LONDON, August 4, 2010 - The plan announced this week by the United Arab Emirates to ban use of BlackBerry Messenger, e-mail and web browsing services by Oct. 11 unless the company allows it to access the encrypted messages on demand has drawn universal condemnation from freedom and privacy groups, but more a muted governmental response.
Some countries, such as India and Saudi Arabia, have threatened to follow the UAE’s lead, arguing that growing availability of BlackBerry smart phones around the world poses a threat to national security. Such fears are founded on the much stronger encryption supported by BlackBerry-maker RIM than found on most rival smart phones, which prevents governments from being able to decrypt messages without assistance.
RIM supports two encryption algorithms, Triple DES and Advanced Encryption Standard. These are both private key systems in which the keys are generated over a secure link, using authentication to detect attempts to eavesdrop at this stage, and then assigned to each BlackBerry user.
Each secret key is subsequently stored only in the user's secure enterprise account in systems such as Microsoft Exchange or IBM Lotus Domino, and on the user’s BlackBerry smart phone.
This means foreign governments or anyone else can only decrypt messages sent from a BlackBerry if they originally intercepted this key generation process to obtain the private keys, which would be unlikely since it probably took place within the user’s own country, often the United States. Even the most powerful computers cannot break encrypted Triple DES data by brute force attack without access to the keys.
The U.S. government, which itself uses AES technology to protect sensitive information, has been among the first to condemn the UAE announcement, leaving it open to accusations of hypocrisy, since it also has powers to wiretap, access e-mails and web browsing histories both for law enforcement and national security.
The UAE government argued that it was merely seeking the same powers of access as the United States, United Kingdom and other European countries. Indeed this conflict between privacy and security led the Canadian government to remain silent rather than speak up in defense of RIM, headquartered in Waterloo, Ontario, drawing strong criticism from freedom groups.
Both Robert Guerra, the internet freedom project director at Washington-based Freedom House, and Ronald Deibert, director of the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, charitably stopped short of accusing the Canadian government of cowardice, suggesting instead it had been guilty of lack of attention during the summer holiday.
The Canadian government’s current silence highlights how the advent of global mobile and broadband communications at ever-higher bandwidths is amplifying an old argument, exposing it to global and public scrutiny – the tension between national security as well as law enforcement, and right to privacy.
This may be no bad thing, for the arguments have never been truly resolved, leaving governments to adopt unilateral measures in their own interests. It will be difficult to establish a global framework controlling state access to messages, perhaps by holding the private keys in escrow, since governments are unlikely to allow a neutral body to arbitrate over what constitutes a threat to their national security.
It is unclear how the European Union, for example, will respond during its current overhaul of telecom law across its 27 member states. The objective is to harmonize the roll out of mobile broadband and eliminate cross-border regulatory barriers. While the initial focus was more on digital copyright and licensing issues, this thorny question of compliance with government access to messages now will rise steeply up the agenda.
As for RIM, the whole incident has provided valuable publicity for its security architecture. RIM said in a statement it is very proud of that architecture and has no intention of changing it for any one country.
The company also insisted that it cannot accommodate any request for a copy of a customer’s encryption key, since neither RIM, nor or any wireless network operator or any third party, ever possesses a copy of the key. If this is the case, there seems little to stop the UAE implementing its ban, leaving the debate over access on grounds of national security as unresolved as ever.
- Smart Cities Connect to Hold 2020 Global Event Honoring 50 Smart Projects
- Broadband Roundup: More on the Rural Digital Opportunity Fund, 5G National Advocacy, and Policy Hackers
- Panelists on NTIA Broadband Webinar Say Smart Buildings Boost Civic Resiliency and Public Health
- Dynamic Spectrum Sharing Subject of Debate at Senate Commerce Committee Hearing on the Future
- FTC Settlement with YouTube Has Creators Upset and Worried About FTC Approach to Children’s Privacy
Signup for Broadband Breakfast
Open Access3 weeks ago
UTOPIA Fiber: A Model Open-Access Network
China2 months ago
Prakash Sangam: China’s Huawei Clones Are Greater Threat to National Security than Huawei
Broadband's Impact3 months ago
FCC Chairman Ajit Pai Praises Agency’s Work in Promoting High-Speed Internet at ‘Broadband Heros’ Event
Open Access2 months ago
UTOPIA Fiber Announces Partnerships with Morgan, Utah, Idaho Falls, and Other Cities
Broadband Mapping & Data3 months ago
Broadband Data From Providers Needs to be Checked With Data From Users, Say Panelists at Mapping Event
Education2 months ago
State Educational Technology Officials Say Better Broadband Necessary for Pedagogy and Equity
FCC1 month ago
Telephony Industry Rises to the Challenge of Robocalls, With Legislation, Regulation and Enforcement Close Behind
FCC2 months ago
As Next Year’s C-Band Auction Looms, FCC Officials Reflect on Innovation in Spectrum Auctions