Indian gov says no plan to squeeze out BlackBerrys
'At this point'
Indian telecoms secretary Siddhartha Behura has confirmed the country is not seeking a ban on the use of BlackBerrys, as the government continues talks with operators about lawful interception.
The suggestion that RIM's emailing handheld might be banned from the subcontinent surfaced last Friday when Tata Teleservices was refused a license to run a BlackBerry service on the grounds that communications were encrypted so couldn't be intercepted.
Tata responded that other operators were already offering the service, so a confused Department of Telecoms fired off letters to the other operators asking them to explain themselves, and set up a meeting to discuss the matter today.
There are about 400,000 BlackBerry users in India, and under Indian law the network operator is responsible for letting the security services intercept any communications. But with the BlackBerry services located outside India, that's technically impossible.
Intercepting messages can only be done with RIM's agreement, and so far the Canadian company isn't playing ball.
This is part of a wider crackdown on encrypted communications in India which includes asking ISPs to restrict themselves to 40-bit keys for web-based applications, something they are still fighting.
The availability of strong encryption has phased most governments at some point, and even in Europe there were attempts to ban its use on security grounds. Eventually the authorities realised a better strategy was to change the law to make forgetting an encryption key illegal, while simultaneously hinting that they could break any encryption if they wanted to anyway.
Generally there are easier ways of accessing secured communications, but putting the service in a different country, as RIM does, makes that a great deal more difficult. ®
Does anyone care??
Well, if they government want to look at my eMails, they're welcome. I'm sure they'd be fascinated by what they learn. That i'm an honest, hard-working IT tech, no threat to national security, I have a sister and a fiance to buy Birthday gifts for soon and I need to go to Manchester in the not-too distant future to fix a printer. And I subcribe to the El Reg Digests...Earthshattering....
I do sometimes think that encrypting email is rather like putting documents in an envelope marked "Top Secret". It ensures the other people know which communications are of interest and allowed them to effectively target any attacks. If you have a million emails to sort through looking for terrorist messages I think you might just start with the thousand or so encrypted ones. Nice of someone to point out which ones are worth intercepting and reading by encrypting them, wasn't it?
Of course, encryption is only half the battle. If the message is cyphered as well then what they get back (after time cracking the encryption key - which will be harder if they are looking for the "the right gibberish", rather than recognisably cohearant data) may well be too obscure for anyone other than the intended recipient to glean any accurate meaning from. Especially if the meaning is further obscured by synonyms and substitute words etc. They may well learn that "the hippo is one who ate the racing car - munch!" (meaning "the attack (hippo) is on the 18th (one-ate) of March (racing car) in Munich (Munch)". But will that mean anything to anyone?
Just a thought. I do think that higher-level encryption is, arguably, a good idea for corporate security reasons. But I also suspect it would be quite easy to just mug the bloke who holds the blackberry for it's contents. This completely compromises security and will just look like a street robbery if done properly.
The possible, revised
@ AC and the impossible
it's been 10 years. the NSA has (according to some rumors) more computation capacity than the rest of the world combined. it may take up a good chunk of their resources, but if they want to, they can supposedly decrypt things other organizations can't touch. it may also take a few weeks, but i feel certain they've found a way.
BB may be a highly secure platform (use it myself), but nothing is completely proof against decryption (theoretically). the gov't of India appears to be technologically ignorant, as most governments are.
it can't be that difficult to get cooperation from Canada, they rolled over for GWBush, didn't they? India just needs to try a bit harder, and they can have their intercept. decrypting it is another matter. if they can't be bothered to develop the capacity, they'll have to live with the disadvantage. i am not at all sympathetic, and i used to be MI.
too bad, so sad, guess you'll have to rely on HUMINT. you were trained in intelligence work, first by the British, and later, the Russians; in a nation of almost a billion people, you should be doing a lot of that already.
RIM isn't able to decrypt, even if they wanted to
This Indian government doesn't understand how blackberries work (neither did the French government when they tried to ban them).
If you use the Blackberry Enterprise Server (and you should), the handheld & server exchange keys without anyone else ever having them.
RIM and the mobile carrier just the carry the encrypted message - RIM can't decrypt it even if they wanted to. RIM could be located in India and it wouldn't make any difference. RIM never has the keys.
The blackberry platform has been audited from end-to-end by NATO and the governments of the USA, Canada, Austria, UK, New Zealand and Australia. It is a very solid platform.
The Indian government simply doesn't want its citizens to have strong encryption technology that they can't break.
The USA tried that a decade ago. It's not possible.