An Innocuous Berry

There have been reports about Blackberry devices sought to being banned in India due to security concerns. The entire rationale for this argument is due to the level of protection being provided by blackberry devices for emails to its users. Security agencies fear, emails which pass over the secure and encrypted blackberry network have a potential for misuse for illegal activities due to this encryption. Going by news reports the e-mails receive a 256 bit level of encryption and are stored on servers in Canada. Hence it is hard for security agencies to, (a) lawfully intercept the data; and (b) decrypt it.

A solution which has recently come from, “Research in Motion” (“RIM”, the makers of Blackberry Devices) entails storing a mirror image of all emails on a server which is hosted in India. RIM will also provide decryption keys to security agencies to access the information on demand, making the 256 bit encryption an ineffectual barrier for public authorities.

However it must be pointed out, that blackberry users in India are post paid subscribers. These subscribers only receive their blackberry devices on physical verification of there billing address and identities. Hence providing encryption codes may be going a little overboard.

Why not create a key escrow account as a balance between security concerns and privacy interests. The information (the decryption keys) under the key escrow account being divulged only in the event of a court order requiring it. To my mind this is one of the most practical solutions which may exist with regard to the problem which has arisen in the last few weeks.

  • Arul

    WHY WOULD ANYONE TRUST THE GOVT. WITH KEYS OF THE THEIR ENCRYPTION ? DO YOU REALLY THINK NON-LEGITIMATE USERS ARE GOING TO USE BALCKBERRYS? There are so many programs out there which can easily enncrypt emails with 1MB keys (making them IMPOSSIBLE to decrypt )!!!

    REMEMBER, the point of encryption is to make sure NOBODY except the recipient reads your messages.

  • Firstly please stop writing in capitals, you can make your point politely as well. I agree with you as to the overreaching principle of encryption, however I believe that there exist real concerns for devising procedures in state/community interest. An escrow account with a trusted third party makes a lot of sense, especially when there are legal pre-requisites to obtaining the key.

    As to the second leg of your concern, I agree that non-legitimate users will use better and more complex ways of encrypting their communications. However, such use should not stop us from putting into place a limitation on commercially available devices. The whole point of law enforcement is not to prevent commissions of crimes by making it tougher for a criminal.