Mobility

Research in Motion: Trying to have it both ways

Research in Motion has a problem. Their well-regarded encryption technology is upsetting national governments. Now, RIM has to make a choice; concede to the .govs or keep subscriber's traffic secure.

Research in Motion has a problem. Their well-regarded encryption technology is upsetting national governments. Now, RIM has to make a choice; concede to the .govs or keep subscriber's traffic secure.

--------------------------------------------------------------------------------------------------

Research in Motion (RIM) is under intense scrutiny. Several national governments; notably U.A.E., India, Kuwait, and China are concerned that BlackBerry traffic is undecipherable. Due to current geo-political conditions, that level of secrecy is unacceptable. Thus they handed RIM an ultimatum. Give us unfettered access or forget about doing business in our countries.

It's no secret -- RIM is losing market share. Besides that, their new entry, Torch is not creating anywhere near the buzz of the iPhone 4 or Android phone releases. So the conundrum of dealing with this encryption issue is something they really do not need.

The problem

The involved countries are taking a stance similar to that described by the United Arab Emirate's Telecommunications Regulatory Authority courtesy of WSJ.

"BlackBerry data is immediately exported offshore, where it's managed by a foreign, commercial organization. BlackBerry data services are currently the only data services operating in the U.A.E. where this is the case," the agency said. "Today's decision is based on the fact that, in their current form, certain BlackBerry services allow users to act without any legal accountability, causing judicial, social and national-security concerns."

India is even more forthcoming in their concern. This Gulf Times blog quotes a senior interior security official as saying:

"Wherever there is a concern on grounds of national security the government will want access and every country has a right to lawful interference."

So, these countries are demanding access to all encrypted RIM traffic, something a vast majority of RIM's approximately 45 million members probably don't want. Why? Corporate management and IT departments are comfortable with RIM's technology because it's encrypted.

RIM's encryption process

Every message is encrypted before it leaves the phone. All messages are sent to RIM's BlackBerry Enterprise Solutions (BES) servers located in network operating centers throughout the world. After which, it is sent on to the intended recipient. In a prepared statement, RIM's co-Chief Executive Mike Lazaridis explains the process in more detail:

"The BlackBerry security architecture for enterprise customers is based on a symmetric key system whereby the customer creates their own key and only the customer ever possesses a copy of their encryption key. RIM does not possess a "master key", nor does any "back door" exist in the system that would allow RIM or any third party to gain unauthorized access to the key or corporate data."

The statement also mentions:

"RIM would simply be unable to accommodate any request for a copy of a customer's encryption key since at no time does RIM, or any wireless network operator, ever possess a copy of the key."

Here is where I get confused. Somewhere along the way there has to be another copy of the symmetric key. How else will the data get decrypted? Maybe the clue is in this last part of the statement:

"All data remains encrypted through all points of transfer between the customer's BlackBerry Enterprise Server and the customer's device. At no point in the transfer is data decrypted and re-encrypted."

Decrypted somewhere

After reading the above statement several times, I found two key phrases:

  • That would allow RIM or any third party to gain unauthorized access to the key or corporate data.
  • All data remains encrypted through all points of transfer between the customer's BlackBerry Enterprise Server and the customer's device.

Does this mean that the encryption process is strictly between the BlackBerry device and BES servers? Bruce Schneier believes so:

"Am I missing something here? RIM isn't providing a file storage service, where user-encrypted data is stored on its servers. RIM is providing a communications service. While the data is encrypted between RIM's servers and the BlackBerrys, it has to be encrypted by RIM -- so RIM has access to the plaintext.

In any case, RIM has already demonstrated that it has the technical ability to address the UAE's concerns. Like the apocryphal story about Churchill and Lady Astor, all that's left is to agree on a price."

It would seem so. This Wall Street Journal blog by Phred Dvorak points out what maybe the real concern of the U.A.E. government:

"It's worried it wouldn't be able to compel RIM to turn over customer data, now processed in RIM's private servers outside the country. The U.A.E. wants RIM to locate servers in the country, where it has legal jurisdiction over them."

Blog comments

The responses I have read regarding this subject have fallen into two camps. Privacy advocates feel as this person does:

"Congratulations to RIM for making a product which has privacy and security built into its physical structure to make it impossible to physically snoop into the data, regardless of the political power of any totalitarian government. Privacy is important for customers and I think their sales will now go way up!"

The other side feels that governments have the right to access information that could affect national security. One comment that caught my attention was at Arabian Business.com:

"Governments have other means to satisfy their security needs. I'll translate for you: Most governments have the hardware and software to break the encryption."

That is an interesting viewpoint. It might explain why other countries do not appear concerned about this.

What's up?

Is RIM being singled out? Most web-based email systems are encrypted. I use Gmail and traffic is encrypted between my computer and Google's servers. For that matter, so are IP telephony services such as Skype. Are they next?

Your thoughts

This is where I normally have some final thoughts. I really don't this time. I feel the discussion is just getting started. It seems Mr. Eric Schmidt, Google's CEO is adding fuel to this fire with his comments about anonymity online being dangerous. So, which side are you on?

About

Information is my field...Writing is my passion...Coupling the two is my mission.

51 comments
Ocie3
Ocie3

From reading about the BES Express (server), which is offered free of charge, an individual could set one up on a home or SOHO computer and use one or more BlackBerries to communicate just like multi-national corporations can with BES Enterprise networks. They would need to run [i]"Microsoft? Exchange 2010, 2007, 2003 OR Windows? Small Business Server 2008, 2003."[/i] on the computer on which BES Express is installed. From Michael's article, it appears to me that, as is ordinarily the case, any and all traffic from a BlackBerry smartphone is encrypted on the BB itself before transmission to the local tower. What happens after that probably depends upon whether the traffic is voice or data. If voice, then it is probably decrypted and transmitted [i]via[/i] the network, in the clear, to the destination, where it may be re-encrypted if the destination is a tower within range of the intended recipient's cellphone. I don't know whether GSM is used for BB voice traffic; perhaps a more recent system is used instead. If the message is data, though, decryption of the transmission by the tower would simply expose the encrypted packet with the header in the clear so that it can be routed as any TCP/IP packet is routed. I assume that TCP/IP is used at least while the message is transmitted [i]via[/i] a public network, but if the traffic is transmitted through a private RIM network then a different protocol could be used, at least until it must continue to the destination [i]via[/i] the public Internet. There is more information on the web site than I read, so I don't know whether an individual "consumer" has data encrypted on their BB before the packet is encrypted again for transmission to a local tower. If they're using a WIFI access point, the data should just be single-encrypted. Of course, the recipient of the encrypted data must have a pre-shared key, since symmetric encryption is used. However, it is possible to use public/private key pairs to encrypt the symmetric key that will be used for one or more subsequent messages. Which is to say that encryption is workable, even between individuals, and any party that has enough expertise and the hardware can intercept the packet encrypted with PKI and break it to obtain the symmetric key for decrypting the data packet(s). However, doing that requires a lot of time as well as resources. So any third party, such as a government, cannot monitor traffic on a large scale or even at random. They must have selected parties as targets and the means to identify their transmissions in order for snooping to be feasible. (My 2 cents.)

santeewelding
santeewelding

Means, I get on my bicycle and pedal to meet with my compatriots about the downfall of the republic.

ederkley
ederkley

Hi Here in Australia, Blackberry devices are approved by the Defence Signals Directorate to carry government classified information, if only to a reasonably low level. However, I can see that if RIM changed the method that encryption occurs then that approval would be lost and the devices and infrastructure would need to be recertified. I imagine this would also be true in the US and other countries that rely on certification before approval to use devices for carrying classified information. I would think it would be a significant blow to RIM to upset that many enterprise customers by making any significant changes.

Michael Kassner
Michael Kassner

On the exact process. RIM is keeping quiet about the details. If the government has their own BES servers, it might be that RIM would not be able to decrypt the traffic even if it flows through their BES servers as well.

Jellimonsta
Jellimonsta

I would imagine there is additional encryption built upon the RIM infrastructure, for all intra department/ agency messaging.

wdewey@cityofsalem.net
wdewey@cityofsalem.net

What I get from RIM's statements is that the data portion of the message is encrypted, but the header info is not. This would allow them to store and forward messages without being able to access the users data. Essentially you would be able to see the device it came from and the destination server (or possibly even the recipient) without being able to read the message. My personal though on this is that RIM should put data centers in the countries in question. It wouldn't help the countries intercept traffic (because RIM doesn't have access), but it wouldn't cost that much money and could decrease lag and then data isn't being "immediately exported to foreign soil". If they sold devices with encryption disabled in certain countries I think they would loose their biggest draw and would not be able to compete. Bill edited to add "foreign soil" statement

Michael Kassner
Michael Kassner

I think RIM and the government statements are about two different networks. Rick in his comment reminded me that RIM itself has servers and large corporations can also have their own. RIM knows what's going on with their servers, but not the individual corporations.

Rick Siple
Rick Siple

I think there are two different services in play here. RIM, or someone, hosts BES servers for consumers. RIM, or someone, has those keys. My Blackberry talks to my employer's BES. RIM does not have access to those keys. RIM could likely proxy traffic for it's own BES servers to allow interception by the local government. Enterprise BES servers, or any BES run by a private entity, would appear to be inaccessible. Two concerns then: 1) What is the net effect if RIM doesn't/can't acquiesce? I assume it would reduce the device to a phone only. All smart features would be disabled since the remote BES would not be reachable? 2) How much effort for the "bad guys" to setup BES Express and circumvent the whole thing? Guess that would depend on how the "ban" is implemented.

dwdino
dwdino

All BES traffic goes through RIM. All. That is why when they have had outages at their datacenter, all Blackberry devices became paper weights. http://www.readwriteweb.com/enterprise/2010/03/another-nationwide-outage-for.php What is being attempted is to allow governments to tap into these streams and then work on the decoding. While RIM may not have the "keys", they have access to the technology and data streams to allow the requesting agencies to put the pieces together.

Michael Kassner
Michael Kassner

If a company has their own BES server?

Michael Kassner
Michael Kassner

I asked for information, but it almost seems RIM is keeping things quiet. Maybe because of what is happening.

Jellimonsta
Jellimonsta

From my understanding, if a BB is not associated to a Corporate BES or BES Express server, it is associated to the RIM BES servers. I don't believe a device can use more than one BES server either. However, I only had a BB for 6 or 7 months in my last job, so what do I know? :)

Michael Kassner
Michael Kassner

Is that why RIM says it doesn't know the key? Because it's set up between the phone and a corporate BES server? What about phones that are not associated with a corporate BES server? Do they just associate with RIM's servers?

dwdino
dwdino

RIM serves as a NOC for the handhelds. A clearing house if you will. When you stand up a BES installation, it registers with RIM's NOC and becomes a leg of their services. When the devices are joined to the BES server, they first register at the NOC and the NOC notifies the BES. All operations continue in this fashion. The US Government has some special agreements in place because of this (and the fact that the NOC is outside US borders). A normal workflow is like the following: 1. Email arrives in Exchange 2. Exchange notifies BES 3. BES uses MAPI to access the mailbox 4. Filters validate email is for the BB 6. The email is encrypted and compressed and sent out to the RIM NOC 9. The NOC reads the info and routes the email to the wireless carrier where the device is registered 10. The carrier receives the email and forwards it to the BB 11. Email arrives on the device and is decompressed and decrypted The whole time RIM is man in the middle.

Jellimonsta
Jellimonsta

Michael, from my limited understanding, the Corporate BES server does the encrypting. However, all mail flows through the 'Blackberry Infrastructure', and touches RIM BES infrastructure servers and services. I would highly suspect that appropriate agencies could jurisdictionally request the information from those resources. The issue herein lies for the outlined countries in that, they do not have any jurisdiction over RIM due to no servers or services residing in said countries. Hence, their demands.

Michael Kassner
Michael Kassner

I was wondering if that is what RIM is talking about when they say they do not have the keys. I asked a friend who manages a local BES and he mirrored your thoughts. My friend finally mentioned that he suspects that the bad guys would be under the consumer plan,

Ocie3
Ocie3

the "bad guys" be using only the "consumer plan"?? The organized criminals are perfectly able to create and operate legitimate businesses which also serve as cover for illicit and illegal activities. If they have an "enterprise" that meets RIM's criteria, and they have the money and expertise, then they would be able to have their own BES enterprise servers.

Michael Kassner
Michael Kassner

Your comment is valid, and I never said they weren't capable of doing so. That said, my research has pointed out the opposite and why the governments are asking for this.

tecsjunk
tecsjunk

Difficult choice - but in the end PRIVACY MATTERS!

Michael Kassner
Michael Kassner

Any push by your government to have access from RIM?

JPabroad
JPabroad

At the end of the day, RIM is a business that will have to abide by the laws of the country in which it does business, and they will! I agree with the entry from the US const. An individual has a reasonable expectation of privacy unless evidence is supplied implicating said individual to criminal activity. So, can RIM hold to these values and still call itself secure? I think it can while not being held responsible for how people use their products.

Michael Kassner
Michael Kassner

Of the saying "Locks keep honest people out" . I have been talking to a RIM expert and she envisions the bad people will setup their own BES server and be quite secure.

Dr_Zinj
Dr_Zinj

Encrypted communications is the logical extension of the right to free speech. "Congress shall make no law ... abridging the freedom of speech"; and "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized" What this means is that the Congress can't make laws blocking your communications. Doesn't matter if you're talking about a baking recipe with your Aunt Millie, or planning on how to assassinate the President with an Al Qaeda cell; they're forbidden to interfere. HOWEVER, given a signed warrant that there is a reasonable suspicion that you're planning a crime, the government has permission to listen in on your conversation. Which we all know is abused and violated by the FBI, CIA, law enforcement and other U.S. security organizations on a daily basis. What these other countries want is the access to the keys to listen in on conversations conducted from, to, or within their respective countries at will. Unfortunately, U.A.E., India, Kuwait, and China, et. al. don't have as "pristine" a record on human rights as Uncle Sam (excuse me while I clear my throat). So giving them the keys will also allow them to beat the crap out of dissidents whenever they feel like it, not just violent criminals.

Michael Kassner
Michael Kassner

As an amateur radio operator, I have quite a bit of freedom. Still the one thing that is completely forbidden is to use encryption during any communications, voice or data.

Slayer_
Slayer_

Times like this that make me believe we would be better off without governments...

spawnywhippet
spawnywhippet

I for one am truly sick of government interference and posturing on the grounds of 'national security' and 'terrorism'. Since the (truly sad) occasion of 911, all governments seem to have experienced a knee jerk reaction that too much security is still not enough. Just try flying into the USA without a US passport - I now refuse to go anymore after 5 or 6 extremely aggressive TSA agents frisked and abused me for the offence of heinous offence of trying to change planes at LAX whilst having metallic implants in my body.

tbostwick
tbostwick

I truly hope not and without RIM we wouldn't have NOTHING to compare the glaring lack of security on any wireless device currently in use. TXT, email and social tweeting are the norm - with TONS of data poured into that stream daily - most of it unchecked, unsecured and certainly easy pickings. It's like leaving your doors to your house unlocked and open in the middle of Tijuana, Mexico - because you "believe you don't sell drugs, your safe" Your not, and neither is your data - so do something about it. On the point of 9/11 and security in general - I'd agree, especially during the Bush era when everything we did had some "hook" into terrorism, attacks or something nefarious lurking around every corner.

Neon Samurai
Neon Samurai

I fear it's more often "finally found an opportunity to justify" given that the US gov was already trying to pass and implement many things that suddenly got waved through congress after the New York attack. Problem is that it's not unique to any country or form of government.

Neon Samurai
Neon Samurai

It brings us back to Robert Steel's record breaking eight hour talk and separate talk on the Earth Intelligence Network based on open source intelligence. "The intelligence community will use any information or resource they have to pay for." .. has to be one of my favorite lines explaining why they continue to under-utilize open source intelligence. One would have to make up there own mind about Mr Steel though as some of his answers are pretty out there.

Michael Kassner
Michael Kassner

To be an optimist and have some faith in the .govs. Could be wrong though.

seanferd
seanferd

Data mining certainly must be (at least potentially)lucrative or useful for corporations and governments. Or at least for the data miners, until specific entities find that data mining really doesn't do them much good at all. I'm sure the ROI will be really high in some situations, and highly negative in others where it doesn't produce any actionable intelligence or marketing leverage. (Oversimplified anecdotal example: An ISP can use DPI and other methods to track me all they want, and that data can be analyzed and sold in bulk with other data to marketeers and vendors, but no matter what they know, they are unlikely in the extreme to sell me anything more or different than what I choose.) There will, I'm sure, be a data mining bust, at least for some, to go along with the data mining explosion. We've had a massive proliferation of intelligence agencies in the U.S. They aren't doing anything but wasting money. (Thinking: Richard Clarke.) But I see what some of these countries are getting at, whether or not they can actually crack Crackberry encryption or not. "Well, if we can intercept and decrypt everything else, the nebulous enemies will all communicate via Blackberry to stay under the radar." In the end, though, if they want Total Awareness ™, they will have to assign a political officer to each citizen. The diminishing returns from such surveillance, instead of being a hint that one should dump such programs, is taken as a hint to further grasp at straws.

Michael Kassner
Michael Kassner

I suspect that is why data mining is fast becoming a valuable career path.

seanferd
seanferd

let alone analyze. And in the U.S., with its already low standards for conducting surveillance, these standards are much abused and ignored while the push for looser standards continues.

Michael Kassner
Michael Kassner

I can't say much but I know for a fact that there is a lot more inter-agency handshaking going on now than even a year ago.

michaellashinsky
michaellashinsky

I hear your point, I truly do, but as often as not, it is the govt that is the bad guy. During the Bush/Cheney administration, the biggest terrorist in the United States of America was the Government of the United States of America.

Neon Samurai
Neon Samurai

It still comes down to good old fashion investigation and communication between agencies and jurisdictions. Consider that the most dramatic recent example was more to do with a failure of the government and police than a success for the attackers. Relevant information was known ahead of time but not provided to relevant people who could act on it. The president didn't get briefed and make a decision to clear the air force for response until after the last plane hit the ground (fortunately not on target but very unfortunately for the passengers that took it down). The Gov could also reconsider some of it's foreign policy regarding foreign owned natural resources and manipulation of sovereign nations. (ACTA for example)

Michael Kassner
Michael Kassner

But, to play a different role. What should the governments do? How do they deal with the bad guys using technology for ill will?

Michael Kassner
Michael Kassner

Governments are demanding that RIM allow them access to encrypted BlackBerry traffic. Right or wrong??

tbostwick
tbostwick

It's about time a company DID NOT cave into the social forces that MySpace, Facebook and Twitter would like to shove down our collective throats. Obama had troubles too, as I recall, before he actually started the job with RIM and his BB in regards to security. (Note - he still uses it and daily!) RIM is the ONLY company doing security right, while others using phones may think they're secure and such they're really not. RIM distinguishes itself and should market itself as the "secure" choice - do a campaign with a map like Verizon did - showing the "other" phones and trillions of TXT and emails that get sent "un-secured". It's pretty scary that consumers are so "dumb" when it comes to security - but why you ask? Because of the people making fat checks sitting behind their lattes and Herman Miller chairs making decisions as to what's a "good selling point or a bad one". This isn't to say that RIM is 100% foolproof - but when entire governments and countries are "whining" that RIM and BB's are TOO SECURE - all I can do is laugh! And let's see - there are more 'Fix My PC' stores starting up than I would care to count, as people don't get much smarter when it comes to the was they secure their PC's at home. All RIM needs to do is a retinal scan/fingerprint reader on phones, and I'm sold forever.

jasonemmg
jasonemmg

The GOV'T has plenty of technological ways of spying on its citizens as is... GOOD FOR RIM

Michael Kassner
Michael Kassner

I can't verify it, but I am following a lead that alludes to there being an agreement between the federal government and RIM.

Neon Samurai
Neon Samurai

If one wants to do business in a country, they have to follow that country's laws. Sometimes that's a good thing such as the various privacy laws Google is being investigated in relation to. Sometimes that's something that sucks such as censorship. We're putting attention on RIM having to comply with local governments. What of all the other phone companies which have already had to comply? Consider also that these governments already have top level SSL signing certificates to decrypt network traffic with. Why is RIM's requirement to comply or get out suddenly new?

Michael Kassner
Michael Kassner

It is my understanding that Skype is coming under similar pressure.

Michael Kassner
Michael Kassner

That India is really after them. The Mumbai attackers were said to have used Skype

Neon Samurai
Neon Samurai

Skype's encryption has been holding up from what I understand even though they keep it proprietary. I've heard the eye of government is turning toward them now too though.