http://www.reportonbusiness.com/servlet/story/RTGAM.20080527.wrim28/BNStory/Business/home By Matt Hartley Globe and Mail May 27, 2008 As Research In Motion Ltd. charts its path toward global domination of the smart phone market, the company continues to discover its biggest strategic advantage is often a source of headaches when dealing with foreign governments. It was RIM's data encryption technology that helped the BlackBerry become the preferred communication medium for the business world in North America. But misperceptions about security infrastructure have put the Waterloo, Ont.-based company on the defensive again this week. Those same security measures that act as a selling feature have officials in some governments worried that terrorists are using the devices to communicate, while others don't like the idea of their nation's data being routed abroad through RIM's Canadian Network Operating Centres (NOCs). After Indian officials raised those concerns recently and threatened to shut down BlackBerry service in that country, RIM moved to quiet the storm by firing off a letter to customers that attempted to clarify the company's policy. The controversy has left RIM officials trying to allay security concerns of foreign governments on one hand, while making it clear to shareholders and customers in other countries that it is not bending to local pressures and altering its basic infrastructure. “RIM respects the needs of governments to balance regulatory requirements alongside the corporate security and individual privacy needs of its citizens and RIM will not disclose confidential discussions that take place with any government,” the company said in the letter. RIM said it recognized customers might be “curious about the discussions that occurred between RIM and the Indian government regarding the encryption in BlackBerry products,” and that it wished to “assure customers” about the company's security policies. With more than one-third of its revenue now coming from markets outside of North America, RIM faces a mine field of security controversies that is becoming increasingly treacherous. The company is known for being tight-lipped about its security practices and for withholding details about how its network operates, something the company has admitted sometimes leads to speculation and misinformation. In March, India's Ministry of Telecommunications reportedly demanded that RIM install servers in India and provide the government with a “master key” to help security agencies intercept and decrypt BlackBerry messages in an effort to crack down on terrorism. Similar complaints surfaced last June, when security forces in France advised Paris officials not to use their BlackBerrys to send sensitive information, fearing the data could be intercepted in foreign territories. “The problem seems to be that these countries don't like the fact that the e-mail goes through the RIM NOC,” said Jack Gold, president of J. Gold Associates, a wireless consulting firm in Boston. “The NOC is not in India, so their e-mails are actually leaving the country and then coming back. France had that problem as well.” RIM declined to comment on the nature of its discussions with the Indian government, but in a recent statement prepared for customers, the company outlined how it would be impossible to provide any government with such a master key or “back door.” Messages sent from BlackBerry devices are difficult to monitor because the data is encrypted before it is transmitted. Large companies can add an extra level of encryption to messages by purchasing a BlackBerry Enterprise Server (BES), which sits in their IT department and communicates directly with RIM's NOCs. The BES adds a second layer of encryption that can be decoded only by using an encryption key that only the company possesses. Not even RIM has access to that information. “The reality is that RIM's BES service is unbreakable,” said Canaccord Adams analyst Peter Misek. “The [U.S. National Security Agency] can't break it; no one can break it. “RIM won't give out back doors because then all these governments will want to have this special ability.” U.S. government officials initially expressed concerns about the security of the BlackBerry network once the device became a staple in Washington power circles. However, the U.S. government is now one of the biggest BlackBerry customers in the world; the Federal Bureau of Investigation purchased almost 20,000 devices for field agents in April. BlackBerrys bought directly from a telecommunication provider by small companies or by individuals operate on the BlackBerry Internet Service (BIS). Messages sent from these devices are routed through the telecom company's server which links directly to the NOC. “The BIS encryption isn't as strong, and if enough horsepower is thrown at it, it could potentially be cracked,” Mr. Misek said. Analysts say in some jurisdictions – such as China and Russia – where governments wish to monitor BlackBerry transmissions, RIM has likely opted to limit the distribution of BES networks in favour of the BIS variety in order to gain access to those countries' mobile markets. RIM said it does not discuss the details of discussions it holds with governments and carriers around the world. “I'm sure the RIM folks did have to do some funny stuff which they didn't want to make public to allay the fears of the Chinese marketplace,” Mr. Gold said. “It's the same issue [the Chinese] have with Yahoo and Google's search engines … China is very fussy about what they allow on their networks.” RIM's security features are the biggest reason why most analysts predict that Cupertino- Calif.-based Apple Inc.'s iPhone will struggle to become a serious competitor to the BlackBerry for business customers. “RIM security is head and shoulders above the iPhone,” Mr. Gold said. “There really isn't any security on the iPhone right now.” _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Wed May 28 2008 - 00:26:32 PDT