The Indian government’s telecom department has suggested a workaround for accessing encrypted BlackBerry emails. The workaround involves getting unencrypted copies of emails from the BlackBerry Enterprise Server sent to an internet service provider’s monitoring system. Security agencies will be able to work with the ISP’s to obtain any information they desire from these corporate emails.
While BlackBerry corporate email is fully encrypted on a BES when moving between BlackBerrys, it remains unencrypted while it resides on the BES. “Feeding the email from the enterprise server to the ISP’s monitoring systems can, accordingly, help security agencies access the communication in pure text form,” DoT proposal said.
Inside government officials have said that RIM will allow partial access to BBM transmissions by September 1st, but is unwilling or unable to compromise corporate email.
The question remains, why would any company work under these conditions? If the US government forced all companies to forward 100% of their corporate email to government monitoring systems, many of these companies would simply operate elsewhere. You can’t have company intellectual property and legal documents being sent outside of the company in “readable formats”. Not only does this workaround seem like a security concern for enterprise, but it also seems like a bureaucratic nightmare to monitor every company’s emails.