RIM did state their 4 tenants on customer security and confidentiality but India has not given up. They are still demanding that RIM allow them to snoop in on ALL email communication or face being banned by August 31st. The irony is that RIM is right in this case. Locating a server in India will do nothing in terms of giving them more access to read communications to BES servers. RIM has reiterated that there is no master key they can give Indian officials to make them happy. That is just how the internet works. Governments and companies rely on technologies like BES, VPN, PGP, and S/MIME because there is no master key. If there was it would defeat the whole purpose.
According to CIO’s John Ribeiro:
Research In Motion has offered to lead an industry forum in India focused on supporting the lawful access needs of law enforcement agencies, while preserving the legitimate information security needs of corporations and other organizations in India
So essentially RIM has offered to teach India how the internet works. Even if RIM received a court order to hand over BES communications the best they could do would be handing over encrypted data that would require supercomputers to even attempt to break. RIM is not unique in this since any email that uses S/MIME or PGP or any sort of public key infrastructure. They are designed this way to ensure that there is no master key to open them. Even if terrorists use them there really is nothing that RIM can do while keeping their corporate and government contractors.
I wonder if India will take RIM up on the educational forum. I am curious to see how that one goes! What I find unfair is why they are picking on RIM. What about every ActiveSync corporation that is using SSL encryption for email? Or employees using VPN or IPSec to connect to their work networks?