[Reader-list] BB, cracked and buried. What else will follow?
s|s
supreet.sethi at gmail.com
Thu Jul 17 15:26:27 IST 2008
April 2008:
Express India:
DoT said it was responsibility of domestic mobile service providers like
Bharti, Vodafone and others to ensure that security system was in place before
offering Blackberry e-mail and mobile messenger services.
May 2008:
The Examiner.com:
In a fresh twist to the ongoing dispute between Research In Motion (RIM) and
the government of India, RIM said that it is unable to provide access to the
Indian government as it does not possess the key to the encrypted
data. According
to RIM, security design for enterprise customers is so designed that it is not
possible for RIM or any third party to access encrypted information.
The security
design is modeled on a symmetric key system enabling the customers to
create their
own keys, which are not available to a third party.
June 2008:
Economic Times:
In a complete about turn from its earlier stance, the department of
telecom (DoT)
on Wednesday said that there was no threat from Blackberry services
and the government
had no objection if an operator wanted to offer these services.
The story started with possible use of blackberries by terrorist
outfits. Followed by DoT becoming the blocker in the way of Tata
Teleservices launching their blackberry service. DoT asked RIM for
'master' keys which will allow security agencies to read through
messages and mails send by 4,00,000 blackberry services users. RIM
puts empty hands on the table, there are no 'master keys' to this
grand vault. Finally DoT announced, it does not see RIM blackberry as
a threat to security. This episode being the first instance of visible
intervention by government towards 'Cyber' surveillance. Implications
are many fold.
Another facet of the ongoing security versus privacy debate is "who
can and who cannot" keep their data private.
For the uninitiated RIM (Research in Motion) is a company which
launched a protocol and a device called Blackberry few years back.
Blackberry as a device with help of protocol, can provide end-to-end
secure email and messaging services apart from normal cellular
functions.
Blackberry provides security by encrypting the data. It is relatively
new for devices like mobile phones to do this. This aspect of
Blackberry coupled with its looks helped it find ready acceptance in
corporate board rooms and slowly gain visibility in Small office and
Home office segment. Encryption converts meaningful text to gibberish
which can only be decrypted by use of a key. The novel idea in
blackberry is generation and usage of key by the device instead of
being embedded by device manufacturer. The key used in case of
blackberry is 256-bit.
This key is used to transmit encrypted data over cellular lines in
India to a server or group of servers run by RIM in Canada providing
secure emails to its users. So as a representative of soverign of the
land when DoT asked for the keys which are unique per device, it is
exercising its right to intercept data passing from India into foreign
land. RIM apparantly provides two kind of services. BIS to individuals
and BES to enterprise users. RIM during negotiation announced that
they 'may' give access to survillence agencies to snoop mails sent
using BIS. Placing corporate users above law.
Encryption or transfer to foreign lands is nothing new. Most portals
which provide E-commerce are doing one or both. Is DoT going to go
after them as well? Also DoTs assertion at using 40-bit encryption
instead of 256 is interesting considering 10 years back, it would take
4 hours for a bunch of machines to break 40-bit keys. While we are at,
we should also file away our locks, so that thieves have easier time
getting into our houses.
--
~preet~
http://jpgmag.com/people/djinn
More information about the reader-list
mailing list