For more than two years, Indian security agencies have been engaging with Research in Motion (RIM), the manufacturers of the BlackBerry mobile system, to work out an arrangement by which the former can get access to the communications — particularly e-mails and chats — that are transmitted in an encrypted form from such handsets. But little was achieved and pressure was building up on both sides due to the increasing fears of usage of such handsets by terrorists and other fissiparous groups. Notwithstanding the fact that there was a verification process in place for the provision of any mobile connection, the agencies were adamant to gain access to the traffic flow through the BlackBerry mobile handsets.
RIM was given the final notice to allow such access by the end of July, failing which operators were asked to shut down the services. After the July 30 meeting, RIM issued a press statement — and also comments from the Department of Telecom, which has been negotiating with RIM on behalf of the agencies — that they have arrived at a solution and services will not be disrupted. All this comes at a time when United Arab Emirates (UAE) has announced its decision to disallow BlackBerry services from October; Saudi Arabia and few other Gulf countries may follow.
It is pertinent to understand where the problem with BlackBerry communication lies. A typical BlackBerry handset allows voice calling, SMS, chat, internet browsing and e-mail communications. Its greatest advantage has been the encrypted e-mail communication. BlackBerry also supports other popular e-mail services like Gmail and Hotmail.
So far security agencies, under the existing telecom laws and the licence conditions for telecom providers, are able to access communications for law enforcement purposes. They also have the technology and capability to monitor calls and SMSes on BlackBerry handsets. A few selected operators can also access regular emails. This will be possible for remaining operators too.
However, Blackberry corporate emails and chats are encrypted as they leave the handset and get decrypted when they reach their destinations, which is not possible for the law enforcement agencies to decipher with their present capabilities. As the encryption levels are high and, thus, secure, business corporations have been using the platform effectively for email communication. Typically, such emails are directed via a Blackberry Enterprise Server (BES), located at the respective corporate premises. It is only at this server that messages are available in a decrypted form. Also, such servers are secured (password protected) and not even accessible by RIM as per current commercial and security practices. So the agencies could only read the messages at the BES server if access code and decrypted content were provided by the corporate concerned. This will have to be harmoniously achieved. More than the interception and monitoring capabilities, such a move will help in investigations.
Since RIM has had the experience of working with various nations on enhanced security issues, it will be worthwhile to consider how it has been harmoniously achieved in a few selected countries like the US and Canada, where there is a precedent and also experience for the law enforcement agencies while gaining effective access. India’s case is undoubtedly very critical as terrorists and individuals with vested interests, with the guidance of State and non-State actors, are trying to misuse technology for terror activities. But rather than getting paranoid, it is important to consider how much can be achieved effectively.
*Subimal Bhattacharjee writes on issues of technology and security
( The views expressed by the author are personal. )