Govt and BlackBerry firm wait for the other to hang up
Sunil Abraham speaks to Archna Shukla on the stand-off between the Government of India and RIM. The news was published in expressindia.com.
What is the current stand-off between the government and RIM all about?
The current logjam is with regards to BlackBerry messenger, email and web traffic. Around two years ago, the government had asked BlackBerry to allow it to monitor the text messages (SMSes) and phone calls exchanged through its platform. The government has since then been monitoring these services with the help of telecom service providers. It, however, still doesn’t have any means to monitor, intercept or decrypt BlackBerry’s messenger, email and web exchanges. The government wants to put in place a surveillance infrastructure to monitor these services and is asking BlackBerry to cooperate.
What is unique about BlackBerry services? Why doesn’t the government have a similar problem with Nokia or Apple?
Companies such as Apple do not provide email and messenger services in India. They only sell their handsets in the country. Nokia recently started providing such services under the Nokia Messaging Services Platform. The service, which includes enterprise solutions, consumer services and Nokia’s own messaging solution Ovi mail, is still in beta format. Nokia’s India spokesperson said the company will set up servers for its various services inside India whenever it kickstarts the functions in a full fledged manner.
Canadian firm Research in Motion (RIM), makers of BlackBerry, on the other hand, provides all these services alongside selling its handsets. It also manages all its data and traffic on its own without giving the access to anybody. The servers for these services are installed outside India. The government is concerned that keeping servers outside the country will give access to foreign authorities to monitor its local traffic and information. In the US, for instance, this kind of monitoring will be possible under the provisions of the Patriot Act.
Is BlackBerry the only one to use strong encryptions?
The use of strong encryption in information technology is prevalent in both the wireless industry and Internet platforms. BlackBerry, however, uses a superior encryption that is highly reliable and secure and it owes its popularity in the world markets to this feature mainly. According to Sunil Abraham, the Executive Director of Bangalore-based advocacy group Centre for Internet and Society, BlackBerry uses strong encryption with 256 bit keys. In comparison, gmail.com and Citibank.co.in use only 128 bit keys.
“If you have encryption on while visiting citibank.com or when using an offline mail client like MS Outlook Express, the government can identify the encrypted service that you are using and the recipient of your encrypted messages. Then they can launch a targeted brute-force attack to intercept and decrypt specific communications,” he says, adding that with the BlackBerry, the government can only see that you are having an encrypted transaction with the BlackBerry servers. They cannot identify the recipients and web services. This makes the brute-force attack difficult as a lot of time is spent decrypting unimportant messages.
What is the problem that RIM is facing in UAE and Saudi Arabia?
In UAE, it is facing the same problem as in India. In Saudi Arabia, BlackBerry will instal computer servers, which would allow the government some access to user’s data.
Can the Indian government and RIM meet half-way?
Unlikely. Though, as per PTI reports,
BlackBerry has made an attempt to break the logjam by offering metadata and relevant information to security agencies which will enable them in lawful interception, it has has failed to enthuse them. At a meeting between government officials and RIM, company’s representatives said that “they can provide the metadata of the message like the Internet Protocol address of BES and PIN and International Mobile Equipment Identity of the BlackBerry mobile”, sources said. Metadata is loosely defined as data about data. It provides information about a certain item’s content like how large the picture is, the colour depth, the image resolution when the image was created, and other data. A text document’s metadata may contain information about how long the document is, who the author is, when the document was written, and a short summary of the document. However, sources said the RIM, which has nearly one million subscribers across India, failed to enthuse the security agencies who want an uninterrupted access to the messaging services on BlackBerry platform. The security agencies apprehend that BlackBerry services in the present format pose a serious security threat.
The government may argue that if surveillance is allowed in some countries, it should have the same access, too.
So far, RIM’s public stand has been that its security architecture was specifically designed to provide corporate customers with the ability to transmit information wirelessly while providing them with the necessary confidence that no one, including RIM, could access their data.
Abraham of the Centre for Internet and Society says there is a possibility of a compromise behind the doors and the citizens may never get to know that a surveillance regime and infrastructure have been put in place to monitor their communications.
Click to read the original.