Sandeep Joshi

Security agencies unable to read e-mails of its users

BlackBerry vendor does not possess a ‘master key’

NEW DELHI: Inability on part of the Canada-based firm Research In Motion (RIM), the vendor of ‘BlackBerry’ smartphones, to allow Indian security agencies to read messages or e-mails of its users is likely to further complicate matters, and could even lead to scrapping of BlackBerry services in the country.

According to RIM: “The BlackBerry security architecture for enterprise customers is based on a symmetric key system whereby the customers create their own key and only the customer ever possesses a copy of his encryption key.

“RIM does not possess a ‘master key,’ nor does any ‘back door’ exist in the system that would allow RIM or any third party to gain unauthorised access to the key or corporate data.

“The BlackBerry security architecture for enterprise customers is purposefully designed to exclude the capability for RIM or any third party to read encrypted information under any circumstances. RIM would simply be unable to accommodate any request for a copy of a customer’s encryption key since at no time does RIM, or any wireless network operator, ever possess a copy of the key,” the company has said.

RIM’s reply comes after the Department of Telecommunications (DoT) asked the Canadian firm to allow it and Indian security agencies access to messages and e-mails transferred through its system. After objections from the security agencies, the Union Home Ministry had asked DoT to ask RIM to provide the ‘master key’ so that it could access the contents transferred over the handheld device.

Stating that the BlackBerry security architecture was also purposefully designed to perform as a global system independent of geography, RIM said the location of data centres and the customer’s choice of wireless network were irrelevant factors from a security perspective since end-to-end encryption was utilised and transmissions were no more decipherable or less secure based on the selection of a wireless network or the location of a data centre. “All data remains encrypted through all points of transfer between the customer’s BlackBerry Enterprise Server and the customer’s device [at no point in the transfer is data decrypted and re-encrypted].”

“RIM understands and respects the concerns of governments. RIM operates in over 135 countries today and provides a security architecture that has been widely scrutinised over the last nine years and has been accepted and embraced by security-conscious corporations and governments around the world. Governments have a wide range of resources and methodologies to satisfy national security and law enforcement needs without compromising commercial security requirements,” it said.

Though DoT and RIM have been holding talks to resolve the issue, the recent advisory by the latter to its BlackBerry subscribers might force the government to take some harsh steps. This could include scrapping of the service in India altogether, said sources in DoT.

DoT has been demanding RIM to set up its servers in India so that its traffic could be monitored by the security agencies, but RIM has so far ruled out any such possibility. According to telecom industry sources, there are over 4-lakh BlackBerry subscribers in India and their numbers are increasing fast. Leading operators like Bharti Airtel, Vodafone Essar and Reliance Communications are offering this service.