Firstly, apologies for not dealing with favourite BlackBerry applications this week as promised earlier. However, over the last week or so, the BlackBerry ecosystem itself seems under threat in India, and that surely requires greater focus–what's the point of talking about favourite BlackBerry applications when every day media headlines seem to suggest that BlackBerry services could be banned in India any time now.
To a lot of users, this seems like an open-and-shut case. The Indian government claims that anti-national elements could use BlackBerry devices to communicate and RIM (the makers of BlackBerry) don't seem to be co-operating with the government to help track these nefarious elements on a real-time basis. Solution: Ban BlackBerry!
However, that's a naive viewpoint and the truth is far more nuanced. Most of us don't want to oppose anything related to 'national security' because we know India has suffered much at the hands of terrorists and hence feel anything that can be done to stop terrorism is okay. We fall for the national security bogey that governments often use to get their way.
Firstly, is 'anything' okay–is it okay for the government to spy on legitimate, legal and what may be confidential communication between law-abiding citizens? Secondly and more importantly, will this move to monitor secureBlackBerry conversations in real-time actually stop terror? And what about your rights to privacy in a democracy where citizens have constitutional rights?
The Heart of the Matter
While sections of the media have sensationalised this issue, the truth is that the government wants access to two elements of theBlackBerry ecosystem. One is secure corporate mail transferred through BlackBerry Enterprise Servers (BES) that many Indian organisations (both business and government) use and the second is BlackBerry Messenger. What makes RIM's position unique is that it is the only global smartphone manufacturer that manages data sent using its equipment and operates its own global networks. Others like Nokia or Apple leave that task to telecom operators or customers.
If you're not on BES, there's not much of an issue. I'm sure it warms your heart to know that the government can spy on your legitimate communication. Logically, it would seem the same assumption can be made for mobile e-mail sent through all systems other thanBlackBerry. But, let's move on.
However, if you're on BES, this is official/business mail, which exists also on your organisation's mail servers. Every organisation has the right to confidentiality as it goes about its business. We live and do business in an environment where competition would love to know all our business secrets and leverage the same for their own ends. Which is why such e-mail is protected and encrypted.
Why CIOs love BlackBerry
The way the BlackBerry system is designed, mail is encrypted at the BES located in your organisation's data centre and decrypted only at your user's BlackBerry device–at no other point does encryption or decryption happen. The BlackBerry security architecture for enterprise customers is based on a symmetric key system whereby your organisation creates its own key and only your organisation ever possesses a copy of the encryption key. RIM says it does not possess a 'master key', nor does any 'back door' exist in the system that would allow RIM or any third party to gain unauthorised access to the key or your valuable corporate data. The BlackBerry security architecture for enterprise customers is designed to exclude the capability for RIM or any third party to read encrypted information under any circumstances. And as any CIO will tell you, BlackBerry's information governance capabilities are a huge part of the reason why organisations love BlackBerry.
The BlackBerry security architecture was also designed to perform as a global system independent of geography. The location of data centres and the customer’s choice of wireless network are irrelevant factors from a security perspective since end-to-end encryption is utilised and transmissions are no more decipherable or less secure based on the selection of a wirelessnetwork or the location of a data centre.
Hence, when the government demands such data communication on a real-time basis RIM claims it is unable to accommodate such requests for a copy of your organisation's encryption key since at no time does RIM, or any wirelessnetwork operator, ever possess a copy of the key.
Now, I wonder why the government wants BES mail–I doubt terrorists would use BES, which is the preserve of enterprises. Plus new mobile connections need government-mandated verification proceduresin India. If that system is flawed, why not try and rectify that instead of threatening to ban BlackBerry ? And, if the government suspects some employee at an organisation using BES of anti-national activities, all it has to do is get a court to order the organisation to provide e-mail records and real-time monitoring of the user's e-mail. There are similar laws for telephone tapping and the safeguards are present to ensure the capability isn't misused.
But what real-time monitoring of all data will do is expose legitimate, confidential corporate information to the eyes of others and this information could be misused. If history is anything to go by, it will be. Sidin Vadukut in Mint paints a humorous scenario on what could happen, but most Indian business leaders would agree that if the government gets access to all communication on a real-time basis, it won't take too long for this humorous scenario to turn into painful reality.
But what about elsewhere, especially the US? While everyone seems to believe that RIM offers countries like the US the ability to spy on customers, RIM insists otherwise. I tend to believe RIM because there's no reason why the company will not offer the same facility to the Indian government but rather risk losing millions of customersin India , the world's fastest growing telecom market. Since the controversy broke, RIM's market cap has taken a beating–why would a company stand its ground and risk losing business if it could quietly capitulate to governments and carry on as if nothing had happened?
The issue is also about the larger issue of encryption. Your Internet banking transaction also uses encryption. It's done to protect you and the bank and to ensure a secure transaction. Does the government want nothing to be encrypted and everything to be open so that it can spy on whatever it wants to at any time it wants? Encryption is at the very heart of secure Internet communications and businesses use encryption for a wide variety of needs–from the KPO that downloads encrypted data from a US client, works on itin India and encrypts it again and sends it back to the US, to the BlackBerry system. If the government has to monitor the BlackBerry system to prevent terror, surely it needs to monitor all encrypted data by the same logic?
The fact of the matter is that Osama Bin Laden has eluded capture by the world's most advanced military force not because he uses technology, but because he's smart enough not to. Technology leaves electronic trails and terrorists know the pitfalls of such trails. Which is why despite the most advanced US spy satellites, unmanned aerial vehicles and billions of dollars later, Bin Laden is still a free man.
Terrorists have also used extremely simple methods of communication to avoid electronic trails. For instance, some time ago it emerged that some simply save an e-mail as a draft, and since the password for the e-mail account is known to both sender and receiver, the recipient views the draft too. This way, no e-mail is actually sent and no electronic listening post, however sophisticated, cutting-edge and expensive, can intercept the communication.
I'm sure that RIM would be willing to accommodate genuine concerns from the Indian government on BlackBerry Messenger too.
Also, take a look at the company India is keeping in this controversy. Sure, Saudi Arabia has announced a ban on some elements of theBlackBerry system, but does the world's largest democracy and a self-proclaimed emerging superpower want to take its cues from an insular, repressive country like Saudi Arabia? I've got nothing against Islam, but of the 175 countries where BlackBerry devices are in use today, the only countries that have problems with BlackBerry are Islamic ones, which you'll agree are not exactly admired for their open societies or mature, democratic systems of governance.
And finally, rather than pick on RIM, how about it if the government could set its telecom house in order first? India has been extremely late to the 3G party and while early adopters are moving to 4G, the self-proclaimed emerging superpower doesn't have proper 3G yet! Recently, Union Finance Minister Pranab Mukherjee, one of the most important men in India, got a telemarketing call during an critical official meeting, offering him an unsolicited home loan. So much for India's state-of-art 'Do Not Call Registry.' Or take mobile number portability. Soon, we will celebrate the first anniversary of the date when mobile number portability was to have been launched in India. Only problem is, it's nowhere in sight as yet, thanks to the same first-rate bungling that's fast making Indian telecom a laughing stock in the eyes of the world.
Let's not add a BlackBerry ban to that list.