14 DAY TRIAL // Research In Motion (RIM) is working with Indian telecom providers in an attempt to address the government's national security concerns regarding encrypted BlackBerry communications. The company plans to provide security agencies with the information necessary to locate BlackBerry enterprise servers and devices exchanging encrypted communications.
The Economic Times of India reports that back in July RIM was given a fifteen days deadline by the Indian government to come up with a solution that would allow the country's national security agencies to intercept BlackBerry communications. However, the main problem the Canadian company has with satisfying such requests is that, at least as far BlackBerry enterprise traffic goes, its servers are only used to carry the encrypted data.
The whole BlackBerry communication system has been designed from the start to protect data. The encryption is done between the devices and the BlackBerry Enterprise Servers (BES) operated privately by companies. "No one, including RIM, could access customer data, which is encrypted from the time it leaves the device. Thus RIM would simply be unable to accommodate any request for a key to decrypt the data, since the company doesn't have the key," the BlackBerry manufacturer explained in a recent statement.
However, it seems that RIM is willing to help security agencies locate the enterprise servers involved in an encrypted data exchange that interests them. "After some persuasion, the [RIM] representative agreed that they can provide the Metadata of the message i.e. the IP address of the BES and PIN & IMEI of the BlackBerry mobile. The concerned internet service provider can also tell the location of the services as well. From these information, the security agencies can easily locate the BES and obtain the decrypted message. They also stated that they have a setup to help the security agencies in tracking the messages in which security agencies are interested in," an internal memo leaked from India's Department of Telecommunications reads.
This proposal still has serious limitations, like for example when the BlackBerry server is located in another country. In such a case it would be impossible for authorities to directly subpoena the organization operating it and obtaining access to the unecrypted data would require international cooperation. However, this is already beyond the scope of national security laws.
You can follow the editor on Twitter @lconstantin