There has been quite a ruckus lately as RIM has been buffeted by governments in the Middle East and India to get access to encrypted BlackBerry communication. These governments claim they need access for security reasons but that makes little sense since BlackBerry encryption is based on standards already used around the internet like VPN, SSL, and IPSEC.
The BoyGenius got word that RIM held a conference call this morning inviting top business customers and government officials to “provide an update on media reports discussing RIM and governments who wish to monitor Blackberry services or have special access to our services.”
They also pointed out a link to a Official Customer Statement from RIM on security that I find kind of interesting. It seems like RIM has a backbone and is going to stand its ground to only assist governments based on 4 principles outlined below in the statement:
In response to the statement published today by the Government of India, and further to RIM’s Customer Update dated August 2, RIM wishes to provide this additional information to its customers. Although RIM cannot disclose confidential regulatory discussions that take place with any government, RIM assures its customers that it genuinely tries to be as cooperative as possible with governments in the spirit of supporting legal and national security requirements, while also preserving the lawful needs of citizens and corporations. RIM has drawn a firm line by insisting that any capabilities it provides to carriers for “lawful” access purposes be limited by four main principles:
1. The carriers’ capabilities be limited to the strict context of lawful access and national security requirements as governed by the country’s judicial oversight and rules of law.
2. The carriers’ capabilities must be technology and vendor neutral, allowing no greater access to BlackBerry consumer services than the carriers and regulators already impose on RIM’s competitors and other similar communications technology companies.
3. No changes to the security architecture for BlackBerry Enterprise Server customers since, contrary to any rumors, the security architecture is the same around the world and RIM truly has no ability to provide its customers’ encryption keys. Also driving RIM’s position is the fact that strong encryption is a fundamental commercial requirement for any country to attract and maintain international business anyway and similarly strong encryption is currently used pervasively in traditional VPNs on both wired and wireless networks in order to protect corporate and government communications.
4. RIM maintains a consistent global standard for lawful access requirements that does not include special deals for specific countries.
What do you think of RIM’s stance?