You're a Delhi-based wannabe terrorist needing to communicate with your handlers. What do you do?
Invisible-ink notes are passe, as are carrier pigeons. You will, of course, use electronic options.
Like email. Walk into a cybercafe, log into a Gmail or Yahoo account. Don't use an account in your own name. And don't send email. Simply read instructions left for you in an unsent mail, saved as a draft in your account. And then, to reply, just edit the unsent email, and save it back as a draft. If email isn't traveling, it can't be intercepted.
Or, like SMS. Get a prepaid SIM card with fake ID, use it for a month, then dump it. Or make good old phone calls using the SIM card, and dump it.
There are other options. And they have a common thread: anonymity. You do not use your own identity, and you use a mode that is virtually untraceable.
Which is why a terrorist's choice is not to use a BlackBerry that is linked to his identity. Nor is a postpaid BlackBerry connection as disposable as a prepaid SIM card. Sure, you can get postpaid mobile connections too on fake IDs, but because there is billing involved, valid addresses are required.
That's not the only reason the terrorist would be wary of using a BlackBerry. First, he's not really sure how secure the mail is, once an agency is onto him. The mail is routed through servers in North America, and the US National Security Agency reportedly has the technology to crack encrypted mail in a few hours—with or without help from RIM.
More worrying for the terrorist, not all of the mail is encrypted. The headers, including the “to” and “from” email addresses, are plain text—else the Internet would not be able to accept the email for delivery.
And finally, the mail doesn't stay encrypted all the way. When it gets delivered to an external email system such as Gmail or corporate mail, it gets decrypted—else the recipient wouldn't be able to read it.
The exception is when you're not using a Gmail or a company mail ID, but are sending pure BlackBerry mail. That's not merely one sent between two RIM devices, but where both From and To are BlackBerry IDs. That's rare, but here's how it works.
Your RIM device would usually be associated with your official address, say ram.rao@maruti.com. But you'd also have a BlackBerry email address, like ramrao@airtel.blackberry.com, which you'd use to originate a BlackBerry-only mail. Even then, RIM would record who the mail was sent by, to, and when.
So there are records with BlackBerry email, and they're like mobile-phone call records (which store who called whom, when, and for how long, for billing). RIM records who sent mail, when, and to whom. The content, however, is strongly encrypted.
But our terrorist isn't using a BlackBerry. He's using Gmail, and he's not even sending the mail: he's just using draft mode to read and reply. So our agencies don't stand a chance of “intercepting” that mail. Even if they're on to him, they don't know what ID he's using. And then they don't have the Gmail login ID. If they get that, then getting Google or Yahoo to give them access will take months, with all the protocol, Interpol, and the rest....by which time that account would have been closed, and the deed done.
Which is why India is wasting its time chasing BlackBerry. It should first figure out what to do with the mailsystems terrorist do use, with foreign mailservers. Should it demand that all such servers be based in India? Google and Yahoo won't agree. So that would cut us off from the best of Internet mail systems. In fact, why not go further down that path, like China...and cut off the Internet? Route everything through a tightly-controlled gateway and firewall, and ensure that all servers are within China. And jail or shoot all dissidents, for good measure.
There are bigger dangers down the road that Saudi Arabi and India are treading. One, government officials are major users of BlackBerry mail. Do they really want to push RIM into a corner where it starts offering decryption to any government which asks? What then stops it from offering to decrypt Indian emails for China or Pakistan, if enough pressure is brought to bear on it?
To no one's surprise, countries most proficient at cracking down on dissents and censoring local media have been the most active in squeezing RIM. Like China, Saudi Arabia polices the internet, blocking access to sites with political and adult content.
India, unfortunately, seems to be trying to join this not-so-elite club.
*Prasanto K. Roy, chief editor of CyberMedia's ICT group. |