From “The Times of India” – Blackberry refuses to help on security<\/a><\/p>\n NEW DELHI: The stand-off between the Indian government and BlackBerry manufacturer Research in Motion (RIM) intensified on Tuesday, with RIM stating that it would not “compromise the integrity and security of the BlackBerry Enterprise Solution<\/em>“. It added that “RIM would simply be unable to accommodate any request for a copy of a customer’s encryption<\/em> key since at no time does RIM, or any wireless network operator, ever possess a copy of the key”.<\/p>\n Security agencies are concerned that BlackBerry’s encrypted services could pose a national security threat. They have been seeking access to these services.<\/p>\n However, in a statement titled “Customer Update”, RIM said, “The BlackBerry security architecture for enterprise customers<\/em> is based on a symmetric key system whereby the customer creates their own key and only the customer ever possesses a copy of their encryption key. RIM does not possess a master key, nor does any back door exist in the system that would allow RIM or any third party to gain unauthorized access to the key or corporate data<\/em>.”<\/p>\n “The BlackBerry security architecture for enterprise customers<\/em> is purposefully designed to exclude the capability for RIM or any third party to read encrypted information under any circumstances. RIM would simply be unable to accommodate any request for a copy of a customers encryption key<\/em> since at no time does RIM, or any wireless network operator, ever possess a copy of the key,” explained the statement.<\/p>\n It also said that the location of data centres and the customers choice of wireless network are “irrelevant factors from a security perspective since end-to-end encryption is utilized…and all data remains encrypted through all points of transfer between the customers BlackBerry Enterprise Server<\/em> and the customers device.”<\/p>\n<\/blockquote>\n The things that RIM did not <\/strong>say about security in their carefully worded statement are perhaps as noteworthy as the things they did say.\u00a0 After a brief perusal of RIM’s own security documentation<\/a> and various statements quoted in the news, I came to the conclusion that:<\/p>\n In other words, there is an easy solution to the crisis:<\/p>\n Of course, this leads us back into the standard debate, of the proper boundaries between individual rights to privacy and governmental responsibilities to assuring security to their people.\u00a0 There are potential dangers on all sides.\u00a0 If governments are given too much scope for snooping on private data, we might soon find government agents using their privileges for inappropriate purposes<\/a> – or using purported criminal investigations<\/em> as a premise for extorting trade secrets from foreign corporations to divulge these secrets to domestic industries and give the latter an unfair advantage.\u00a0 On the other hand, how are we to know that the concerns of the Indian, Saudi Arabian and U.A.E. governments are not fully legitimate?<\/p>\n Considering the apparent advantages of RIM’s technology, in integrity and authentication, and for public servants and enterprises at least, the benefits of confidentiality; governments, enterprises and individuals should all favour RIM’s Blackberry encryption technology over and above their competition.\u00a0 If only the rest of the internet followed RIM’s lead, we might see an end to spam, and innocent pensioners in Britain might stop being accused of downloading contraband copies of pornography<\/a>; at least, until the bad guys find a way to circumvent RIM’s technology.\u00a0 We might yet see the beginning of international agreement on the legitimate rights of governments and individuals<\/a>; and it might start from one of the most unlikely of sources – a trade dispute over RIM’s access to emerging markets.<\/p>\n","protected":false},"excerpt":{"rendered":" A commentary on the governmental pressure on RIM<\/a> over Blackberry communications security. Continue reading \n
Notes on the above:<\/h2>\n
\n
\n