RIM Agrees To Hand Over Its Encryption Keys To India 164
An anonymous reader writes "BlackBerry maker Research in Motion's (RIM) four-year standoff with the Indian government over providing encryption keys for its secure corporate emails and popular messenger services is finally set to end. RIM recently demonstrated a solution that can intercept messages and emails exchanged between BlackBerry handsets, and make these encrypted communications available in a readable format to Indian security agencies. An amicable solution over the monitoring issue is important for the Canadian smartphone maker since India is one of the few bright spots for the company that has been battling falling sales in its primary markets of the US and Europe. In India, RIM has tripled its customer base close to 5 million over the last two years,"
Re: Not BES, and only India (Score:3, Interesting)
And it is probably also worth pointing out that this means that RIM's BIS service provides better content protection than SMS/MMS, unencrypted email (which is virtually all e-mail, and indeed all Android phones using the inbuilt GMail app), and almost any IM out there. I've also missed other equally unprotected means of communication.
Why? Because at least BIS is encrypted in transit to and from RIM. (To be fair, services like MSN Messenger in which all messages go through a central server could be considered more secure than BIS communications, as long as both clients are connecting to the server via SSL).
Hell, even BB PIN-to-PIN messaging is more secure than many or most of the aforementioned modes of communication.Yes, the key used for encryption is present on each and every handset - but random MITM sniffer can't get the content without at least having to decrypt it.
Sure, an Android user could get TextSecure for encrypted SMS, but does anyone actually know anyone who USES this tool?
Landgrab (Score:4, Interesting)
I understand that India has a legitimate security need to be able to wiretap communications and so on..
Nope. This is a landgrab. Law enforcement is constantly talking about "going dark", where in fact, the light they have is much brighter than they've ever had before -- technology only made it possible to snoop on everything, and now they want the laws for actually doing so, and to lever out any countermeasures the user may take.
In the 80ies, wiretapping actually meant either a) placing a wiretap in the users phone or b) going physically to the phone switch where the user was connected to, and placing the tap there. Both only done with a judical warrant, and for very specific cases. Wiretapping was _complicated_.
Now, wholesale wiretapping is easy; so easy that a lot of people and companies take countermeasures. And now law enforcement wants "to have back" capabilities it never had?