By Prasanto K. Roy, IANS,
You’re a Delhi-based wannabe terrorist needing to communicate with your handlers. What do you do? Invisible-ink notes are passe, as are carrier pigeons. You will, of course, use electronic options.
Like e-mail. Walk into a cyber cafe, log into a G-mail or Yahoo account. Don’t use an account in your own name. And don’t send e-mail. Simply read instructions left for you in an unsent mail, saved as a draft in your account. Then, to reply, just edit the unsent e-mail, and save it back as a draft. If e-mail isn’t travelling, it can’t be intercepted.
Or, like SMS. Get a prepaid SIM card with fake identity, use it for a month, then dump it. Or make good-old phone calls using the SIM card, and dump it.
There are other options. And they have a common thread: Anonymity. You do not use your own identity, and you use a mode that is virtually untraceable.
Which is why a terrorist’s choice is not a BlackBerry — a device developed by Canada’s Research in Motion (RIM) that has now become a matter of concern for Indian security establishment — that is linked to his identity. Nor is a post-paid BlackBerry connection as disposable as a prepaid SIM card. Sure, you can get post-paid mobile connections too on fake identities, but because there is billing involved, valid addresses are required.
That’s not the only reason the terrorist would be wary of using a BlackBerry. First, he’s not really sure how secure the mail is, once an agency is onto him. The mail is routed through servers in North America, and the US National Security Agency reportedly has the technology to crack encrypted mail in a few hours – with or without help from RIM.
More worrying for the terrorist, not all of the mail is encrypted. The headers, including the “to” and “from” e-mail addresses, are plain text — else the internet would not be able to accept the e-mail for delivery.
And finally, the mail doesn’t stay encrypted all the way. When it gets delivered to an external e-mail system such as G-mail or corporate mail, it gets decrypted — else the recipient wouldn’t be able to read it.
The exception is when you’re not using a G-mail or a company mail ID, but are sending pure BlackBerry mail. That’s not merely one sent between two RIM devices, but where both “from” and “to” are BlackBerry IDs. That’s rare, but here’s how it works.
Your RIM device would usually be associated with your official address, say [email protected]. But you’d also have a BlackBerry e-mail address, like [email protected], which you’d use to originate a BlackBerry-only mail. Even then, RIM would record to whom the mail was sent by and when.
So there are records with BlackBerry e-mail, and they’re like mobile-phone call records (which store who called whom, when, and for how long, for billing). RIM records who sent the mails, when, and to whom. The content, however, is strongly encrypted.
But our terrorist isn’t using a BlackBerry. He’s using G-mail, and he’s not even sending the mail: He’s just using draft mode to read and reply. So our agencies don’t stand a chance of “intercepting” that mail. Even if they’re on to him, they don’t know what ID he’s using. And then they don’t have the G-mail login ID. If they get that, then getting Google or Yahoo to give them access will take months, with all the protocol, Interpol, and the rest — by which time that account would have been closed, and the deed done.
Which is why India is wasting its time chasing BlackBerry.
It should first figure out what to do with the mail systems terrorist do use, with foreign mail servers. Should it demand that all such servers be based in India? Google and Yahoo won’t agree. So that would cut us off from the best of internet mail systems.
In fact, why not go further down that path, like China and cut off the internet? Route everything through a tightly-controlled gateway and firewall, and ensure that all servers are within China. And jail or shoot all dissidents, for good measure.
There are bigger dangers down the road that Saudi Arabia, the United Arab Emirates, Indonesa and India are treading. One, government officials are major users of BlackBerry mail. Do they really want to push RIM into a corner where it starts offering decryption to any government that asks? What then stops it from offering to decrypt Indian e-mails for China or Pakistan, if enough pressure is brought to bear on it?
To no one’s surprise, countries most proficient at cracking down on dissents and censoring local media have been the most active in squeezing RIM. Like China, Saudi Arabia polices the internet, blocking access to sites with political and adult content.
India, unfortunately, seems to be trying to join this not-so-elite club.
(9.8.2010-Prasanto K. Roy is chief editor of CyberMedia’s ICT group. He can be found at www.pkr.in or on twitter.com/prasanto)