Indian gov denied BlackBerry snoop
Subcontinental spooks blackballed by RIM
Research In Motion (RIM), the Canadian company behind the BlackBerry handheld, has refused to give the Indian government special access to its encrypted email services. Indian authorities have previously evinced concern that terrorists or criminals might use BlackBerries to communicate free from government interception.
According to the Times of India, the company said in a statement:
The BlackBerry security architecture for enterprise customers is purposefully designed to exclude the capability for RIM or any third party to read encrypted information under any circumstances. We regret any concern prompted by incorrect speculation or rumours and wish to assure customers that RIM is committed to continue serving security-conscious business in the Indian market.
Previous reports have suggested that the Indian government had sought only the ability to read information sent between consumer BlackBerry users, rather than enterprise platforms. There had been media talk of a "master key" to be given to Indian officials.
Regarding the assertion that third parties are completely unable to read BlackBerry messages, this contradicts the view taken by the French government. France recently banned the use of BlackBerries by its top officials. French security types had apparently noted that BlackBerry's secure traffic passed through servers in Britain and the US, and felt that there was at least some chance of interception by the likes of GCHQ and the NSA.
India currently has a little over 100,000 BlackBerry users. The security/intercept issue became public when Tata teleservices was asked to delay its BlackBerry launch date until the Indian Department of Telecoms had intercept methods in place. ®
Quite: the logic was flawed and people didn't realise. A chum 'tested' my line before I had time to stop him. (Welcome to the club, mate.)
The example I gave was in support of @Daniel's scenario, above; from a time when telecomms equipment was rather less sophisticated.
A number of people (for some of whom prophylactic paranoia might have been beneficial if used appropriately) *did* indeed seem to think that a standard line test would show if their line was being tapped. Whether or not the potential results of the 'vogue', as I called it, were used I don't know. Nevertheless it would have been technically simple, at that time, to conduct a 'self-administered trawl', similar to that which @Daniel describes, from which a database of potential suspects could have easily been assembled.
please, please, please rtfm
@ Anonymous Coward
Posted Tuesday 27th May 2008 13:31 GMT
"The BlackBerry security architecture for enterprise customers is purposefully designed to exclude the capability for RIM or any third party to read encrypted information under any circumstances"
So how do they process spam!."
BlackBerry's infrastructure for enterprise customers doesn't filter spam. Your getting confused between enterprise and RIM's other offerings. With enterprise the encryption secures traffic from the handset to the customers server not just to the relay (see: http://na.blackberry.com/eng/ataglance/security/bes_diag_large.jpg). The encryption for prosumer (internet customers) works from handset to relay. Beyond this security is specified by the integrated account (POP, IMAP or OWA).
This doesn't mean the RIM relay can't store enterprise encrypted messages it routes for later cracking although as stated you'd need some serious computing power (NSA style) and if these kind of boys are after you I'd probably be inclined to not send e-mail at all for sensitive communication.
Or for the paranoid what's to say the BES software doesn't automatically send a copy of users keys back to the relay so copies of encrypted messages can be decrypted stored and forwarded to your black helicopter agency of choice.
I refer all interested parties to:
Sounds like a BT test number. People think it can show if they're being tapped? That's more a reflection on what 'recreational substances' can do to your brain :)