RELATED ARTICLES |
The wireless handheld device launched in 1999 supports features like push e mail, mobile telephone and text messaging. It is estimated that there are 400,000 BlackBerry users in India.
And they are a harried lot. Research In Motion (RIM), which makes BlackBerry, is under scrutiny and faces demands for access to its encrypted data in many of its fastest-growing markets.
The whole episode erupted after Indian security agencies expressed concern that data sent over BlackBerrys could effectively be transmitted through an encrypted security layer. This meant the data would be inaccessible to security agencies and it undermines the nation’s security.
The main problem is data sent over a BlackBerry is stored in RIM’s own servers in Canada and is out of bounds for Indian security agencies.
When the government asked RIM to lower its encryption levels in order to access to the encrypted data, the company backed out saying that such a measure would leave its customers vulnerable to attack from hackers. However, leaving the phone compromised to hackers might be less of a concern because Indian security agencies suspect militants used BlackBerry encrypted services to plan the 2008 Mumbai attack in which 166 people died.
How exactly does the BlackBerry encryption work? A BlackBerry smartphone user connects to a wireless network provider, which is a local telecom company. The telecom company connects to the internet. On the far side of the internet resides the RIM firewall and behind the firewall are RIM’s BlackBerry servers that store data and process them for the users. This infrastructure provides a secure two-way authenticated environment to each BlackBerry user.
The smartphone offers two transport encryption options, advanced encryption standard (AES) and triple data encryption standard (triple DES), for data transmitted between BlackBerry servers and smartphones. A unique master encryption key is generated in a secure, two-way authenticated environment and is assigned to each BlackBerry user.
Data sent to the BlackBerry from its infrastructure are encrypted by the server using the master key — the server already knows the master key of every BlackBerry user. The encrypted information travels securely across the infrastructure to the smartphone where it is decrypted with the master key stored in the phone. The data remain encrypted in transit and are not available for interception by parties that might need to access the data for security or hacking reasons.
Let’s take an example. If a BlackBerry user, say X, wants to send an email or an SMS to his friend Y, the BlackBerry device compresses the message on X’s BlackBerry and then encrypts the message using a randomly generated message key. X’s BlackBerry then encrypts the message key using the master key, which is unique to his device. The BlackBerry then sends the encrypted message key and the encrypted message. The BlackBerry servers receive the encrypted message key and the encrypted message from X’s smartphone. The servers decrypt the message key using that instrument’s master key. Then, the server decrypts the
message using the
message key.
Finally, the server decompresses the message and forwards it to the intended recipient.
Since the entire communication process rests on encryption and decryption, it is extremely secure and many governments are worried for different reasons.
For instance, the UAE, with about 500,000 BlackBerry users, has proposed a ban starting October 11 targeting BlackBerry messenger, e mail, and web browsing. The ban will also apply to visitors. The Gulf state said it was imposing the ban after three years of fruitless talks with RIM. Last year, the state-controlled operator Etisalat had sought to install an unauthorised surveillance application on its BlackBerry devices. It has an objection on security grounds to data being exported offshore and managed by a “foreign, commercial operation.”
The United States weighed in on the matter, saying it was disappointed and that the UAE was setting a dangerous precedent in limiting freedom of information. However, US president Barack Obama had to push to keep his BlackBerry upon assuming office due to security concerns and the fact that presidential emails are considered public records. His phone received enhanced security and his address book was reduced to personal friends and senior staff.
In 2007, a French security agency recommended that cabinet ministers and president Nicolas Sarkozy stop using BlackBerry services due to concerns that the data might not be secure. Many top ministers have since been issued specially encrypted smartphones instead.
Due to security concerns, the European Union's commission recently rejected the BlackBerry in favour of Apple's iPhone. The commission reviewed its choice of smartphone against a number of criteria including, security and financial impact, when it deployed a new technology platform in 2008.
Although BlackBerry is under fire in many parts of the world, other companies may also not be playing it clean. RIM recently alleged that there are four other networks in India that also provided similar encryption services over their infrastructure. These include Windows Mobile ActiveSync, Nokia Intellisync, Motorola Good and Seven Networks.
Ironically, for customers who opted for BlackBerry's email security over Apple and Nokia's hi-tech phones, this development is a potential setback. “This is about the internet — everything on the internet is encrypted. This is not a BlackBerry-only issue,” Michael Lazaridis, co-founder and co-CEO of RIM, said in an interview to The Wall Street Journal.
For BlackBerry users who bought the costly phone, there is still some hope. The handset could still be used as the contention is only over the encrypted BlackBerry service. The ban would lead to email and messaging services getting affected, but voice services could still be used. But only time will tell what actually works and does not work in the BlackBerry device.
The writer is doctoral candidate, Carnegie Mellon University, Pittsburgh, PA, and Knowledge Editor, Financial Chronicle
 Limited.JPG)
Post new comment