The Fraud Blog with Tracy Kitten

What Should BlackBerry Do?

What Should BlackBerry Do?

In India, it's about the government's right to access encrypted corporate correspondence sent and received via the BlackBerry Enterprise Server. In Saudi Arabia and the United Arab Emirates, it's about access to encrypted instant messages sent over BlackBerry Messenger.

At the core of the recent BlackBerry/Research In Motion debate is a fear of the U.S. government. Quite simply, countries in Asia and parts of the Middle East are concerned about not having access to communications that take place within their borders.

Thus, threats from governments in India, Saudi Arabia and the UAE to drop future support for some network services on RIM devices is stirring up all kinds of ethical questions about privacy and security.

I tapped a couple industry analysts about the debate, curious to learn how crippling a lack of support for RIM in those parts of the world could be for U.S. corporations. I also wanted some perspective on the larger privacy and security concerns at play: How much communications transparency should consumers and corporations be expected to make available to governments?

On one hand, the issue seems simple, says Wes Wilhelm, a senior analyst at Aite Group LLC who covers fraud management, payments and retail banking technology and operations. Wilhelm says companies must abide by the laws that govern the lands in which they operate. "BlackBerry is not going to make a decision to go out of business over this," he says. "They will figure out a way."

But glance across to the other side of the issue, and you quickly see that defining the right thing becomes a little murky.

A few fundamentals cannot be ignored, says Martha Bennett, practice leader at Ovum, where she leads global financial services and retail technology coverage. "Frankly, there is as much politics as there is technology in this story," Bennett says. "This is about ability to intercept information."

RIM has repeatedly supported its security methods, adding that it cannot provide any entity with encryption keys because even RIM does not have access to that information.

True. That lack of access to encrypted data has been a selling point for BlackBerry. RIM's uniquely secure model for business, via BlackBerry Enterprise Server, has earned BlackBerry the trust of corporate America. RIM offers corporate customers a level of e-mail security that they don't have in other Internet environments.

But the reality is, despite all of that encryption and built-in security, no correspondence is ever truly out of a government's reach -- regardless of where it takes place in the world. In the United States -- and most western nations for that matter -- freedom of speech and the right to privacy are highly valued. But if the Secret Service demanded access to e-mail exchanges in the name of national security, Internet service providers would have to provide that correspondence. Arguably, every country has laws and exceptions in place that oblige ISPs to release e-mail traffic when the umbrella of suspected terrorism is opened.

As Bennett rightly points out: "The desire of governments to monitor citizens' and businesses' e-mails is nothing new. Every government has legitimate security concerns."

But part of the problem here is that the countries demanding access to RIM encryption keys have not historically shared the U.S.'s views on freedom of speech and privacy. "These countries don't have the best reputation," Bennett says.

The other part of the problem is globalization. Businesses that cross international borders are increasingly faced with challenges related to differing international security compliance mandates, laws and the ability to prosecute and fight crime when it crosses countries.

I understand BlackBerry is treading in some unfamiliar waters on this one. But one legitimate criticism I've heard raised against BlackBerry is its lack of consistency. How was BlackBerry able to resolve a similar issue over data access when it entered Russia in the late 1990s? Why is the discussion with India so much more heated? Perhaps there is more here than meets the eye.

The simple solution, Bennett and Wilhelm agree, would be for BlackBerry to place a transmissions server in India. Perhaps that's how the company was able to deploy services in Russia.

The debate also undoubtedly includes an element of misunderstanding on the parts of less-than-tech-savvy politicians, who don't truly get how the Internet and e-mail correspondence work. But it also brings to light a fear that the U.S. has an advantage that RIM is protecting.

As business, finance and even crime continually take on a more international tone, the world's governments and corporations will find themselves repeatedly addressing these same types of questions. A balance will be difficult to find, but it's something we all must work toward. Could an international regulatory body solve part of the problem? Perhaps. Or is the BlackBerry example a poor one? Business opts for business, right? I have no doubt that RIM will come to some agreement with India. How could it not strike a deal with the world's second-largest wireless market? Failing to, as they say, would most definitely be bad business.

Your thoughts on the RIM controversy?



About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.