BlackBerry Mobile Phones

Blackberry is ready to provide the Indian authorities with a way to intercept consumers' messages sent and received on its platform.

The news was revealed by the Times of India, which published part of a leaked government document. It said officials appeared to have dropped demands that the firm also made it possible to access business emails sent over Blackberry Enterprise Server.

The authorities will then be able to:

• track email and email attachments sent over the consumer-version of Blackberry Internet Service (BIS)
• see when chats sent over Blackberry Messenger (BBM) were delivered and read
• monitor which websites were visited

Blackberry has issued a statement confirming its co-operation.

This would bring an end to a long-running dispute between the two sides.

In late 2012, back when it was still officially known as Research in Motion, the company behind BlackBerry handsets worked with the Indian government to enable surveillance of Blackberry Messenger and Blackberry Internet Service emails. But now India's authorities are complaining that they can only spy on communications sent between the estimated 1 million BlackBerry users in India---and they want a list of all BlackBerry handsets across the globe.

Though India's government says its spooks have now been provided with a list of all Indian BlackBerry users' PIN codes---meaning monitoring communications of these users is now feasible---the authorities don't have PIN codes of foreign users. That makes it difficult for them to identify and eavesdrop on messages sent between India and people in other countries. And that's what they want to change.

As India's Economic Times reported yesterday, a government panel has recommended that BlackBerry be asked to provide access to 'PIN' details of all its handsets across the globe to enable intelligence agencies in the country to track messages exchanged between Indian subscribers and those living abroad. BlackBerry has not yet provided these data due to privacy and legal provisions, but the company has previously ceded to India's surveillance demands after being threatened with getting shut off from the country.

Indian Blackberry users could face a ban after the phone's maker failed to meet a government deadline to grant access to encrypted business communications.

Officials in Delhi claim they need to read encrypted Blackberry messages to help guard against terrorist attacks. They have been locked in negotiations with Research In Motion, which makes the popular device, since last summer.

However as a January 31 deadline passed, RIM said it would not lift encryption for its business clients. Standard subscriptions with a telephone company can be snooped upon but businesses using their own server can retain the key without providing it to RIM for snooping purposes.

RIM said that complying with the January 31 deadline had proven technically impossible because does not have the ability to unencrypt messages on business private networks.

It is unclear what steps the government may take as a result of the missed deadline, but senior officials have warned that they would not take no for an answer.

Facing a BlackBerry ban in Indonesia, Research In Motion. says it will comply as soon as possible with a government demand that it block pornography from its smartphones.

RIM has until Jan. 21 to begin filtering porn sites or face legal action including revocation of its permit to operate in the country, one of RIM's fastest-growing international markets. Communication and information technology minister Tifatul Sembiring said that may include a complete blocking of the BlackBerry's web browsing capability.

RIM is in talks with domestic phone carriers to find a remedy, the Waterloo, Ont-based company said in a statement. It did not respond to a request for further comment.

Update: Better in Malaysia

15th January 2011. See  article from  bernama.com

Malaysia will not ban the use of the Blackberry smartphone as of now as it has not caused any problem with regard to security, culture and administration, said Information Communication and Culture Minister Datuk Seri Dr Rais Yatim.

However, he said, if there were sections of society with the facts to prove that the Blackberry phone were causing problems, the ministry through the Malaysian Communications and Multimedia Commission (MCMC), would investigate the matter under the country's existing laws.

He was referring to reports that the Indonesian government planned to ban the use of the Blackberry phone in the republic if its order for the service provider to implement pornography blockers and to create a server is not adhered to implemented.

Update: Worse in India

15th January 2011. See  article from  tamsblackberry.tamoggemon.com

The Indian government, which fears that the heavy encryption on RIM's BlackBerry smartphones makes them convenient for terrorists to use undetected, has asked RIM to grant access to its messenger services before Jan 31, 2011.

According to WSJ:

The lawful access capability now available to RIM's carrier partners meets the standard required by the government of India for all consumer messaging services offered in the Indian marketplace, RIM said in a customer update seen by Dow Jones Newswires.

No changes can be made to the security architecture for BlackBerry Enterprise Server [corporate email] customers since, contrary to any rumors, the security architecture is the same around the world and RIM truly has no ability to provide its customers' encryption keys, RIM's customer update said.

RIM continues to work closely with the government and RIM's carrier partners in India…We are pleased to have delivered a solution well before a mutually agreed milestone date of January 31, 2011, RIM said.

BlackBerry maker Research In Motion (RIM) has won a reprieve on the threat of a blackout on its 500,000 smartphone users in the United Arab Emirates (UAE), just days before security agencies were due to enforce a ban on email, messaging and web browsing on the devices.

After months of standoff between the Gulf and Canada, the UAE telecommunications regulator has said that RIM had brought its devices into line with strict local jurisdictions on security and encryption. Although the details of the compromise are unknown, RIM is thought to have granted some access to communications passed between devices to the UAE government, though there is no confirmation of this from either side.

RIM has publicly maintained a defiant position, insisting that there would be no changes in the security measures given to its Enterprise customers, who are usually private companies and public bodies granted a greater level of encryption on communication than individual customers.

The Telecommunications Regulatory Authority on Friday said: All Blackberry services in the UAE will continue to operate as normal and no suspension of service will occur .

A university professor in UAE, who wishes to remain anonymous, told the Guardian: The general opinion amongst the business expat community, westerners at least, has been for some time now that [the ban] wasn't going to happen. Call it a failure of imagination on their part, but no one could conceive of how the country could do something so counterproductive to the image they are trying to present primarily to the west.

Was it posturing? To some extent. The tradition of haggling here is an art form, the performance-value a joy in itself. That attitude certainly informed the government position vis-a-vis RIM – gamesmanship, brinksmanship, it's what people do here. And, frankly, those making the decisions had little to lose, personally.

Developers of email, instant-messaging and voice-over-internet-protocol applications would be forced to redesign their services so their contents can be intercepted by law enforcement agents armed with legal wiretap orders under federal legislation reported by The New York Times.

The legislation would, among other things, require cellphone carriers, websites and other types of service providers to have a way to unscramble encrypted communications traveling over their networks, the report said. It specifically mentions companies such as Research in Motion and Skype, which are popular in part because their cellular communications and VoIP services respectively are widely regarded as offering robust encryption that's impractical if not impossible for government agents to crack.

Under the Communications Assistance to Law Enforcement Act, phone and broadband service providers are required to have the technical means in place to eavesdrop on their subscribers. But it doesn't apply to communication service providers, which often offer strong end-to-end encryption services that make it infeasible for them to intercept traffic even through it travels over their networks.

Under a draft bill expected to be submitted to the US Congress when it convenes next year, such services would have to be redesigned, according to the report. Foreign-based providers that do business inside the US would also have to install a domestic office capable of performing intercepts, it said.

Blackberry phones have a reputation for security, and are therefore commonly used by journalists concerned they or their sources could be at risk of government or criminal surveillance. What should journalists working under these conditions make of these new developments? Will their online security be diminished?

There have been persistent reports that BlackBerry's maker,  RIM, has faced pressure to placate security services in India and Saudi Arabia.

Can journalists still depend on it for secure communications?

Judging from all the evidence, the answer depends on where you obtained your BlackBerry. BlackBerrys are sold either directly to individual consumers by mobile companies, or provisioned by corporate (or government) IT departments as the mobile extension of their own, private, messaging systems.

If you have been issued a BlackBerry by your employer, or use it to access company mail via what RIM calls a BlackBerry Enterprise Server (BES), the security of your device is in the hands of your employer, not RIM. Companies are worried about snooping, too, so RIM has purposefully secured its enterprise offerings so that not even RIM can spy on their traffic. As a side effect, this means communication is almost certainly secure from government interception, even if those governments require RIM to keep its servers in their control. If you feel you are in a vulnerable position, and use a corporate BlackBerry, speak to your IT department about its security.

If you have a consumer BlackBerry bought from a mobile phone company, you do not have the protection of RIM's corporate security system. Locating RIM servers in these countries (as many of them have demanded) would give the local authorities the ability to straightforwardly intercept all but SSL/TLS (https) Web traffic, and would allow local law enforcement to obtain access to stored e-mail.

One common service used by both enterprise and consumer BlackBerry owners is PIN-to-PIN messaging, the feature that allows BlackBerry owners to send free messages to any other BlackBerry user. PIN-to-PIN has the strongest reputation for privacy. Unfortunately, while it is certainly harder to intercept than SMS (text) messages, the encoding system that RIM uses to send PIN messages can theoretically be decoded.

In summary: if you're a journalist using an enterprise BlackBerry given to you by your employer for work purposes, you are probably well-protected from casual interception (although you should never depend on the inviolability of your communication systems). If you are using a consumer BlackBerry, do not presume to be any better protected from surveillance than someone using an ordinary mobile phone.

The Indian government has lifted a threat to block certain BlackBerry communication services following moves by the technology firm Research in Motion that could allow the country's security authorities greater access to snoop on messages.

Stepping back from the brink of a crackdown, India's ministry of home affairs said RIM had made certain proposals for lawful access by law enforcement agencies and these would be operationalised immediately . It did not offer any detail on these concessions

Following RIM's apparent concessions, the Indian government said today the situation would be reviewed in 60 days' time. It added that the country's telecoms ministry was examining whether all the subcontinent's BlackBerry communications could be routed through a server physically located in India.

Update: Wider Issues

3rd September 2010. See  article from  bbc.co.uk

India has toughened its scrutiny of telecoms firms with a directive demanding access to everything .

An Indian Home Ministry official told the BBC that any company with a telecoms network should be accessible . It could be Google or Skype, but anyone operating in India will have to provide data, he said.

The move follows high-profile talks with Blackberry maker Research in Motion about ways to allow Indian security forces to monitor data.

The government is also likely to target virtual private networks, which give secure access to company networks for employees working away from their offices.

Update: UN

3rd September 2010. Based on article from  thescotsman.scotsman.com

The head of the UN's telecommunications agency is urging BlackBerry's manufacturer to allow foreign law enforcement agencies access to its customers' data.

Hamadoun Toure says governments fighting terrorism have the right to demand access.

The war in Indonesia over the available of pornography on mobile devices has resulted in Communication and Information Minister Tifatul Sembiring threatening to kick BlackBerry out of the country. He wants parent company Research in Motion (RiM) to agree to block all porn from the devices.

The minister has said that he had communicated to RiM his wishes, but has yet to receive a reply.

If they are still not responding to our request, we have to close it down, Tifatul said, adding, RIM may violates our law if it remains providing porn content in its service [in Indonesia].

Earlier this month, Titaful urged RiM to set up servers in the country. The servers were needed, he claimed, in order to perform wiretaps in crime cases, bringing in non-tax revenue for the country and reducing service charges for customers. They would also make it much easier for the government to block porn locally.

Research in Motion, maker of the BlackBerry, is headed for a showdown with the Indian government, which has revived a threat to shut off service in the country in a row over access to customers' emails.

India has toughened its position in the wake of reports that RIM has agreed to give the government of Saudi Arabia access to some of the codes with which BlackBerry customer data is encrypted when it passes across the Canadian firm's server network.

A string of emerging markets governments have been demanding RIM provide additional co-operation with their police and security services to allow snooping of email and instant message traffic, in the name of national security.

India's home ministry has summoned the country's telecoms operators to a meeting today to discuss access to their BlackBerry users' data, and is expected to demand a deadline for RIM to share encryption details, with the threat of a suspension of some services if the deadline is not met. A senior government official told Reuters that the operators could be told to shut down RIM's corporate email and messenger services temporarily as a last resort. If they cannot provide a solution, we'll ask operators to stop that specific service, the source said. The service can be resumed when they give us the solution.

Google and Skype Next

Based on article from  independent.co.uk

India may shut down Google and Skype Internet-based messaging services over security concerns, the Financial Times reported.

The Financial Times quoted from the minutes of a July 12 meeting between telecommunication ministry security officials and operator associations to look at possible solutions to intercept and monitor encrypted communications.

There was consensus that there more than one type of service for which solutions are to be explored. Some of them are BlackBerry, Skype, Google etc, according to the department's minutes. It was decided first to undertake the issue of BlackBerry and then the other services.

India has set an August 31 deadline for RIM. It wants access in a readable format to encrypted BlackBerry communication, on grounds it could be used by militants. Pakistani-based militants used mobile and satellite phones in the 2008 Mumbai attacks that killed 166 people.

Officials say RIM had proposed tracking emails without sharing encryption details, but that was not enough.

RIM Blackberry services have been restored in Saudi Arabia, reports say.

The authorities object to the devices because they operate an encrypted message service meaning that communication from Blackberry devices cannot be monitored.

The BBC's Ben Thompson, in Dubai, said that there are conflicting reports about why the handsets are currently working again.

Services are up and running again across the country, he confirmed: But inevitably, that raises more questions than it answers. If RIM did grant Saudi Arabia access to its security codes, other countries in the region would now expect the same.

RIM has been contacted by the BBC. In a statement earlier this week a spokesperson for the company said that the devices were deliberately designed to prevent anybody from accessing individual message data, which is stored on servers in Canada: RIM cannot accommodate any request for a copy of a customer's encryption key, since at no time does RIM, or any wireless network operator or any third party, ever possess a copy of the key. [Then how do they so easily seem to be conceding snooping rights to India and Saudi?]

RIM has added India to the list of countries with which it's prepared to share data, and will help Kuwait block porn sites, but still hasn't opened its services up to the UAE.

Indian security forces will be able to intercept emails sent and received by BlackBerry users, within 15 days, as Reuters reports the country has been added to RIM's list of acceptable governments.

BlackBerry users enjoy unparalleled security in their email services, with email stored on RIM's servers and encrypted all the way to the handset. If you want to intercept mail you need access to the handset, or the servers, which is difficult when the former is in the hands of the user and the latter is in a different country.

The UAE-owned operator, Etisalat, did try to get snooping software onto BlackBerry handsets with a faked upgrade that failed in spectacular fashion. That really annoyed RIM, so now the UAE government faces crawling to RIM to ask for access to the servers, or just banning the devices from the country.

Research In Motion Ltd.'s BlackBerry service may be banned in India unless the Canadian company agrees to allow India to snoop on usres, according to a government official with direct knowledge of the matter.

India has told Research In Motion to set up a proxy server in the country to enable security agencies to monitor e-mail trafficl.

RIM has the best encryption, significant subscribers, and a brand that's known across the world, said Anshul Gupta, principal research analyst at Gartner Inc. in Mumbai.

The Waterloo, Ontario-based company has assured the Indian government that it will address the nation's snooping requirements.

Mint newspaper earlier reported the government is considering banning mobile e-mail services including BlackBerry.

The company faced obstacles recently in Pakistan, where the national telecommunications regulator said it blocked Internet browsers on BlackBerry handsets, citing supposed concerns over blasphemy.

Moves against BlackBerry in Saudi and UAE

Based on article from  dailymail.co.uk

More than a million BlackBerry owners are to have services cut in two Gulf states after authorities demanded access to spy on users.

Both Saudi Arabia and the United Arab Emirates are to prevent the use of the instant messaging service between the handsets. And the UAE will also block emails being sent and bar internet access on the smartphones.

There are an estimated 500,000 BlackBerry users in the UAE, and 700,000 in Saudi Arabia.

In Saudi Arabia in particular, BlackBerry handsets have become the must-have gizmo for Saudi youths. They enable them to connect with members of the opposite sex in a deeply conservative society.

The Saudi move will begin later this month. Abdulrahman Mazi, a board member of state-controlled Saudi Telecom, has admitted that the decision is intended to put pressure on Blackberry's Canadian owner, Research in Motion (RIM), to release data from users' communications when needed .

The UAE's telecoms regulator, TRA, said some Blackberry services would be suspended from October 11.

The authorities in the UAE are making very public noises about RIM's BlackBerry smartphones. Apparently they're a threat to national security.

The United Arab Emirates Telecommunications Regulatory Authority noted that BlackBerrys operate beyond national jurisdiction because their core mechanism for delivering email is operated and managed by a non-Dubai company. The main concern is simple: In their current form BlackBerrys enable all sorts of communications tricks that could have serious social, judicial and national security repercussions.

Data from BlackBerrys in UAE goes through RIM computers in the United Kingdom. That is so RIM can compress the data to speed up transfers and so that RIM can bundle it to lower the impact on battery life, and so that RIM can encrypt and secure the data for corporate management reasons.

The TRA also had a veiled threat in these statements--the words current form in particular imply that the TRA may force RIM to modify its hardware or software in the future.