RIM Reaches Temporary Agreement With India

Canadian_Daemon writes with news that India has granted a 60-day reprieve for their threat to ban BlackBerry devices while the government evaluates RIM's proposal for "lawful access" to users' encrypted data. "The Ministry of Home Affairs said in a statement it would review the situation in 60 days after the Department of Telecommunications studies the feasibility of routing BlackBerry services through a server in India. India wants greater access to encrypted corporate e-mails and instant messaging, though it remains unclear precisely what concessions Research In Motion agreed to in order to avert the ban. About one million BlackBerry users would have been affected in India. 'RIM have made certain proposals for lawful access by law enforcement agencies and these would be operationalized immediately. The feasibility of the solutions offered would be assessed thereafter,' the ministry said."

RIM job

[roman_mir]

Is it the kind of agreement when RIM rims the Indian gov't and pays stacks of bribes and then all rim users are also forced to rim the Indian gov't?

well, judge for yourself

About one million BlackBerry users would have been affected in India.

"RIM have made certain proposals for lawful access by law enforcement agencies and these would be operationalized immediately. The feasibility of the solutions offered would be assessed thereafter," the ministry said.

Re:

[spun]

I'm not sure what you're so angry about. Do you disagree with a government's right to subpoena evidence? What are the bribes you are talking about? This doesn't sound that much different than our American law enforcement demanding the ability to tap phones, given a proper warrant. If it is different, you haven't explained how, and if it is not different, you haven't explained how society would benefit by letting people keep secrets from the courts.

Re:

[bhagwad]

This is different because the Indian government wants the right to tap phones without a warrant. The whole privacy thing hasn't really been discussed in India yet.

Re:

[spun]

Are you saying the Indian government does not need a warrant to tap private communications?

Re:

[bhagwad]

That's what I'm saying. I'm saying that the Indian government wants the ability to access private communications without any sort of check or balance and without a court order. I've been following this story for some time now (since I live here) and I'm pretty sure of this.

Re:

[Jaggu19]

... the ability to access private communications without any sort of check or balance and without a court order.

Cite sources please ... there is nothing in the news that says it happens unlawfully. If, however, the _law_ says that it can be done without a court order (and with the Indian equivalent of a National Security Letter) - then why not ?!

Re:

[pirhana]

Just google for Indian Information Technology act amendments 2008 and read it yourself. It is much worse than any of you even think. Probably the worst IT act in the world ! If you are lazy to read the whole stuff, just read my personal blog about the same http://nasirudheen.blogspot.com/2010/02/in-name-of-terrorists.html [blogspot.com]

Re:

[bhagwad]

That's why there are bad laws. Laws that are passed without debate and which need to be changed. Laws that are immoral.
The Indian government wanted real time access and refused to wait for even two days for RIM to give them what they wanted. You think they'll wait for a court order? India just doesn't have strict privacy laws.

Re:

[Infernal Device]

NO governmental authority should have access to a private citizen private data or communications (encrypted or otherwise) without a court order.

Re:RIM job

[spun]

And ice cream tastes delicious. Tell me something less obvious and more related to this story. Unless I am missing the part where India does not require warrants, this just sounds like what we did here in America, requiring that telecommunications providers give law enforcement the means to lawfully tap communications when a court grants them a warrant.

Re:

[BitZtream]

Right up till we stopped actually getting warrants before the wiretapping started.

In principle you are correct, in reality, warrants aren't really a requirement to wiretap in the US.

Re:

[spun]

If that is the case, then THAT should be discussed more clearly. What, in particular, are you talking about? Assume in your explanation that most people reading are not, in fact, from India and don't know the first thing about Indian laws or politics.

The other way around

[Rix]

The problem with doing it through RIM is that it allows the courts to keep secrets from the very people who are being investigated, thus denying them their due process right to challenge that subpoena. And that's exactly what India wants.

They can already subpoena the people in their jurisdiction for their email records if they want to.

Re:

[Lost Race]

The problem is the Indian government (and others) denying mathematical reality, and RIM (and others) crippling useful technology to support the fantasy that strong encryption doesn't exist.

Re:

[roman_mir]

I disagree with anybody at all trying to get their hands on any communications whatsoever, courts, no courts, but what we are observing here is not about courts, it's about bribes and it's about gov't wanting to wiretap people at will with no court even. And yes, I disagree with any wiretapping at all, completely.

Re:

[spun]

I disagree with warrantless wiretapping, but I do like the ability to gather information about crimes. Have you thought about the consequences of your position? How would you handle prosecution of crimes without any covert investigation?

Re:

[roman_mir]

I am absolutely indifferent to such concerns, I do not care to make someone's job easier by legal means at all, let them compete on how they do it. Obviously my position is not what most people have.

Re:

[spun]

Just as a thought experiment, would you feel differently if you were the victim of a serious crime? It sounds as though you simply do not care if the guilty are caught and punished. You are right, that is not the position that most people have. Maybe you could explain why you hold such a seemingly self-endangering position?

Re:

[roman_mir]

once someone is a VICTIM of a serious crime, at that point catching and punishing the will not change that fact. The problem is becoming a victim in the first place and no gov't can do anything about it, in fact they only make it worse by meddling with economics and destroying economy and creating more crime in process. I don't know your views on economics, so I don't want to go into a lecture mode.

My point is that you have to watch out and be able to protect yourself, and in reality gov't often stands in

Re:

[spun]

Huh, I thought government reduced crime by catching and incarcerating criminals, removing them from the population and providing a disincentive for other criminals. But then again, I also thought government kept free markets free by enforcing rules and punishing unfairness so that the richest could not unfairly dominate and control said markets like they used to do back in the bad old days of lassez faire. So yeah, I don't think we're on the same page at all.

Suffice it to say, I'm no longer interested in he

Re:

[roman_mir]

cheers.

Re:

[radtea]

What are the bribes you are talking about?

I've never heard anyone in India suggest that the Indian government is anything but corrupt at all levels. However, unlike the United States, India has a semi-functioning semblance of democracy, which makes it necessary to hide this kind of shakedown behind "national security" claims. Although the ghost of democracy has just barely enough kick left in it in the US that those sometimes play out there, too.

So the difference between the bribes RIM is distributing in India today and the bribes they have distr

Re:

[oldspewey]

pays stacks of bribes

Times are (slowly) changing, but bribery and corruption remain a solid option when dealing with Indian bureaucracy.

Re:

[roman_mir]

with any bureaucracy

Re:

[Ainu]

When I look at this issue, one thing that comes to mind is a lot of investment banks run part of their IT operations in India. With regulations as they are in North America, how long do you think the banks will keep their operations in India if they can't guarantee security with their communications?

RIM on the way OUT

[Frosty Piss]

Well, I have a feeling that all of this in the various countries that are less free than the USA (India, Saudi, etc...) combined with the advance of smart phones in general (Android) spells an end to RIM...

lawful access by law enforcement agencies

[TheGratefulNet]

code words for 'the current crop of criminals running the government want to see YOUR info, at will, with no warrants'.

see, if a government employs crooks (they all do, btw; unavoidable given human nature) and they OK some behavior, its automatically 'legal' even though its IMMORAL.

legal means nothing to many people, now. its a phrase that means 'some interest bought a new law' or 'the gov is expanding their powers. again.'

I just love how they brainwash you via repeated use of 'lawful' (like 'lawful inter

Re:

[oodaloop]

Why, when reading your post, do I have the urge to imagine a schizophrenic vagrant yelling it from a street corner?

Re:

[poetmatt]

all caps IMMORAL would be that, in a nutshell.

You know, as opposed to logical or legal arguments, it's just "it's immmoral and therefore bad!" you know, like rock music, file sharing, books, reading, etc.

Re:

[tophermeyer]

I'm having difficulty not picturing each line of the GP's post as a horribly scribbled missive on a sheet of cardboard.

Re:

[Jaysyn]

Because you are a jackass and / or part of the problem?

Is there a right to keep secrets about crimes?

[spun]

I don't think there is a right to keep crimes secret in any society in the world. In fact, I believe it is in society's best interest to allow courts to compel testimony and subpoena evidence. I also do not see how you can claim that 'lawful access' is the same as 'unlawful access.' Or are you claiming that all governments everywhere will always lie to their citizens? For your own sake I will caution you that when you claim that governments are completely corrupt and evil and always lie, you are veering off

Re:

[bhagwad]

Or are you claiming that all governments everywhere will always lie to their citizens?

If they have the power to do so, they will. Therefore, we must not let them get that power.

Re:

[spun]

Why do you think governments will always lie to their citizens if they can? And more importantly, if you are right, how do we stop them from lying?

Re:

[bhagwad]

Let's just say that as a rule of thumb, you give people as little power as possible. And if you have to give them power, you provide stringent checks, balances, redress mechanisms and transparency. The Indian government (my government) simply doesn't yet have those processes in place. Therefore I'm not willing to risk losing something as precious as my privacy if I have to trust a third party blindly.

Re:

[spun]

Subpoena of evidence is one of the most important powers that a civilized society uses to maintain justice. If that power is being abused, it should be corrected, but never done away with. Courts should always be able to compel evidence when necessary to decide a case. Otherwise, your society will soon be run by organized crime.

Re:

[bhagwad]

So we first put the checks in place, and then give the powers. Fair enough?

Re:

[spun]

It's your country, what I think shouldn't matter. Just because I'm an American does not mean I will bomb the crap out of you if we disagree.

Seriously, though, if your government has that much corruption, I agree with your sentiments. Its just that that was not made all that clear.

Re:

[johanw]

No, it's something typical American. In The Netherlands, the police can come looking for evidence but you are not forced to give them anything voluntarily like passwords or locations where documents are stored. If they can't find it they can't use it, and if it later turns up anyway you can not be punished for something like "withholding evidence". In civilized countries where you have the right to get a fair trial you cannot be forced to cooperate with the government to nail yourself.

Re:

[spun]

That isn't what I meant, and even here in America you can not be forced to testify against yourself. But are you saying that the Netherlands police can not obtain a warrant to search your premises or tap your phones? I've never heard of anything like that before in any civilized country in the world.

Re:

[TheGratefulNet]

I still don't agree with you that the state should have the power to listen in on anything they want.

the core issue is one of 'ends justifies means'. I've personally had enough of that thinking with 8 years of bush, thank you.. we need to think beyond 'getting bad guys' and instead realize that we're pissing close to where we sleep (so to speak). by denying the right to privacy 'for the bad guys' we deny it to ourselves.

I'd rather some bad guys 'go free' than us good guy lose our freedoms.

life isn't abou

Re:

[Lost Race]

Either the encryption is strong, and they can't access the data lawfully or unlawfully; or the encryption is weak (backdoored), and the data are accessible to both lawful and unlawful searches.

So providing "lawful access" is the same as providing "unlawful access". We just have to hope that the "unlawful access" option will never be used. Or we can say, "no access at all, sorry," because that's the fact of strong encryption.

Re:

[Lobachevsky]

You don't need a weak (backdoored) system. You just need to make the private keys that the RIM servers use to talk to the clients to be available to the govt. This usually involves setting up domiciled servers within a country and giving those particular servers' private keys to the local authorities (as opposed to giving the private keys of the main Canadian servers). RIM has set up domiciled servers in Saudi Arabia and China and shared the private keys there. India wants a "me too" piece of the actio

Re:

[TheGratefulNet]

Or are you claiming that all governments everywhere will always lie to their citizens?

yes, of course. are you new to the planet earth or what?

Re:

[spun]

Nope, and I the only time I have seen governments do that is when the people let them. Government does not have to be corrupt.

Sneakernet

[iamhigh]

This is why sneakernets will never go away; perhaps they become even more valuable in this new era where the government must be able to know all of your communications... just in case, you know.

That was central to the plot of the Matrix; just replace machines with upper caste.

Re:

[Anonymous Coward]

The government can buy sneakers. The problem is knowing who to trust in your sneakernet.

makes sense

[prashanthch]

India faces as much terrorism risk as any other nation, Indian security forces need to be able to access information that they need in order to prevent acts of terrorism. I can see cases where the information will be abused but such risks are no match for the benefits. I recall watching a documentary on the Mumbai terrorist attacks from 2 years ago where we can hear the chilling instructions to kill hostages being given to the terrorists on the ground from *our friends across the border*. Such evidence

Re:

[walshy007]

I can see cases where the information will be abused but such risks are no match for the benefits.

Some of us would rather die fighting than succumb to having certain freedoms taken away such as you describe.

It is a slippery slope, and while I am not american, it is easy to quote "those who trade liberty for safety, deserve neither"

Their measures will fail the intended purpose though, nothing is stopping anyone serious from encrypting their emails using gpg or the like and they still can't figure out the contents of the message, only who contacted who for some unknown reason.

Re:makes sense

[bhagwad]

I can see cases where the information will be abused but such risks are no match for the benefits.

Oh please. I'm an Indian and this is bullshit. What are the "benefits?" The chances of me dying in a terror attack are less than being hit by lightning. I'll take that risk and won't complain if I die thank you very much.

Re:

[Decker-Mage]

Try saying that to the kin of those who got killed in a terrorist attack which could have been foiled if the cops had access to the data you want to deny them

Since everyone of my kin has served in the military and have an avid interest in a circumscribed government as per Thomas Jefferson and Benjamin Franklin, you won't get any complaints from them if I should get killed in a terrorist attack. In all actuality, given our various skill sets courtesy of self-same service, connections, and myriad (to say

Re:

[thegarbz]

Try saying that to the kin ...

Let me stop you right there. Why are we talking to the kin of people who died. People who have had their lives affected in adverse ways deal with problems emotionally and not rationally. A kid dies in a terrorist attack, the family will agree to any measure no matter how stupid or excessive to prevent another terrorist attack. Or lets take a much simpler situation, there was a stupid couple who did not watch their baby, or lock the door to the backyard. Baby fell into the pool and drowned. Now why the fuck

Re:

[Trahald]

Fearful ninnies like you are the reason why India has been a walkover for every foreign invader that ever bothered to cross the border. Grow a pair man. You are giving up your privacy and your freedoms for an illusion of security.

If you've ever had anything to do with Honorable Government of India, you will know that this sort of acess to private communications will be used to pursue terrorists 1% of the time, and the remaining 99% of the time, intelligence babus will be snooping on messages of rival poli

Re:

[prashanthch]

Fearful ninnies like you are the reason why India has been a walkover for every foreign invader that ever bothered to cross the border. Grow a pair man. You are giving up your privacy and your freedoms for an illusion of security.

If you've ever had anything to do with Honorable Government of India, you will know that this sort of acess to private communications will be used to pursue terrorists 1% of the time, and the remaining 99% of the time, intelligence babus will be snooping on messages of rival political parties and the pretty girl next door.

You are referring to an entirely different issue then, which is accountability. What I am saying is I don't see why Indian Government can't access RIM's servers while other nations can

Re:

[Rexdude]

Effective counter terrorism is about intelligence gathering. The old fashioned way, as was done before computers and the net. The real trouble for India started when then Prime Minister IK Gujral decided to shut down RAW [wikimedia.org]'s operations within Pakistan as a goodwill gesture, in 1998, resulting in complete failure to detect the military build up before the Kargil conflict of 1999.
Blanket spying on the entire country's Blackberry traffic won't amount to anything; terrorists will find other ways to communicate.

Use PGP

[VincenzoRomano]

As an end-to-end encryption and validation. Then RIM is free to give access to that.

Re:

[GrumblyStuff]

That'd be a great red herring.

It'd be easier to just use code.

When you go to Sanji's to make the cake for Ehimay's birthday, tell Tarani I said hi. I'm really looking forward to the party on Saturday.

Also Banning IMAP+SSL?

[CritterNYC]

Is Indian also going to ban every phone that supports IMAP + SSL (which is basically all smart phones and many dumbphones with email support)? Or ban accessing webmail services that support HTTPS?

Re:

[alen]

you can scan the traffic from the ISP's. blackberries are encrypted at the phone itself along with 3G and other encryption

or in the real world a tiny minority of people are going to be using IMAP + SSL or HTTPS to check email. since this is outside the USA and there are less rights to worry about, just follow those people

Re:

[iammani]

Gmails defaults to HTTPS and gmail is the most popular one.

Re:

[AvitarX]

And most providers of mailboxes use imap, pop, and smtp over ssl. For the sake of keeping passwords safe from the spammers.

Re:

[Lobachevsky]

What about Google and the Department of Homeland Security? I wonder why they're considered root CAs.

Re:

[Jaysyn]

or in the real world a tiny minority of people are going to be using IMAP + SSL or HTTPS to check email.

Way to let everyone here know you are completely clueless.

Why BIS is bad

[nathana]

See, this is exactly why device manufacturers shouldn't be making devices that are entirely reliant upon an external "cloud" service that is also controlled by the device manufacturer. If Blackberry was merely making devices that could be configured to talk to any server(s) using industry-standard protocols, they wouldn't get themselves into the kind of situation where 1 million deployed devices could have been turned into doorstops overnight. (Maybe my understanding of the way that Blackberries work is misinformed, and so my rant here could be completely groundless -- and just for the record, I'm open to correction -- but I am under the impression that Blackberries need to be in constant communication with the BIS servers that Blackberry themselves run in order to function.)

This is also why the whole push notification system that Apple came up with for the iPhone is stupid. If something goes wrong with servers that Apple controls, then suddenly that feature across every single phone that has shipped to-date is dead. Device features should not be wholly reliant upon a service that the device manufacturer controls...all you are doing is making a single point-of-failure when you do that.

-- Nathan

Re:

[mandelbr0t]

It would seem that the concern is over BES, the BlackBerry Enterprise Server, which works exactly the way you say it should. The difficulty seems to be that RIM does not, in fact, have access to the things that India wants access to. A BB device on BES communicates directly with the organization through an encrypted link, whose key is generated when the organization's BES administrator installs it. I don't see an easy technical way of solving this problem, since existing BB users would be required to replac

Re:

[sensationull]

Incorrect, BES talks to RIM's servers which in turn talk to the Blackberry devices. if this was not the case then why previously when the RIM servers went down for a couple of days was everyone including BES users up in arms about their email not working and being so reliant on an external system.

Nokia E series, Windows Mobile, iPhone etc all use a system which works by a direct connection to your provider/companies server over Microsofts ActiveSync protocol to provide push email, calander, etc along with S

Re:

[nathana]

First, I don't think it's about BES (at least exclusively). If BES doesn't also go through RIM's servers (As in: your provider's Exchange server BES gateway Blackberry servers Blackberry phone), then why do all of the articles about this India scuffle to-date talk about "RIM's network"? (Yes, I read TFA.)

Second, if it was about BES and BES worked the way you imply it does, then it seems to me that RIM still shouldn't need to get involved. Sure, the communication over-the-air is all encrypted, but sinc

Re:

[mSparks43]

Actually, I think you'll find its precisely the opposite of this. Previously RIM phones encryption was managed solely by the corporate infrastructure, which is why RIM had been saying its technically impossible to give the government what they wanted. Then Nokia went and installed a single point of failure (server to allow decryption outside of the corporate infrastructure) and it sounds like rim is doing the same. Intelligence agencies across the world have had this MiM set up for HTTPS and SSL for some ti

Re:

[Minion of Eris]

Sorry you are wrong, kinda. BIS ain't BES. BIS service connects you to your Gmail or HOtmail or whatever POP/IMAP account through your service provider. BES service uses higher encryption, and connects your device via the carrier to your own corporate BlackBerry Server which expands and decrypts the email and forwards it to your messaging server (Exchange, Domino, or GroupWise)or compresses and encrypts from the message server and forwards off to the HH. At no point is are those messagesx decryptable by R

Re:

[BitZtream]

If RIM used 'industry standard' protocols then they just wouldn't be in business.

Their servers and lockin to that network is the only reason they are still in business.

If Android or iPhone had the full suite (and they are getting pretty close) of features that RIM offers than they simply wouldn't exist.

If there was a true open standard to do what RIM does ... and by open standard I mean an open to all standard that is actually implemented completely by more than one vender. That does not mean no cost, simp

Re:

[omglolbah]

Yup, that is why you want your own layer of encryption where you have control over the keys.

Only a matter of time before such a thing is illegal again I fear.

Re:

[TheGratefulNet]

control over the keys does not matter when you are being COMPELLED to give keys to authorities.

yes, they 'do that' these days. apparently you cannot just say 'I forgot' and get away with not giving the key to your encryption if some guy in a black dress and a hammer in his hand says so.

face it, all states/countries are not ramping up to deny privacy to its citizenry wherever they can! some are more bold than others but all are encroaching on their citizens' rights. they use fake explanations for why they

Re:

[Sloppy]

control over the keys does not matter when you are being COMPELLED to give keys to authorities.

Scenario 1: you don't have control of the keys. Eavesdroppers read your email and you never know.

Scenario 2: you have control of the keys, someone says, "let me read your email or else," and you weigh the "or else" and decide to give in.

You don't see a difference? Control doesn't matter?! Scenario 1 can be used against a whole population, with the people who mention unhealthy things in their emails never knowin

Re:

[b0bby]

If I remember correctly USA has access to every single blackberry email.

Is this actually the case? I was under the impression that RIM's servers are in Canada. It wouldn't shock me if the US government had access, but I didn't think that they did.

Re:

[Minion of Eris]

RIM does not have "Magic Keys" the encryption handshake has always, and continues to be, carried out when the HH is activated on the BES. It's like asking for the "master algorithm" to PGP or Trillian - it is in large part random, and has something to do with huge primes.

Re:

[b0bby]

Thanks. I guess I had read some misleading information, now I have a clearer understanding of how it all goes together. It might have been that RIM has some of the BIS servers in Canada, which some individual users in eg. Saudi Arabia were using; the Saudis seem to want those servers located inside their borders, and I assumed that BES servers would be compromised too.

Re:

[Minion of Eris]

BIS servers are run by the service providers, (Rogers, AT&T, Telus, etc) All RIM really runs is the NOC which handles the switching from the BES to the carrier.

Apparently nothing has been provided

[krishy]

At least one article by an Indian journalist claims that nothing has been comprised and in fact summarises the exchange as: Govt of India: "We Won!", Blackberry: "Huh??" [technoholik.com]

This is just ridiculous...

[Khue]

Blackberry ensures end to end encryption between a user's mailbox and the device itself. From where I sit, the right thing for the Indian Government to do is to monitor the mail boxes and not the devices. If RIM bends to this demand, then you will start seeing this across the board from other nations. While it makes the job of the Governments easier, it's wrong to push RIM into a position where they have to comply. RIMs technology is sound and the implementation is excellent. The method by which the Indian

Useless security theater

[losttoy]

First, as an Indian, I am least shocked at what the government is trying to do. This is what bureaucrats in India do best, that is, fleece money from businesses by pulling up arcane/useless laws and regulations. Behind closed doors, RIM must have bribed dozens of bureaucrats in at least half a dozen government departments. My father worked for an Indian company and was in charge of setting up a power generation plant. He said he had to bribe a dozen different ministries just to get the paperwork moving on p