Slashdot Mirror

← Back to Stories (view on slashdot.org)

RIM Agrees To Hand Over Its Encryption Keys To India

Posted by samzenpus on from the lets-see-what-you-got-there dept.

An anonymous reader writes "BlackBerry maker Research in Motion's (RIM) four-year standoff with the Indian government over providing encryption keys for its secure corporate emails and popular messenger services is finally set to end. RIM recently demonstrated a solution that can intercept messages and emails exchanged between BlackBerry handsets, and make these encrypted communications available in a readable format to Indian security agencies. An amicable solution over the monitoring issue is important for the Canadian smartphone maker since India is one of the few bright spots for the company that has been battling falling sales in its primary markets of the US and Europe. In India, RIM has tripled its customer base close to 5 million over the last two years,"

10 of 164 comments (clear)

  1. Yes but this won't help by Sir_Sri · · Score: 5, Insightful

    Part of the appeal of RIM was that you knew governments weren't out there stealing secrets sent across your network. I understand that India has a legitimate security need to be able to wiretap communications and so on. But this isn't going to 'help' RIM. This takes away the only major competitive advantage they had, which was that using RIM meant you knew no one in the indian government was going to steal your work and sell it to someone else (which is a serious concern in india).

    If anything, this just levels the playing field. And that's bad for RIM, because they aren't competitive.

    1. Re:Yes but this won't help by Moblaster · · Score: 5, Insightful

      It's pretty clear what happened. They kept the keys secret and held out for a long time on "principle" because that was the best business decision at the time. Then, as the onslaught of iPhone and Android took its toll, the principle changed to survival, because that became the new best business decision.

      It's sad, but at this point, it hardly affects any country but India anyway!

    2. Re:Yes but this won't help by Prune · · Score: 4, Insightful

      They only have the keys to the non-business service. Corporate users deploying Blackberry Enterprise Server create their own key pairs when registering each handset with the company's BES server, and so control the encryption end-to-end. There are no third parties with access to these keys, making this far more secure than SSL, for example. The article is FUD.

      --
      "Politicians and diapers must be changed often, and for the same reason."
    3. Re:Yes but this won't help by gl4ss · · Score: 1, Insightful

      sure that they don't ship a backdoor? that's essentially what they're asking for "This satisfies India's core demand that RIM provide intelligence and security agencies with automatic solutions to monitor all communication on BlackBerry smartphones on a real-time basis, an official aware of the development said."

      it's a pretty crazy requirement for a device that allows programmable code and tcp/ip though.

      --
      world was created 5 seconds before this post as it is.
  2. Moral of the story by characterZer0 · · Score: 4, Insightful

    Moral of the story: If you do not control end-to-end encryption yourself, it is not secure.

    --
    Go green: turn off your refrigerator.
    1. Re:Moral of the story by Opportunist · · Score: 4, Insightful

      In this case you don't even control ANY part of the encryption, not even on your end. Something that is the absolute bare minimum for any kind of security.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. Who does it effect? by jago25_98 · · Score: 1, Insightful

    I think we need to make clearer what exactly the impact of this is.

    Does an Indian businessman who bought a Blackberry in SouthAmerica and is working in Europe be assured on some level of privacy on communications?

    Does an American businessman with a Blackberry bought in the USA visiting India on the way to China need to rethink how company documents are transmitted?

    Not very clear, especially as the BIS keys can't and therefore haven't been handed over.

    So we have a new server in India, but what is being routed through it?

    --
    A blog I run for the wealth
  4. Re: Not BES, and only India by Anonymous Coward · · Score: 3, Insightful

    Are you saying you trust your smart phone to have only real, valid intermediate ssl certificates? Or are you so ignorant to think that governments aren't trying to man-in-the-middle SSL like crazy, especially on mobile networks.

  5. Re:RIM's private keys by LordLimecat · · Score: 4, Insightful

    Once again. For the last time....
    RIM does NOT have the encryption keys used by BES servers. Those keys are held internally by businesses only, and those are then used (along with "random" data) to generate the device keys. Even if RIM somehow had the organization's master key, they wouldnt have access to the "random" data that was used to derive the device key (which is pulled from that "wiggle your mouse around for a while" procedure).

    In other words, BES servers continue as unaffected as before. Call me when India figures out how to large-scale crack AES256 with unknown keys.

  6. Re:Sell now by bill_mcgonigle · · Score: 4, Insightful

    It seems to me VPN or IMAP over SSL has all the advantages of BB without the risk they'll sell you out. And has for some time.

    yeah, I was pointing this out to clients as early as 2004. I had a working IMAPS client on a Treo 650 at the time. They wanted Outlook integration over security (despite always talking about their multi-billion-dollar IP that had to be protected at all costs). Lesson learned: most people don't care about security, they just say they do.
     

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)