Forgot your password?

RIM Oddly Avoids India BlackBerry Ban By Cooperating?

community_left_outThis latest update has my head spinning in circles. According to the WSJ it seems that RIM has managed to avoid the August 31st BlackBerry ban in India. They received a 2 month stay after RIM “said it would give security agencies greater access to corporate email and instant messaging.”

The Indian Ministry of Home Affairs said in an official statement that they would come back to the subject in 60 days after the “Department of Telecommunications studies the feasibility of routing BlackBerry services through a server in India.”

This makes me wonder what exactly RIM offered India? The big sticking point in their negotiations was that RIM wouldn’t and supposedly couldn’t offer the Indian government a way to decrypt and read corporate BES emails. Does this mean that RIM has a way to decrypt such emails contrary to their official stance? I don’t think so. The only other answer I can think of is that they finally explained to the Indian government that this is how the internet works

What do you think?

20 total comments on this postSubmit your comment!
  1. don’t do it rim. as soon as you find a way to grant access to one gov’t, it won’t be long before others follow suite.

  2. By considering the large user base of BB users in India, I am sure RIM would have agreed to share something at least or setup servers in India.

  3. I guess the person who wrote this article wants to imply that India doesn’t know much about technology and are people of a third world country. I don’t think this article’s ending made any sense, more so was offending. I need not clarify, people know the facts of what India is and what’s the importance of this country to the World. I hope the Author writes more responsibly in the future.

    • Hi Juned,
      I am not assuming that “India doesn’t know much about technology” but their requests clearly show that they have a lack of understanding about how security works.
      Here is a perfect example. How would you feel if RIM, a Canadian company, could read any email sent by the Indian government on their BlackBerrys? I think they would feel the same way the US government would if RIM could read their ENCRYPTED communication.
      You can’t have your cake and eat it too. If you want security you cannot request that a company completely bypass the confidentiality of their customers to make one country happy. That would be suicide…

  4. Don’t these countries have better things to do? Does India scan every piece of snail mail for security? Do they scan every fax? Do they record every conversation people have on the street?

  5. Hi Ronen, thanks for writing. I personally do not know how does the encryption work, but I know for sure that the Government of India is talking from the legitimate terror threat point of view. The Country is under constant terror threat and the Government is constantly working to fight back to save the sovereignity of the Country. Blackberry services are not open in the highly sensitive region of Jammu & Kashmir just because the Government isn’t able to trace the messages in Blackberry encryption. SMS services in that region are tracked on individual basis. The Country has been attacked in non-Kashmir regions on numerous occasions, so we, the people of India who want peace and harmony support the Government stand and at the same time do not want commercial services (of Blackberry) to be blocked. I hope you appreciate the demands put forward by the Indian authorities. I personally think that the government doesn’t have any sadistic pleasure in checking each and every content of Blackberry users (business secrets n privacy included) other than the terror threat.

    Thank you for understanding :)

    • Trust me Juned I totally understand. We have a similar threat in the US that has us constantly on watch for terrorists but it is just not possible to read EVERY communication on the internet since quite a bit of it is encrypted.

      For example, anybody with a little bit of knowledge can setup GnuPG and encrypt email to a level that practically no computer in the world can decrypt it without the correct key. Same thing with encrypting hard drives and files with TrueCrypt. The nature of encryption is that it has no backdoor.

      On top of that quite a few solutions exist that encrypt phone calls that cannot be decrypted without the key. Governments control this by not allowing the export or import of encryption into their countries but very few technologies exist that would let governments snoop on this communication. Don’t get me wrong RIM could install a piece of spyware on BES that would send any email going to India to the Indian government but they would lose every customer they have by doing it. Think about it. If you worked for Microsoft and you travel to India would Microsoft be fine with Indian officials reading all of your internal private company emails?

      In other words India has a choice to make. Realize that encryption is hard to break but necessary or just try to block anything encrypted. The second solution might work but there are ways to bypass that which are very hard to detect.

      • That’s the whole thing that makes this so stupid and the point of all of this… They are not trying to block/bypass encryption period. They are only trying to block/bypass RIM’s encryption, which is pointless…

        You gain NO SECURITY BENEFIT by allowing everyone to move to another encryption method that you aren’t complaining about since all you did was hound one company on their encryption solution.

        If you can’t stand encryption you have one option, turn off internet data period… As long as data goes through, you can encrypt it. Otherwise the government is just proving their ignorance (this had nothing to do with the people, this is a couple of idiots in the government and security advisors).

        • It was mentioned in one of the earlier posts that RIM is being singled out, yet Microsoft’s Exchange Activesync protocol (assuming you are using SSL) is encrypted and I don’t hear any cries from India about that. I understand there is a large BB userbase in India, but if they find a way to give in to their absurd demands, RIM will lose more money elsewhere than if they were to tell India tough luck.

  6. Ronen, I respect and understand your point of view. The loopholes to misusing technology are so many and so foolproof that it seems practically impossible keep a check on every bit being passed on using phones, internet and many other ways. Something is better than nothing, since the word was out that Indian Authorities do not have any data access to Blackberry, least – trace it. I hope our world becomes a peaceful heaven, free of fear. I wish I can contribute in anyway to help anyone with whatever means possible for me. Thanks for writing, so kind of you, appreciate it.

  7. For one, I guess everybody including media is speculating of what India is asking and what RIM is responding.

    All the Indian carriers use the EU BIS infrastructure (Service Books and Carrier BIS login page make this pretty clear) and I am sure this makes lawful intercept difficult for India – since the servers are out of India reach

    For India to even initiate a LI, the server first should be within India and I think that is fair and its probably the case with all other major countries (US, China, Russia etc)

    And then its left to the nations supercomputers to decrypt BES mails I believe :)

  8. Hi Venu,
    We are not really speculating since RIM and India have been very public about this issue. The thing is that it doesn’t really make a difference if RIM has a server in India or not. All bis traffic is unencrypted anyways when it is transfering over the Indian ISPs and wireless carriers so the Indian government could intercept it if they wanted to. Putting a server there is only useful for performance of the RIM infrastructure and provides the indian government no extra access to information they could not get before.

    So you have to ask what is the point of the Indian request or is RIM just appeasing the indian governments lack of understanding on how the internet works by making it a little easier to intercept BlackBerry emails?

  9. Let me try to understand a little more here – All the service books have as the gateway which probably is the server in Canada.

    BIS or BES mail should finally go and sit on this server before being delivered to the destination.

    Are you suggesting that RIM can give access to this server to any country?
    Aren’t there international boundaries to be crossed here..

    I have a fair idea of how LI works on a PSTN/VOIP – there are boundaries for sure
    When it comes to data not sure what the rules are !

    Between the Blackberry device and the gateway what other intermediate nodes does the data go through? (SGSN/GGSN?)

    If you have a pointer to a technical article on this topic, please do share the same.

    • Hi Venu,
      The way it works is that if the traffic is passing over your network unencrypted you can read it in transit or capture it. Traffic going from your BlackBerry in India to RIM’s BIS servers in Canada is UNENCRYPTED. That means the Indian government can put a tap on the traffic going from your device and see ALL the communication between you and the BIS servers in Canada. The Indian government does not need access to RIM’s servers since they seem to be totally fine with what is called “watching the wire.”

      Just think of it like a phone tap. If you make a call from India to New York. The Indian government does not need access to the phone network in New York to listen in to the conversation. They could just listen to the call once it gets to the Indian carrier.

      Make sense? In short putting a server in India is really sort of a joke. It just makes it slightly easier for the Indian government to do what they could have done without the server. So it makes you wonder who is advising these “Security Experts”?

  10. Ronen,
    Call going through can be intercepted only because one of the legs is anchored locally in India.
    I don’t think the analogy is same for data; I know the GPRS data goes through the carrier APN, still trying to figure out the technicalities of the Blackberry data flow

    Also its not feasible to put a tap on all the traffic going from the handset
    If it flows through some intermediate server within the local ISP, I can agree to what you are saying

    That said almost all data originating from any phone will go thorough this intermediate node, but I am sure its not that straightforward to segregate “blackberry” traffic vs non BB traffic

    BIS/BES Server is where ideally the lawful intercept hook should be and I am fairly certain that its a hurdle when the server is not in local control

    Meanwhile other than the security concerns, there are all sorts of theories floating around including Nokia paying off Govt of India :)

    Thanks for your input.

    • Segregation is a non-issue… It is up to the person wanting to do the tap to filter what they are looking for… I don’t call Microsoft and demand that they differentiate all windows traffic from linux/mac/etc. If the person wanting to tap traffic is incapable of filtering traffic through their own ISPs, then they should not be trying to tap it at all.

      You can’t expect some other company like RIM to filter what you might potentially want to tap for you…

    • Also, if ALL India based companies are OK with there being backdoor access to their encrypted, confidential data (which they won’t be), then anybody has potential to infiltrate this data, not just the government.

      So even if this is implemented, every company will cease to use BES regardless.

      • Don’t believe everything you read in the news articles :)
        RIM has said that it does not have access to the private key and BES mails cannot be decrypted – if India is asking RIM to do this, its a joke for sure

        What I read was this “RIM’s response came after the Govt made it clear that Blackberry has to shut down its operations if it failed to provide access to monitoring of its messenger services.”

  11. It goes from the BlackBerry to the carriers network backhaul. They can monitor it right there…

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2016’ BerryReview LLC