RIM Reaches Temporary Agreement With India

Canadian_Daemon writes with news that India has granted a 60-day reprieve for their threat to ban BlackBerry devices while the government evaluates RIM's proposal for "lawful access" to users' encrypted data. "The Ministry of Home Affairs said in a statement it would review the situation in 60 days after the Department of Telecommunications studies the feasibility of routing BlackBerry services through a server in India. India wants greater access to encrypted corporate e-mails and instant messaging, though it remains unclear precisely what concessions Research In Motion agreed to in order to avert the ban. About one million BlackBerry users would have been affected in India. 'RIM have made certain proposals for lawful access by law enforcement agencies and these would be operationalized immediately. The feasibility of the solutions offered would be assessed thereafter,' the ministry said."

RIM job

[roman_mir]

Is it the kind of agreement when RIM rims the Indian gov't and pays stacks of bribes and then all rim users are also forced to rim the Indian gov't?

well, judge for yourself

About one million BlackBerry users would have been affected in India.

"RIM have made certain proposals for lawful access by law enforcement agencies and these would be operationalized immediately. The feasibility of the solutions offered would be assessed thereafter," the ministry said.

Re:RIM job

[spun]

I'm not sure what you're so angry about. Do you disagree with a government's right to subpoena evidence? What are the bribes you are talking about? This doesn't sound that much different than our American law enforcement demanding the ability to tap phones, given a proper warrant. If it is different, you haven't explained how, and if it is not different, you haven't explained how society would benefit by letting people keep secrets from the courts.

Re:RIM job

[bhagwad]

This is different because the Indian government wants the right to tap phones without a warrant. The whole privacy thing hasn't really been discussed in India yet.

Re:RIM job

[Infernal+Device]

NO governmental authority should have access to a private citizen private data or communications (encrypted or otherwise) without a court order.

Re:RIM job

[spun]

Are you saying the Indian government does not need a warrant to tap private communications?

Re:RIM job

[spun]

And ice cream tastes delicious. Tell me something less obvious and more related to this story. Unless I am missing the part where India does not require warrants, this just sounds like what we did here in America, requiring that telecommunications providers give law enforcement the means to lawfully tap communications when a court grants them a warrant.

Re:RIM job

[bhagwad]

That's what I'm saying. I'm saying that the Indian government wants the ability to access private communications without any sort of check or balance and without a court order. I've been following this story for some time now (since I live here) and I'm pretty sure of this.

Re:RIM job

[spun]

If that is the case, then THAT should be discussed more clearly. What, in particular, are you talking about? Assume in your explanation that most people reading are not, in fact, from India and don't know the first thing about Indian laws or politics.

Re:RIM job

[Lost+Race]

The problem is the Indian government (and others) denying mathematical reality, and RIM (and others) crippling useful technology to support the fantasy that strong encryption doesn't exist.

Re:RIM job

[roman_mir]

I disagree with anybody at all trying to get their hands on any communications whatsoever, courts, no courts, but what we are observing here is not about courts, it's about bribes and it's about gov't wanting to wiretap people at will with no court even. And yes, I disagree with any wiretapping at all, completely.

Re:RIM job

[radtea]

What are the bribes you are talking about?

I've never heard anyone in India suggest that the Indian government is anything but corrupt at all levels. However, unlike the United States, India has a semi-functioning semblance of democracy, which makes it necessary to hide this kind of shakedown behind "national security" claims. Although the ghost of democracy has just barely enough kick left in it in the US that those sometimes play out there, too.

So the difference between the bribes RIM is distributing in India today and the bribes they have distributed in the US in the past is that bribes in the US are legal campaign contributions, because corruption has been completely institutionalized in the US, whereas India still has quite a bit of catching up to do.

Re:RIM job

[spun]

I disagree with warrantless wiretapping, but I do like the ability to gather information about crimes. Have you thought about the consequences of your position? How would you handle prosecution of crimes without any covert investigation?

Re:RIM job

[roman_mir]

I am absolutely indifferent to such concerns, I do not care to make someone's job easier by legal means at all, let them compete on how they do it. Obviously my position is not what most people have.

Re:RIM job

[oldspewey]

pays stacks of bribes

Times are (slowly) changing, but bribery and corruption remain a solid option when dealing with Indian bureaucracy.

Re:RIM job

[roman_mir]

with any bureaucracy

Re:RIM job

[spun]

Just as a thought experiment, would you feel differently if you were the victim of a serious crime? It sounds as though you simply do not care if the guilty are caught and punished. You are right, that is not the position that most people have. Maybe you could explain why you hold such a seemingly self-endangering position?

Re:RIM job

[roman_mir]

once someone is a VICTIM of a serious crime, at that point catching and punishing the will not change that fact. The problem is becoming a victim in the first place and no gov't can do anything about it, in fact they only make it worse by meddling with economics and destroying economy and creating more crime in process. I don't know your views on economics, so I don't want to go into a lecture mode.

My point is that you have to watch out and be able to protect yourself, and in reality gov't often stands in the way of that and it really doesn't care about you personally if something happens to you, it only catches/punishes people because they get out of line and seem to challenge their authority in a system, they won't have that. I don't have a reason to support any gov't activity.

As to wiretapping, I hope people learn to encrypt all of their important traffic.

Re:RIM job

[spun]

Huh, I thought government reduced crime by catching and incarcerating criminals, removing them from the population and providing a disincentive for other criminals. But then again, I also thought government kept free markets free by enforcing rules and punishing unfairness so that the richest could not unfairly dominate and control said markets like they used to do back in the bad old days of lassez faire. So yeah, I don't think we're on the same page at all.

Suffice it to say, I'm no longer interested in hearing anything you have to say about government. You hate it, I get it. Yet I imagine you still choose to live with one rather than go off and form your own society, don't you find that a bit hypocritical?

Now, I can understand not wanting to live in a society with a government. Some people are just hermits. But it sounds like you really don't want anyone to have a government. Why would that be? Well, the primary purpose of government is for the weak to protect themselves from exploitation by the strong. So, my natural assumption is that there is one simple reason that people want to force everyone to stop using governments to protect themselves: they want to exploit those people.

Re:RIM job

[roman_mir]

cheers.

Re:RIM job

[BitZtream]

Right up till we stopped actually getting warrants before the wiretapping started.

In principle you are correct, in reality, warrants aren't really a requirement to wiretap in the US.

Re:RIM job

[Ainu]

When I look at this issue, one thing that comes to mind is a lot of investment banks run part of their IT operations in India. With regulations as they are in North America, how long do you think the banks will keep their operations in India if they can't guarantee security with their communications?

Re:RIM job

[Jaggu19]

... the ability to access private communications without any sort of check or balance and without a court order.

Cite sources please ... there is nothing in the news that says it happens unlawfully. If, however, the _law_ says that it can be done without a court order (and with the Indian equivalent of a National Security Letter) - then why not ?!

Re:RIM job

[pirhana]

Just google for Indian Information Technology act amendments 2008 and read it yourself. It is much worse than any of you even think. Probably the worst IT act in the world ! If you are lazy to read the whole stuff, just read my personal blog about the same http://nasirudheen.blogspot.com/2010/02/in-name-of-terrorists.html

Re:RIM job

[bhagwad]

That's why there are bad laws. Laws that are passed without debate and which need to be changed. Laws that are immoral.
The Indian government wanted real time access and refused to wait for even two days for RIM to give them what they wanted. You think they'll wait for a court order? India just doesn't have strict privacy laws.

Sneakernet

[iamhigh]

This is why sneakernets will never go away; perhaps they become even more valuable in this new era where the government must be able to know all of your communications... just in case, you know.

That was central to the plot of the Matrix; just replace machines with upper caste.

Re:Sneakernet

The government can buy sneakers. The problem is knowing who to trust in your sneakernet.

Re:lawful access by law enforcement agencies

[oodaloop]

Why, when reading your post, do I have the urge to imagine a schizophrenic vagrant yelling it from a street corner?

makes sense

[prashanthch]

India faces as much terrorism risk as any other nation, Indian security forces need to be able to access information that they need in order to prevent acts of terrorism. I can see cases where the information will be abused but such risks are no match for the benefits. I recall watching a documentary on the Mumbai terrorist attacks from 2 years ago where we can hear the chilling instructions to kill hostages being given to the terrorists on the ground from *our friends across the border*. Such evidence would be impossible to get if the intelligence agencies do not get access to communications data.

Re:makes sense

[walshy007]

I can see cases where the information will be abused but such risks are no match for the benefits.

Some of us would rather die fighting than succumb to having certain freedoms taken away such as you describe.

It is a slippery slope, and while I am not american, it is easy to quote "those who trade liberty for safety, deserve neither"

Their measures will fail the intended purpose though, nothing is stopping anyone serious from encrypting their emails using gpg or the like and they still can't figure out the contents of the message, only who contacted who for some unknown reason.

Re:makes sense

[bhagwad]

I can see cases where the information will be abused but such risks are no match for the benefits.

Oh please. I'm an Indian and this is bullshit. What are the "benefits?" The chances of me dying in a terror attack are less than being hit by lightning. I'll take that risk and won't complain if I die thank you very much.

Re:makes sense

[Trahald]

Fearful ninnies like you are the reason why India has been a walkover for every foreign invader that ever bothered to cross the border. Grow a pair man. You are giving up your privacy and your freedoms for an illusion of security.

If you've ever had anything to do with Honorable Government of India, you will know that this sort of acess to private communications will be used to pursue terrorists 1% of the time, and the remaining 99% of the time, intelligence babus will be snooping on messages of rival political parties and the pretty girl next door.

Re:makes sense

[prashanthch]

Fearful ninnies like you are the reason why India has been a walkover for every foreign invader that ever bothered to cross the border. Grow a pair man. You are giving up your privacy and your freedoms for an illusion of security.

If you've ever had anything to do with Honorable Government of India, you will know that this sort of acess to private communications will be used to pursue terrorists 1% of the time, and the remaining 99% of the time, intelligence babus will be snooping on messages of rival political parties and the pretty girl next door.

You are referring to an entirely different issue then, which is accountability. What I am saying is I don't see why Indian Government can't access RIM's servers while other nations can

Re:makes sense

[Decker-Mage]

Try saying that to the kin of those who got killed in a terrorist attack which could have been foiled if the cops had access to the data you want to deny them

Since everyone of my kin has served in the military and have an avid interest in a circumscribed government as per Thomas Jefferson and Benjamin Franklin, you won't get any complaints from them if I should get killed in a terrorist attack. In all actuality, given our various skill sets courtesy of self-same service, connections, and myriad (to say the least) favor owed, the terrorists will have their hands full dealing with the clan actively hunting them down, thank you very much. That doesn't even take into account good friends of the clan. ['Friends help you move. Good friends help you move bodies.']

Ben had it right: "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." As well as, seemingly despite attribution to Richard Jackson, the more telling point in this whole discussion: "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

Re:makes sense

[Rexdude]

Effective counter terrorism is about intelligence gathering. The old fashioned way, as was done before computers and the net. The real trouble for India started when then Prime Minister IK Gujral decided to shut down RAW's operations within Pakistan as a goodwill gesture, in 1998, resulting in complete failure to detect the military build up before the Kargil conflict of 1999.
Blanket spying on the entire country's Blackberry traffic won't amount to anything; terrorists will find other ways to communicate.(What's more, they used satellite phones, not Blackberries, during the Bombay attacks).
The games of espionage, counter intelligence, infiltration etc are just as valid now as they were during the Cold War.

Re:makes sense

[thegarbz]

Try saying that to the kin ...

Let me stop you right there. Why are we talking to the kin of people who died. People who have had their lives affected in adverse ways deal with problems emotionally and not rationally. A kid dies in a terrorist attack, the family will agree to any measure no matter how stupid or excessive to prevent another terrorist attack. Or lets take a much simpler situation, there was a stupid couple who did not watch their baby, or lock the door to the backyard. Baby fell into the pool and drowned. Now why the fuck should I put a fence around my own pool. I don't even have a damn baby.

I mean fuck the money would be better spent on lightning insurance for each citizen. Think that's a bad idea? Try saying that to the kin of those who got killed by a lightning strike.

See what I did there ;-)

Use PGP

[VincenzoRomano]

As an end-to-end encryption and validation. Then RIM is free to give access to that.

Re:Use PGP

[GrumblyStuff]

That'd be a great red herring.

It'd be easier to just use code.

When you go to Sanji's to make the cake for Ehimay's birthday, tell Tarani I said hi. I'm really looking forward to the party on Saturday.

Is there a right to keep secrets about crimes?

[spun]

I don't think there is a right to keep crimes secret in any society in the world. In fact, I believe it is in society's best interest to allow courts to compel testimony and subpoena evidence. I also do not see how you can claim that 'lawful access' is the same as 'unlawful access.' Or are you claiming that all governments everywhere will always lie to their citizens? For your own sake I will caution you that when you claim that governments are completely corrupt and evil and always lie, you are veering off into territory where few rational individuals will follow. Most of us recognize that democratic governments, while flawed, are vastly preferably to the tyranny of the strong that would exist without them.

Re:Is there a right to keep secrets about crimes?

[bhagwad]

Or are you claiming that all governments everywhere will always lie to their citizens?

If they have the power to do so, they will. Therefore, we must not let them get that power.

Re:Is there a right to keep secrets about crimes?

[spun]

Why do you think governments will always lie to their citizens if they can? And more importantly, if you are right, how do we stop them from lying?

Re:Is there a right to keep secrets about crimes?

[bhagwad]

Let's just say that as a rule of thumb, you give people as little power as possible. And if you have to give them power, you provide stringent checks, balances, redress mechanisms and transparency. The Indian government (my government) simply doesn't yet have those processes in place. Therefore I'm not willing to risk losing something as precious as my privacy if I have to trust a third party blindly.

Re:Is there a right to keep secrets about crimes?

[spun]

Subpoena of evidence is one of the most important powers that a civilized society uses to maintain justice. If that power is being abused, it should be corrected, but never done away with. Courts should always be able to compel evidence when necessary to decide a case. Otherwise, your society will soon be run by organized crime.

Re:Is there a right to keep secrets about crimes?

[bhagwad]

So we first put the checks in place, and then give the powers. Fair enough?

Re:Is there a right to keep secrets about crimes?

[Lost+Race]

Either the encryption is strong, and they can't access the data lawfully or unlawfully; or the encryption is weak (backdoored), and the data are accessible to both lawful and unlawful searches.

So providing "lawful access" is the same as providing "unlawful access". We just have to hope that the "unlawful access" option will never be used. Or we can say, "no access at all, sorry," because that's the fact of strong encryption.

Re:Is there a right to keep secrets about crimes?

[johanw]

No, it's something typical American. In The Netherlands, the police can come looking for evidence but you are not forced to give them anything voluntarily like passwords or locations where documents are stored. If they can't find it they can't use it, and if it later turns up anyway you can not be punished for something like "withholding evidence". In civilized countries where you have the right to get a fair trial you cannot be forced to cooperate with the government to nail yourself.

Re:Is there a right to keep secrets about crimes?

[spun]

It's your country, what I think shouldn't matter. Just because I'm an American does not mean I will bomb the crap out of you if we disagree.

Seriously, though, if your government has that much corruption, I agree with your sentiments. Its just that that was not made all that clear.

Re:Is there a right to keep secrets about crimes?

[spun]

That isn't what I meant, and even here in America you can not be forced to testify against yourself. But are you saying that the Netherlands police can not obtain a warrant to search your premises or tap your phones? I've never heard of anything like that before in any civilized country in the world.

Re:Is there a right to keep secrets about crimes?

[TheGratefulNet]

Or are you claiming that all governments everywhere will always lie to their citizens?

yes, of course. are you new to the planet earth or what?

Re:Is there a right to keep secrets about crimes?

[TheGratefulNet]

I still don't agree with you that the state should have the power to listen in on anything they want.

the core issue is one of 'ends justifies means'. I've personally had enough of that thinking with 8 years of bush, thank you.. we need to think beyond 'getting bad guys' and instead realize that we're pissing close to where we sleep (so to speak). by denying the right to privacy 'for the bad guys' we deny it to ourselves.

I'd rather some bad guys 'go free' than us good guy lose our freedoms.

life isn't about 'zero tolerance' on crime but I have to insist on zero tolerance on MY privacy.

yes, I make a value judgement and I don't at all agree with trading liberty for temporary perception of safety.

btw, society IS run by organized crime. I happen to think most elected officials soon become corrupt enough to meet the current accepted definition for organized crime. what I'd like is that the gangs of roving thugs be swapped out so that we get some fresh thugs in before we tire of those. that's about the best we can realistically hope for.

Re:Is there a right to keep secrets about crimes?

[Lobachevsky]

You don't need a weak (backdoored) system. You just need to make the private keys that the RIM servers use to talk to the clients to be available to the govt. This usually involves setting up domiciled servers within a country and giving those particular servers' private keys to the local authorities (as opposed to giving the private keys of the main Canadian servers). RIM has set up domiciled servers in Saudi Arabia and China and shared the private keys there. India wants a "me too" piece of the action.

Encryption is useless if there does not exist at least 1 person who can decrypt it. Currently it's the RIM servers. The Indian govt. wants to be added to that list.

Re:Is there a right to keep secrets about crimes?

[spun]

Nope, and I the only time I have seen governments do that is when the people let them. Government does not have to be corrupt.

Re:lawful access by law enforcement agencies

[poetmatt]

all caps IMMORAL would be that, in a nutshell.

You know, as opposed to logical or legal arguments, it's just "it's immmoral and therefore bad!" you know, like rock music, file sharing, books, reading, etc.

Re:Also Banning IMAP+SSL?

[alen]

you can scan the traffic from the ISP's. blackberries are encrypted at the phone itself along with 3G and other encryption

or in the real world a tiny minority of people are going to be using IMAP + SSL or HTTPS to check email. since this is outside the USA and there are less rights to worry about, just follow those people

Re:Also Banning IMAP+SSL?

[iammani]

Gmails defaults to HTTPS and gmail is the most popular one.

Why BIS is bad

[nathana]

See, this is exactly why device manufacturers shouldn't be making devices that are entirely reliant upon an external "cloud" service that is also controlled by the device manufacturer. If Blackberry was merely making devices that could be configured to talk to any server(s) using industry-standard protocols, they wouldn't get themselves into the kind of situation where 1 million deployed devices could have been turned into doorstops overnight. (Maybe my understanding of the way that Blackberries work is misinformed, and so my rant here could be completely groundless -- and just for the record, I'm open to correction -- but I am under the impression that Blackberries need to be in constant communication with the BIS servers that Blackberry themselves run in order to function.)

This is also why the whole push notification system that Apple came up with for the iPhone is stupid. If something goes wrong with servers that Apple controls, then suddenly that feature across every single phone that has shipped to-date is dead. Device features should not be wholly reliant upon a service that the device manufacturer controls...all you are doing is making a single point-of-failure when you do that.

-- Nathan

Re:Why BIS is bad

[mandelbr0t]

It would seem that the concern is over BES, the BlackBerry Enterprise Server, which works exactly the way you say it should. The difficulty seems to be that RIM does not, in fact, have access to the things that India wants access to. A BB device on BES communicates directly with the organization through an encrypted link, whose key is generated when the organization's BES administrator installs it. I don't see an easy technical way of solving this problem, since existing BB users would be required to replace their device with one that now invades their privacy, or a version of BES with a back door would be created. Either way, I don't see people rushing to comply.

Re:Why BIS is bad

[mSparks43]

Actually, I think you'll find its precisely the opposite of this. Previously RIM phones encryption was managed solely by the corporate infrastructure, which is why RIM had been saying its technically impossible to give the government what they wanted. Then Nokia went and installed a single point of failure (server to allow decryption outside of the corporate infrastructure) and it sounds like rim is doing the same. Intelligence agencies across the world have had this MiM set up for HTTPS and SSL for some time now.
Its not about protecting people from terrorists, its about allowing governments access to trade secrets. aka Industrial Espionage.

Re:Why BIS is bad

[Minion+of+Eris]

Sorry you are wrong, kinda. BIS ain't BES. BIS service connects you to your Gmail or HOtmail or whatever POP/IMAP account through your service provider. BES service uses higher encryption, and connects your device via the carrier to your own corporate BlackBerry Server which expands and decrypts the email and forwards it to your messaging server (Exchange, Domino, or GroupWise)or compresses and encrypts from the message server and forwards off to the HH. At no point is are those messagesx decryptable by RIM or anyone else (without spending way to many CRAY-years per message). There is a header that RIMs NOC uses to determine which carrier to hand off the encrypted data to, and which HH the carrier should send it to. BlackBerry's are capable of AES and 3DES encryption.

Re:Why BIS is bad

[BitZtream]

If RIM used 'industry standard' protocols then they just wouldn't be in business.

Their servers and lockin to that network is the only reason they are still in business.

If Android or iPhone had the full suite (and they are getting pretty close) of features that RIM offers than they simply wouldn't exist.

If there was a true open standard to do what RIM does ... and by open standard I mean an open to all standard that is actually implemented completely by more than one vender. That does not mean no cost, simply open (don't get your GPL undies in a confused uproar). than people would already be using that.

Nope, take away the fact that BlackBerry's depend on that server and you might as well just shut the door for RIM.

You might as well shut the door for them anyway. The only reason to own a RIM went away when Google started using ActiveSync to allow things like PUSH to the iPhone without any Apple involvement. Assuming they've rolled it out to others by this point then you have the option to use WinMo or the iPhone with full calendar, contacts, and mail PUSH sync that will also sync cleanly with your Mac or Windows machine ...

My iPhone doesn't seem that it has any connection to anywhere but Google and I seem to get Push working fine with them. /me shrugs. Maybe they are in the middle but I can't see it over wifi with the phone radios turned off so it'd have to be a cell only thing.

Re:Why BIS is bad

[sensationull]

Incorrect, BES talks to RIM's servers which in turn talk to the Blackberry devices. if this was not the case then why previously when the RIM servers went down for a couple of days was everyone including BES users up in arms about their email not working and being so reliant on an external system.

Nokia E series, Windows Mobile, iPhone etc all use a system which works by a direct connection to your provider/companies server over Microsofts ActiveSync protocol to provide push email, calander, etc along with SMS sync in later versions.

These may seem safer untill you realise that most are encrypted using keys from certification providers that can be compelled by governments to give out your encryption key rendering your own encryption transparent to them. The best bet is private keys generated by a trusted internal certification server if you actually want some form of privacy.

Re:Why BIS is bad

[nathana]

First, I don't think it's about BES (at least exclusively). If BES doesn't also go through RIM's servers (As in: your provider's Exchange server BES gateway Blackberry servers Blackberry phone), then why do all of the articles about this India scuffle to-date talk about "RIM's network"? (Yes, I read TFA.)

Second, if it was about BES and BES worked the way you imply it does, then it seems to me that RIM still shouldn't need to get involved. Sure, the communication over-the-air is all encrypted, but since BES (according to you) is simply a gateway to your corporate Exchange/Notes/Groupwise server, why not simply ask the owner of the server for direct access to its contents rather than dragging RIM into this? Or are you trying to tell me that IMAP4+SSL users or encrypted Exchange users on other phones that don't need to be tied down to a proprietary network will give the Indian government the same kinds of headaches?

-- Nathan

Apparently nothing has been provided

[krishy]

At least one article by an Indian journalist claims that nothing has been comprised and in fact summarises the exchange as: Govt of India: "We Won!", Blackberry: "Huh??"

Re:lawful access by law enforcement agencies

[tophermeyer]

I'm having difficulty not picturing each line of the GP's post as a horribly scribbled missive on a sheet of cardboard.

RIM on the way OUT

[Frosty+Piss]

Well, I have a feeling that all of this in the various countries that are less free than the USA (India, Saudi, etc...) combined with the advance of smart phones in general (Android) spells an end to RIM...

Re:Same deal USA has

[omglolbah]

Yup, that is why you want your own layer of encryption where you have control over the keys.

Only a matter of time before such a thing is illegal again I fear.

Re:lawful access by law enforcement agencies

[Jaysyn]

Because you are a jackass and / or part of the problem?

The other way around

[Rix]

The problem with doing it through RIM is that it allows the courts to keep secrets from the very people who are being investigated, thus denying them their due process right to challenge that subpoena. And that's exactly what India wants.

They can already subpoena the people in their jurisdiction for their email records if they want to.

Re:Also Banning IMAP+SSL?

[Jaysyn]

or in the real world a tiny minority of people are going to be using IMAP + SSL or HTTPS to check email.

Way to let everyone here know you are completely clueless.

Re:Same deal USA has

[b0bby]

If I remember correctly USA has access to every single blackberry email.

Is this actually the case? I was under the impression that RIM's servers are in Canada. It wouldn't shock me if the US government had access, but I didn't think that they did.

Re:Same deal USA has

[Minion+of+Eris]

RIM does not have "Magic Keys" the encryption handshake has always, and continues to be, carried out when the HH is activated on the BES. It's like asking for the "master algorithm" to PGP or Trillian - it is in large part random, and has something to do with huge primes.

This is just ridiculous...

[Khue]

Blackberry ensures end to end encryption between a user's mailbox and the device itself. From where I sit, the right thing for the Indian Government to do is to monitor the mail boxes and not the devices. If RIM bends to this demand, then you will start seeing this across the board from other nations. While it makes the job of the Governments easier, it's wrong to push RIM into a position where they have to comply. RIMs technology is sound and the implementation is excellent. The method by which the Indian Government is attempting to gain access to this information is stupid. Anyone know anything about how Good's technology works? Are they going to be subject to the same demands?

Re:Also Banning IMAP+SSL?

[AvitarX]

And most providers of mailboxes use imap, pop, and smtp over ssl. For the sake of keeping passwords safe from the spammers.

Re:Same deal USA has

[b0bby]

Thanks. I guess I had read some misleading information, now I have a clearer understanding of how it all goes together. It might have been that RIM has some of the BIS servers in Canada, which some individual users in eg. Saudi Arabia were using; the Saudis seem to want those servers located inside their borders, and I assumed that BES servers would be compromised too.

Re:Same deal USA has

[Minion+of+Eris]

BIS servers are run by the service providers, (Rogers, AT&T, Telus, etc) All RIM really runs is the NOC which handles the switching from the BES to the carrier.

Re:Same deal USA has

[TheGratefulNet]

control over the keys does not matter when you are being COMPELLED to give keys to authorities.

yes, they 'do that' these days. apparently you cannot just say 'I forgot' and get away with not giving the key to your encryption if some guy in a black dress and a hammer in his hand says so.

face it, all states/countries are not ramping up to deny privacy to its citizenry wherever they can! some are more bold than others but all are encroaching on their citizens' rights. they use fake explanations for why they need this power. they use fear as their main ingredient.

using your own layer of encryption is great, in theory. but since the state still thinks it has a 'right' to any/all communication it thinks it needs, your 'layer' may just land you in jail for a while to think about it.

Useless security theater

[losttoy]

First, as an Indian, I am least shocked at what the government is trying to do. This is what bureaucrats in India do best, that is, fleece money from businesses by pulling up arcane/useless laws and regulations. Behind closed doors, RIM must have bribed dozens of bureaucrats in at least half a dozen government departments. My father worked for an Indian company and was in charge of setting up a power generation plant. He said he had to bribe a dozen different ministries just to get the paperwork moving on prospecting for the site. What's the value of Indian law enforcement agencies being able to tap into RIM? Zilch, squat, none, nada, nil, shunya! After all the circus around this issue, what brain-dead criminal will use blackberry to cover up tracks? This will mostly be used by politicians to settle scores, dig up dirt on each other and sell trade secrets of one business to other or harass them. As any Android or iPhone owner will know, just go to Android market place or iTunes store and there are dozens of apps for encrypting text messages and files. Not happy with closed source apps? Use openssl, gpg or half a dozen other opensource tools to encrypt communications such that no law enforcement agency can crack it in a timely manner to help with an investigation. Much less Indian law enforcement agencies that can barely use computers much less have access to super computers to do any cracking. As for Indians, they are mostly pro-government on this issue. Why? Because RIM acceded to similar demands by UAE and Saudi Arabia so now their national pride is hurt when a foreign company complies with laws of tiny Emirates but not their mighty nation. People in India are tired of a non-functional government that does not take foreign corporations to task for even mass murder (read Bhopal Gas leak). So when they see a government department screw a foreign corporation, they cheer like this will somehow help. It WON'T!!!

Re:Also Banning IMAP+SSL?

[Lobachevsky]

What about Google and the Department of Homeland Security? I wonder why they're considered root CAs.

Re:Same deal USA has

[Sloppy]

control over the keys does not matter when you are being COMPELLED to give keys to authorities.

Scenario 1: you don't have control of the keys. Eavesdroppers read your email and you never know.

Scenario 2: you have control of the keys, someone says, "let me read your email or else," and you weigh the "or else" and decide to give in.

You don't see a difference? Control doesn't matter?! Scenario 1 can be used against a whole population, with the people who mention unhealthy things in their emails never knowing why their insurance premiums went up, people who RSVP to parties never knowing why their houses got burgled, people who talk about politics never knowing why their names got accidentally dropped from voter registration databases, etc. Even with gag orders, Scenario 2 can only be used against a few people before word gets out.