Research In Motion (RIM) confirmed today that it is extending an offer to the Government of India whereby RIM would lead an industry forum focused on supporting the lawful access needs of law enforcement agencies while preserving the legitimate information security needs of corporations and other organizations in India. In particular, the industry forum would work closely with the Indian government and focus on developing recommendations for policies and processes aimed at preventing the misuse of strong encryption technologies while preserving its many societal benefits in India.
Finding the right balance to address both regulatory and commercial needs in this matter is an ongoing process and RIM has assured the Government of India of its continued support and respect for India’s legal and national security requirements.
Strong Encryption an Industry Matter:
Three facts are clear. First, as India continues its path of strong economic growth and increasing international business, the need to protect the integrity and security of sensitive corporate information through strong encryption-based information and communications services will grow. Banning such strong encryption-based information and communications services would severely limit the effectiveness and productivity of India’s corporations. Second, many countries around the world are putting in place additional policies and processes to properly address this challenge and prevent the misuse of strong encryption technologies. Third, this challenge can only be truly overcome if the Information and Communications Technology industry comes together as a whole to work with the Government of India.
The use of strong encryption in wireless technology is not unique to the BlackBerry platform. It is unquestionably an industry wide matter. Strong encryption has become a mandatory requirement for all enterprise-class wireless email services today and is also a fundamental commercial requirement for any country to attract and maintain international business. Similarly strong encryption is currently used pervasively in traditional VPNs (Virtual Private Networks) on both wired and wireless networks in order to protect corporate, government and law enforcement communications. Singling out and banning one solution, such as the BlackBerry solution, would be ineffective and counter-productive. It would be ineffective because anyone perpetrating the misuse of the technology would continue to have easy access to other wireless and wireline services that utilize strong encryption and are readily available in the market today. It would also be counter-productive since it would unnecessarily disrupt the business operations of many customers without ever achieving the stated objective.
As discussions between RIM and the Government of India continue, RIM would like to unequivocally clarify certain misperceptions that have been expressed recently:
Misperception #1 – “RIM has the keys to decode or decrypt the encrypted data that flows through the BlackBerry Enterprise Solution.”
In fact, RIM does not possess a “master key”, nor does any “back door” exist in the system that would allow RIM or any third party, under any circumstances, to gain access to encrypted corporate information. In order to provide corporate customers with the necessary confidence that the transmission of their valuable and confidential data is completely secure, the BlackBerry security architecture for enterprise customers was purposely designed to exclude the capability for RIM or any third party to read encrypted information. RIM would simply be unable to accommodate any request for a copy of a customer’s encryption key since at no time does RIM, ever possess a copy of the key.
Misperception #2 – “Locating BlackBerry Infrastructure within India, or within any particular geography, will somehow aid the Government’s access to encrypted information.”
In fact, the BlackBerry Enterprise Server security architecture was also purposefully designed to perform as a global system independent of geography. The location of infrastructure and the customer’s choice of wireless network are irrelevant factors from a security perspective where end-to-end encryption is employed. The transmission of encrypted data is no more decipherable or less secure based on the location of RIM’s BlackBerry Infrastructure or the customer’s selection of a wireless network. All data remains encrypted at all times and through all points of transfer between the customer’s BlackBerry Enterprise Server and the customer’s device (at no point in the transfer is data decrypted and re-encrypted). Therefore, locating BlackBerry Infrastructure in a particular geography does not in any way aid or offer access to the encrypted information that flows through the BlackBerry Infrastructure.
Misperception #3 – “RIM has offered solutions to certain governments and denied the same to others.”
In fact, while RIM does not disclose confidential regulatory discussions that take place with any government, RIM assures both its customers in India and the Government of India that RIM maintains a consistent global standard for lawful access requirements that does not include special deals for specific countries.