BlackBerry security: Is RIM making concessions to India?

BlackBerry Logo

It seems BlackBerry vendor Research in Motion (RIM) has yielded to political pressure over the security of its BlackBerry devices and services in an attempt to avoid an outright national ban on its products. According to a report from the Indian Economic Times, following serious pressure, the Canadian company has apparently agreed that within 15 days it will provide India’s security agencies with access to monitor users’ email correspondence. In mid-2008 Indian newspapers had already reported a breakthrough which didn’t, however, result in any actual changes.

RIM markets two solutions: The BlackBerry Enterprise Service for corporate customers and the BlackBerry Internet Service for private customers. Companies using the Enterprise Service each have their own BlackBerry Enterprise Service (BES) which exchanges encrypted messages with the individual BlackBerry devices. As the key is only known to the device and the BES, data transfers upstream of the BES supposedly cannot be monitored. For years, RIM has maintained that it has no access to this part of the communication.

Things are different with the BlackBerry Internet Service (BIS), where RIM negotiates between devices and servers using such IETF standard protocols as IMAP4, POP3 and SMTP. Emails arrive at the BIS in plain text unless users have encrypted them with their own software. RIM says that data transfers between the BIS and the devices are not encrypted. This provides various potential options for intercepting communication.

The United Arab Emirates (UAE) has said that, due to severe security concerns, encrypted BlackBerry communication is to be barred on a national level from mid-October. Kuwait and China also have concerns about the potential security risk the smartphones may pose, which could have huge economic consequences for RIM because competition in the smartphone industry for emerging markets such as China is currently very strong. Both the UAE and India say that they must have access to mobile communications in the case of suspected criminal or terrorist acts.


  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: