Indian officials in RIM ban talks

Indian government officials are expected to meet local telecommunications operators on Thursday to discuss their demands that Indian security agencies be given access to the contents of encrypted e-mail and messaging services sent via BlackBerry handsets.

The move, spearheaded by the Indian home ministry, comes as India prepares to ratchet up security ahead of the Commonwealth Games in the country in October. “If they cannot provide a solution, we’ll ask operators to stop that specific service,” said an Indian official quoted by Reuters news agency. “The service can be resumed when they give us the solution,” said the official who asked not to be named.

If a shutdown takes effect, the estimated 1m BlackBerry users in India would only be able to use the devices for phone calls and web browsing.

Research in Motion, the Canadian manufacturer of BlackBerry devices, already faces the threat of a ban on e-mail and messaging services in the United Arab Emirates from October 11 unless it meets similar demands from the UAE’s telecoms regulator.

There are signs that RIM and the three telecoms operators in Saudi Arabia may be edging towards an agreement that would avert the threat of a more limited ban there and meet the Saudis’ request for access to the BlackBerry-to-BlackBerry Messenger texting service widely used by youths in the kingdom.

RIM insists that it cannot give access to encrypted corporate e-mail and messaging traffic sent from BlackBerrys hooked up to corporate servers because it does not have the “keys” needed to decipher the data.

However, privately owned BlackBerrys do not use the same “strong” encryption and it might be possible for RIM and the Saudi telecom operators to provide access to Messenger traffic on the estimated 500,000 of the 700,000 BlackBerrys in the country owned by individuals. Some telecoms consultants in Saudi Arabia have suggested this might be done by setting up computer servers inside the telecoms operators.

“The agreement basically satisfies the government of Saudi Arabia which means information will be accessible upon request,” a consultant with knowledge of the Saudi negotiations said yesterday.

Some analysts believe an agreement on local servers might be used as a model elsewhere. “It is important because it is a prerequisite,” said Al Hilwa, IDC program director. “In order for any authorities to have the data, they have to have access. If RIM is going to end up playing internationally, this is what they’re going to have to do.”

But even if the Saudi Arabia arrangement is eventually confirmed, it is by no means clear that such an arrangement would satisfy other countries, including the UAE and India which are demanding much broader access to BlackBerry traffic including the ability to monitor encrypted corporate e-mail, Messenger and browser traffic.

Mike Lazaridis, RIM’s co-chief executive, said last week that the company would respond to legal requests for access to BlackBerry data, but could only provide the “encrypted data stream”. Unless local security agencies can decipher such data, this would be unlikely to satisfy their requirements.

For example, in India the security agencies want RIM to provide access to encrypted messages in a readable format. Officials claim RIM has proposed helping India track e-mails without sharing encryption details, but insist that is not enough.

“The pressure on RIM is mounting and an increasing number of governments seem to be demanding access to data for national security and enforcement purposes,” said Al Hilwa of IDC.

“RIM’s approach to provide strong encryption and centralised data hosting is commendable for privacy reasons and provides many enterprise users a high degree of comfort about their trade secrets and communications, but it is clearly running into sovereignty and control issues with many international authorities.

He said there are two main issues: “One is the location of the servers and the data, which is a first step to giving a level of control to international governments, and the second is the level of encryption provided which may be too strong for governments to control effectively.”

“Likely more and more countries will require RIM to take action on both, and likely RIM will have to take a more universal and systematic approach to dealing with this as the problem appears to be mushrooming,” said Al Hilwa.