RIM's BlackBerry security woes: Beginner's guide

RIM is facing something of a crisis as it seeks to appease government security demands

Research In Motion's (RIM's) BlackBerry smartphones have been managing to hold their own in the corporate world, despite increasingly fierce competition from Apple's iPhone and the growing number of Google Android handsets.

What RIM did not need in such a hyper-competitive market, however, were concerns over one of its strongest selling points: security.

Yet that is exactly what has happened thanks to several governments over the past fortnight raising concerns that they are unable to keep tabs on the devices' encrypted data streams. In effect, BlackBerry data is too secure, rather than not being secure enough.

Here's the V3.co.uk guide to what all the fuss is about, and why businesses should care.

What happened when
News came to light on 1 August that the United Arab Emirates was set to ban BlackBerry services from 11 October. The ban will cover BlackBerry Messenger, email and web browsing services, according to the UAE Telecommunications Regulatory Authority. The regulator said it had been trying to reach an agreement with RIM for three years.

The heart of the problem is that the smartphone does not comply with local regulations because it sends data outside the country. It is unclear whether the authorities want to be able to read the content of email messages, or just to have access to encrypted streams, or whether their beef is with BlackBerry Enterprise Server customers or BlackBerry Internet Service users, or both.

"Certain BlackBerry services allow users to act without any legal accountability, causing judicial, social and national security concerns for the UAE," said the regulator.

On 3 August, the Saudi government announced a quicker ban, but only on BlackBerry Messenger, from 7 August. While being rather vague about their request, it became clear that the authorities in the kingdom want to be able to monitor the content of messages sent on BlackBerry devices.

On the same day, local papers in Kuwait reported that RIM was in talks with authorities to block BlackBerry handsets from accessing some 3,000 pornographic web sites. Other reports suggested that RIM was in talks with the Indian government about a system which could allow authorities to monitor communications on the platform for national security reasons.

Perhaps fearing that reports of RIM's doing secretive deals with various governments over the monitoring of BlackBerry data streams would undermine its security credentials, the firm issued a statement (see below) asserting the security of its enterprise services but keeping quiet on its BlackBerry Internet Services.

Later in the week, there was some better news for RIM after the Indonesian government confirmed that it has no intention of banning the use of BlackBerry devices in the country. Communications ministry spokesman Gatot Dewa Broto said that Indonesia's call for RIM to install a datacentre in the country in which BlackBerry data would be stored was "only a plea", and that there is "no legal sanction" governing the requirements.

Over the weekend of 7 August, reports emerged that RIM had struck a deal with the Saudis, agreeing to install a server in the kingdom which would allow the Saudi government to monitor BlackBerry data.

On 10 August, a statement from the Saudi Communications and Technology Commission (CITC) seemed to confirm that some kind of breakthrough had occurred. The regulator said that "positive developments in completing parts of regulatory requirements from mobile telecommunication providers has been noticed".

"CITC permits the continuation of BlackBerry Messenger services in addition to the continuation of joint work with service providers to fulfil the remaining requirements," it added.

On 11 August, a Reuters report indicated that the original idea of placing a server in the kingdom had proved unworkable. It now appears that RIM will provide authorities in Saudi Arabia with security codes that will enable them to read encrypted text messages on the BlackBerry Messenger service.

On 12 August India confirmed that it had given RIM a 31 August deadline to provide access to enterprise email and messaging traffic. This is despite admitting that it has already been given access to services like Voice SMS and BIS.

RIM released a response, restating its inability to hand over encryption keys for BES data, but left the door open for negotiations for handing over the keys for BIS data.