BlackBerry security explained

How the BlackBerry system works and why governments consider it a potential threat to security.
BlackBerry security explained
By Reuters
Thu 12 Aug 2010 03:43 PM

Research in Motion is at odds with the governments of India, Saudi Arabia and the UAE over their demands that the company let authorities tap BlackBerry messages delivered using RIM's rock-solid encryption technology.

Here are questions and answers that explain how the BlackBerry system works and why governments consider it to be a potential threat to national security:

Q. How does BlackBerry's legendary security system work?

A. RIM uses powerful codes to scramble, or encrypt, messages as they travel between a BlackBerry server and the BlackBerry device. If a worker loses their BlackBerry, RIM is able to remotely wipe all messages on the device and deactive it.

Q. Is BlackBerry's security unique?

A. Yes. All BlackBerry traffic runs through RIM data centres, which help manage the devices. It also runs through BlackBerry servers, which encrypt and unscramble messages.

Those BlackBerry servers are owned and run by RIM's business and government customers, according to David Goldschlag, chief technology officer of McAfee Mobile, a unit of McAfee Inc.

(RIM handles encryption and decryption for smaller businesses and consumers, according to Goldschlag.)

Rivals, including Apple Inc, Google Inc, Nokia and Microsoft Corp, design their products so they communicate directly with ordinary email servers.

Q. Can RIM unscramble the data?

A. RIM says it cannot unscramble data of its large business and government clients because the servers that handle that task are located on the premises of its customers.

Q. What kind of access does the U.S. government enjoy?

A. U.S. authorities can seek a court order to tap BlackBerry traffic, giving them access to messages sent over the network. Officials with Research in Motion declined to talk about how they provide such access. It is possible that the government provides such requests directly to RIM's customers.

Q. Is RIM refusing to give Saudi Arabia, India and UAE that kind of access?

A. It is unclear. Nobody is talking specifics, with one exception: In the case of Saudi Arabia, the government says it only wants access to RIM's consumer-focused BlackBerry Messenger service. A spokesperson for RIM did not respond to a request for information on how the company secures that particular service.

Q. If the data is encrypted, how is it possible for the government or RIM to even install a wire tap?

A. Bruce Schneier, an expert in encryption who is chief security technology officer for BT, said that it is relatively simple. Authorities need to put an eavesdropping box on the BlackBerry server, whether run by RIM itself or one of its customers, that has the key for descrambling the messages. (Reuters)

For all the latest UAE news from the UAE and Gulf countries, follow us on Twitter and Linkedin, like us on Facebook and subscribe to our YouTube page, which is updated daily.

Subscribe to our Newsletter

Subscribe to Arabian Business' newsletter to receive the latest breaking news and business stories in Dubai,the UAE and the GCC straight to your inbox.