RIM Agrees To Hand Over Its Encryption Keys To India 164
An anonymous reader writes "BlackBerry maker Research in Motion's (RIM) four-year standoff with the Indian government over providing encryption keys for its secure corporate emails and popular messenger services is finally set to end. RIM recently demonstrated a solution that can intercept messages and emails exchanged between BlackBerry handsets, and make these encrypted communications available in a readable format to Indian security agencies. An amicable solution over the monitoring issue is important for the Canadian smartphone maker since India is one of the few bright spots for the company that has been battling falling sales in its primary markets of the US and Europe. In India, RIM has tripled its customer base close to 5 million over the last two years,"
Not quite the full story... (Score:5, Informative)
Please, the BES keys have not been handed over... because they can't be...
http://crackberry.com/rim-encryption-keys [crackberry.com]
BIS != BES.
Re:Yes but this won't help (Score:5, Informative)
As has been pointed out over and over again, This Does Not Affect BES Users.
Everyone else is just as insecure as they always were. If you want security in India, RIM is still your only real choice.
More details here [crackberry.com]
Did any of you yahoos bother to read the article? (Score:2, Informative)
"RIM recently demonstrated a solution developed by a firm called Verint that can intercept messages and emails exchanged between BlackBerry handsets, and make these encrypted communications available in a readable format to Indian security agencies..."
Re:Nothing like giving in... (Score:2, Informative)
India's corruption puts any Western government to shame. Want to get anything done? You WILL pay a bribe, and a good one at that, down to the "untouchable" cleaning out poop out of the sewer.
The caste system still stays there, same with the attitude of helping people is considered bad juju since it interferes with their divine punishment.
Also remember: India isn't a friend to the West. During the Cold War, they were doing their best to cozy up to the Russians, and were willing to do almost anything for them.
India demanding keys from RIM is no surprise. I'm sure that any US or European messages in that region will wind up in the hands of them, or their Chinese buds.
Makes you want to trust the broken CA system in SSL/TLS. At least you can possibly dump all other CAs and use your own root certs with have your own trust, as opposed to RIM's "trust us, or buy a new device". Oh... run a BES backend... sure. Like anyone bothers with that.
Re:Not quite the full story... (Score:4, Informative)
It needs a specific key. A BES connection is secured by a key-pair that is generated when the BlackBerry is added to the BES. This allows for the 3DES encryption to occur for all communications over the BES connection.
The situation you're talking about applies to BIS where any handset can decrypt the encrypted messages.
This mis-understanding of the differences between BIS and BES lead to a lot of FUD unfortunately.
And you know Apple is keeping an eye on this... cuz India will be coming after them too for access to their iMessage comms, if they have not already done so.
Saving Face (Score:5, Informative)
from the fine article:
"But he said there was no access to secure encrypted BlackBerry enterprise communications or corporate emails as these were accessible only to the owners of these services."
The reality is BES uses keys assigned by the owner of the BES server, RIM HAS NOT and CAN NOT give those to anyone, because they dont know them. This has been RIM's position from the begining, and still is. What they HAVE done is give access to the messaging services they run (and therefor have keys to) to the Indian authorities. My understanding is that this was always the case. The article really does not make the distinction between the two clear.
TLDNR: RIM gave what they always give anyone, some minister is useing it to try and save face. Poor reporting means it worked.
Comment removed (Score:5, Informative)
Re:Who does it effect? (Score:4, Informative)
My god these posts are annoying.
Does an Indian businessman who bought a Blackberry...
Does an American businessman with a Blackberry...
Do they have a BES? If they have a BES, nothing to worry about. Next question?
Misleading title (Score:5, Informative)
Already Debunked by RIM (Score:4, Informative)
"Although not all of a BlackBerry's messaging functions are encrypted, RIM has long maintained that it is unable to grant anyone access to its corporate e-mail service, which is encrypted from end-to-end. RIM responded in a statement late on Wednesday, saying it was necessary "to correct some false and misleading" information" that had appeared in the Indian media."
"RIM is providing an appropriate lawful access solution that enables India's telecom operators to be legally compliant with respect to their BlackBerry consumer traffic, to the same degree as other smartphone providers in India, but this does not extend to secure BlackBerry enterprise communications," the company added."
Re:Yes but this won't help (Score:4, Informative)
Re:Yes but this won't help (Score:4, Informative)
RIM doesn't have the keys to hand over. Again, see the link I sent. If you're referring to a company running BES in India being forced to give the gov't access to their communications, that's completely different and has absolutely nothing to do with RIM.
Still, the point stands. RIM is the only secure option -- the playing field has not be leveled.