Feeds

Clinton barrels in to BlackBerry brouhaha

As Lebanon considers its options

Seven Steps to Software Security

US Secretary of State Hillary Clinton reckons there is a "right to free use and access" that could be infringed by countries banning BlackBerrys.

The US government steps into the argument as concern over the difficulties of intercepting BlackBerry communications continues to spread, with Lebanon being the latest country to voice an opinion on the matter, and the Saudi Arabia ban due to come into effect today.

"We know that there is a legitimate security concern, but there's also a legitimate right of free use and access," the Secretary said, as reported by the Wall Street Journal. "So I think we will be pursuing both technical and expert discussions as we go."

Canada's government has also been expressing concern - RIM is a Canadian company and most of the servers under discussion are located in Canada.

Not that it's always clear what exactly is under discussion.

The consensus is that security forces have a very hard time breaking RIM's encryption, and that the company therefore provides access to messages in response to legitimate requests from law enforcement.

RIM doesn't exactly deny this in its statement: "Any claims that we provide, or have ever provided, something unique to the government of one country that we have not offered to the governments of all countries, are unfounded."

Compare with the comment from the UAE's US ambassador: "It is regrettable that after several years of discussions, BlackBerry is still not compliant with UAE regulatory requirements even as it complies with similar policies in other countries."

Companies running their own Enterprise severs can expect a secure connection from their mail server to RIM's servers, and a secure connection from there back to the user's handset, with little risk of interception. But that's not important, as local security services can just turn up and inspect the Enterprise server.

More difficult, for the security people, is a BlackBerry configured to collect email from the user's personal accounts. In that configuration the email server, and RIM's server, may be in a different country (or even different countries), leaving the security forces with no alternative but to call for a ban.

In the UK, for example, the Reg understands that RIM has servers in Slough*, to which the security forces can demand access if necessary (not that they would need to, but the potential exists). Large enterprises may run local servers too, which would equally be subject to local laws, but non-enterprise users in countries without nearby servers will find their email routed through Canada, and beyond the range of their own security forces.

Alternatives do exist: the on-handset email client can be replaced with something like AstraSync, which connect to a local email server using Exchange ActiveSync or similar. Or RIM's servers could be replicated in the local country - but enforcing that kind of solution takes time, and needs RIM's approval.

Governments have long complained about encryption preventing them providing security. If the US Government had gotten its way back in the early 90s we'd all be using Clipper Chips by now, and transportation of the written RSA formula would be as illegal as smuggling guns. ®

* O2 was an early supporter of RIM, and is based in Slough: we can't imagine any other reason why RIM would want to go there.

The smart choice: opportunity from uncertainty

More from The Register

next story
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Apple orders huge MOUNTAIN of 80 MILLION 'Air' iPhone 6s
Bigger, harder trouser bulges foretold for fanbois
GoTenna: How does this 'magic' work?
An ideal product if you believe the Earth is flat
Telstra to KILL 2G network by end of 2016
GSM now stands for Grave-Seeking-Mobile network
Seeking LTE expert to insert small cells into BT customers' places
Is this the first step to a FON-a-like 4G network?
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
BlackBerry: Toss the server, mate... BES is in the CLOUD now
BlackBerry Enterprise Services takes aim at SMEs - but there's a catch
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.