The United Arab Emirates’ Telecommunications Regulation Authority (TRA) announced on Sunday that it would be suspending BlackBerry “messenger, e-mail and Web-browsing services” in the country from October 11, until these “applications were in full compliance with UAE regulations.” Given the popularity of the BlackBerry platform in the country (an estimated 500,000 users from a population of 4.5 million) one can only assume that we are seeing a form of brinkmanship—with the privacy of e-mails, IMs, and website visits at stake.
But what is it, exactly, that the UAE wants from Research in Motion (RIM), the maker of the BlackBerry? If it gets what it wants, how would it affect journalists and readers who use RIM products? And what will it mean for the UAE if RIM refuses to back down?
UAE says that the problem lies in “legal accountability,”
and the location
of RIM’s servers abroad, but it’s not as though RIM is unique in this
matter. Both the Apple iPhone and Google’s Android mobile phones both offer
features with servers located outside the UAE (the iPhone’s notification system
is operated by Apple, and the Android offers GMail and GTalk, a US-based e-mail
and IM system). And it’s not just the UAE that has pondered making RIM a
smartphone non grata. India,
RIM’s vulnerability to government pressure is largely down to an accident of its history—one that paradoxically makes RIM both seem the perfect potential spying partner for governments, as well as make it commercial suicide for them ever to adopt such a role.
The BlackBerry was first introduced in 1999, when the idea of e-mail and browsing over mobile networks was relatively new, and building an affordable mobile device that could provide those services was a novel technical challenge. To keep the BlackBerry cheap, and work around deficiencies in the existing mobile data networks, RIM did much of the heavy lifting itself. It built its own network and servers to keep track of the location of individual BlackBerrys. RIM’s own network also took up the burden of translating the complexities of the Internet into a form the relatively dumb and slow BlackBerry units could understand, and compressing the data to be faster and less burdensome on slow wireless networks.
Networks have grown better and smartphones smarter since then, but RIM’s original network design has remained largely unchanged. E-mail and other data arriving from the Internet still comes to RIM’s network first, and then is repackaged and dispatched to the correct BlackBerry over the wireless networks.
RIM’s unusual position as the constant middleman in every
BlackBerry exchange has proved to be catnip to state security services. If RIM
is the go-between of every communication, surely it would also be the perfect
stop for tapping BlackBerry e-mail and communications? That seems to be the
opinion of
There’s no direct evidence that RIM has provided such
access, but RIM’s vulnerable role has also provoked suspicion from its own
corporate and government customers. When Obama fought
to keep his BlackBerry after becoming president, the opposition was fueled by
the government’s security professionals’ discomfort the idea that all the president’s
mail would pass through a third party server (and a Canadian third-party at
that).
But strong-arming RIM isn’t the only solution to spying on its domestic BlackBerry users, just the most blatant one. In the consumer edition of the BlackBerry (as opposed to better protected corporate versions), traffic to RIM’s servers still passes largely unprotected over UAE’s local wireless networks, Etisalat and Du, both of which resell BlackBerry services within the UAE. With the cooperation of these companies, the UAE’s government could build pervasive Internet surveillance of almost all BlackBerry (and other) Internet traffic, though at far greater cost than just arm-bending RIM to hand over the goods.
The traffic that it wouldn’t be able to decode would be end-to-end encrypted communications, as is most often enabled by corporate BlackBerry users. But then, as RIM explained to the Indian authorities, RIM itself could not decipher this traffic, even if it did provide government access to its own network.
When asked for comment, RIM confirmed that the corporate BlackBerry Enterprise Servers (their corporate email/Net system) traffic is encrypted in a way that they or other third parties could not access, but would not comment on the unencrypted nature of non-corporate traffic. The security details of the Blackberry Internet Service (their consumer/mobile company service) are documented on their website, which states: "E-mail messages that are sent between the BlackBerry Internet Service and your BlackBerry device are not encrypted."
And that’s the important lesson for BlackBerry users, both among journalists and their audience. If you’ve got end-to-end encryption activated, neither RIM nor state governments can read your traffic. Most corporate BlackBerry Enterprise Servers have the option to turn on encryption. Most non-corporate BlackBerry Internet Service systems do not.
The UAE battle with RIM is a distraction to both the UAE’s would-be spies, and those who might fear their power. With suitable technical investment in domestic Internet monitoring, the UAE can decode a great deal of BlackBerry traffic without RIM’s help. When it comes to secure, encrypted communications, neither RIM nor any other telecommunication provider will be able to help them beat the encryption and spy on their own journalists or readers. The power lies far less in the hands of RIM, and far more in the hands of savvy Net users’ choice of the right tools.
Print
Share
Delicious
Digg
Facebook
Google
NewsVine
Reddit
StumbleUpon
Twitter
Subscribe
Great analysis. I suppose the UAE/RIM fiasco started last year after the UAE's state-run telecoms firm were caught red-handed trying to install spyware into Blackberry phones
http://www.engadget.com/2009/07/21/etisalat-blackberry-update-was-indeed-spyware-rim-provides-a-so/
why UAE government is taking this step and this will effect their travel industry too and the reason they are mentioning is not acceptable i think
What a cluster. Everyone go back to your unsecure iphonies. Everyone will be happy. Nothing is private or secure anymore. Now print this out and swallow it after you read it. :)
nope, business secrets is the goal
I am a journalist in the UAE and have observed the gradual deterioration in the relationship between the government and media. I am speaking from personal experience when I say the the regulatory aspect being enunciated is a distraction from the primary intent.
Even the Kenyan Intelligence services are getting their knickers in a twist claiming that the US donation of 21,000 Blackberries to the Interim Independent Electoral Commission (IIEC) meant the US (read NSA/CIA) were the first to know the results of Kenya's recently concluded referendum on a new constitution.
http://www.techmtaa.com/2010/08/09/kenyan-intelligence-not-happy-with-blackberry-donations/
Given that BlackBerry having been provided these services for awhile, why is it only now that the likes of India, Saudi Arabia, UAE etc are agitating for the right to sniff?