RIM Vs India: decipherment
Abhishek Saxena
Project Manager
IEI Electronics,
Taiwan
Among the major threats India is
facing today, terrorism is on the top of it. Indian national security agencies are
facing too much pressure to deal with terrorism. To cope up with the issue
security agencies need full access to wireless *encrypted data used for
communication through any wireless service providers. Due to the same reason
Indian government has raised concerns that BlackBerry services could be misused
by militants as security agencies cannot access the messages sent through these
services due to unavailability of encryption key. So the government has asked
RIM (Research in Motion), the Canada based owner of Blackberry, to offer a
solution to address the country's security requirements.
This is
not the first time Indian government warned RIM about banning their facilities
in India but they have been chasing RIM since December 2007 when RIM had
400,000 subscribers in Indian. Currently Blackberry has close to 1 Million
subscribers in India.
The
government wants access to two elements of the BlackBerry ecosystem. One
is secure corporate mail transferred through BlackBerry Enterprise
Servers (BES) that many Indian organizations (both business and
government) use and the second is BlackBerry Messenger. What makes RIM's
position unique is that it is the only global Smartphone manufacturer that
manages data sent using its equipment and operates its own global networks. Others
like Nokia or Apple leave that task to telecom operators or customers.
According to RIM,
Strong encryption is a mandatory requirement for all enterprise-class wireless
email services. The BlackBerry security architecture was specifically designed
to provide corporate customers with the ability to transmit information
wirelessly while also providing them with the necessary confidence that no one,
including RIM, could access their data. RIM specifically mentions “The
BlackBerry security architecture for enterprise customers is based on a
symmetric key system whereby the customer creates their own key and only the
customer ever possesses a copy of their encryption key. RIM does not possess a
“master key”, nor does any “back door” exist in the system that would allow RIM
or any third party to gain unauthorized access to the key or corporate data.
RIM would simply be unable to accommodate any request for a copy of a
customer’s encryption key since at no time does RIM, or any wireless network
operator, ever possess a copy of the key.”
After several meetings with government officials, the company
has proposed that it could share the IP address of BlackBerry Enterprise
Servers (BES) and the PIN and IMEI numbers of BlackBerry mobiles, but as per
security agencies these won’t be sufficient to track the data.
However RIM has now assured, after being given the deadline of
August 31 2010 from the Indian government, to provide technical solutions for
monitoring its BlackBerry messenger and email services and will meet the
deadline.
*Encryption is the process of
converting information into a form that is unintelligible to anyone except
holders of a specific cryptographic key (the intended recipient).
|