BlackBerry encryption 'too secure': National security vs. consumer privacy

India's intelligence services cannot intercept BlackBerry encrypted data, citing this as a risk to national security. What's more important: national security, or consumer privacy - and why?
Written by Zack Whittaker, Contributor

Research in Motion, the creator of the widely used enterprise-come-consumer BlackBerry device, has an uncertain position in India.

The Indian government's internal security and intelligence services cannot break the encryption of the device, which makes countering terror threats and national security matters difficult - especially for a region which faces constant threats and attacks from domestic Maoist insurgents and extremist Islamic groups.

Nearly two years ago, around 170 people were killed in the 2008 Mumbai attacks which lasted two days, and was reported primarily by citizens on the ground through citizen journalism; posting updates to Twitter and Facebook through their mobile devices.

Another issue RIM faces is the concern of the United Arab Emirates which claims that BlackBerry phones' data being stored overseas and outside the legal territory of the UAE not only violates their law, but makes it difficult or impossible to ensure national security by intercepting potentially vital terror-combating intelligence.

Update (1st August 2010, 12:55 GMT): The BBC confirmed via the UAE's state media that come October, all half a million BlackBerry users in the region will have some services suspended unless a "solution compatible with local laws is reached", amid national security concerns.

The encryption key developed by BlackBerry's manufacturers was partly designed to ensure secrecy during corporate business deals as so they were not compromised.

Now consumers have jumped on the BlackBerry bandwagon, this poses a wider issue for less-developed or funded intelligence services.

As a criminology student focusing and specialising in areas of terrorism, specifically the use of technology within terror organisations and the use of social media, I can see this in two minds in regards to this:

  1. RIM wants to ensure user privacy, but of course wouldn't want a terror attack to take place at any given place or time.
  2. India also wants to prevent such terror attacks, but it's losing the battle by not being able to read highly encrypted data.

It's a tricky one, I will admit.

India faces a multitude of terror threats, just as many fast-developing economies and countries around the world. The increased use in technology to better communications in order to orchestrate acts of terror are clearly being used as the rest of ordinary society does.

India's intelligence services need to be able to access encrypted data to prevent attacks in a 'constant setting': where attacks are likely and have occurred regularly. The ability for governments to intercept or read data sent to and from their citizens is common place in Western societies.

The NSA for the US and GCHQ for the UK are two common examples of these. But better resources and technologies allow encryption to be broken - regardless of RIM's intervention or preventative measures.

The US and the UK have had very few terrorist attacks since September 11th, as a benchmark, though not proving a connection between intercepted data and preventing attacks, but makes the case more likely.

Text messages are not secure. Phone calls are not secure. Emails sent via Exchange and POP/IMAP are generally not secure, though BlackBerry emails are considered so.

BlackBerry Messenger, however, is secure. It's so secure, that though China has state controlled press and broadcasting media, along with issues of censorship and Internet filtering, even data sent across BlackBerry Messenger cannot be read by the Chinese government. This, of course, makes it highly popular with their booming younger generation of users (so a RIM spokesperson told me).

With consumer privacy being a constant hot topic, especially in the rise of publicly available data and the need to share your own information to gain others - social networking being a prime example, the individual right to privacy of communications takes personal precedence.

So interestingly, it boils down to diplomatic tit-for-tat. I am fully aware that my own government of which I helped in democratically electing monitors my communications in a secure, fair and justified way. Though my government expects a terrorist attack, we haven't had a successful one since the 2007 Glasgow Airport bombing of which no civilians died.

One civilian beat the living crap out of a flaming terrorist though.

But those in an area of uncertainty around terrorism and national security, the need to accept certain 'breaches' in civil liberties are almost necessary to prevent societal damage. Of course, there is a line to be crossed, and only local culture can determine that as so.

I'll bite. I'll ask the million dollar question, and anything goes. What's more important: national security, or consumer privacy - and why?

Editorial standards