Slashdot Mirror
Blackberry Gives India Access To Servers
Meshach writes "As happened earlier in Saudi Arabia Blackberry has reached a deal that allows Indian authorities access to the transmissions of hand held devices. Much of the fear comes from worries about terrorists: Pakistani-based militants used mobile and satellite phones in the 2008 attacks that killed 166 people in Mumbai."
How long before every country decides that in order to allow RIM to operate they need to open up their servers?
"RIM gives India access to servers"
Last time I checked, Blackberry was just a mobile device brand name !
The better question may be "where has this already happened with a gag order attached to the request?"
This is like banning box cutters on planes because the 9/11 terrorists used them, as if terrorist can't figure out how to enocde their messages in other ways. Terrorism isn't the reasons for this, repression is.
Oh, I get it now ...
If it is Saudi Arabia and the UAE, it is all about censorship ...
But if it is India, it is a move against the terrorists ...
It is all about spin ...
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
By overtly giving access to these governments they can scan for US or European business partners (hopefully RIM limits to the local to that country traffic). This allows them an unfair competitive advantage as they can then direct local companies often state owned or controlled to change bids or marketing approaches. Saudi Arabia this might apply to leveraging better prices from suppliers or from gaining a better advantage in the financial sector, and in India it means they can now cherry pick information related to manufacturing deals to gain advantage over the people looking for competitive bids between India and other outsource manufacturing (and outsource software development).
This is not good. Corporations should strongly consider if RIM is a viable solution at this point.
- Tjp
I am in wallow with my inner money grubbing capitalistic pig. ... Oink!
Indians and those who think like them must think folks bent to do bad things (read harm society), are fools. To defeat any kind of snooping, all bad people have to do is to communicate in code.
That is: "Let's have dinner tonight." to mean "The materials will arrive next week Tuesday."
Now defeat that.
I know RIM is only providing meta-data on the content, but honestly, are you telling me that this *wont* be used to spy on a corporate competitor?
India is corrupt in a very "Who me?" way. This law has only abuses, in a country where you can buy a SIM for 5 dollars, with a photocopy of just about anybody's id. The terrorists don't need to bother with the BB or anything even remotely expensive - the underworld maybe (The D Company), but not the "kill them all and let God sort them out" category of terrorists.
But it's not like India is the first place to do this. Echelon was used similarly, I guess to spy on foreign firms.
Quidquid latine dictum sit, altum videtur
I somewhat can understand the concern of law enforcement that a secure mail environement makes their job more difficult. On the other hand, giving access to the RIM infrastructure implies that you are no longer innocent until proven otherwise, but you are now suspect until your innocence is proven. BAD
While Internet Service and PIN2PIN messages seem to be encrypted with the same key for everybody, RIM always claimed that enterprise mail is encrypted with a unique key end to end from the enterprise server to the device and that nobody else has this key, specially not RIM. Enterprise mail solution is crypted with AES 256bit, so if this is true, your corporate mail should still be safe. And if you don't trust this, use S/MIME or PGP or don't use mobile corporate mail at all.
Anyway, this step does not increase the customer trust in the RIM solution, I really hope for a clear statement from RIM on this purpose.
They can always go back to using number stations on the shortwave bands. Just a thought.
Instead of complying with evils requirements, RIM could have well say "thanks but no thanks", thus doing a lot of advertising on how secure they were, and how strong their privacy concern was. This would have had a tremendous marketing effect. We would have all think about RIM as a very good company.
Now, we all know that RIM's network is full of spy watching us. The fact that appart from these spies, the network WAS to be considered very safe doesn't add up. We 100% know now, that somebody is listening.
They might have succeeded in keeping their market up and running in India and other Arabs countries, but now myself and many others well understand that we wont ever be able to trust a blackberry again. I really think this will hurt RIM in the long run. At least I wont forget, and will continue using OTR on open platforms like the n900.
Can you believe the unmitigated nerve of those crappy little backwards countries and their oppressive Big Brother-ish monitoring of their citizens!!? Thank god nothing like this could ever happen in the United States, where we actually give a rat's ass about protecting our privacy from the government!
Oh, wait... Well, shit.
Source: http://www.securityweek.com/rim-statement-india-demands-access-messaging-services-no-ability-provide-its-customers%E2%80%99-encryption-k
I took this as "fuck off, but I guess they got a wizard to, in some way, hand governments unencrypted data without decrypting it?
*sigh*
I understand its just business, and $ win, but you have lost a customer.
Keep it up, and I hope you go bankrupt.
"You want to know how to help your kids? Leave them the fuck alone." -George Carlin
hey white american teenagers! ;)
watch this and remember: the indians, the chinese and the russians are gonna eat your lunch (cue crazy laugh)
http://www.ndtv.com/news/videos/video_player.php?id=157644
India just gave 38% of smartphone users a RIMjob.
It comes with Dingleberries.
India actually did get hit recently by Muslim terrorists who received intelligence, coordination and orders from neighboring Pakistan over mobile phones for several days as they moved through Mumbai targeting non-Muslims and racking up a body count of 166.
Saudi Arabia and the UAE didn't suffer any recent attacks coordinated and made possible by mobile phone technology, and both have historically been far more willing to curtail free speech than India (which isn't anywhere near US standards for free speech itself).
RIM should have hung tough and refused India's request, but at least India had a legitimate reason to ask. "All about spin" - yeah, darn that annoying reality and how it gets in the way of the narrative you prefer.
Well, RIM will never confirm this deal because if he does, the Blackberry bussiness is going down.
This may confirm what we all know, there is always back doors. No matter how long the encryption key is advertized, my email password is always reaching my server in just plain text (sometimes over ssl) and there is where the fun is.
Get my e-mail after a captcha test in: http://tinymailt
Your bladder is connected to your vagina? Freak!
Just how many of the Mumbai attackers were using Blackberrys? And how many will, as already pointed out, just use something else. Plain old walkie-talkies and code words maybe?
She has a fistula, you insensitive clod type chap!
From the video (3:12):
When Blackberry told the Indian government: India needed a lesson on the Internet.
Hahahaha! But that's not realistic anyway - Indians know as much as us.
---
The key thing is this: It's encrypted data at the cellular operators. ... The government actually monitors here - cellular operators. ... "We don't want to monitor the Internet, we are monitoring only here, because we are interested in mobile phones used by terrorists, not by Internet being used."
Which RIM refused - to decrypt the emails.
---
However, Blackberry messages (instant messaging) is done at a much lower encryption level (which the video calls "scrambling"). To unscramble, you only require the PIN and Blackberry code. Which RIM has (according to the video) given to the Saudi government.
Interesting video.
Comment removed based on user account deletion
and they made my decision on which smartphone to get when my Blackberry Storm kicks the bucket a whole lot easier. One of the reasons I went with them was because of their relative integrity when it comes to my information. If that practice is going out the window then my business just went out the window for them as well, and I'm certain I'm not alone.
This is a joke. When the article was about Saudi Arabia the article showed how ignorant, backward, and censored they are.
Here when it comes to India. Oh yea they blocked it because the "Pakistani"-Based militants! It is their right to have local RIM servers.
Saudi blocked for security reasons just like UAE. which mainly came from the assassination that happened few months ago.
Verizon has delegated enough authority to let the UAE write SSL certificates impersonating any site which will get automatically accepted by most browsers, so don't you think it's getting hard to know if your communications are actually secure from eavesdropping?
Part of the problem of secure communications is that there are too many governments who don't want people to have them because people can (and do) plot nefarious things with them.
"Pakistani-based militants used mobile and satellite phones..."
Were they Pakistani? Or Pakistan-based?
Just like a person can be English or England-based but there's no such thing as English-based person, there's no such thing as a Pakistani-based person.
Grammar nazi? Perhaps. But it's kind of unfortunate when we can't even get regional cultural terms right before setting ourselves up as experts and discussing the nuances of what's morally right or wrong for that region.
Pakistan has been the (alleged and many a times proven) source of funding for most terrorist attacks. Blackberry has been the alleged/potential medium for communication for terrorists that can not be traced. I see nothing draconian about Indian government requesting Blackberry asking for tracking their data, specially when ever other telecom provider does.
Btw. even today there is a news headline about how Indian police cracked a murder victim by tracking his cellphone calls:
http://timesofindia.indiatimes.com/city/bangalore/Infosys-manager-confesses-to-killing-wife-held/articleshow/6308212.cms
May be Indian police men are not able to track such communications in Blackberries.
Hello, I m a Indonesian Blackberry usr.
My country is spyin on me and I got 2 get a lot of $$$ out of the country.
Plz help. Let me store sum $$$ in ur bank 4 a bit.
txt me the acnt num, U can has interest 4 thx.
In the end, to be safe and secure, set up your own end to end encryption system.
Does are these countries also Banning SSL? Anyone that gave a shit could easily set up webmail with any one of thousands of hosts. I don't see how this does anything except make RIM look like a giant bunch of pussies. Most companies force their employees to use blackberries for the very reason that they think they are secure. Is that going to continue when not only are they insecure but they are publicly being monitored by countries that are world renown for their corruption? What happens when I fly to these countries? Does rim just hand over my account wholesale? Or do they just get access to what I do there? Or are these servers full mirrors already, so even what I do in the "free" world is indexed?
Given that RIM never actually lets go of the handsets after their sale, I have always felt a little uncomfortable about their vendor lock-in model. After all, it is a model that makes even Apple and Microsoft jealous as they have managed to pull it off without too much discussion or resistance at all. The only time you hear about it is when their network servers go down for a global blackout. And even then people complain "dumb network model" and not "greedy business model."
We don't know the limits of the information these governments (and those who have access to the governments) may have. And frankly, I don't like it.
So as of two days ago, it is "rooted android" for me... and it was long over due... damned crackberry kept me addicted for so long.
Why is this modded flamebait? Mods have no sense of humor.
Wow... I had no idea that existed. Bowels<->stomach is a recursive horror.
Much of the fear comes from worries about terrorists
I suspect that the rest of the fear comes from worries about pedophiles.
I mean, those are the two biggest excuses to subvert freedom and expand government power in the West, so why not in India, right?
Seven puppies were harmed during the making of this post.
RIM gave them access to encrypted data. RIM has no access to the unencrypted data, they don't have the private keys. Much like giving access to your SSL communication data. RIM will not make a big fuss about it, to help those countries to save face.
While many complains about the fact that all data goes though the BB enterprise server, that's what is guaranteeing that all wireless data is controlled by the enterprise and secured between the BES and the devices. Once on the BES (from the wireless network), BB data travel via the Internet and is facing the exact same challenges as any other secure protocol over the Internet. If countries want to have access to their citizens BB communications, the best way is to get a court order (or whatever relevant) to install an eye dropping software on the BES or BIS.
And by the way, the argument that all BB users can exchange messages without government intercepting in their own soil is ludicrous. All wireless service provider can run BIS in their network, thus being in reach of national authorities to get access to the content.
Of course with a lot of determination, they may get access some data, and in 10-20 years most if it if not all (provided they are willing to keep it all that time).
I stopped reading when I saw the 'neither does Pakistan' bit. Would be good if you did a Google search for 'Pakistan ISI terrorist support wikileaks'. You will change your opinion pretty soon.
Yeah, it's comin' real soon. http://news.softpedia.com/news/Canadian-MP-Pushes-for-Legislation-to-Lower-BlackBerry-Security-107837.shtml
I assume that every single electronic communications system in the world is compromised.
We should be moving to a standard where every single communication is encrypted, not by the carrier, but by the user. It needs to be ubiquitous.
Is there an app for the iphone to encrypt calls?
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
with al the effort by government to get access to the comm transmissions on Blackberry's, that SEEMS TO INDICATE that they already have access on other mainstream networks and brands.
this is really worrying.
g
if you want to communicate securely, without every government under the sun listening, you have to manage the encryption yourself.
So the CA system has been demonstrated untrustworthy, with rogue roots in the wild. Now how does one validate the first contact with a given party? There is the OpenPGP global web of trust, but as I understand it, joining it requires flying to key-signing parties, and a lot of people don't have the finances to fly often.
h1b1
Is this supposed to be some sort of portmanteau between "H-1B visa" and the naming scheme for Influenzavirus A strains, such as H5N1 "bird" flu or H1N1 "swine" flu?
anyone truly needing encryption will manage their own layered end-to-end solution or have someone competant handle that for them.
Online shopping customers need encryption so that criminals don't intercept information that could be used to forge purchases. What sort of end-to-end solution do you recommend for web merchants if rogue root CAs have made HTTP over TLS untrustworthy?
... If that practice is going out the window then my business just went out the window for them as well, and I'm certain I'm not alone.
I certainly understand your sentiment. I wonder where you will go as an alternative? Even if a competing service "refuses to back down", how can you be certain that your messages are not being intercepted? In this day and age, I think we all have to assume that anything we didn't encrypt ourselves is being read by somebody.
The difference between US and India is that with Indian authorities this was released to the press. US instead puts a gag order and then probably gets everything they want.
NSA probably has a back room in blackberry - or has the encryption codes itself.. !
"Despite what we are hearing, and considering the public track record of this administration, I simply do not believe their claims that the NSA's spying program is really limited to foreign communications or is otherwise consistent with the NSA's charter or with FISA," Klein's wrote. "And unlike the controversy over targeted wiretaps of individuals' phone calls, this potential spying appears to be applied wholesale to all sorts of internet communications of countless citizens."
One of the documents is titled "Study Group 3, LGX/Splitter Wiring, San Francisco," and is dated 2002. The others are allegedly a design document instructing technicians how to wire up the taps, and a document that describes the equipment installed in the secret room.
Read More http://www.wired.com/science/discoveries/news/2006/04/70619#ixzz0wavMN6aB"
Whooosh
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
I know a number of people with corporate-issued Blackberrys. One of the featuures that made these attractive to corporate customers was that RIM set them up with their own server infrastructure. This placed encryption and data security in the hands of their IT departments. While the networks over which data traffic travels might be intercepted by foreign officials, those messages remain encrypted until they arrive at the company servers. RIM is out of the loop.
How do these governments deal with such networks?
Have gnu, will travel.
this is a slippery slope that RIM has created for itself and there is no turning back now.
http://weboven.blogspot.com
But thanks to the 'National Security Letters' power, they don't have to tell anyone, and they can force all the parties involved to not disclose to the public that ALL UR BLACKBERRY MESSAGES ARE BELONG TO THEM.
> TSA extended the definition of box cutters to include _nail clippers_
I stopped taking you seriously after this. TSA stopped banning these years ago.
I can’t be leave RIM is going to do this they never crumble to anyone. I guess like the article says this is a business move. This is where technology security and the finance department but heads and usually the finance department wins seen this many times in companies.
http://www.thetechnologygeek.org
There are worse things that can happen than losing a bit of your privacy to a government you cant trust.
How many people have terrorists killed? Now how many people have governments killed? In the past century NAZIs killed more than 600,000 Jews alone. At the same tyme Stalin's Soviet Union killed 20 million and Mao 60 million in China. More recently, from 1975 to '79 the Khmer Rouge beat the NAZIs body count, estimates of more than a million were executed. At the same tyme with the support of the US Indonesia's ruler Gen Suharto ordered the invasion of East Timor. After the 1975 invasion 200,000 East Timorese, 1/3 the population, were killed. Also in 1979, and after, people in Iran were persecuted for not living according to Sharia Law. Next door in Iraq throughout the 1980s and '90s Saddam ordered chemical weapons be used against others in Iraq. Or take Rwanda, in 1994 an estimated 800,000 people were mass murdered.
Still think terrorists are a greater threat than government?
Falcon
Should there be a Law?
Now if I want to send a private messages to my militant friend who is going to blow something up in India, I encrypt it BEFORE I send it.
Problem solved.
Maybe I am wrong, but is there not some huge water disaster over there right now flooding etc... should this not be like, the least of their concern, and maybe getting relief and food out to their people, instead of wanting blackberry towers? Maybe they will all be able to text where they are located to send the boats for them???
DNSSEC
So what should a self-signing merchant use to take payment information between August 18, 2010, and the day when both the major home ISPs and the installed base of home PC operating systems have implemented DNSSEC?