Slashdot Mirror

← Back to Stories (view on slashdot.org)

RIM In Trouble For Not Violating Privacy

Posted by kdawson on from the end-to-end-baby dept.

sufijazz writes "The US government is not alone in wanting to snoop on everything citizens do over email/phone. The Indian government wants that right too. RIM is stating they have no means to decrypt, no master key, and no back door to allow the government to access email." The article notes that 114,000 BlackBerries are in use on the Indian subcontinent. The government is concerned about attacks by militants and sees the BlackBerry as a security risk.

5 of 278 comments (clear)

  1. This message contains proprietary information... by pha7boy · · Score: 4, Informative

    ... and is protected from disclosure.

    So, what happens when trade secrets leak because some gov employee got bribed to access them and pass them to a competitor?... I would assume RIM could also be held liable for loss. And its harder to sue (and win) against a government, esp. somewhere like India. A lot easier to drag RIM in front of a jury in the US.

    --
    -- All this knowledge is giving me a raging brainer.
  2. Blackberry privacy is only for large enterprises by Animats · · Score: 5, Informative

    Blackberry privacy is only for large enterprises. If you have a corporate Blackberry server, the keys are between the client units and the server, and RIM doesn't have them. If you use Blackberry's public servers, RIM has your E-mail. India only wants "non-corporate emails".

  3. Re:can't work even if they wanted it to by Anonymous Coward · · Score: 5, Informative

    Or just use encryption. To me, that's what is so baffling about the government privacy crackdowns. If anyone who was even remotely well informed wanted to communicate in private, they'd use strong encryption. I guess once someone uses encryption, they get an Indian military intelligence unit parked outside their door.

    Yes, but blackberries make it easy to communicate securely. You don't have the hassle of a PKI infrastructure with S/MIME certificates, or using PGP.

    Incidentally, blackberries support PGP and S/MIME on top of their existing security.

  4. Re:can't work even if they wanted it to by Anonymous Coward · · Score: 5, Informative

    Blackberry has been available in India for the last 3 years without the government or DOT raising a single issue about terrorists.

    Its just when Tata Teleservices offered to provide the service that this suddenly became a 'terrorism' issue. Airtel and Hutch now Vodaphone have been providing blackberry since 2004.

    This is not about terrorism but corporate politics and influence peddling which is the way of business in India. RIM just has to pay some money to the right people and this will die a natural death or ask Airtel/Vodaphone to stop their lobbying against Tata Tele.

    Terrorism is fast becoming a favoured excuse and people should be a tad more skeptical before jumping to conclusions about threats that may not exist. Terrorists have many ways of communicating without resorting to blackberry. You can't stop technology because it can be abused.

  5. Re:can't work even if they wanted it to by Anonymous Coward · · Score: 4, Informative

    The others support SSL-encrypted IMAP and SMTP. I just don't see the appeal of the way BB does this stuff....

    What? You didn't drink the kool-aid? Seriously, I used to wonder the same thing, but the blackberry is a far better platform.

    You're right, lots of mobile devices can do POP/IMAP/SMTP with SSL. So, you've got your mobile device, and you want to see if you've got email. You click the "check email" function, or it runs in the background all the time, checking every five minutes for new mail. That's called "pull" email, and it means you run up a considerable data bill, even when you're not sending email. There was some poor guy bought an iphone immediately when it came out, activated it with AT&T, then took his shiny new iPhone to Europe on a trip. The default for the iPhone is to check for new email every 5-10 minutes, even if the phone is not "on". So this poor sucker gets a huge international roaming data bill even if he didn't send/receive a single email.

    By comparison, the blackberry is "push" email. There is no need to check for new messages. If your email account gets a new message, the server pushes it to your device. Unless you are sending/receiving a message, your data usage is zero. If the guy had a blackberry instead of the iphone, his international data bill would have been zero. Lots of people & companies like that, especially those of us who live in countries with ridiculously high data rates (like Canada - we are in the dark ages when it comes to mobile phones & services).

    Does your nokia/treo/ericsson sync your todo list, calendar and address book in real time with your desktop?

    In a large company with 50,000 employees, a blackberry can look up email addresses in active directory or notes.

    RIM also realized the limitations of the handheld form factor. Even with a big screen handheld, you don't want or need the full html-ized email that most people send these days - it's not going to display well. So, why send all this data that doesn't display well? When the email arrives at the blackberry server, the server strips out most of the html fluff (which can reduce the size by 50%-90%), then compresses the message with a conventional compression algorithm, then encrypts the message with AES, then sends it to the blackberry device. That reduces the data bill even further. Beancounters like that.

    Since big attachments aren't going to display well on a small handheld screen, the blackberry server compresses & modifies the attachment to a form that will display well on a small screen. Does your nokia/treo/ericsson do that?

    What about device security? Does your nokia/treo/ericsson store the pop/imap email securely on the device in encrypted form? Nope. Blackberries can do that.

    Does your nokia/treo/ericsson support PGP and S/MIME for extreme paranoia? No, but blackberries do.

    RIM provides full documentation and a developer kit to build your own applications. You don't have to beg apple please pretty please can I write an application and put it on my own phone.

    What if you lose your blackberry with all your important company secrets on it? The blackberry server can remotely lock the handheld, or even wipe the entire thing with a single command. Does your nokia/treo/ericsson do that?

    Some companies are required by law (like investment banks) to track all communications that staff have with clients. Does your nokia/treo/ericsson do that? Blackberries can track every phone call, email, SMS, IM and PIN message.

    Can you prevent your staff from installing software on a nokia/treo/ericsson? You can with blackberries.

    Can you prevent your staff from using the internet, bluetooth, memory cards, cameras, GPS, or long-distance calls with a nokia/treo/ericsson? You can with blackberries.

    Don't get me wrong, blackberries aren't needed by everyone. But they are very handy, and the best mobile messaging platform, by far.