The Official Word from RIM About BlackBerry Security and Data Access

Comments

security

Recently, we posted a story with some quotes from RIM stating they weren’t about to acquiesce to demands about security. We were recently sent an official document sent to government and enterprise customers regarding the situation and it has provided much of the commentary you’ve seen in the mainstream media. Click through after the jump to read:

August 2, 2010

Dear Valued BlackBerry Customer:

Due to recent media reports, Research In Motion (RIM) recognizes that some customers are curious about the discussions that occur between RIM and certain governments regarding the use of encryption in BlackBerry products. RIM also understands that the confidential nature of these discussions has consequently given rise to speculation and misinterpretation. RIM respects both the regulatory requirements of government and the security and privacy needs of corporations and consumers. While RIM does not disclose confidential regulatory discussions that take place with any government, RIM assures its customers that it is committed to continue delivering highly secure and innovative products that satisfy the needs of both customers and governments.

Many public facts about the BlackBerry Enterprise Server security architecture have been well established over the years and remain unchanged. A recap of these facts, along with other general industry facts, should help our customers maintain confidence about the security of their information.

• RIM operates in over 175 countries today and provides a security architecture that is widely accepted by security conscious customers and governments around the world.
• Governments have a wide range of resources and methodologies to satisfy national security and law enforcement needs without compromising commercial security requirements.
• The use of strong encryption in wireless technology is not unique to the BlackBerry platform. Strong encryption is a mandatory requirement for all enterprise-class wireless email services.
• The use of strong encryption in information technology is not limited to the wireless industry. Strong encryption is used pervasively on the Internet to protect the confidentiality of personal and corporate information.
• Strong encryption is a fundamental requirement for a wide variety of technology products that enable businesses to operate and compete, both domestically and internationally.
• The BlackBerry security architecture was specifically designed to provide corporate customers with the ability to transmit information wirelessly while also providing them with the necessary confidence that no one, including RIM, could access their data.
• The BlackBerry security architecture for enterprise customers is based on a symmetric key system whereby the customer creates their own key and only the customer ever possesses a copy of their encryption key. RIM does not possess a “master key”, nor does any “back door” exist in the system that would allow RIM or any third party to gain unauthorized access to the key or corporate data.
• The BlackBerry security architecture for enterprise customers is purposefully designed to exclude the capability for RIM or any third party to read encrypted information under any circumstances. RIM would simply be unable to accommodate any request for a copy of a customer’s encryption key since at no time does RIM, or any wireless network operator, ever possess a copy of the key.
• The BlackBerry security architecture was also purposefully designed to perform as a global system independent of geography. The location of data centers and the customer’s choice of wireless network are irrelevant factors from a security perspective since end-to-end encryption is utilized and transmissions are no more decipherable or less secure based on the selection of a wireless network or the location of a data center. All data remains encrypted through all points of transfer between the customer’s BlackBerry Enterprise Server and the customer’s device (at no point in the transfer is data decrypted and re-encrypted).

RIM assures customers that it will not compromise the integrity and security of the BlackBerry Enterprise Solution.

  • http://caspan.com Caspan

    Thank you RIM! This is the way it should always be. Just because technology exists does not mean the government should get to exploit it. I'm glad RIM does what they do with their end to end encryption…. man if someone ever got a hold of some of the pictures I send over BlackBerry Messenger I would have a lot of explaining to do.

  • https://me.yahoo.com/getverticalpv#0846b Jason

    This is the way it should be, but this is for BES customers, what about BIS customers? Also, to those who read this note that customer does not equal end users. For all intensive purposes the customer is your companies IT shop. They can read what is on your BB. The government can supena your information and obtain it. They just can't obtain it from RIM.

    So in other words big brother is watching, he just isn't RIM.

  • http://caspan.com Caspan

    This is a device encryption for RIM services. This means all devices, not just BES or BIS users. When RIM data is sent that requires BIS or BES to be in the middle it is encrypted end to end. If you have a different service on your device like IM+ it is up to that service provider to encrypt your traffic.

  • http://digg.com/users/OmegaWolf Silver Fang

    I really hope RIM sticks to their guns. Any government that wants to have such ready access to the online life of its citizens isn't ready for the 21st century.

  • Mark Vonk

    BIS is a different story. Messages and data packets flowing over the BIS infrastructure is also encrypted, but not end-to-end. Also, RIM could have a copy of your key(s) as they run the infrastructure, but I am not sure if they actually do anything to save/keep those keys.

  • http://seriousmobile.wordpress.com/ Prom1

    Well recent news is the Saudi Arabian government HAS REACHED a deal with RIM placing A server within their country. Not sure how this affects one specific statement above – yet now should ALL BUSINESS, and consumers NOT permit BlackBerry communication with users that have activated or on a BES within that country (or does business)/region?!

    This recent deal may be perceived as a LACK of security and may give business' a lower hand when conducting deals in that region; NOT a smart or safe thing for business to continue operations.

    Correction!: Reuters is reporting Saudi controlled telecoms are testing a fix; partial to server(s) in that region, partial to solution provided by RIM.

  • http://caspan.com Caspan

    I hope RIM tells them to shove it. Its encryption or nothing. I hate the fact that people do this. Unless we can spy on you sorry you can't have technology. What happened to if I have an over the fence conversation with my neighbor it was private. Now if I BBM them the government has to make sure I'm not planning to bomb them. Screw them. RIM stick to your guns, eventually they will crawl back to you cause the people will demand it or replace the government.