All about the BlackBerry
Research In Motion is at standstill with the Indian government over demands that the company provide authorities a way to read encrypted email messages that travel across BlackBerry's network.business Updated: Aug 14, 2010 17:09 IST
Research In Motion is at standstill with the Indian government over demands that the company provide authorities a way to read encrypted email messages that travel across BlackBerry's network.
The government said it will shut down RIM's email and messaging services in India if the company doesn't comply with its demands by Aug. 31.
India - and several other countries - say their inability to monitor BlackBerry traffic undermines efforts to protect national security.
Here are questions and answers that explain how the BlackBerry system works and why governments consider it so threatening:
Q. What steps does RIM take to make sure that the email of its business customers cannot be intercepted by third parties?
A. RIM uses powerful codes to scramble, or encrypt, email messages as they travel between a BlackBerry device and a computer known as a BlackBerry Enterprise Server (BES) that is designed to secure those emails. Governments in India and elsewhere say criminals use BlackBerrys to conduct their business because they know the government cannot monitor their chatter. The encrypted messages can only be unlocked with software "keys" that are located either on the BlackBerry device itself, or at a particular customer's BlackBerry Enterprise Server. RIM says it does not have a master key that controls every system in its network.
Q. Do RIM's consumer customers get the same level of email security as businesses?
A. No. Email for consumers and small businesses is not protected by the same system of keys that encrypts corporate messages. BlackBerry's consumer service runs on a system known as BlackBerry Internet Service (BIS), which is less daunting for authorities to crack.
Q. Is BlackBerry's security different from other smartphone vendors?
A. Yes. All BlackBerry traffic runs through RIM data centers, which help manage the devices and traffic, identifying anomalies that might present security concerns. Traffic on products from rivals such as Apple Inc, Google Inc, Nokia and Microsoft Corp does not go through centralized data centers.
Yet those devices do offer powerful encryption technology for scrambling messages. Unlike BlackBerry, which provides its own security software, its rivals generally provide encryption technology through partners including units of EMC Corp, Symantec Corp and McAfee Inc.
Q. Can RIM unscramble a message encrypted by one of its business customer's BlackBerrys?
A. RIM says it cannot unscramble data of its enterprise customers because it does not possess the keys needed to do so. RIM can likely identify the senders and recipients of emails and log items such as when they were sent or whether they had attachments.
Q. Saudi Arabia, India and the UAE have complained that RIM won't give them the same kind of access to tap into BlackBerry networks that other countries, including the United States, get. What level of access does the U.S. government enjoy?
A. Authorities in the United States and in European countries such as Britain and Germany can seek a court order to tap BlackBerry traffic, giving them access to messages sent over the network. Officials at Research In Motion declined to talk about how they provide such access. It is possible that governments make such requests directly to RIM's customers.
Q. If the data is encrypted, how is it possible for the government or RIM to install a wire tap?
A. Bruce Schneier, an expert in encryption who is chief security technology officer for BT, said that it is relatively simple. Authorities just need to put an eavesdropping box on the BlackBerry Enterprise Server, which decrypts the data to gather a reconstituted message. Another alternative would be to install spyware on the handheld device itself.
Q. How strong is the BlackBerry encryption? Is it possible for government code crackers to break the encryption on their own, without help from RIM?
A. Some analysts speculate that may be the case. But breaking encrypted code is no easy task - it is a slow process that requires tremendous skill and powerful computers. RIM's enterprise system offers two transport encryption options, Advanced Encryption Standard (AES) and Triple Data Encryption Standard (Triple DES). A BlackBerry device will by default choose the 256-bit encryption of AES for transport layer encryption. Triple DES is a two-key algorithm that generates message and device transport keys.
Q. Has RIM made any concessions to India ahead of the Aug 31 deadline?
A. Yes. RIM has offered to track email message feeds for the Indian government, which could include providing services such as compiling detailed logs of a particular user's correspondence. But RIM still has not agreed to India's key demand - that they hand over unencrypted messages. RIM officials did not respond to requests for comment on how they plan to address this obstacle.
Q. Has RIM made any concessions elsewhere?
A. Yes. In Saudi Arabia the firm has agreed to hand over codes used to encrypt traffic of its BlackBerry Messenger instant messaging service. RIM was also delayed from entering Russia and China for several years while intelligence agencies worked through their concerns. Little is known about any compromises reached, but Russia has tight rules on where RIM can locate BES servers for corporate clients in that country.
Q. BlackBerry Messenger is offered to both corporate and consumer clients. Do corporate customers get a more secure version of the service?
A. The service is a form of instant messaging that bypasses the BlackBerry Enterprise Server and corporate networks. It runs on a proprietary system known as PIN encryption that is not as powerful as the options available on the BES email system. By default, all BlackBerrys ship with a global PIN encryption key that allows users to unscramble messages sent from any BlackBerry. But corporate customers can choose to install their own key that allows them to restrict access to users within their enterprise.