Privacy Versus National Security

Posted: September 12, 2010 in Shubham's Posts
Tags: , , , , , , , ,

A serious debate about “Privacy vs National Security” is raging in India for the last few months.

It relates to the threat of the Indian Government to ban the BlackBerry services in the country if it is not allowed to have access to the encrypted data of its email and messenger services, which it believes could be used by the terrorists to communicate with each other and to the detriment of India’s national security.

Here is what the media said on 12th August, 2010 –

It is worth noting that Tata Teleservices’ application to offer BlackBerry Services in India has been rejected after the Department of Telecom (DoT) forwarded the request to the Union Ministry of Home Affairs (MHA) citing that under India’s Information Technology Act of 2000, the government has the right, under certain circumstances, to intercept electronic communications for security reasons and in national interest. Security agencies say that terrorists are increasingly using the internet and applications such as e-mail to communicate with one another. RIM (Research in motion) operates in more than 130 countries around the world and says that it respects the regulatory requirements of governments. It however uses an algorithm to keep its data protected and thus inaccessible to the government of any country. Other operators, who already hold a license to offer BlackBerry services in India, have been asked to give the government access and the right to intercept emails, under threat of cancellation of their BlackBerry licenses. These operators include Vodafone Essar, the Indian joint venture of Vodafone Group and Reliance Communications, a large Indian mobile services provider.

What is BlackBerry?

BlackBerry is a device developed by Canada’s Research in Motion (RIM) and more than a million people in India use its services.

The main USP of the BlackBerries is their security which is believed to be the best in the world for communications with handheld devices. The details about BlackBerry security are given here and a brief about wireless data security is reproduced below:-

Wireless Data Security

End-to-end Encryption
The BlackBerry Enterprise Solution offers two transport encryption options, Advanced Encryption Standard (AES) and Triple Data Encryption Standard (Triple DES), for all data transmitted between BlackBerry® Enterprise Server and BlackBerry smart phones.

Private encryption keys are generated in a secure, two-way authenticated environment and are assigned to each BlackBerry smart phone user. Each secret key is stored only in the user’s secure enterprise account (i.e., Microsoft® Exchange, IBM® Lotus® Domino® or Novell® GroupWise®) and on their BlackBerry smart phone and can be regenerated wirelessly by the user.

Data sent to the BlackBerry smart phone is encrypted by BlackBerry Enterprise Server using the private key retrieved from the user’s mailbox. The encrypted information travels securely across the network to the device where it is decrypted with the key stored there.

Data remains encrypted in transit and is never decrypted outside of the corporate firewall.

BlackBerry-1

RSA SecurID Two-Factor Authentication
BlackBerry MDS Services on BlackBerry Enterprise Server support RSA SecurID® authentication, providing organizations with additional authorization when users access application data or corporate intranets on their BlackBerry smart phones. BlackBerry MDS Services utilize RSA ACE/Agent® Authorization API 5.0 to interface to RSA ACE Servers®. Users are prompted for their Username and Token Passcode when navigating to a site or application requiring authorization.

HTTPS Secure Data Access
BlackBerry MDS Services act as a secure gateway between the wireless network and corporate intranets and the Internet. They leverage the BlackBerry AES or Triple DES encryption transport and also enable HTTPS connections to application servers.

BlackBerry smart phones support HTTPS communication in one of two modes, depending on corporate security requirements:

• Proxy Mode: An SSL/TLS connection is created between BlackBerry Enterprise Server and the application server on behalf of BlackBerry smart phones. Data from the application server is then AES or Triple DES encrypted and sent over the wireless network to BlackBerry smart phones.
• End-to-End Mode: Data is encrypted over SSL/TLS for the entire connection between BlackBerry smart phones and the application server, making End-to-End Mode connections most appropriate for applications where only the transaction end-points are trusted.

BlackBerry-2

IBM Lotus Notes Email Encryption Support
BlackBerry Enterprise Solution support for Lotus Notes® email encryption is designed to increase usability of the BlackBerry Enterprise Solution. With BlackBerry Enterprise Server v4.1, BlackBerry smart phones are able to read Lotus Notes encrypted email.

BlackBerry smart phones applications created using the BlackBerry® Java™ Development Environment (JDE), which have certain functionality — such as the ability to execute on startup or to access potentially sensitive BlackBerry smart phone application data — require developers to sign and register their applications with Research In Motion (RIM). This adds protection by providing a greater degree of control and predictability to the loading and behaviour of applications on BlackBerry smart phones.

Additionally, the BlackBerry Signing Authority Tool can help protect access to the functionality and data of third party applications by enabling corporate developers or administrators to manage access to specific sensitive Application Programming Interfaces (APIs) and data stores through the use of server-side software and public and private signature keys.

To help protect BlackBerry® MDS Studio applications from tampering, corporate developers can sign an application bundle with a digital certificate described by an alias. They can use either a trusted certificate authority (CA) or a generated (self-signed) certificate. BlackBerry MDS Studio generates and signs applications with certificates that are compliant with the Public Key Infrastructure (X.509) standard.

Government of India’s stand on this issue

  1. BlackBerry’s process of information exchange is based over the net via the messenger service and email.
  2. The government of India’s current surveillance mechanism is to scan data at the cell phone towers of telecom operators. The net is simply way too extensive and exhaustive to police.
  3. Information from one BlackBerry to another moves via the customer’s particular cell phone operator’s tower.
  4. The problem from the government’s point of view is that this information at the cell operator’s tower is encrypted by BlackBerry. It’s been one of their USP’s in fact.
  5. The government wants access to this data as there is a legitimate possibility that security threats may use BlackBerry’s encrypted information convenience to communicate with each other hence leaving the government with no way of tracking them down.

Why the ban?

The Government of India has reportedly asked RIM for access to the encryption keys in order to make incoming and outgoing emails legible to government security agencies. The home ministry has asked all cell phone operators to help the Department of Telecom in deciphering and monitoring the enterprise services data of RIM.

Blackberry has come out with a tentative solution on providing access to the Metadata of BlackBerry services, which will be monitored by Indian security agencies. The Department of Telecom has remained unsatisfied with the deal as Metadata was only showing the length of the text, when it was written and its author, which is of no use, even if the author turns out to be a terrorist. In reply, BlackBerry said that they have been keeping their policies same for all countries.

Earlier RIM had come up with a another solution that the information to the security agencies would be provided on a deferred basis. The government agencies rejected this solution and demanded to have real time information rather than the deferred ones.

RIM had provided an option to the security agencies and officials of the Home Ministry that they could hand over details of BlackBerry phones needed to be monitored and it also agreed to decrypt all the Blackberry Messenger and Blackberry Enterprise mail Service which was demanded by the security office. However, the proposal was rejected as the security agencies said that providing phone numbers of suspicious calls for surveillance would expose the source to an outside company and that would prove detrimental for the country’s security.

RIM has assured India that it will provide a “technical solution” presumably similar to the arrangement RIM recently worked out with Saudi Arabia, but India still isn’t making any final decisions just yet, with a government source simply saying that its “technical team will evaluate if it works.” The issue has been deferred and somewhat curiously, the source also mentioned that India had “concerns” about Gmail and Skype, but didn’t offer any further details.

My Views & Opinion

First of all, as stated above, we should be clear about the route taken by a corporate BlackBerry message and its security features:-

The BlackBerry cell phone sends the encrypted message to the BlackBerry server(s) which then sends that message to the corporate’s Exchange server (BlackBerry Enterprise Server runs on top of Microsoft Exchange Server). The exchange server then sends it ‘out’ to the recipient’s email server.

The BlackBerry security architecture is specifically designed to provide corporate customers with the ability to transmit information wirelessly while also providing them with the necessary confidence that no one, including RIM, could access their data. This has been done purposefully to provide corporate customers with the necessary confidence that the transmission of their valuable and confidential data is completely secure.

BlackBerry does not possess a “master key”, nor does any “back door” exist in the system that would allow RIM or any third party, under any circumstances, to gain access to encrypted corporate information. Thus, RIM can accommodate any request for a copy of a customer’s encryption key since it does not at all at any time; ever possess a copy of the key.

BlackBerry Enterprise Server (BES) security architecture is deliberately designed to perform as a global system independent of geography. The location of infrastructure and the customer’s choice of wireless network are irrelevant factors from a security perspective where end-to-end encryption is employed.

Anyone who knows this (publicly available information) and does not want his email read can simply install a third party encryption tool (for instance PGP) on his BlackBerry. Then what happens is that the Blackberry device encrypts the already (PGP) encrypted message and sends that out to its server. Even if the server decrypts the Blackberry encryption, there is nothing that can be done about the third party encryption that has happened at the sender’s end, without the keys to decrypt it. PGP for instance is a widely used encrypting tool and is as of now perfectly legal to use. There are a number of tutorials on the Internet that shows how such third party encryption can be set up on handhelds. You don’t need to be a hacker to do that. Even if one goes by the argument that the bad guys may use Blackberry devices to send messages to each other, the presumption that the communication will be in human language is rather naïve. Using predetermined code words sensitive information can be passed on between parties in between what appears to be common everyday conversation. “Where are you going ..?” – “My gramophone is not working.” may mean just that or those could be a secret code.

Here is a short tutorial of the many available on the internet on PGP –

If, say, the Government finally gets its way and BlackBerry data starts residing on servers located physically in India and suppose BlackBerry makes the messages readable.

It would be near impossible to simply read (via human or machine) all messages and emails sent by BlackBerry devices. I am not sure, but it can well be imagined as to what infrastructure would be required to scan the entire lot of transmitted BlackBerry messages in real-time and the algorithms required to pick up keywords and flag specific messages for human review.

It has also been reported that Google and Skype are under the radar of the Government of India as well, but it is not clear as to for what reasons.

The authorities should well understand that there are hundreds of email service providers and forcing all of them to place servers that store emails of Indian accounts to be placed in India will be extremely difficult and time plus resource consuming.

In a purely hypothetical world, let us say the above becomes possible and the security agencies can ‘monitor’ all emails sent using any email provider. The simplest solution for anyone not wanting the government to read its emails is to again use encryption tools – like the open source PGP. The third party encryption tools are relatively easy to setup and as the reports on the internet say, nearly impossible to decode.

All that shall be achieved is potentially compromised corporate security, unnecessary hassles for the service providers, who may have to setup infrastructure in order to play along and in turn pass the additional cost on to customers.

India’s image in the corporate world shall take a beating and it would be classified as a country which disallows confidential and secure exchange of messages over the air, which is very important & necessary for the corporate sector.

Yes, it’s true that India has had some tragic experiences with terrorism, and it’s also true that terrorists need secure communication to hide from police and the intelligence services. But any terrorist would not be using a BlackBerry. Any mail he sends is not only traceable, but also stored and backed up. (As for BIS (BlackBerry Internet Service), it is in RIM’s control: so access is easier for government agencies.). The smarter terrorists will go to a cybercafé, and use a Gmail or Yahoo mail account. He’d simply read and save the mail in draft mode without sending mail (so there’s nothing to intercept). Then there’s file share: sites like YouSendIt, where he can keep encrypted files, leaving almost no trace, unlike with a BES mail.

And here is how to use PGP in Gmail –

Of course, the Indian government may also decide to ban PGP and other encryption algorithms. But will that really work? India has a large number of IT professionals, already doing work for top notch U.S. firms; it is pretty certain, that with this talent pool, somebody shall devise a technology to secure the messages.

My strong feeling is that the Indian authorities should drop the idea altogether, and promote India as a place which allows confidential and secure communication between corporates. This will add to the already attractive scenario and add a push to the growing Indian economy. Terrorism is definitely a concern, but the proposed method is futile, time-consuming and will lead to a downslide in the country’s image.

It would seem that only countries like India, Indonesia and Saudi Arabia are trying to restrict BlackBerry and the like. Well, here is a surprise, if at all it is. The following video indicates how efforts are being made in UK to monitor all phone calls and emails. The European Union of which UK is a member has strict privacy control laws and in view of this, this is very strange. Hear it for yourself ..

My advice to the authorities the world over is to keep their hands off any such action, as the objective they are trying to achieve is not going to be achieved and it leads to the country getting an adverse publicity.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s