opinion
privacy
Alok Gupta MD, Pyramid Cyber
A curve to the ‘B’ storm? Government’s real worry is probably that the service could be a backdoor for espionage, yet non-intrusive workarounds are needed
T
here is more to the BlackBerry issue than meets the eye. If we think it’s about security through encryption, we are assuming that the largest cache of wealth lies behind the biggest lock, one we have yet not broken. This assumption is wrong and is leading us on to the wrong track. The BlackBerry issue has seen a series of cover page appearances across dailies, and news and business magazines. Some of the reporting has been biased (even to the point of misinformation) giving PR managers nightmares that may not cease too soon. And some are struggling with what really the issue is—why is BlackBerry behaving haughtily? Still others have remarked that Blackberry is exhibiting double standards as it has given in to other western governments. Truth is never black or white. It lurks somewhere in between and this situation can therefore be no different. Let’s start from the very beginning. BlackBerry’s security architecture is based on the Advanced Encryption Standard (AES), one that is also adopted by the government of USA and consid-
46
egov / www.egovonline.net / September 2010
ered to be among the most robust in the industry. The government’s demand of ‘unrestricted’ access to information residing on Blackberry servers at one level smells of a bit of ignorance that is not fathomable because it is not a problem they cannot crack. As a matter of fact they have. A statement released by the government nearly a year ago claimed, “The government has decrypted the data on Research In Motion’s (RIM) BlackBerry networks. The department of telecommunication (DoT), Intelligence Bureau and security agency National Technical Research Organisation (NTRO) have done tests on service providers such as Bharti Airtel, BPL Mobile, Reliance Communications and Vodafone-Essar networks for interception of Internet messages from BlackBerry to non-BlackBerry devices. Initially, there were difficulties in cracking the same on Vodafone-Essar network but that has also been solved.” What it means is that the government can snoop on e-mail messages sent to the BlackBerry through the Internet service and not through Blackberry Enterprise Service (BES). It is this service that the government wants to be opened up.
Tomorrow it could be the Internet which can’t be just ‘switched’ off, a luxury that government enjoys with BlackBerry
However, the security built into BlackBerry devices by RIM is based on a system that allows customers to add a layer of security on top by creating their own key, and RIM does not have a master key or any mechanism that will allow it to gain access to crucial corporate data. So if RIM claims it cannot read the encrypted information, the company is not entirely incorrect. The government’s demand that RIM opens this platform amounts to asking a company to let loose a lever on which the very foundation of the company rests. The government is thus asking RIM to put its business model of ensuring safety and privacy of data in transit at risk. And thus it came as no shock that the company’s valuation took a beating when this issue took center stage. Security of its data in transit is exactly the reason why corporate honchos love their berries. They are assured that the ‘sensitive’ data that resides there is vaulted safe. Real-time monitoring of data that flows through the BES ecosystem will create risks of its own to businesses operating in India by exposing confidential corporate information to the eyes of others for potential misuse. Our track record of protecting