Just as we were wrapping up for the weekend, Saudi Arabia still had BlackBerry service, despite an impending ban. RIM made a lot of talk about not doing any particular governments any favours, but word from Saudi Arabia’s Communications and Information Technology Commission suggests that three servers (one for each carrier) are being put in place that would satisfy regulatory requirements. Presumably, this means that it is now within the government’s power to obtain content from BlackBerry communications if they needed to, but if negotiations are going like anything with India, it may just provide access to message metadata. The United Arab Emirates, Kuwait, Lebanon, India, Indonesia, and recently Tunisia and Algeria have all voiced similar concerns about their inability to listen in on BlackBerry messages through e-mail, browser, and BBM, posing a potential security risk.
It needs to be said again that BlackBerry encryption isn’t quite as impenetrable as RIM has made it out to be. The main difference is between those using an BlackBerry Enterprise Server, and those subscribed to carrier-issued BlackBerry Internet Service. Messages from BIS subscribers are scrambled (not encrypted) using a global key that RIM could, in theory, hand over to the government. BES customers get to generate their own keys, which makes them a much harder nut to crack, and there are also ways to manually encrypt messages, but that takes a bit more time. All of that being said, it makes sense that RIM doesn’t want to hand over any global cryptographic keys, but rather have local servers tailored to Saudi Arabia’s particular regulations to still maintain some control.
I’ve shot RIM a note to see if they can confirm or deny the existence of these servers. They’re still in testing, but it’s looking like this may be the permanent solution. As much as RIM loves security, they love having customers more, and I think out of commercial necessity they may very well have to make some sacrifices to play nice in Saudi Arabia and other concerned countries. Would you be comfortable knowing outside parties (namely your own government) could snoop through your BlackBerry messages? Personally, I’ve got nothing to hide, and the Patriot Act probably has everyone in the U.S. used to the idea already.
