BlackBerry gets stuck between a rock and a hard place

WIRED: UAE’s efforts to snoop into messages putting Canadian tech firm Research in Motion’s credibility on the line, writes …

WIRED:UAE's efforts to snoop into messages putting Canadian tech firm Research in Motion's credibility on the line, writes DANNY O'BRIEN

THIS WEEK, following a long ongoing battle between the United Arab Emirates (UAE) and the Canadian tech company Research In Motion (RIM), the Gulf state announced that it was banning the core of services offered by RIM’s flagship product, the BlackBerry.

The reason given was RIM’s refusal to comply with UAE law. One assumes that the law is connected with the UAE’s ability to spy on BlackBerry messages. One also assumes that RIM refused, not out of principal, but because despite appearances, it can’t do what the UAE asks.

RIM is an odd anomaly in the world of mobile devices.

READ MORE

It not only sells its own hardware, but that hardware sends almost all its messages via RIM’s own global network. RIM’s position as the constant middle-man in every BlackBerry exchange has been both a boon and a curse to the company.

It has made sizeable profits selling its BlackBerry Enterprise Servers (BIS) to individual companies to connect their e-mail IM and intranet systems to RIM’s network, and therefore to their BlackBerry-using staff. However it has also provoked suspicion from those same corporate and government customers.

When Barack Obama fought to keep his BlackBerry after becoming president, the opposition was fuelled by the discomfort of the US government’s security professionals at the idea that all the president’s mail would pass through a third-party server (and a Canadian third party at that).

To reassure those customers, RIM has gone to great efforts to guarantee the security of third- party communications across its network. In particular, enterprise users have the opportunity to encrypt data going to their BlackBerry users in such a way that it is impossible for RIM to spy in the middle – at least without substantially and visibly re-engineering their current software.

That, unfortunately for RIM, doesn’t stop law enforcement demanding that RIM use its its network to tap its users. In fact, it makes it worse. BlackBerrys, like pagers before them, are reputedly the communications device of choice for drug dealers and organised criminals because of their security features.

Governments know that RIM boasts of its enterprise security and they know they can’t break it. They also know that RIM controls the network.

Like the UAE (and Russia and China and Bahrain before it), they want RIM to fix the problem.

The truth is, however, that RIM, like most communication companies, only uses maximumly secure systems when it needs to.

Most of the features of the enterprise version are uncrackable, even for RIM, but there’s plenty of parts of the BlackBerry service that are eminently surveillable by government eavesdroppers, with or without RIM’s help.

For instance: one of the most popular features of the device is BlackBerry Messaging, an SMS- like service which allows BlackBerry owners to send messages to any other BlackBerry, provided they know the recipients “PIN” (which, despite the familiar acronym, is more like a permanent phone number than a secret code).

BlackBerry users, commercial or consumer, love messaging, because unlike text messaging, its messages are unlimited by character limits and are free.

PIN-to-PIN messages are not encrypted in an unbreakable fashion. It takes a bit of work, but anyone listening in on the mobile providers network can decipher them.

While RIM makes a great deal of fuss about how well protected its enterprise users are, the majority of its users in the United Arab Emirates are individual consumers, who use a slightly different set of RIM software, called BlackBerry Internet Service (BIS), sold to mobile phone providers as a rebrandable service.

RIM has been mostly silent about the security features of BIS. Buried on its main website, it confesses that “e-mail messages that are sent between the BlackBerry Internet Service and your BlackBerry device are not encrypted” and declares that most BIS traffic is dependent on the security features of your mobile phone provider, not RIM’s security.

That means that if, as in the UAE and most countries, the phone providers provide access to law enforcement for surveillance, non-corporate users of the BlackBerry are eminently monitorable.

If that’s the case, why is UAE making such public demands of RIM?

It’s probably due to its own paranoia about RIM’s capabilities. This is pure supposition, but let us say RIM has, perhaps, offered to show it how to tap consumer BlackBerry users. The UAE says that is not enough. Why should RIM arrogantly offer it this half-measure, while still allowing American businessman to chatter away in private?

Despite RIM’s protestations that it is impossible for it to tap its commercial offerings, the UAE refuses to believe them. Rumours that RIM has granted such access to the US, Russian and Chinese secret services must also fuel the UAE’s irritation.

It’s hard to know what RIM can do in this situation. To win over the UAE, it would have to rebuild its network to allow surveillance. If it did that, it would lose the bulk of its business to other governments and major corporations.

Given the choice, it might be easier for it to sacrifice the UAE and keep its reputation. It may be too late for that. Simply announcing that it is negotiating with government snoops may be enough for others to doubt its sincerity.

Sometimes it’s not enough just to keep a secret: RIM has to somehow convince the world that it still will.