
RIM agrees to hand over its encryption keys to India - andrewpi
http://economictimes.indiatimes.com/news/news-by-industry/telecom/blackberry-maker-research-in-motion-agrees-to-hand-over-its-encryption-keys-to-india/articleshow/15319701.cms
======
mtgx
I don't like this, but I'm starting to see double standards. Why aren't people
just as upset about companies giving the same kind of access to the US
Government thanks to the Patriot Act?

~~~
rmc
They are.

------
andrewpi
While the article implies that corporate BES customers would be compromised
with this move, Crackberry is refuting that aspect:
<http://crackberry.com/rim-encryption-keys>

~~~
tensor
I was under the impression that RIM doesn't even have access to corporate
encryption keys.

~~~
Zenst
I think you will find that the key is used for a VPN link to the RIM servers,
which in turn push the email out to the telco over another encrypted link.

Bottom line the handset has to be able to decript it, so between the telco and
the handset there is a common key at work.

Still if you don't trust your own goverment then why would they trust you.

Just wished some goverments were as open as they like us the public to be.

~~~
nathan_long
>> if you don't trust your own goverment then why would they trust you.

In the context of intercepting and storing your messages, trusting "your own
government" means thousands of strangers, government employees and contractors
alike, in this and future administrations, both now and as long as the data is
stored (likely beyond your lifetime).

It means trusting that they won't leak that data intentionally, for political
or personal gain, or by incompetence, under attack by hackers all over the
world. (And let's face it, almost no one is competent when it comes to that
level of attacks.)

If you send any information at all, business or personal, that you wouldn't
want to be used against you, you can either trust all of these people, or you
can use strong encryption and never worry about it again.

~~~
EthanHeilman
>It means trusting that they won't leak that data intentionally, for political
or personal gain, or by incompetence, under attack by hackers all over the
world.

This! No communication is as secure as it could be if gives access to someone
that is not an intended recipient.

It's not a matter of trust, it is a matter of design and common sense. I trust
plenty of people, but I don't email them the passwords to all my accounts.
Doing so would be an unnecessary risk with zero benefit even if they are 100%
trustworthy (possible) and even if they are never compromised (extremely
unlikely) because other people's systems are beyond my knowledge and my
control. How can someone analyze risk under such circumstances?

* Do you think a secretive intelligence agency is going to announce that they were compromised?

* Even if they do, how much data are they going to provide on what exactly was stolen?

------
rmc
Just goes to show that you shouldn't trust any company who claims to be on
your side w.r.t. encryption.

If you want security, do the encryption yourself.

------
techinsidr
This is the same old debate, and RIM HAS NOT handed over customer encryption
keys -- they don't have access to them:

[http://www.securityweek.com/rim-disputes-indian-media-
cannot...](http://www.securityweek.com/rim-disputes-indian-media-cannot-and-
will-not-provide-email-encryption-keys)

RIM has been saying the same thing for years, that it "does not have the
ability to provide its customers’ encryption keys"

------
enry_straker
Wow. Companies colluding with incompetent governments to tresspass on its
citizens with impunity.

------
sverige
This is a move made from weakness. The reason our company saddles middle
managers with Blackberrys is the no-brain encryption. Some of us travel to
India. There goes more market share for RIM.

~~~
rmc
Conversely, if they were shut down in India they would lose lots of market
share. They might gain more market share in India than lose in the USA (say).

~~~
briandear
They certainly can't lose much more market share in the US, unless negative
market share is possible.

------
EliRivers
Further to techinsidr's link, here is El Reg's take. This is not the first
time Indian authorities have claimed to have keys that arguably don't exist
(did they mean THESE keys, did they mean THOSE keys, the debate rages in the
comments :p ), and it won't be the last.

<http://www.theregister.co.uk/2012/08/02/rim_keys_india/>

------
hessenwolf
On Ebay in 3... 2... 1...

