A Dummy's guide to what India wants from BlackBerry

Q. Okay, I get that BlackBerry is doing pretty well in many geographies like Asia and Europe. But talking about India, what’s this I hear every few months about the Indian government threatening RIM that it will shut operations in India? Is Apple behind this so that Indians are forced to buy iPhones?

A. No, despite the fact that most Indians would prefer to buy iPhones to BlackBerry, the fact is, we can’t afford those expensive toys. And Apple really doesn’t give a damn about India . Plus, truth be told, BlackBerry Messenger (BBM) is a rage in India, especially among the youth, Bollywood, etc.

Q. So why would the Indian government threaten to ban BlackBerry or have a running feud with the Canadian company? Don’t they ban enough of stuff as it is, such as books and films, because they believe Indians aren’t intelligent enough to differentiate between fact and fiction?

A. Um, that’s a different story and let’s not go there. But, the fact is, despite all the scorn being currently heaped on RIM and the company’s very existence being questioned after some severe business reverses in the North American market, there’s no other smartphone player that does communication as well as RIM.

If you’re a heavy user of e-mail, most likely you’d be on BlackBerry and the reason isn’t just the best physical keyboard on a smartphone, but also RIM’s own global network that powers its services. Unlike other smartphone vendors who sell you the device and then leave you to use its services on an operator network, RIM’s offering is not just a device but also a service, which RIM provides and where the last mile is provided by the operator.

And besides e-mail, there’s BlackBerry Messenger, which is unarguably the best instant message platform there is and often works when all voice networks are choked, etc. It’s so good in fact, that in the West, emergency service providers often use BBM as a means of communication (eg, during the chaos of 9/11).

Now, since India is blessed with having Pakistan for a neighbour, whose main export is terror that often targets India, the Indian government is quite obviously worried that our Pakistani friends and other anti-national elements could use BlackBerry devices to communicate, since BlackBerry is clearly a great communication tool.

Q. I still don’t get it—with all these millions of software developers in India can’t India just develop the technology to spy on all communication like the freedom loving US of A?

A. Well, our best software developers are perhaps already in the US of A. And trying to get a green card. So, they may not exactly help. But jokes apart, this is a big deal.

The issue is that RIM offers two flavours of service–one is BlackBerry Enterprise Service (BES), secure corporate mail that all kinds of organisations (both business and government) use and where a BlackBerry Enterprise Server sits on-premise in the organisation’s data centre and through which IT admins can control everything–from disabling your BlackBerry’s camera to securely wiping your BlackBerry in case you lose it.

With over 400+ kinds of controls available, there’s pretty much nothing that comes close in the enterprise space. The second offering is the BlackBerry Internet Service that is offered through a telecom operator, and where user controls are fairly minimal (online back-up, etc, are available, but if you’re in the IT department and want to get to know that cute new hire in marketing better, you can’t turn off her camera ‘accidentally’ and then chat her up as you ‘solve’ the complicated issue and prove you’re a knight in shining armour). The plus point with BES is that all communication is encrypted and the keys are with the organisation alone.

The way the BlackBerry system is designed, mail is encrypted at the BES located in your organisation’s data centre and decrypted only at your user’s BlackBerry device–at no other point does encryption or decryption happen. The BlackBerry security architecture for enterprise customers is based on a symmetric key system whereby your organisation creates its own key and only your organisation ever possesses a copy of the encryption key.

RIM says it does not possess a ‘master key’, nor does any ‘back door’ exist in the system that would allow RIM or any third party to gain unauthorised access to the key or your valuable corporate data. The BlackBerry security architecture for enterprise customers is designed to exclude the capability for RIM or any third party to read encrypted information under any circumstances.

The BlackBerry security architecture was also designed to perform as a global system independent of geography. The location of data centres and the customer’s choice of wireless network are irrelevant factors from a security perspective since end-to-end encryption is utilised and transmissions are no more decipherable or less secure based on the selection of a wireless network or the location of a data centre.

Q. So, what’s the problem them—if we can’t develop the technology to break encryption, what’s the problem with forcing RIM to hand over the keys? Shouldn’t we all be worried about terror and support the government in its efforts to stop terror attacks?

A. Yes we should support the government in its efforts to stop terror attacks, but how far would you go? Would it be okay if the government set up a 24/7 camera in your bedroom because there is a one-in-a-zillion chance a terrorist might someday enter your bedroom and the government wants to constantly monitor it to be ready for such a one-in-a-zillion eventuality?

Is it okay for the government to spy on legitimate, legal and what may be confidential communication between law-abiding citizens? If you’re on BES, this is official/business mail (now, now, we all have used our corporate e-mail to forward jokes, etc.)Which exists also on your organisation’s mail servers. Every organisation has the right to confidentiality as it goes about its business. We live and do business in an environment where competition would love to know all our business secrets and leverage these for their own ends. Which is why such e-mail is protected and encrypted.

It’s not like there are millions of BES servers in India and anyone can set one up. Typically, only large organisations have such capabilities (there is a free version of BES now available, but many features are blocked on that version). So, if the government suspects someone in a certain company is indulging in anti-India activities they could get a court to issue an order to track such corporate e-mail in real time through the corporate mail server.

Q. And what is RIM saying?

A. For a company that is in deep trouble and where its secure communication capabilities is perhaps one silver lining in a very large and very dark cloud, RIM is in a hard place. When the government demands such data communication on a real-time basis, RIM has been repeatedly stating it is unable to accommodate such requests for a copy of your organisation’s encryption key since at no time does RIM, or any wireless network operator, ever possess a copy of the key.

Q. Talking about encryption, don’t my online banking transactions make use of the same technology?

A. Yes, the issue is actually far bigger than RIM. There’s the larger issue of encryption itself. Your Internet banking transaction also uses encryption. It’s done to protect you and the bank and to ensure a secure transaction. Does the government want nothing to be encrypted and everything to be open so that it can spy on whatever it wants to at any time it wants?

Encryption is at the very heart of secure Internet communications and businesses use encryption for a wide variety of needs–such as the KPO that downloads encrypted data from a US client, works on it in India, encrypts it again and sends it back to the US. If the government has to monitor the BlackBerry system to prevent terror, surely it needs to monitor all encrypted data by the same logic?

Q. If I’m not on BES I don’t have to worry, then?

A. No. All your private communications are under the watchful eyes of the government. And that’s if you’re on any other platform such as iOS, Android, Symbian, etc, or don’t just use a smartphone but only use SMS and voice on a cheap feature phone. Not a nice feeling, but this happens everywhere in the world, so if you don’t want your communication to be tracked go back to snail mail. Or perhaps smoke signals.

Q. But why just RIM—to use BlackBerry you need a SIM card and aren’t there tough government-mandated verification procedures in India before anyone gets a SIM card?

A. Yes, but does any government anywhere in the world think logically and put the horse before the cart?

Q. Come to think of it, with some newspaper reports claiming all BlackBerry communication is now available to the Indian government, will any terrorist use BlackBerry? Also, how do terrorists communicate?

A. If you’re a terrorist and you know that there’s a chance that all BlackBerry communication is now available to the Indian government, would you use BlackBerry?

On how terrorists communicate, I’m no expert, but the fact of the matter is that Osama Bin Laden eluded capture by the world’s most advanced military force for so long not because he used technology, but because he was smart enough not to. Technology leaves electronic trails and terrorists know the pitfalls of such trails.

Terrorists have also used extremely simple methods of communication to avoid electronic trails. For instance, some time ago it emerged that some simply save an e-mail as a draft, and since the password for the e-mail account is known to both sender and receiver, the recipient views the draft too. This way, no e-mail is actually sent and no electronic listening post, however sophisticated, cutting-edge and expensive, can intercept the communication.