Original URL: http://www.theregister.co.uk/2010/08/06/blackberry_clinton/

Clinton barrels in to BlackBerry brouhaha

As Lebanon considers its options

By Bill Ray

Posted in Mobile, 6th August 2010 10:19 GMT

US Secretary of State Hillary Clinton reckons there is a "right to free use and access" that could be infringed by countries banning BlackBerrys.

The US government steps into the argument as concern over the difficulties of intercepting BlackBerry communications continues to spread, with Lebanon being the latest country to voice an opinion on the matter, and the Saudi Arabia ban due to come into effect today.

"We know that there is a legitimate security concern, but there's also a legitimate right of free use and access," the Secretary said, as reported by the Wall Street Journal. "So I think we will be pursuing both technical and expert discussions as we go."

Canada's government has also been expressing concern - RIM is a Canadian company and most of the servers under discussion are located in Canada.

Not that it's always clear what exactly is under discussion.

The consensus is that security forces have a very hard time breaking RIM's encryption, and that the company therefore provides access to messages in response to legitimate requests from law enforcement.

RIM doesn't exactly deny this in its statement: "Any claims that we provide, or have ever provided, something unique to the government of one country that we have not offered to the governments of all countries, are unfounded."

Compare with the comment from the UAE's US ambassador: "It is regrettable that after several years of discussions, BlackBerry is still not compliant with UAE regulatory requirements even as it complies with similar policies in other countries."

Companies running their own Enterprise severs can expect a secure connection from their mail server to RIM's servers, and a secure connection from there back to the user's handset, with little risk of interception. But that's not important, as local security services can just turn up and inspect the Enterprise server.

More difficult, for the security people, is a BlackBerry configured to collect email from the user's personal accounts. In that configuration the email server, and RIM's server, may be in a different country (or even different countries), leaving the security forces with no alternative but to call for a ban.

In the UK, for example, the Reg understands that RIM has servers in Slough*, to which the security forces can demand access if necessary (not that they would need to, but the potential exists). Large enterprises may run local servers too, which would equally be subject to local laws, but non-enterprise users in countries without nearby servers will find their email routed through Canada, and beyond the range of their own security forces.

Alternatives do exist: the on-handset email client can be replaced with something like AstraSync, which connect to a local email server using Exchange ActiveSync or similar. Or RIM's servers could be replicated in the local country - but enforcing that kind of solution takes time, and needs RIM's approval.

Governments have long complained about encryption preventing them providing security. If the US Government had gotten its way back in the early 90s we'd all be using Clipper Chips by now, and transportation of the written RSA formula would be as illegal as smuggling guns. ®

* O2 was an early supporter of RIM, and is based in Slough: we can't imagine any other reason why RIM would want to go there.