Research In Motion (RIM) on Friday reportedly came to an agreement of sorts with the United Arab Emirates (UAE), narrowly averting a ban on its services that was due to kick in next Monday.
Neither side will disclose details of just what transpired.
Meanwhile, RIM faces bans or clampdowns in several other countries, most notably India, which is the second largest mobile phone market in the world.
The UAE reportedly announced on Friday that RIM had brought its devices into line with its rules on security and encryption, but officials didn’t elaborate. The country had been set to ban BlackBerry devices and communications Monday.
An announcement on Friday by telecom company Etisalat, which has about 80 percent of BlackBerry users in the UAE, seems to confirm that the UAE has canceled its threatened ban. Etisalat said it will cancel mobility packages it has been offering to BlackBerry users since RIM came under UAE government pressure. These packages would move BlackBerry users to other mobile phones if the government enforced its threatened ban. Etisalat also has reportedly confirmed that it will soon launch two new BlackBerry devices in the UAE.
RIM offer little further information, but it did confirm that it continues to approach lawful access matters internationally within the framework of core principles that were publicly communicated by RIM on Aug. 12. Those core principles essentially state that carriers offering BlackBerry devices must follow national security and other laws in the countries where they operate and that RIM won’t make changes to the security architecture for BlackBerry Enterprise Server customers.
The company also insists it has no ability to provide its customers’ encryption keys.
There are two types of BlackBerry traffic, Carl Howe, director of anywhere consumer research at the Yankee Group, told the E-Commerce Times. One is BIS — the BlackBerry service, for consumers; the other is the BlackBerry Enterprise Service (BES), which is used by businesses and governments.
BIS traffic goes to RIM’s data centers and is decrypted, then encrypted “within nanoseconds” automatically and sent on, Howe said. It consists of consumers’ text messages, emails and other consumer-generated traffic.
De-encryption and re-encryption is required because “you can’t just throw the traffic across different networks because they all have different encryption and decryption keys,” Howe explained.
BES traffic is a whole different kettle of fish. “RIM doesn’t hold common keys that it can use to decrypt and encrypt BES traffic,” Howe pointed out. “The end points — which are servers located in the clients’ offices — have their private keys, and RIM has nothing to do with them.”
Possible Solutions for the UAE Face-Off
RIM had a couple of options to get out of the ban threatened by the UAE, Rob Enderle, principal analyst at the Enderle Group, told the E-Commerce Times. One was to set up a redundant server in the UAE that would capture all encrypted messages. That server would be under the control of the government, Enderle said.
If the government wants to then search a specific message on the server, it can subpoena the keys from the company that’s receiving the messages or the carrier transmitting them.
Chances are, RIM agreed to give the UAE government access to BIS traffic generated by consumers.
“It’s likely that most of the traffic the UAE wanted access to isn’t generated by corporations but by individuals, where the keys are held by the carrier,” Enderle said. “So having a server that’s within the government’s control and being able to get access to the keys the carriers have probably gave the UAE government what it wanted.
RIM probably agreed to set up a server in the UAE, as it has reportedly done in China, Russia and several other countries.
“Putting a server in a country lets law enforcement show up with warrants to access traffic on the server,” the Yankee Group’s Howe said. “It’s not easy to serve warrants across international borders.”
RIM has 11 major nodes worldwide to serve traffic, Howe remarked.
Traffic With a Side of Curry
RIM now has to deal with India, whose government recently rejected a fresh set of proposals from the company and is preparing to ban BlackBerry traffic.
Chances are the company offered a solution to New Delhi that is similar to what it offered the UAE. Why didn’t that work?
“India’s structure is more liberal than the UAE’s, and most of the BlackBerry traffic there is probably generated by business users,” Enderle suggested. “So the Indian government may want a master key to the encryption. That’s something both the Indian government and the U.S. government probably want because that way, when you conduct an investigation, you don’t have to let anyone know,” Enderle added.
“RIM’s official position in talking to India seems to be that politicians aren’t very good at encryption technology, it’s not one of their core competencies, so as a result they often ask for things that RIM can’t do,” the Yankee Group’s Howe speculated. “A lot of their discussion with India is probably around this.”
Other countries, including Lebanon and Saudi Arabia, are also pushing for greater access to BlackBerry traffic.
No Master’s Voice for RIM
Some governments, including that of India, are likely pressuring RIM to restructure its security architecture so it has to issue new master keys, and to then give the governments copies of those master keys, Enderle speculated.
However, doing this may sink RIM, which is already losing ground in the mobile smartphone market.
“Once RIM does that, its master keys will no longer be perceived as secure, and that might hurt it against the competition,” Enderle said.
“President Obama has a BlackBerry; imagine how excited the Secret Service would be if anyone else had a key to let them read his traffic,” the Yankee Group’s Howe said. “Exxon, MacDonalds, and the financial services companies, all of which use BlackBerries, would be equally excited.”
What can RIM do to protect itself?
“My guess is that RIM probably has a team of educators running around talking to government officials,” Howe said. “I think RIM will continue to have discussions with various governments.”