BlackBerry Helps Indian Gov't Spy On Users' Messages

hypnosec writes "The longstanding stalemate between the Government of India and BlackBerry (formerly RIM) is over after the government reportedly accepted the solution provided by BlackBerry regarding lawful interception of messages sent using BBM and internet emails sent using BlackBerry Internet Services (BIS). As a result of this, the government will now be able to monitor e-mails in real-time sent using BlackBerry services and messages on BlackBerry Messenger. According to Economic Times, which claims to have reviewed a copy of the internal Department of Telecom document, 'Baring a few minor points for improvement of viewers, the lawful interception system for BlackBerry Services is ready for use.' The initial demands of the government also included the ability to intercept and monitor emails and messages sent using BlackBerry Enterprise Server, but it seems that this demand have been shelved for now."

Human Rights

[Valentinial]

Probably every constitution in the world should be amended to guarantee people the right to private, secure communication. This is probably more important than the right to bear arms when defending people's rights against rogue governments.

Re:Human Rights

[interval1066]

in the us, encryption **IS** a weapon... this is why we have export laws on RSA...

We did, they were rescinded in 2000 becuase they were stupid. The Fed. was hamstringing our own companies whereas everyone else could export what technology they wanted. Oh, and its a weapon in the US, becuase we have a paranoid Government. Do you eat up everything the Gov. tells you?

Re:Human Rights

[vikingpower]

Amen. If the pen is mightier than the sword, then a stream of bytes should be sharper than a Ronin's sword. BTW & FYI : "rogue" includes "US", "British", "French" e tutti quanti altri, not only "Iranian", "Syrian" and "Kazakh".

Re:Human Rights

[jodido]

And they'll find a "legal" reason why that right has to be violated under certain circumstances. No law can protect you against what the ruling class wants to do to you.

Re:Human Rights

[Lennie]

They want to bring it back and I'm fairly certain they are going to try it too.

Pile on USA

[dickplaus]

Damnit, India now too? Now we can't just pile on the USA, Bush, Obama, Rush Limbaugh, Fox News, Eric Holder and the likes.

Re:Pile on USA

[nhat11]

Now? It's always been like that and in many parts of the world.

sales sales sales

[geoskd]

Now Blackberry will have abysmal sales numbers in India instead of non-existent. I cant help but wonder how this will affect their sales in the rest of the world. I suppose it cant do a lot of damage though, Its not like they are the hottest selling phones...

Re:sales sales sales

[rwise2112]

Now Blackberry will have abysmal sales numbers in India instead of non-existent.

Actually, when I was there last year they seemed quite popular.

Article 8, European Convention on Human Rights

[auric_dude]

May well cover this point https://en.wikipedia.org/wiki/Article_8_of_the_European_Convention_on_Human_Rights & https://en.wikipedia.org/wiki/European_Convention_on_Human_Rights#Article_8_-_privacy but YMMV.

Re:Article 8, European Convention on Human Rights

[Anachragnome]

[responding to a post near top of thread to prevent the use of "forum sliding" tactics--refer to article in my signature if you are unaware of the tactic]

While the mainstream US media largely ignores NSA/US spying, other news has to take the place of those stories--something bigger and "better", so to speak.

Let's start with the train wreck in Lac Megantic--not a single story in mainstream media regarding SCADA systems used on most trains these days. Why not?

http://www.getransportation.com/rail/rail-products/locomotives/on-board-systems/train-controlscada.html

The owner of the rail company involved spews disinformation to distract from a valid concern--that trains can be remotely operated (including brakes!) by a system easily hacked. Who might have such a motivation?

Let's move on to the Asiana crash at SFO.

The following from the Economist has some interesting information about the controls of airliners. The most relevant information is discussed in the last section of the article.

http://www.economist.com/node/787987

I shouldn't have to remind everyone that Boeing is inextricably involved with government operations--they build the best military aircraft out there, including drones. In both incidents, the operators of these vehicles were blamed before any reasonable amount of investigation could possibly have been completed. Why is that?

And, just to keep the sheep happy, why the hell is Zimmerman being tried by a jury of only six of his "peers"? Every state-level criminal court I've heard of had thirteen, plus alternates.

US media fully involved as well...

[Anachragnome]

Take a look at the Guardian (US version);

http://www.guardiannews.com/

Then take a look at RT News:

http://rt.com/

Then take a look at CNN:

http://www.cnn.com/

Or even the New York Times:

http://www.nytimes.com/

Notice a pattern? Apparently, the Zimmerman trial is all we Americans care about. The media is as complicit as Microsoft, et al. I start with the foreign news outlets, then head to CNN and other mainstream US media for comparison--what is missing from mainstream US media is the real news.

I fully expect "Cold Fjord" to be spewing his disinformation--with earnest--after the latest Prism revelations. If Microsoft is fucked, so is the NSA.

Re:US media fully involved as well...

Your point being that we (the US) is already just like Communist China:
http://www.nybooks.com/blogs/nyrblog/2013/jul/10/censoring-news-before-happens-china/

Re:US media fully involved as well...

[TheGratefulNet]

mainstream US 'news' is pure entertainment and a grab for ratings.

it stopped being about news something like 10 or 15 years ago.

I gave up on US 'news'. I don't spend even a minute watching tv news or reading US newspapers (online or otherwise).

sad to see the news industry give up, but they have. they have given up trying and now just want to top each other on ratings.

Re:US media fully involved as well...

[cold+fjord]

I fully expect "Cold Fjord" to be spewing his disinformation--with earnest--after the latest Prism revelations. If Microsoft is fucked, so is the NSA.

What a pity. I was hoping that you had put aside the crackpot theories involving me and other people that have different views from you. Since you continue down this path, it looks like I'll need to see what other nonsense you've posted. You kind of have a Senator Joseph McCarthy vibe going: "I hold in my hand a list of NSA plants on Slashdot!" I think it is time to ask the question raised by Army counsel Joseph Welch to Senator Joseph McCarthy:

            " Have you no sense of decency, sir? At long last, have you left no sense of decency?

Somehow I doubt it. There probably isn't room in the crankcase.

In this post I have previous replied to the crackpot conspiracy theories that Anachragnome has regarding me and other people on Slashdot being NSA plants because we have a viewpoint he disagrees with.

He also apparently believes the Slashdot staff to be NSA puppets as well.

You should brace yourself - if you disagree with him, he may start accusing you of being an NSA plant as well, calling you a "shill" and "forum breaker." He tries to manipulate people with fear. Read the posts I linked above.

If this continues I may need do some follow up posts.

Notice a pattern? Apparently, the Zimmerman trial is all we Americans care about. The media is as complicit as Microsoft, et al. I start with the foreign news outlets, then head to CNN and other mainstream US media for comparison--what is missing from mainstream US media is the real news.

As I check those four media outlets an 8:38 AM GMT, on July7, 2013, they all have Snowden / NSA related stories on the front page, as well as various other stories.

I assume you expect that people won't check your links?

Sensationalize much?

[ArhcAngel]

India currently does this on all mobile carriers. RIM/BlackBerry is a mobile carrier as well as a device manufacturer. RIM was the only carrier that resisted (that I am aware of) the monitoring of their network (BlackBerry Internet Services or BIS). The Indian government threatened to suspend their network altogether if they didn't capitulate. RIM agreed to discuss the matter further and have been in negotiations for the last 2 years. Since BB 10 doesn't even use BIS I suspect BlackBerry is just giving India what is is asking for. This does not in any way effect enterprise deployments using a BlackBerry Enterprise Server (BES) as the encryption keys are generated at the server and kept only by the enterprise.

Nothing to see here...move along.

Re:Sensationalize much?

[sl4shd0rk]

Nothing to see here...move along.

On the contrary. No matter how hard RIM tried to "do good" in the end they "did bad" and as far as I'm concerned if they did it for India, they'll do it for anyone other high bidder for that matter. Just shows they are as douchey a corporation as Verizon, AT&T and anyone else engaged in all of this Orwellian crap finally coming to light.

Re:Sensationalize much?

[LordLimecat]

You missed the more important second part, where it doesnt matter because this affects BIS (the ghetto sort-of-blackberry experience), not BES (the main reason to get a blackberry).

If youre using BES, unlike 99% of other email providers, there is NO WAY to intercept the email in-transit-- not breaking SSL, not forging an SSL cert, not subpoenaing the wireless provider. BES uses symmetric per-device keys, and if you do not have the key for a particular blackberry, you are stuck bruteforcing AES encryption.

Blackberry remains the most secure mobile messaging system out there, even if noone apparently cares about such things anymore and even if they suck at making fancy widget apps.

Re:Sensationalize much?

[ImprovOmega]

Not anymore. Now BB10 uses ActiveSync with standard SSL-based encryption for its emails.

Re:Sensationalize much?

[gl4ss]

rim is a mobile carrier as much ms and samsung are.. that is: they are not. they are however selling something of an email messaging service in india. so I would suspect it doesn't matter what service you use there, if it has local presence it is tapped.

Re:Sensationalize much?

[Just+Some+Guy]

This does not in any way effect enterprise deployments using a BlackBerry Enterprise Server (BES) as the encryption keys are generated at the server and kept only by the enterprise.

Well, one set is. Have you read the source to see whether there's a second keypair?

Re:Sensationalize much?

[ArhcAngel]

BIS is an ISP for BlackBerry phones up to BB OS 7. Unlike iOS or Android BB OS 7 accesses the internet through BlackBerry NOT the carrier the phone is on. Since BlackBerry knows the device it is serving a web page to it also knows what content the phone can handle. As such when you request a web page on a BB the BIS only sends data the phone can process and it compresses the data as well. A web page that clocks in at 500K may only take 5K to transmit to a BB. So it's a little bit more than an email messaging service.

Re:Sensationalize much?

[ArhcAngel]

BB 10 still has BES support but BB 10 has ended BIS support as the original need for it in developed countries (high mobile data costs and SLOW speeds) has mostly ceased to exist. BB has not ended support for BB OS 7 nor BIS since they still have a huge market for it in developing countries. They are releasing a new device in a few months that looks like a ruggedized BOLD.

What a News scoop!

[sdinfoserv]

This is like 4 years old. Blackberry within minutes of India shutting down RIM, and they capitulated to the Indian ministry of Information. One of the requirments was Indian Governement back door to all messaging... At the time we thought... Oh, look at the evil Indian overlord Govt... all the while our Govt sh#t bags were doing the same to us...

Invalid argument

[Dogbertius]

This affects BIS, not BES. This exact story is re-hashed every year on /. Must be a slow news day.

http://crackberry.com/blackberry-101-lecture-2-bes-and-bis-whats-difference

Re:Not RIM's fault their arm got twisted...

[loom_weaver]

They lost a lot of good will because of that.

I remember at the time I considered RIM to be good for business and good about security and privacy. Then they sold out.

Who defines "rogue"?

[Zontar_Thing_From_Ve]

Probably every constitution in the world should be amended to guarantee people the right to private, secure communication. This is probably more important than the right to bear arms when defending people's rights against rogue governments.

Who gets to define "rogue governments"? When George W. Bush was president, the lunatic left was insistent that he "stole" the 2000 election for sure, he probably stole the 2004 Ohio election (yet oddly the Republican candidates were unable to steal the state in 2008 and 2012) and thus the general election, he had no respect for individual rights, wasn't going to leave office willingly, and on and on. Fast forward to today and some of the same people who blew off such talk are now saying that Barack Obama wasn't even born in the USA, is not a citizen, and is thus ineligible to be president, has trampled on everybody's rights, is trying to take your guns away from you, and on and on.

Just stop.

[thePowerOfGrayskull]

What a predictable clickbait title. I come by here every few weeks (less and less often, honestly - too much crap is just filtering through from populate media conglomerates) and am always able to find something on the front page that reminds me why I've taken to staying away.

But for old time's sake, I'll bite.

- RIM gave access to BIS communications when lawfully requested. This isn't new - they do it for every major government that submits legal requests. The fact that they'd do it for India was resolved months ago, in mid-2012 I think.
- RIM still has not and cannot give access to BES communications. THAT is what the battle with India is about - INdia said "you will give us ALL communications". RIM said "SOrry, we literally just can't do that.". India said "Do it or GTFO". RIM said "Sorry, we really just... can't". India realized this was true, and a big deal was made about the fact that theyr eceived BIS access (like any other government, for any service - not just RIM).
- It was face-saving, because they could not get what they actually insisted on getting - BES. Because the claim was that *BES* was used to planning subversive activities, not consumer BBM and email.
- they've given India no more than another other government. And they give the US government considerably less than any other government.

On that topic: you'll also notice that BlackBerry is NOT on the list of companies assisting NSA with Prism efforts. They do comply with lawful requests for specific data (as long as it's not BES, which they have no access to). But they do NOT hand over data in bulk, unlike all of their competition.

Re:Just stop.

[LordLimecat]

But they do NOT hand over data in bulk

Because as you said they CANT. Historically if you got a blackberry, you were using BES, and if youre using BES NOONE can spy on your communication without either your device key or a magical AES crack.

Old news + old FUD

[LordLimecat]

The initial demands of the government also included the ability to intercept and monitor emails and messages sent using BlackBerry Enterprise Server, but it seems that this demand have been shelved for now."

...Because for the 8 millionth time, that is not possible since RIM does not possess the encryption keys for any BES setup.

Also, this story is only what, 5 years old?

Re:Not RIM's fault their arm got twisted...

[Arker]

True, but it's a mistake to make this too much about RIM. Any for profit company in their situation would be very likely to do the same - or worse. At least they publicised the problem.

But that just points back to a basic fact. If we want secure communications we cannot rely on for-profit companies to provide that, at least not in the current environment. An alternative infrastructure is required - one that doesnt require trusting an organisation which isnt capable of resisting government pressure.

Morale of the story...

[InvalidError]

All the first-party IM/mail services are tapped or highly likely to get tapped by governments so if you want some reasonable shot at privacy, you have to use one of the lesser-known privacy-oriented 3rd-party apps and networks. Preferably a decentralized open-source application and network so governments cannot shut it down nor insert backdoors without a high probability of getting caught.

Come on people smarten up!

[TheSkepticalOptimist]

"OMG BlackBerry voids human rights! I'm glad I use my beloved non-BlackBerry phone", an idiot might say.

Look, BlackBerry was the only company that offered a messaging service that was so secure that most governments could not hack it, and so threatened to not allow BlackBerries to be sold in their country. I mean POTUS prefered a BlackBerry over any other phone for this very reason.

Note, that this means that your beloved iPhone, Windows Phone, or Android, has messaging services that ALREADY allow governments to tap and hack into easily. It's why you have not heard about similar stories from these companies, the just did not bother implementing that level of security in their products to piss of government agencies.

BlackBerry had to concede if they wanted to sell their products in countries like Saudi Arabia or India. Which, BTW, are some of BlackBerries largest markets, more so than for Apple or Google even. Any of you ever run a company that pisses off your largest customer bases, let me know how that well that works out for you when you spout idealistic moral indignation rather than apply rational common sense.

So before you start pounding on BlackBerry for giving up on human rights, realize that we ALL live in countries that can tap into our phones and message and that any company preventing this will not be allowed to do business for very long in that country. The only difference between the USA or Canada and a place like India is that a little more due diligence is required by the law before they can gain access to write tap a person.

Re:Death Knell for BBM on Adroid & iOS ?

[TheSkepticalOptimist]

No, because iMessage or Google services are already easily tappable in those countries. No other IM is, or was, as secure as BBM which is the only reason why BlackBerry fell into the bad graces of countries like India and forced them to open up their protocol.

As Blackberry stated recently

[houbou]

We will find ways to make money...

RIMM suicide

[ElitistWhiner]

RIM supplies the final nail to the coffin in the platform otherwise known as Blackberry.

Re:Not RIM's fault their arm got twisted...

[JakartaDean]

They lost a lot of good will because of that.

I remember at the time I considered RIM to be good for business and good about security and privacy. Then they sold out.

Did they? They gave the Indian government access to some types of messages, but not others AND THEY TOLD EVERYONE WHICH ONES ARE STILL SECURE. Anyone caring about security can use BES, and those not caring can use BBM. It's not as convenient, but those for whom security is important still have it. Since it's business users who pay their rent, and it's business users who use BES their core interest is protected, and India can say they have access to terrorist communications, since terrorists presumably don't have Exchange servers.

To me it looks like they won more than they sold out, but yes, overall we're still slipping towards less privacy.

Re:i'm all in

[perryizgr8]

i'm an indian. we have never been a great nation recently.