RIM: No back door into encrypted BlackBerry messages for any government

Tuesday, BlackBerry maker Research in Motion confirmed that it will not provide a backdoor into its encrypted messages for the purposes of local government surveillance, despite the demands of certain countries.

Since 2007, Research in Motion has had difficulties building a BlackBerry service in India, due to the Indian Ministry of Telecommunications' demands for an unencrypted e-mail messaging system. The Ministry expressed concern that the BlackBerry messaging system could serve as a method of communication for dissidents who want to be untraceable.

Indeed, the system is viewed as a security risk not only in India, but also in the United Arab Emirates and the kingdom of Saudi Arabia.

The UAE's Telecommunications Regulatory Authority said it would suspend BlackBerry Messenger, email and Web browsing services beginning on October 11th if RIM does not provide a solution for local messaging control. State-run operator Saudi Telecom followed by banning BlackBerry Messenger.

In Late July, India's Ministry of Home Affairs and Department of Telecommunication said "If they don't follow our guidelines, we will have no option but to ask them to stop their operations in India."

RIM issued an official statement responding to the threats on Tuesday, which provided a bulleted list of why the company cannot concede to the governments' demands.

"The BlackBerry security architecture for enterprise customers is based on a symmetric key system whereby the customer creates their own key and only the customer ever possesses a copy of their encryption key. RIM does not possess a 'master key', nor does any 'back door' exist in the system that would allow RIM or any third party to gain unauthorized access to the key or corporate data.

The BlackBerry security architecture for enterprise customers is purposefully designed to exclude the capability for RIM or any third party to read encrypted information under any circumstances. RIM would simply be unable to accommodate any request for a copy of a customer's encryption key since at no time does RIM, or any wireless network operator, ever possess a copy of the key.

The BlackBerry security architecture was also purposefully designed to perform as a global system independent of geography. The location of data centers and the
customer's choice of wireless network are irrelevant factors from a security perspective since end-to-end encryption is utilized and transmissions are no more decipherable or less secure based on the selection of a wireless network or the location of a data center. All data remains encrypted through all points of transfer between the customer's BlackBerry Enterprise Server and the customer's device (at no point in the transfer is data decrypted and re-encrypted)."