Security Experts:

RIM Disputes Indian Media - Cannot and Will Not Provide Email Encryption Keys

BlackBerry maker Research In Motion (RIM) is disputing what they call false and misleading information coming out of India, which states that they have reached an agreement with the government to provide the encryption keys to corporate email and instant messages.

On Thursday, India’s Economic Times ran a story that said RIM has gone a step further in their four-year back and forth with the Indian government, where previously they had established a datacenter in Mumbai to help law enforcement and government officials conduct lawful intercepts and searches, saying the Canadian telecommunications firm would now also offer access to enterprise email.

BlackBerry Encryption Keys to Indian Government“RIM recently demonstrated a solution developed by a firm called Verint that can intercept messages and emails exchanged between BlackBerry handsets, and make these encrypted communications available in a readable format to Indian security agencies, according to an exchange of communications between the Canadian company and the Indian government,” the Economic Times reported

However, in an email to SecurityWeek, RIM outright denied the claims that they were handing over access to enterprise communications. To put it simply, the spokesperson said that RIM cannot provide access to the BlackBerry Enterprise Server protected emails, because they don’t have access to the encryption keys.

“RIM has found it necessary to correct some false and misleading information appearing in the media in India and would like to take an opportunity to set the record straight,” the spokesperson told SecurityWeek in an email Thursday night.

“RIM is providing an appropriate lawful access solution that enables India's telecom operators to be legally compliant with respect to their BlackBerry consumer traffic, to the same degree as other smartphone providers in India, but this does not extend to secure BlackBerry enterprise communications.”

The statement goes on to say that RIM has explained this issue on several occasions, and as explained in the company’s Lawful Access Principles, “RIM cannot access information encrypted through BlackBerry Enterprise Server as RIM is not ever in possession of the encryption keys.” SecurityWeek covered news from the BlackBerry maker back in August 2010 when it responded to pressure from authorities in India by saying the same thing—it did not have the ability to provide its customers’ encryption keys.

Related Reading: Failure of the BlackBerry PlayBook Means CIOs Need to Plan for an Apple World

Related Reading: Why the BlackBerry PlayBook Shows Us The Future of Enterprise Security -- Especially if it Fails

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.