BlackBerry services in India, as heard in the news, is under fire from the Indian government. “Blackberry services in India will get banned if India is not given encryption/decryption keys and if server is not located in India,” says Maloy Krishna Dhar, former joint director of the Intelligence Bureau.

CEO of Fifth C Solutions, K. Krishnamohan, the company which runs BlacMail push mail service says “Push messaging service providers such as the BlackBerry will be under unyielding pressure to be compliant with lawful intercept rules in some key markets. This will pose a dilemma of going against their stated principle of uncompromising customer privacy or abandoning markets with high commercial potential.”

The crux of the problem is BlackBerry highly values its encryption standards and the Indian government values its right to look into the communications based on national security point of view.

RIM communication on 2nd August says:

The use of strong encryption in wireless technology is not unique to the BlackBerry platform. Strong encryption is a mandatory requirement for all enterprise-class wireless email services. The use of strong encryption in information technology is not limited to the wireless industry. Strong encryption is used pervasively on the Internet to protect the confidentiality of personal and corporate information. Strong encryption is a fundamental requirement for a wide variety of technology products that enable businesses to operate and compete, both domestically and internationally. The BlackBerry security architecture was specifically designed to provide corporate customers with the ability to transmit information wirelessly while also providing them with the necessary confidence that no one, including RIM, could access their data. RIM Specifically mentions “The BlackBerry security architecture for enterprise customers is based on a symmetric key system whereby the customer creates their own key and only the customer ever possesses a copy of their encryption key. RIM does not possess a “master key”, nor does any “back door” exist in the system that would allow RIM or any third party to gain unauthorized access to the key or corporate data. The BlackBerry security architecture for enterprise customers is purposefully designed to exclude the capability for RIM or any third party to read encrypted information under any circumstances. RIM would simply be unable to accommodate any request for a copy of a customer’s encryption key since at no time does RIM, or any wireless network operator, ever possess a copy of the key.”

The BlackBerry security architecture was also purposefully designed to perform as a global system independent of geography. The location of data centers and the customer’s choice of wireless network are irrelevant factors from a security perspective since end-to-end encryption is utilized and transmissions are no more decipherable or less secure based on the selection of a wireless network or the location of a data center. All data remains encrypted through all points of transfer between the customer’s BlackBerry Enterprise Server and the customer’s device (at no point in the transfer is data decrypted and re-encrypted).

However, Maloy Krishna Dhar contends that the above is not true, “RIM has agreed to host the server in Saudi Arabia and is co-operating on the encryption/decryption keys. Why is that they can’t do it in India?”

As per BlacMail CEO, “”Irrespective of the relative strengths of encryption schemes, it should be possible to provide mechanisms for lawful interception of messages. For instance, it is certainly possible to give such an access at the server since the messages would be decrypted there. Hence the demands of governments to locate the messaging server within the country for convenient access by regulatory authorities. The merits of an encryption method does not in my mind have a correlation to the ability to provide controlled access for lawful intercept.”

He adds “BlacMail push mail service provides regulatory authorities with the ability to intercept and decode email messages sent through its infrastructure. Fifth C has worked assiduously to ensure that while its primary commitment is to ensure the security of its customer data through sophisticated encryption, it will also allow lawful intercept of email messages sent through BlacMail. We believe that striking this balance is key considering the realities of the global security situation and the fact that mobile devices are the most ubiquitous of all communication devices worldwide.”

BlacMail runs on most phones including the ones who offer push mail services to narrow segments such as Nokia and BlackBerry.

What says the industry?

BlacMail CEO says “Given that security of its citizens is a State subject, one should not be too surprised at the recent government scrutiny with regards to intercept of key telecom communication services such voice, SMS and now, push messaging. Many countries that face some form of internal or external security issues already enforce some form of “lawful intercept” of communications as mobile phones continue to proliferate among the populace. Security and safety considerations of citizens will always override commercial factors. ”

There are also other services offered by Tata Docomo, Jamoon and Mobee have the email client is situated inside the user’s phone and not even on an external server.

He adds ” On the other side, people need to be assured that such intercepts would not abused by the government. Efficient mechanisms need to be put in place to deter and penalize if violations occur. A careful balance should be acceptable by all.”

But Maloy Krishna Dhar says ” the government is not asking a blanket permission to look into the messages. Government is working on a list based on suspected persons list.”

Can industry comply?

Says Maloy Krishna Dhar “government is very serious of the compliance by the industry. BlackBerry will most definitely get banned in case it is not able to comply.”

K. Krishnamohan of BlacMail says “my hunch is that in the end commercial gain and business growth considerations will win.”