Blackberry gives Indian authorities the ability to snoop on mail, chat, messages and website visits
Thanks to Nick
See article from
Blackberry is ready to provide the Indian authorities with a way to intercept consumers' messages sent and received on its platform.
The news was revealed by the Times of India, which published part of a leaked government document. It said
officials appeared to have dropped demands that the firm also made it possible to access business emails sent over Blackberry Enterprise Server.
The authorities will then be able to:
- track email and email attachments sent over the consumer-version of Blackberry Internet Service (BIS)
- see when chats sent over Blackberry Messenger (BBM) were delivered and read
- monitor which websites were visited
Blackberry has issued a statement confirming its co-operation.
This would bring an end to a long-running dispute between the two sides.
India can now snoop an national BlackBerry messages but not those originating from abroad
||2nd April 2013 |
See article from
In late 2012, back when it was still officially known as Research in Motion, the company behind BlackBerry handsets worked with the Indian government to enable surveillance of Blackberry Messenger and Blackberry Internet Service emails. But now
India's authorities are complaining that they can only spy on communications sent between the estimated 1 million BlackBerry users in India---and they want a list of all BlackBerry handsets across the globe.
Though India's government says its
spooks have now been provided with a list of all Indian BlackBerry users' PIN codes---meaning monitoring communications of these users is now feasible---the authorities don't have PIN codes of foreign users. That makes it difficult for them to identify
and eavesdrop on messages sent between India and people in other countries. And that's what they want to change.
As India's Economic Times reported yesterday, a government panel has recommended that BlackBerry be asked to provide access to
'PIN' details of all its handsets across the globe to enable intelligence agencies in the country to track messages exchanged between Indian subscribers and those living abroad. BlackBerry has not yet provided these data due to privacy and legal
provisions, but the company has previously ceded to India's surveillance demands after being threatened with getting shut off from the country.
|17th April |
India obtains the capability to snoop on BlackBerry Messenger
See article from
Indian security agencies have confirmed to Mail Today that the process to access the Blackberry Messenger (BBM) service would be up and running soon.
Official sources said they would intercept BBM messages in cases where they suspected that the
devices were being used to perpetrate crimes.
Department of Telecommunications (DoT) secretary R. Chandrashekhar told Mail Today that the arrangements were being put in place and the process had begun for lawful interception of BBM services: Directions can be given to any service provider for interception of all BlackBerry services.
Here's how Big Brother will snoop on BBMs. The security agency concerned will first have to approach the Union Home Ministry and seek its permission to tap a particular BBM user's number. The agency will then send a request to a service
provider to access the data of the number. This will be followed by the operator connecting to the agency's channel and divulging the user's communication details.
Asked about the BlackBerry Enterprise Service (BES), which gives a smartphone user
access to a corporate intranet, Chandrashekhar said: We have found a satisfactory way forward. A plan of action has been chalked out for all BlackBerry services (including BES) and there is concurrence on how it will be executed. The matter was
discussed with the home ministry and other security agencies, and the method has been finalised. He said: It's not that access to enterprise service is not available. But the process is cumbersome. In order to access BES, the government
agencies have to tap into service providers that store emails in decrypted (readable) format before they are encrypted and pushed to the recipient's device. The government believes BES is not of very high importance to intelligence and security agencies,
but has asked service providers to share a list of all servers (approximately 5,000 in India).
RIM reprehensively are refusing to comment on the snooping capability. You'd think that they would let their subscribers know about where they stand
with governments being able to intercept their communications.
|24th February |
India demands capability to snoop in all emails
article from en.rsf.org
Reporters Without Borders is alarmed by the latest demands being made by India's security agencies with the aim of reinforcing surveillance of Internet use. Email service providers such as Yahoo! and Gmail are now being instructed to route all emails
accessed in India through servers based there to facilitate monitoring.
The Indian media report that, during a meeting in the office of the home secretary (interior minister), the department of information technology was told to notify all email
service providers of the new directive.
According to an article in The Times of India, the Intelligence Bureau (IB) has also told department of telecommunications to ask mobile phone companies to set up mechanisms for monitoring Internet usage on
Reporters Without Borders said:
These are the latest of many abusive demands that the Indian authorities have made on Internet companies and service providers. The government's desire to step
surveillance of telecommunications has become obsessive since the 2008 Mumbai bombings. It should not forget the fundamental right to confidentiality and privacy. These plans must be dropped and the harassment of Internet companies must stop.
For the moment, Yahoo! routes emails via servers based in India only if they involve email accounts registered in India. Emails sent from accounts registered abroad (addresses ending in yahoo.com or yahoo.fr, for example) are routed
through servers based abroad even if they are accessed in India. This means that the Indian security services cannot inspect them without first making a formal request to the government of the country concerned.
It has also emerged that, at a
meeting in January, security agencies told the department of telecommunications to provide them with a list of all the Indian companies using BlackBerry Enterprise Server (BES), a highly encrypted corporate email service provided by the BlackBerry
smartphone's Canadian manufacturer, Research in Motion.
The security agencies apparently intend to contact each of these companies one by one and ask them to surrender the company encryption key.
According to The Times of India, Research in
Motion has finally established a server in India that will allow Indian law enforcement agencies to intercept messages sent by the BlackBerry instant messaging service, BlackBerry Messenger (BBM), in real-time.
|21st December |
UK BlackBerry phone users are not subject to age verification before access to adult websites
11th December 2011. See article from
huffingtonpost.co.uk by John Carr
Last week my attention was drawn to a notice which had been put up on 3's web site. It reads as follows
Note: If you're using a BlackBerry, we can't put a filter on your phone. This is because BlackBerry apply
their own settings to access the internet
Why had this caveat appeared out of the blue where previously there had been nothing? Had something changed? If so, what and when?
At first everyone started clamming up. I took that as
a sure sign. Then finally two networks confirmed that, right now, they believe none of their BlackBerry users are covered either by the adult content blocking policy or by the IWF list blocking policy. Another network said they believed some BlackBerry
models were still covered but they acknowledged not all of their BlackBerry users are any more.
Why have Blackberry decided to stop running services which keeps adult sites away from children or indeed anyone who has not asked for the adult bar to
be lifted? And what exactly is the position with the IWF list? When did universal coverage under either or both headings cease to be a fact? Was it ever a fact?
Was OFCOM, CEOP, the Government or anyone in authority informed of any changes to what
was very widely understood to be the status quo? If not why not? This is a scandal which risks putting a big dent in the credibility of the whole notion of self-regulation of the internet in the UK, if not elsewhere as well.
My understanding is
that all of the UK's mobile phone networks have been tearing their hair out trying to get RIM to sit down with them and resolve this but it hasn't happened. Meanwhile what are the networks to do? Cut off all of their customers who use BlackBerry devices?
I am sure some people will say that is exactly what they should have done but I think that is rather an extreme view and it ought not to be necessary when RIM have it within their gift to avoid it.
Should the mobile networks have warned parents or
the public or some of their customers?
Blackberry has some explaining to do.
...Read the full article
18th December 2011. See article from
BlackBerry has been summoned to a meeting with the internet censors at Ofcom after it emerged that its internet feed is provided without age restrictions.
Research in Motion (RIM), the company behind the BlackBerry, will be joined at the summit by
the leading mobile networks at the summit called by the telecommunications regulator.
It was brought to our attention that there was a problem, an Ofcom spokesman said: It is to do with the way in which the BlackBerry operating system
works. We are very concerned and want to get this resolved as quickly as possible.
While mobile phone operators have been able to apply filters to other handsets such as the iPhone, they have been unable to do so on the BlackBerry. This is
because data flows through the BlackBerry's own services rather than those provided by the networks. It is understood that RIM did offer its own filtering system to UK networks, but this has only been taken up by T-Mobile.
Update: Blocking Report
21st December 2011. See article from
Ofcom have had their first meeting with RIM on the subject of website blocking. The meeting was attended by all the UK mobile operators and the Internet Watch Foundation (IWF). A second meeting has been scheduled for the New Year to check on progress.
An Ofcom spokesperson reported to Techworld that, although RIM was blocking access to those URLs flagged up by the IWF, it does not currently prevent access to adult content by default.
RIM explained it is now working on new parental
control features that will give parents the ability to control and restrict their children's use of various services and applications on BlackBerry smartphones. Integrated parental control features will be provided in future versions of BlackBerry 7, and
BlackBerry App World 3.1 also offers content rating and filtering options for applications based on the CTIA Wireless Association's Guidelines for App Content Classification and Ratings .
|22nd October |
RIM agrees to block porn in Kuwait
See article from xbiz.com
RIM, the Toronto-based maker of BlackBerry phones, has reached an agreement with the Kuwaiti communication ministry to block porn sites from its devices by the end of the year.
News of the block was reported Reporters Without Borders, which warns
that non-porn websites could be blocked as a result of overblocking. Reporters Without Borders has called on the Ministry of Communication to rescind the measure, which has been worked on for about a year.
|14th August |
The Daily Mail tries to find out
See article from dailymail.co.uk
|6th February |
Deadline passes for RIM to enable Indian snooping on business networks
See article from
Indian Blackberry users could face a ban after the phone's maker failed to meet a government deadline to grant access to encrypted business communications.
Officials in Delhi claim they need to read encrypted Blackberry messages to help guard
against terrorist attacks. They have been locked in negotiations with Research In Motion, which makes the popular device, since last summer.
However as a January 31 deadline passed, RIM said it would not lift encryption for its business clients.
Standard subscriptions with a telephone company can be snooped upon but businesses using their own server can retain the key without providing it to RIM for snooping purposes.
RIM said that complying with the January 31 deadline had proven
technically impossible because does not have the ability to unencrypt messages on business private networks.
It is unclear what steps the government may take as a result of the missed deadline, but senior officials have warned that they would not
take no for an answer.
|15th January |
RIM agree to censor porn for Blackberry phones in Indonesia
13th January 2010. See article
Facing a BlackBerry ban in Indonesia, Research In Motion. says it will comply as soon as possible with a government demand that it block pornography from its smartphones.
RIM has until Jan. 21 to begin filtering porn sites or face legal
action including revocation of its permit to operate in the country, one of RIM's fastest-growing international markets. Communication and information technology minister Tifatul Sembiring said that may include a complete blocking of the BlackBerry's web
RIM is in talks with domestic phone carriers to find a remedy, the Waterloo, Ont-based company said in a statement. It did not respond to a request for further comment.
Better in Malaysia
15th January 2011. See article from
Malaysia will not ban the use of the Blackberry smartphone as of now as it has not caused any problem with regard to security, culture and administration, said Information Communication and Culture Minister Datuk Seri Dr Rais Yatim.
said, if there were sections of society with the facts to prove that the Blackberry phone were causing problems, the ministry through the Malaysian Communications and Multimedia Commission (MCMC), would investigate the matter under the country's existing
He was referring to reports that the Indonesian government planned to ban the use of the Blackberry phone in the republic if its order for the service provider to implement pornography blockers and to create a server is not adhered to
Update: Worse in India
15th January 2011. See
The Indian government, which fears that the heavy encryption on RIM's BlackBerry smartphones makes them convenient for terrorists to use undetected, has asked RIM to grant access to its messenger services before Jan 31, 2011.
According to WSJ:
The lawful access capability now available to RIM's carrier partners meets the standard required by the government of India for all consumer messaging services offered in the Indian marketplace, RIM said in a customer
update seen by Dow Jones Newswires.
No changes can be made to the security architecture for BlackBerry Enterprise Server [corporate email] customers since, contrary to any rumors, the security architecture is the same
around the world and RIM truly has no ability to provide its customers' encryption keys, RIM's customer update said.
RIM continues to work closely with the government and RIM's carrier partners in India…We are
pleased to have delivered a solution well before a mutually agreed milestone date of January 31, 2011, RIM said.
|11th October |
UAE backs off from banning Blackberry phones
article from guardian.co.uk
BlackBerry maker Research In Motion (RIM) has won a reprieve on the threat of a blackout on its 500,000 smartphone users in the United Arab Emirates (UAE), just days before security agencies were due to enforce a ban on email, messaging and web browsing
on the devices.
After months of standoff between the Gulf and Canada, the UAE telecommunications regulator has said that RIM had brought its devices into line with strict local jurisdictions on security and encryption. Although the details of the
compromise are unknown, RIM is thought to have granted some access to communications passed between devices to the UAE government, though there is no confirmation of this from either side.
RIM has publicly maintained a defiant position, insisting
that there would be no changes in the security measures given to its Enterprise customers, who are usually private companies and public bodies granted a greater level of encryption on communication than individual customers.
Regulatory Authority on Friday said: All Blackberry services in the UAE will continue to operate as normal and no suspension of service will occur .
A university professor in UAE, who wishes to remain anonymous, told the Guardian: The
general opinion amongst the business expat community, westerners at least, has been for some time now that [the ban] wasn't going to happen. Call it a failure of imagination on their part, but no one could conceive of how the country could do something
so counterproductive to the image they are trying to present primarily to the west.
Was it posturing? To some extent. The tradition of haggling here is an art form, the performance-value a joy in itself. That attitude certainly informed the
government position vis-a-vis RIM – gamesmanship, brinksmanship, it's what people do here. And, frankly, those making the decisions had little to lose, personally.
|29th September |
US joins in the global whinge about BlackBerry encrypted communications
Based on article from
Developers of email, instant-messaging and voice-over-internet-protocol applications would be forced to redesign their services so their contents can be intercepted by law enforcement agents armed with legal wiretap orders under federal legislation
reported by The New York Times.
The legislation would, among other things, require cellphone carriers, websites and other types of service providers to have a way to unscramble encrypted communications traveling over their networks, the report
said. It specifically mentions companies such as Research in Motion and Skype, which are popular in part because their cellular communications and VoIP services respectively are widely regarded as offering robust encryption that's impractical if not
impossible for government agents to crack.
Under the Communications Assistance to Law Enforcement Act, phone and broadband service providers are required to have the technical means in place to eavesdrop on their subscribers. But it doesn't apply
to communication service providers, which often offer strong end-to-end encryption services that make it infeasible for them to intercept traffic even through it travels over their networks.
Under a draft bill expected to be submitted to the US
Congress when it convenes next year, such services would have to be redesigned, according to the report. Foreign-based providers that do business inside the US would also have to install a domestic office capable of performing intercepts, it said.
|6th September |
So has BlackBerry been compromised?
See article from
Blackberry phones have a reputation for security, and are therefore commonly used by journalists concerned they or their sources could be at risk of government or criminal surveillance. What should journalists working under these conditions make of
these new developments? Will their online security be diminished?
There have been persistent reports that BlackBerry's maker, RIM, has faced pressure to placate security services in India and Saudi Arabia.
Can journalists still depend
on it for secure communications?
Judging from all the evidence, the answer depends on where you obtained your BlackBerry. BlackBerrys are sold either directly to individual consumers by mobile companies, or provisioned by corporate (or government)
IT departments as the mobile extension of their own, private, messaging systems.
If you have been issued a BlackBerry by your employer, or use it to access company mail via what RIM calls a BlackBerry Enterprise Server (BES), the security of your
device is in the hands of your employer, not RIM. Companies are worried about snooping, too, so RIM has purposefully secured its enterprise offerings so that not even RIM can spy on their traffic. As a side effect, this means communication is almost
certainly secure from government interception, even if those governments require RIM to keep its servers in their control. If you feel you are in a vulnerable position, and use a corporate BlackBerry, speak to your IT department about its security.
If you have a consumer BlackBerry bought from a mobile phone company, you do not have the protection of RIM's corporate security system. Locating RIM servers in these countries (as many of them have demanded) would give the local authorities the
ability to straightforwardly intercept all but SSL/TLS (https) Web traffic, and would allow local law enforcement to obtain access to stored e-mail.
One common service used by both enterprise and consumer BlackBerry owners is PIN-to-PIN messaging, the feature that allows BlackBerry owners to send free messages to any other BlackBerry user. PIN-to-PIN has the strongest reputation for privacy. Unfortunately, while it is certainly harder to intercept than SMS (text) messages, the encoding system that RIM uses to send PIN messages can theoretically be decoded.
In summary: if you're a journalist using an enterprise BlackBerry given to you by your employer for work purposes, you are probably well-protected from casual interception (although you should never depend on the inviolability of your
communication systems). If you are using a consumer BlackBerry, do not presume to be any better protected from surveillance than someone using an ordinary mobile phone.
|3rd September |
BlackBerry enables snooping for the Indian authorities
2nd September 2010.
Based on article from guardian.co.uk
The Indian government has lifted a threat to block certain BlackBerry communication services following moves by the technology firm Research in Motion that could allow the country's security authorities greater access to snoop on messages.
Stepping back from the brink of a crackdown, India's ministry of home affairs said RIM had made
certain proposals for lawful access by law enforcement agencies and these would be operationalised immediately . It did not offer any detail on these concessions
Following RIM's apparent concessions, the Indian government said today the
situation would be reviewed in 60 days' time. It added that the country's telecoms ministry was examining whether all the subcontinent's BlackBerry communications could be routed through a server physically located in India.
Update: Wider Issues
3rd September 2010. See article from
India has toughened its scrutiny of telecoms firms with a directive demanding access to everything .
An Indian Home Ministry official told the BBC that any company with a telecoms network should be accessible . It could be Google
or Skype, but anyone operating in India will have to provide data, he said.
The move follows high-profile talks with Blackberry maker Research in Motion about ways to allow Indian security forces to monitor data.
The government is also
likely to target virtual private networks, which give secure access to company networks for employees working away from their offices.
2010. Based on article from thescotsman.scotsman.com
The head of the UN's telecommunications agency is urging BlackBerry's manufacturer to allow foreign law enforcement agencies access to its customers' data.
Hamadoun Toure says governments fighting terrorism have the right to demand access.
|1st September |
Indonesia joins the anti-BlackBerry bandwagon
Based on article from
The war in Indonesia over the available of pornography on mobile devices has resulted in Communication and Information Minister Tifatul Sembiring threatening to kick BlackBerry out of the country. He wants parent company Research in Motion (RiM) to agree
to block all porn from the devices.
The minister has said that he had communicated to RiM his wishes, but has yet to receive a reply.
If they are still not responding to our request, we have to close it down, Tifatul said, adding,
RIM may violates our law if it remains providing porn content in its service [in Indonesia].
Earlier this month, Titaful urged RiM to set up servers in the country. The servers were needed, he claimed, in order to perform wiretaps in crime
cases, bringing in non-tax revenue for the country and reducing service charges for customers. They would also make it much easier for the government to block porn locally.
|14th August |
India wants keys to snoop on email and messaging
article from independent.co.uk
Research in Motion, maker of the BlackBerry, is headed for a showdown with the Indian government, which has revived a threat to shut off service in the country in a row over access to customers' emails.
India has toughened its position in the wake
of reports that RIM has agreed to give the government of Saudi Arabia access to some of the codes with which BlackBerry customer data is encrypted when it passes across the Canadian firm's server network.
A string of emerging markets governments
have been demanding RIM provide additional co-operation with their police and security services to allow snooping of email and instant message traffic, in the name of national security.
India's home ministry has summoned the country's telecoms
operators to a meeting today to discuss access to their BlackBerry users' data, and is expected to demand a deadline for RIM to share encryption details, with the threat of a suspension of some services if the deadline is not met. A senior government
official told Reuters that the operators could be told to shut down RIM's corporate email and messenger services temporarily as a last resort. If they cannot provide a solution, we'll ask operators to stop that specific service, the source said.
The service can be resumed when they give us the solution.
Google and Skype Next
India may shut down Google and Skype Internet-based messaging services over security concerns, the Financial Times reported.
The Financial Times quoted from the minutes of a July 12 meeting between telecommunication ministry security officials and
operator associations to look at possible solutions to intercept and monitor encrypted communications.
There was consensus that there more than one type of service for which solutions are to be explored. Some of them are BlackBerry,
Skype, Google etc, according to the department's minutes. It was decided first to undertake the issue of BlackBerry and then the other services.
India has set an August 31 deadline for RIM. It wants access in a readable format to
encrypted BlackBerry communication, on grounds it could be used by militants. Pakistani-based militants used mobile and satellite phones in the 2008 Mumbai attacks that killed 166 people.
Officials say RIM had proposed tracking emails without
sharing encryption details, but that was not enough.
|9th August |
RIM concedes BlackBerry email snooping powers to Saudi
One has to wonder if
this rather compromises RIM's suggestion that BlackBerry email is safe from snoopers in the west.
Based on article from
RIM Blackberry services have been restored in Saudi Arabia, reports say.
The authorities object to the devices because they operate an encrypted message service meaning that communication from Blackberry devices cannot be monitored.
BBC's Ben Thompson, in Dubai, said that there are conflicting reports about why the handsets are currently working again.
Services are up and running again across the country, he confirmed: But inevitably, that raises more questions than
it answers. If RIM did grant Saudi Arabia access to its security codes, other countries in the region would now expect the same.
RIM has been contacted by the BBC. In a statement earlier this week a spokesperson for the company said that the
devices were deliberately designed to prevent anybody from accessing individual message data, which is stored on servers in Canada: RIM cannot accommodate any request for a copy of a customer's encryption key, since at no time does RIM, or any
wireless network operator or any third party, ever possess a copy of the key. [Then how do they so easily seem to be conceding snooping rights to India and Saudi?]
|5th August |
RIM concedes BlackBerry email snooping powers to India but not UAE
article from theregister.co.uk
RIM has added India to the list of countries with which it's prepared to share data, and will help Kuwait block porn sites, but still hasn't opened its services up to the UAE.
Indian security forces will be able to intercept emails sent and
received by BlackBerry users, within 15 days, as Reuters reports the country has been added to RIM's list of acceptable governments.
BlackBerry users enjoy unparalleled security in their email services, with email stored on RIM's servers and
encrypted all the way to the handset. If you want to intercept mail you need access to the handset, or the servers, which is difficult when the former is in the hands of the user and the latter is in a different country.
The UAE-owned operator,
Etisalat, did try to get snooping software onto BlackBerry handsets with a faked upgrade that failed in spectacular fashion. That really annoyed RIM, so now the UAE government faces crawling to RIM to ask for access to the servers, or just banning the
devices from the country.
|3rd August |
UAE, Saudi and India whinge about not being able to snoop on BlackBerry phone users
Thanks to Spiderschwein
Based on article from dailyherald.com
Research In Motion Ltd.'s BlackBerry service may be banned in India unless the Canadian company agrees to allow India to snoop on usres, according to a government official with direct knowledge of the matter.
India has told Research In Motion
to set up a proxy server in the country to enable security agencies to monitor e-mail trafficl.
RIM has the best encryption, significant subscribers, and a brand that's known across the world, said Anshul Gupta, principal research analyst
at Gartner Inc. in Mumbai.
The Waterloo, Ontario-based company has assured the Indian government that it will address the nation's snooping requirements.
Mint newspaper earlier reported the government is considering banning mobile e-mail
services including BlackBerry.
The company faced obstacles recently in Pakistan, where the national telecommunications regulator said it blocked Internet browsers on BlackBerry handsets, citing supposed concerns over blasphemy.
Moves against BlackBerry in Saudi and UAE
More than a million BlackBerry owners are to have services cut in two Gulf states after authorities demanded access to spy on users.
Arabia and the United Arab Emirates are to prevent the use of the instant messaging service between the handsets. And the UAE will also block emails being sent and bar internet access on the smartphones.
There are an estimated 500,000 BlackBerry
users in the UAE, and 700,000 in Saudi Arabia.
In Saudi Arabia in particular, BlackBerry handsets have become the must-have gizmo for Saudi youths. They enable them to connect with members of the opposite sex in a deeply conservative society.
The Saudi move will begin later this month. Abdulrahman Mazi, a board member of state-controlled Saudi Telecom, has admitted that the decision is intended to put pressure on Blackberry's Canadian owner, Research in Motion (RIM), to release data from
users' communications when needed .
The UAE's telecoms regulator, TRA, said some Blackberry services would be suspended from October 11.
|30th July |
UAE whinges at BlackBerry as data is routed via UK rather than local snoop servers
The authorities in the UAE are making very public noises about RIM's BlackBerry smartphones. Apparently they're a threat to national security.
The United Arab Emirates Telecommunications Regulatory Authority noted that BlackBerrys operate beyond
national jurisdiction because their core mechanism for delivering email is operated and managed by a non-Dubai company. The main concern is simple: In their current form BlackBerrys enable all sorts of communications tricks that could have serious social, judicial and national security repercussions.
Data from BlackBerrys in UAE goes through RIM computers in the United Kingdom. That is so RIM can compress the data to speed up transfers and so that RIM can bundle it to lower the impact on battery life, and so that RIM can encrypt and secure
the data for corporate management reasons.
The TRA also had a veiled threat in these statements--the words current form in particular imply that the TRA may force RIM to modify its hardware or software in the future.