Posted by //

Date and Time //
May 21, 08 - 4:09 pm

Categories //

RSS Feed //
RSS 2.0

Apparently, the Indian government can’t crack 256-bit encryption to read protected e-mails on Research In Motion BlackBerrys. It appears RIM is willing to lend a hand, by handing over its (your) keys.

According to this story, which ran in The Economic Times, there’s been somewhat of a riff between the Indian Department of Telecom and RIM over BlackBerry’s inherently robust (until now) encryption.

Apparently, the Indian government can only break crypto if it’s 40 bits, or less. So they asked RIM to fork over the keys that make it possible to decrypt the messages or reduce BlackBerry crypto to 49 bits.

From the story:

According to officials close to the development, Canadian High Commissioner David Malone and RIM officials met telecom secretary Siddhartha Behura on May 7. “It was explained by RIM that it should be possible for the government to monitor e-mails to nonbusiness enterprise customers,” sources told ET. “RIM is considering giving access to individual users’ e-mail to the government. Details on this will be provided in two or three weeks,” sources said.

So it appears, for now, that corporate users don’t have as much to be concerned with.

RIM doesn’t have much more to say on the issue:

A RIM spokesperson said: “RIM operates in more than 135 countries around the world and respects the regulatory requirements of governments. RIM does not comment on confidential regulatory matters or speculation on such matters in any given country.”

I hope RIM grows more of a backbone and “respects” the privacy and security needs of its customers.

Once the keys are public, how long before the cryptography scheme is broken? How long before they’re sold to criminals? And where does this stop? Are keys going to be made available to any government that asks?

One Comment

Lucas wrote on May 21st, 2008 at 5:41 pm

Yeah, my first thought on reading this was that RIM is taking a bigger risk by releasing its cryptography keys and hanging its customers out to dry (and not just non-corporate Indian customers – once RIM betrays one segment of customers, they’ll lose their reputation with many other, supposedly unaffected customers). If it weren’t for India being a such a high growth sector these days, I’d say RIM should hold their ground, give up that market segment, and let the Indian government play the bad guys in this little melodrama.

Or the Indian government could just hire some better hackers…