On 2nd of July, in a complete turnaround of its previous stance, the Department of Telecom (DoT) said that there was no threat from blackberry services and the government had no objections if an operator wanted to offer these services. This comes after an impasse of almost over two months. So what was the reason for the impasse and what has finally emerged as a viable solution for both the sides? Let us have a look.
What is blackberry?
Blackberry is broadly identified as a PDA (Personal Digital Assistant). It is designed and marketed by RIM (Research In Motion), a Canadian firm. It is a wireless hand-held device introduced in 1999 which supports push e-mail, mobile telephone, text messaging, Internet faxing, Web browsing and other wireless information services. Further features are: Large, high resolution screen to provide ample workspace; vibrant display supporting over 65,000 colors; available memory for application and data storage; Java development platform based on open standards; integrated attachment viewing; exceptional battery performance; tri-band hand-held, operates on 900/1800/1900 MHz GSM/GPRS wireless networks, allowing for international roaming between North America, Europe and Asia-Pacific.
Why the security agencies are concerned?
The Indian security agencies have concerns that the data generated by the blackberry is not only difficult to monitor and intercept, it’s even tougher to decrypt the generated data sent over the network. The security agencies feel that this could be used by the terrorist organizations to their advantage in exchanging vital information pertaining to national security and could pose a serious threat.
Under India’s Information Technology Act of 2000, the government has the right, under certain circumstances, to intercept electronic communications for security reasons and in the national interest. Security agencies say that terrorists are increasingly using the Internet and applications such as e-mail to communicate with one another.
The security agencies have some primary problems with the blackberry:
1. The BB uses a 256 bit encryption which is by far one of the toughest in the world to break through. The present operators providing such services offer 128 bit encryption. Moreover the security agencies have the only the capability to break through a 40-bit encryption in their armor.
2. Most of the data that is sent through the BB is routed through its server in USA and UK. The security agencies want that since it is difficult to access these data because of multiple reasons pertaining to sovereignty, diplomatic and security reasons, the proposal is that all data generated by the BB’s in India should stay within the country. And for this RIM has to setup dedicated servers in India itself.
3. RIM should provide means to the security agencies to monitor the data, by either providing the master key to the database, or let the security agencies monitor it by bringing down the encryption level.
What RIM says?
1. RIM says that providing a 256 bit encryption is the USP of its blackberry model. The very reason that it provides such robust security feature is the reason it is being used by the corporate in exchanging important confidential business mails. Bringing it down to the level demanded by the security agencies will hurt its basic business model.
2. Second, RIM says that setting up server in India will make other countries where it is operating (operates in 135 countries) demand the same. This will greatly hurt its business propositions and it is against any such demands.
3. Then RIM feels that snooping through the users BB by the way of sending a SMS and that will automatically install itself and either let know the encryption key being used would greatly reduce the QoS and the device may behave abnormally (performance) and the user may get to know that he/she is being snooped.
4. RIM also makes it clear that the decryption key for any data sent is not even known by it because the device which sends the data itself generates an encryption key and can be decrypted by the user to which the data is intended. And there is no such master key which the security agencies are demanding.
5. Most importantly RIM says that majority of its clients are corporate companies, and these are used by people in the higher hierarchy in these companies, so RIM has proposed that their monitoring was not of concern and the real problem in monitoring would require the individual clients. The RIM is therefore working out technological changes to help the security agencies in monitoring these individual clients.
So each side has put their point of view with the DoT, security agencies and RIM are working together to find out ways for monitoring the data and help it covert into understandable form. Hopefully this impasse seems to be breaking.