No doubt you have heard/read the recent headlines concerning the threats from governments in the Middle East to block Blackberry service. These threats stem from the use of encryption to ensure secure transfer of data between the handheld device and the networks it connects to. Certain governments of the Arabian Peninsula, including the Emirates, are claiming that RIM’s implementation of encryption on the device poses a security risk. Here are some of the headlines so you can get a good idea about what the mainstream media are saying about this:
- On The Wall Street Journal
- US Authorities able to tap Blackberry Messaging
- Gulf News Piece on the Story
- Express.co.UK from a political angle
I hope you have taken a good look at all of those articles because they all report the same story from a different perspective. That story is, in a nutshell:
Blackberry Services are encrypted and the traffic is routed, for the most part, directly to RIM servers in Canada. This technology could be exploited by terrorists that cannot be monitored by local authorities. The governments of the Arabian Peninsula want the ability to monitor the traffic between the blackberry handhelds and the RIM servers and expect RIM to provide them with decryption keys similar to the keys already provided to other governments including the US and UK.
That story also completely misses the point……Let’s take a look at the real issues….
First of all, the governements of the US/UK (and others who have the ability to monitor the Blackberry traffic) have very strict rules under which they are allowed to monitor. In keeping with normal due-process, any law enforcement organization who wants to monitor a suspects traffic is only able to do so after obtaining a Court Order. This is an important distinction as the regulatory commissions of the Emirates, Saudi Arabia, etc. are asking for the ability to decrypt traffic and monitor at will with no provisions for due-process.
I can understand RIM’s reluctance to give in to these demands.
Aside from that the real issue here isn’t security, it’s money (as usual).
The Telecommunications companies in that part of the world have been wrestling with the spectre of VoIP for quite awhile. To be more specific, the threat to their bottom line posed by Skype style VoIP. According to people I know in the Emirates some of these Carriers are claiming that 10-15% of their revenue is being “stolen” because of Skype telephony.
Contrary to what us technologists think, per-minute telephony charges are still a lucrative business for Carriers.
The Carriers’ response has been to block certain types of traffic and certain domains that enable the service to work. By identifying the traffic at the point of entry into the network, certain network-elements can then block or drop the traffic before it can be transmitted. This of course is completely dependent on the offending traffic being identified. What if the offending traffic were encrypted…..
Which brings us to the real issue. Carriers want to protect their voice minute revenue streams in the face of their customers’ tendency of making dirt-cheap and sometimes free phone calls.
To be fair, I’m sure the security argument is somewhat valid but in the end it’s all about money.
