RIM should not back down in security debate
Several countries in the Middle East have threatened to ban the BlackBerry service because it enables citizens to have secret conversations and peruse the web with privacy. This will be the start of a test of RIM’s commitment to maintaining a global secure email service. However, governments should be careful what they wish for. After all, their own staff are BlackBerry users as well.
The United Arab Emirates (UAE) Telecommunications Regulatory Authority (TRA) issued a self-titled “important announcement” on 2 August stating that it proposed to suspend BlackBerry messenger, email, and web-browsing services from 11 October. This was the latest development in an apparently long-running discussion between the UAE government and the Canadian company Research in Motion (RIM) that operates the BlackBerry service.
The TRA adopted this position because RIM’s secure telecommunications service prevented the UAE government from monitoring messages and emails, and restricting access to forbidden web content.
The Saudi Arabian Communications and Information Technology Commission (CITC) followed suit within a few days, announcing a ban on BlackBerry service to be put into effect by 5 August. This follows similar discussions between RIM and the governments of China and India earlier in the year.
The announcements have provoked a storm of discussion. That all countries conduct surveillance on their citizens is not disputed. The difference is the degree to which the people can hold the government to account for abuse of its powers of surveillance. Countries vary considerably in the manner in which the balance between citizen interests and state interests is defined – with dictatorships on the one extreme and liberal democracies on the other.
However, the rise of the internet and global wireless communications is challenging the each-country-to-its-own scenario – introducing notions of global freedom expectations that appear to transcend the sovereignty of governments to regulate what their citizens will and will not see, hear, and say.
Platforms like BlackBerry deploy highly secure ICT services directly into the hands of individual citizens at a low cost. Wireless services transcend borders, secure messaging subverts telecommunications interceptions, data is hosted outside of the reach of government agencies, and unfiltered web content can be accessed freely.
Suppliers such as RIM can now freeze government out of the regulatory loop by enabling citizens to have secret conversations – exactly the kind of secret conversations that are taken for granted as essential by any corporation or business, and indeed by government agencies themselves as users of the BlackBerry.
This situation will be a challenging one for RIM to resolve. Developing nations are a large and growing market that it cannot afford to alienate. On the other hand, RIM’s security policy is unambiguous: “The BlackBerry security architecture for enterprise customers is purposefully designed to exclude the capability for RIM or any third party to read encrypted information under any circumstances.” The strength of RIM’s security is a core part of its unique selling proposition.
While the security architecture is tighter for enterprise customers, there will be a ‘guilt by association’ impact for RIM if it is too accommodating of the demands of countries such as Saudi Arabia and the UAE – or if it is seen to be "flexible" on security when governments threaten to close market access.
There is an irony in the fact that government agencies are themselves large users of the BlackBerry platform. Agencies were initially wary of the security risks of RIM’s Canadian-hosted email service, but are now comfortable with the security of the platform. However, this comfort rests on the assumption that RIM does not compromise the security of individual users by allowing "back door" access – to anyone. The biggest fear of some government agencies is that the security and intelligence services of an unfriendly foreign power could have access to their emails.
If RIM starts down the slippery slope of offering "customized" security environments to individual governments, how long will it be before the company is "piggy in the middle" between two countries that have a serious interest in compromising each other’s security for commercial, or even military, reasons?
RIM would be better to withdraw from countries that do not yet see the value of its unique, globally secure, service offering.
MORE ARTICLES ON BLACKBERRY, BLACKBERRY BAN, CHINA, INDIA, REGULATION, RIM, SAUDI ARABIA, SECURITY, SMARTPHONES, UAE