/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow Us
New Update
http-equiv="content-type">
As the extended deadline of October 31 approaches for the Canadian
smartphone maker Research in Motion (RIM), the makers of the popular
Blackberry smartphones and services for handing over the encryption
keys and codes of its corporate mail and messaging services to the
Indian government, new developments in the US have sort of vindicated
the hard stance taken by the Asian governments.
The
New York Times reports that
in the US, a bill, “which the Obama administration plans to
submit to lawmakers next year” would help the security
agencies to intercept and unscramble encrypted messages.
“Officials want Congress to require all services that enable
communications — including encrypted e-mail transmitters like
BlackBerry, social networking Web sites like Facebook and software that
allows direct “peer to peer” messaging like Skype
— to be technically capable of complying if served with a
wiretap order. The mandate would include being able to intercept and
unscramble encrypted messages,” wrote the newspaper in a
report titled,
Tries to Make It Easier to Wiretap the Internet.
This is exactly what India and a few other countries such as United
Arab Emirates and Saudi Arabia also wanted to do.
Interestingly, except for a few bloggers, the government move has not
drawn much media attention, partially because it has still not been
publicly articulated.
When UAE asked Blackberry to comply with their needs, the United States
was one of the few nations whose governments took a public stand on the
issue—decrying it unequivocally.
"We think it sets a dangerous precedent," Reuters reported State
Department spokesman P.J. Crowley as saying, after the UAE threatened a
ban on the service unless the smartphone maker complied with its need.
"You should be opening up societies to these new technologies that have
the opportunity to empower people rather than looking to see how you
can restrict certain technologies."
However, when India joined the chorus, the US government distanced
itself from the debate saying that the matter had to be worked out
between the company and Indian regulators. “While we have
been in touch with our foreign partners, this is a matter for Research
in Motion to work out directly with Indian officials,” the
State Department had said.
Within India, it had drawn some criticism from the advocates of
privacy.
Just
Concerns?
In the US, telcos and broadband service providers are required to have
interception capabilities, under a 1994 law called the Communications
Assistance to Law Enforcement Act. This was aimed at ensuring that the
government surveillance abilities would remain intact even as
communications services moved from the older technologies to newer
digital technologies and wireless.
Typically, it is at the carriers' end that investigators intercept
messages when required. But some services like Blackberry where a
user's message is encrypted between his computer and the Blackberry
servers, the
Often, investigators can intercept communications at a switch operated
by the network company. But sometimes — like when the target
uses a service that encrypts messages between his computer and its
servers — the government agencies must go to the
messaging service providers to unscramble the message.
“Like phone companies, communication service providers are
subject to wiretap orders. But the 1994 law does not apply to them.
While some maintain interception capacities, others wait until they are
served with orders to try to develop them,” says
report.
That means the present day arrangement with providers like Blackberry
is case to case. And some security analysts say that the smartphone
maker does comply with the requirement when the US agencies ask for it.
This could not be verified, though.
The
New York Times report says,
quoting an official that “an investigation into a drug cartel
earlier this year was stymied because smugglers used peer-to-peer
software, which is difficult to intercept because it is not routed
through a central hub. Agents eventually installed surveillance
equipment in a suspect’s office, but that tactic was
risky.”
What the officials want (and the Bill may require) are the following,
according to the report are
Communications services that encrypt messages must have a way to
unscramble them.
Foreign-based providers that do business inside the United States must
install a domestic office capable of performing intercepts. Developers
of software that enables peer-to-peer communication must redesign their
service to allow interception.
In an op-ed in
Times in August, immediately
after the news of UAE's threat came, a former counter-terrorism
official in the Bush government, Richard A. Falkenrath, supported the
Arab government's stance. “just as professionals depend on
mobile devices to do their jobs, law enforcement and intelligence
officers depend on electronic surveillance to do theirs,” he
said. A few Republican senators have also supported the stance of
security agencies.
While sections of the media have reported that India's strict posture
on security in telecom equipment purchase may well find its way to the
agenda of President Obama when he visits India later this year, the
Indian officials maintain that it is unlikely as the concerns are
similar in both the countries.
There were reports in July that RIM had agreed to a requirement from
the Chinese government to have a local server that was aimed at
addressing the security concerns of the Chinese officials.
Meanwhile, The
Economic Times has reported
that the DoT has rejected the interception solution offered by RIM,
including the technical solution for decoding all chat communication on
the popular BlackBerry Messenger. The home ministry had earlier said
that it was satisfied with the solution RIM offered for the Messenger
services.
While the Indian government has taken a public stance on the
subject—right or wrong—what adds to the smartphone
makers' woes is that it has not yet publicly said what it does in the
US and China. While the US, thanks to its privacy concerns, does most
of the pressure building directly without making it public, China does
not have any concept of privacy. In India, many officials often take
pride in making the stance public as it shows their
“nationalistic” approach. Being a democratic
country with free speech but one that is not too concerned about
privacy, all such moves result in public debates, with a small but
influential set of privacy advocates taking stances against such moves
while most others buying the argument about national security.
RIM's clarification of what it does in China and the US will help its
case.