RIM Agrees To Hand Over Its Encryption Keys To India

An anonymous reader writes "BlackBerry maker Research in Motion's (RIM) four-year standoff with the Indian government over providing encryption keys for its secure corporate emails and popular messenger services is finally set to end. RIM recently demonstrated a solution that can intercept messages and emails exchanged between BlackBerry handsets, and make these encrypted communications available in a readable format to Indian security agencies. An amicable solution over the monitoring issue is important for the Canadian smartphone maker since India is one of the few bright spots for the company that has been battling falling sales in its primary markets of the US and Europe. In India, RIM has tripled its customer base close to 5 million over the last two years,"

Yes but this won't help

[Sir_Sri]

Part of the appeal of RIM was that you knew governments weren't out there stealing secrets sent across your network. I understand that India has a legitimate security need to be able to wiretap communications and so on. But this isn't going to 'help' RIM. This takes away the only major competitive advantage they had, which was that using RIM meant you knew no one in the indian government was going to steal your work and sell it to someone else (which is a serious concern in india).

If anything, this just levels the playing field. And that's bad for RIM, because they aren't competitive.

Re:Yes but this won't help

[Moblaster]

It's pretty clear what happened. They kept the keys secret and held out for a long time on "principle" because that was the best business decision at the time. Then, as the onslaught of iPhone and Android took its toll, the principle changed to survival, because that became the new best business decision.

It's sad, but at this point, it hardly affects any country but India anyway!

Re:Yes but this won't help

[Sir_Sri]

And in most other countries you aren't worried about the government stealing and reselling most of your secrets anyway. At least not your own government.

Re:Yes but this won't help

[narcc]

As has been pointed out over and over again, This Does Not Affect BES Users.

Everyone else is just as insecure as they always were. If you want security in India, RIM is still your only real choice.

More details here

Re:Yes but this won't help

[thePowerOfGrayskull]

As others have pointed out, this doesn't affect BES - they're as secure as ever in the enterprise.

Thing is, they've always given this level of access to governments (or we reasonably assume this is the case, anyway) for their BIS service The difference is officials in India needed to save face and made a big deal out of this - even though they're getting only what they were told they could get from the start, and certainly no more than any other government.

Re:Yes but this won't help

[DaMattster]

No, there is no legitimate need to wire tap without any kind of warrant. India calls itself the largest democracy and it behaves in an authoritarian manner.

Re:Yes but this won't help

[AK+Marc]

If the people vote for authoritarian, does that make it non-democratic?

Re:Yes but this won't help

[Prune]

The article is misleading. The corporate service using Blackberry Enterprise Server has not been compromised because the encryption keys are controlled by the company deploying BES end-to-end. The company's IT generates the encryption key pairs when adding new handsets to the server. What's discussed only affects specific messaging over the non-business Blackberry service BIS.

Re:Yes but this won't help

[Prune]

They only have the keys to the non-business service. Corporate users deploying Blackberry Enterprise Server create their own key pairs when registering each handset with the company's BES server, and so control the encryption end-to-end. There are no third parties with access to these keys, making this far more secure than SSL, for example. The article is FUD.

Re:Yes but this won't help

[Sir_Sri]

This Does Not Affect BES Users.

No, being within india they are already subject to indian laws, and already have to hand over any enterprise keys they have stored within india if they're 'asked'.

If you're running your BES from outside the country then you might have a temporary reprieve, until the indian government gets wind of that plan.

Re:Yes but this won't help

[Sir_Sri]

Businesses in india will already be subject to indian laws though. RIM isn't subject to indian law, that's why they've been able to squabble over this as long as they have.

Re:Yes but this won't help

[Impy+the+Impiuos+Imp]

It's bad enough we have crap like the secret AT&T room for the NSA which filters all phone calls through it -- the government isn't monitoring opposing party's calls, trust us.

A country like India, which is still largely the desired place for college students to work -- so they can rise up and start demanding kickbacks. (Don't mod me down as a troll -- mod down the multiple Indian computer programmers who told me this was how it is.)

Not the greatest environment to feel secure your secrets aren't being sold off to the highest bidders.

Re:Yes but this won't help

[Sir_Sri]

Sorry to be pedantic

You're not being pedantic, you're living in a fantasy land. This isn't a legal treatise on just what should be the requisite standard for a wiretap, because that depends in large part on the details of the existing legal system. Wiretap rules in france and the US can be completely different but both reasonable. India has both the authority and a legitimate need to be able to wiretap communications in their own country. Suggesting they can't is wearing a tinfoil hat because you think they have satellites spying on you. Which sometimes they do.

Re:Yes but this won't help

[Sir_Sri]

No, there is no legitimate need to wire tap without any kind of warrant

I didn't talk about the requirements. Because 'requiring a warrant' is stupid. It's not stupid in the US legal system, but that doesn't mean that's appropriate for india, or oman, or the emirates or whatever. India has it's own legal system, it's up to them to decide what is or is not a sufficient condition for wiretapping, and that's a separate discussion.

Re:Yes but this won't help

[Sir_Sri]

Well now they don't have to call to waterloo, and argue over just what they need to get the data. Now they can do whatever they want.

Also, BES for indian companies is a separate issue, because companies already have to turn those keys over to the government because they're subject to indian law.

Re:Yes but this won't help

[narcc]

RIM doesn't have the keys to hand over. Again, see the link I sent. If you're referring to a company running BES in India being forced to give the gov't access to their communications, that's completely different and has absolutely nothing to do with RIM.

Still, the point stands. RIM is the only secure option -- the playing field has not be leveled.

Re:Yes but this won't help

[Sir_Sri]

RIM doesn't have the keys to hand over

Right, the company hosting the BES does. And has for a couple of years. For the moment if your BES is based outside of india you're 'safe', until the government figures out how to deal with that.

the playing field has not be leveled

It has. The situation is now no different from you running your own communications app on whatever platform(s) you want. If you're in india they can compel you to hand it over, if you base your servers outside india they can't do anything much to you, and you can't rely on RIM to provide you any inherent security.

Re:Yes but this won't help

[Sir_Sri]

which is still largely the desired place for college students to work

Relatively few graduates from outside of india want to go to india. When you're in india already then yes, governments jobs mean you can never show up and still get paid something, or you can use your position to try and enrich yourself with bribes.

Re:Yes but this won't help

[gl4ss]

sure that they don't ship a backdoor? that's essentially what they're asking for "This satisfies India's core demand that RIM provide intelligence and security agencies with automatic solutions to monitor all communication on BlackBerry smartphones on a real-time basis, an official aware of the development said."

it's a pretty crazy requirement for a device that allows programmable code and tcp/ip though.

Re:Yes but this won't help

[narcc]

I don't follow your reasoning? RIM still offers the only secure option, yet somehow they're just as insecure as the rest and thus a level playing field?

Moreover, how does RIM giving in to the Indian gov't on BIS snooping change anything at all about BES before and after they gave it?

Sorry, I just don't see how the playing field has been leveled in any way -- RIM is still way ahead in terms of security. They've been delt a blow, sure, but they've not been knocked down so far as to be on the same level as the rest of the players!

Re:Yes but this won't help

[fuzzyfuzzyfungus]

Part of the appeal of RIM was that you knew governments weren't out there stealing secrets sent across your network. I understand that India has a legitimate security need to be able to wiretap communications and so on. But this isn't going to 'help' RIM. This takes away the only major competitive advantage they had, which was that using RIM meant you knew no one in the indian government was going to steal your work and sell it to someone else (which is a serious concern in india).

If anything, this just levels the playing field. And that's bad for RIM, because they aren't competitive.

I suspect that it will help them more than being kicked out of the country, though it certainly won't improve their product in any absolute sense...

Re:Yes but this won't help

[somersault]

Why is RIM's option any more secure than using Exchange Activesync over HTTPS? I don't get the big deal when it comes to supposed BB security.

Re:Yes but this won't help

[Hatta]

RIM is the only secure option -- the playing field has not be leveled.

In what way is RIM more secure than anything that implements OTR? e.g. Gibberbot on Android

Re:Yes but this won't help

[Sir_Sri]

RIM still offers the only secure option

No, it doesn't. That's the entirety of my reasoning. A BES isn't any more secure than any other product can be. And now you can no longer rely on RIM bouncing data through waterloo to keep it secure.

A BES, or ANY communications server hosted in india: has to turn over keys or just the data to the government if asked.
A BES or any communications not hosted in india: Can make a legal fight out of it, might not have to turn data over.
Any communications via RIM are insecure from within india.

Re:Yes but this won't help

[Sir_Sri]

so it's up to them to decide whether it's okay for police to spray bullets around for fun? No

yes actually. It is.

International treaties (which are laws that everyone agrees to follow) would preclude randomly murdering your own population generally, but a country is under no obligation to sign on to those treaties.

Re:Yes but this won't help

[narcc]

You're really stretching here. Sorry, but when it takes manpower and possibly complex legal action (to say nothing the expense!) for the Indian gov't to read my messages while it takes virtually no effort for the Indian gov't to read messages on other platforms, my platform is more secure.

It's like saying Fort Knox is just as insecure as my tool-shed because a highly-trained team of tactical and explosive experts explosives could get in if they really tried.

Nothing like giving in...

[theNAM666]

... to a democratically elected government...

Re:Nothing like giving in...

[Sir_Sri]

The government in india is democratic, but that doesn't make it any less corrupt to the bone. I wouldn't trust anyone in the indian government with my business secrets. Including my own relatives (who are in the civil service).

India is fully entitled to demand wiretap access. Democratic or not. But the whole reason to choose RIM over a competitor in india was precisely because the government couldn't get into the system, because you can't trust people in government to not just steal your secrets and sell them.

Re:Nothing like giving in...

[MightyMartian]

To a very corrupt democratically elected government. The keys will be in the hands of Russian mobsters in a few days.

Re:Nothing like giving in...

[Opportunist]

Democratically elected doesn't mean jack anymore, if it ever did. Do you know any democratic government that's not for sale to the highest bidder?

Re:Nothing like giving in...

[theNAM666]

Evidently I should have enclosed the above in tags.

Re:Nothing like giving in...

[theNAM666]

*sarcasm* tags. (original filtered out by /. darn editing software)

Re:Nothing like giving in...

[theNAM666]

/me evidently thought that *sarcasm* tags were not necessary for this audience. Don't know why...

Re:Nothing like giving in...

[Desler]

Then you did it wrong. <sarcasm></sarcasm>

Re:Nothing like giving in...

India's corruption puts any Western government to shame. Want to get anything done? You WILL pay a bribe, and a good one at that, down to the "untouchable" cleaning out poop out of the sewer.

The caste system still stays there, same with the attitude of helping people is considered bad juju since it interferes with their divine punishment.

Also remember: India isn't a friend to the West. During the Cold War, they were doing their best to cozy up to the Russians, and were willing to do almost anything for them.

India demanding keys from RIM is no surprise. I'm sure that any US or European messages in that region will wind up in the hands of them, or their Chinese buds.

Makes you want to trust the broken CA system in SSL/TLS. At least you can possibly dump all other CAs and use your own root certs with have your own trust, as opposed to RIM's "trust us, or buy a new device". Oh... run a BES backend... sure. Like anyone bothers with that.

Re:Nothing like giving in...

[Cosgrach]

Most of the people here on /. would no know sarcasm if it were to bite them on the ass.

Re:Nothing like giving in...

[AK+Marc]

Sarchasm. The gap between you and the joke.

Sargasm. When your joke makes you laugh a little too hard.

Re:Nothing like giving in...

[theNAM666]

Perhaps we could arrange for them to be electrically shocked while it bit them on the arse, and simultaneously, offer the smell of raw steak.

Re:Nothing like giving in...

[0ld_d0g]

India's corruption puts any Western government to shame. Want to get anything done? You WILL pay a bribe, and a good one at that, down to the "untouchable" cleaning out poop out of the sewer.

If you belong to the banker "caste" in the United States.. the laws apply differently to you. You can steal from the people, defraud them, gamble their pensions on the stock market, and then get bailed out by the Government .. and never ever have to face any kind of criminal investigation.

If you belong to the executive branch "caste" you can do anything you want, including assassinate your own citizens abroad via drone strikes. You can lie your way into invading and killing civilians in other countries and much much more.

I think I prefer paying a small bribe to some poor dude so that he can feed his family.

The caste system still stays there, same with the attitude of helping people is considered bad juju since it interferes with their divine punishment.

Um.. what?

Also remember: India isn't a friend to the West. During the Cold War, they were doing their best to cozy up to the Russians, and were willing to do almost anything for them.

Why should India befriend the Western powers that colonized and oppressed them? Makes no sense...

India demanding keys from RIM is no surprise. I'm sure that any US or European messages in that region will wind up in the hands of them, or their Chinese buds.

Uh.. yeah.. because without RIM.. there is absolutely no means of sending a secure message to anyone. None-whatsoever ! Oh no ! What are we going to do now !

Re:Nothing like giving in...

[0ld_d0g]

I am no expert in the internal politics of India but I don't think bribes have anything to do with the current low status of the country on certain indicators. I think a lot of harm was done by colonization and its just been what .. 40-50 years since they become a country. I'd wait and see what happens in about 100odd years when there has been a change of a few generations in the population.

Also, I am not defending the bribe system, I am defending the degrees of outrage when comparing bribes with your elected officials committing criminal acts in your name, sabotaging governments in the middle-east and the like.

 

Actually not quite?

According to this article in The Register: http://tinyurl.com/d2zllzk - they don't have the keys to hand over

Re:RIM's private keys

[radiumsoup]

give it a few days and someone will do it for them.

Not quite the full story...

[Shabbs]

Please, the BES keys have not been handed over... because they can't be...

http://crackberry.com/rim-encryption-keys

BIS != BES.

Re:Not quite the full story...

[sphealey]

"I did not steal the stocks or the bonds"

_Tales of the Black Widowers_, Isaac Asimov

Re:Not quite the full story...

[whoever57]

Please, the BES keys have not been handed over... because they can't be...

I don't know how BBs work, so this is pure speculation, but when connecting to a BES server, does the device require a specific key that is tied to that server, or merely any valid key? If the latter, then a man-in-the middle system could allow connections to BES servers to be spied upon.

Re:Not quite the full story...

[Shabbs]

It needs a specific key. A BES connection is secured by a key-pair that is generated when the BlackBerry is added to the BES. This allows for the 3DES encryption to occur for all communications over the BES connection.

The situation you're talking about applies to BIS where any handset can decrypt the encrypted messages.

This mis-understanding of the differences between BIS and BES lead to a lot of FUD unfortunately.

And you know Apple is keeping an eye on this... cuz India will be coming after them too for access to their iMessage comms, if they have not already done so.

Re:Not quite the full story...

[LordLimecat]

Note that BES servers by default use 3DES and (i think?) MD5, but can with the click of a button be transitioned to AES / SHA.

Re:Not quite the full story...

[Prune]

BES has been using AES by default for many years, and will only use 3DES for decade-old handsets that don't support AES.

Re:Not quite the full story...

[Prune]

I don't get it. Care to clarify?

Re:Not quite the full story...

[sphealey]

I wouldn't want to spoil the story for you, but the point is that one must read announcements of this type very carefully as there is generally far more hidden in them that appears on the surface. So your assurances are not entirely... reassuring.

sPh

Re:Not quite the full story...

[Shabbs]

Yeah, my bad. An old throw back reference to the good old days. ;)

Re:Not quite the full story...

[LordLimecat]

My statement was based on (I think) the days of 4.x-- It is possible you are correct with regard to 5.0.

Moral of the story

[characterZer0]

Moral of the story: If you do not control end-to-end encryption yourself, it is not secure.

Re:Moral of the story

[Opportunist]

In this case you don't even control ANY part of the encryption, not even on your end. Something that is the absolute bare minimum for any kind of security.

Re:Moral of the story

[Lehk228]

if you want to control end to end get a BES

Re:Moral of the story

[JoeMerchant]

Moral of the story: If you do not control end-to-end encryption yourself, it is not secure.

This ^ period.

Re:Moral of the story

[psiclops]

This ^.

I'm glad i'm not the only one that gets annoyed by that.

Re:Moral of the story

[Prune]

Except there's no story here, as BES, the service that corporate Blackberry deployments use, _is_ end to end--the encryption key pairs are generated by the company that deploys a BES installation, and neither RIM nor anyone else has access to them, unlike SSL certificates etc. The article is about the consumer BIS service and doesn't affect enterprise.

Re:Moral of the story

[v1]

as BES, the service that corporate Blackberry deployments use, _is_ end to end--the encryption key pairs are generated by the company that deploys a BES installation, and neither RIM nor anyone else has access to them, unlike SSL certificates etc.

Everyone in this thread seems to assume that all SSL keys are generated and provided by public CAs, who then could leak your private key. You can roll your own anytime you want. Then just tell the users and your servers to trust your public key. Works the same way for IMAP as it does for HTTPS.

Did any of you yahoos bother to read the article?

"RIM recently demonstrated a solution developed by a firm called Verint that can intercept messages and emails exchanged between BlackBerry handsets, and make these encrypted communications available in a readable format to Indian security agencies..."

Re: Not BES, and only India

[gnoshi]

And it is probably also worth pointing out that this means that RIM's BIS service provides better content protection than SMS/MMS, unencrypted email (which is virtually all e-mail, and indeed all Android phones using the inbuilt GMail app), and almost any IM out there. I've also missed other equally unprotected means of communication.

Why? Because at least BIS is encrypted in transit to and from RIM. (To be fair, services like MSN Messenger in which all messages go through a central server could be considered more secure than BIS communications, as long as both clients are connecting to the server via SSL).
Hell, even BB PIN-to-PIN messaging is more secure than many or most of the aforementioned modes of communication.Yes, the key used for encryption is present on each and every handset - but random MITM sniffer can't get the content without at least having to decrypt it.

Sure, an Android user could get TextSecure for encrypted SMS, but does anyone actually know anyone who USES this tool?

It's OK...

[tlambert]

Half the country has been unable to recharge their Blackberries for two days in a row anyway.

Re:Sell now

[ceoyoyo]

It seems to me VPN or IMAP over SSL has all the advantages of BB without the risk they'll sell you out. And has for some time.

But this is India we are talking about

[Taco+Cowboy]

Encryption is crackable

 
True, encryption _CAN_ be cracked, by hook or by crook
 
If it's USA, with its seemingly unlimited resources (NSA and the like always get a blank check from the congress for whatever black programs they initiate), I would agree with you.
 
But you almost forgot one thing, this is INDIA we are talking about - a nation which nearly 30% of its population still living below one dollar a day level
 

Re:But this is India we are talking about

[JoeMerchant]

Encryption is crackable

True, encryption _CAN_ be cracked, by hook or by crook

Are you talking about this form of cracking? Because, with a sufficiently long secret key, it is proven impossible to break.

I like using long period PRNGs to make an effective one-time pad. How you initialize the PRNG is your key.

Re:But this is India we are talking about

[compro01]

In other words, you use a stream cipher.

Re:But this is India we are talking about

[JoeMerchant]

Yes, and brute forcing the stream cipher key can take a very long time.

2^19937 is a big number.

Re:But this is India we are talking about

[ComaVN]

You just told all of us your method, and we didn't even need to use a wrench.

One time pads are only unbreakable when they're generated with a true random source. What you described is a stream cipher, and as long as you know the key to initialize the keystream, it can be forced from you.

Of course, if you do have a true one-time pad, the location of your copy of it can be extracted just as easily. I'd say the only way to protect against that is to make sure no-one knows you use crypto at all.

Re:But this is India we are talking about

[hxnwix]

By telling us his method, he lost the advantage of his method vs just using AES. IE, if we don't know how he generates the stream against which his data is XORed, that stream might as well be a one time pad. But now that he told us, the problem is reduced to brute forcing the initial stream generator parameters.

Re:But this is India we are talking about

[ComaVN]

That was not my point at all.

JoeMerchant was implying his crypto method was perfectly safe against cryptanalysis because it's a one-time pad. However, in the same post he tells us he's not using a one-time pad at all, but a stream cipher.

Re:But this is India we are talking about

[hlavac]

You are naive. It only takes a few bytes of known plaintext to get your key.

Re:But this is India we are talking about

[kbolino]

No encryption scheme is "proven impossible to break" because no (usable) encryption scheme is unbreakable (if you consider a random stream to be encryption, then in that case it would be unbreakable, but it would be useless). The one-time pad is only proven to be perfectly secure from an information theoretic perspective, which simply means that the only way to break it is through brute force. However, brute force still remains a viable option: if you can guess the key, you can decrypt the information. For that reason, when OTP is used in practice, the data is often obfuscated (by being padded, compressed, or even encrypted with another, less-secure cipher) before being encrypted.

To be fair, it looks like Wikipedia has this wrong, too.

Re:But this is India we are talking about

[void+warranty()]

Well, he admitted to using mersenne twister for generating the keys. Mersenne twister is not designed for cryptography so it's quite possible it's relatively easy to crack. From wikipedia: "Observing a sufficient number of iterates (624 in the case of MT19937, since this figure is the size of the state vector from which future iterates are produced) allows one to predict all future iterates."

Re:But this is India we are talking about

[VortexCortex]

Yes, and brute forcing the stream cipher key can take a very long time.

2^19937 is a big number.

I do hope you're not just XORing the p.random stream with the data. At least initialize a 256 byte cipher table via key expansion, and transform the enciphered bytes with it as well. Additionally use cipher block chaining such that the next block depends on knowing all previous blocks, and you don't reveal the 8bit block cipher mappings.

PRNGs were not meant to be used for crypto, and unless you're using a robust crypto framework in addition to the randomness generator, then your "2^19337" is just an illusion -- Bruteforcing isn't the only way to reveal the cipher internals. The bit strength is not the period of the generator, it's the total bits of internal state. Making such a flawed assumption is a novice mistake. I wish you well on your journey to becoming a cryptographer, but for now you should really just use the established algorithms.

Due to the nature of psuedo random number generators, a known plain text attack can tell us everything we need to know about the next iteration of your cipher.

Re:But this is India we are talking about

[Golddess]

Someone doesn't understand encryption. If you have a decent crypto system then you can tell the world how it works and it doesn't make a bit of difference, because you aren't getting the data without a key.

Unless I misunderstand, JoeMerchant wasn't describing how the crypto worked, he was describing his personal method of coming up with a key.

Re:But this is India we are talking about

[CimmerianX]

Give the US time..... Removal of all unions and government protections for workers in the name of "job-creating-free-enterprise", and we can also achieve that #0% number as well.

Re:But this is India we are talking about

[JoeMerchant]

Due to the nature of psuedo random number generators, a known plain text attack can tell us everything we need to know about the next iteration of your cipher.

Yes, of course, if the same key is reused (many times over LARGE messages). Also, encrypting a long stream of nulls is a great way to help a cryptanalyst break a stream cipher. There is a long list of ways to misuse stream, block, and all manner of cipher schemes. I am not alone in use of PRNGs for stream ciphers.

I do believe that CryptMT faces a certain amount of negative pressure for real-world use because it is virtually impossible to brute force, if you use long keys. Most of the popular cipher schemes seem to dance just outside the realm of practical breaking - AES128 demonstrated broken by a large cooperative, well AES256 must be good enough?

Re:But this is India we are talking about

[JoeMerchant]

Read up on CryptMT (which is copyright, so I use a non-IP protected variant with similar security properties.) Write me back when you have brute force tried 2^19936 keys on a trivial stream, then try that on a stream that starts at a key-selected point in a large image file, lots of data to load into memory just to "try" each key, increases cost of breaking considerably.

Since I am a US citizen and marketing a Crypto product for export, I have agreed to reveal the algorithms to the Department of Commerce upon their request (they haven't requested, yet). Before you get all indignant about the invasions of personal freedoms by the US government, etc. etc., consider what other nations of the world do.

Not revealing the algorithm makes cryptanalysis harder, but the central assumption is that, whether by reverse engineering of the code, coersion, or other methods, the algorithm will someday be revealed. Even when that is true, you still need the key. For personal private communications, I think a relatively weak 56 bit key is appropriate (would take your little sister, using tools downloaded from script kiddies, several weeks using Daddy's 2012 engineering class PC 24-7 to break one message). If the contents of the message are of high value, you can always use the "breakable" outer layer to conceal a message encrypted with stronger methods. If you have a lot of communications encrypted with "breakable" crypto, it makes it harder to find that one "breakable" message that contains a hard (or impossible) to break core.

Mostly, I just don't want my ordinary private communications (things I would normally not say over a megaphone in a packed stadium), indexed, archived and searchable for less than a penny per thousand words. Strictly speaking, I don't have anything "to hide", but I think it is indiscrete to use clear text on GMail if you don't want to see your words on MSNBC in a few days.

Re:But this is India we are talking about

[JoeMerchant]

If you're really interested, try reading a few pages here the summaries are short and easy to understand.

Re:But this is India we are talking about

[Meski]

Which in terms of cost, makes it more affordable. Hell, the NSA have probably outsourced this to India already.

Who does it effect?

[jago25_98]

I think we need to make clearer what exactly the impact of this is.

Does an Indian businessman who bought a Blackberry in SouthAmerica and is working in Europe be assured on some level of privacy on communications?

Does an American businessman with a Blackberry bought in the USA visiting India on the way to China need to rethink how company documents are transmitted?

Not very clear, especially as the BIS keys can't and therefore haven't been handed over.

So we have a new server in India, but what is being routed through it?

Re:Who does it effect?

[epiphani]

My god these posts are annoying.

Does an Indian businessman who bought a Blackberry...

Does an American businessman with a Blackberry...

Do they have a BES? If they have a BES, nothing to worry about. Next question?

Re:Who does it effect?

My god these posts are annoying.

No kidding. It's "Whom does it affect?". Sheesh...

Re:Who does it effect?

[somersault]

Email account details are stored on your phone, not the SIM. Switching SIM would be the equivalent of say switching from one public Wi-Fi connection to another. What you said in your second paragraph doesn't make much sense.

Saving Face

from the fine article:

"But he said there was no access to secure encrypted BlackBerry enterprise communications or corporate emails as these were accessible only to the owners of these services."

The reality is BES uses keys assigned by the owner of the BES server, RIM HAS NOT and CAN NOT give those to anyone, because they dont know them. This has been RIM's position from the begining, and still is. What they HAVE done is give access to the messaging services they run (and therefor have keys to) to the Indian authorities. My understanding is that this was always the case. The article really does not make the distinction between the two clear.

TLDNR: RIM gave what they always give anyone, some minister is useing it to try and save face. Poor reporting means it worked.

Re:Saving Face

[Prune]

Indeed. And even for messaging, if you're using BES, then you can use your own keys for PIN-to-PIN messaging and then it's fully secure. This article is mostly FUD.

Re: Not BES, and only India

[Mr.+X]

Are you saying that email sent via the Android GMail app isn't encrypted between the device and Google's servers? I can't believe that would be the case, since they made a big deal about forcing people onto SSL for web access to GMail quite a while ago.

Re: Not BES, and only India

Are you saying you trust your smart phone to have only real, valid intermediate ssl certificates? Or are you so ignorant to think that governments aren't trying to man-in-the-middle SSL like crazy, especially on mobile networks.

Re: Not BES, and only India

They don't need MITM; they have the CA private keys.

Re:Sell now

[JoeMerchant]

I have noticed that news-reaction stock market swings are more responsive to the general public's perception of a news item than they are to the opinions of technical people who may, or may not, have a better grasp of the future business implications of a piece of news.

In other words, betting opposite of the sentiment you read on /. is likely to bring you better than average returns.

Re:Sell now

[LordLimecat]

I hope you arent in a position where you advise anyone on IT.

Active Sync's security is in LARGE part dependent on the security of SSL. For a HUGE number of organizations, those SSL keys are self-signed, which provides about the same security of WEP. All that is needed to break in is to somehow get the device to reach out to your server, and then have your server present a similar self-signed cert. Even if you are using a "proper" cert, you can be "easily" bugged by a government, since a large number of governments are considered trusted root authorities (including China); this means they can generate their own certificate, claim to be your Exchange CAS, and your device will happily talk back and forth with it. Presumably at that point your device would authenticate to that rogue server; Im not clear in what form the credentials would be sent, but we're already into "danger" territory.

On the flip side, with a proper BES (which is NOT what is being discussed in TFA), SSL simply isnt in the loop. All communications are relayed through RIM, but the encryption keys (up to AES-256) are held completely internally. I believe (though I could be wrong) that each device has its own key which is derived from the master key, so under the absolute worst conditions someone could sieze a blackberry and -- shockingly-- have access to that user's email. But of course, they'd have to get around the in-memory encryption and flash encryption that a security-sensitive organization would obviously have enforced on their blackberries.

At the end of the day, if absolute security is a necessity, you probably dont want your employees running around with smartphones, but if you do, youre using Blackberry / BES because there STILL isnt a good competitor in that range. Plus, if we're completely honest, most androids are touchscreen, and touchscreen devices simply arent as good at fulfilling the role of business communication device. They have other perks, but from personal experience I can say that they are a massive letdown when it comes to email and phone.

Re:Sell now

[LordLimecat]

PS, if you think IMAP is a serious competitor to what a BES does, you are even more in the dark than I originally thought.

Re:RIM's private keys

[LordLimecat]

Once again. For the last time....
RIM does NOT have the encryption keys used by BES servers. Those keys are held internally by businesses only, and those are then used (along with "random" data) to generate the device keys. Even if RIM somehow had the organization's master key, they wouldnt have access to the "random" data that was used to derive the device key (which is pulled from that "wiggle your mouse around for a while" procedure).

In other words, BES servers continue as unaffected as before. Call me when India figures out how to large-scale crack AES256 with unknown keys.

Misleading title

[gagol]

Should read "India claims RIM gave encryption keys, RIM strongly denies". http://www.theregister.co.uk/2012/08/02/rim_keys_india/

Re: Not BES, and only India

[Stewie241]

Sure, BES has that advantage. GP was responding to "unencrypted email (which is virtually all e-mail, and indeed all Android phones using the inbuilt GMail app), and almost any IM out there. I've also missed other equally unprotected means of communication. Why? Because at least BIS is encrypted in transit to and from RIM"

i.e. he was refuting the statement that Android phones send email unencrypted. This isn't true. Email is encrypted on the route to Google's servers. What happens from there is dependent on the eventual destination. This is the same standard that BIS meets, right?

Already Debunked by RIM

[_DangerousDwarf]

From the Globe and Mail

"Although not all of a BlackBerry's messaging functions are encrypted, RIM has long maintained that it is unable to grant anyone access to its corporate e-mail service, which is encrypted from end-to-end. RIM responded in a statement late on Wednesday, saying it was necessary "to correct some false and misleading" information" that had appeared in the Indian media."

"RIM is providing an appropriate lawful access solution that enables India's telecom operators to be legally compliant with respect to their BlackBerry consumer traffic, to the same degree as other smartphone providers in India, but this does not extend to secure BlackBerry enterprise communications," the company added."

Re:Sell now

[bill_mcgonigle]

It seems to me VPN or IMAP over SSL has all the advantages of BB without the risk they'll sell you out. And has for some time.

yeah, I was pointing this out to clients as early as 2004. I had a working IMAPS client on a Treo 650 at the time. They wanted Outlook integration over security (despite always talking about their multi-billion-dollar IP that had to be protected at all costs). Lesson learned: most people don't care about security, they just say they do.
 

Re:Sell now

[isopropanol]

Setting up a private CA and removing default CAs != self-signed cert. SSL can be set up securely.

Re: Not BES, and only India

[Fjandr]

Won't matter once CALEA is amended to include non-voice public networks. It'll happen eventually.

This isn't to say I support the extension; I think those proposing it should be shot. That doesn't change the reality that it will eventually be enacted, whether it requires sneaking it into a broad authorization bill or actually getting the support to pass it on its own.

And *pof*

[Z00L00K]

There goes the customers to some other solution that can't be eavesdropped.

Re:Sell now

Lesson learned: most people don't care about security, they just say they do.

Just like when a woman says she wants a "nice guy", then dates ten douches in a row that abuse the fuck out of her, all the while her bitching about the douches to a nice guy who she coincidentally isn't at all interested in.

Moral of the story: Corporations are full of the crazy!

(Apologies in advance to my opposite gender. Just got a call while reading this article from just such a person whom (I thought) I got over a decade ago... Clearly I was mistaken) :/

Re: Not BES, and only India

[gnoshi]

Are you saying that email sent via the Android GMail app isn't encrypted between the device and Google's servers?

No, I'm not saying that GMail for Android (or via a browser, or iPhone) doesn't use SSL. However, GMail is an e-mail service using a client (on Android) which doesn't have support for encryption apart from SSL to the server. Sure, if I'm sending GMail to GMail that's fine - it falls into the same boat as MSN Messenger. If I'm sending to a non-GMail recipient, then that goes out the window.

There are other apps which can use GMail, and do provide encryption functionality, but as with TextSecure - how common is their use (with encryption)?

Re:What BS!!!

[Sir_Sri]

I wouldn't even trust my uncles and cousins who work in pharmaceuticals oversight. In india.

And yes, china is far worse because the theft is state sponsored. India it's not state sponsored, it's more at the level of corporate espionage, and there's bugger all you can do about it.

Re:Sell now

[LordLimecat]

Which is why its a good thing that BES doesnt use SSL certs.

Landgrab

[Kirth]

I understand that India has a legitimate security need to be able to wiretap communications and so on..

Nope. This is a landgrab. Law enforcement is constantly talking about "going dark", where in fact, the light they have is much brighter than they've ever had before -- technology only made it possible to snoop on everything, and now they want the laws for actually doing so, and to lever out any countermeasures the user may take.

In the 80ies, wiretapping actually meant either a) placing a wiretap in the users phone or b) going physically to the phone switch where the user was connected to, and placing the tap there. Both only done with a judical warrant, and for very specific cases. Wiretapping was _complicated_.

Now, wholesale wiretapping is easy; so easy that a lot of people and companies take countermeasures. And now law enforcement wants "to have back" capabilities it never had?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re: Not BES, and only India

[CimmerianX]

Use GPG, no one has the private keys except for me and the remote party.

GPG with K-9 on my android works just fine.

Re:RIM's private keys

[LordLimecat]

What you are describing is BIS. With B_E_S-- Blackberry Enterprise Server-- you run the server that is ultimately the endpoint for the blackberries. When you install the software, it creates its master encryption key; when you tie new devices into it, it uses that key to derive a per-device encryption key.

All data is sent thru RIM, yes-- but only after it has been encrypted by YOUR server with a key that RIM never gets a hold of. There isnt any question of RIM's goodwill here, but of their inability to crack 3DES or AES (depending on your settings), and their lack of knowledge of your keys. All RIM is doing is providing the transport, as you said-- they are not involved in the encryption process at all.

If you are asserting that you think that key gets leaked, be prepared to give some proof.