1083_1The UAE government's decision to ban some functions of RIM's BlackBerry from October 11, citing security risks, reflects concern among some governments that the BlackBerry service does not allow them to monitor data traffic sent and received by BlackBerry users, and that this data is handled and stored offshore out of government control.

The BlackBerry platform architecture relies on dedicated data centres (NOCs) which handle all BlackBerry data traffic over a secure, encrypted connection between the NOC and the handset. Some governments are uncomfortable with the solution because they have little or no visibility into BlackBerry data traffic, and are concerned that BlackBerry handsets may be used for criminal purposes.

The difficulty for RIM is that security has been a key selling point for BlackBerry and acquiescing to government demands would significantly undermine its security credentials, particularly with business and public sector customers. There are legitimate reasons for wanting data encryption and privacy – and there is a concern that if RIM compromises with one government then others will demand the same access.
This is part of a wider debate around government monitoring and filtering of telecommunications and the Internet, with deep implications for privacy (both personal and corporate), freedom of speech and national security. The loss of access to the UAE market will upset BlackBerry customers and international business travellers in the region, but RIM looks likely maintain its current stance and avoid damage to its reputation in the much larger North American and Western European markets

BlackBerry versus government

Several countries in the Middle East have threatened to ban the BlackBerry service because it enables citizens to have secret conversations and peruse the web with privacy. This will be the start of a test of RIM's commitment to maintaining a global secure email service. However, governments should be careful what they wish for. After all, their own staff are BlackBerry users as well.

The United Arab Emirates (UAE) Telecommunications Regulatory Authority (TRA) issued a self-titled "important announcement" on 2 August stating that it proposed to suspend BlackBerry messenger, email, and web-browsing services from 11 October. This was the latest development in an apparently long-running discussion between the UAE government and the Canadian company Research in Motion (RIM) that operates the BlackBerry service.

The TRA adopted this position because RIM's secure telecommunications service prevented the UAE government from monitoring messages and emails, and restricting access to forbidden web content. The Saudi Arabian Communications and Information Technology Commission (CITC) followed suit within a few days, announcing a ban on BlackBerry service to be put into effect by 5 August. This follows similar discussions between RIM and the governments of China and India earlier in the year.

The announcements have provoked a storm of discussion. That all countries conduct surveillance on their citizens is not disputed. The difference is the degree to which the people can hold the government to account for abuse of its powers of surveillance. Countries vary considerably in the manner in which the balance between citizen interests and state interests is defined – with dictatorships on the one extreme and liberal democracies on the other.
However, the rise of the Internet and global wireless

communications is challenging the each-country-to-its-own scenario – introducing notions of global freedom expectations that appear to transcend the sovereignty of governments to regulate what their citizens will and will not see, hear, and say. Platforms like BlackBerry deploy highly secure ICT services directly into the hands of individual citizens at a low cost. Wireless services transcend borders, secure messaging subverts telecommunications interceptions, data is hosted outside of the reach of government agencies, and unfiltered web content can be accessed freely.

Suppliers such as RIM can now freeze government out of the regulatory loop by enabling citizens to have secret conversations – exactly the kind of secret conversations that are taken for granted as essential by any corporation or business, and indeed by government agencies themselves as users of the BlackBerry.

RIM needs to hold firm

This situation will be a challenging one for RIM to resolve. Developing nations are a large and growing market that it cannot afford to alienate. On the other hand, RIM's security policy is unambiguous: "The BlackBerry security architecture for enterprise customers is purposefully designed to exclude the capability for RIM or any third party to read encrypted information under any circumstances." The strength of RIM's security is a core part of its unique selling proposition.

While the security architecture is tighter for enterprise customers, there will be a 'guilt by association' impact for RIM if it is too accommodating of the demands of countries such as Saudi Arabia and the UAE – or if it is seen to be "flexible" on security when governments threaten to close market access.

There is an irony in the fact that government agencies are themselves large users of the BlackBerry platform. Agencies were initially wary of the security risks of RIM's Canadian-hosted email service, but are now comfortable with the security of the platform. However, this comfort rests on the assumption that RIM does not compromise the security of individual users by allowing "back door" access – to anyone. The biggest fear of some government agencies is that the security and intelligence services of an unfriendly foreign power could have access to their emails.
If RIM starts down the slippery slope of offering "customized" security environments to individual governments, how long will it be before the company is "piggy in the middle" between two countries that have a serious interest in compromising each other's security for commercial, or even military, reasons?

RIM would be better to withdraw from countries that do not yet see the value of its unique, globally secure, service offering.


By Tim Renowden, Analyst & Steve Hodgkinson, Research Director, Ovum - part of the Datamonitor group