Indian government now able to tap BBM messages

By Chris Umiastowski on 8 Apr 2012 09:34 am EDT


On Saturday, India Today reported that the India government is getting its way when it comes to tapping into BlackBerry devices.

I sure hope RIM handles this clearly with the remaining global media sources who haven't yet written about this. For years, there have been significant misunderstandings about RIM security. It has lead to a lot of crappy reporting. And unless RIM takes a different strategy this time, it's bound to lead to more of the same.

The India Today article is well written. The issues are clearly laid out. The government needed RIM's help to decrypt BBM messages coming from BIS accounts. So to be very clear, RIM is not helping the government decrypt BES messages. RIM has always said they don't hold the keys to BES decryption. Those keys are specific to each BES installation.

BBM, which is used by about one million consumers in India, is not as secure as BES. Sure, it uses 256 bit encryption, and is much more secure than a normal email. But the encryption key is shared. It's the same key across all users. So as long as the government has the key, and the encrypted message, it can decrypt whatever it wants.

Thorsten Heins clearly mentioned, on the company's Q4 conference call, that consumers don't value the security of RIM as much as the company initially thought. If that's the case, let's not make a big deal out of this. So what if RIM put a server in India so that local BBM traffic runs through that server. It doesn't change the enterprise security story one bit. And for the 99.9999% of us who are not potential "threats", what do we have to be concerned about?

Source: IndiaToday

Reader comments

Indian government now able to tap BBM messages


I don't see a problem with this... unless you are a criminal, I have no problem CSIS in Canada looking over my messages what so ever.

This is the kind of thinking that gives away your rights. "If I didn't do it I have nothing to hide". Leaving the door wide open for gov.
I think RIM did wrong here by letting gov spy on users. It takes only one country and others will do the same. Now if you argue that this is done in good faith in the name of security to prevent terrorist attacks, I call shenanigans. I rather die knowing that I was free than having gov watching me 24/7.

Im sure the government would need a warrant to dip in those servers anyways? (Although in India, law enforcement can be a joke on some level) However, I'm sure there would be some order amongst judges to prevent abuse of this capability by the government.

Also, your view clearly reflects one untouched by terrorism. I think families of victims of terrorism would beg to differ. Or even families of soldiers out in Iraq defending your life against terrorists would beg to differ. A little "freedom" given up to apprehend terrorists is a small price to pay.
p.s. In case you haven't realised, if the government wanted to "watch" you, they have more than just your phone to look at. So your "freedom" is always "threatened" irregardless. Just live your life and stay away from crime and you'd be fine.

Very well said. Our civil liberties, privacy and individual freedoms are worth more to me than anything else. Ron Paul would never demand for the government to read our BBM messages.

Freedom isn't free. There's always a price to pay whether it is sacrificing your privacy to be safer or sacrificing your safety to be more private. It would be nice if we can choose all the sacrifices we make individually, but that's just not realistic. If we want to be part of something (in this case part of RIM by using their Blackberries) we've got to realize that something like this can happen and that it isn't totally within our power to change. We can always do things like petition or boycott in order to invoke some change but in the grand scheme of things it boils down to each one of us as individuals to figure what we want to do and take part in. RIM has decided upon a path that may be right or wrong in the long run. I'll personally decide to follow them because they aren't a bad company and I like their devices and BBM security isn't extremely important to me. People will disagree with that, but that's up to them. Besides, if I wanted to send messages securely, BBM is NOT the first thing that comes to my mind with it being such a publicly used service. There are other avenues for that.

you don't understand. There are governments, such as India, that will kill you, or at the very least imprison you, for merely criticizing the government. I don't see how RIM can tout security, when they are giving the keys to the house to others on the flip side.

Oh Common. That's bollocks. India is a democratic country. More so than MANY more developed nations out there who flaunts laws that allow detention without rights to trial, e.g. USA!!, Singapore, China. Your security is NOT at risk with this little capability. The government can tap your phones if they wanted to already. This just makes RIM a player in the fight against terrorism. I think it's a positive step for RIM to take. The last thing they want is to be the reason why thousands could be killed by a terrorist. And if you or your family were at risk, I doubt you'd want that too.

Your general knowledge seems to be none about India. India is the biggest democratic country in the world. India helds largest elections in the world. India's constitution is the biggest (in written category) in the world. And now they are becoming largest economy on the solid foundation. People only get killed by terrorists. West world is so far away from pakistan but India shares a large and impossible to fence out border with pakistan and security always the concern. India is not ruled by any dictator and dont have communist one party government like china. Please read or study about a nation before commenting at social forum cause it hurts the feeling of a community, and in this case its Indian!!!!

From Amnesty International:

"India is home to a thriving democracy and to recent stunning economic growth. Unfortunately, this has not prevented multiple serious human rights abuses from remaining a fact of life in many parts of the country. Political and separatist violence and the government's heavy-handed response have threatened the well-being and human rights of millions. Economic development has often threatened the livelihoods, land, and lives of the poor who are in its way. Hundreds of millions live in severe poverty, and women, religious minorities, dalits, adivasis and LGBT Indians can face harsh discrimination and shocking violence".

Yep, sounds like a tiny slice of Paradise.

Not sure what is it and didnt want to initiate a debate on country where others arguments are report of some unfaithful resource. However, India is home of 1.2 billion people those believe in peace and democracy. Its hard to imagine for a west government that how they can imply all rights and laws to the second biggest community of the world equally and impartially but indian govt doing a best job . Secondly, if the situation were that bad you would have heard media crying out loud. The cast and communities mentioned by report are not 100% of population May be a fraction. And its just been 65 years of freedom so still a long way to go.

Security of billion is bigger issue than fun of few. Freedom always come at cost.

Oh that's why in first world countries like in Canada my aunt was able get out of a speeding ticket by showing her cleavge to the RCMP officer?

She drove 120 km/hr on a road that suppose to be 50 km/hr. When you live in a glass house, stop throwing stones at others!

"if i have nothing to hide, then i dont mind the govt reading my messages" what an ignorant statemet. this is the exact type of thinking all the terrorism propaganda is designed to stimulate and reinforce. its sad to see it working so well.

I think the problem with most of you is the key word "India". If Obama, a Black American did something, its always right. For example, during Bush admin, the war was a problem. Now Obama in power, most Americans don't care about the war. Do you even know how much info is being filtred by CIA at the request of Obama admin? No, because if you question him, you would be called a racist, a terrorist or whatever! When India do the same thing, it's wrong.

Why.?or what do you feel like when whoever is spying on you and your partner having a conversation about your secret sex life with your partner ,I don't think you would like a third person to know is .? Unless you don't understand about privacy is it mssca.? I experienced there a case that cop shared sensitive photo and video of a couple when intercepted the couple's phone and find their photo and video ,then shared with friends to watch and end up it's uploaded on the Internet ,so hope that you don't ever store your sensitive video clip between you and your partner having sex in you phone ,remember mssca unless you don't mind people to look in to your personal life and wanted to share the experience of sex life between you and your partner to the world ,,,what is privacy MSSCA?

First off to westex74 I think you need to pick up an atlas, we're talking about India here not Syria for god sake! You can say and do whatever the hell you want in India and nobody will touch you. Secondly I am sick and tired of Americans or any other western government telling what other countries should and should not do, it's none of you're damn business if India wants to tap into BIS. India has been the victim of countless terrorist attacks by it's so called "neighbour" Pakistan. America was the victim of one terrorist attack and look what they did, they go into Iraq and Afghanistan and blow the living shit out it's innocent civilians along with the dirty scum called the Taliban. I lost a distant relative in the Mumbai attacks so it's about bloody time India does something to stay one up against these vile creatures just like America does. You guys talk about giving up civil liberties and all that crap, I dunno what century you're living in but western governments keep an eye on you guys more than developing countries do. They listen to your phone calls, see what you do on the internet, ever heard of CCTV?..yeah thats right they watch you everywhere you go..they even chip your passports god dammit! There is a price when it comes to your safety, we live in a messed up world and these are the actions we have to take to ensure our safety. So if you're a law abiding citizen you have nothing to hide! Please stop acting like you people know what is right for the world because you don't, infact your so called government is the biggest terrorists of them all in my opinion.

Bro you cotracticted yourself all throughout the comment. Step out of this topic in the future if you can't even make your point known. Please don't relpy to my comment as if you have knowlegde on this subject.

Does that mean with apple or android phones your messages are wide open and easy to monitor by the governments? I wonder if the real reason RIM gets bashed since the governments have a hard time tracking what people write and do with blackberries while they can easily monitor apple and android?

Like Heins said . . .regular consumers could care less about security . . .but I'm sure one poorly writen piece about this and that all can change . . .

I do agree that consumers care very little about security, and for a good reason, because there's virtually no existing threat for a normal user at this point. Hacking into a user's computer would be more sensible than hacking into the phones or telephone network unless we're dealing with CIA-security.

The only problem is that RIM has been marketing itself on its security, and they are almost inferior in every other aspect to any other mobile phone makers. Now that they are saying security isn't important anymore, shouldn't they show something that they are good at.

"RIM has been marketing itself on its security" - please provide one source be it a video marketing campaign or an ad where they market their BIS for security.

Why do you come on here if you don't like BlackBerry and don't understand it? Do you really have nothing better to do with your time?


RIM should have NOT opened the BES for anyone.

It's a matter of Principle. The Principle of Privacy and Security which RIM is built on.

RIM isn't helping with BES. There's a different strategy for that. The server will help with BIS/BBM.

I think it was the wrong move. I know RIM needs more consumers, and Inida is a huge market; however, no one should give in to allowing its government to spy on its citizens. It's just a matter of ethics.

Even if the consumer market "doesn't care about security", those at RIM do and I'm sure they understand just exactly what is at risk when you do this type of thing. We're dealing with this very issue right here in Canada with Bill C-30.

"Any society that would give up a little liberty to gain a little security will deserve neither and lose both."

And yet the law is the law - it is not RIM's decision at all to do this. They can either follow the law of the land or they don't do business in that land. So you would rather no India resident had a blackberry?

"F x S = k. The product of Freedom and Security is a constant. To gain more freedom of thought and/or action, you must give up some security, and vice versa. These remarks apply to individuals, nations, and civilizations. Notice that the constant k is different for every civilization and different for every individual. " (niven's law)

When quoting someone pls remember to include the name of the author.

"Any society that would give up a little liberty to gain a little security will deserve neither and lose both." - Benjamin Franklin

"Any society that would give up a little liberty to gain a little security will deserve neither and lose both." -- now that's a buncha bull.

Why don't you sell guns on the streets then? Let's go ALL OUT on giving everyone their liberty and leave it up to chance to catching the "bad guys" and HOPE/PRAY that people don't do bad things with this weapons.

Welcome to Texas. Its been proven statistically that communities with more gun control does not necessarily produce less crime or less murder.

I loved to know that my gov is not able to read my msgs. That is something what I loved on my BB.
And u write so much just to tell us it is not that bad? haha.... every time a govt take a piece of our privacy our world is getting worse.
So what comes next? Other countries want that service too? In US they (can) read every single letter.
Think about it

This move is welcome...RIM has done it right.. Since India was victim for multiple terrorist attack like US, it is actually performing a pattern check on messages from every mobile vendors even iphone /android. Since RIM provides the best secure mobile communication out there, Indian govt. were not able to trace a pattern if the terrorists use BBM messages. So it was a request that made long back and Thorsten has did it. If you cannot believe your government, then why do you vote them to power or who else will you trust?

Regardless of right or wrong a corporate citizen must follow the rules of the land. If they are ordered by the government and have exhausted all legal recourse they must of course accept that the law stands and follow it. So yes RIM did the right thing.

I find it funny that people (including some heads of state that I wokred with) who use their ISP, Google, Hotmail and local versions of the open email programs are concerned about security. Their emails are floating by in clear text, their phone calls on GSM-3 networks can be listed in on by $1500 worth of equipment on a laptop. Heck, a BES admin can set up auditing on the BES server as well to audit all traffic to their corporate BlackBerry devices - including BBM and SMS (note: taht is BES - corproate traffic, not BIS - consumer traffic).

RIM even says in their public security documents online that BBM is not considered a secure messaging platform specifically because it uses one share public key.

Think of it another way, the government already has access to your emails - for corporate customers all they need to do is get access to the corporate email servers, and for consumersthey just need to access your ISP/mai;l providers - in the states that requires a subpoena, but who knows in other countries. Also the governments have access to your phone records the same way.

Lastly, there are other solutions out there that perform the same task as RIM BBM , with private key encryption across multiple platforms that the government cannot access (or doesn't know about).

"Lastly, there are other solutions out there that perform the same task as RIM BBM , with private key encryption across multiple platforms that the government cannot access (or doesn't know about)."

Not quite the same task and honestly if someone uses that in India they can be *forced* to divulge keys legally under Indian law the same as RIM was(and since contempt of court sentences are "unlimited" it's usually best to comply).
BES is still a good and viable solution for those who want high security (BBM/BIS never was "high security")

These posts are truly pathetic, and why I increasingly am disappointed at both the articles put up at Crackberry and the comments they generate.
RIM has to comply with the laws of the countries they operate in. It's actually a pretty big win for RIM and cave for the Indian government that BES BBM is left alone.

Oh and I love the Crackberry editorial, which amounts to I sure hopw RIM doesn't F-up again. Really coming here makes me less and less likely to buy another RIM product.

Let me be clear it isn't just RIM itself (although they help with Alec Sanders wanting to stop me loading the apps I want but at the samre time not offering them to me) but Crackberry as well constantly heaping scorn on the company even BEFORE they've done anything wrong.

I really despise this attitude people/media have about security. "And for the 99.9999% of us who are not potential "threats", what do we have to be concerned about? " So spying on people is ok, because they shouldn't have anything to hide anyways? Privacy should be expected by all, innocent and the guilty equally. It's no indication of guilt to want privacy.

Well It really is a moral decision. India does not allow teenagers to flirt amongst each other and for a while now the younger generation has been using BBM to break the law. RIM should not condone any moral or ethics to be neglected. That's the way it is in India. If Indians have a problem with with this then they need to confront their government. It's not RIM's responsibilty to change the laws that have been around for years. India does practice a very good moral conduct of teaching the youth.
My only concern with this is what happens if I have a BBM friend from India and I'm from United States, will that jeopardize my security? I for one have a BlackBerry mainly because of the security and I don't want that to be history.

I think you're confusing India with Saudi Arabia. India is a democratic country with a number of religions and teens can flirt as much as any other country. Saudi Arabia follows a strict Islamic interpretation which limits women from driving and traveling in public without male escorts, and a strict dress code in which most of the body is covered.

Regardless of the country, this is another example of a slippery slope where we see our rights being eroded bit by bit. If you want security you will have to use PGP with a very long key and encrypt your hard drive with TrueCrypt.

People who have something to hide can still do it, just using 3rd party tools and nesting messages within messages, using multiple layers of encryption.

RIM has no choice in the matter... They either agree to local laws and continue to operate and build up a user base, or they get banned from a country in which case they risk going bankrupt. So I agree with RIM doing whatever it takes to get users and phones in people's hands to make profit. I just hope that this is not used to nab political opponents and abused by corrupt governments to exert power.

Hopefully they need to have a warrant to view people's messages. If they do need to get one before they can then they must push that they aren't just giving out to people. The Indian government should be careful after the Arab spring, if you try to control your people in a global world it will come back to bite you.

never worked with BBM as a developer directly - anyone know if you can add extensions to BBM? If so I suspect there might be a market for creating a secondary crypto module for it

Fantastic idea. I also want crypto for my Web browsing and email communication as well. Especially on my PlayBook.

Thin edge of the wedge regarding security. That being said, especially on my Playbook, can I do things like 1) run a Tor-like application to anomimize my browsing on the Internet 2) run encryption on my IM session (like I can with Pidgin with the encryption plug-in) 3) use secured email (via say PGP or openPGP).These are all valid concerns not because one is a "terrorist" but because these tools are used for legitimate purposes such as reporters reporting on conditions in tolitarian regimes and whistleblowers bringing issues to light.

Blackberry's made by RIM are know for having the best security on the mobile market, giving a government access to peoples phones must be a clear breach of consumer/customer rights. So considering RIM are giving the Indain government acces to there countries BB devices, shouldn't mean that they should allow every government in every country, access to. Also whats stopping the Indain government from accessing other Blacberry devices in other countries. But why question is, why are they asking for access and why are RIM giving it to them?

Craig Ashcroft

the reason for this is that on other devices they don't need the building company.

Email or IM are like a post card, standard is not encrypted. If you want secure/privacy you have to use pgp etc. for an example.

For BES RIM says, they have no backdoor to the BES of a company using it. For BIS they have obisiously or more the server they have in india is accessable by the indian goverment.

Where I'm not sure is how it works:

all communication on this server or all devices in india

e.G. I am on a vistit, using my privat BB, in india, my communicaton with it can be read by the indian goverment.

Or could they also if somehow my communication is transfered to this server? (so e.G. I am in Europe and they could access my communication?)

It would use the BIS server that RIM set up in India. Your mail would be processed via that server even if you are a foreigner sending mail to outside the country. So yes it would be open to the Indian government. Otoh if you have a BES server setup and a corporate crypto policy it would still go through the RIM servers in India but it would be encrypted in such a way as they could not read it.

This is kinda dumb, I mean really what is going to stop the terrorists they are so concerned about from just setting a BES express server?

So why even report on this chris, it's not even new news. The server was installed last year, and usa and canada have had similar access to bbm messages for years. Google caved to China just as Facebook did, it's fkd up but it's a reality.

Because we get floods of emails when we do or do not post something.

If we don't post it, stating why it's silly.. people hate. If we do post it, stating why it's silly.. people hate. Damned if you do, damned if you don't.

Just like some of the other BS stuff that has popped up in recent months. We've had to go ahead and post it if for nothing else, to at least have it documented that the info was silly / inaccurate or like RIM leaving the consumer market -- just flat out wrong.


It's all about the power to control society. I can bet you that in the United States that we the people can't read messages that Congress sends to each other. They have a secure server. Yet if they can read ours is just wrong. This type of thinking has been around for hundreds of years. The privileged few feel they are above the law and the rest of the peasants have to be controlled. We had a Florida Senator get caught on the news saying that they were better class then the rest of us. (Of course when the news broadcasted this they digitized his name so we couldn't see just who it was) Protecting him from ridicule. The minute we give up just a single right we might as well go back to the times where we have a King and Queen and give them all our money and just work for them. We go about our lives and trust the people we elect to do what is right for our country. But the way it is set up we can have career people in our government that don't know the price of milk or a gallon of gas. We fight back the people in government who want to take our rights to bear arms yet, are surrounded by armed guards with automatic weapons. This is the way it is happening right now, in this current time. If we give up just one right we will never get it back. People don't realize just how close we are to working just to stay alive and let others prosper as we just try to eat. We in this country (US) want the same chance at having a better life then our predecessors. Have you heard of the slippery slope? Love your country but question your government.

Correct me if I'm wrong: So BIS can be read by the Government. That'll catch out the small-time crooks. But "organized" Terrorists "could" just set up a BES? Surely?

sure...if Terrorist Organizations were allowed to do business with companies like RIM and if they were legally a corporation that could carry on business in the location that the BES server was setup
It's not easy...

So if you are a terrorist don't use Blackberry. Use iPhone or Android devices, that way the government can't track you but Carrier IQ will.

Umhhh, Android and iOS are already in the open for the government to read everything they do, BB is still more secure as they need a warrant to read it, which they don't bother with for most communications.

If you don't do anything wrong you have nothing to worry about! Blackberry is still more secure than any phone!

Still us citicenz belive in ferrytales about the US Goverment. But forget that an empire is a monster that craves on control. Is just common sense, and nothing unusual. In the US they tap your phone, your internet, text messages, your bank accounts, etc. But people believe they don't or not to them so they proyect it blaiming other goverments or other people. So please its time for a reality check, its been happening for many years and will happen for many years to come. US, UK Germany, Israel and many other countries spy on you, in the name of terrorist control, religion or whatever excuse suits them.

Gnarly spit chew pbbbt. Farghn shnaship glarbb. Angry angry, grump fart mad Mad.

Thanks to those posting thoughtful comments and sharing your opinions and knowledge! For all the haters out there spewing wrath, my goodness, have a Coke and a smile and shut the f.... :)

Two months before after many months of negotiations and threats, RIM finally agreed to set up server in India which can allow the Intelligence Agencies to tap the phones. So it was bound to happen. They're not gonna let a billion+ customer market just get away. And bbm can be a HUGE hit if rim floods the market with cheap devices. Those 75 million subscribers can rapidly turn into 175 million. Besides, they already let the US snoop on all forms of chatter, and I’m pretty sure Canada and the UK are the same. So why not India too.

With Regards..
Anjali from Mobile Application Development

As a peaceful objection to being monitored, people should include several words and phrases at the end of every message that would be likely to trigger a 'filter' so that they have to read every single conversation that you have, every single day. Add them like a signature.


"Hey hon, can you pick up some milk from the store on the way home? dirty bomb, uranium, huge crowd, vengeance"

In fact, I'm sure somebody in Homeland Security is not laughing right now as they are reading this post!

crackberry, the site where you love to hate RIM (well that's how I feel anyway, it's not like it was).

this is quite stupid. a company in decline destroying their one competitive advantage against their competitors. if they do this globally, it won't be surprising if their global market share plummets.

Many of the comments are ill informed.

RIM has no choice in India, nor in many other countries - including quite a few "western democracies". I doubt the US government hasn't already gained access to this data should it need access. In the UK such access is available via warrant right now.

If RIM did not allow access to BBM data, then they would be shut down in India and very probably many other locations also.

BES is a different issue. Governments can insist on seeing content at the server site.

What to be afraid if we have nothing to hide.. Even SMS, calls and emails can be intercepted long time ago why we are still using it. Even messages from Android and Iphone are not even secure or even the skype or whatsapp.


It's a messaging app….I want it to be cool and connected so I can forward all the mundane things I do in my day to people who really don't care but pretend to anyway…It's not about national security, or civil liberty, or any amendment to someones constitution…the important thing is that we communicate with as many people as possible. I say run the server regionally, offer cool features, make it cross platform and charge a fee :)

Another ridiculous post by the deluded running this site. No sideloading to PlayBook "is a good thing!" and "let's all get excited--the Indian government can now read your BBMs!" Even "who needs the Kayak app, screw them, we've got our own!" (no biggie that it was the highest rated cross-platform ravel app). Etc etc etc etc etc etc etc etc

If these are really such great developments, I'd encourage you to include them as "pros" in your next review of a BlackBerry device.

Love my BlackBerry, but can't stand the constant excuses from CB for the missteps by RIM. You apparently have an unending supply.

Who cares tho--all we need to do is come up with more excuses and "Rock and roll this!" and BB will be number 1 again soon.

couldn't agree more. there's so much unnecessary positivity oozing from this article that it almost appears as though the author is mocking rim.

crackberry should be slamming rim for caving in and questioning the potential spread of this trend instead of trying to justify this by saying 99.9999% of us won't be affected.

If India or any country that has the ability to tap into our BBM (or any) messages and it does so with probable cause or suspicion of terrorist activity- I'm all for it.
It's when its abused I take issue with it. A corrupt official may know that someone is having an affair or improper relationship etc and taps into the persons message and creates a scandal with it. That would be abuse of power. Theres also the chance of corruption. Officials being bribed or worse blackmailing BBM users for so called inappropriate behaviour. And unfortunately the US is already trolling through twitter looking for questionable phrases. Two British tourists were arrested in LA for their twitter post that they were going to "destroy" America. It turns out "destroy America" just meant they were going to have an extended and robust pub crawl.
Its a slippery slope but may turn out to be necessary.