Last we had heard from the government of India regarding lawful interception of BlackBerry data is that they had partial access to BBM data, and RIM had provided an interim solution that bought them another two months as of a few weeks ago. India is now giving RIM until January 31 2011 to test out a final solution that provides security officials with access to plain text e-mail from enterprise servers.
This whole issue of lawful interception started over the summer with the United Arab Emirates and quickly spread to Saudi Arabia and came back to life in India (since they had similar problems with BlackBerry two years earlier). Because of the way that BlackBerry phones encrypt messages as they’re sent to and from devices, local authorities couldn’t tap into the plain text, thus presenting a large, publicly-available security hole. As a result of that gap, governments threatened to shut down BlackBerry data services altogether. Both Saudi Arabia and the U.A.E. found solutions that satisfied local security requirements for lawful interception, and odds are good that RIM is presenting a similar one to India.
RIM can’t just hand over the keys to private enterprise servers’ e-mail (since there aren’t any to speak of), but it’s possible that e-mails may be sent to internet service providers after they hit enterprise mail servers fully decrypted. RIM is being pretty tight-lipped about the specifics, but they have been assuring customers that they’re making no compromises in security and that their data is still safe and private. We’ll check back in with India come the new year to see how this interim solution (whatever it is) pans out.