14 DAY TRIAL // In a public statement issued after negotiations with the Indian government for access to secure BlackBerry communications, RIM stresses that it doesn't treat countries differently; however, Jeffrey Carr, a security expert who specializes in cyber conflicts, disagrees.
As we reported last week, the Indian government has given local telecom operators a deadline of August 31 to find a technical solution, that would give authorities unrestricted access to secure BlackBerry communications.
More recent reports claim that RIM has already reached an agreement with the Indian government, according to which the country's national security agencies will get access to data from the BlackBerry Messenger Service in certain cases, like investigations of terrorist activities.
Another condition was that "No changes to the security architecture for BlackBerry Enterprise Server customers since, contrary to any rumors, the security architecture is the same around the world and RIM truly has no ability to provide its customers’ encryption keys."
It's not yet clear if this will satisfy the needs of the Indian government, because the corporate email service was part of the cited problems.
RIM offered to provide identification information for BES and BlackBerry devices, which would assist authorities in subpoenaing the data, but that would tip off the owners and compromise the investigation.
"RIM maintains a consistent global standard for lawful access requirements that does not include special deals for specific countries," the company stresses.
However, Jeffrey Carr, who is CEO of GreyLogic, a company specializing in the investigation of cyber conflicts by State and non-State actors, as well as the Founder and Principal Investigator of Project Grey Goose and the author of “Inside Cyber Warfare”, doesn't buy that.
In a blog post on the GreyLogic blog, he makes his point right from the title, which states "FSB Receives Decrypted Blackberry Messages From Mobile TeleSystems."
For those unfamiliar with intelligence agencies, the FSB is the Federal Security Service of the Russian Federation, the successor of the KGB.
Mobile TeleSystems (MTS) is the Russian telecommunications operator, through which RIM offers its BlackBerry services in the country.
Carr has a few arguments for his statement. First, an amendment to the Russian State law made in January 2008, requires all licenses and equipment certifications for telecommunication devices designed with encryption capabilities to be obtained from the FSB.
This means that in order to sell an encryption-capable smartphone like the BlackBerry in Russia, RIM requires approval from the national security agency, unlike in other countries.
The second argument is that the current Vice President of Corporate Security at Mobile TeleSystems used to work for the FSB, making it even more unlikely that the BlackBerry operates outside the law in Russia.
"[…] There is little doubt that MTS complies with Russian law which requires that encrypted messages be decoded.
"It also requires remote access from a console installed in FSB headquarters which reports the names of the sender and receiver of the targeted phone call, e-mail, or SMS message, the message itself, and the geo-location of the sender as well as access to the customer database and billing records," Carr notes.
Furthermore, the expert points to a 2006 espionage case in Moscow involving the British MI6 and several Russian assets, who used a disguised BlackBerry for communication, suggesting that the FSB is well aware of the device's capabilities.
"Rather than issuing public statements like this one [the one we mentioned], RIM should simply acknowledge that it is no different from any other telecommunications provider as regards complying with monitoring laws of the countries in which they sell services, and that its corporate customers in those countries do not enjoy secure communications across the board," Carr concludes. [original emphasis]