India threatening to shutdown RIM’s BlackBerry service
By Will Park on Wednesday, March 12th, 2008 at 4:16 PM PST In BlackBerry, RIM (Research in Motion), Security
Research In Motion’s popular BlackBerry (NSDQ: RIMM) handsets and push email service is now a worldwide phenomenon. China just recently allowed the BlackBerry through its borders, and even India has some 400,000 active BlackBerry users. But, there’s a problem with the push email system used by BlackBerry handsets. They encrypt the email data.
It might seem like more of an added security benefit for BlackBerry users to have their emails encrypted prior to transmission, but the Indian government apparently doesn’t see it that way. They’ve reportedly asked RIM for access to the encryption keys in order to make incoming and outgoing emails legible to government security agencies. The Indian snoops have given RIM until the end of March to comply and open up access to their email encryption algorithms. RIM’s BlackBerry service faces termination if those precious algorithms are not handed over.
In an effort to prevent the BlackBerry service from going black in India, representatives from RIM, other wireless companies in India, and Indian security agencies will be meeting on March 14th to discuss the issue.
For the sake of BlackBerry addicts in India, let’s hope that the Indian government and RIM can come to terms on email security. Otherwise, India might just be the most short-lived BlackBerry market to date.
[Via: Business Standard]
most encryption algorithms public knowledge, so asking for the encryption algorithms makes absolutely no sense, since it is public knowledge how to encrypt and decrypt data, the problem is, that you can’t decrypt in a suitable amount of time without the private encryption keys, which RIM has, but giving those out defeats the purpose of the entire encryption process for all users.
Unless it designates specific public keys for Indian specific devices, and hands over the private keys to the Indian govermnent, and makes sure no other devices world wide would use these keys, could I see a resolution in this manner.
Either way, if an Indian BlackBerry was communicating with someone outside the country the government would only be able to decrypt 1/2 the conversation.
Also handing over private encryption keys makes it possible to man in the middle attacks with people from outside the country, you wouldn’t be guaranteed you were talking to that person in India, it could be someone from the government.
Handing the keys over would go against the purpose of security. But they could easily hand over all algorithms, they use and not give them the keys, if that is all they asked for, since without the keys, you could know exactly how the BlackBerry encrypts and decyrpts its data, but would still take you years to decrypt it without those private keys.