrys. One of the featuures that made these attractive to corporate customers was that RIM set them up with their own server infrastructure. This placed encryption and data security in the hands of their IT departments.
Sure about that? With a standard BES install, data to and from the device gets routed via Blackberry's corporate servers, so if they could crack the encryption they'd have a copy of every corporate email ever. Supposedly it's AES encrypted at the endpoints, yes. But how is an admin going to verify how strong the crypto really is in a server binary that you don't have source code to? I know I'm not smart enough to do that. I would feel a little safer if the BES talked directly to the device through the layer
Re: (Score:2)
The point is that corporate systems treat all networks (Blackberry company networks included) as untrusted. The messages may route through Blackberry systems, but only in encrypted form.
Re: (Score:2)
Isn't the public key more than sufficient to decrypt all the data?
Not really useful (Score:2)
Now if I want to send a private messages to my militant friend who is going to blow something up in India, I encrypt it BEFORE I send it.
Problem solved.
Re:Story should be titled ... (Score:5, Funny)
How about "Another RIM job for Blackberry Users"?
Re: (Score:2)
Re: (Score:2, Funny)
India just gave 38% of smartphone users a RIMjob.
Re:Niggers (Score:5, Interesting)
and they made my decision on which smartphone to get when my Blackberry Storm kicks the bucket a whole lot easier. One of the reasons I went with them was because of their relative integrity when it comes to my information. If that practice is going out the window then my business just went out the window for them as well, and I'm certain I'm not alone.
Re: (Score:2)
Some sort of Android based phone. Then I can encrypt it myself.
Oh, I could do the same with a BB, but its a bit harder and some things are difficult to remap from the default BB utils.
Re: (Score:2, Informative)
I think there's a difference in the encryption levels for emails (BlackBerry Enterprise Server) vs instant messaging (BlackBerry Messenger).
At least, according to the video link provided by AC, way below: http://www.ndtv.com/news/videos/video_player.php?id=157644 [ndtv.com]
So what happens is, RIM provides the decryption codes for instant messaging. The emails, however, cannot be decrypted, since RIM does not have the codes - they're stored locally on BlackBerry Enterprise Servers, which are set up locally within comp
Re: (Score:2, Insightful)
Pakistan has been the (alleged and many a times proven) source of funding for most terrorist attacks. Blackberry has been the alleged/potential medium for communication for terrorists that can not be traced. I see nothing draconian about Indian government requesting Blackberry asking for tracking their data, specially when ever other telecom provider does.
Btw. even today there is a news headline about how Indian police cracked a murder victim by tracking his cellphone calls:
http://timesofindia.indiatimes.co [indiatimes.com]
Re: (Score:2, Insightful)