Schneier on Security

Do they have a choice if they want to operate in India? Anyone know offhand what the record of US companies versus foreign countries might be? They don't seem to do so well on their own.

If I remember correctly it took the US State Department intervention in the eBay case before the Indian government backed down.

The scary part of this is that it is even possible, and that devices don't use device generated and stored keys. Does anyone here doubt that the US Gov has had the keys for a while?

BlackBerrys are often used because they are considered 'secure'. Wouldn't it be wise for RIM to let its customers enable their own encryption?

Sorry, should have said foreign companies dealing with national issues abroad, rather than just US.

I mean if a citizen travels abroad, should he/she be able to use his/her home company's encrypted communication channels even if it transits a local country's infrastructure?

Anyway, here's the eBay case I mentioned:

http://www.forbes.com/2004/12/21/1221autofacescan01.html

The article implies that Blackberry can choose what accounts or classes of accounts it wants to reveal the keys for. Perhaps it's even per-device. That implies that they're able to read it, even if they don't share the keys with anyone.

Why would I sign up for encrypted email (or encrypted anything, for that matter) if it's not end-to-end encrypted?

I don't blame Blackberry for caving in return for market access, I blame the market for trusting their "security".

236-bit?

@ Paul and Markus

You can, in general terms. MidpSSH, for example, is available for Blackberry and you can setup your own encryption.

I think the core issue is that the Indian gov't seems to be demanding RIM put a proxy or similar system in gov't control. So even if users setup their own encryption for their device, unless it was going to a different endpoint it would expose data to the gov't server.

This does seem a bit overblown. Most of that e-mail is transport-encrypted only on the last leg -- between the server and the blackberry device. But during the remainder of the transit, it's going over unencrypted smtp. So that e-mail has no presumption of encryption-guaranteed privacy anyway, as it could have been intercepted at any one of a number of gateways. Particularly if the government is doing the intercepting.

In fact, it's a little difficult for me to understand why the Indian government would care enough about this to put the screws on RIM. Why would they care about plucking e-mail out of the air, when they can just stake out the wires instead?

And, also, what about other devices (like, say, the Treo family) that can do secure IMAP and TLS/SMTP with a remote server? It is perfectly feasible for a "person of interest" to set up a secure mail link between such a device and a mail server, using nothing but commodity protocols. Is the Indian government going to demand that SMTP/IMAP servers not honor secure protocols if the remote client is detected to be a mobile device?

The government officials driving this would seem to be underinformed.

"Why would I sign up for encrypted email (or encrypted anything, for that matter) if it's not end-to-end encrypted?"

Er, it is end-to-end, which is why this rose up as an issue for the Indian gov't. The key management/strength is the bone of contention.

The RIM client sends encrypted messages through a RIM NOC to a RIM server managed by the RIM customer.

Given that, the Indian gov't gave two options: either weaken the encryption or allow the messages to be transparently proxied (allow messages to be decrypted and reencrypted) at a server run by the Indian gov't.

So while it appears key management is the, er, key you can still switch to SSH, or PGP, etc. on the Blackberry if you want end-to-end key management that you can control exclusively.

How long do think it will be before the keys "leak" to the hacker/cracker community?

Interesting ... first line of the article is " MUMBAI: In a major change of stance, Canada-based Research In Motion (RIM) may allow the Indian government to intercept non-corporate emails sent over BlackBerrys." This implies that corporate users who have Blackberry Enterprise Servers will NOT have their keys handed over, just those who use RIM's servers.

I hate to say it but this not the first time RIM have had their (supposedly) secure credentials called into question.

If I remember correctly the first time was over their KeyMat structure. In essence they issued the keys to the users so always knew what was going from A2B.

Which begs the question,

"if somebody who by defiition cannot be trusted holds the keys to your kingdom, who realy owns the kingdom?"

There is a second way more important issue that has not been mentioned "OS / app code update". If RIM can arbiteraly send a code patch to your handheld and have it install (as most mobile phone operators can) can you trust the device at any time?

Put more simply what is to stop them putting a "shim dll" between the keypad and OS and the OS and Screen Driver, the purpose of which is to send the raw keypress and screen image back to a third party?

If they can do this (and I have every reason to believe they can) then no security software will be secure on the device at any time (again true of all mobile phones).

So put simply end of game, executives have sold all their mobile security for the sake of a nice looking device...

Any one from RIM etc care to comment to the contary and back it with reliable provable evidence?

Justin, Mr. Schneier most likely made a typo as there is no such thing as 236-bit AES encryption.

Schneier is not very knowledgeble and not very competent, but he's allowed to make occasional typos.

@ Angus S-F

yes, good point.

"BlackBerry offers two kinds of services — for enterprise (corporate) customers and for individual (non-corporate) users. Majority of its 1,14,000-plus customers in India are from the enterprise segment. However, decrypting emails of non-corporate customers is a larger security concern for Indian intelligence agencies. "

Seems like this just emphasizes that if you want to encrypt your blackberry communication you need to control your own endpoint.

Sounds like "corporations" get more rights than those who truly are corporal.

"How long do think it will be before the keys 'leak'..."

They can be configured to rotate automatically. I think RIM recommends every 2 - 4 weeks. If the gov't gets the RIM proxy, then they could happily rotate along.

Ok, so what will India say about ActiveSync phones? I believe they use 128bit SSL. Will they go after any mail provider who serves the non-corporate?

There's a reason why my #1 request for mobile devices (like the iPhone I currently use) is full S/MIME signatures and encryption.

The Indian government suffers from the legacy of British colonialism and is a minority group trying to keep masses under control. VERY heavy bureacracy and very paranoid. Virtually everything is regulated to ridiculous levels. They raised the British art of Old Boy Network to an entirely new form.

The reason the govt wants access is because they have noticed many islamic terrorists that are being pushed into india via kashmir by the shithole known as pakistan have been caught with blackberries in possession since communication is encrypted. That's the main reason. P

I've done software development on the BlackBerry platform and my understanding from my past employer is that RIM (being a Canadian company) also had to give the encryption keys to for BlackBerry server traffic to the FBI before they could operate in the good old USA.

Simple solution: use S/MIME or PGP. With this you should have complete control of the encryption...granted there isn't an additional secret key controlled by Blackberry, it should be noted that Blackberry's S/MIME solution is proprietary

If someone else has your encryption keys, it really wasn't secure to begin with.

Who cares if the Indian government has access to something that was insecure to begin with.

If you want security, make sure you communicate using a method where only those on a need to know basis have access to encryption keys.

I have no idea how Blackberry encryption works, but if RIM can decrypt your communications, you would be stupid to trust that it's unbreakable.

So who cares? Who is this encryption supposed to protect you against anyway, if you're not in control of your own encryption keys?

QuackMack,
I am an Indian. I don't think the Indian Govt is as paranoid as you assume it to be.
Atleast not as the US/UK governments are.

Idiocy,
Good point. Perfect.

All it does is gives the Indian government the same access to your messages as the Canadians, US, Australians , UK, German, French,......
The difference is that access in this case will be given without the Indian government being supplied with the sort of decryption technology available in the US etc.
Give them a few months and they'll probably develop it themselves. I can only assume RIM will be quietly asked to give in just to make it unnecessary for the Indians to do it themselves.

Virtually real-time decryption of your messages is possible without the keys so they're bound to work it out soon.

The user would be better off selecting their own encryption, but that's a bit of a headache for RIM, and only a slight headache for powers that be.

Of course you can always encrypt your message and then email it, can't you? It just means you have to do the work.

I guess they're only only after the amateurs anyway. There are plenty of systems which the spooks can't penetrate, no matter how well equipped, with or without the help of network or service providers.

The real problem with all this surveillance is that there are too many corrupt government employees and officials everywhere to have this sort of thing not end in disaster eventually.

It's just a matter of who the disaster befalls. It's probably unlikely to be your average terrorist type.

If I were a corporate manager in India, my answer would be: then I'll not use BlackBerries.

The encryption keys can't be localized so potentially, the Indian govt will be able to read any and all email going through RIM, excuse the pun, anywhere in the world.

They would have been able to charge more and therefore make a higher profit margin on fewer customers if they had been trustworthy.

> Do they have a choice if they want to operate in India?

Satellite Phones?

> Wouldn't it be wise for RIM to let its customers enable their own encryption?

If you look at the breakdown of OS use in the embedded market the numbers are scary. Maximum of 3 OSs with 90% market share. Most closed source.

> I mean if a citizen travels abroad, should he/she be able to use his/her home company's

according to the the PATRIOT act, no.

Oh, you mean traveling to countries other than the US; I see what you did there.

> Enterprise Servers will NOT have their keys handed over, just those who use RIM's servers.

I think RIM may have realized the giving the Indian government what they want, they could realize an increase in sales of their Enterprise product.

> How long do think it will be before the keys "leak" to the hacker/cracker community?

Not sure... but I suspect that Pakistan intelligence service will, followed by...

> what will India say about ActiveSync phones?

That's a separate conversation India will have with the appropriate parties... and with a billion potential consumers, it will be an easy conversation that will go India's way.

> VERY heavy [bureaucracy] and very paranoid.

Doesn't sound that different from any country where an extremely small minority control the vast majority of wealth.

> If someone else has your encryption keys, it really wasn't secure to begin with.

yes, but since nobody seems to have been able to do key management thing right for the masses, putting the keys in the control of "competent" hands and telling everyone that everything is "secure" improves market share.

> Who cares if the Indian government has access to something that was insecure to begin with.

Their customers who thought otherwise? Microsoft must be loving this.

> All it does is gives the Indian government the same access to your messages as the Canadians, US, Australians , UK, German, French,......

nothing that hasn't been done with Echelon in the past...

> encrypt your message and then email it[...] It just means you have to do the work.

If there's one think that you should know about users by now, it's that that they do what is easy, not what is secure.

> It's probably unlikely to be your average terrorist type.

Don't buy the "we surveil to prevent terrorism" hype. Make no mistake that domestic surveillance is about something far sinister.

Seriously, this is a very minor deal, not worth this kind of hyperventilation. All that e-mail travels at least one network segment in cleartext -- and probably more than one. Encrypting the server-to-device leg protects against guys with radio receivers, that's all. Even if the Indian government allowed maximum-security encryption on the wireless segment, they could easily sniff the traffic elsewhere. That's why their heavy-handed efforts make no sense, and are more to be pitied than despised.

There's plenty of other fuel for worries about government encroachment on privacy and liberty. This is just silliness, and not worth the outrage it is generating.

"if a citizen travels abroad, should he/she be able to use his/her home company's encrypted communication channels even if it transits a local country's infrastructure?"

Yes. Just as a citizen traveling abroad should be able to speak freely across the dinner table, free of government-installed listening devices.

From a marketing point of view it is a disaster. I agree with the readers who said the system wasn't secure to begin with, but many people believe(d) otherwise. I also agree that all the commotion is somewhat hypocritical. us customs has the right to access any single file on your computer when you cross a border into the country if they feel like it, how about that?

@ Carlo Graziani,

"All that e-mail travels at least one network segment in cleartext -- and probably more than one"

You are not quite looking at it correctly, if the server is in the U.S. and the person sending the email is also in the U.S. but the Crackberry user is in India (say a sales rep or contract negotiating executive). Then the Indian Gov does not have access to the unencrypted portion of the traffic only the encrypted.

As noted above the main reason is probably not Pakistan but "competative advantage" which the French have openly admitted to in the past and various countries including the "Democratic U.S.A." have been caught doing on a number of occasions.

Als oas I said earlier, due to the fact that the device manufacturer and the network provider can update the software on all Mobile Phone type devices then, there is no way these devices can ever be secure.

And please do not talk about "code signing" invariably this is "gateway" only security. Once an app or other code is loded on the device (signed or not) the code is not checked before it is executed due to such dull things such as resource limitations.

If you want security on your comms then do it properly not through some "executive toy" that is not 100% under your control.

The Indian government has shown over the past year that they are very concerned to monitor "Indian data" -not only for citizens or terrorist amongst those, but also global enterprises!- and put steep requirements onto international telcos. It's become a worrying trend globally where the large nations-of-state all to have their own needs over data that isn't actually theirs in the first place - anyone should nowadays better be careful with their personal data or IP going over wires without strong encryption.
Question is which (software) supplier won't sell their keys to their bit of cypherspace? Opensource seems to be the safest bet for now!

From Mordaxus over at Educated Guesswork:

"What I was told is that this is complete FUD and false. The BlackBerry crypto is real crypto, just like SSL, PGP, S/MIME or anything else. The keys are generated on the handsets and on the BES server. There is end-to-end crypto, using real protocols like SPEKE. RIM doesn't have the keys to give. RIM cannot give the keys over because only the devices have them."

http://www.emergentchaos.com/archives/2008/05/this_may_be_fud.html

In my understanding, BB has 2 different services, the corporate uses a server and works like it says above, which is why they didn't get the keys to them. The other, called BIS, uses RIM servers in Canada, so the Indian govt. got access to the encrypted channel only. I assume they set up servers in India for the service to give the goverment access.

Did anyone else notice this little gem?

> However, the government’s decryption software can decode messages encrypted only up to 40 bits. India wants RIM to either hand over the decryption keys or reduce encryption to 40 bits.

So, they just admitted that the Indian gov't can, at will, snoop & crack _any_ electronic message encrypted at 40 bits or less.

Verrrrrry interrrrresting...

It should have been obvious to anyone that took time to think about it that such a service would never be safe from government eavesdropping. It only keeps it safe from the prying eyes of other members of the public.

Maybe I'm a bit of a Luddite in this regard but I use a cellular phone for phone calls and leave e-mail where it belongs, on my computer.

These articles in India are probably BS. The BlackBerry uses symmetric key encryption for enterprise and are generated by the end user. So RIM could not possibly hand over keys that it does not have.

According to the RIM website, the non-corporate BlackBerry emails are not encrypted, but they supposedly use some other weird system that protects from prying eyes. People buy Blackberry's because they are supposed to be keep your emails and stuff private, otherwise why buy the thing when an average mobile will do. If RIM execs sacrifice the average joe's emails while protecting big corporations, then that tells you something about the ethics of those execs. Shame on them, people expect better of them and if the average non-corporate BlackBerry user knew that RIM could read emails, they probably wouldnt buy the damned things.
Get it together RIM, grow a spine and fight back for the average people too, otherwise you're doing nothing but decieving people into a false sense of security.

Speaking of keys, i don't know anything about what they did, but there is some plausible speculation:

Assuming that blackberry uses some secure key exchange scheme, e.g. (for simplicity) Diffie-Hellman + signature check, the endpoint server could just log and give indian govt. its own private exponents. Then if indian govt. has sniffed key exchange, it could find shared secret and decode message.

(btw same applies to sniffed data from SSL and SSH sessions made with broken debian/ubuntu's openssl)

http://www.emergentchaos.com/archives/2008/05/this_may_be_fud.html

"What I was told is that this is complete FUD and false. The BlackBerry crypto is real crypto, just like SSL, PGP, S/MIME or anything else. The keys are generated on the handsets and on the BES server. There is end-to-end crypto, using real protocols like SPEKE. RIM doesn't have the keys to give. RIM cannot give the keys over because only the devices have them. "

And this:

http://timesofindia.indiatimes.com/Business/India_Business/RIM_not_to_give_keys_of_BlackBerry/articleshow/3074905.cms

"BlackBerry vendor Research-In-Motion (RIM) said it cannot hand over the message encrytion key to the government as its security structure does not allow any ‘third party’ or even the company to read the information transferred over its network. "