Feeds

BlackBerry bug bugs India

Corporate communications spared, for now

Designing a Defense for Mobile Applications

RIM has put lawful intercept mechanisms in place for the Indian government.

Anyone running their own BES remains secure - at least until the authorities confiscate it.

The solution comes ahead of the end-of-month deadline imposed by India and backed with a threatened block on BlackBerry communications. However, various Indian politicians have demanded (and on occasion claimed to have got) access to all BlackBerry communications - something RIM won't, and can't, provide.

BlackBerry handsets communicate with their BlackBerry Enterprise Server (BES) over a channel secure using decent encryption and key distribution, making interception all but impossible. If the BES is run by RIM then it can be located in India, so stored emails and other communication can be read by the security forces, with suitable authorisation.

But if the BES is in a corporate office then the only way to read those messages is to grab the server, which is very hard if that server is located abroad. RIM's solution, as described by Reuters, is to effectively position its BES in India, but that might not be enough for the Indian government.

Most countries allow the police and security forces lawful access to the communications of private citizens, with varying levels of judicial oversight, and most people accept it as a reasonable requirement in the fight against organised crime of all kinds.

Secure communications beyond the reach of all but the best-funded government agency is perfectly possible; but few criminals are sufficiently paranoid, or technically literate, to use them. The problem comes when someone like RIM offers a similar level of security in an easy-to-use package.

Hosted email services, like GMail or Hotmail, can get round the problem by providing secure communications with a server located in the same country - and thus exposed to the lawful-intercept rules of that country. Peer-to-peer services such as Skype will have a harder time providing access.

It's those services that the Indians will be targeting next, assuming they don't decide to screw RIM to the ground by demanding access to corporate BES installations. RIM will certainly be hoping the politicians are going to move on and put it out of the firing line for a while. ®

HP ProLiant Gen8: Integrated lifecycle automation

More from The Register

next story
Scotland's BIG question: Will independence cost me my broadband?
They can take our lives, but they'll never take our SPECTRUM
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Bring back error correction, say Danish 'net boffins
We don't need no steenkin' TCP/IP retransmission and the congestion it causes
NBN Co adds apartments to FTTP rollout
Commercial trial locations to go live in September
Samsung Z Tizen OS mobe is post-phoned – this time for good?
Russian launch for Sammy's non-droid knocked back
Telstra to KILL 2G network by end of 2016
GSM now stands for Grave-Seeking-Mobile network
Seeking LTE expert to insert small cells into BT customers' places
Is this the first step to a FON-a-like 4G network?
What FTC lawsuit? T-Mobile US touts 10GB, $100 family-of-4 plan
Folks 'could use that money for more important things' says CEO Legere
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.