Security Experts:

RIM Statement on India's Demands for Access to Messaging Services - "No Ability to Provide its Customers’ Encryption Keys"

"Contrary to any rumors, the security architecture is the same around the world and RIM truly has no ability to provide its customers’ encryption keys."

Authorities in India, in and effort to keep militants and spies off its mobile networks, is demanding access to email and messaging services provided by Research In Motion, maker of BlackBerry.

India has given Research In Motion a deadline of August 31st to comply with a request to gain access to encrypted BlackBerry messaging services within India.

India's demands come after Saudi Arabia demanded similar access and according to reports, RIM has agreed to provide government authorities codes for BlackBerry Messenger users in Saudi Arabia.

RIM, while trying to cooperate with governments, says they don't really have a way to provide customer encryption keys.

RIM issued the following statement late Thursday night.

Although RIM cannot disclose confidential regulatory discussions that take place with any government, RIM assures its customers that it genuinely tries to be as cooperative as possible with governments in the spirit of supporting legal and national security requirements, while also preserving the lawful needs of citizens and corporations. RIM has drawn a firm line by insisting that any capabilities it provides to carriers for “lawful” access purposes be limited by four main principles:

1) The carriers’ capabilities be limited to the strict context of lawful access and national security requirements as governed by the country's judicial oversight and rules of law.

2) The carriers’ capabilities must be technology and vendor neutral, allowing no greater access to BlackBerry consumer services than the carriers and regulators already impose on RIM’s competitors and other similar communications technology companies.

3) No changes to the security architecture for BlackBerry Enterprise Server customers since, contrary to any rumors, the security architecture is the same around the world and RIM truly has no ability to provide its customers’ encryption keys. Also driving RIM’s position is the fact that strong encryption is a fundamental commercial requirement for any country to attract and maintain international business anyway and similarly strong encryption is currently used pervasively in traditional VPNs on both wired and wireless networks in order to protect corporate and government communications.

4) RIM maintains a consistent global standard for lawful access requirements that does not include special deals for specific countries.

Subscribe to the SecurityWeek Email Briefing
view counter