Apparently, the Indian government can't crack 256-bit encryption to read protected e-mails on RIM BlackBerrys. It appears RIM is willing to lend a hand, by handing over its (your) keys.According to this story, which ran today in The Economic Times, there's been somewhat of a riff between the Indian Department of Telecom and RIM over BlackBerry's inherently robust (until now) encryption.
Apparently, the Indian government can only break crypto if it's 40 bits, or less. So they asked RIM to fork over the keys that make it possible to decrypt the messages or reduce BlackBerry crypto to 49 bits.
From the story:
According to officials close to the development, Canadian High Commissioner David Malone and RIM officials met telecom secretary Siddhartha Behura on May 7. "It was explained by RIM that it should be possible for the government to monitor e-mails to nonbusiness enterprise customers," sources told ET. "RIM is considering giving access to individual users' e-mail to the government. Details on this will be provided in two or three weeks," sources said.
So it appears, for now, that corporate users don't have as much to be concerned with.
RIM doesn't have much more to say on the issue:
A RIM spokesperson said: "RIM operates in more than 135 countries around the world and respects the regulatory requirements of governments. RIM does not comment on confidential regulatory matters or speculation on such matters in any given country."
I hope RIM grows more of a backbone and "respects" the privacy and security needs of its customers.
Once the keys are public, how long before the cryptography scheme is broken? How long before they're sold to criminals? And where does this stop? Are keys going to be made available to any government that asks?