Fast Net News, DSL Prime, DOCSIS Report

RIM just issued a statement that they couldn't provide the Indian government a decryption key for Blackberries in India because it was technically impossible. I have absolutely no proof, but I'm nearly certain they are lying. If that were true, I'd expect the U.S. government to rapidly put them out of business.

"RIM does not possess a 'master key', nor does any 'back door' exist in the system that would allow RIM or any third party, under any circumstances, to gain access to encrypted corporate information. In order to provide corporate customers with the necessary confidence that the transmission of their valuable and confidential data is completely secure, the BlackBerry security architecture for enterprise customers was purposely designed to exclude the capability for RIM or any third party to read encrypted information." (RIM statement via GigaOm.)

     The AT&T/NSA and Verizon/NSA massive collaborations confirmed what most of us in networks take for granted: the U.S. government expects access to everything. "What we couldn't do before 9/11, we can do now," I hear from a friend I believe knows what he's talking about. 

     We all know this from ordinary news reports. Think how many times you've read "intelligence sources discovered a message and we are raising the alert level;" "a communications intercept has led to a warning" or something similar. Of course they are listening to just about everything. Quietly, in the background of industry news, "security concerns" are a huge issue in any big merger. The most dramatic was Alcatel-Lucent. According to WSJ, the U.S. government formally required the right to reverse the merger if they developed security concerns.

      It's not for me - or anyone not Indian - to say whether the Mumbai Attack of 2008 justifies an Indian government policy of being able to intercept everything. With 1.2M Blackberries in India, it certainly would be practical for a small group planning an attack to obtain a few.

      But I will say it's hypocritical for RIM to deny the Indian government what it provides to the U.S. and probably several Europeans.

      Incidentally, it's disingenuous to say "anyone can find good encryption systems so it makes no difference that Blackberry is encrypted." In practice, very few people do so and they stand out in traffic analysis for special attention. It's impractical to pay special attention to 1.2M+ Blackberries.

     Unbreakable encryption is much harder than just downloading the latest PGP. Wireless cell phones are essentially all cracked if you have government scale resources. Indirect attacks often succeed when pure mathematical decryption is impractical. The latest is a surprisingly successful attack from the residues of your fingers entering passwords on a touchscreen phone.