RIM Refuses To Provide E-mail Interception In India
New Delhi – BlackBerry vendor Research-In-Motion (RIM) today rejected the Indian government’s demand to access its encryption keys for decoding messages sent by its enterprise clients over the BlackBerry service to any third party.
“The BlackBerry security architecture for enterprise customers is specially designed to exclude the capability for RIM or any third party to read encrypted information under any circumstances,” the company said in a statement to its Indian customers on Monday.
The department of telecommunications (DoT) had demanded the Canadian company to provide encryption codes so that security agencies can monitor e-mails between two BlackBerry phones. RIM has assured that it can set up minor servers in India where e-mails and messages can be stored up to a year, telecom department officials said.
The Blackberry issue came into the open when DoT asked Tata Teleservices to delay its launch till security mechanisms are in place. DoT had proposed an interim solution in which telcos store all data transferred through Blackberry for a year.
“We regret any concern prompted by incorrect assumption or rumors and wish to assure customers that RIM is committed to continue serving security-conscious business in the Indian market,” RIM added.
For enterprise customers, the security architecture is established on a symmetric key system whereby the customer creates his own key, and only the customer possesses a copy of his encryption key, RIM said. The company does not possess a “master key,” nor does any “back door” exist in the system that would allow RIM or any third party to gain unauthorized access to the key or corporate data, it said.
In addition, RIM would be unable to accommodate any request for a copy of an enterprise customer’s encryption key, as neither RIM nor any wireless network operator possess a copy of the key, it said.
RIM has come under fire from the security agencies for not allowing them to intercept data and has been negotiating with the government for more than two months to come to a solution.
There are over 4 lakh Blackberry customers in the country. And security agencies have been pushing the company to hand over the encryption keys, the main USP of the technology, for scrutinizing data.
Talks between the government and RIM have, however, failed to produce any worthwhile solution so far and Blackberry data traffic continues to be inaccessible to Indian security agencies.
However, the government and RIM need to first arrive at a consensus as to who could access these mails and under what circumstances.
“The location of data centers and customer’s choice of wireless network are irrelevant from a security perspective since end-to-end encryption is utilized,” RIM said in a statement.
RIM also offers a separate product for individual customers, BlackBerry Internet Service, hosted by telecommunications operators. It did not comment on that service Monday, and a spokesman was unsure whether carriers offering such a service would have access to the security keys.
Governments have a wide range of resources and methodologies to satisfy national security and law enforcement needs without compromising commercial security requirements, RIM said.
The use of strong encryption in wireless technology is not unique to the BlackBerry platform, and is a mandatory requirement for all enterprise-class wireless e-mail services, it added.
Operators however reckon that security agencies can consider various options. “Most of the Blackberry users are corporate users. Since one can easily intercept the data on corporate servers, why should there be a problem? Moreover, the government has every right to break the encryption codes for security reasons” said a senior executive of a leading telecom company which offers Blackberry services.