Blackberry blues: why they'll go just away

The college–drop out head of Research in Motion, the Canadian company that created the Blackberry device, has berated governments abroad, for seeking to monitor the traffic of his customers within their borders, when so many of their  own officials don’t have PhDs or computer science degrees. RIM co-CEO Michael Lazaridis told such governments through a Wall St. Journal interview last week : If you can't deal with the Internet in your country, then shut it down. He added: " Everything on the Internet is encrypted. This is not a BlackBerry-only issue We are going to continue to work with them to make sure they understand the reality of the Internet…A lot of these people don't have Ph.Ds, and they don't have a degree in computer science."

A lack of a degree in computers -- or any degree for that matter, except one conferred on him honoris causa , some 20 years later, by the institution from which he dropped , the University of Waterloo – has not constrained Lazaridis from building one of the most iconic brands in mobile communication space. The Blackberry has become a byword for secure email communications on the move and the name is often used for the class of service, much as we talk of fedex-ing a parcel or xerox-ing a document. One reason of course, is that Blackberry has few direct competitors – though all smart phone makers would like to think their devices could do the job just as well for free or almost free.

This iconic status has its down side: Many governments are uneasy with a form of communication which they cannot monitor if they want to -- all in the name of security of course. India has raised with RIM, its issue with not having access to Blackberry traffic originating or terminating in its borders the servers which fuel the more secure enterprise-class services are all Canada. The Middle East nations like UAE, Kuwait and Saudi Arabia had threatened to shut down Blackberry messaging unless they were enabled to monitor the traffic -- but in the latest development, some sort of compromise has been pounded out in Saudi Arabia, with RIM reportedly agreeing to house some of its servers in that country. This is a change from the macho noises RIM has been making. May be  bottom lines speak  loudest in such situations.  

The company has been rather disingenuous in its responses to national demands for snooping rights, pointing at its encryption technology and suggesting as Lazaridis did when talking to the WSJ, that some of the countries where it does business were too ignorant to appreciate the nuances of Internet encryption. This is breathtaking bad manners coming from the head of a global technology company.
We have no idea why the more authoritarian Gulf states want to see what their citizens are emailing to each other via Blackberry. Nor is it our concern. But in India there are serious security concerns; and terrorism is a fact of life that a Canadian, not living in the cross-wires, so to speak, might not be quite able to appreciate. It is entirely another matter that monitoring Blackberry traffic in India seems to many of us, to be a fairly futile exercise, when so many other, easier, means of untraceable communications exist ( see Prasanto Roy’s comment at the end of this item).
But for RIM’s head honcho to suggest that the country’s intent to oversee its customer’s traffic if a need arose, is somehow born out of ignorance or a lack of higher education among concerned officials, displays an arrogance that in a better regulated, more sensitive corporation should have cost Lazaridis his job. Our best course is to ignore the company, its product and its foot-in-mouth-prone head. Our own tech take at IndiaTechOnline, is that Blackberry is a brand whose time has come – and gone. Its USP is challenged by cheaper services. The real challenge to national security lies else where.

Barking up the BlackBerry Tree: Prasanto K. Roy, Chief Editor Dataquest group magazines, writes
You're a Delhi-based wannabe terrorist needing to communicate with your handlers. What do you do?

Invisible-ink notes are passe, as are carrier pigeons. You will, of course, use electronic options.

Like email. Walk into a cyber cafe, log into a Gmail or Yahoo account. Don't use an account in your own name. And don't send email. Simply read instructions left for you in an unsent mail, saved as a draft in your account. And then, to reply, just edit the unsent email, and save it back as a draft. If email isn't travelling, it can't be intercepted.

Or, like SMS. Get a prepaid SIM card with fake ID, use it for a month, then dump it. Or make good old phone calls using the SIM card, and dump it.

There are other options. And they have a common thread: anonymity. You do not use your own identity, and you use a mode that is virtually untraceable.

Which is why a terrorist's choice is not to use a BlackBerry that is linked to his identity. Nor is a post paid BlackBerry connection as disposable as a prepaid SIM card. Sure, you can get post paid mobile connections too on fake IDs, but because there is billing involved, valid addresses are required.

That's not the only reason the terrorist would be wary of using a BlackBerry. First, he's not really sure how secure the mail is, once an agency is onto him. The mail is routed through servers in North America, and the US National Security Agency reportedly has the technology to crack encrypted mail in a few hours—with or without help from RIM.

More worrying for the terrorist, not all of the mail is encrypted. The headers, including the “to” and “from” email addresses, are plain text—else the Internet would not be able to accept the email for delivery.

And finally, the mail doesn't stay encrypted all the way. When it gets delivered to an external email system such as Gmail or corporate mail, it gets decrypted—else the recipient wouldn't be able to read it.

The exception is when you're not using a Gmail or a company mail ID, but are sending pure BlackBerry mail. That's not merely one sent between two RIM devices, but where both From and To are BlackBerry IDs. That's rare, but here's how it works.

Your RIM device would usually be associated with your official address, say But you'd also have a BlackBerry email address, like, which you'd use to originate a BlackBerry-only mail. Even then, RIM would record who the mail was sent by, to, and when.

So there are records with BlackBerry email, and they're like mobile-phone call records (which store who called whom, when, and for how long, for billing). RIM records who sent mail, when, and to whom. The content, however, is strongly encrypted.

But our terrorist isn't using a BlackBerry. He's using Gmail, and he's not even sending the mail: he's just using draft mode to read and reply. So our agencies don't stand a chance of “intercepting” that mail. Even if they're on to him, they don't know what ID he's using. And then they don't have the Gmail login ID. If they get that, then getting Google or Yahoo to give them access will take months, with all the protocol, Interpol, and the which time that account would have been closed, and the deed done.

Which is why India is wasting its time chasing BlackBerry. It should first figure out what to do with the mail systems terrorist do use, with foreign mail servers. Should it demand that all such servers be based in India? Google and Yahoo won't agree. So that would cut us off from the best of Internet mail systems. In fact, why not go further down that path, like China...and cut off the Internet? Route everything through a tightly-controlled gateway and firewall, and ensure that all servers are within China. And jail or shoot all dissidents, for good measure.

There are bigger dangers down the road that Saudi Arabia and India are treading. One, government officials are major users of BlackBerry mail. Do they really want to push RIM into a corner where it starts offering decryption to any government which asks? What then stops it from offering to decrypt Indian emails for China or Pakistan, if enough pressure is brought to bear on it?

To no one's surprise, countries most proficient at cracking down on dissents and censoring local media have been the most active in squeezing RIM. Like China, Saudi Arabia polices the internet, blocking access to sites with political and adult content.

India, unfortunately, seems to be trying to join this not-so-elite club. 

Aug 9 2010