08-07-11 09:35 PM
35 12
tools
  1. the_sleuth's Avatar
    Hand over interception keys by August 15: Govt to RIM
    Kalyan Parbat, ET Bureau Jul 8, 2011, 07.37am IST

    KOLKATA: The government has set an August 15 deadline for Canada's Research In Motion to provide the country's intelligence agencies with the interception keys to enable real-time tracking of its popular BlackBerry messenger and corporate email services in readable format. The ultimatum comes after recent talks between the government and RIM over a satisfactory interception solution proved inconclusive.

    Ongoing talks have failed to throw up a solution for interception of Blackberry messenger, chat and corporate email services. "Since RIM had missed its earlier May 15, 2011 deadline, the company has been told to come up with an interception solution by August 15, failing which the government may have to consider suspension of the service," a top official privy to the talks said.

    In response to ET's email query on the August 15 deadline, a RIM spokesman said: "Further to your query regarding Black-Berry's messenger and internet services, RIM has nothing further to add to its statement of January 13, 2011." In January, RIM had claimed it had delivered a solution that would enable India's wireless carriers to address lawful access requirements for its customer messaging services like BlackBerry Messenger and BlackBerry Internet Service email.

    Hand over interception keys by August 15: Govt to RIM - Economic Times
    07-10-11 08:55 PM
  2. Deathcommand's Avatar
    Which Govt..?

    Posted from my CrackBerry at wapforums.crackberry.com

    Nvm. Doesn't change how dumb this is.
    Not the post itself. I meant how dumb the fact that they are doing this is.

    Illegal development probably helps their economy a lot!
    Last edited by Deathcommand; 07-10-11 at 09:09 PM.
    07-10-11 08:59 PM
  3. _StephenBB81's Avatar
    Hand over interception keys by August 15: Govt to RIM
    Kalyan Parbat, ET Bureau Jul 8, 2011, 07.37am IST

    KOLKATA: The government has set an August 15 deadline for Canada's Research In Motion to provide the country's intelligence agencies with the interception keys to enable real-time tracking of its popular BlackBerry messenger and corporate email services in readable format. The ultimatum comes after recent talks between the government and RIM over a satisfactory interception solution proved inconclusive.

    Ongoing talks have failed to throw up a solution for interception of Blackberry messenger, chat and corporate email services. "Since RIM had missed its earlier May 15, 2011 deadline, the company has been told to come up with an interception solution by August 15, failing which the government may have to consider suspension of the service," a top official privy to the talks said.

    In response to ET's email query on the August 15 deadline, a RIM spokesman said: "Further to your query regarding Black-Berry's messenger and internet services, RIM has nothing further to add to its statement of January 13, 2011." In January, RIM had claimed it had delivered a solution that would enable India's wireless carriers to address lawful access requirements for its customer messaging services like BlackBerry Messenger and BlackBerry Internet Service email.

    Hand over interception keys by August 15: Govt to RIM - Economic Times
    They REALLY are pushing to see if RIM has a backdoor to BES,

    I was under the impression RIM already was setting up NOC's in India which was helping them meet the requirements of the May 15th deadline,

    AND I though India was limiting who can install a BES they had to meet certain criteria.

    I'll keep my eye how this pans out for sure
    07-10-11 09:00 PM
  4. Rootbrian's Avatar
    India's gov is going to keep saying there's a backdoor when there's none. ... It's lame as lame can get, almost childish behavior. They can't always get what they want!!

    Posted from my CrackBerry at wapforums.crackberry.com
    07-11-11 12:41 AM
  5. Bla1ze's Avatar
    Funny, considering India already said they can hack BB security. If they can, then why to do even need RIM to offer a back door? lol
    M.Rizk and Foreverup like this.
    07-11-11 01:10 AM
  6. Reed McLay's Avatar
    Ongoing talks have failed to throw up a solution for interception of Blackberry messenger, chat and corporate email services. ...
    India's gov is going to keep saying there's a backdoor when there's none. ... It's lame as lame can get, almost childish behavior. They can't always get what they want!!

    Posted from my CrackBerry at wapforums.crackberry.com

    India has World Class university computer science programs. I find it incredible, that the Home Minister Advisors can not help him understand, it can not be done.
    07-11-11 02:16 AM
  7. KAPS's Avatar
    India's gov is going to keep saying there's a backdoor when there's none.... It's lame as lame can get, almost childish behavior. They can't always get what they want!!

    Posted from my CrackBerry at wapforums.crackberry.com
    The Indian government wants the same type of deal,which RIM is providing to US and other developed nation.
    Just because India is asking it openly doesn't make it a bad nation. I think US has a similar law the Patriot law or something, where any information of any person can be obtained from any operators.

    India is a target of many terrorist attack and most of them use RIM services to communicate, so it is more important for India to have these type of deal with RIM.
    If RIM doesn't accept these deals then they can...from India.

    It will be RIM loss to lose Indian market and not the other way around.
    I thought Canada government is...as Indian government is when you think Canada is still ruled by the Queen.
    K Bear likes this.
    07-11-11 02:17 AM
  8. Reed McLay's Avatar
    Canada is still ruled by the Queen.
    Politics and abusive language are not a suitable topic for this forum.

    /Politics
    KAPS likes this.
    07-11-11 02:24 AM
  9. JDukeOSBB's Avatar
    I just find it laughable for India to take this stance. There are no encryption keys! Servers would have to be set up in India for them to be able to monitor BB Traffic.... So what exactly is India asking of RIM?

    Posted from my CrackBerry at wapforums.crackberry.com
    07-11-11 02:31 AM
  10. JDukeOSBB's Avatar
    The Indian government wants the same type of deal,which RIM is providing to US and other developed nation.
    Just because India is asking it openly doesn't make it a bad nation. I think US has a similar law the Patriot law or something, where any information of any person can be obtained from any operators.

    India is a target of many terrorist attack and most of them use RIM services to communicate, so it is more important for India to have these type of deal with RIM.
    If RIM doesn't accept these deals then they can...from India.

    It will be RIM loss to lose Indian market and not the other way around.
    I thought Canada government is...as Indian government is when you think Canada is still ruled by the Queen.
    Terrorists don't use BlackBerrys... sheesh lol

    Posted from my CrackBerry at wapforums.crackberry.com
    07-11-11 02:33 AM
  11. Reed McLay's Avatar
    Terrorists don't use BlackBerrys... sheesh lol

    Posted from my CrackBerry at wapforums.crackberry.com
    Terrorists use human couriers.

    It was reported in Western Press, they recovered Satellite phones in the aftermath of the Mumbai attacks.
    07-11-11 02:37 AM
  12. KAPS's Avatar
    Terrorists don't use BlackBerrys... sheesh lol

    Posted from my CrackBerry at wapforums.crackberry.com
    In the mumbai attack, terrorist had used both Satellite and Blackberry phones.

    How Gadgets Helped Mumbai Attackers | Danger Room | Wired.com
    Reed McLay, 1magine and K Bear like this.
    07-11-11 02:50 AM
  13. lnichols's Avatar
    ... They need to force the BES owner to hand over the key, not RIM. I'm so sick of hearing about that .... I don't care if it is a potential market of a billion.
    Last edited by lnichols; 07-11-11 at 06:17 AM.
    07-11-11 06:14 AM
  14. KAPS's Avatar
    ... They need to force the BES owner to hand over the key, not RIM. I'm so sick of hearing about that .... I don't care if it is a potential market of a billion. .
    Yeah Right...India,...US,... UAE, ... each and every place where RIM sucks.
    RIM should only work in Canada as that the only place RIM is respected.
    Btw your logic has some serious flaws, The key may be of the BES owner but the product is of RIM so it is RIM responsibility to corporate with the Government and not the owners.
    07-11-11 09:52 AM
  15. Reed McLay's Avatar
    Yeah Right...India,...US,... UAE, ... each and every place where RIM sucks.
    RIM should only work in Canada as that the only place RIM is respected.
    Btw your logic has some serious flaws, The key may be of the BES owner but the product is of RIM so it is RIM responsibility to corporate with the Government and not the owners.
    This statement continues to demonstrate the root problem.

    The Advanced Encryption Standard is fully documented and the result has been subject to rigorous testing and scrutiny. The algorithm is published for all the World to see.

    http://en.wikipedia.org/wiki/Advance...ption_Standard

    In cryptography, the Advanced Encryption Standard (AES) is a symmetric-key encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael. Each of these ciphers has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. The AES ciphers have been analyzed extensively and are now used worldwide, as was the case with its predecessor,[3] the Data Encryption Standard (DES). ...

    For cryptographers, a cryptographic "break" is anything faster than a brute force attack - trying every possible key. Thus, an attack against a 256-bit-key AES requiring 2200 operations (compared to 2256 possible keys) would be considered a break, even though 2200 operations would still take far longer than the age of the universe to complete. The largest successful publicly-known brute force attack against any block-cipher encryption has been against a 64-bit RC5 key by distributed.net. ...
    There is no "backdoor" or global key. It can not be done, by design and implementation.

    The suggestion that other countries, United States or Russia or China perhaps, may have the ability to decrypt AES. That argument is speculation. The Goverment of the United States has acknowlaged that and has expressed similiar concerns in the past.

    The fact is, AES can not be decrypted by any agency, now or in the foreseeable future.
    07-11-11 11:30 AM
  16. sam_b77's Avatar
    The Indian government wants the same type of deal,which RIM is providing to US and other developed nation.
    Just because India is asking it openly doesn't make it a bad nation. I think US has a similar law the Patriot law or something, where any information of any person can be obtained from any operators.

    India is a target of many terrorist attack and most of them use RIM services to communicate, so it is more important for India to have these type of deal with RIM.
    If RIM doesn't accept these deals then they can...from India.

    It will be RIM loss to lose Indian market and not the other way around.
    I thought Canada government is...as Indian government is when you think Canada is still ruled by the Queen.
    While your logic maybe sound regarding terrorists using BB encrypted service and the Indian Govt wanting access to that, my worry is that Indian politicians and investigative agencies are hardly as ethical as American and Canadian agencies. This is not to say that American agencies don't indulge in illegal interceptions at all, but just that they wouldn't do it just because some politician has a grudge against someone.
    IF there was a Backdoor, which is a VERY BIG IF, as per the posts above, I wouldn't want it to be in the hands of our moron politicians. Next thing you will know is that rival corporations are bribing low level officers to get information about their competitors.
    There are enough laws in India which can be used to access the servers and networks of companies and even get access to phones and computers of individuals. Only problem with that is the govt official will have to show Just Cause and get a warrant from a court of law or through a parliament committee
    The problem with providing the Indian govt with Remote Anonymous Access is that it will open a whole new can of worms. This smacks of a Big Brother operation and will definitely be used for unethical practices. Providing our fledgling and corruptible govt agencies with this power would not be a good idea. And let's not forget, it will allow Indian agencies access to BBM from all over the world. That would surely kill RIM's business model.
    I have been following this story since it broke out last year and have been very impressed by how RIM is standing their ground even at the cost of losing a big and growing market.
    By the way, my personal opinion (all speculation based on how our country runs and a few inputs), this is all showboating by the Indian Govt, since all the politicians use BBM to conclude their shady deals as they all know it can't be intercepted. Have a few friends in politics and they all get BB's just to talk to the "sensitive people".
    And finally, the Indian Telegraph law with which the Indian govt wants RIM to comply with was drafted by the British in 1885 to keep the "locals" in check.
    THE INDIAN TELEGRAPH ACT, 1885
    Fuk!ng hilarious....
    They need a completely new draft and make it as per the technologies available today and keeping in mind the rights of their citizens, not use a law drafted by the British to subjugate and control a population they ruled over.
    No offense to the Brits. I would have done the same if I was in their position.
    Last edited by sam_b77; 07-11-11 at 12:12 PM.
    Dapper37 likes this.
    07-11-11 12:09 PM
  17. Branta's Avatar
    Btw your logic has some serious flaws, The key may be of the BES owner but the product is of RIM so it is RIM responsibility to corporate with the Government and not the owners.
    You have entirely missed the point about BES encryption. The traffic between BES server and each individual mobile device is encrypted using a key which is regenerated "frequently" between the two participants. Only the BES server and the mobile device know the key, and it might not be the same key in 2 minutes time. The encryption is considered secure enough to be used by US and other Government agencies for most grades of traffic, so it must be thought to be secure against known cryptographic attacks. The key is not known to RIM, the server operator, or any other human. It is controlled only by the server and mobile device, and can be changed almost as often as desired.

    Having said that, the only traffic which is always fully protected by strong encryption is between the mobile device and the server. Even traffic which passes direct from one mobile to another hosted on the same server will be decrypted and re-encrypted with the key for the second device. As soon as traffic hits the server it must be decrypted, and depending on server policies logged.

    The *only way* to get access to the encrypted traffic is via the server operator. Nothing else works. If the Government of India is too stupid to listen to their technical advisers that's their problem.
    07-11-11 12:24 PM
  18. the_sleuth's Avatar
    This statement continues to demonstrate the root problem.

    The Advanced Encryption Standard is fully documented and the result has been subject to rigorous testing and scrutiny. The algorithm is published for all the World to see.

    Advanced Encryption Standard - Wikipedia, the free encyclopedia



    There is no "backdoor" or global key. It can not be done, by design and implementation.

    The suggestion that other countries, United States or Russia or China perhaps, may have the ability to decrypt AES. That argument is speculation. The Goverment of the United States has acknowlaged that and has expressed similiar concerns in the past.

    The fact is, AES can not be decrypted by any agency, now or in the foreseeable future.

    I don't think this is the whole story. I have friend at Microsoft whom specializes in email security. Microsoft has a set of tools to decrypt / recover email for clients using Outlook 2007/ 2010. Microsoft can decrypt its own security certificates for AES, DES and so forth. The link below has a list of encryption standards supported by Microsoft.

    My point being if Microsoft has the tools so does RIM.

    Plan cryptography and encryption settings for Office 2010
    07-11-11 12:25 PM
  19. lnichols's Avatar
    Yeah Right...India,...US,... UAE, ... each and every place where RIM sucks.
    RIM should only work in Canada as that the only place RIM is respected.
    Btw your logic has some serious flaws, The key may be of the BES owner but the product is of RIM so it is RIM responsibility to corporate with the Government and not the owners.
    You obviously don't understand how the encryption works (and neither does the government of India). RIM is providing a VPN aggregation service with the BES and a client with the phones. It runs standard's based encryption protocols. The person/company who owns/operates the BES establishes the keys/certificates that the phone and BES use to encrypt/decrypt the data, not RIM. I support a lot of VPN's all over the world using these same security protocols. How is the manufacturer of the hardware I configured to encrypt the data going to know what key I used for the encryption? They can't and their are no back doors!

    RIM can provide data that is encrypted and decrypted at the BIS because they do own and control those servers.
    07-11-11 01:37 PM
  20. lnichols's Avatar
    I don't think this is the whole story. I have friend at Microsoft whom specializes in email security. Microsoft has a set of tools to decrypt / recover email for clients using Outlook 2007/ 2010. Microsoft can decrypt its own security certificates for AES, DES and so forth. The link below has a list of encryption standards supported by Microsoft.

    My point being if Microsoft has the tools so does RIM.

    Plan cryptography and encryption settings for Office 2010
    Only if they used a Microsoft generated certificate.
    07-11-11 01:40 PM
  21. sf49ers's Avatar
    The Indian government wants the same type of deal,which RIM is providing to US and other developed nation.
    Just because India is asking it openly doesn't make it a bad nation. I think US has a similar law the Patriot law or something, where any information of any person can be obtained from any operators.

    India is a target of many terrorist attack and most of them use RIM services to communicate, so it is more important for India to have these type of deal with RIM.
    If RIM doesn't accept these deals then they can...from India.

    It will be RIM loss to lose Indian market and not the other way around.
    I thought Canada government is...as Indian government is when you think Canada is still ruled by the Queen.
    BES is like VPN and RIM doesn't have any separate keys for US or China or for itself. If Microsoft sold you a PC and it doesn't mean that Microsoft should know your windows login password or has a master password to hack into your device. RIM already complied by sharing the BIS encryption keys but same cannot be done for BES because RIM doesn't have them.
    Last edited by sf49ers; 07-11-11 at 04:55 PM.
    07-11-11 03:16 PM
  22. Tõnis's Avatar
    Can RIM or some other third party exercise control over BES servers in the same type of way a BES server exercises control over its BlackBerry handsets?

    Posted from my CrackBerry at wapforums.crackberry.com
    07-11-11 04:56 PM
  23. Branta's Avatar
    Can RIM or some other third party exercise control over BES servers in the same type of way a BES server exercises control over its BlackBerry handsets?

    Posted from my CrackBerry at wapforums.crackberry.com
    No. That is the whole point of the security model, there are no back doors, no way around it.
    07-11-11 05:55 PM
  24. rjshahan's Avatar
    The Indian government wants the same type of deal,which RIM is providing to US and other developed nation.
    Just because India is asking it openly doesn't make it a bad nation. I think US has a similar law the Patriot law or something, where any information of any person can be obtained from any operators.

    India is a target of many terrorist attack and most of them use RIM services to communicate, so it is more important for India to have these type of deal with RIM.
    If RIM doesn't accept these deals then they can...from India.

    It will be RIM loss to lose Indian market and not the other way around.
    I thought Canada government is...as Indian government is when you think Canada is still ruled by the Queen.
    In the US,Canada and all other nations in the world, RIM has said that the only way to get access to BES data is for the government to present the company which has installed the BES with a warrant and have them hand over the information. RIM does not have a backdoor access to this system.

    The Patriot Act's component to surveillance allowed for broader definitions when issuing a warrant, a controversial allowance but a not "secret made up backdoor to spy on everyone".

    The UAE has accepted that the BES security is a requirement by many enterprises. They have set up laws that better manage who gets to install a BES, like a pre-screening process. A fair collaboration between RIM and the legitimate concerns of the government.

    The Indian Government has always been shortsighted when it comes to technology as they have a billion other more pressing issues. This request is for them to set precedent and effectively kill encryption in the country simply because they do not want to invest in the channels and methods to do it right. Remember when they kicked Coca-Cola out for not handing over the recipe? It took them a while to figure out that companies have trade secrets.

    Encryption technology is a global standard and will only get more secure, India needs a better strategy than having a hissy-fit every few years when somebody says no to its archaic policies. As a rapidly developing country with one of the fastest growing economies in the world, kicking out foreign investment is not in India's best interest and reflects poorly on them. And requiring insecure communication would just result in R&D, and other sensitive industries moving out. Leaving India as the world's call center.
    Dapper37 likes this.
    07-11-11 07:47 PM
  25. Tõnis's Avatar
    Remember when they kicked Coca-Cola out for not handing over the recipe?
    LOL, forgot about that!

    Posted from my CrackBerry at wapforums.crackberry.com
    07-11-11 08:10 PM
35 12
LINK TO POST COPIED TO CLIPBOARD