The Indian Government withdrew the threat to ban BlackBerry services for 60 days after RIM sent a proposal to give security officials “lawful access” to encrypted data. The Indian Ministry of Home Affairs has demanded real time access to encrypted emails and IM communications and said it will take the next 60 days to review the proposal from RIM.
This news raises a couple of big questions:
1) What did RIM propose?
2) What is “lawful access”?
RIM’s proposal seems to include setting up a server in India, but even RIM itself says that there it is a “misperception” to think server location has any bearing on a government’s ability to access encrypted information. This makes sense as the data is fully encrypted between devices and even with a server located in the country, it wouldn’t have any bearing on the encryption. Perhaps having a server in India would allow security agents to be planted within RIM, but even at that, the company has said it does not have a Master Key. It’s possible that after 60 days, the Indian Government will come back saying the proposal is unsatisfactory and the pressure will mount once more.
It’s not clear what “lawful access” is exactly, but one might be able to look at a carrier’s service agreement. According to the Rogers Wireless service agreement, authorities have access to your personal data given a list of criteria including the following:
- A law enforcement agency whenever we have reasonable grounds to believe that you have knowingly supplied us with false or misleading information or are otherwise involved in unlawful activities directed against us;
- A public authority or agent of a public authority if, in our reasonable judgment, it appears that there is imminent danger to life or property which could be avoided or minimized by disclosure of the information.
The Indian authorities are primarily interested in access to data as it pertains to terrorism and the threat of loss of life, so the above conditions may be used as grounds for “lawful access”. Again, if with the above criteria, RIM would still have to offer a way to unscramble encrypted messages, which is the biggest sticking point in this debate.
One thing is for sure, we’ll have a lot more to talk about in 60 days.