BlackBerry's response: RIM statement in full

Tuesday, 3 August 2010 5:54 PM

Dear Valued BlackBerry Customer:

Due to recent media reports, Research In Motion (RIM) recognizes that some customers are curious about the discussions that occur between RIM and certain governments regarding the use of encryption in BlackBerry products. RIM also understands that the confidential nature of these discussions has consequently given rise to speculation and misinterpretation.

RIM respects both the regulatory requirements of government and the security and privacy needs of corporations and consumers. While RIM does not disclose confidential regulatory discussions that take place with any government, RIM assures its customers that it is committed to continue delivering highly secure and innovative products that satisfy the needs of both customers and governments.

Many public facts about the BlackBerry Enterprise Server security architecture have been well established over the years and remain unchanged. A recap of these facts, along with other general industry facts, should help our customers maintain confidence about the security of their information.

• RIM operates in over 175 countries today and provides a security architecture that is widely accepted by security conscious customers and governments around the world.

• Governments have a wide range of resources and methodologies to satisfy national security and law enforcement needs without compromising commercial security requirements.

• The use of strong encryption in wireless technology is not unique to the BlackBerry platform. Strong encryption is a mandatory requirement for all enterprise-class wireless email services.

• The use of strong encryption in information technology is not limited to the wireless industry. Strong encryption is used pervasively on the Internet to protect the confidentiality of personal and corporate information.

• Strong encryption is a fundamental requirement for a wide variety of technology products that enable businesses to operate and compete, both domestically and internationally.

• The BlackBerry security architecture was specifically designed to provide corporate customers with the ability to transmit information wirelessly while also providing them with the necessary confidence that no one, including RIM, could access their data.

• The BlackBerry security architecture for enterprise customers is based on a symmetric key system whereby the customer creates their own key and only the customer ever possesses a copy of their encryption key. RIM does not possess a "master key", nor does any "back door" exist in the system that would allow RIM or any third party to gain unauthorized access to the key or corporate data.

• The BlackBerry security architecture for enterprise customers is purposefully designed to exclude the capability for RIM or any third party to read encrypted information under any circumstances. RIM would simply be unable to accommodate any request for a copy of a customer's encryption key since at no time does RIM, or any wireless network operator, ever possess a copy of the key.

• The BlackBerry security architecture was also purposefully designed to perform as a global system independent of geography. The location of data centers and the customer's choice of wireless network are irrelevant factors from a security perspective since end-to-end encryption is utilized and transmissions are no more decipherable or less secure based on the selection of a wireless network or the location of a data center. All data remains encrypted through all points of transfer between the customer's BlackBerry Enterprise Server and the customer's device (at no point in the transfer is data decrypted and re-encrypted).

RIM assures customers that it will not compromise the integrity and security of the BlackBerry Enterprise Solution.

BlackBerry ban

Join the Discussion

Disclaimer:The view expressed here by our readers are not necessarily shared by Arabian Business, its employees, sponsors or its advertisers.

Please post responsibly. Commenter Rules

Read All 13 Comments

Posted by: francisco fernandes Thursday, 5 August 2010 6:56 PM[UAE] - UAE

Why the decision is taken not taken earlier ?, BB was launched for quite a few years ago in UAE and people have individual and enterprise investment. Questions might have been raised earlier by the authorities and hoped that BB would allow and give some options to do random checks on the communication as when and when needed by the authorities. So since till now I think BB remain admant on their stand to satisfy end user security requirement over local authorities, which is not very clever or impressive so the BAN ought to have come, It is come now there but wouldn't be if it had been earlier the better ? Can the children hide all things from their parents, might be some but definitely not all.

Reply to this comment.

Posted by: Charles Thursday, 5 August 2010 11:42 AM[UAE]

My understanding over the years is that RIM do not have any encryption key to give the UAE authorities. The difference between countries like US, UK and the UAE, is that law enforcement in the US and UK often use blackberry themselves and therefore also enjoy the string encryption. Therefore it seems to me that the UAE authorities and other local / regional authorities are not only misunderstanding the issues but feel more vunerable as they do not enjoy the advantages but simply are angered at the disadvantages of not being able to intercept messages from their guests, visitors, expatriates, civilians and local citizens.

Reply to this comment.

Posted by: Telco guy Thursday, 5 August 2010 9:44 AM[UAE] - UAE

@Kazim, interception is usually done on a case by case basis, with a court order. That is different from being given blanket coverage About using messenger, companies ban the use of messenger applications using publice servers with no encryption BBM was obviously a secure messaging application. Big difference. You may want to consider things from the users perspective, if you are a services firm doing work for a competitor of a Dubai-based (and Dubai-governmetn owned!) company, you may not feel very confident exchanging emails about a bid over a channel that has been compromised by the main shareholder of the competitor of one of your clients. I have to hear yet about the reaction from the professional community, timing has been weird with people on holidays and Ramadan coming so any reaction may take some time but seriously this was not a smart move and will do little to increase security as there are other (less convenient) means to ensure privacy in electronics communication.

Reply to this comment.

Posted by: Kazim Kirmani Wednesday, 4 August 2010 8:21 PM[UAE] - United Arab Emirates

Security services agencies in USA 'reportedly' have access to data transmitted over BB services. While I can understand and appreciate the need to secure all data from public viewing; giving access to law enforcement agencies should be excluded from such an arrangement. Also, if you note; the whole statement talks about Enterprises holding the encryption keys to their respective companies data (which I'm assuming refers to corporate email). What about BB Messenger and web browsing on BB devices? No company I know of allows the exchange of confidential matters over these 2 applications, so why is RIM so fussed about giving access to law enforcement agencies on these 2 applications? And what about BB devices issued to individual customers? Which 'enterprise' client are they linked to and who holds their encryption keys?? UAE has every right to take decisions of national interest, and I believe we need to respect its sovereign right to refuse to entertain BB services in its territory if RIM does not comply with its security requirements.o

Reply to this comment.