Research In Motion says its customer information is secure despite reports that the company may make some concessions to the United Arab Emirates to loosen up the data security on its BlackBerry networks.
On Sunday, the UAE said it would block e-mail, instant messaging, and Web browsing on BlackBerry devices starting October 11 if it fails to reach an agreement with RIM to bring BlackBerry services in the region in line with UAE telecommunications regulations. Reports also say the Kuwaiti government has asked RIM to cut off access to porn sites, and Saudi Arabia wants RIM's Messenger app shut off.
Facing a ban of key services, RIM is reportedly considering some concessions to address the UAE's concerns over the tight security of the BlackBerry network, according to Reuters, citing reports from several newspapers. The UAE has complained that the strong security used to encrypt the data of BlackBerry customers violates its own regulations and prevents it from monitoring such data in the name of national security.
But on Tuesday, RIM issued a statement to its customers, telling them that their data is secure.
In its statement, the company explained that data on its BlackBerry Enterprise Server network is encrypted so that no one, not even RIM, can access it. RIM added that it would be unable to "accommodate any request for a copy of a customer's encryption key since at no time does RIM, or any wireless network operator, ever possess a copy of the key." The company explained that it doesn't possess a "master key" nor does any "back door" exist that would allow RIM or a third party to gain access to the key or the data.
One concern in the UAE is that the data is processed and stored in servers in RIM's home base of Canada as well as in the U.S., where the UAE has no authority over them. But according to RIM, the location of the data is a moot point since the information can't be accessed without the right encryption key.
"The BlackBerry security architecture was also purposefully designed to perform as a global system independent of geography," said RIM in its customer statement. "The location of data centers and the customer's choice of wireless network are irrelevant factors from a security perspective since end-to-end encryption is utilized and transmissions are no more decipherable or less secure based on the selection of a wireless network or the location of a data center."
Though RIM hasn't detailed the extent of its conversations with the UAE, the company did issue the following statement:
"RIM respects both the regulatory requirements of government and the security and privacy needs of corporations and consumers. RIM does not disclose confidential regulatory discussions that take place with any government, however, RIM assures its customers that it is committed to continue delivering highly secure and innovative products that satisfy the needs of both customers and governments."
The UAE's announcement that it would block key BlackBerry services prompted the U.S. State Department to express disappointment, saying that it establishes a dangerous precedent. In response, the UAE ambassador to the United States, Yousef Al Otaiba, called the State Department's comments "disappointing" and said that they "contradict the U.S. government's own approach to telecommunications regulation."
The ambassador said that the UAE is asking for similar regulatory compliance that RIM grants the U.S. and other governments.
"Importantly, the UAE requires the same compliance as the U.S. for the very same reasons: to protect national security and to assist in law enforcement," he said. "It is regrettable that after several years of discussions, BlackBerry is still not compliant with UAE regulatory requirements even as it complies with similar policies in other countries."
The UAE has said that the upcoming ban on BlackBerry services would remain in effect until RIM becomes fully compliant with UAE regulatory requirements.
RIM has faced a similar tightrope in India where that government has been threatening to block BlackBerry services unless the company turned over access to its encrypted e-mails and other content. But in an attempt to avoid a total ban, RIM has reportedly agreed to let India's security agencies monitor its corporate e-mail, according to an article in the Economic Times.