RIM Giving Another Crash Course In Encryption


Research In Motion's hawk-like attention to security in the Blackberry service has helped the company gain an ardent following in the business world. But the Blackberry's encryption has been a double edged sword, as RIM often has to explain how encryption works to curious national governments who've just figured out that it could be used to conceal nefarious behavior.

The latest example came last week when governments in India, Saudi Arabia, and the United Arab Emirates demanded that RIM provide them with some way of monitoring Blackberry communications, or face a shutdown of the service in those countries. But while RIM is negotiating with these governments, it's also taking a hard line, even though the company stands to lose a significant chunk of subscribers.

As it has done in the past, RIM executives explained that it can't give up copies of a customer’s encryption key because the company is never in possession of a copy of the key, nor is any other third party. RIM also denied that the U.S. gets special eavesdropping privileges and said the service functions the same in every country the company operates.

"Everything on the Internet is encrypted. This is not a BlackBerry-only issue. If they can’t deal with the Internet, they should shut it off," RIM co-CEO Mike Lazaridis told The Wall Street Journal last week.

RIM partners aren't surprised by the company's response to the latest round of Blackberry questioning from countries that seem to lack an understanding of how encryption functions.

"I very much respect that RIM won't back down on matters of security," said Steve Beauregard, president of Santa Monica, Calif.-based RIM partner Regard Solutions.

Alan Gould, president and CEO of Westlake Software, a wireless solution provider in Calabasas, Calif., says the argument is moot given that alternative encryption options are readily available.

"You can take the encryption off the BES server but it is not rocket science to build downloadable applications that encrypt the data anyway. And why target RIM? Android, Windows Mobile, iPhone all have or will have the same issues," said Gould.

RIM certainly isn't alone in using encrypted connections: Companies that run virtual private network software, or that use the AES standard for wireless encryption, could also come under the type of government scrutiny that RIM faces regularly, but for some reason it's RIM that gets called out.

"Encryption, in one form or another, is basically a fact of life," said Joe Bardwell, president and chief scientist of Connect802, a wireless solution provider in San Ramon, Calif. " It’s weird that RIM gets called on the carpet for encryption issues when encryption is being used all over, by all kinds of companies."

RIM is working with authorities in India, Saudi Arabia and the United Arab Emirates to resolve the issue, but there's little doubt that it'll have to rehash its argument at some point in the future as another government gets freaked out by the double edged sword of encryption.