RIM Makes Nice

In the latest attempt by Research In Motion to juggle the privacy of its customers with the demands of foreign governments, the company offered to lead an industry forum in India to develop recommendations for policies and processes aimed at preventing the misuse of encryption technologies.

The announcement comes after India and other countries threatened to block BlackBerry services, because local officials can't monitor messages, which are encrypted and routed overseas, for illegal activity or abuse.

"Finding the right balance to address both regulatory and commercial needs in this matter is an ongoing process and RIM has assured the government of India of its continued support and respect for India's legal and national security requirements," RIM said in a wordy statement released on Thursday.

The company also attempted to squash a few misconceptions that have circulated on the matter. Here's what they had to say:

Misperception #1 - "RIM has the keys to decode or decrypt the encrypted data that flows through the BlackBerry Enterprise Solution."

In fact, RIM does not possess a "master key", nor does any "back door" exist in the system that would allow RIM or any third party, under any circumstances, to gain access to encrypted corporate information. In order to provide corporate customers with the necessary confidence that the transmission of their valuable and confidential data is completely secure, the BlackBerry security architecture for enterprise customers was purposely designed to exclude the capability for RIM or any third party to read encrypted information. RIM would simply be unable to accommodate any request for a copy of a customer's encryption key since at no time does RIM, ever possess a copy of the key.

Misperception #2 - "Locating BlackBerry infrastructure within India, or within any particular geography, will somehow aid the government's access to encrypted information."

In fact, the BlackBerry Enterprise Server security architecture was also purposefully designed to perform as a global system independent of geography. The location of infrastructure and the customer's choice of wireless network are irrelevant factors from a security perspective where end-to-end encryption is employed. The transmission of encrypted data is no more decipherable or less secure based on the location of RIM's BlackBerry Infrastructure or the customer's selection of a wireless network. All data remains encrypted at all times and through all points of transfer between the customer's BlackBerry Enterprise Server and the customer's device (at no point in the transfer is data decrypted and re-encrypted). Therefore, locating BlackBerry Infrastructure in a particular geography does not in any way aid or offer access to the encrypted information that flows through the BlackBerry Infrastructure.

Misperception #3 - "RIM has offered solutions to certain governments and denied the same to others."

In fact, while RIM does not disclose confidential regulatory discussions that take place with any government, RIM assures both its customers in India and the government of India that RIM maintains a consistent global standard for lawful access requirements that does not include special deals for specific countries.