Desperate RIM Gives In And Lets Indian Gov't Spy On Blackberry Communications

from the impossible-doesn't-mean-what-it-used-to dept

Back in 2008, we wrote about how the Indian government was demanding that RIM let it snoop on encrypted messages from Blackberry users. RIM’s response was that it was simply impossible to snoop on its enterprise customers’ messages, since they set their own encryption keys. A few months later, the government claimed to have cracked RIM’s encryption, though the whole claim was sketchy. In 2010, the government again demanded the right to spy on Blackberry users (raising more questions about that encryption cracking claim). RIM apparently offered up a “solution” that the Indian government rejected, because it didn’t let them snoop enough (basically it allowed snooping on consumers, but not corporate accounts).

Now, however, there are reports that RIM has come up with a “solution” to let the Indian government spy on enterprise users as well:

RIM recently demonstrated a solution developed by a firm called Verint that can intercept messages and emails exchanged between BlackBerry handsets, and make these encrypted communications available in a readable format to Indian security agencies, according to an exchange of communications between the Canadian company and the Indian government.

If you’re a RIM Blackberry customer, and you bought into it because of the security features, now would be the point where you get pretty pissed off and start seeking alternatives. The report from the Economic Times suggests RIM did this because of the “importance” of the Indian market. RIM is clearly in trouble. Its failure to keep up on the innovation front means that the company is clearly struggling. But kowtowing to a government by allowing it to spy on users is hardly the sort of thing that’s likely to get you more customers. It seems like it should do exactly the opposite.

Filed Under: , , ,
Companies: rim

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Desperate RIM Gives In And Lets Indian Gov't Spy On Blackberry Communications”

Subscribe: RSS Leave a comment

The way things are going now the only way to make sure the government can’t spy on you is to ditch all cell phone equivalents, and other electronics you carry around with you, and make sure your computer has no Internet connection. Oh, and ditch your credit cards and bank accounts to.

That’s why RIM gave in, what safe alternate to protect you from government spying is there? Even Skype doesn’t seem to be safe anymore.



Quite a bit. First of all, cell phones should require a warrant for a specific person or connection before you can ‘monitor’.

Same thing for internet connections.

Same thing for credit cards and bank account (in this case, that is actually how it goes).

Bottom line is that ‘criminals’ should not drive exceptions to our system of protections.


Interesting technical implications

I’m rather interested in the technical implications here, as this implies a major underlying flaw in the encryption RIM is using. It shouldn’t be a trivial thing to break the level of encryption RIM uses without the keys. If I were still administrator for any BESs I’d be in the process of implementing the optional PGP encryption (assuming it wasn’t on already) and setting the Blackberry Router on my devices to bypass SRP and connect directly to my BES, those steps should give users some protection, assuming of course that the actual attack resembles what is being described in news reports.


Re: Re: Interesting technical implications

Unlikely, an unencrypted feed would be trivial to detect and even a second encrypted feed should show up in deep packet analysis, though you wouldn’t be able to read it, you’d definitely know it was there. Given the design of the Blackberry network, this sounds like some sort of man in the middle attack, probably being run against the encrypted AES packets as they pass through the Blackberry network after SRP authentication before they’re passed back to the corporate BES. That would be the point that the packets would be most vulnerable to attack, but you’d still need to break the AES encryption, which must have a flaw that allows it to be broken that easily, what’s surprising is that such a flaw hasn’t been more widely reported.



in russia, they have already worked around this issue. The cellular provider owns the BES, and you provide them with an account that has access to your blackberry users’ mailboxes. Its super effective and your level of privacy is transparent. This isnt required for activesync connections, which makes me believe that activesync is already cracked.

gama rayssays:

You guys must realize that spying is for the national security. While I agree this can be abused, I also realize it is used generally for the country’s own good majority of the time.

Why do people feel the need to communicate with utter secrecy? If you feel the need to talk with that kind of privacy, better talk with them face to face or use encrypted mail.(unless you are doing anything illegal of course) Again i agree again that this can be abused just like any other technology(like 1%-10% of the time)[my numbers;not to be taken as fact]. The government must make sure it has the ability to intercept emails from possible terrorists that may get hold of this technology.

Just imagine terrorists using this technology to co-ordinate their attacks. It will become an utter nightmare. And imagine how will this becomes if government does not have the ability to stop them.

tl;dr privacy is compromised slightly for the greater good.



I think you got your numbers backwards.

Real threats rarely happen, so most of the time this will be used to spy on others for other reasons.

Iran contras was not a fantasy and it highlights why spying in secrecy without any kind of oversight is bad.

Maybe you are to young to remember what that was, but some still remember it and know exactly why spying on our own people was forbidden.

gama rayssays:

Re: Re:

Iam not denying any of your points. At least we both agree real threats DO occur.

Terrorists are not dumb; they are not going to just strap a bomb and kill themselves all the time. They are constantly evolving and they try to use any means possible to make their job easy.

The reality is that if we want to feel safe anywhere we go, we need to tolerate the spying. Bad guys kills other people. It may be today, tomorrow or even after 10 years. Spying is only one of the tools many tools we have at our disposal to beat them. Because I am more than happy to compromise my privacy if that means it helps save a few people’s lives or mine for that matter.

John Fendersonsays:

Re: Re: Re:

Because I am more than happy to compromise my privacy if that means it helps save a few people’s lives or mine for that matter.

And I am not.

Here’s the problem — the risk of abuse, even life-threatening abuse — in the name of security far outweighs the risk from terrorist acts. There are indeed circumstances where civil rights should be abridged for the greater good, but these must be truly exceptional in nature, and only for a limited time.

The threat posed by terrorists is neither of those things.

Let me put this in perspective: the odds that you will be killed driving on a freeway is many orders of magnitude greater than the odds of you being killed by a terrorist act. Are you arguing that we need to be stripped of civil rights to mitigate the freeway threat? If not, then why the difference?

Leave a Reply to gama rays Cancel reply

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Older Stuff
13:40 It's Great That Winnie The Pooh Is In The Public Domain; But He Should Have Been Free In 1982 (Or Earlier) (35)
12:06 Norton 360 Now Comes With Crypto Mining Capabilities And Sketchy Removal Process (28)
10:45 Chinese Government Dragnet Now Folding In American Social Media Platforms To Silence Dissent (14)
10:40 Daily Deal: The 2022 Ultimate Cybersecurity Analyst Preparation Bundle (0)
09:29 A Fight Between Facebook And The British Medical Journal Highlights The Difficulty Of Moderating 'Medical Misinformation' (9)
06:29 Court Ruling Paves The Way For Better, More Reliable Wi-Fi (4)
20:12 Eighth Circuit (Again) Says There's Nothing Wrong With Detaining Innocent Minors At Gunpoint (15)
15:48 China's Regulatory War On Its Gaming Industry Racks Up 14k Casualties (10)
13:31 Chinese Government Fines Local Car Dealerships For Surveilling While Not Being The Government (5)
12:08 Eric Clapton Pretends To Regret The Decision To Sue Random German Woman Who Listed A Bootleg Of One Of His CDs On Ebay (29)
10:44 ICE Is So Toxic That The DHS's Investigative Wing Is Asking To Be Completely Separated From It (29)
10:39 Daily Deal: The 2022 Complete Raspberry Pi And Arduino Developer Bundle (0)
09:31 Google Blocked An Article About Police From The Intercept... Because The Title Included A Phrase That Was Also A Movie Title (24)
06:22 Wireless Carriers Balk At FAA Demand For 5G Deployment Delays Amid Shaky Safety Concerns (16)
19:53 Tenth Circuit Denies Qualified Immunity To Social Worker Who Fabricated A Mother's Confession Of Child Abuse (35)
15:39 Sci-Hub's Creator Thinks Academic Publishers, Not Her Site, Are The Real Threat To Science, And Says: 'Any Law Against Knowledge Is Fundamentally Unjust' (34)
13:32 Federal Court Tells Proud Boys Defendants That Raiding The Capitol Building Isn't Covered By The First Amendment (25)
12:14 US Courts Realizing They Have A Judge Alan Albright Sized Problem In Waco (17)
10:44 Boston Police Department Used Forfeiture Funds To Hide Purchase Of Surveillance Tech From City Reps (16)
10:39 Daily Deal: The Ultimate Microsoft Excel Training Bundle (0)
09:20 NY Senator Proposes Ridiculously Unconstitutional Social Media Law That Is The Mirror Opposite Of Equally Unconstitutional Laws In Florida & Texas (25)
06:12 Telecom Monopolies Are Exploiting Crappy U.S. Broadband Maps To Block Community Broadband Grant Requests (7)
12:00 Funniest/Most Insightful Comments Of 2021 At Techdirt (17)
10:00 Gaming Like It's 1926: Join The Fourth Annual Public Domain Game Jam (6)
09:00 New Year's Message: The Arc Of The Moral Universe Is A Twisty Path (33)
19:39 DHS, ICE Begin Body Camera Pilot Program With Surprisingly Good Policies In Place (7)
15:29 Remembering Techdirt Contributors Sherwin And Elliot (1)
13:32 DC Metro PD's Powerful Review Panel Keeps Giving Bad Cops Their Jobs Back (6)
12:11 Missouri Governor Still Expects Journalists To Be Prosecuted For Showing How His Admin Leaked Teacher Social Security Numbers (39)
10:48 Oversight Board Overturning Instagram Takedown Of Ayahuasca Post Demonstrates The Impossibility Of Content Moderation (10)
More arrow
This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it