Licensed to snoop – The Blackberry Saga

The past few weeks the media has been abuzz with news about the threatened banning of the popular Blackberry service. What is the security row all about?

 


The governments of India and Saudi have been asking RIM – the makers of the popular Blackberry device – to let them read Blackberry’s secure email and instant messaging services fearing that these could be misused by militants and anyone trying to create political instability. The Indian government has given RIM a deadline of August 31 and seem to be willing to extend the deadline if RIM says it has a solution and asks for time.

 

First let us have a broad understanding of how the Blackberry service works.

 

If you have a blackberry, you will be able to get and send mails from your mobile phone. You also have instant messaging with other Blackberry users and a host of other functions that make it a PDA.

 

There are 2 major categories into which Blackberry users fall.

 

The first are individual users. These purchase a Blackberry enabled device and take out a contract with a Blackberry enabled mobile service provider. The path of an email such a person sends would be as follows: Blackberry device -> Mobile network cloud -> Internet -> RIM data centre -> Internet -> Receivers Mail box.
Any mail that is received by such a user would essentially follow the reverse of the above path.

 

The second kind of users are those that are given a Blackberry device by the company they work for. The path that an email sent by such a user would take is: Blackberry device -> Mobile Network Cloud -> Internet -> Company’s own data centre hosting Blackberry Enterprise Server (BSE) -> Internet -> Receiver’s Mail box.

 

Now, how does encryption come into play in the above scenarios?

 

– Email and instant messages are encrypted between the Blackberry device and either the RIM data centre or the company’s own data centre.
– From then on – through the internet to the recepients/ sender’s mail box, the data are not encrypted
– Symmetric encryption is used meaning that the same key is used for both encrypting and decrypting the data

 

Let us look at some questions that are on everyone’s mind:

 

Q. Is it possible for RIM to decrypt the data?
A. Yes. In case of private users whose emails are stored on RIM’s data centres throughout the world.
Because they decrypt it anyway before sending the mail on it’s way to the recepient.
A. No. In case of corporate customers.
Because RIM does not handle/ touch/ pass/ etc. the data at any point in time.

 

Q. What would a ban in India mean for the nearly 1 million users in India
A. They will be able to use their Blackberrys only for calls and internet browsing

 

Q. Will the Blackberry be banned in India
A. We believe that the government will extend the deadline given to RIM and work out a mutually acceptable solution and that there will be no ban eventually.

 

Q. Saudi Arabia, India and the UAE have complained that RIM won’t give them the access they need to tap into BlackBerry messaging networks so they can protect their national security interests. They say that RIM grants such access to other countries, including the United States. What kind of access does the U.S. government enjoy?
A. U.S. authorities can seek a court order to tap BlackBerry traffic, giving them access to messages sent over the network. Officials with Research in Motion declined to talk about how they provide such access. It is possible that the government provides such requests directly to RIM’s customers.

Comments are closed.