Threats by the governments of India, the United Arab Emirates and Saudi Arabia to shut down BlackBerry’s corporate e-mail services reflect unease about a technology that the U.S. government also took a while to accept.
The foreign governments are essentially a decade behind in coming to terms with encryption, a technology that’s fundamental to the Internet as a medium of commerce.
Encrypted communications are scrambled in a complex process to ensure that only the intended recipient can read them, using the proper digital key. This often takes place behind the scenes, without the user needing to do anything. When a shopper submits a credit card number on a shopping site, for example, the communication is encrypted.
Most companies use encrypted connections for their corporate e-mails, at least if employees need to access e-mail outside the office through virtual private networks and other secure systems. One of the reasons Research In Motion Ltd. has been so successful with its BlackBerry phones is that it brought that level of security to e-mail capable phones.
Encryption, however, poses a problem for law enforcement officials. They can intercept encrypted messages, but can’t read them unless the encryption is poor and agents have vast computer resources to use in unscrambling them. Traditional investigative tools such as wiretaps don’t work. Canada’s RIM and other technology companies stress that they agree to legal requests from law enforcement, but in RIM’s case, it can’t decrypt the messages on its corporate e-mail service.
BlackBerrys seem to have been singled out by foreign governments because the devices provide an easy and convenient way to communicate securely. But there are many other ways to communicate in an encrypted fashion, and any government that’s serious about squelching encrypted communications would need to go after them as well.
According to a representative of Indian Internet service providers, the Indian government plans to go after Google Inc., presumably for its Gmail service, and Skype SA for its voice and video conferencing software.
The U.S. State Department has waded into the issue, saying it hopes to broker a compromise that addresses the legitimate security concerns of some governments while ensuring that the free flow of information is not compromised.
That’s somewhat ironic, considering the U.S. restricts exports of encryption technology. The restrictions are light, but were quite comprehensive before 1999. The U.S. was concerned that it couldn’t easily spy on foreign countries that used encryption for military and government communications.
In fact, until 1996, encryption at the level commonly in use today was classified as a munition. Companies that exported Web browsers and other software products had to make alternative versions with much weaker encryption for use abroad.
Then there’s always human error. The alleged Russian spy ring that was arrested in the New York area in June used encryption, but one of them also left a password lying on his desk, where it was found by FBI agents who broke in. That enabled them to decrypt hundreds of messages.
RIM, the company behind the BlackBerry, doesn’t have years to wait for foreign governments to adopt the more relaxed U.S. stance toward encryption. It has until the end of the month to comply with orders from Indian government, and it may have no way to do so short of shutting down service in the country.
The RIM system doesn’t seem to be designed to give a backdoor to anyone, not even to those in the company, said Maribel Lopez, a technology analyst and consultant.
“It’s not like RIM is sitting there with everybody’s keys looking at everybody’s stuff,” she said. That doesn’t give them much leeway in dealing with governments that want keys.
“This is actually a bit of disaster for them right now because there doesn’t seem to be any good compromising midpoint,” Lopez said.