Slashdot Mirror
RIM In Trouble For Not Violating Privacy
sufijazz writes "The US government is not alone in wanting to snoop on everything citizens do over email/phone. The Indian government wants that right too. RIM is stating they have no means to decrypt, no master key, and no back door to allow the government to access email." The article notes that 114,000 BlackBerries are in use on the Indian subcontinent. The government is concerned about attacks by militants and sees the BlackBerry as a security risk.
Phone companies in the US, maybe elsewhere, are legally required to facilitate eavesdropping under CALEA. End to end encrypted data services such as Skype and Hushmail have escaped this so far.
Will they be faced with the dilemma of changing their architecture versus being banned? Will they lose confidence no matter what? Hushmail at least used to publish their source code, but Skype is closed source and the binary is heavily obfuscated.
Sure, that's what they say to the public...
I know you're joking, but the Blackberry platform has been audited from end-to-end by the governments of Canada, United Kingdom, Austria, Australia, New Zealand, United States, Norway and Turkey. Also approved by NATO and the Fraunhofer Institute for Secure Information Technology in Germany.
There may be back doors, but that is a pretty wide spectrum of institutions.
And frankly, you really don't need a back door. The blackberry is a secure conduit between a handheld device and an email server. So what if you can't crack it in transit. Just go to the email server, and seize that. Or throw the guy with the handheld in jail until he answers your questions.
... and is protected from disclosure.
So, what happens when trade secrets leak because some gov employee got bribed to access them and pass them to a competitor?... I would assume RIM could also be held liable for loss. And its harder to sue (and win) against a government, esp. somewhere like India. A lot easier to drag RIM in front of a jury in the US.
How's this any different to a US government employee being bribed to arrange a tap on a business phoneline and passing details of any conversation to an outside party?If the Indian government wants to be able to spy on their own Blackberries, then run their own BES cluster. That way they have the data - problem solved.
Of course, knowing how hard it seems for RIM to let the gummint look at data, I may not give up my BB after all.
deleting the extra space after periods so i can stay relevant, yeah.
I suppose you have little knowledge about India. Perhaps the situation is not as bad as some other countries but the indian police and indian jails are scary enough to begin with. If you tell an indian that the police tortured someone or that some guy in prison got thrashed pretty nasty, I doubt s/he will be surprised. At least I won't. The situation is even worse if you don't live in a big city where situation is perhaps better. I come from a small village/town and you have to bribe the police even to file a report and even then they are pretty nasty to you. And it is pretty common that if a policeman stops someone who doesn't appear to have a "good background", a slap precedes any question.
Perhaps if one is suave enough to be using PGP or "rich" enough to have a blackberry things are different but for most people *any* involvement with law-enforecement agencies is bad news already. Gitmo is perhaps tame. Of course that doesn't make gitmo right, but a statement like "they need their own gitmo" is humorous in a dark sort of way.
What evidence are you basing your opinion on? I'm just asking because I've seen plenty of evidence to the contrary.
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
Solving terrorism is not as easy as just dealing with it. Somewhere in that someone has to fill the gaps between desiring to solve it, finding the cause, and eliminating the cause. The best minds and entire nations have been working on it for decades, yet it still persists. At some point, desperation kicks in and all the remaining options, although Orwellian, will be tried.
I don't think terrorism will ever be solved. It's an unrealistic goal so what needs to be decided is what level of freedom do we need and what cost of life is going to be acceptable to maintain our freedom.
Camping on quad since 1996.
Yes, but blackberries make it easy to communicate securely. You don't have the hassle of a PKI infrastructure with S/MIME certificates, or using PGP.
Actually you do have that infrastructure, and its managed by the IT people running the messaging server. That the point. Its all there, and its managed by the enterprises not RIM. That's why enterprises trust it... because they managed their own pki infrastructure, not RIM.
RIM made their devices support using it easily and out of the box, but they wouldn't have sold any if they hadn't, given who their original target market was.
The "problem" now is that I can setup an Exchange server in 'country X' and sell Blackberry hosted accounts on it to criminals or whoever, with end to end encryption to my server. And there is nothing the local government can do about it. They can't snoop on the data because its encrypted, and they can't even issue a warrant to the account host to get the data, because its in 'country X'.
I can snoop of course, because its my infrastructure, and I do have the keys. But my business and reputation is staked on not snooping, that's WHY I have customers.
Except there is a lot you can do on BES that a plain 'ol BB can't do by itself. THB, BES licensing isn't that expensive - especially compared to MS licensing. Heck, T-Mobile gave me 500 free BES CALS as part of a promotion with RIM just for buying blackberries (which we got at a steep, steep discount as well).
In a small cost-centric shop you don't need a BES. In a medium size enterprise where security, accountability, monitoring, and support are more of a focus the BES is extremely handy if used vaugely correctly.
You can get rich if you own a politician, but you have to be rich to buy one in the first place.
I am sorry but the BES server you need to make it work is a pice of crap. Sure the software might be easy to work with but, it does just nasty things when it comes to exchange integration. Rather then make a connector or something you could add to the event sync, it sits and uses MAPI. This makes for one lots of overhead and sucktackular performance, (if you have a lot of users it will KILL whatever box its running on) as in don't bother running any other apps there and if you make it a VM it will suckup the entire blade quite hapily. Then on top of that it makes you Exchange Administration more of a headache then Exchange Administration already is, in that its INCREDIBLY sensitive to what version of store.exe your running. Don't even think of service packs or hotfixes until its been checked out on BES. I would love nothing more then to get all of our users over to Windows Mobile or Pocket PC. I use it with Exchange Active Sync and yes it does SUCK compared to the BB user experience but its much less nasty on the backend. Personally I would love to kick Exchange out the door and just deploy a nice IMAP solution or go back to Notes but I don't see that ever happening.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Anyway. Back to business and on to your your reply.
It's too late. In 2008, you can be stopped, required to show your 'papers' (driver's license), questioned and interrogated, threatened with guns, shot, arrested, and taken into custody without committing any crime. How? By police. There are so many laws on the books that at any given moment in time you are guilty of something, even if it's a matter of interpretation and you eventually get off, it can still happen causing you grief, humiliation, financial loss, and wasted time. The depressing part is it's worsening by the month.
My stance would not be so aggressive. I would draw the line at our borders. Inside our borders, yes, but outside no. I don't feel invading other countries to root out 'tarrists' and thus create new 'tarrists' is a wise plan of action, nor is losing our moral ground.
We all have different definitions of fighting though.
Camping on quad since 1996.