BlackBerry emails can be monitored, says India

RIM is in a delicate position concerning the perceived security of its BlackBerry services

Indian officials may have come up with a way of monitoring encrypted corporate emails sent from BlackBerry devices, according to a government source.

The method involves intercepting and making a copy of a corporate email at the moment it is sent to a company's enterprise server, and then sending it on to the ISP's monitoring systems.

"Enterprise mail services offered on BlackBerry platforms and other services provided on virtual private networks can possibly be monitored by feeding back a clear email from the enterprise email server to the monitoring system located at each of the ISPs' premises," said the Indian Department of Telecommunications, according to a report in the local Economic Times.

It is still unclear whether the Indian authorities are looking to decrypt data, or would be happy with monitoring encrypted communications.

Nick McQuire, EMEA research director for enterprise mobility at IDC, explained that it is difficult to speculate on specifics owing to the complexities of RIM's enterprise service, and the fact that the company keeps sensitive issues with governments under wraps for obvious reasons.

"What is certain is that the arrangement will have to be in accordance with local legislation and, most importantly, have the backing and involvement of its local enterprise customers and carrier partners," he said.

The Indian government previously imposed a 31 August deadline on RIM, stating that key BlackBerry services would be blocked if authorities were not given access to encrypted data streams.

RIM has reportedly already provided authorities in Saudi Arabia with security codes to allow the reading of encrypted text messages sent by BlackBerry Internet Service customers using BlackBerry Messenger.

A report on Reuters earlier this week also claimed that RIM agreed to provide the Indian authorities with manual access to BlackBerry instant messages by 1 September, and automated access by the end of the year.

But it is harder for RIM to provide third-party access to its enterprise service architecture, according to McQuire.

"This is because, contrary to many rumours, RIM does lack the immediate ability to provide its enterprise customers' encryption keys to read and monitor enterprise email. Those keys belong to its customers and are part of the security building blocks of its platform," he said.

"However, a custom workaround will likely be found as RIM can't afford the backlash from exiting such an important growth market, nor the perception it will generate."

While this is a problem for RIM, McQuire added that the publicity may yet work in its favour. The implication is that the platform is so secure that even governments cannot get immediate access.

Read V3.co.uk's Beginner's Guide to RIM's BlackBerry security woes.