[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Drunken Eben interviewed by Indiatimes
Drunken Eben interviewed by Indiatimes
Wed, 08 Dec 2010 16:01:00 -0000
He is on tour in Inida, opening the indian SFLC branch...
"Doesn't encryption via public key infrastructure , which you brought in
1990s with Philip Zimmerman, threaten security of nations?
Spying is becoming the ultimate power game. It is a cheap, quick way to
win. During the cold war era, the US developed extensive control over
signal communication. There were tight controls over public key
infrastructure (PKI) software. PKI existed from 1977 onwards. It was
developed by professors Ron Rivest, Adi Shamir, and Leonard Adleman.
Their surnames combined to make RSA, a security firm. RSA, till 1991,
ran a semi-secret , closed relationship with the National Security
When Philip Zimmerman wrote the first public encryption software in
1991, I saw it on a bulletin board and left a note saying Youll soon
need a lawyer. The US treated encryption as armaments. For two years,
we struggled with the US government. Ultimately , we succeeded in
convincing them to drop criminal proceedings.
The result of freedom to encrypt is the emergence of e-commerce . The
global financial system which relies on safe wire transactions , depends
upon digital certificates. We didnt realise how powerful free software
is until 9/11 happened. Now we cant go back. The world cant do without
What do you feel about the standoffs between governments and MNCs over
Its a big gimmick by the Indian government . Its a power struggle
between technological freedom and government control. Today if I pick up
my US phone and make call to an Indian number, chances are that India,
the US and some guys north of you (read the Chinese ) are listening. No
terrorist is going to use an expensive BlackBerry, if they want untapped
communication. They can just use free software from web. When I
communicate using software like this (He shows a free email and
encryption software on his IBM Thinkpad), no government on earth can
overhear. Its all available on internet for free.
The BlackBerry standoff is about sovereignty. Its about proving that if
the next door government can make an MNC obey so can we. The Indian
government just wants to prove to its citizens that it has control, when
actually nobody can control free communication. In reality, no nation
can control it.
The thing about Skype is interesting. If you chat on Skype, the US and
Chinese both can monitor. If you make Skype VoIP calls, then US can
listen to, but very few other nations can do so. Skype, is a $1.6
billion headache, which embroils you with every government in the world.
No wonder, John Donahoe (eBay CEO) sold 70% in it.
What, according to you, is free software? Does it mean it comes at nil
I started out life as a programmer in 1971. I saw a teletype (early form
of computer) for the first time when I was in the seventh standard
during 1970s in a school in New York. I wrote my first program when I
was in the 9th standard. Software was essentially free then because it
could actually run on mainframes, which were very expensive machines. "
Man oh man, what a clown.
"Just days after giving BlackBerry manufacturer Research In Motion (RIM)
a 60-day reprieve, government officials in India broadened the scope of
their battle against encryption technology, turning their attention to
companies such as Google and Skype.
"All people who operate communication services in India should have a
server in India," Home Secretary G.K. Pillai said during a Wednesday
press conference, emphasizing the need for telecom companies to work
with the country's security forces in order to combat the possible use
of encryption technology by militants to plan terrorist-style attacks.
Nokia has already committed to building a server within India's borders,
and telecom officials in New Delhi have asked RIM to do so as well,
according to various media reports. Notices have also been sent to
Google, operators of the Gmail service, and Skype, an Internet telephone
service, Reuters reporter C.J. Kuncheria said on Wednesday.
"Skype has a similar issue to Blackberry, in so far as it uses a
proprietary protocol and no-one knows what is under the hood," Carsten
Casper, research director at analyst firm Gartner, told BBC News on
On Monday, telecom officials met to discuss the future of the
BlackBerry, and decided to delay a threatened ban of the device's email
and internet messaging service features for a period of two months. The
decision came after RIM "made certain proposals for lawful access by law
enforcement agencies," Ministry of Home Affairs officials said in a
According to earlier reports by AP Business Writer Erika Kinetz, Indian
officials had claimed that they were "not eager to ban the BlackBerry,"
but vowed that they would not "compromise on national security." Several
other countries, including Saudi Arabia, Kuwait, and the United Arab
Emirates, have expressed concern over security features used by mobile
devices, but the Indian government would be the first to act against a
"All security concerns (related to BlackBerry) need to be addressed,"
Home Minister P. Chidambaram confirmed to French news agency AFP on
Tuesday. "Our stand is firm. We look forward to getting access to the
data. There is no uncertainty over it." "
"Research In Motion (RIM) is at standstill with the Indian government
over demands that the company provide authorities a way to read
encrypted email messages that travel across BlackBerry's network. The
government said it will shut down RIM's email and messaging services in
India if the company doesn't comply with its demands by August 31.
Explaination about how the BlackBerry system works and why governments
consider as a threat:
What steps does RIM take to make sure that the email of its business
customers cannot be intercepted by third parties?
RIM uses powerful codes to encrypt emails as they travel between a
BlackBerry device and a computer known as a BlackBerry Enterprise Server
(BES), designed to secure those emails. Governments in India and
elsewhere say criminals use BlackBerrys to do their business because
they know the government cannot monitor. The encrypted messages can only
be unlocked with software "keys" that are located either on the
BlackBerry device itself, or at a particular customer's BES.
Do RIM customers get the same level of email security as businesses?
No. Email for consumers and small businesses is not protected by the
same system of keys that encrypts corporate messages. BlackBerry's
consumer service runs on a system known as BlackBerry Internet Service
(BIS), which is less daunting for authorities to crack.
Is BlackBerry's security different from other smartphone vendors?
Yes. All BlackBerry traffic runs through RIM data centres, which help
manage the devices and traffic, identifying anomalies that might present
Can RIM unscramble a message encrypted by its business customer's
RIM says it cannot unscramble data of its enterprise customers because
it does not possess the keys needed to do so.
What level of access does the US government enjoy?
Authorities in the US and European countries such as Britain and Germany
can seek a court order to tap BlackBerry traffic, giving them access to
messages sent over the network.
If the data is encrypted, how is it possible for the government or RIM
to install a wire tap?
Bruce Schneier, an expert in encryption who is chief security technology
officer for BT, said it is relatively simple. Authorities just need to
put an eavesdropping box on the BlackBerry Enterprise Server, which
decrypts the data to gather a reconstituted message. Another alternative
would be to install spyware on the handheld device itself.
How strong is the BlackBerry encryption? Is it possible for government
code crackers to break the encryption on their own?
Some analysts speculate that may be the case. But breaking encrypted
code is not an easy taskit is a slow process that requires tremendous
skill and powerful computers. RIM's enterprise system offers two
transport encryption options, Advanced Encryption Standard (AES) and
Triple Data Encryption Standard (Triple DES). A BlackBerry device will
by default choose the 256-bit encryption of AES for transport layer
encryption. Triple DES is a two-key algorithm that generates message and
device transport keys.
Has RIM made any concessions ahead of the August 31 deadline?
Yes. RIM has offered to track email message feeds for the government,
which could include providing services such as compiling detailed logs
of a particular user's correspondence. But RIM still has not agreed to
India's key demandthat they hand over unencrypted messages.
Has RIM made any concessions elsewhere?
Yes. In Saudi Arabia the firm has agreed to hand over codes used to
encrypt traffic of its BlackBerry messenger instant messaging service.
RIM was also delayed from entering Russia and China for several years
while intelligence agencies worked through their concerns. Little is
known about any compromises reached, but Russia has tight rules on where
RIM can locate BES servers for corporate clients in that country.
BlackBerry messenger is offered to corporate and consumer clients. Do
corporate customers get a more secure version of the service?
The service is a form of instant messaging that bypasses the BES and
corporate networks. It runs on a proprietary system known as PIN
encryption that is not as powerful as the options available on the BES
email system. By default, all BlackBerrys ship with a global PIN
encryption key that allows users to unscramble messages sent from any
(GNG is a derecursive recursive derecursion which pwns GNU since it can
be infinitely looped as GNGNGNGNG...NGNGNG... and can be said backwards
too, whereas GNU cannot.)