After having been present in the country for the past four years and garnering as many as 400,000 mostly high-end users, BlackBerry services have now come under the scanner. Citing security concerns, the Department of Telecommunications (DoT) has issued a strong warning to telecom companies like Bharti Airtel, Vodafone Essar, BPL Communications and Reliance Communications, which offer the service, to resolve the issue with the BlackBerry licensor, Research in Motion (RIM). It wants RIM to provide a foolproof security system for the service.
As of now, DoT Secretary Siddhartha Behura is not keen to ban BlackBerry services. "There is no question in banning BlackBerry at this point," he notes. DoT is currently in talks with telecom operators and RIM executives to work out a plausible solution to security-related uncertainties.
The BlackBerry controversy erupted when Tata Teleservices Limited (TTSL) was refused permission by the Ministry of Home Affairs to offer these services on account of security concerns. Since other operators were already offering the service, TTSL felt its rejection was unfair. It took up the matter with the security and intelligence agencies, which, in turn, referred the matter to DoT. While the TTSL application is still awaiting clearance, it has been pointed out that DoT should also verify whether the existing service providers had obtained the government's permission prior to starting BlackBerry services.
Promising a comprehensive investigation into the matter, DoT asked the existing BlackBerry service providers to give the government access to intercept e-mails and data, as these travel through an encrypted security layer on BlackBerry devices and cannot be otherwise monitored.
DoT also indicated that it was not averse to the idea of scrutinising all push-mail services, which would bring 200,000 users under its purview. "Most push-mail services delivered by telecom operators in India are hosted on servers outside the country. The department may want to revisit the norms under which these operators are providing their services," observes a senior DoT official.
However, unlike most push-mail services where the devices work on either Symbian or Microsoft operating systems, the BlackBerry system uses its own patented platform that involves much higher levels of encryption. Short of RIM giving its decryption code to DoT, the security agencies cannot access data on the BlackBerry. Access to the decryption code would, however, mean breaching security clauses of other users worldwide.
To avoid such a situation and discuss other options, telecom operators, RIM officials and security agencies have been meeting since early March. One solution that has been offered by DoT is that RIM should create mirror images of all e-mails and data sent on BlackBerry devices in India, and store the same for at least six months to address the security concerns of the agencies. Another suggestion from DoT is that RIM could transfer all its data traffic originating from Indian mobile networks to servers in India, which C-DOT, the department's technical wing, can access and intercept from BlackBerry devices directly.
Meanwhile, as the logistics are being worked out, telecom operators are confident that the government will not stall the service. As a telecom analyst points out, "If you terminate BlackBerry, you will have to stop many other internet-based services on offer. It could snowball into a much larger issue with consumers bearing the brunt." Here, the indication is towards internet-based voice services such as Skype, MSN and Yahoo! Messenger which are also heavily coded, preventing monitoring by security agencies. However, since DoT has not taken any action against them so far, a selective ban on BlackBerry seems improbable.
The bigger concern, according to analysts, is that giving the government carte blanche to intercept e-mails or data could end up diluting the legal validity of encrypted communication in an age when privacy is of utmost importance to companies as well as to individuals. Operators note that if BlackBerry services are banned, the security agencies could well target various e-commerce applications – especially money transfers – that use encryption. This would make e-commerce virtually impossible. "The argument can logically be extended to all encrypted transactions on wireless devices including banking, e-commerce, e-mail and chat. That would have a significant impact on the privacy concerns of consumers. Therefore, it needs to be thought over before taking a decision," says Alok Shende, practice head, Datamonitor India.
Adds Rajesh Chharia, president, Internet Service Providers Association of India: "If the matter is of national security, the operators would naturally comply as would the internet service providers. However, asking operators to reduce the encryption from 128 bit to 40 bit is ridiculous as such demands put the entire online banking and e-commerce sectors in jeopardy. Even internationally, the 128-bit standard is followed for all online transactions."
In the case of BlackBerry systems, where the 256-bit advanced encryption standard is used, analysts are concerned that DoT could ask this to be reduced to 40-bit encryption that can be intercepted by security agencies. This would bring down the quality of the service considerably. For RIM, a company that operates the BlackBerry service in 130 countries, it would make little sense to compromise its security standards. With state-owned BSNL also gearing up to launch BlackBerry services, operators are hoping the issue is settled amicably, sooner rather than later.