[blackjack93117]

When you're an intrusive government that wants to spy on it's people, I suppose so.

RIM Facility Helps India - WSJ.com

At any rate this article demonstrates the tight security that RIM provides.

NEW DELHI—Research In Motion Ltd. has set up a facility in Mumbai to help the Indian government carry out lawful surveillance of its BlackBerry services, according to people familiar with the matter, but the move hasn't fully satisfied India's appetite for access to messages on the popular smartphones.
Last year, India threatened to shut down BlackBerry encrypted email and instant messaging services because it couldn't wiretap them. The government put the onus on Waterloo, Canada-based RIM to come up with solutions. Several government-set deadlines have passed and, though India still isn't happy with its surveillance capabilities, it is no longer threatening to shut down the service.
RIM partly assuaged India by setting up the small Mumbai facility earlier this year to handle surveillance requests from India. India can submit the name of a suspect its investigators want to wiretap, and RIM will return decoded messages for that individual, as long as it is satisfied the request has legal authorization, according to the people familiar with the matter.
The Mumbai facility handles lawful intercept requests for consumer services including the BlackBerry Messenger chat service, these people say. India saw the move as a positive step, but would prefer an arrangement where it has the ability to decode messages itself, so that it can conduct surveillance without disclosing the names of suspects to RIM.
India still has no method to intercept and decode BlackBerry enterprise email, which is used by corporate customers and features a higher level of encryption than consumer email and instant messaging. BlackBerry has repeatedly said it doesn't have the keys to unlock enterprise email messages—security is one of the service's key selling points. The Indian government isn't as concerned as it once was about enterprise email, however, since growth is happening mostly in consumer services, the people familiar with the matter say.

Another idea India has explored is whether it can put an official on RIM's premises in Canada to help facilitate the nation's surveillance requests in a more secure manner, one of the people familiar with the matter said. It isn't clear how far that proposal went.
RIM in a prepared statement said it "continues to work very well" with the Indian government. "We are not operating under any deadlines and we believe the government of India is now applying its security policy in a consistent manner to all handset makers and service providers in India, which means that RIM should not be singled out any more than any other provider."
Indeed, smartphone technology isn't India's only concern. A recent report by an Indian government expert committee—which hasn't been released publicly—identified several technologies that the country would like to monitor more closely, including Microsoft Corp.'s Internet phone service Skype and social-media services Facebook and Twitter, one of the people familiar with the matter said.
A spokeswoman for Twitter wasn't immediately available for comment. Microsoft declined to comment, and Facebook couldn't immediately be reached for comment.
India's minister of state for telecommunications, Milind Deora, said the government is working with RIM to find a way to satisfy India's interests, adding that the extreme options are to shut down BlackBerry services in India or leave in place the status quo. "We want to avoid those extreme options at all costs," Mr. Deora said. "We are trying to find some middle ground."
RIM has been going through hard times lately as it loses smartphone market share to competitors like Apple Inc.'s iPhone and devices that use Google Inc.'s Android operating system. The company's woes were compounded by a recent multiday BlackBerry service outage in several countries, including India, for which co-chief executive Mike Lazaridis offered an apology to customers.
Fast-growing markets like India offer a potential avenue for future growth. Though RIM doesn't disclose its subscribers in India, people close to the company say it has about two million subscribers out of more than 70 million users globally. But there is plenty of opportunity, given that most of the nation's 866 million mobile-phone customers are just now upgrading to smartphones.
In its statement, the company said, "RIM's business continues to grow very nicely in India and that is our primary focus."
RIM has faced similar demands in the past year from several governments across the Middle East and Asia. It has generally said it will meet lawful intercept obligations, but won't compromise its users' privacy or change the architecture of its technology in any of the 175 countries where it operates.
RIM doesn't disclose the specific arrangements it makes in any country to facilitate lawful intercepts.
RIM officials have previously expressed concerns that India doesn't have sufficient legal safeguards to protect consumer privacy and ensure that wiretapping isn't abused. In India, the Home Ministry signs off on all surveillance requests by central government agencies.
A spokesman for India's Home Ministry didn't respond to a request for comment.
Many of India's issues with BlackBerry could have been averted if the country had developed more advanced capabilities to decrypt data on its own. The Messenger service, for example, has one master key to unlock messages, and it can be discovered relatively easily with good decryption technology, according to people familiar with the matter.
— Will Connors in Toronto contributed to this article.

Read more: http://online.wsj.com/article/SB1000...#ixzz1cNgCoHKM

[anindoc]

The thing is that India is a huge country with an even massive population. The infrastructure does not support easy and proper surveillance, and it becomes a major issue in times of terrorist threats.
The history with its immediate neighbor Pakistan is unfortunately not very good, and there have been many instances where a terrorist act took place and fingers were pointed- based on evidences recovered from cell phones.
In light of these events, its not surprising that the Indian government is seeking out RIM to provide monitoring and inside help to track down potential terrorist plots and activities.

When one dosent have the privilege of excellent infrastructure to monitor and prevent, I guess approaching a cell phone company to assist in preventing mass murders is not a bad thing....

[LimeTripBlog]

Terrorists are such a pain you cant blame the Indian Govt. And btw its not just India having probs with BB saudi arabia, indonesia etc

Blackberry Ban = Saving a life

[RCCollins]

Don't all smart phones encrypt the transport mechanism for email? Why is a centralized email proxy more secure than going directly to my corporate email system?

[RCCollins]

In my opinion a global centralized mail/messaging proxy is a very poor security model.

[Tre Lawrence]

I have said this before, and I still think it holds true: communication security is not as much of a concern in a post-911 world. India is not odd in this regard.

Different countries want the info for different reasons, but to stay in business, I think RIM is going to have to comply.

[ssbtech]

RIM should have stuck to their guns and told India that they cant have the data.

Oh well, thanks to every Canadian who voted for our Conservative government, RIM will be required to keep records of conversation between Canadian BlackBerry users too.


The problem with this whole wiretapping BS is that the terrorists are likely using their own encrypted methods of communication. RIM is probably one of the last places you'd find terrorist communications.

[Tre Lawrence]

RIM should have stuck to their guns and told India that they cant have the data.

Oh well, thanks to every Canadian who voted for our Conservative government, RIM will be required to keep records of conversation between Canadian BlackBerry users too.


The problem with this whole wiretapping BS is that the terrorists are likely using their own encrypted methods of communication. RIM is probably one of the last places you'd find terrorist communications.

I don't disagree... but what can RIM really do here? They can't afford to get shut down.

[kbz1960]

Any one see a connection here with the US government and the never ending media bashing RIM and the stocks plummeting all while RIM makes a profit?

Happy Halloween!

[Mureed]

it's not just India, weren't there similar issues in Gulf countries last year? In each case RIM backed off and gave into gov't demands for access.

see:Saudi and RIM talks progress as BlackBerry ban looms | Reuters

or: BlackBerry Service to Be Monitored in Saudi Arabia | PCWorld Business Center

or:Indonesia Presses RIM Over BlackBerry Service | PCWorld Business Center

[Superfly_FR]

They have to stay tight. No compromise. If they do, they'll lost the whole thing. India and elsewhere. Giving any clue for decryption is opening the Pandora box. Do not forget that RIM's architecture is identical worldwide.
I bet being un-flexible (i.e: within the legal and fair Mumbai facility) will result in organizations being aware of RIM's security integrity. First of them ... the Indian ones.

[Tre Lawrence]

But RIM needs India way more than India needs RIM.

[Superfly_FR]

But RIM needs India way more than India needs RIM.

Not sure about this ... RIM needs India, yes. But also India needs a serious brand that can handle over their network that is - at least - a N-1 generation. This is the reason why apple with high consumption data devices relying on 3G are loosing on this market.
At least, with RIM, they can control - on legal request - still having for their own needs the highest (industrial) level of security available.
Andro�d is for them at least a similar threat, as any encryption method may be modified w/o any publicity nor control ...

My 2 cents.

[Tre Lawrence]

Not sure about this ... RIM needs India, yes. But also India needs a serious brand that can handle over their network that is - at least - a N-1 generation. This is the reason why apple with high consumption data devices relying on 3G are loosing on this market.
At least, with RIM, they can control - on legal request - still having for their own needs the highest (industrial) level of security available.
Andro�d is for them at least a similar threat, as any encryption method may be modified w/o any publicity nor control ...

My 2 cents.

Good points.

[RCCollins]

There is nothing magical about RIMs security, it is centralized therefore an excellent point to eavesdrop. Every other smartphone vendor has a better security (decentralized) model. RIMs software is notoriously buggy, who knows what kind of exploits are in play as we speak, or what kind of back door deals they have negotiated. I do not want all my data to proxy through a third party, sorry RIM.

[Superfly_FR]

There is nothing magical about RIMs security, it is centralized therefore an excellent point to eavesdrop. Every other smartphone vendor has a better security (decentralized) model. RIMs software is notoriously buggy, who knows what kind of exploits are in play as we speak, or what kind of back door deals they have negotiated. I do not want all my data to proxy through a third party, sorry RIM.

Ever heard of a RIM jailbreak ?
Ever heard of a BES server being compromised ?
At you lightened opinion, why government of countries like India, Indonesia (each of them being a cradle for the highest level of engineers) struggle for favoritism ?
Please, be serious.

[T�nis]

There is nothing magical about RIMs security, it is centralized therefore an excellent point to eavesdrop. Every other smartphone vendor has a better security (decentralized) model. RIMs software is notoriously buggy, who knows what kind of exploits are in play as we speak, or what kind of back door deals they have negotiated. I do not want all my data to proxy through a third party, sorry RIM.

Though I disagree with this statement as far as device-level security of stored data is concerned -- no other device or platform is as secure in that regard -- I sadly must agree with your statement as far as centralization and monitoring of communications are concerned. All of it (RIM, Microsoft, Facebook, Google, etc) is perfectly constructed for Anglo-American (CIA/MI-5) surveillance.

[RCCollins]

Ever heard of a RIM jailbreak ?
Ever heard of a BES server being compromised ?
At you lightened opinion, why government of countries like India, Indonesia (each of them being a cradle for the highest level of engineers) struggle for favoritism ?
Please, be serious.

Yes, I definitely heard of a BES server being compromised, there was a new exploit discovered just a couple of weeks ago. Google is your friend.

There are "hybrid" OSs floating around megaupload, do those count as a jailbreak?

And the Dell Streak has been approved by the DOD,
First Android Device Certified For DoD Personnel - Slashdot

I really don't think there is anything special about RIMs security.

[T�nis]

At you lightened opinion, why government of countries like India, Indonesia (each of them being a cradle for the highest level of engineers) struggle for favoritism ?

Those governments are minor league, small-time players that are making a little bit of noise, rattling the cage, so to speak, against the Anglo-American world order. They want to sit at the big kids' table. It takes ba//s, I'll give 'em that. After all, Saddam Hussein rattled the cage when he demanded the Euro for oil. The Anglo-American aggressors sent a clear message to him and anyone else who might be inclined to step too far out of line.

[Superfly_FR]

Those governments are minor league, small-time players that are making a little bit of noise, rattling the cage, so to speak, against the Anglo-American world order. They want to sit at the big kids' table. It takes ba//s, I'll give 'em that. After all, Saddam Hussein rattled the cage when he demanded the Euro for oil. The Anglo-American aggressors sent a clear message to him and anyone else who might be inclined to step too far out of line.

Do you live under a rock ?

[Superfly_FR]

Yes, I definitely heard of a BES server being compromised, there was a new exploit discovered just a couple of weeks ago. Google is your friend.
There are "hybrid" OSs floating around megaupload, do those count as a jailbreak?
And the Dell Streak has been approved by the DOD,
First Android Device Certified For DoD Personnel - Slashdot
I really don't think there is anything special about RIMs security.

Believe me, as soon as any flaw comes out about BB, it's straight away here. Don't even Google. You'll find in this particular forum a "yeppeeeee I found one" like post, in witch we learned that under certain circumstances, the browser may allow access to unsecured storage (i.e memory card). This beeing a webkit based browser commune issue. Nothing to do with BES nor secured items (mail, bbm, SMS/ MMS or any internal storage of your phone).
Edited : also found some middleware issues with corporate messaging/collaborative enterprise software.

Hybrid OS are nothing than core OSes that have been lightened and/or in which existing prior/beta versions of some core components have been mixed. All of theses are RIM signed components. In this case we're talking of workaround or optimization, not jailbreak ... far from it.

What about the Streak ? You want to run Froyo ???

RIM has an unique security feature scheme. It's even a retarder for many developments and releases. If you don't know it, you're just miss-informed or malicious.

Please, document before being such a lesson-teller.

[Barljo]

I for one am not worried about any government in the world being able to read my bbm messages to my girlfriend ("Hope you're having a good day so far", "I'll pick [our son] up from school", "I love you").

I for one am not worried about any government in the world being able to read my bbm messages to my friends ("Hope you're having a good day so far", "See you at the bar about 1900", "Did you see that touchdown??").

In fact, I would be happy for anyone to read all my messages to help stop any unneccessary deaths.

I have nothing to hide, and therefore nothing to fear. Why the paranoia?

[Superfly_FR]

I for one am not worried about any government in the world being able to read my [...] In fact, I would be happy for anyone to read all my messages to help stop any unneccessary deaths.I have nothing to hide, and therefore nothing to fear. Why the paranoia?

Well this is not only a personal point of view that matters.
I could have just quoted and answered "1984" but we're - almost - already there.
You wonder about terrorism or let's say criminal issues and you're perfectly right to care about. But let's think "gobal".

I stated several time the concept "if it's free you're the product", that means the whole data you have is shared (in summary) and exploited by third parties.
Now, think data mining.
Your data, combined with your friends, family and their friends and family can be consolidated in a behavioral profile at a point that some of these persons may be targeted as "red underwear" users.
Well you'll probably think: great, I'd have a better customer experience with accurate advertisement and shopping suggestions ... fine.

But just imagine what power it gives, just by linking you and others, to anyone that have a global (politic, religious, ethnic, economic, conquest ...) drawing. He knows absolutely everything about you, even if you have nothing to hide, he may turn you into a sheep in a snap. Moreover, he will be able to custom each message sent by accentuating the point you're sensible to. Don't mention those who do have some to "hide", as their unusual sexual orientation or political/philosophical positions.
Believe me, while it is a catastrophic vision, this is not paranoia, it is yet technically possible.

I hope some of you can ear French ... to view this amazing reportage.
As you may know, we're pretty concerned here by privacy.
You'll all get the first minutes; President Obama speaking.

Edit : more mobile & hack related : jump to part 3 around 10:00 and the 4th part.

Part 1

Part 2

Part 3

Part 4

[blackjack93117]

Control/monitoring of communication is the first step to tyranny. Who knows how much of that is done in the "free" world? How easy these days would it be to find those who oppose you if you wished to become a dictator? Facebook knows it all....

[brucep1]

Any one see a connection here with the US government and the never ending media bashing RIM and the stocks plummeting all while RIM makes a profit?

Happy Halloween!

none whatsoever