India's BlackBerry Brouhaha

The impasse between Research in Motion, manufacturers of the popular BlackBerry smartphones, and the Indian government continues although RIM said this week it would yield some ground in allowing "lawful and limited access" to its messenger services.

And, while the Canadian company cobbles together what it calls a "technical solution," the face-off has brought into sharp focus the growing friction between communications companies and governments in several countries over how to balance consumer privacy with national security.

India has a special case to make. The Mumbai carnage of 2008, Indian authorities say, was orchestrated by a handful of Islamic terrorists wielding BlackBerry devices. The attacks killed 166 and crippled India's financial capital for months as well as resulting in billions of dollars of property destruction.

Caught between "supporting legal and national security requirements" and preserving the lawful needs of citizens and corporations on the other, India's security concerns are not confined to RIM, nor are the concerns India's alone. Other communications providers such as Google and the Internet telephony firm Skype are on its radar and the radars of other countries. Experts feel the government should work out a package solution to enable possible interception and monitoring of all Internet-based traffic.

Although RIM says it will allow only "lawful access" for security requirements and won't make "any changes to the security architecture for Blackberry Enterprise Server customers," matters came to a head last week when the Indian Home Ministry threatened to pull the plug on its million-plus BlackBerry subscribers if RIM did not make private data accessible to its security agencies by August 31. Following meetings this week between RIM and Indian authorities, Home Secretary GK Pillai has fleshed out the requirements of Indian security agencies to which the manufacturer will have to adhere.

New Delhi has been demanding encryption keys to BlackBerry's servers since the service debuted in India in 2008, demands that echo requests of other governments around the world. The United Arab Emirates, Lebanon, Algeria, Saudi Arabia and Kuwait are all are reportedly considering new requirements on services like BlackBerry to ensure that they can monitor electronic messages for security reasons.

The United Arab Emirates has threatened to ban BlackBerry messenger, email and web browsing services from October 11. Earlier this month, BlackBerry scrambled to strike a deal with Saudi Arabia to set up a server in its territory after the government threatened to pull the plug on 700,000 subscribers for four hours. The government will now be able to track traffic, but it's doubtful if it can decode the content without encryption keys.

Despite RIM blinking first, the trickier question remains over intercepting mail in its highly encrypted enterprise servers. RIM's stand has been that `encryption' is a fundamental technology required in any country that wants to attract and maintain international business.

Analysts say that rather than just arm-twisting outfits like RIM, the time is ripe for India to formulate a clear policy on augmenting its surveillance and monitoring of internet traffic. Its Department of Telecom may follow Saudi Arabia's lead and ask RIM to set up a server in India.

"Such a facility would allow the government to monitor messages sent from the smartphone," says Vishal Shahi, a Delhi-based internet security expert. "Since most servers relaying corporate or government email are located within the host country, a solution can emerge if the telecom regulator were to hold telephony service providers to their surveillance obligations."

Shahi adds that if indeed the Indian government is using BlackBerry as a sample case to gain lawful access to private data on other telephony networks, the solutions provided by RIM could help it to formulate a policy response to security imperatives.

However, despite national security concerns, top Indian carrier companies like Airtel, Bharti and Reliance say the legitimate business and ethical concerns of RIM, Google or Skype or any other providers of internet telephony ought to be a part of the sustainable solution.

"The Indian government can't use the BlackBerry case as a bargaining chip to access proprietary technologies without accountability," Shahi said. "Access to this data must be lawful and such interception shouldn't jeopardize the fundamental architecture of the network."

Analysts point out that even as the government seeks RIM's compliance with its demand for access to the service's encrypted messaging services, it must also enhance its indigenous safeguards to prevent misuse of electronic surveillance.

"If commercial or personal information obtained in the course of security-related surveillance is misused," said Ashok Aggarwal, a Delhi-based civil rights lawyer and Founder, Social Jurist, "law and procedure should make it possible for the injured party to hold the government accountable. All stakeholders – citizens, the government, security agencies should function cohesively to avoid the misuse of any information."

Activist and Supreme Court advocate Kamini Bhasin says the issue of consumer privacy also kicks in. "Indian authorities will have to be responsible about whom they're bugging. Should there be doubts, the aggrieved party should be able to take the government to task."

Given the Indian economy's relevance as a major driver of growth for any global company selling goods and services, the government has strong bargaining power over companies like BlackBerry. But, critics say, this is no excuse for not investing enough in indigenous capability to monitor providers such as RIM.

With no clear sign of truce between RIM and the Indian authorities, an inter-ministerial group meeting has been called on August 20. It will be attended by senior officials from the Defence Research and Development Organisation, the Cabinet Secretariat, security agencies, the Center for Development of Telematics and the Department of Telecom to review the internet monitoring systems deployed nationwide.

"RIM must understand that India is on a fast growth trajectory and has genuine serious security concerns. BlackBerry has compromised with China and Saudi Arabia" says an official of the Cellular Operator Association of India, "So why is such a big deal being made out of India's request?"

Neeta Lal is a New Delhi-based independent journalist; neetalal@hotmail.com