LONDON, August 4, 2010 - The plan announced this week by the United Arab Emirates to ban use of BlackBerry Messenger, e-mail and web browsing services by Oct. 11 unless the company allows it to access the encrypted messages on demand has drawn universal condemnation from freedom and privacy groups, but more a muted governmental response.
Some countries, such as India and Saudi Arabia, have threatened to follow the UAE’s lead, arguing that growing availability of BlackBerry smart phones around the world poses a threat to national security. Such fears are founded on the much stronger encryption supported by BlackBerry-maker RIM than found on most rival smart phones, which prevents governments from being able to decrypt messages without assistance.
RIM supports two encryption algorithms, Triple DES and Advanced Encryption Standard. These are both private key systems in which the keys are generated over a secure link, using authentication to detect attempts to eavesdrop at this stage, and then assigned to each BlackBerry user.
Each secret key is subsequently stored only in the user's secure enterprise account in systems such as Microsoft Exchange or IBM Lotus Domino, and on the user’s BlackBerry smart phone.
This means foreign governments or anyone else can only decrypt messages sent from a BlackBerry if they originally intercepted this key generation process to obtain the private keys, which would be unlikely since it probably took place within the user’s own country, often the United States. Even the most powerful computers cannot break encrypted Triple DES data by brute force attack without access to the keys.
The U.S. government, which itself uses AES technology to protect sensitive information, has been among the first to condemn the UAE announcement, leaving it open to accusations of hypocrisy, since it also has powers to wiretap, access e-mails and web browsing histories both for law enforcement and national security.
The UAE government argued that it was merely seeking the same powers of access as the United States, United Kingdom and other European countries. Indeed this conflict between privacy and security led the Canadian government to remain silent rather than speak up in defense of RIM, headquartered in Waterloo, Ontario, drawing strong criticism from freedom groups.
Both Robert Guerra, the internet freedom project director at Washington-based Freedom House, and Ronald Deibert, director of the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, charitably stopped short of accusing the Canadian government of cowardice, suggesting instead it had been guilty of lack of attention during the summer holiday.
The Canadian government’s current silence highlights how the advent of global mobile and broadband communications at ever-higher bandwidths is amplifying an old argument, exposing it to global and public scrutiny – the tension between national security as well as law enforcement, and right to privacy.
This may be no bad thing, for the arguments have never been truly resolved, leaving governments to adopt unilateral measures in their own interests. It will be difficult to establish a global framework controlling state access to messages, perhaps by holding the private keys in escrow, since governments are unlikely to allow a neutral body to arbitrate over what constitutes a threat to their national security.
It is unclear how the European Union, for example, will respond during its current overhaul of telecom law across its 27 member states. The objective is to harmonize the roll out of mobile broadband and eliminate cross-border regulatory barriers. While the initial focus was more on digital copyright and licensing issues, this thorny question of compliance with government access to messages now will rise steeply up the agenda.
As for RIM, the whole incident has provided valuable publicity for its security architecture. RIM said in a statement it is very proud of that architecture and has no intention of changing it for any one country.
The company also insisted that it cannot accommodate any request for a copy of a customer’s encryption key, since neither RIM, nor or any wireless network operator or any third party, ever possesses a copy of the key. If this is the case, there seems little to stop the UAE implementing its ban, leaving the debate over access on grounds of national security as unresolved as ever.
- Coronavirus Roundup: Fighting Against the Homework Gap, No Fixed Data Caps in U.K., Gigabit Libraries on Role in Pandemic
- FCC Praises $200 Million for Telemedicine, Outlines Process for Up To $1 Million in Aid Per Applicant
- Coronavirus Roundup: FCC Grants Waiver to WISPs, CenturyLink on USNS Mercy, Precursor on Techlash
- Coronavirus Roundup: FCC Extends Rural Health Care Deadlines, Public Knowledge Tracks Misinformation, AEI on Regulation
- Special Webcast from Broadband Breakfast Partner Gigabit Libraries on Friday, March 27 – What Is a Library if the Building is Closed?
Signup for Broadband Breakfast
China1 month ago
Tech Officials Diagnose Excessive Trump Actions as Product of ‘Huawei Derangement Syndrome’
Health4 weeks ago
Battling Coronavirus COVID-19, Broadband Could Provide Relief Although Telemedicine May Not Help
Section 2301 month ago
Attorney General Bill Barr Calls for ‘Recalibrated’ Section 230 as Justice Department Hosts Tech Immunity Workshop
Net Neutrality1 month ago
FCC Seeks Comment on Net Neutrality Issues Remanded by Appeals Court: Public Safety, Pole Attachments and Lifeline
Health2 weeks ago
Broadband Breakfast Live Online Will Stream Daily in March on ‘Broadband and the Coronavirus’
Artificial Intelligence1 month ago
U.S. Progress on AI and Quantum Computing Will Best China, Says CTO Michael Kratsios
Asia1 month ago
Broadband Roundup: Global Internet Censorship, Tribal Divide, Klobuchar on the Broadband Stump
Broadband Mapping & Data1 month ago
Poor Broadband Maps and Lack of a Consolidated Voice Hinder Advocacy for Better Rural Internet