BlackBerry CEO suggests route to eavesdropping

From Associated Press:

By ANDREW VANACORE
AP Business Writer

BlackBerry maker Research in Motion Ltd. says it has no way of providing government officials with the text of encrypted corporate e-mails its devices serve up. But if the companies that employ BlackBerry phones want to hand over the encryption keys to their e-mail, it won't object.

In a recent interview, RIM co-CEO Jim Balsillie said he could envision countries that want access to BlackBerry e-mails setting up a kind of national registry where companies doing business within their borders would have to provide government officials with the ability to peek at encrypted messages.

"We would support that if it's applied equitably to everyone," Balsillie said, while warning that governments that use too heavy of a hand on the issue risk scaring away businesses.

The issue comes up as a growing list of countries — including the U.S. — raise concerns that communications technology has outpaced the ability of authorities to eavesdrop.

The controversy drew wide public attention last month when the United Arab Emirates announced plans to block BlackBerry e-mail, messaging and Web browsing services. Saudi Arabia, Lebanon, Indonesia and India are considering or planning similar steps.

In the U.S., the Obama administration plans to propose legislation next year that would require online communications providers to be technically equipped to comply with a wiretap order, according to a report in The New York Times on Monday. Along with BlackBerry service, the new rules would apply to social media sites including Facebook and direct person-to-person services such as Skype, the Times reported.

Balsillie took pains to emphasize that these security concerns extend beyond BlackBerry service. He pointed out that most corporate e-mail is encrypted in a similar way.

Because of how BlackBerry e-mail service is set up, it isn't technically possible for RIM to give government officials access to company e-mail that its users send back and forth. And RIM will not remove the layers of encryption that protect corporate e-mail because its customers put a high value on privacy.

While RIM won't give details of discussions with any particular government, the type of national registry that Balsillie mentioned helps outline one area of potential compromise.

The idea would leave RIM out of the decision-making process when it comes to government surveillance requests. A foreign government would collect the keys that it needs from companies whose employees use company e-mail on their BlackBerrys. It would be up to any individual company whether to hand over those keys.

"They're not ours to give," Balsillie said. "That's a decision for the company that is operating within that jurisdiction."

Balsillie warned, however, that demanding access to encryption keys would be a "blunt instrument" and could spook companies that want tight security around their communications.

"Will companies just leave and say this is not commercial practice that's acceptable?" he said. "Strong encryption for corporate data is the norm in all business."