Over the past few weeks, several countries have threatened to ban the use of BlackBerry devices, contending that their high level of encryption makes surveillance for the purpose of national security impossible. Saudi Arabia is currently reassessing a ban that briefly took effect on August 6 but was then temporarily lifted, India has announced plans to block BlackBerry email and messaging starting on August 31, and the United Arab Emirates is planning to ban BlackBerry email, messaging and web access as of October 11, 2010.
On August 12, 2010, RIM stated that while it "genuinely tries to be as cooperative as possible with governments in the spirit of supporting legal and national security requirements," any data access given to carriers must be limited by the following four principles:
1. The carriers' capabilities be limited to the strict context of lawful access and national security requirements as governed by the country's judicial oversight and rules of law.
2. The carriers' capabilities must be technology and vendor neutral, allowing no greater access to BlackBerry consumer services than the carriers and regulators already impose on RIM's competitors and other similar communications technology companies.
3. No changes to the security architecture for BlackBerry Enterprise Server customers since, contrary to any rumors, the security architecture is the same around the world and RIM truly has no ability to provide its customers' encryption keys. Also driving RIM's position is the fact that strong encryption is a fundamental commercial requirement for any country to attract and maintain international business anyway and similarly strong encryption is currently used pervasively in traditional VPNs on both wired and wireless networks in order to protect corporate and government communications.
4. RIM maintains a consistent global standard for lawful access requirements that does not include special deals for specific countries.
Pund-IT Research principal analyst Charles King says it's crucial to look at these issues in the larger context of national security concerns such as the assassination of Mahmoud al-Mabhouh in Dubai earlier this year, and the recent attack on a Japanese oil tanker near the Strait of Hormuz. "Any time a country that's obviously dealing with a lot of political and economic challenges has the sort of problems related to security that the UAE has had lately, you'd expect some sort of dust to fly," he says.
The point is that, from RIM's perspective, none of this is new. "RIM's technology model of having data encrypted and stored, running into company data centers in Canada and elsewhere, has been a fact of life for years and years... and the company has hundreds of thousands if not millions of customers throughout the Middle East -- which indicates that the governments should have known something about this before this latest dust-up," King says.
Eventually, King says, he expects some kind of compromise to be worked out with each of these countries. "The fact is that telecommunication service providers of every sort work out deals... that are friendly to the security issues and security agencies within the nations where they do business, and RIM isn't the only company dealing with and negotiating these kinds of agreements," he says.
Still, if a country like the UAE does decide to play hardball, King says it won't hurt RIM too much if it decides simply to walk away. "The number of users [in the UAE] represents under two percent of RIM's total user population -- and whatever they might potentially lose in customers from having to withdraw from the UAE, I think they will gain back in sympathy from other governments and consumers that feel the way that they do business is fully responsible and professional," he says.
Enderle Group principal analyst Rob Enderle says one straightforward solution would be for RIM to shift the responsibility to the customer. "RIM could simply create the option of creating a master key, give that option to their customers, and then make the discussion between their customers and the government... The fact of the matter is, a government has the responsibility to secure its borders and its citizens, and if they feel that getting access to the information that is on BlackBerry phones is critical, they are going to do that," he says. "It would behoove RIM to get ahead of that problem and make sure it's somebody else's."
But no matter how this turns out, Altimeter Group partner and analyst Michael Gartenberg says it's ultimately good news for RIM. "When you have authoritarian governments saying, 'We don't want your device in our country because we can't spy on our people any more,' that's almost a perfect advertisement for RIM," he says.