For E-Data, Tug Grows Over Privacy vs. Security
The threat by the United Arab Emirates to shut down mobile services on BlackBerrys like e-mail and text messaging underscores a growing tension between communications companies and governments over how to balance privacy with national security.
BlackBerry Ban Extends to Visitors (August 3, 2010)
While communications companies want to be able to ensure that their customers’ messages are shielded from prying eyes, governments increasingly insist on gaining access to electronic messages to track down criminals or uncover terrorist plots.
On Monday, Research In Motion, or R.I.M., the Canadian company that makes the BlackBerry line of smartphones, sought to reassure its customers that its services remained secure a day after the U.A.E. said it would ban many BlackBerry services because of national security concerns.
Internet security experts say the demands by the United Arab Emirates for certain access to communications flowing across the BlackBerry network echo requests of other governments around the world. Many countries have laws and regulations requiring telecommunications providers to grant government agencies access to their systems for court-sanctioned intercepts.
The demands also come as other governments, including India, Saudi Arabia, Kuwait and Bahrain, are reportedly considering new requirements on services like BlackBerry to ensure they can monitor electronic messages.
“These requirements for access to communications exist on a significant scale worldwide,” said Anthony M. Rutkowski, chief executive of Netmagic Associates, a consulting company specializing in technical and regulatory issues related to online security.
At the same time, electronic communications providers are increasingly offering security measures like encryption. For instance, after a cyberattack that originated in China and that targeted Google’s servers and Gmail, the company began encrypting by default all e-mail messages while in transit.
As a growing volume of communications content is encrypted, governments are demanding other information like whom customers communicate with and when, said Mr. Rutkowski. Such information can be useful to help gather intelligence.
Security experts say that BlackBerry’s service, which uses its own network to transmit e-mail and instant messages, may make access to such data more difficult, especially for countries in which the company has no servers controlling that network. The experts also say that is why Research In Motion has had frequent confrontations with governments. Other services, like Skype, have also raised concerns in some countries.
Research In Motion issued a statement on Monday that did not directly address the company’s conflict with the United Arab Emirates or its relationship with other countries, citing the “confidential nature” of its discussions with certain governments. The company said it balanced competing demands. “R.I.M. respects both the regulatory requirements of government and the security and privacy needs of corporations and consumers,” the company said in statement. In an open letter to customers, Research In Motion, which operates in more than 175 countries, also said that its security system was designed to ensure that no one, not even the company, could gain unauthorized access to customers’ data.
Security experts said that it was not clear what kind of access requirements the United Arab Emirates had requested from Research In Motion and whether those requirements were more onerous than those mandated by other governments.
“There is a lot going on that we are not seeing,” said Bruce Schneier, chief security technology officer for BT, the giant telecommunications provider based in Britain. “We don’t know what R.I.M. does for other countries.”
Experts also say that the United Arab Emirates, a major business center in the Middle East, may be focusing on BlackBerry’s service, rather than Gmail or other encrypted services, because it is being offered by local telecommunications carriers and has grown increasingly popular there.
The BlackBerry service is a frequent target because of “its convenience, its widespread use and the fact that it runs on its own network,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center, a privacy advocacy group based in Washington. “The United Arab Emirates is not in much of a position to tell Google not to encrypt e-mail.”
Many analysts agreed that the Emirati government appeared more interested in getting some concessions from Research In Motion than in actually shutting off access to BlackBerry data services. The government said the telephone service would not be affected.
“Saying that the restrictions will not kick in until October is a form of saber-rattling,” said Jonathan Zittrain, a professor at the Harvard Law School and co-founder of the Berkman Center for Internet and Society. “The government is saying that as a way to get negotiations going with R.I.M., not to ease the pain of executives who fear they may have their service cut off.”
Still, some businesspeople in Dubai seemed to be digesting the news, and waiting to see whether an agreement could be worked out between R.I.M. and the Emirati government before the October deadline. “People are taking a wait-and-see attitude,” said Blair Look, the managing director of asset management at al Mal Capital in Dubai.
NY Times