Research In Motion took its BlackBerry smartphones to a dominant position in the enterprise market by promising secure messaging to companies, governments, and other institutions. How badly is that position being threatened as governments pressure RIM to give them greater ability to tap messages sent to and from BlackBerrys? The answer could be crucial to the future of RIM’s core enterprise businesses, but so far neither RIM nor the governments harrying it are being very transparent about what’s going on.
The highly publicized demands by governments, most recently India’s, for more access to BlackBerry message contents has put RIM into a tight spot. To keep its enterprise customers happy, it must be able both to provide them with global communications and end-to-end security.
There are actually several different BlackBerry messaging services. BlackBerry Internet Service is a conventional mobile messaging service that lets BlackBerry owners connect to standard Internet mail accounts. BlackBerry Messenger is an instant messaging service available only on BlackBerrys. But the key to the controversy is BlackBerry Enterprise Server, which gives wireless access to corporate mail accounts, especially those running on the dominant Microsoft Exchange platform.
Recent versions of Exchange include their own mobile service that can be used to send mail from corporate servers to Windows Mobile, Nokia, Apple, Android, and Palm devices with varying degrees of control and security. Exchange servers communicate directly with handsets over the Internet and wireless carriers’ data services.
BES works differently (diagram above). A company installs a BES server alongside an Exchange server. The BES talks over a secure channel to a RIM data center which handles communications with BlackBerry handsets. Although this means that traffic is routed through a thirds party–RIM–enterprises like it because it relieves them of the complex job of managing air links and, especially, mobile security. The BES software also gives enterprises very fine-grained control over the security of handsets. For example, network administrators can, with the click of an option, prevent users from installing third-party apps or using the camera on their BlackBerrys.
To get security-conscious enterprises to accept routing their traffic through RIM’s servers, the company designed BES from the beginning to encrypt all traffic from end to end. When you send an email message from a BlackBerry, it is encrypted in the device, remains encrypted as it passes through the RIM data center, and is not decrypted until it reaches the BES server attached to your Exchange server. From there, it is sent out in enciphered or in clear text as dictated by Exchange. Similarly, when the Exchange server receives a message intended for your BlackBerry, it passes it on to the BES, which encrypts it and it is not decrypted until it reaches your device. Messages stored on the BlackBerry are also encrypted.
So what is it that RIM has given up to satisfy Saudi Arabia, the United Arab Emirates, and other governments that have demanded greater access to BlackBerry traffic in their countries? Neither the countries nor RIM have been very forthcoming. In response to demands from India, RIM issued a statement in which it set down ground rules for governmental “lawful access” to customer information. Beyond saying that it would not and could not share encryption information with governments, the statement shed almost no light on just what RIM had done to mollify Saudi Arabia and the UAE.
I think we have to assume that BES encryption works exactly as it is described by RIM. The service has won certification by the U.S. government under Federal Information Processing Standard 140-2 for the handling of “sensitive but not classified” information. That’s the highest certification available for commercial communications gear, and RIM has won similar certifications from many other governments. Much as the U.S. government might want to listen in on others’ communications, it doesn’t want anyone monitoring its, and it would not have certified BES for government use if it thought that RIM or anyone else could eavesdrop.
My guess is that RIM is giving governments (presumably including the U.S. and other western countries that haven’t made public demands or threats) a break on two points. First, it probably allows some monitoring of BlackBerry Messenger, which is not billed as a secure service. Second, it is probably sharing selected data on who is sending messages to whom, which would allow law enforcement or intelligence agencies to do traffic analysis even if they could not see the contents of messages. Even this would be limited, though, because in general, RIM would only know what domain a message originated from, not the individual sender.