Indian Government “give us access to all email!”, RIM “I’m sorry we can’t do that, would you like some text messages?”

Image representing Research In Motion as depic...

Image via CrunchBase

I have expressed concern in the past with RIMs position that it would explore providing access to communications between it’s devices in some countries.  My concern had usually stemmed from the fact that RIM has a proprietary encryption system and has sold itself to the business community as being the most secure communication medium for cellular devices.

As China, India, and Germany have pushed RIM and demanded access to their communications in order to continue to operate in their regions, I’ve waited to see what the ultimate outcome of this standoff would be.  Would RIM hold it’s line on securing it’s platform and risk loosing the ability to do business in those countries or would it cave to the demands of these governments (and in my opinion risk loosing much more business in many other countries).

Well it appears the answer is BOTH!  Fortunately the communications that go through RIMs network and their communication servers (the BES) will not be opened to these parties.  However RIM has offered that it can, and will provide Blackberry Messenger communications, if the proper local legal procedures have been followed to request those messages.

So what does that mean?

Emails and communications that use RIMs Enterprise services (i.e. the Blackberry Enterprise Server services) remain encrypted with the proprietary encryption and will not be accessible.  These communication services are dependant on the BES server being in place and sending and receiving communications.

What is available is the Blackberry Messenger service which utilizes PIN messaging.  What the key difference is that this is nothing more than a fancy interface into SMS messages that traverse the carriers secondary cellular channel and can provide messages directly from device to device without the need of a BES server.  Because this avoids the enterprise server (and the logging capabilities of the server) many users prefer this method of communication as they know their employer is not able to see/log the messages they send each other (without physically having the device).

Will the Indian gov’t accept this as meeting their initial request?  No, not likely.  However it was a pretty good concession by RIM to provide something without completely jeopardizing their ability to provide service in these regions.  I applaud RIM for not conceding and providing access to their encryption scheme.  I hope they can hold the line on this one…

Related Articles

Advertisements

Indian Government demands access to Gmail, Skype, and Blackberry data.

From SANS:

The Indian government is seeking to ensure that it will have access to
the content of communications sent over Gmail and the Skype and
BlackBerry networks in a readable format.  The government wants the
power to access communications as a means to combat terrorism.  Skype
and BlackBerry parent company RIM have been given two weeks to comply,
or they could find themselves banned in India.

Quick impressions:

While I’ve expressed concerns before over the decryption of Skype calls in China and Germany by the government, it has mainly been an issue of “is Skype business ready”.  While I’ve been okay with the use of Skype for personal communications, that is it.

Blackberry communications is another story.  A large percentage of the 41 million Blackberry users around the world are “corporate” users.  Which should mean that most of the data between those devices is work data (though we know quite a bit isn’t).  RIM supposedly has a symmetric key system while would mean that only the customer creates their own encryption key.  It would be very bad for RIM for this not to be the case and would cause a lot of issues with their customer base (many of which have chosen them for their secure messaging).

Gmail… again, this shouldn’t be your corporate mail system.  If Google willingly allows this, you can choose to opt out and choose another provider.  So while I’m not keen on the idea, at least you have the option.

http://www.pcworld.com/businesscenter/article/200257/reports_blackberry_skype_google_face_india_data_demand.html
http://www.business-standard.com/india/news/govt-may-get-access-to-foreign-firms%5C-networks/400107/
http://economictimes.indiatimes.com/Infotech/Hardware/BlackBerry-has-to-pass-security-muster-in-15-days/articleshow/6112344.cms?curpg=1
http://www.thehindubusinessline.com/2010/07/01/stories/2010070153420100.htm
http://asia.cnet.com/blogs/tech-curry/post.htm?id=63019606&scid=rvhm_ms