Research In Motion, the maker of BlackBerry, is becoming a victim of its own success. In a string of countries in Asia and the Middle East, the company’s flagship smartphone faces crippling security regulations, as India, the United Arab Emirates, and others are demanding access to users’ encrypted corporate e-mails and instant messages.
The stated concern of the countries is that terrorist and militant groups could use BlackBerry’s security features to communicate discreetly.
India is delaying the ban on BlackBerry’s corporate message service for 60 days to review a recent proposal from Research In Motion (RIM); the United Arab Emirates (UAE) plans to ban BlackBerry services starting Oct. 11; and Saudi Arabia is delaying its BlackBerry ban until it completes a review of a recent agreement with RIM.
The BlackBerry is popular among business users for its powerful e-mail encryption, which keeps business secrets under wraps. RIM has been wary of agreeing to demands to open the information to government eyes—although the company has already folded to Russia and China.
In November 2007, RIM provided its encryption keys to Russia’s Mobile TeleSystems, which allowed access to the Federal Security Service (FSB), the KGB’s less fearful epigone. In January 2008, RIM China announced that sales were going through, after a delay while making sure the phones were no threat to China’s communications networks, according to Forbes.
Forbes added, “There’s only one way to satisfy the Chinese government regarding ‘security threats’ and that’s to comply with Chinese law regarding supervision and monitoring.”
Similar security issues began emerging last year. In October 2009, news hit that BlackBerrys were susceptible to eavesdropping through an application called PhoneSnoop. The Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT) warned that the software “allows an attacker to call a user's BlackBerry and listen to personal conversations.”
The technology behind PhoneSnoop was believed to originate from a software download targeting users on the UAE-based Etisalat network for months prior, according to U.K. information security publication Info Security.
Etisalat sent text messages to users saying the download was a required service upgrade. Unsure of what was behind the software download, BlackBerry users on the Etisalat network were reporting that the downloads were making their phone batteries drain faster—a product of the eavesdropping.
On July 17, 2009, RIM released a customer update on the spy software, denying any involvement, “Etisalat appears to have distributed a telecommunications surveillance application that was designed and developed by SS8,” it told users.
It gave customers instructions on how to remove the software, and debunked Etisalat’s claims that the spy software was a service update, saying “RIM further confirms, in general terms, that a third party patch cannot provide any enhancements to network services.”
Near the height of its security venture, in February, BlackBerry senior government account manager Daniel Morrison-Gardiner spoke at a conference about the realities of effective mobile security.
In July, RIM announced the beta version of a new security app called “BlackBerry Protect.” The app would allow users to locate, wipe, and lock their stolen BlackBerrys.
Not long after, on July 27 the UAE Telecommunications Regulatory Authority (TRA) said, “The introduction of Blackberry in the UAE in 2006 predates the 2007 introduction of the UAE's Safety, Emergency and National Security legislation, which regulates Blackberry applications in the UAE,” according to WAM Emirates News Agency.
“Blackberry operates beyond the jurisdiction of national legislation, since it is the only device operating in the UAE that immediately exports its data offshore and is managed by a foreign, commercial organization,” the report said.
It adds, “Like many other countries, we have been working for a long time to resolve these critical issues, with the objective of finding a solution that safeguards our consumers and operates within the boundaries of UAE law.”
Two days later, the Indian government told RIM that BlackBerry services would be banned unless their security concerns were met, according to Computer Weekly.
The UAE then announced its official BlackBerry ban. On Aug. 1. The UAE Telecommunications Regulatory Authority (TRA) said that it would suspend BlackBerry Messenger, e-mail, and web-browsing services starting Oct. 11.
According to a statement from TRA Director General Mohamed Al Ghanim, the ban would be in place “until an acceptable solution can be developed and applied.”
Days later, Saudi Arabia followed by ordering the suspension of BlackBerry services, claiming they did not meet the country’s security regulations, yet did not give details, according to Info Security.
Lebanon was next to join the fray, announcing it would look into BlackBerry security concerns.
Amidst the growing number of countries potentially banning BlackBerry services, RIM co-CEO Michael Lazaridis told the Wall Street Journal, “This is about the Internet. Everything on the Internet is encrypted. This is not a BlackBerry-only issue. If they can't deal with the Internet, they should shut it off."
The situation changed slightly, however, on Aug. 5 when Secretary of State Hillary Clinton commented on the issue during a press conference.
November, 2007, RIM provides its encryption keys to Russia’s Mobile TeleSystems
January, 2008, RIM China announces sales go through after making sure phones were no threat to China’s communications networks
Oct. 27, 2009, Blackberry users warned by US-CERT of eavesdropping PhoneSnoop application
July 17, 2009, RIM releases 8-page report on removing UAE BlackBerry monitoring software
April 8, 2010, Bahrain bans BlackBerry news sharing
July, 2010, RIM announces beta app for BlackBerry security, “BlackBerry Protect”
July 27, 2010, UAE Telecommunications Regulatory Authority says BlackBerry “operates beyond the jurisdiction of national legislation”
July 29, 2010, India threatens to ban BlackBerry services
Aug. 1, 2010, UAE announces ban of BlackBerry services starting October 11, 2010
Aug. 6, 2010, Secretary of State Hillary Clinton says BlackBerry ban violates “right of free use”
Aug. 9, 2010, Saudi Arabia postpones their BlackBerry ban
Aug. 12, 2010, RIM releases statement reassuring BlackBerry users of security
Aug. 30, 2010, Blackberry gives in to Indian government and ban is postponed 60 days
Clinton acknowledged that the United States was working with the UAE and other countries regarding the issue. “We are taking time to consult and analyze the full range of interests and issues at stake because we know that there is a legitimate security concern, but there’s also a legitimate right of free use and access,” Clinton said.
Just four days later, Saudi Arabia delayed its plans to ban BlackBerry services. Following talks between, RIM and Saudi telecom authorities, servers were being tested in Saudi Arabia.
Under the tests, data from Saudi BlackBerry users would be channeled through the Saudi servers before being transmitted to RIM’s servers in Canada, according to Computer Weekly.
RIM also began similar talks with India and Kuwait. The company issued a statement on Aug. 12 telling users that, “Although RIM cannot disclose confidential regulatory discussions that take place with any government,” the company tries to be “as cooperative as possible with governments” requirements, while trying to preserve “the lawful needs of citizens and corporations.”
The latest update came on Aug. 30, when the Indian government announced a 60-day delay on its ban. The announcement came after talks with RIM, where the company agreed to allow the Indian security agencies to monitor BlackBerry services and when necessary, according to Mobile Crunch, to tap into users’ e-mails.