[Reader-list] Why is India Wasting its Time Chasing Blackberry

[shuddha at sarai.net]

Dear All, 

An interesting article by Prasanto K. Roy in rediff.com on the recent standoff
between Blackberry (Research in Motion) and the Government of India. Has
implications for the way the privacy, surveillance, censorship constellation
will play out in India in the future. Hope this is of interest, and concern, to
people on the list

best, 

Shuddha
-----------------------

Why is India wasting its time chasing BlackBerry?
http://business.rediff.com/slide-show/2010/aug/09/slide-show-1-tech-why-india-is-wasting-its-time-chasing-blackberry.htm#contentTop

Prasanto K Roy 

You're a Delhi-based wannabe terrorist needing to communicate with your
handlers. What do you do? Invisible-ink notes are passe, as are carrier
pigeons. You will, of course, use electronic options.

Like email. Walk into a cybercafe, log into a Gmail or Yahoo account. Don't use
an account in your own name. And don't send email.

Simply read instructions left for you in an unsent mail, saved as a draft in
your account. And then, to reply, just edit the unsent email, and save it back
as a draft. If email isn't traveling, it can't be intercepted.

Or, like SMS. Get a prepaid SIM card with fake ID, use it for a month, then
dump it. Or make good old phone calls using the SIM card, and dump it. There
are other options. And they have a common thread: anonymity. You do not use
your own identity, and you use a mode that is virtually untraceable. And that
is why a terrorist would choose not to use a BlackBerry that can be linked to
his identity. Nor is a postpaid BlackBerry connection as disposable as a
prepaid SIM card. Sure, you can get postpaid mobile connections too on fake
IDs, but because there is billing involved, valid addresses are required.

That's not the only reason the terrorist would be wary of using a BlackBerry.
First, he's not really sure how secure the mail is, once an agency is onto him.
The mail is routed through servers in North America, and the US NationalSecurity
Agency reportedly has the technology to crack encrypted mail in a few hours --
with or without help from RIM.

Even more worrying for the terrorist: not all of the mail is encrypted. The
headers, including the 'to'and 'from' email addresses, are plain text. Else the
Internet would not be able to accept the email for delivery. And finally, the
mail does not stay encrypted all the way. When it gets delivered to an external
email system such as Gmail or corporate mail, it gets decrypted -- else the
recipient wouldn't be able to read it. The exception is when you're not using a
Gmail or a company mail ID, but are sending pure BlackBerry mail. That's not
merely one sent between two RIM devices, but where both 'from' and 'to' are
BlackBerry IDs. That's rare, but here's how it works. Your RIM device would
usually be associated with your official address, say ram.rao at maruti.com. But
you'd also have a BlackBerry email address, like ramrao at airtel.blackberry.com,
which you'd use to originate a BlackBerry-only mail. Even then, RIM would
record who the mail was sent by, who was it sent to, and when.

So there are records with BlackBerry email, and they're like mobile-phone call
records (which store who called whom, when, and for how long, for billing). RIM
records who sent mail, when, and to whom. The content, however, is strongly
encrypted.

But our terrorist isn't using a BlackBerry. He's using Gmail, and he's not even
sending the mail: he's just using draft mode to read and reply. So our
surveillance agencies don't stand a chance of 'intercepting' that mail. Even if
they're on to him, they don't know what ID he's using. And then they don't have
the Gmail login ID. If they get that, then getting Google or Yahoo to give them
access will take months, with all the protocol, Interpol, and the rest. . . by
which time that account would have been closed, and the deed done.

And that is why India is wasting its time chasing BlackBerry. It should first
figure out what to do with the mail systems terrorists use, with foreign mail
servers. Should it demand that all such servers be based in India? Google and
Yahoo won't agree. So that would cut us off from the best of Internet mail
systems.

In fact, why not go further down that path, like China . . . and cut off the
Internet? Route everything through a tightly-controlled gateway and firewall,
and ensure that all servers are within China. And jail or shoot all dissidents,
for a good measure.
There are bigger dangers down the road that Saudi Arabia and India are
treading. One, government officials are major users of BlackBerry mail. Do they
really want to push RIM into a corner where it starts offering decryption to any
government which asks?

What then stops it from offering to decrypt Indian emails for China or
Pakistan, if enough pressure is brought to bear on it? To no one's surprise,
countries most proficient at cracking down on dissents and censoring local
media have been the most active in squeezing RIM. Like China, Saudi Arabia
polices the Internet, blocking access to sites with political and adult
content.

India, unfortunately, seems to be trying to join this not-so-elite club.