India's BlackBerry Compromise Won't Solve Underlying Security Problem

By Wayne Rash  |  Posted 2010-08-30

India's BlackBerry Compromise Won't Solve Underlying Security Problem

India and Research In Motion, maker of the BlackBerry smartphone, have reached a compromise in the demands by that government to have unencumbered access to the messages sent by users.  

RIM, meanwhile, is trying to find ways to ensure that its business customers have the level of confidentiality required by today's connected businesses. The two sides have reportedly reached a compromise, although the details of the agreement are not clear. 

Smartphone users in India make up a smaller proportion of the population than they do in the United States and Western Europe, which may explain why the government is getting away with its plan to force disclosure of BlackBerry message content.  

But still, there are a million BlackBerry users in the country, and those are a million people with money and influence, and the ability to speak louder than their comparative minority may suggest in a nation of 1.1 billion people. Perhaps this explains why the Indian government was willing to reach an agreement that won't shut off RIM's devices, at least for another two months. 

Unfortunately, the Indian government and the BlackBerry universe either are ignoring or are unaware of the fact that BlackBerry communications aren't necessarily all that secure. Cutting off the service will be expensive for the users who will need to go out and buy new smartphones, it will hurt commerce from outside India when users from the United States and Europe realize they can't communicate securely, and it makes the Indian government look like it's grasping at straws in its efforts to keep a lid on its population. 

Yes, it's true that India has had some tragic experiences with terrorism, and it's also true that terrorists need secure communications to hide from police and the intelligence services. But anyone who thinks they can evade the reaches of electronic intelligence by using a BlackBerry is in dreamland. All that banning the BlackBerry will accomplish is to force the use of secure communications using some other device. 

When you think about it, there's nothing to keep Indian users of some smartphones at least from encrypting their e-mail whether the government likes it or not. PGP is already available for Android devices and for the BlackBerry. 

RIM Wont Disclose Terms of Deal with India


So even if the Indian government gains access to those users' e-mail messages, it won't be able to read the messages. And while PGP isn't yet available for the iPhone, it's a pretty sure bet that if the demand surfaces, it will appear soon enough. 

Of course, the Indian government may also decide to ban PGP and other encryption algorithms. But will that really work? Just think of all of those programmers in India already doing work for U.S. firms. I don't think that, given the talent pool, somebody somewhere won't think of a way to secure their messages. What's more important is that the Indian government won't be able to do anything about it. 

In fact, a heavy hand on the part of the government, coupled with a deep pool of good programmers, only ensures one outcome-a means of using secure messaging will emerge that the Indian government can't detect and can't crack. If India is really worried about security, there are better ways to go about it. 

But, meanwhile, there's another question. What, exactly, did RIM agree to? Obviously the company isn't saying, and it's equally obvious that the government isn't either. One of the secrets to signals monitoring is to make sure that the person or thing being monitored doesn't know for sure whether you're doing it, and if you are, how you're going about it. 

Perhaps this is the real success in India's misguided effort to monitor its citizens' communications at will. Not that they can actually monitor anything, but they can induce people to believe they are being monitored, and in the process not use their devices for communications that they care about being monitored. Sounds convoluted, I know, but this is how governments sometimes think. Just as is the case here in Washington, it's not the reality that matters so much as the perception of reality. 

But if India really intends to hang its security on banning BlackBerrys, then it's an effort doomed to failure. Even if all BlackBerry devices were to disappear tomorrow, the means of secure communications exist on every other smartphone, every Web page and every phone call. There's nothing India can do to prevent it, and by forcing the issue, there's every reason to believe that the government will simply force those who actually do want to keep secrets from the government into new, more creative and harder to detect ways of doing so. 

Rocket Fuel