Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

BlackBerry Helps Indian Gov't Spy On Users' Messages

timothy posted about a year ago | from the eben-moglen-was-an-optimist dept.

Blackberry 56

hypnosec writes "The longstanding stalemate between the Government of India and BlackBerry (formerly RIM) is over after the government reportedly accepted the solution provided by BlackBerry regarding lawful interception of messages sent using BBM and internet emails sent using BlackBerry Internet Services (BIS). As a result of this, the government will now be able to monitor e-mails in real-time sent using BlackBerry services and messages on BlackBerry Messenger. According to Economic Times, which claims to have reviewed a copy of the internal Department of Telecom document, 'Baring a few minor points for improvement of viewers, the lawful interception system for BlackBerry Services is ready for use.' The initial demands of the government also included the ability to intercept and monitor emails and messages sent using BlackBerry Enterprise Server, but it seems that this demand have been shelved for now."

cancel ×

56 comments

Sorry! There are no comments related to the filter you selected.

Human Rights (5, Insightful)

Valentinial (2980593) | about a year ago | (#44253397)

Probably every constitution in the world should be amended to guarantee people the right to private, secure communication. This is probably more important than the right to bear arms when defending people's rights against rogue governments.

Article 8, European Convention on Human Rights (4, Informative)

auric_dude (610172) | about a year ago | (#44253483)

Re:Article 8, European Convention on Human Rights (1)

Anachragnome (1008495) | about a year ago | (#44254587)

[responding to a post near top of thread to prevent the use of "forum sliding" tactics--refer to article in my signature if you are unaware of the tactic]

While the mainstream US media largely ignores NSA/US spying, other news has to take the place of those stories--something bigger and "better", so to speak.

Let's start with the train wreck in Lac Megantic--not a single story in mainstream media regarding SCADA systems used on most trains these days. Why not?

http://www.getransportation.com/rail/rail-products/locomotives/on-board-systems/train-controlscada.html [getransportation.com]

The owner of the rail company involved spews disinformation to distract from a valid concern--that trains can be remotely operated (including brakes!) by a system easily hacked. Who might have such a motivation?

Let's move on to the Asiana crash at SFO.

The following from the Economist has some interesting information about the controls of airliners. The most relevant information is discussed in the last section of the article.

http://www.economist.com/node/787987 [economist.com]

I shouldn't have to remind everyone that Boeing is inextricably involved with government operations--they build the best military aircraft out there, including drones. In both incidents, the operators of these vehicles were blamed before any reasonable amount of investigation could possibly have been completed. Why is that?

And, just to keep the sheep happy, why the hell is Zimmerman being tried by a jury of only six of his "peers"? Every state-level criminal court I've heard of had thirteen, plus alternates.

Re:Human Rights (0)

Anonymous Coward | about a year ago | (#44253553)

in the us, encryption **IS** a weapon... this is why we have export laws on RSA... :(

Re:Human Rights (2)

interval1066 (668936) | about a year ago | (#44253769)

in the us, encryption **IS** a weapon... this is why we have export laws on RSA...

We did, they were rescinded in 2000 becuase they were stupid. The Fed. was hamstringing our own companies whereas everyone else could export what technology they wanted. Oh, and its a weapon in the US, becuase we have a paranoid Government. Do you eat up everything the Gov. tells you?

Re:Human Rights (1)

Lennie (16154) | about a year ago | (#44280583)

They want to bring it back and I'm fairly certain they are going to try it too.

Who defines "rogue"? (1)

Zontar_Thing_From_Ve (949321) | about a year ago | (#44254169)

Probably every constitution in the world should be amended to guarantee people the right to private, secure communication. This is probably more important than the right to bear arms when defending people's rights against rogue governments.

Who gets to define "rogue governments"? When George W. Bush was president, the lunatic left was insistent that he "stole" the 2000 election for sure, he probably stole the 2004 Ohio election (yet oddly the Republican candidates were unable to steal the state in 2008 and 2012) and thus the general election, he had no respect for individual rights, wasn't going to leave office willingly, and on and on. Fast forward to today and some of the same people who blew off such talk are now saying that Barack Obama wasn't even born in the USA, is not a citizen, and is thus ineligible to be president, has trampled on everybody's rights, is trying to take your guns away from you, and on and on.

Re:Human Rights (1)

vikingpower (768921) | about a year ago | (#44254419)

Amen. If the pen is mightier than the sword, then a stream of bytes should be sharper than a Ronin's sword. BTW & FYI : "rogue" includes "US", "British", "French" e tutti quanti altri, not only "Iranian", "Syrian" and "Kazakh".

Re:Human Rights (1)

jodido (1052890) | about a year ago | (#44254743)

And they'll find a "legal" reason why that right has to be violated under certain circumstances. No law can protect you against what the ruling class wants to do to you.

Re:Human Rights (0)

Anonymous Coward | about a year ago | (#44255425)

Probably every constitution in the world should be amended to guarantee people the right to private, secure communication. This is probably more important than the right to bear arms when defending people's rights against rogue governments.

Most constitutions already have provisions for this, with the proviso that the government can snoop if it has a warrant.

Well.... (0)

Anonymous Coward | about a year ago | (#44253421)

Well, they gotta make SOME revenue ... somehow.

Blackberry and Barnes and Noble - the soap operas of the business press.

And it looks like Microsoft will be joining them.

The cliff hanger - "Who threw a chair at Steve (Balmer)!"

And....

"It was all Steve Job's Dream."

Tune in next week .......

*Ba Da Dum*

When Larry Ellison says, "Look at me! I fly Jets!"

Pile on USA (1)

dickplaus (2461402) | about a year ago | (#44253437)

Damnit, India now too? Now we can't just pile on the USA, Bush, Obama, Rush Limbaugh, Fox News, Eric Holder and the likes.

Re:Pile on USA (2)

nhat11 (1608159) | about a year ago | (#44253485)

Now? It's always been like that and in many parts of the world.

sales sales sales (1)

geoskd (321194) | about a year ago | (#44253445)

Now Blackberry will have abysmal sales numbers in India instead of non-existent. I cant help but wonder how this will affect their sales in the rest of the world. I suppose it cant do a lot of damage though, Its not like they are the hottest selling phones...

Re:sales sales sales (1)

rwise2112 (648849) | about a year ago | (#44254095)

Now Blackberry will have abysmal sales numbers in India instead of non-existent.

Actually, when I was there last year they seemed quite popular.

Related Theoretical Question (0)

Anonymous Coward | about a year ago | (#44253447)

Help me out here, we need to come up with a limited list of excuses for government to do communication tapping and whittle it down to the barest minimum. Supposedly these (X)-taps are justified to pursue criminals, when is that actually true?

Do we actually want to dignify the government spook game of spying, counterspying and such or is there actually no obvious GENERAL PUBLIC BENEFIT to allowing these organizations to exist? I am unconvinced these organizations do much except safeguard the privilege of the overprivileged.

i'm all in (0)

perryizgr8 (1370173) | about a year ago | (#44253559)

i'm all for the government tapping into all of my communications if it translates to zero terrorist attacks forever. otherwise, fuck them.

Re:i'm all in (0)

Anonymous Coward | about a year ago | (#44258765)

And fuck you for trading your freedom for your safety. You are a shame to the brave men who built your country into the great nation it once was.

Re:i'm all in (1)

perryizgr8 (1370173) | about a year ago | (#44259879)

i'm an indian. we have never been a great nation recently.

Re:i'm all in (0)

Anonymous Coward | about a year ago | (#44258923)

... zero terrorist attacks forever ...

How does the government know they'll always beat the terrorists. Assume you subscribe and a terrorist attack occurs: Will the government offer an unsubscribe service?

Not RIM's fault their arm got twisted... (0)

Anonymous Coward | about a year ago | (#44253581)

As a long time /. reader, it was a couple years ago when the Indian government threatened RIM with complete shutdown unless they put in a way that the Indian government could access communications going over BIS, perhaps BES.

RIM just did what they had to, to keep in business. This isn't secret, but ended up forgotten about until now, and in 3-4 months after people forget about the NSA, Snowden, and that, India will still have their backdoors and life will go on.

Re:Not RIM's fault their arm got twisted... (1)

loom_weaver (527816) | about a year ago | (#44253957)

They lost a lot of good will because of that.

I remember at the time I considered RIM to be good for business and good about security and privacy. Then they sold out.

Re:Not RIM's fault their arm got twisted... (0)

Anonymous Coward | about a year ago | (#44254031)

I feel guilty defending RIM here, but they ended up between a rock and a hard place. If they lost the Indian market, shareholders would sue the company to oblivion. So, they gave in.

Of course, for people like me, it just means that there is no reason to choose them over conventional SSL based messaging mechanisms now. Plus, not having to deal with the creaky thing called BES is always a plus. That is one less backend piece I have to worry about licensing, maintaining, updating, and holding back complete upgrades.

For security these days, I just use Exchange/ActiveSync with the SSL keys signed by my own CA (stored on an offline box). That way, unless someone physically grabs by CA machine, the SSL key remains decently secure.

Re:Not RIM's fault their arm got twisted... (2)

Arker (91948) | about a year ago | (#44254531)

True, but it's a mistake to make this too much about RIM. Any for profit company in their situation would be very likely to do the same - or worse. At least they publicised the problem.

But that just points back to a basic fact. If we want secure communications we cannot rely on for-profit companies to provide that, at least not in the current environment. An alternative infrastructure is required - one that doesnt require trusting an organisation which isnt capable of resisting government pressure.

Re:Not RIM's fault their arm got twisted... (1)

JakartaDean (834076) | about a year ago | (#44258835)

They lost a lot of good will because of that.

I remember at the time I considered RIM to be good for business and good about security and privacy. Then they sold out.

Did they? They gave the Indian government access to some types of messages, but not others AND THEY TOLD EVERYONE WHICH ONES ARE STILL SECURE. Anyone caring about security can use BES, and those not caring can use BBM. It's not as convenient, but those for whom security is important still have it. Since it's business users who pay their rent, and it's business users who use BES their core interest is protected, and India can say they have access to terrorist communications, since terrorists presumably don't have Exchange servers.

To me it looks like they won more than they sold out, but yes, overall we're still slipping towards less privacy.

US media fully involved as well... (4, Interesting)

Anachragnome (1008495) | about a year ago | (#44253661)

Take a look at the Guardian (US version);

http://www.guardiannews.com/ [guardiannews.com]

Then take a look at RT News:

http://rt.com/ [rt.com]

Then take a look at CNN:

http://www.cnn.com/ [cnn.com]

Or even the New York Times:

http://www.nytimes.com/ [nytimes.com]

Notice a pattern? Apparently, the Zimmerman trial is all we Americans care about. The media is as complicit as Microsoft, et al. I start with the foreign news outlets, then head to CNN and other mainstream US media for comparison--what is missing from mainstream US media is the real news.

I fully expect "Cold Fjord" to be spewing his disinformation--with earnest--after the latest Prism revelations. If Microsoft is fucked, so is the NSA.

Re:US media fully involved as well... (1)

Anonymous Coward | about a year ago | (#44255171)

Your point being that we (the US) is already just like Communist China:
http://www.nybooks.com/blogs/nyrblog/2013/jul/10/censoring-news-before-happens-china/

Re:US media fully involved as well... (1)

TheGratefulNet (143330) | about a year ago | (#44258009)

mainstream US 'news' is pure entertainment and a grab for ratings.

it stopped being about news something like 10 or 15 years ago.

I gave up on US 'news'. I don't spend even a minute watching tv news or reading US newspapers (online or otherwise).

sad to see the news industry give up, but they have. they have given up trying and now just want to top each other on ratings.

Re:US media fully involved as well... (0)

Anonymous Coward | about a year ago | (#44258949)

... "Cold Fjord" to be spewing ...

OK, you've revealed 'Cold Fjord' and his 'government is always right' mantra is available to the highest bidder. It's kept him quiet for a week. All we hear now are your conspiracy theories.

Re:US media fully involved as well... (1)

cold fjord (826450) | about a year ago | (#44259211)

I fully expect "Cold Fjord" to be spewing his disinformation--with earnest--after the latest Prism revelations. If Microsoft is fucked, so is the NSA.

What a pity. I was hoping that you had put aside the crackpot theories involving me and other people that have different views from you. Since you continue down this path, it looks like I'll need to see what other nonsense you've posted. You kind of have a Senator Joseph McCarthy vibe going: "I hold in my hand a list of NSA plants on Slashdot!" I think it is time to ask the question raised by Army counsel Joseph Welch [slashdot.org] to Senator Joseph McCarthy:

            " Have you no sense of decency, sir? At long last, have you left no sense of decency?

Somehow I doubt it. There probably isn't room in the crankcase.

In this post I have previous replied to the crackpot conspiracy theories that Anachragnome has [slashdot.org] regarding me and other people on Slashdot being NSA plants because we have a viewpoint he disagrees with.

He also apparently believes the Slashdot staff to be NSA puppets [slashdot.org] as well.

You should brace yourself - if you disagree with him, he may start accusing you of being an NSA plant as well, calling you a "shill" and "forum breaker." He tries to manipulate people with fear. Read the posts I linked above.

If this continues I may need do some follow up posts.

Notice a pattern? Apparently, the Zimmerman trial is all we Americans care about. The media is as complicit as Microsoft, et al. I start with the foreign news outlets, then head to CNN and other mainstream US media for comparison--what is missing from mainstream US media is the real news.

As I check those four media outlets an 8:38 AM GMT, on July7, 2013, they all have Snowden / NSA related stories on the front page, as well as various other stories.

I assume you expect that people won't check your links?

Sensationalize much? (4, Informative)

ArhcAngel (247594) | about a year ago | (#44253681)

India currently does this on all mobile carriers. RIM/BlackBerry is a mobile carrier as well as a device manufacturer. RIM was the only carrier that resisted (that I am aware of) the monitoring of their network (BlackBerry Internet Services or BIS). The Indian government threatened to suspend their network altogether if they didn't capitulate. RIM agreed to discuss the matter further and have been in negotiations for the last 2 years. Since BB 10 doesn't even use BIS I suspect BlackBerry is just giving India what is is asking for. This does not in any way effect enterprise deployments using a BlackBerry Enterprise Server (BES) as the encryption keys are generated at the server and kept only by the enterprise.

Nothing to see here...move along.

Re:Sensationalize much? (2)

sl4shd0rk (755837) | about a year ago | (#44253843)

Nothing to see here...move along.

On the contrary. No matter how hard RIM tried to "do good" in the end they "did bad" and as far as I'm concerned if they did it for India, they'll do it for anyone other high bidder for that matter. Just shows they are as douchey a corporation as Verizon, AT&T and anyone else engaged in all of this Orwellian crap finally coming to light.

Re:Sensationalize much? (0)

Anonymous Coward | about a year ago | (#44254349)

So, by not actually allowing monitoring of the BES communications, they "did bad"?

All other devices in India are currently monitored, non-BES based communications on BlackBerry devices have been the least monitored for the longest period of time.

So, by your logic, they should have caved immediately, since if they didn't appear in the news, they did nothing wrong?

Re:Sensationalize much? (2)

LordLimecat (1103839) | about a year ago | (#44254545)

You missed the more important second part, where it doesnt matter because this affects BIS (the ghetto sort-of-blackberry experience), not BES (the main reason to get a blackberry).

If youre using BES, unlike 99% of other email providers, there is NO WAY to intercept the email in-transit-- not breaking SSL, not forging an SSL cert, not subpoenaing the wireless provider. BES uses symmetric per-device keys, and if you do not have the key for a particular blackberry, you are stuck bruteforcing AES encryption.

Blackberry remains the most secure mobile messaging system out there, even if noone apparently cares about such things anymore and even if they suck at making fancy widget apps.

Re:Sensationalize much? (1)

ImprovOmega (744717) | about a year ago | (#44254691)

Not anymore. Now BB10 uses ActiveSync with standard SSL-based encryption for its emails.

Re:Sensationalize much? (0)

Anonymous Coward | about a year ago | (#44255099)

Not anymore. Now BB10 uses ActiveSync with standard SSL-based encryption for its emails.

Yeah, but it still out of the box supports S/MIME.

Re:Sensationalize much? (1)

ArhcAngel (247594) | about a year ago | (#44257807)

BB 10 still has BES support but BB 10 has ended BIS support as the original need for it in developed countries (high mobile data costs and SLOW speeds) has mostly ceased to exist. BB has not ended support for BB OS 7 nor BIS since they still have a huge market for it in developing countries. They are releasing a new device [crackberry.com] in a few months that looks like a ruggedized BOLD.

Re:Sensationalize much? (0)

Anonymous Coward | about a year ago | (#44257827)

Although that SSL connection to an ActiveSync on your Enterprise network is encrypted with a per-device key pair also, so if you have your BES 10 configured to do it, you're running SSL within an AES encrypted VPN. Even more secure than the original BES-BlackBerry connection.

Re:Sensationalize much? (0)

Anonymous Coward | about a year ago | (#44254109)

India currently does this on all mobile carriers. RIM/BlackBerry is a mobile carrier as well as a device manufacturer.

False.

RIM is not a mobile carrier. RIM provides services to mobile devices, much the same way that google provides email services to android users. Google isn't a mobile carrier.

Re:Sensationalize much? (0)

Anonymous Coward | about a year ago | (#44255603)

It makes sense that BB can't provide interception to messages they don't hold the encryption keys for.
Save, of course, the back doors they probably built in for the NSA.

Re:Sensationalize much? (1)

gl4ss (559668) | about a year ago | (#44255703)

rim is a mobile carrier as much ms and samsung are.. that is: they are not. they are however selling something of an email messaging service in india. so I would suspect it doesn't matter what service you use there, if it has local presence it is tapped.

Re:Sensationalize much? (1)

ArhcAngel (247594) | about a year ago | (#44257705)

BIS [crackberry.com] is an ISP for BlackBerry phones up to BB OS 7. Unlike iOS or Android BB OS 7 accesses the internet through BlackBerry NOT the carrier the phone is on. Since BlackBerry knows the device it is serving a web page to it also knows what content the phone can handle. As such when you request a web page on a BB the BIS only sends data the phone can process and it compresses the data as well. A web page that clocks in at 500K may only take 5K to transmit to a BB. So it's a little bit more than an email messaging service.

Re:Sensationalize much? (1)

Just Some Guy (3352) | about a year ago | (#44256511)

This does not in any way effect enterprise deployments using a BlackBerry Enterprise Server (BES) as the encryption keys are generated at the server and kept only by the enterprise.

Well, one set is. Have you read the source to see whether there's a second keypair?

What a News scoop! (4, Insightful)

sdinfoserv (1793266) | about a year ago | (#44253767)

This is like 4 years old. Blackberry within minutes of India shutting down RIM, and they capitulated to the Indian ministry of Information. One of the requirments was Indian Governement back door to all messaging... At the time we thought... Oh, look at the evil Indian overlord Govt... all the while our Govt sh#t bags were doing the same to us...

Death Knell for BBM on Adroid & iOS ? (0)

outlaw (59202) | about a year ago | (#44253859)

If not, it should at least limit the number of users to those who *must* communicate to a Blackberry device.

Otherwise, 'tis just another small player in the plethora of contenders for IM tools

Re:Death Knell for BBM on Adroid & iOS ? (1)

TheSkepticalOptimist (898384) | about a year ago | (#44254713)

No, because iMessage or Google services are already easily tappable in those countries. No other IM is, or was, as secure as BBM which is the only reason why BlackBerry fell into the bad graces of countries like India and forced them to open up their protocol.

Re:Death Knell for BBM on Adroid & iOS ? (1)

outlaw (59202) | about a year ago | (#44255523)

I'll grant iMessage, and the current Google Hangouts -- neither have an option for 'otr' type functionality (yet, in the latter case).

gtalk did have 'otr' (not sure if it was as secure as BBM), and I routinely ran 'otr' plugins on XMPP (including gtalk), and even SameTime

the otr plugins likely matches BBM - with symmetric encryption

The problem with setting up a secure IM is the setup effort can reduce the number of folks using it. otr was actually pretty simple, but things like pgp require users to setup and distribute keys... Something a lot of non-tech people just wont do

Yet again, old news - this was on /. a while ago (0)

Anonymous Coward | about a year ago | (#44254203)

BB was forced to let Indian gov to have access - totally public knowledge for at least over a year or two now. I see this as positive news for BlackBerry - it some what implies the platform is secure for instant messaging and emails (to some degree).

Just stop. (4, Insightful)

thePowerOfGrayskull (905905) | about a year ago | (#44254317)

What a predictable clickbait title. I come by here every few weeks (less and less often, honestly - too much crap is just filtering through from populate media conglomerates) and am always able to find something on the front page that reminds me why I've taken to staying away.

But for old time's sake, I'll bite.

- RIM gave access to BIS communications when lawfully requested. This isn't new - they do it for every major government that submits legal requests. The fact that they'd do it for India was resolved months ago, in mid-2012 I think.
- RIM still has not and cannot give access to BES communications. THAT is what the battle with India is about - INdia said "you will give us ALL communications". RIM said "SOrry, we literally just can't do that.". India said "Do it or GTFO". RIM said "Sorry, we really just... can't". India realized this was true, and a big deal was made about the fact that theyr eceived BIS access (like any other government, for any service - not just RIM).
- It was face-saving, because they could not get what they actually insisted on getting - BES. Because the claim was that *BES* was used to planning subversive activities, not consumer BBM and email.
- they've given India no more than another other government. And they give the US government considerably less than any other government.

On that topic: you'll also notice that BlackBerry is NOT on the list of companies assisting NSA with Prism efforts. They do comply with lawful requests for specific data (as long as it's not BES, which they have no access to). But they do NOT hand over data in bulk, unlike all of their competition.

Re:Just stop. (1)

LordLimecat (1103839) | about a year ago | (#44254473)

But they do NOT hand over data in bulk

Because as you said they CANT. Historically if you got a blackberry, you were using BES, and if youre using BES NOONE can spy on your communication without either your device key or a magical AES crack.

Old news + old FUD (1)

LordLimecat (1103839) | about a year ago | (#44254459)

The initial demands of the government also included the ability to intercept and monitor emails and messages sent using BlackBerry Enterprise Server, but it seems that this demand have been shelved for now."

...Because for the 8 millionth time, that is not possible since RIM does not possess the encryption keys for any BES setup.

Also, this story is only what, 5 years old?

Morale of the story... (1)

InvalidError (771317) | about a year ago | (#44254553)

All the first-party IM/mail services are tapped or highly likely to get tapped by governments so if you want some reasonable shot at privacy, you have to use one of the lesser-known privacy-oriented 3rd-party apps and networks. Preferably a decentralized open-source application and network so governments cannot shut it down nor insert backdoors without a high probability of getting caught.

Come on people smarten up! (1)

TheSkepticalOptimist (898384) | about a year ago | (#44254681)

"OMG BlackBerry voids human rights! I'm glad I use my beloved non-BlackBerry phone", an idiot might say.

Look, BlackBerry was the only company that offered a messaging service that was so secure that most governments could not hack it, and so threatened to not allow BlackBerries to be sold in their country. I mean POTUS prefered a BlackBerry over any other phone for this very reason.

Note, that this means that your beloved iPhone, Windows Phone, or Android, has messaging services that ALREADY allow governments to tap and hack into easily. It's why you have not heard about similar stories from these companies, the just did not bother implementing that level of security in their products to piss of government agencies.

BlackBerry had to concede if they wanted to sell their products in countries like Saudi Arabia or India. Which, BTW, are some of BlackBerries largest markets, more so than for Apple or Google even. Any of you ever run a company that pisses off your largest customer bases, let me know how that well that works out for you when you spout idealistic moral indignation rather than apply rational common sense.

So before you start pounding on BlackBerry for giving up on human rights, realize that we ALL live in countries that can tap into our phones and message and that any company preventing this will not be allowed to do business for very long in that country. The only difference between the USA or Canada and a place like India is that a little more due diligence is required by the law before they can gain access to write tap a person.

As Blackberry stated recently (1)

houbou (1097327) | about a year ago | (#44255887)

We will find ways to make money...

RIMM suicide (1)

ElitistWhiner (79961) | about a year ago | (#44256609)

RIM supplies the final nail to the coffin in the platform otherwise known as Blackberry.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?