LONDON, August 4, 2010 - The plan announced this week by the United Arab Emirates to ban use of BlackBerry Messenger, e-mail and web browsing services by Oct. 11 unless the company allows it to access the encrypted messages on demand has drawn universal condemnation from freedom and privacy groups, but more a muted governmental response.
Some countries, such as India and Saudi Arabia, have threatened to follow the UAE’s lead, arguing that growing availability of BlackBerry smart phones around the world poses a threat to national security. Such fears are founded on the much stronger encryption supported by BlackBerry-maker RIM than found on most rival smart phones, which prevents governments from being able to decrypt messages without assistance.
RIM supports two encryption algorithms, Triple DES and Advanced Encryption Standard. These are both private key systems in which the keys are generated over a secure link, using authentication to detect attempts to eavesdrop at this stage, and then assigned to each BlackBerry user.
Each secret key is subsequently stored only in the user's secure enterprise account in systems such as Microsoft Exchange or IBM Lotus Domino, and on the user’s BlackBerry smart phone.
This means foreign governments or anyone else can only decrypt messages sent from a BlackBerry if they originally intercepted this key generation process to obtain the private keys, which would be unlikely since it probably took place within the user’s own country, often the United States. Even the most powerful computers cannot break encrypted Triple DES data by brute force attack without access to the keys.
The U.S. government, which itself uses AES technology to protect sensitive information, has been among the first to condemn the UAE announcement, leaving it open to accusations of hypocrisy, since it also has powers to wiretap, access e-mails and web browsing histories both for law enforcement and national security.
The UAE government argued that it was merely seeking the same powers of access as the United States, United Kingdom and other European countries. Indeed this conflict between privacy and security led the Canadian government to remain silent rather than speak up in defense of RIM, headquartered in Waterloo, Ontario, drawing strong criticism from freedom groups.
Both Robert Guerra, the internet freedom project director at Washington-based Freedom House, and Ronald Deibert, director of the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, charitably stopped short of accusing the Canadian government of cowardice, suggesting instead it had been guilty of lack of attention during the summer holiday.
The Canadian government’s current silence highlights how the advent of global mobile and broadband communications at ever-higher bandwidths is amplifying an old argument, exposing it to global and public scrutiny – the tension between national security as well as law enforcement, and right to privacy.
This may be no bad thing, for the arguments have never been truly resolved, leaving governments to adopt unilateral measures in their own interests. It will be difficult to establish a global framework controlling state access to messages, perhaps by holding the private keys in escrow, since governments are unlikely to allow a neutral body to arbitrate over what constitutes a threat to their national security.
It is unclear how the European Union, for example, will respond during its current overhaul of telecom law across its 27 member states. The objective is to harmonize the roll out of mobile broadband and eliminate cross-border regulatory barriers. While the initial focus was more on digital copyright and licensing issues, this thorny question of compliance with government access to messages now will rise steeply up the agenda.
As for RIM, the whole incident has provided valuable publicity for its security architecture. RIM said in a statement it is very proud of that architecture and has no intention of changing it for any one country.
The company also insisted that it cannot accommodate any request for a copy of a customer’s encryption key, since neither RIM, nor or any wireless network operator or any third party, ever possesses a copy of the key. If this is the case, there seems little to stop the UAE implementing its ban, leaving the debate over access on grounds of national security as unresolved as ever.
- Benton Foundation Renamed Benton Institute for Broadband and Society, Renewed Focus on Advanced Internet Networks
- Who’s On First? Congress Upset With Wasteful and Petty Antitrust Squabbles Between Justice and FTC
- Broadband Roundup: CBRS on a Roll, Innovation Fund in Rural California, Another Verizon 5G Announcement
- Broadband Roundup: FCC Announces More Rural Funding, Everyone On Expands Footprint, US Telecom Gets Political
- With FCC Broadband Maps Denounced as ‘Terrible,’ Members of Congress Drill Into Details For Improvement
Intellectual Property2 months ago
In Congressional Oversight Hearing, Register of Copyrights Says Office Is Responding to Online Users
Broadband Data4 months ago
Pennsylvania Broadband Speeds Worse Than Previously Believed, According to State Report
Broadband Data3 months ago
California Report: Income Most Significant Factor in Low Broadband Adoption
Privacy and Security2 weeks ago
Comparing Privacy Policies for Wearable Fitness Trackers: Apple, Fitbit, Xiaomi and Under Armour
Broadband Roundup1 month ago
Cable Industry Touts Energy Efficiency, Next Century Highlights Open Access Fiber, Aspen Forum Set
Drones1 month ago
Greater Commercial Use of Drones Will Force Revisions of Federal Aviation Administration Regulations, Say Experts
Fiber1 month ago
‘Dig Once’ Provides Future-Proofing Solution for Federal Highway Infrastructure, Says BroadbandNow
Expert Opinion2 months ago
Geoff Mulligan: A ‘Dumb’ Way to Build Smart Cities