Blackberry's Battle with India Goes On
Despite a protracted three-year contest with India's security agencies that was thought to be solved late last year, the fate of BlackBerry's encrypted email and messaging services in India continues to be uncertain.
It is a contest that is being watched closely across the world by other governments dueling with Research in Motion, the Canadian manufacturer of the ubiquitous smartphone. International government concerns have grown considerably because of the fact that Egyptian protesters using Blackberry devices were mostly able to escape Cairo's crackdown on communications with the outside world until the Mubarak government fell.
India, concerned over the ability of militants to use heavily encrypted communications as a tool in jeopardize national security, has been demanding the encryption keys to BlackBerry's servers since the service debuted in India in 2008. Moreover, the government is insisting that all communications service providers – including Google and Skype – allow surveillance of their networks.
Because of its unique geopolitical dynamics, India is battling insurgencies from Kashmir in the northwest to the far-flung northeast. During the 2008 Mumbai carnage, a handful of mobile and satellite phone-wielding extremists wrought havoc in India's financial capital, killing 166 people and destroying property worth billions.
The United Arab Emirates, Lebanon, Algeria, Saudi Arabia, Indonesia and Kuwait have all – in the recent past -- pressed for new requirements on services like BlackBerry to ensure that they can monitor electronic messages for security reasons. RIM encrypts email messages as they travel between a BlackBerry device and a computer known as BlackBerry Enterprise Server (BES).
The Indian government accepted RIM's proposal for "lawful access by law enforcement agencies" of encrypted BlackBerry data after New Delhi threatened to pull the plug on its facilities last year, affecting 1 million-plus BlackBerry users in the country. In December 2010, RIM provided the government a cloud computing-based system which enabled security agencies to lawfully intercept BlackBerry Messenger (BBM) messages in a comprehensible format but not BES or corporate emails.
In January, however, India rejected RIM's offer to allow it only partial access to its BlackBerry data services. The Canadian manufacturer, on its part, failed to fulfill demands to monitor encrypted corporate email by a January 31 deadline. RIM had given India the means to access its Messenger service ahead of the deadline but refused authorities access to monitor secure corporate emails.
RIM has repeatedly said it doesn't have a master key to decode emails, adding that each user organization would have the technical capability to grant access to its own encrypted enterprise emails. The company also suspended its dialogue with the government over security issues, saying "leakage of sensitive discussions between the company and the Indian authorities (have) undermined the confidence needed for such discussions."
However, in the latest twist, India's telecom ministry said earlier this week that RIM had not divulged the full picture and has not been totally upfront in disclosing technical details to make a solution acceptable to both parties.
According to an internal note circulated within India's Telecom Department (DoT) that was leaked to Indian media, DoT is of the view "that RIM had created the necessary infrastructure for providing automatic solutions to monitor its messenger and public internet services, but had failed to provide what it termed 'the architect of the solution as well as the communication path for the service."
In the absence of these details, the department said, it is "difficult to ascertain the sustainability of the solutions provided by RIM and instruct telcos to implement it."
The telecom department's note adds that RIM may be "trying to shroud their services in mystery which may not be in consumer interest and may also violate the consumer's right to know." "RIM has been applying various pressure tactics in delaying to provide the solution to the problem," the note continued.
The creation of infrastructure in India, according to the Indian authorities, may be in RIM's best interest as it enhances the chances of acceptability of the service. But at the same time, it is giving no guarantees that the service won't be banned "without knowing the details of the type of infrastructure that RIM proposes to create in India, and whether this infrastructure will be able to provide a solution for the interception of the services."
Because of the complexity and sensitivity of the case, the telecoms department has now decided to set up a technical committee "to look into the architecture of various similar services so that a decision can be taken to address the issue of lawful interception of these services."
Given the notoriety of governmental committees in India and the bureaucratic way in which they function, analysts say the solution to the BlackBerry imbroglio may not be any time soon.
The showdown between the Indian establishment and a private enterprise like RIM has also spotlighted the issue of individual privacy. The government is already under pressure to seek a clear policy mandate on enhanced monitoring of enterprise Internet traffic. The BlackBerry controversy thus also raises delicate questions about electronic snooping and surveillance while simultaneously resurrecting the old debate about individual privacy versus national security.
Analysts feel that the Indian government's response towards RIM should factor in the legitimate commercial and ethical concerns of the providers of internet telephony.
"Rather than just arm-twist outfits like RIM, India would do well to formulate a clear policy on augmenting its surveillance and monitoring of internet traffic," says Rahul Desai, a civil rights lawyer.
Such a facility, he said in an interview, would allow the government to monitor messages sent from the smartphone too.
"Since most servers relaying corporate or government email are located within the host country, a solution can emerge if the telecom regulator were to hold telephony service providers to their surveillance obligations," he added.
If indeed the Indian government is using BlackBerry as a sample case to gain lawful access to private data on other telephony networks, the analysts say, the solutions provided by RIM could also help it to formulate a policy response to multiple security imperatives.
Top Indian carrier companies like Airtel, Bharti and Reliance have been emphasizing for a while that the legitimate business and ethical concerns of RIM, Google or Skype or any other providers of internet telephony for that matter ought to be a part of the Indian government's long-term solution.
The government, the analysts say, can't use the BlackBerry case as a ploy to gain access to proprietary technologies without accountability. Access to this data must be lawful and such interception shouldn't jeopardize the fundamental architecture of the network, undermine business interests or flout individual privacy, they say.
Neeta Lal is a New Delhi-based senior journalist; firstname.lastname@example.org