RIM can’t share and won’t share encrypted data

.
Privacy is often taken for granted these days, but some are still willing to pay a premium where their data security is concerned which is why people should be more than a little perturbed at the news this week that BlackBerry services are being banned in various countries – precisely for their high level of encryption.
India, Saudi Arabia, Bahrain, Indonesia and the UAE have all been threatening Canadian BlackBerry maker RIM with axing its services if the firm refuses to hand over the “keys” to unlock private user data for government monitoring.
Besides the fact that RIM can’t necessarily do this – BlackBerry’s security is such that even RIM has no “backdoor” to customer data – what is surprising is that most Western democracies, even those very sensitive to security threats, do not seem concerned at BlackBerry’s data encryption.
Indeed, most democracies are sensible enough to understand that there is a fine line between security for the government – which entails being able to tap into messages – and security for the users, who have every right to encrypt their messages.
Why isn’t the United States’ National Security Association (NSA) demanding that RIM unencrypt messages for its convenience? What about Israel? More than likely because both countries have probably found ways to break the Advanced Encryption Standard (AES) encryption if necessary, analyst Jack Gold told Unplugged.
Just because some countries are probably smart enough to crack the tough BlackBerry nut, however, doesn’t mean all countries are, and the ones that can’t figure it out are most likely feeling flustered at their intelligence agencies’ tech savvy shortcomings.
Of course it may also have something to do with judicial process, with the Western world having rather well defined means for going to a court, getting a subpoena, presenting it to mobile companies for customer information – things that are rather less developed in the aforementioned RIM wranglers. Then again, what good is a subpoena if RIM can’t help decode the keys.
“This is a socio-political problem for UAE and Saudi, not a technical one,” Gold told us. “They want to be able to essentially monitor every communication, but BlackBerry is built on an extremely strong security model (that is in RIM’s DNA) and RIM would essentially have to build a special version of the OS and of BES to give the governments what they want.
“There is no back door into BES or the device and BlackBerry really can’t provide them with visibility. Even India decided it was impossible for BlackBerry to do this when they put up their stink last year,” he added.
In a statement sent to Unplugged today, a BlackBerry spokeswoman told us, “RIM has spent over a decade building a very strong security architecture to meet our enterprise customers’ strict security requirements around the world. It is a solution that we are very proud of, and it has helped us become the number one choice for enterprises and governments.”
She went on to say “There is only one BlackBerry enterprise solution available to our customers around the world and it remains unchanged in all of the markets we operate in. RIM cooperates with all governments with a consistent standard and the same degree of respect. Any claims that we provide, or have ever provided, something unique to the government of one country that we have not offered to the governments of all countries, are unfounded.”
The BlackBerry enterprise solution, she explained, “was designed to preclude RIM, or any third party, from reading encrypted information under any circumstances since RIM does not store or have access to the encrypted data.  RIM cannot accommodate any request for a copy of a customer’s encryption key, since at no time does RIM, or any wireless network operator or any third party, ever possess a copy of the key.  This means that customers of the BlackBerry enterprise solution can maintain confidence in the integrity of the security architecture without fear of compromise.”
“I don’t think BlackBerry is lying about this,” Gold told us when we asked his opinion. “I think the governments don’t really understand what is and is not possible with BlackBerry,” he reiterated.
What might be possible, according to Gold, is for RIM to put out a special version of BES with AES disabled and route it through a special network operations center (NOC), but that means running a completely new, and security crippled, system specific to that country. “Would anyone even buy a BlackBerry if they did that?” he asked.
In Gold’s opinion, RIM would do better to simply ignore the silly sniveling of states likely more concerned with censorship than anything else.
Gold also confirmed to Unplugged what we have posited in the past, that with other phones, “if your email is not encrypted then yes, any government able to monitor the traffic has access to all your email and text communications.”
This, says Gold, is still why the early iPhones and now Androids are such a problem for companies who want secure communications.
“If these countries are not banning other devices, it tells you something about how loose the phones’ security is,” he concluded.