Updated : Blackberry Blackout By Indian Govt? Tata Tele's Application Rejected !

[@ksh@T 20]

Govt assures Canada on Blackberry

Admits security concerns raised by law enforcement agencies on the use of Blackberry services, India has assured Canada that commercial interest of RIM, the maker of Blackberry, would be kept in mind while taking any final decision.

"We are fully aware of the sensitivity and confidentiality of our conversation with RIM and would like to assure them that we respect their commercial interest and would do nothing to jeopardize the same," Telecom Secretary Siddhartha Behura said in a letter to foreign secretary Shiv Shankar Menon for communication to Canada.

He said the Government hoped that it would be able to resolve the issue satisfactorily and speedily. "The signs are encouraging."

The Canadian High Commissioner David M Malone had written to Communications and IT Minister A Raja on April 17 on the issue of lawful interception of information as related to Canadian company Research In Motion (RIM). He had said the issue to be understood was who in the Government of India was empowered to resolve this issue.

Malone had written, "This is also necessary in order to ensure that right representative from RIM are at the table. The discussions managed by Department of Telecommunication (DoT) to date have inspired little confidence that those involved on the Indian side are actually empowered to settle the matter as Indian Government's demand of RIM keep expanding while media leaks proliferate, some of them very damaging from a security perspective and sourced by the journalist involved directly to the DoT."

"Potential terrorists are now aware, because of these leaks, of technical issues unknown to most of us previously."

[Dj 25]

"Potential terrorists are now aware, because of these leaks, of technical issues unknown to most of us previously."

our ignorance cannot overshadow 'their' intelligence... our not knowing doesnt mean they havnt known

[Honest 836]

Intelligence Bureau Rejects RIM Proposal

Here's the next episode of the ongoing Blackberry saga... Word has it that the Intelligence Bureau (IB) has rejected RIM's (Research in Motion) proposal to decompress data sent from Blackberry to non-Blackberry phones, reason given being breach of privacy.

RIM claims it had offered to decompress data because Blackberry's communication network runs on 256-bit advanced data encryption while Indian security agencies are equipped to intercept signals up to 40-bits only.

The Intelligence Bureau has rejected the proposal for decompressing data as this means leaking of information about the person whose data is being intercepted; basically breach of individual privacy.

The Blackberry soap opera, if you will, has been running for too long now; the bone of contention being storage of communication between Blackberry devices on RIM servers based in Canada -- national security agencies have expressed serious concern over not being able to monitor this data which might in turn compromise national security.

A week back, the Department of Telecom (DoT) had proposed an interim solution wherein data exchanged between Blackberry users would be stored on the servers of telecom operators who provide the service in the country for a period of one year. In the meantime, DoT had also asked RIM to move some of its servers to India so that national security agencies could monitor Blackberry traffic.

And amidst all of this, India has assured Canada that the commercial interests of RIM, makers of Blackberry, would be kept in mind while taking a final decision.

[@ksh@T 20]

NEW DELHI: Here is yet another twist to the BlackBerry saga that refuses to die down. India’s Intelligence Bureau (IB) has rejected a proposal from RIM, the maker of the BlackBerry smartphone, to decompress the data and emails sent from BlackBerry device to a non-BlackBerry device.

ET has learnt that during the recent round of discussions between RIM executives and Indian intelligence agencies, the Canadian company had ‘offered their help to decompress the data and e-mail sent by a BlackBerry user to any other mobile handset or computer’.

RIM had offered this solution because, data on RIM network flows with the 256-bit advanced encryption standard, but India’s security agencies can intercept only 40-bit encryption. Intelligence agencies however justified the move to reject the RIM offer on the grounds that this would amount to breach of privacy: “The proposal was not agreed to by the IB as this leaks the information regarding the person whose information is being intercepted,” the DoT said in a communication to the Canadian High Commission in India.

However, the larger issue deals with data sent between BlackBerry devices, which India’s security agencies can’t monitor because mails sent between BlackBerry owners in India bypasses the networks of Indian mobile operators providing these services and directly hit RIM’s servers in Canada.

Here, as first reported by ET, the DoT has proposed an interim solution where all data between BlackBerry users are stored on the servers of the telcos for a year. The DoT has asked RIM to use this 12-month period to move some of its servers to India, which will then enable the country’s security agencies to monitor the BlackBerry traffic.

“The response of RIM or setting up server (in India) has been encouraging and they have asked for the conditions that are likely to be imposed for setting up the server. The response is under examination,” the DoT communication to the Canadian High Commission added.

Meanwhile, two international software solution companies—Cain Technologies and Cleartrail—have approached DoT and the country’s intelligence agencies offering to provide a solution for BlackBerry interception. “These proposals will be examined and evaluated with IB,” the DoT communication added.

[Nirvana 4]

BlackBerry adds 50,000 users despite controversy

Business Standard / Mumbai May 05, 2008

Though the controversy over the security of BlackBerry services is yet to be resolved, the four operators that offer these services — Bharti Airtel, Vodafone Essar, BPL Mobile and Reliance Communications — have added over 50,000 customers in the four months since the problems began.

Before this, the push-mail service, which was introduced in India in October 2004, had 400,000 subscribers according to industry estimates.

There are over 4 million BlackBerry subscribers worldwide. Research In Motion (RIM), the Canadian communications major and owner of the BlackBerry technology, does not, however, provide country-wise subscriber numbers.

The government had sent a notice late last year directing BlackBerry service providers to stop services by December 31 citing security concerns.

The department of telecom had said it could not monitor BlackBerry content as RIM's servers were located in Canada and other sites outside India.

In March, the telecom ministry gave operators an extension and assured them that this value-added service would not be banned, but was subject to RIM complying with the government's security requirements.

RIM has since agreed to work with the government to enhance security aspects of the service. "RIM operates in more than 130 countries around the world and respects the regulatory requirements of governments. RIM does not comment on confidential regulatory matters or speculation on such matters in any given country," a spokesperson said.

Meanwhile, other operators like state-owned BSNL and Datacom (a subsidiary of consumer goods major Videocon Industries) are also planning to launch BlackBerry services.

BSNL Chairman and Managing Director Kuldeep Goyal said that the telecom major is in talks with BlackBerry to offer the services to the BSNL subscribers.

Videocon CMD Venugopal Dhoot confirmed that BlackBerry services would be one of the value-added services that would be launched when the company begins GSM mobile operations in the country.

For this, the company was recently given a licence and allotted spectrum, radio frequencies that enable wireless communications.

While Idea Cellular officials declined to comment, other operators like Spice and Aircel and new entrants like Unitech were also believed to be looking at launching the services.

Hyderabad-based Frontline Technologies, an Airtel partner, has launched a website to sell BlackBerry accessories.

BlackBerry initially launched services in India under an exclusive tie-up with Bharti Airtel, which ended in February 2006 after which other operators began offering the service.

[@ksh@T 20]

India has only little over one lakh BlackBerry users

NEW DELHI: Government on Monday said only 1,14,000 mobile users in the country are using the BlackBerry service, which have come under the security agencies' scanner for lack of monitoring system.

The Minister of State for IT and Telecommunication Jyotiraditya Scindia said in a written reply in Lok Sabha, "As per the information received from service providers, there are around 1,14,000 subscribers as on date who are being provided BlackBerry services by various telecom companies".

As per telecom regulator Trai, total number of wireless subscribers stood at 261.09 million at the end of March.

Currently, Bharti Airtel, Reliance Communications, Vodafone-controlled Vodafone Essar and BPL Mobile provide BlackBerry services in the country.

As per the Canadian firm Research-in-Motion (RIM), maker of BlackBerry, the company had 14 million subscribers globally.

BlackBerry is a premium mobile service that allows sending and receiving e-mails in the form of SMS. Most of the high-end users of mobile operators use BlackBerry both for voice as well as data services.

Government had asked telecom firms not to provide certain BlackBerry services until monitoring systems are in place. The move came after security agencies raised concerns, saying the transmitted information could not be traced or intercepted.

DoT fears that the service could become a threat to national security since communication through BlackBerry devices was routed through a server outside the country. Hence, the government has asked RIM to place a monitoring system in India.

[@ksh@T 20]

RIM offers conditional solution to monitor BlackBerry content

NEW DELHI: In a new turn to the BlackBerry row, the Canadian vendor of the service, Research in Motion (RIM), is understood to have agreed to pass on sensitive customer data to the government but with a condition that DoT takes responsibility in case of a loss to any user due to leakage of information.

For any legal interception of data from BlackBerry, the security agencies need to be in possession of "Public Key" (code of customers handset) and "Private Key" (company's code against that handset).

The encrypted data packets sent through BlackBerry are password protected and could be deciphered only with the help of "Public Key" and "Private Key" together. The other provision is to build a super computer, which could take nearly three years and the results beyond a certain frequency were not guaranteed.

Canada-based RIM officials are believed to have asked the DoT to take the responsibility of being the custodian of the Private Keys and also to bear the consequences if their was a loss of essential data of the customers.

Since the BlackBerry provided additional data security capabilities, including data encryption and decryption, digital signatures and data authentication, the customers are using the handset for their bank transactions and other money related matters.

RIM officials argued that there would be a chance where important codes were exchanged on the handset which could be leaked and therefore in case of such an act, the DoT should take the responsibility.

Public Key is offloaded to Digital Signature Processor (DSP) to increase the speed and therefore security agencies need to have access to the server as well for encrypting, the sources said.

During their introduction in the Indian telecom market, the company had been asked to keep in place a mechanism that would enable security agencies for a lawful interception of the data being transmitted through the instrument.

The security agencies, besides other things, suggested that the server of the BlackBerry needed to be installed within the country to prevent its misuse.

The BlackBerry controversy assumed new dimensions after security agencies warned that the technology could come handy for anti-national elements if there was no effective content monitoring mechanism.

The security agencies have claimed that the new technology could be abused by some terrorists modules and hawala operators.

Directorate of Revenue Intelligence (DRI) was the first to bring out difficulties being faced in monitoring data out of BlackBerry as they were unable to decipher the content because of packaging of the data in encrypted form which could not be deciphered.

The services could come handy for tech-savvy militants who could converse using the round-the-clock connectivity to internet without having the fear of being intercepted.

The BlackBerry service helps convert E-mails into short messaging service on the handset.

hurray!~ govt wd b happy nw and too companies

[@ksh@T 20]

RIM agrees to pass on BlackBerry data to govt

NEW DELHI: In a new turn to the BlackBerry row, the Canadian vendor of the service, Research in Motion (RIM), is understood to have agreed to pass on sensitive customer data to the government but with a condition that DoT takes responsibility in case of a loss to any user due to leakage of information.

For any legal interception of data from BlackBerry, the security agencies need to be in possession of “Public Key” (code of customers handset) and “Private Key” (company’s code against that handset).

The encrypted data packets sent through BlackBerry are password protected and could be deciphered only with the help of “Public Key” and “Private Key” together. The other provision is to build a super computer, which could take nearly three years and the results beyond a certain frequency were not guaranteed.

Canada-based RIM officials are believed to have asked the DoT to take the responsibility of being the custodian of the Private Keys and also to bear the consequences if their was a loss of essential data of the customers. Since the BlackBerry provided additional data security capabilities, including data encryption and decryption, digital signatures and data authentication, the customers are using the handset for their bank transactions and other money related matters.

RIM officials argued that there would be a chance where important codes were exchanged on the handset which could be leaked and therefore in case of such an act, the DoT should take the responsibility.

Public Key is offloaded to Digital Signature Processor (DSP) to increase the speed and therefore security agencies need to have access to the server as well for encrypting, the sources said. During their introduction in the Indian telecom market, the company had been asked to keep in place a mechanism that would enable security agencies for a lawful interception of the data being transmitted through the instrument.

The security agencies, besides other things, suggested that the server of the BlackBerry needed to be installed within the country to prevent its misuse.

The BlackBerry controversy assumed new dimensions after security agencies warned that the technology could come handy for anti-national elements if there was no effective content monitoring mechanism.

fiunally govt has won this case!~

[Honest 836]

RIM will Not Hand over Master Keys to Government

The last we heard about the ongoing Blackberry saga was that Canada-based Research in Motion (RIM) had agreed to pass on sensitive customer data to the Department of Telecom (DoT), provided the latter took responsibility for loss of data of any individual. In the event RIM had carried out the promise, the company would have had to hand over the master keys to the Indian government and national security agencies.

However, in the latest twist to this story, RIM has expressed its inability to hand over the master keys to the Indian government, saying its security structure doesn't allow the company, let alone any third party to read information transferred over its network.

A company statement said Blackberry security architecture for enterprise customers is purposefully designed to exclude the capability for RIM or any third party to read encrypted information under any circumstances. However, in a separate statement, RIM also said that the company regrets any concern prompted by incorrect speculation or rumors and wishes to assure customers that it is committed to continue serving security-conscious business in the Indian market.

The Blackberry issue has been witnessing flip-flops ever since it surfaced. Several solutions have been proposed, prominent amongst which is that RIM set up servers in India so that Blackberry traffic can be monitored by national security agencies, the other suggestion being that all data between Blackberry users be stored for a year on the servers of telcos that offer the service in the country. However all talks have failed to reach any concrete solution so far.

[Honest 836]

Meeting between RIM and DoT Today

RIM (Research in Motion) has expressed its inability to hand over the master keys to the Indian government, claiming its security structure doesn't allow for the company, let alone any third party to read information transferred over its network.

However, latest reports say that RIM officials will be today meeting up with the Department of Telecom (DoT) to discuss India's concerns over the inability of national security agencies to intercept email sent via Blackberry devices.

Quite a few solutions have been suggested to the long-pending Blackberry issue, prominent amongst which is that RIM set up its servers in the country. Despite the long-drawn discussions though, no concrete solution has been reached so far.

RIM's latest response has been that Blackberry security architecture for enterprise customers is designed in such a way so as to exclude the capability for RIM or any third party to read encrypted information under any circumstances.

On this subject, the latest Reuters report quotes Internet security expert Vijay Mukhi as saying, "America has spent billions of dollars for monitoring the cyberspace. I don't believe they would allow BlackBerry to operate if nobody had the encryption key." Mukhi argues that RIM could give security agencies the rights to monitor emails. He adds, "There is actually a concern. Terrorists do use technology and they would some day or maybe they are already using BlackBerry services. So how do you stop them?".

[Honest 836]

Open code or shut shop, DoT tells RIM

30 May, 2008, 0206 hrs IST, TNN

NEW DELHI: The department of telecom (DoT) is learnt to have issued an ultimatum to Canada’s RIM, the maker of the BlackBerry smartphone, that it will have to provide encryption solutions if it wants to continue operations in India.

Sources told ET that during Thursday’s meet, DoT had communicated its stance to both RIM executives and the Canadian High Commission that service providers (telcos) here would be asked to discontinue BlackBerry services unless the company provides monitoring solutions either in the form of encryption keys, or by shifting servers to India.

Sources also said that DoT had told the Canadian company that Thursday’s meet could be the last of a series of meetings on the issue, and RIM would have to come back with a solution to break the deadlock. Both DoT and RIM have been in talks to resolve the BlackBerry imbroglio for months. Encryption solutions will allow security agencies to monitor emails and data sent between BlackBerry devices.

Industry sources said that an announcement was expected soon from both the government and RIM on the issue. India has over 114,000 BlackBerry customers among five operators—Bharti Airtel, Vodafone Essar, Idea Cellular, BPL and Reliance Communications.

At the same time, it must be pointed out that both the DoT and RIM have remained tight-lipped about Thursday’s meet details. “We had a meeting (with the DoT) today. It was positive. The talks will continue,” the RIM spokesperson in India told ET, but refused to divulge details.

An executive with a service provider that offers BlackBerry services in India told ET that an unresolved issue was related to the sharing of costs to move servers to India. “RIM does not want to bear this cost. Ditto with service providers who offer BlackBerry services. RIM feels that if it accepts the demands of the Indian government, it will set a precedent as other countries may demand a similar arrangement,” the executive added on condition of anonymity.

Telecom minister A Raja had recently said that RIM had assured the government to provide a solution in two months. However, the issue took a new twist last week, when the Canadian company in a note to its customers on May 23 said that it did not have a copy of the customer’s encryption key, while also adding that it would “simply be unable to accommodate” any such request.

Another factor that is learnt to have earned the displeasure of the DoT here is RIM’s public response to the Indian government’s request to set up servers in India. “The location of data centres and the customer’s choice of wireless network are irrelevant factors from a security perspective since end-to-end encryption is utilised,” RIM customer update had added.

It is also learnt that the DoT has rejected RIM’s argument that it did not possess the encryption keys. Instead, the DoT has pointed out that since RIM’s BlackBerry service meets the provisions of US CALEA (Communications Assistance for Law Enforcement Act, 1994) regulations, all BlackBerry data traffic originating on Indian mobile networks can be tracked electronically by CALEA sleuths in the Federal Communications Commission.

They have also added that the US would not be able to monitor this data unless RIM had opened its networks to American agencies.

[Honest 836]

Talks between RIM, DoT to continue to address security issue

30 May, 2008, 1806 hrs IST, AGENCIES

NEW DELHI: BlackBerry maker Research-In- Motion today said it is confident of an amicable solution to current stand-off between the company and the Department of Telecom shortly and assured its customers of an uninterrupted service.

RIM executives met DoT officials on Thursday to address the security concerns raised by DoT over inaccessibility of the data encryption keys.

Intelligence agencies have said the services offered by RIM posed a risk as e-mails sent between BlackBerry smartphone could not be traced or intercepted and the government has written to RIM asking it to set up servers in India. "The talks that were held yesterday were positive and they are likely to continue for some more time," a RIM spokesperson told PTI.

The government has held a series of meetings with RIM, and Telecom Minister A Raja has already said the Canadian firm had assured of providing a solution in two months.

But later the Canadian company in a customer update said it does not have a copy of the customer's encryption key and would "simply be unable to accommodate" any such request. RIM, which has 1,14,000 BlackBerry subscribers in India, has maintained it operates in 135 countries and uses a security architecture that has been scrutinised over the last nine years and has been accepted by security-conscious corporations and governments around the world.

"RIM does not possess a 'master key', nor does any 'back door' exist in the system that would allow RIM or any third party to gain unauthorised access to the key or corporate data," it said in the statement to customers.

Bharti Airtel, Reliance Communications, Vodafone Essar and BPL Mobile offer BlackBerry services in India.

[Honest 836]

RIM points fingers at similar services

31 May, 2008, 1254 hrs IST, TNN

NEW DELHI: In yet another twist to the ongoing BlackBerry saga, RIM (Research In Motion) the Canadian company that makes these smartphones, has told the department of telecom (DoT) that there are four other mobile email solutions in India that use comparable encryption levels’.

RIM has pointed out that the DoT was targeting only it, even as similar solutions were being offered by other handset majors in India including Nokia and Motorola and also by software players such as Microsoft and Seven Networks. Thus, focusing on BlackBerry alone will not solve any security concerns over encryption, says RIM's presentation to the DoT on May 29.

In addition to BlackBerry, four other mobile email solutions in market in India use comparable encryption levels — Windows Mobile ActiveSync, Nokia Intellisync, Motorola Good and Seven Networks , RIM said, while adding: Furthermore, several other technologies widely used in India use strong encryption to secure communications over the internet. Just a few examples include Web browser, WAO 2.0 mobile browser software, IIPSec VPN, PGP and SMIME. All these technologies are widely available and used throughout India . Functionally, all of these solutions use encryption similar to BlackBerry. Thus, focusing on BlackBerry alone will not solve any security concerns over encryption.”

Industry sources admit that RIM's complaint that similar solutions were available in India is true. Several customers here use Seven Networks, a software that enables mobile operators, internet email providers and service providers to offer their subscribers real-time access to business and personal email applications. Motorola Good is also used by customers here and its features such as customised email alerts and filters, are very popular ,” explained an industry executive. Besides, Windows Mobile, which provides several services such as email on the move is available in most high-end handsets in India iMate, HP, HTC, Dopod and Motorola, while the Nokia Intellisync software is available in all the E-series handsets that the Finnish company sells in India.

While data on RIM network flows with the 256-advanced encryption standard, DoT wants the company to reduce this to a 40-bit encryption, a level that can be intercepted by security agencies. (Encryption means converting data and e-mails into algorithmic codes that travel through the network and later get decoded into the original form. Globally, the 128-bit standard is followed for all online transactions).

RIM has, however, warned the government of resorting to any move to reduce the encryption levels. Encryption with key lengths of 128 bits or longer protects business communications and online transactions from hackers, thieves and other wrongdoers. If escrowed keys ever fall into the wrong hands, individual businesses and consumers would be driven away from using the internet for private, commercial and confidential communications. A similar result would follow from the dumbing down of encryption to levels that fail to offer protection. Either would greatly disrupt the ability of information technology to contribute to India's rapid productivity growth, RIM presentation added.

[Honest 836]

Seek encryption code from others too, RIM to DoT

2 Jun, 2008, 0011 hrs IST, TNN

NEW DELHI: In yet another twist to the ongoing BlackBerry saga, RIM, the Canadian company that makes these smartphones, has told the Department of Telecom (DoT) that there are four other mobile e-mail solutions in India that use ‘comparable encryption levels’. RIM has pointed out that the DoT was targeting it, even as similar solutions were being offered by other handset majors in India including Nokia and Motorola and also by software players Microsoft and Seven Networks. “Thus, focusing on BlackBerry alone will not solve any security concerns over encryption,” RIM said in a presentation to the DoT.

RIM has been under fire from India’s home ministry, which has demanded that the Canadian company provide encryption solutions — either by providing the ‘master key’ or by setting up servers in India so that security agencies here can monitor e-mails and data sent between BlackBerry users. The DoT has also warned RIM that service providers (telcos) here would be asked to discontinue BlackBerry services unless the company provides monitoring solutions.

“In addition to BlackBerry, four other mobile e-mail solutions in market in India use comparable encryption levels — Windows Mobile ActiveSync, Nokia Intellisync, Motorola Good and Seven Networks,” RIM said, while adding: “Furthermore, several other technologies widely used in India use strong encryption to secure communications over the internet. Just a few examples include — Web browser, WAO 2.0 mobile browser software, IIPSec VPN, PGP and SMIME. All these technologies are widely available and used throughout India. Functionally, all of these solutions use encryption similar to BlackBerry. Thus, focusing on BlackBerry alone will not solve any security concerns over encryption.”

While data on RIM network flows with the 256-Advanced Encryption Standard, DoT wants the company to reduce this to a 40-bit encryption, a level that can be intercepted by security agencies. (Encryption means converting data and e-mails into algorithmic codes that travel through the network and later get decoded into the original form. Globally, the 128-bit standard is followed for all online transactions.)

RIM has warned the government of resorting to any move to reduce the encryption levels. “Encryption with key lengths of 128 bits or longer protects business communications and online transactions from hackers, thieves and other wrongdoers.

If escrowed keys ever fall into wrong hands, individual businesses and consumers would be driven away from using the internet for private, commercial and confidential communications. A similar result would follow from the dumbing down of encryption to levels that fail to offer protection,” RIM presentation added.

Additionally, RIM has also pointed out that the Indian IT and ITeS industries were ‘robust users of strong encryption as was the government of India’.

It has also said that strong encryption was the key to securing communications between clients and customers located in India and around the world and added that as per Nasscom, these companies already accounted for over 5% of the country’s GDP and contributed over $40 billion in exports.

“The industry’s growth is propelled by high degree of trust that global companies place in Indian IT and ITeS companies,” RIM added.

India has over 114,000 BlackBerry customers among five operators—Bharti Airtel, Vodafone Essar, Idea Cellular, BPL and Reliance Communications.

[Honest 836]

DoT may not be acting fair with BlackBerry

9 Jun, 2008, 0338 hrs IST, TNN

NEW DELHI: Canadian smart phone maker RIM’s whimper that the communications ministry was targeting it selectively has opened a Pandora’s box full of complicated issues that India’s Department of Telecom (DoT) has no answers for.

RIM, which makes the BlackBerry smart phone, and has about 1,15,000 customers in India, mostly corporate or professionals, has argued that if its services were in violation of India’s security guidelines, then DoT should also look into similar offerings of at least four other players.

While this may be the last line of defence by RIM, which has been under the country’s security agencies fire and has been pushed to the corner with little negotiating options, the Canadian company’s argument has highlighted the larger picture, which DoT has been trying to brush under the carpet.

Before venturing into the finer details, consider what the BlackBerry saga is all about. The media debate on this issue has been dominated by a handful of factors, of which some were even factually incorrect. Firstly, at the heart of the BlackBerry security issue is the fact that any email communication between BlackBerry owners (with BlackBerry email IDs) in India bypasses the networks of Indian mobile operators providing this service.

Secondly, while data on RIM network flow with the 256-advanced encryption standard, DoT wants the company to reduce this to a 40-bit encryption, a level that can be intercepted by security agencies. RIM’s failure to offer clarifications on these issues, coupled with the company’s defiant stance not to brief the media on hard facts has only resulted in half truths becoming the order of the day.

The proposed solution by DoT and security agencies are — set up a server in India and channel all data traffic originating from Indian mobile networks to these servers; RIM and operators like Bharti Airtel, Vodafone and Reliance Communications that provide this service create a mirror image of all emails and data sent on these devices in India and save these images for at least six months; and reduce encryption code to less than 40-bit.

It is essential to understand that the security concerns are only related to BlackBerry Enterprise Solutions (BES), which are largely used by corporates. The BlackBerry Internet Service (BIS), which is sold to individual customers, has very little security facilities and is not encrypted. At the same time, it is also important to note that the arguments presented by both sides – DoT and RIM – have several flaws, and any solution to the ongoing imbroglio will have to address each of these issues.

RIM has a case

First is the issue of encryption. It is no secret that India’s security agencies have been unable to keep pace with the march of technology. But punishing RIM for the failure of Indian agencies to anticipate technological developments reflects poorly on the government here. While DoT may be demanding that RIM reduce encryption standards to 40 bits, it comes at the cost of the customers who use this service.

A simple indicator of this is that globally, most countries stipulate that the internet service providers (ISP) ensure a minimum of 128-bit encryption before any financial transaction can be made online. Many industry experts accept that 40-bit encryption standards may turn back the clock on the internet emerging as a platform for commerce in India and will also give a free run to hackers.

In fact, DoT’s double standards on the issue stand exposed as almost all commercial portals in India, some of which are owned by government departments such as the Railways, Indian Airlines, telecom and bank PSUs, offer services at the 128-bit encryption standards.

This also brings into question the ultra cheap internet telephony services offered by Skype and other such global majors where the encryption standards are well above 40 bits. Considering that more Indians use internet telephony than they use BlackBerry services, DoT must first explain why only these services of RIM are considered a security threat.

The second issue relates to the fact that other handset majors in India, including Nokia and Motorola and software players such as Microsoft and Seven Networks, offer similar email solutions on mobile handsets. Consider what RIM said in a presentation to DoT: “In addition to BlackBerry, four other mobile e-mail solutions in market in India use comparable encryption levels — Windows Mobile ActiveSync, Nokia Intellisync, Motorola Good and Seven Networks. Furthermore, several other technologies widely used in India use strong encryption to secure communications over the internet.

These include Web browser, WAO 2.0 mobile browser software, IIPSec VPN, PGP and SMIME. All these technologies are widely available and used throughout India. Functionally, all of these solutions use encryption similar to BlackBerry. Thus, focusing on BlackBerry alone will not solve any security concerns over encryption.”

The issue assumes importance considering that tens of thousands of customers in India use Motorola Good for services such as RSS news feeds and customised email alerts and filters.

Ditto for the solutions provided by Seven Networks, which offers real-time access to work and personal information, including email, calendar, corporate directories, personal contacts and documents. Windows Mobile e-mail solutions are available on several high-end handsets and PDAs sold in the country such as HTC Touch, O2, iPAQ and even on some handsets from Samsung and Motorola.

Finnish handset major Nokia on its website states that its Nokia Intellisync wireless email solutions support a wide range of mobile devices and platforms, including Palm, Pocket PC, Windows Mobile Smartphone, Symbian, and IMAP client. Therefore, if DoT were to ask operators to discontinue BlackBerry services, the government in the next stage may be forced to extend similar orders on other players offering similar solutions.

Its faults

On the other hand, RIM too is at fault on several fronts. Government officials here say that the Canadian company’s argument that it did not possess the encryption keys and the company’s public stance that it would “simply be unable to accommodate” any such request from the India government does not have any merit.

Instead, DoT has correctly pointed out that since RIM’s BlackBerry service meets the provisions of US Communications Assistance for Law Enforcement Act, 1994 (CALEA) regulations, all BlackBerry data traffic originating on Indian mobile networks can be tracked electronically by CALEA sleuths in the Federal Communications Commission. The officials added that the US would not been able to monitor this data unless RIM had opened its networks to American agencies.

In response to DoT’s request to set up servers in India, RIM in an update to its customers said: “The location of data centres and the customer’s choice of wireless network are irrelevant factors from a security perspective since end-to-end encryption is utilised.” Additionally, RIM in its presentation to DoT also said that all data that flows through its data centres is encrypted to protect it from unlawful hacking or interception, while adding: “Routing it through data centres in India will not make it any more decipherable.” Experts are divided if RIM’s stance is correct from the technology perspective.

Some acknowledge that the company’s arguments have some merit. This is because since internet packets can travel using any available pathway, it is inevitable that some of India’s internet traffic will be routed internationally. Under such a scenario, setting up a server in India may not provide the solution that intelligence and security agencies here are looking for.

Even if RIM’s argument deserves consideration, it cannot be deniedthat the company is in violation of several Indian laws. Under Indian regulations, the control of remote access, i.e. activation, transfer of data, termination etc., shall be within the country and not at a remote location abroad. Also, the government agency should be given all support to record the transactions for online monitoring.

Additionally, DoT on its part is also right in demanding a solution from RIM since Indian regulations clearly state that suitable technical device should be made available at Indian end to the designated security agency/licensor for monitoring purposes.

With regard to DoT’s proposal to create a mirror image of all emails and data sent on these devices in India and save these images for at least six months, RIM already does so in a limited way. “The BlackBerry BES solution provides encryption of an email message between a BlackBerry smartphone and a BlackBerry enterprise server with which it is associated.

Once delivered on BES on customers premises, email messages originating on a BlacKBerry device are decrypted and placed in care of the company or government agency for storage, forwarding, etc. Viewed this way, every BlackBerry email is mirrored on the corporate BES server as standard email,” explained RIM.

Our view

While the arguments can continue, ET also explored some solutions that can bring about an end to the six-month old controversy. Firstly, since RIM’s services meet the provisions of US CALEA regulations, the Canadian company can provide Indian agencies details on how it complies with regulations abroad.

It can also help DoT and intelligence agencies to put in place a similar structure in India. Governments around the world, either individually or with help from network and IT majors, have developed solutions which allow lawful intercept of BlackBerry traffic without compromising the security or integrity of the communications.

India’s security and intelligence agencies can seek support from governments across the world and upgrade their technological capabilities. This will also help India address security concerns on the technology front that are beyond BlackBerry.

It is also possible that the government may soon find a solution to the BlackBerry security issue with help from two US-based companies — San Jose-based intercept solution companies Cain Technologies and SS8 Networks. Cain and SS8 are developers of voice messaging communication solutions that meet the US government’s requirements of lawful traffic interception.

Both Cain and SS8 had approached DoT, offering their interception solutions, after security agencies here had raised concerns over the BlackBerry services. DoT, after consultations with Intelligence Bureau, had invited the companies to demonstrate their equipment and solutions. DoT sources said if the demonstrations are successful, the government would direct RIM to install the interception solution on Indian mobile networks expeditiously. This strategy has been successfully adopted by several countries.

[Honest 836]

RIM promises to solve BlackBerry issue by June-end: Raja

12 Jun, 2008, 2223 hrs IST, PTI

NEW DELHI: Telecom Minister A Raja on Thursday said makers of Blackberry Smartphone, which has run into trouble with Centre over security issues, has assured DoT of coming out with a solution by month-end but Government is also open to solution by other companies to crack the data encryption.

"By June-end some solution must be there. Research- In-Motion (RIM) has promised us. Otherwise government will invoke other jurisdiction, some other companies have approached us saying they wanted to display solution (on decryption of data) and we are open to that also," Raja said.

"RIM, makers of BlackBerry smartphone, itself has said it would come out with a solution within a stipulated time. Security purpose is of paramount importance to the country but we cannot simply bar Blackberry when other countries are operating it," he said.

Refuting that there is soft corner for Balckberry, he said, "We cannot agitate against Balckberry... We need service but the question is subject to the security, how the needs can be fulfilled.. how many countries have banned. The service is essential.., we will find some ways."

"RIM wanted some time... We have given them. If they want extension, we may give them... if nothing comes out we will go for other options... we cannot close the service, he said.

[Honest 836]

Decoding BlackBerry: Encryption limit may hit 256 Bits

18 Jun, 2008, 0000 hrs IST

NEW DELHI: The government is planning to increase the permitted level of encryption for electronic data from 40 to 256 bits. This will allow decoding of electronic mails sent through BlackBerry. The matter is presently being examined by the National Security Advisor (NSA).

The move comes after Research In Motion (RIM), the makers of BlackBerry, expressed their inability to provide a solution to the government for decoding encrypted data, claiming that it itself couldn’t decode the mails sent through its system. RIM has, however, said that they would come with some solution by the end of this month.

“The government would involve third-party agents to crack the encryption code if RIM does not come out with a solution. It is, however, not possible for any third party to bring down the level of encrypted data at the prescribed level. To avoid technical ambiguity, the government may raise the prescribed limit for data encryption to 256 bits,” an official source said, adding that the matter has been referred to the NSA for its comments.

A mail sent in this regard to communication minister A Raja and telecom secretary Siddharth Behura went unanswered. Country’s security agencies have earlier complained that messages transmitted through BlackBerry devices posed a risk as they couldn’t be traced.

The department of telecommunication (DoT) had asked RIM to provide the master key to allow access to contents transferred over their handsets. RIM had, however, said that it could not handover the message encryption key to the government as its security structure does not allow any third party or even the company to read the information transferred over its network.

The government has also been demanding RIM to set up its servers in India to enable the security agencies to monitor the data flow. RIM, however, has not agreed to the proposal till now.

The BlackBerry issue surfaced earlier this year when DoT asked Tata Teleservices to delay the launch of the service till appropriate security mechanisms were in place. Currently, there are over one lakh BlackBerry users in the country. Bharti Airtel, Reliance Communications, Vodafone Essar and BPL Mobile are offering this service in the country.

[Honest 836]

BlackBerry row: Sleuths against traffic moving outside India

25 Jun, 2008, 1602 hrs IST, PTI

NEW DELHI: In a setback to operators offering BlackBerry services, security agencies are understood to have hardened their stance and asked Department of Telecom to ensure that traffic originating and terminating in India should not travel outside the country.

"There should be a single point of delivery system for the entire BlackBerry traffic in India and the traffic originating and terminating in India should not travel outside," the agencies said in a note to the Department of Telecom (DoT).

The decision has been taken after Cairn Technologies along with US-based SS8 demonstrated e-mail monitoring solutions for the contents sent through BlackBerry.

According to sources, the agencies have found various limitations in the monitoring system (as demonstrated by the companies) both in terms of legality of the system as well as its quality.

"In case of heavy usage, the quality of service of the intercepted device would deteriorate noticeably, thereby increasing the chances of the user coming to know that his device was behaving abnormally," the note said.

In view of the limitations, the security agencies have asked DoT to convey to the service providers offering BlackBerry services on its network to make necessary monitoring arrangements to the satisfaction of security agencies, it added.

"The targeted intercepts of the BlackBerry traffic should be delivered to the designated security agencies in a readable and intelligible format through the Indian carriers with the content being delivered in real time," it said.

[@ksh@T 20]

No security threat from Blackberry, no prior nod needed: Govt

NEW DELHI: Sweeping aside the security concerns, an issue that generated a major controversy leading to protests from Canada, the government today gave a go-ahead to the operations of Blackberry services in India saying there is no security threat from it.

"People are buying Blackberry. There is no threat from Blackberry services," Telecom Secretary Siddharth Behura told reporters on the sidelines of a telecom summit here.

The Blackberry services had come under the government scanner with the Ministry of Home Affairs and security agencies asking the vendor not to list any fresh subscriber till a server is placed in India to monitor contents.

Security agencies are of the view that unintercepted data through the network of Research-In-Motion (RIM), the makers of Balckberry, could be used by terrorists.

Asked if the government would give approval to companies that have applied for starting Blackberry services which included the Tatas, he said, "BSNL also wants to start the service. There is no permission needed for starting value- added services. We have not given permission to anybody, we have not disallowed anybody."

"So there is no question of giving permission to anybody. We do not consider any application for value-added services or Blackberry services. We have given permission to none.. they do not have to seek our permission to start any service," he said.

He further added, "Security people have raised certain issues and there is discussion is going on... there will be continued discussions."

[@ksh@T 20]

Govt flip-flop on BlackBerry continues

NEW DELHI: In the latest twist to the BlackBerry saga, communications minister A Raja on Friday said that the government was looking at solutions offered by third parties to address security concerns associated with BlackBerry services.

Mr Raja’s comments come within days of the telecom secretary Siddharth Behura stating that there was no threat from BlackBerry services and the government had no objection if an operator wanted to offer these services. Mr Behura’s statement was an about turn from the DoT’s earlier stance, where the communications ministry had issued an ultimatum to RIM (the maker of BlackBerry smart phones) that it would have to provide encryption solutions to security agencies here if it wanted to continue operations in India. Encryption solutions will allow security agencies to monitor emails and data sent between BlackBerry devices.

“We cannot throw (out) Blackberry services, but the question is how to keep this service, while taking care of security measures at the same time. We do feel security measures can be taken care of with wider consultations. They (RIM) are offering some solution. Notwithstanding their solutions, we are finding other solutions from other companies,” Mr Raja told reporters on Friday.

India’s security agencies have been insisting that the government force Canada’s RIM, the maker of BlackBerry smartphones, to put a system in place that will allow them to intercept data sent through these handsets as they fear that these services could be exploited by terrorists. Their demand stemmed from the fact that email communication between BlackBerry users here bypasses the networks of Indian mobile operators providing this service.

“There should be a single point of delivery system for the entire BlackBerry traffic in India and the traffic originating and terminating in India should not travel outside,” security agencies had said in their latest note to the DoT.

Currently, India has over 1,15, 000 BlackBerry customers between five operators – Bharti Airtel, Reliance Communications, BPL, Vodafone Essar and Idea Cellular. When asked on the 3G policy, Mr Raja said that the guidelines for both 3G and Wimax would be out within a week. “Broad guidelines for 3G have been devised and they need some inputs from the finance ministry and after that the guidelines will be sent to the Telecom Commission and I expect the norms to be announced within a week,” he added.

[Honest 836]

British embassy too suffers from encryption laws

9 Jul, 2008, 0153 hrs IST, ET

NEW DELHI: It’s not just makers of BlackBerry device who’re suffering sleepless nights over the Indian government’s stringent encryption laws. The British High Commission in India, too, is concerned over these laws which are seen to be delaying the issue of UK visas in India by at least a day.

In fact, since December 2007, when Britain launched biometric visas in India, the process is taking at least four days, instead of three days or less earlier. And, that’s because the biometric data that is collected from applicants, at the offices of the high commission’s outsourcing partner VFS Global, cannot be directly transmitted online to UK for verification.

“The Indian laws require us to provide the key to the encrypted biometric data to the telecom ministry in India. But our own laws do not permit us to do that. Hence, we have to use a system of physically transferring the data to the high commission from the back-office operations of our partners VFS Global,” Creon Butler, the deputy high commissioner at the British High Commission in Delhi told ET.

India is the only country, besides Iran, where the system of collecting and transferring biometric data is causing delays in issuing British visas, Mr Butler added.

The British High Commission’s business express programme (BEP), which offers a fast-track visa application process to those companies that send their employees to the UK frequently, is under threat because of the delay in issuing business visas. While the firms that are covered by the BEP get priority in terms of advance appointments for collection of biometric data and enjoy certain other advantages, the visas still take about four working days to be issued. Earlier, the turnaround time was often as fast as 24-hours for frequent travellers.

Meanwhile, the position of the Indian government on this matter, as understood by ET, is that Indian laws do not allow the electronic transfer of encrypted data from the offices of any private service provider like VFS Global without the key being provided to the department of telecom. The Indian government is not open to allowing a particular commercial agency to flout the law because of fears that other agencies could then ask for similar concessions.

Senior government officials strongly feel that diplomatic cover cannot be extended to offices of an outsourcing partner.

The British authorities, however, don’t agree. “We feel that the data that is transferred from our back office operations through the internet, is covered by diplomatic convention since we are not a commercial organisation. And hence, we feel, that we should be allowed to transmit the encrypted data. However, we have not yet been able to reach an agreement on this with the Indian government. The Indian authorities are of the view that under Indian legislation the encryption cannot be permitted,” Mr Butler said.

Legal experts, meanwhile, feel that one of the solutions would be to collect the biometric data which includes fingerprints and photographs, at the British High Commission and diplomatic missions rather than at the offices of the outsourcing partner.

“If the British High Commission collected the biometric information itself instead of outsourcing it they could process the visa quicker. If that is not possible, in the present environment and high perception of security breaches and vulnerability to terrorist attacks, passengers should be prepared for delays in visa processes,” feels Mumbai-based lawyer and proprietor of LawQuest, Poorvi Chothani.

Till a solution is found to this stand-off between the Indian government and the British High Commission, it seems that frequent travellers to UK from India, will have to factor in a couple of extra days into their travel plans.

[Honest 836]

DoT bats for BlackBerry, to ask home min to update tech

10 Jul, 2008, 0311 hrs IST, ET

NEW DELHI: In what may spell good news for Canada’s RIM, maker of the BlackBerry smartphones, the department of telecom (DoT) is of the view that the country must upgrade its interception and deciphering facilities rather than oppose new technologies because of its own poor infrastructure.

In an internal note, the DoT has said that it plans to put the ball in the home ministry’s (MHA) court and wants the latter to find out encryption solutions for BlackBerry services to address security issues. The home ministry is opposed to telcos offering BlackBerry services in India on security grounds.

This also marks a softening of the DoT’s earlier stance where it had said that RIM would have to provide encryption solutions and set up servers in India or shut shop. Currently, India has over 115,000 BlackBerry customers between five operators – Bharti Airtel, Reliance Communications, BPL, Vodafone Essar and Idea Cellular.

The DoT had earlier looked at alternate solutions such as asking RIM to set up servers in India and also reduce its encryption standards to 40-bits from the current 256 bits. It had also explored the possibility of asking RIM and operators such as Bharti Airtel, Vodafone and Reliance Communications, which provide this service, to create a mirror image of all e-mails and data sent on these devices in India and save it for a minimum period of six months in a bid to address the concerns of India’s security agencies.

However, in its latest note, the DoT has climbed down on each of these issues. It has pointed out that while Indian regulations said that traffic originating and terminating in India should not be routed outside the country, this condition was not followed with regard to internet services since most servers were housed outside India.

“So, keeping this in mind, it may be difficult for the Department to insist upon housing RIM server in India to fulfil the above requirement,” the note said. The Department has also said that if RIM were to move a server to India from London, that server would also be transiting traffic of BlackBerry users in other countries, thus defeating the very purpose of the move.

The note also points out that telecom service providers cannot be held responsible for the high encryption standards of BlackBerry: “Since the encryption is not deployed by the service provider, it is difficult to hold the service provider responsible for decryption of the message. On the contrary, as per license conditions, a service provider has to ensure privacy of data and therefore it is not supposed to know the level of encryption of messages being transmitted through its networks,” the DoT note added.

The change of stance by the DoT implies that the MHA must now find solutions from third parties to monitor BlackBerry services.

Last week, communications minister A Raja had said that the government was looking at ‘solutions offered by third parties to address security concerns associated with BlackBerry services’. Some international firms such as Cain Technologies, Cleartrail and SS8 Networks have offered to provide solutions to monitor BlackBerry services.

However, a recent demonstration by Cain Technologies was not accepted by India’s Intelligence Bureau which said that the solutions provided by the company fell short on various counts. The IB in a communication to the DoT had even listed out nine limitations of the solutions proposed by Cain.

[Honest 836]

NSA supervising talks for Blackberry solution: Raja

11 Jul, 2008, 1617 hrs IST, PTI

NEW DELHI: The National Security Adviser is now supervising the discussion to find a solution to the controversial Blackberry services, over which agencies have raised serious security concerns.

NSA is overseeing the discussion National Test Research Organisation (NTRO), under the Home Ministry, along with DoT is holding with smartphone maker Blackberry to find a solution where the data traffic passing through the Canadian firm's network could be intercepted by security agencies.

"NTRO, under the supervision of NSA, is interacting with Blackberry... Department of Telecom is also engaged in the talks as any solution that will be given by NTRO or Blackberry, have to be implemented by DoT," Raja said.

So far the government has been insisting to have a local server to host emails in India, but Research-In- Motion, the makers of Blackberry, has cited problems in setting up country-specific servers. The government is now also evaluating the impact of such a server on the company, which has a central server in Canada.

"We are insisting for a (Blackberry) server in India to take care of security agencies concern. But technically and commercially what will be the impact on the Blackberry also has to be taken into consideration and it is being taken," he said.

At present, India has over one lakh BlackBerry customers between five operators Bharti Airtel, BPL, Vodafone Essar, Reliance Communications and Idea Cellular.

[Honest 836]

RIM Patches PDF Attachment Vulnerability

In a pro-active move, RIM recently announced that it has managed to patch a vulnerability in their BlackBerry Enterprise Server. Once the PDF parsing-related vulnerability was identified, it took no time to have the hole plugged.

The security hole would have given hackers access to the Enterprise Server by tricking RIM BlackBerry email users into opening a malicious PDF email attachment, potentially leading to a crash of the entire server. Server crashes are nothing new for RIM. Back in September-October 2007, the BlackBerry servers had crashed twice in as many months prompting analysts to question the security and stability of the Enterprise Server.

Since then it had been an uneventful 2008,till this flaw was spotted. RIM has confirmed that only BlackBerry server versions 4.1.3 and 4.1.5 were affected by this security hole. Enterprise Server version 4.1.6 for Microsoft Exchange and IBM Lotus Domino was apparently not affected by the flaw. The security patches have been issued to BlackBerry Enterprise server customers.

The statement added that there have been no reports yet of any actual exploitation of this vulnerability and since the patch has already been applied, this should not be a major cause of concern.

Courtesy : Techtree

[Honest 836]

Blackberry, WiFi system come under security scanner

29 Jul, 2008, 2043 hrs IST, ET

NEW DELHI: In what may spell trouble for Blackberry and wireless fidelity (WiFi) internet service providers, security agencies are likely to harden their stance for having a fool-proof mechanism in place at the earliest.

The move comes close on the heels of militants of Indian Mujahideen using the wireless fidelity (WiFi) to send an email minutes ahead of audacious Ahmedabad attack.

"We are seized of the matter and it would be taken up with appropriate authorities soon," a senior Home Ministry official said.

When asked about the Blackberry services which were a point of controversy between security agencies and Information and Technology department, the official said the ministry has pointed out its hazards and it was for them to act.

The official said the security agencies had pointed out that password protection should be introduced in every customer using the WiFi technology.

However, the recent hacking in its proxy server while sending the email ahead of the weekend blasts was a glaring violation of the same, sources in the union Home Ministry said, adding that the Department of Telecom may not have placed in stringent measures.

The security agencies, in the case of Blackberry, have asked Department of Telecom to ensure that traffic originating and terminating in India should not travel outside the country.

"There should be a single point of delivery system for the entire Blackberry traffic in India and the traffic originating and terminating in India should not travel outside," they said in a note to DoT.