Entries Tagged "India"

Page 2 of 3

UAE to Ban BlackBerrys

The United Arab Emirates—Dubai, etc.—is threatening to ban BlackBerrys because they can’t eavesdrop on them.

At the heart of the battle is access to the data transmitted by BlackBerrys. RIM processes the information through a handful of secure Network Operations Centers around the world, meaning that most governments can’t access the data easily on their own. The U.A.E. worries that because of jurisdictional issues, its courts couldn’t compel RIM to turn over secure data from its servers, which are outside the U.A.E. even in a national-security situation, a person familiar with the situation said.

This is a weird story for several reasons:

1. The UAE can’t eavesdrop on BlackBerry traffic because it is encrypted between RIM’s servers and the phones. That makes sense, but conventional e-mail services are no different. Gmail, for example, is encrypted between Google’s servers and the users’ computers. So are most other webmail services. Is the mobile nature of BlackBerrys really that different? Is it really not a problem that any smart phone can access webmail through an encrypted SSL tunnel?

2. This an isolated move in a complicated negotiation between the UAE and RIM.

The U.A.E. ban, due to start Oct. 11, was the result of the “failure of ongoing attempts, dating back to 2007, to bring BlackBerry services in the U.A.E. in line with U.A.E. telecommunications regulations,” the country’s Telecommunications Regulatory Authority said Sunday. The ban doesn’t affect telephone and text-messaging services.

And:

The U.A.E. wanted RIM to locate servers in the country, where it had legal jurisdiction over them; RIM had offered access to the data of 3,000 clients instead, the person said.

There’s no reason to announce the ban over a month before it goes into effect, other than to prod RIM to respond in some way.

3. It’s not obvious who will blink first. RIM has about 500,000 users in the UAE. RIM doesn’t want to lose those subscribers, but the UAE doesn’t want to piss those people off, either. The UAE needs them to work and do business in their country, especially as real estate prices continue to collapse.

4. India, China, and Russia threatened to kick BlackBerrys out for this reason, but relented when RIM agreed to “address concerns,” which is code for “allowed them to eavesdrop.”

Most countries have negotiated agreements with RIM that enable their security agencies to monitor and decipher this traffic. For example, Russia’s two main mobile phone providers, MTS and Vimpelcom, began selling BlackBerrys after they agreed to provide access to the federal security service. “We resolved this question,” Vimpelcom says. “We provided access.”

The launch of BlackBerry service by China Mobile was delayed until RIM negotiated an agreement that enables China to monitor traffic.

Similarly, last week India lifted a threat to ban BlackBerry services after RIM agreed to address concerns.

[…]

Nevertheless, while RIM has declined to comment on the details of its arrangements with any government, it issued an opaque statement on Monday: “RIM respects both the regulatory requirements of government and the security and privacy needs of corporations and consumers.”

How did they do that? Did they put RIM servers in those countries, and allow the government access to the traffic? Did they pipe the raw traffic back to those countries from their servers elsewhere? Did they just promise to turn over any data when asked?

RIM makes a big deal about how secure its users’ data is, but I don’t know how much of that to believe:

RIM said the BlackBerry network was set up so that “no one, including RIM, could access” customer data, which is encrypted from the time it leaves the device. It added that RIM would “simply be unable to accommodate any request” for a key to decrypt the data, since the company doesn’t have the key.

The BlackBerry network is designed “to exclude the capability for RIM or any third party to read encrypted information under any circumstances,” RIM’s statement said. Moreover, the location of BlackBerry’s servers doesn’t matter, the company said, because the data on them can’t be deciphered without a decryption key.

Am I missing something here? RIM isn’t providing a file storage service, where user-encrypted data is stored on its servers. RIM is providing a communications service. While the data is encrypted between RIM’s servers and the BlackBerrys, it has to be encrypted by RIM—so RIM has access to the plaintext.

In any case, RIM has already demonstrated that it has the technical ability to address the UAE’s concerns. Like the apocryphal story about Churchill and Lady Astor, all that’s left is to agree on a price.

5. For the record, I have absolutely no idea what this quote of mine from the Reuters story really means:

“If you want to eavesdrop on your people, then you ban whatever they’re using,” said Bruce Schneier, chief security technology officer at BT. “The basic problem is there’s encryption between the BlackBerries and the servers. We find this issue all around about encryption.”

I hope I wasn’t that incoherent during the phone interview.

EDITED TO ADD (8/5): I might have gotten a do-over with Reuters. On a phone interview yesterday, I said: “RIM’s carefully worded statements about BlackBerry security are designed to make their customers feel better, while giving the company ample room to screw them.” Jonathan Zittrain picks apart one of those statements.

Posted on August 3, 2010 at 11:08 AMView Comments

India Using Brain Scans to Prove Guilt in Court

This seems like a whole lot of pseudo-science:

The technologies, generally regarded as promising but unproved, have yet to be widely accepted as evidence—except in India, where in recent years judges have begun to admit brain scans. But it was only in June, in a murder case in Pune, in Maharashtra State, that a judge explicitly cited a scan as proof that the suspect’s brain held “experiential knowledge” about the crime that only the killer could possess, sentencing her to life in prison.

[…]

This latest Indian attempt at getting past criminals—defenses begins with an electroencephalogram, or EEG, in which electrodes are placed on the head to measure electrical waves. The suspect sits in silence, eyes shut. An investigator reads aloud details of the crime—as prosecutors see it—and the resulting brain images are processed using software built in Bangalore.

The software tries to detect whether, when the crime’s details are recited, the brain lights up in specific regions—the areas that, according to the technology’s inventors, show measurable changes when experiences are relived, their smells and sounds summoned back to consciousness. The inventors of the technology claim the system can distinguish between people’s memories of events they witnessed and between deeds they committed.

EDITED TO ADD (10/13): An expert committee said it is unscientific, but their findings weren’t accepted.

Posted on September 22, 2008 at 6:10 AMView Comments

Terrorists Using Open Wireless Networks

Remember when I said that I keep my home wireless network open? Here’s a reason not to listen to me:

When Indian police investigating bomb blasts which killed 42 people traced an email claiming responsibility to a Mumbai apartment, they ordered an immediate raid.

But at the address, rather than seizing militants from the Islamist group which said it carried out the attack, they found a group of puzzled American expats.

In a cautionary tale for those still lax with their wireless internet security, police believe the email about the explosions on Saturday in the west Indian city of Ahmedabad was sent after someone hijacked the network belonging to one of the Americans, 48-year-old Kenneth Haywood.

Of course, the terrorists could have sent the e-mail from anywhere. But life is easier if the police don’t raid your apartment.

EDITED TO ADD (8/1): My wireless network is still open. But, honestly, the terrorists are more likely to use the open network at the coffee shop up the street and around the corner.

Posted on August 1, 2008 at 6:46 AMView Comments

Sikhs Can Carry Knives on Airplanes in India

That’s what the rules say:

Sikh passengers are allowed to carry Kirpan with them on board domestic flights. The total length of the ‘Kirpan’ should not exceed 22.86 CMs (9 inches) and the length of the blade should not exceed 15.24 CMs. (6 inches). It is being reiterated that these instructions should be fully implemented by concerned security personnel so that religious sentiments of the Sikh passengers are not hurt.

How airport security is supposed to recognize a Sikh passenger is not explained.

Posted on June 10, 2008 at 6:27 AMView Comments

BlackBerry Giving Encryption Keys to Indian Government

RIM encrypts e-mail between BlackBerry devices and the server the server with 256-bit AES encryption. The Indian government doesn’t like this at all; they want to snoop on the data. RIM’s response was basically: That’s not possible. The Indian government’s counter was: Then we’ll ban BlackBerries. After months of threats, it looks like RIM is giving in to Indian demands and handing over the encryption keys.

EDITED TO ADD (5/27): News:

BlackBerry vendor Research-In-Motion (RIM) said it cannot hand over the message encrytion key to the government as its security structure does not allow any ‘third party’ or even the company to read the information transferred over its network.

EDITED TO ADD (7/2): Looks like they have resolved the impasse.

Posted on May 21, 2008 at 2:09 PMView Comments

Fourth Undersea Cable Failure in Middle East

The first two affected India, Pakistan, Egypt, Qatar, Saudi Arabia, the United Arab Emirates, Kuwait, and Bahrain. The third one is between the UAE and Oman. The fourth one connected Qatar and the UAE. This one may not have been cut, but taken offline due to power issues.

The first three have been blamed on ships’ anchors, but there is some dispute about that. And that’s two in the Mediterranean and two in the Persian Gulf.

There have been no official reports of malice to me, but it’s an awfully big coincidence. The fact that Iran has lost Internet connectivity only makes this weirder.

EDITED TO ADD (2/5): The International Herald Tribune has more. And a comment below questions whether Iran being offline has anything to do with this.

EDITED TO ADD (2/5): A fifth cut? What the hell is going on out there?

EDITED TO ADD (2/5): More commentary from Steve Bellovin.

EDITED TO ADD (2/5): Just to be clear: Iran is not offline. That was an untrue rumor; it was never true.

Posted on February 5, 2008 at 8:28 PMView Comments

Cows Get Photo IDs in India

You can’t make this stuff up.

Authorities say crime syndicates find it easy to tamper with branding or tattooing of the cattle—hence the idea for photo identity cards which should be difficult to falsify.

Valid for two years, each laminated cattle ID card displays the picture of the animal and its owner. It also carries vital information about the animal, such as its colour, height, sex and length of horns.

It carries the owner’s name and address and sometimes other details about the animal—like one “horn missing” or “half tail lost”.

Does anyone really think this will improve security?

Posted on September 6, 2007 at 1:51 PMView Comments

Police to Monitor Indian Cyber-Cafes

It stops terrorism, you see:

Vijay Mukhi, President of the Foundation for Information Security and Technology says, “The terrorists know that if they use machines at home, they can be caught. Cybercafes therefore give them anonymity.”

“The police needs to install programs that will capture every key stroke at regular interval screen shots, which will be sent back to a server that will log all the data.

The police can then keep track of all communication between terrorists no matter, which part of the world they operate from.This is the only way to patrol the net and this is how the police informer is going to look in the e-age,” added Mukhi.

Is anyone talking about the societal implications of this sort of wholesale surveillance? Not really:

“The question we need to ask ourselves is whether a breach of privacy is more important or the security of the nation. I do not think the above question needs an answer,” said Mukhi.

“As long as personal computers are not being monitored. If monitoring is restricted to public computers, it is in the interest of security,” said National Vice President, People Union for Civil Liberty.

EDITED TO ADD (10/24): This may be a hoax.

Posted on September 5, 2007 at 1:00 PMView Comments

1 2 3

Sidebar photo of Bruce Schneier by Joe MacInnis.