Q+A: Blackberry security explained

BOSTON Fri Aug 13, 2010 2:04pm EDT

BOSTON (Reuters) - Research in Motion is at odds with the governments of India, Saudi Arabia and the UAE over their demands that the company let authorities tap BlackBerry messages delivered using RIM's rock-solid encryption technology.

Here are questions and answers that explain how the BlackBerry system works and why governments consider it to be a potential threat to national security:

Q. How does BlackBerry's legendary security system work?

A. RIM uses powerful codes to scramble, or encrypt, messages as they travel between a BlackBerry server and the BlackBerry device. If a worker loses their BlackBerry, RIM is able to remotely wipe all messages on the device and deactive it.

Q. Is BlackBerry's security unique?

A. Yes. All BlackBerry traffic runs through RIM data centers, which help manage the devices. It also runs through BlackBerry servers, which encrypt and unscramble messages.

Those BlackBerry servers are owned and run by RIM's business and government customers, according to David Goldschlag, chief technology officer of McAfee Mobile, a unit of McAfee Inc.

(RIM handles encryption and decryption for smaller businesses and consumers, according to Goldschlag.)

Rivals, including Apple Inc, Google Inc, Nokia and Microsoft Corp, design their products so they communicate directly with ordinary email servers.

Q. Can RIM unscramble the data?

A. RIM says it cannot unscramble data of its large business and government clients because the servers that handle that task are located on the premises of its customers.

Q. Saudi Arabia, India and the UAE have complained that RIM won't give them the access they need to tap into BlackBerry messaging networks so they can protect their national security interests. They say that RIM grants such access to other countries, including the United States.

Q. What kind of access does the U.S. government enjoy?

A. U.S. authorities can seek a court order to tap BlackBerry traffic, giving them access to messages sent over the network. Officials with Research in Motion declined to talk about how they provide such access. It is possible that the government provides such requests directly to RIM's customers.

Q. Is RIM refusing to give Saudi Arabia, India and UAE that kind of access?

A. It is unclear. Nobody is talking specifics, with one exception: In the case of Saudi Arabia, the government says it only wants access to RIM's consumer-focused BlackBerry Messenger service. A spokesperson for RIM did not respond to a request for information on how the company secures that particular service.

Q. If the data is encrypted, how is it possible for the government or RIM to even install a wire tap?

A. Bruce Schneier, an expert in encryption who is chief security technology officer for BT, said that it is relatively simple. Authorities need to put an eavesdropping box on the BlackBerry server, whether run by RIM itself or one of its customers, that has the key for descrambling the messages.

(Reporting by Jim Finkle; Editing by Frank McGurty)