RIM has steadily been calming down the governments of the world about lawful interception over the last couple of weeks, but they’ve been tight-lipped about the specific solutions they have been implementing to meet security demands. There was some talk about setting up local servers, or forwarding decrypted e-mails from corporate mail servers to ISPs, but neither was confirmed.What has most people (and especially companies) concerned is that RIM is providing security agencies direct access to sensitive data, even though RIM has said that they can’t do that for corporate e-mail.
Some curious security specialists at the University of Toronto’s Citizen Lab and The SecDev Group here in Ottawa have launched a research program called RIM Check to see what exactly is happening to BlackBerry data on the way out from RIM’s servers, since RIM isn’t interested in making that information public. SecDev says:
“Decisions taken by private sector actors, often at the behest of governments seeking access to their data or assistance blocking Web sites, can have major consequences for human rights. These decisions can lack transparency and public accountability. This project is meant to address that lack of transparency.”
Right on. They also say that the RIM Check program will be checking if content is being filtered in any way, which may be of concern if you’re anywhere in Indonesia.
Just to back things up a little bit, Saudi Arabia, the United Arab Emirates, India, and other world governments weren’t happy that they couldn’t tap into communications sent via BlackBerry since they were encrypted in a particular way. As a result, they threatened to block BlackBerry service unless they could intercept that data in plain text according to local law. RIM negotiated, and even managed to provide partial access to BBM, but due to unique encryption keys used by BlackBerry Enterprise Servers, it was beyond even their own ability to read a company’s e-mails.
For now, RIM Check is only gathering information through a site visited via BlackBerry, rimcheck.org, but they’re looking for new venues. Maybe a lightweight app that runs in the background? We’ll keep you posted.
[via InfoWar Monitor]