Research In Motion (RIM) has had a tough time of things in the United Arab Emirates. Citing encryption concerns, the BlackBerry was almost banned. But RIM and the UAE struck a last-minute deal. And when Saudi Arabia threatened a similar ban, RIM agreed to place a server inside Saudi Arabia and grant access to an undisclosed amount of user information.
In the end, the deals that saved RIM from a ban could set a dangerous precedent for anyone, particularly in the Mideast, who prefers the government keep its nose out of private citizens' BBMs, SMS's, emails, and more.
Ironically, Canada-based RIM touts the BlackBerry's encryption scheme and private key-based security structure as highly effective and, in practical terms, it does block snooping by outside agencies. It's these same features that make BlackBerry handsets attractive to political dissidents. The UAE's threat in August to cut off BlackBerry service by Oct. 11 unless the government was given access to encrypted servers that contain e-mails and messages came days after an unauthorized demonstration over high gasoline prices was organized via BlackBerry in Abu Dhabi. According to advocacy group Reporters Without Borders, 18-year-old Emirati Badr Ali Saiwad al-Dhohori was arrested for organizing the protest after his BlackBerry PIN was found in an instant message.
The service encryption does also make it ideal for terrorists, and it's these official stated "terrorism concerns" that the Emirates have cited for threatened bans and demands for server access. BlackBerrys were used to coordinate the devastating 2008 Mumbai terrorist attacks, for example. And despite the fact that wildly popular BlackBerrys are most known as the tools of choice for e-flirting in Saudi Arabia, the government there alleges that undefined "terrorists" also use them. Dubai police chief Dhai Khalfan Tamim also alleged that BlackBerrys are used by foreign spies in Dubai and elsewhere.
Few Emiratis or Emirates residents were willing to go on the record to speculate on what form the RIM compromise with the Emirati Telecommunications Registry Authority took. According to a terse statement, "The Telecommunications Regulatory Authority (TRA) has confirmed that Blackberry services are now compliant with the UAE’s telecommunications regulatory framework […] all Blackberry services in the UAE will continue to operate as normal." However, Middle Eastern tech blog T-break summed up local concerns: "This means that services prior to the announcement were not compliant with the framework. From that, one would deduct that RIM has allowed some kind of access to BlackBerry data to the UAE government—possibly through an encryption key. Whatever the details are, leaving decisions to the last minute was not necessarily the right way to go."
The ongoing story is how RIM will deal with similar pressures in other countries. Hamadoun Toure, the secretary general of the International Telecommunications Unions—effectively the UN's tech chief—has gone on the record urging RIM to give "co-operation between governments and the private sector on security issues." While it is likely that intelligence agencies such as the NSA may have the capability to crack RIM's encryption schemes, giving foreign governments easy access to servers makes it much easier. The Indian government, following the Mumbai attacks, understandably strongarmed RIM into granting access to BlackBerry messages. Indonesia is likely next to demand access to BlackBerry servers, while the American government is eager to broker "compromise" between RIM and foreign governments. Of course, the fact that RIM's encryption may not be truly secure will drive away customers.
However, the lack of transparency in the RIM-Emirati deal is causing unexpected speculation. The Financial Times' Simeon Kerr noted that the assumed monitoring of Emirati BlackBerrys coincides with the deepening influence of UAE state security over economic matters. Middle East business publication the Kipp Report noted that the agreement also occurred while the UAE was refusing to grant Canada access to a Dubai airstrip for Afghanistan operations.
BlackBerry users in the Emirates are already noting post-agreement service weirdness in social media. It is important to note that RIM's agreement with the Emiratis follows a reputed 2009 spyware attack on BlackBerry users in the UAE. Etisalat, one of the nation's leading mobile phone providers, sent users a "software update" that was in reality spyware.
According to RIM, "Etisalat appears to have distributed a telecommunications surveillance application [...] independent sources have concluded that it is possible that the installed software could then enable unauthorised access to private or confidential information stored on the user's smartphone." The application also caused poor battery life and reception, along with multiple reports of dead headsets. Etisalat enjoys close governmental ties and the precedent is not reassuring for BlackBerry users in the Emirates at all. An email sent to RIM asking for additional information about the Emirati agreement was not responded to by press time.
[Image via Flickr user Editor B]