updated 12:45 pm EDT, Sun April 8, 2012
India claims access to BBM underway
Efforts to spy on BlackBerry Messenger chats in India are almost live, officials explained Saturday. The method would be "up and running soon," India Today was told. As it worked, it would effectively require a wiretap warrant from the Union Home Ministry that would collect all communication from that individual user, catching it in an unencrypted format before it's locked down and sent through the BlackBerry Internet Service.
BlackBerry Enterprise Servers weren't a major worry for the police, Intelligence Bureau director Nechal Sandhu said, since these were usually conversations between employees. The request to watch BBM traffic was part of a broader policy that required officials have access to messages in the theory that it might prevent terrorist attacks similar to those in Mumbai.
RIM had initially objected to the proposed plans when they were set out a year and a half ago, although this partly came out of its existing conditions. Without a server in India, RIM would have at best had to let India spy on Canadian servers. Officially, RIM's BlackBerry system is impossible for it to decrypt even for itself, as the encryption keys are only generated by the end points of a conversation and aren't ever delivered to the company. The decision to set up a Mumbai server largely resolved this by letting the Indian government get what access it could without having international consequences.
Questions have been raised over whether or not the snooping will be effective. The Mumbai attacks were coordinated over plain text messages, and much of it in a short enough space of time that police likely couldn't have intercepted the messages in time. As such, there's no guarantees that the new access to the BlackBerry would have stopped the earlier attacks or anything in the future.
The Department of Telecommunications has nonetheless been emboldened and is suggesting a similar policy for Nokia's push e-mail system to that of RIM's. Android and iOS aren't considered problems, as they use standard security and are more easily intercepted.