RIM proposes crypto forum to beat India ban
BlackBerry maker Research In Motion (RIM), which is currently fighting a number of battles over its security policies, has proposed to find a solution to keep its customers and the Indian Government happy. The vendor has also refuted claims that it provides special configurations of its platform for certain countries.
August 27, 2010
BlackBerry maker Research In Motion (RIM), which is currently at loggerheads with the Indian government over its security policies, has proposed a solution it says will satisfy its customers and the Indian security services. The Canadian vendor has also refuted claims that it provides special configurations of its platform for certain countries.
In this latest proposal RIM extended an offer to the Indian Government under which the firm would lead an industry forum “focused on supporting the lawful access needs of law enforcement agencies while preserving the legitimate information security needs of corporations and other organizations”.
This forum would work closely with the Indian government to develop recommendations for policies and processes aimed at preventing the misuse of strong encryption technologies while preserving its benefits.
Earlier this month the Indian Government threatened to shut down the Indian BlackBerry operation if RIM did not provide a solution allowing the state “lawful interception” of email and instant messaging services in India. There are around one million BlackBerry users in India.
The ultimatum came on the heels of similar problems for RIM in both Saudi Arabia and the UAE. Security organisations in the two Middle Eastern states voiced concerns that BlackBerry services could be used for criminal or terrorist activities because RIM’s encryption prevents state access of transmitted data.
RIM has said it is not prepared to offer “special deals for specific countries,” and stressed that it maintains a “consistent global standard” for lawful government access to its services. And RIM argues in its claims that it has been unfairly targeted, as the use of strong encryption is not unique to the BlackBerry platform and is indeed a mandatory requirement for all enterprise-class email services.
The firm is also seeking to address concerns that it may have been misrepresented in the media. After the Saudi Government briefly blocked BlackBerry services this month, RIM installed three servers within the country. There have been suggestions that these servers are intended to allow state security organisations to access data before it reaches RIM servers in Canada. If so this could allow the government to get a copy of consumer users’ BlackBerry messages before they are encrypted, but it would not give them access to enterprise users’ messages.
But RIM claims otherwise: “BlackBerry Enterprise Server security architecture was also purposefully designed to perform as a global system independent of geography. The location of infrastructure and the customer’s choice of wireless network are irrelevant factors from a security perspective where end-to-end encryption is employed. The transmission of encrypted data is no more decipherable or less secure based on the location of RIM’s BlackBerry Infrastructure or the customer’s selection of a wireless network.”
The principle is sound, and as RIM also states, it does not possess a “master key”, nor does any “back door” exist in the system that would allow RIM or any third party, under any circumstances, to gain access to encrypted corporate information.
About the Author
You May Also Like