Indian press alleges deal to monitor BlackBerry e-mail

Research In Motion has succumbed to government pressure to grant access to Indian security agencies, according to Indian reports.

MUMBAI // Research In Motion (RIM) has succumbed to government pressure to allow Indian security agencies to monitor messages sent via Blackberry, according to Indian press reports that cite an official communiqué circulated by India's Department of Telecommunications (DoT). In a "compromise solution" agreed to by DoT officials and representatives of RIM in a series of meetings last week, the Canadian company agreed to share with Indian security agencies its closely guarded technical codes for corporate email, and to open up access to all consumer e-mails by mid-August, The Economic Times reported. It also agreed to build tools by the end of this year that would allow Indian agencies to monitor personal chats on BlackBerry devices, according to the report.

Ram Narain, the deputy director general for cyber security at DoT, confirmed the communiqué but refused to make a statement because "negotiations with RIM are still continuing". "After some persuasion, the [BlackBerry] representative agreed that they can provide the metadata of the message - that is, the IP address of the BES [BlackBerry enterprise server], PIN [personal identification number] and IMEI [International Mobile Equipment Identity] of the BlackBerry mobile," the communiqué said, according to the paper.

"The concerned internet service provider can also tell the location of the services. From this information, security agencies can easily locate the BES and obtain the decrypted message." However, the state news agency WAM, last night said that RIM had only "promised to look into India's security concerns" and that no agreement had been reached, citing "reliable sources". "Talks are likely to continue between the Indian Telecommunications Ministry and RIM to settle the issue," WAM said.

RIM also deny they give any governments access to their information. "BlackBerry security architecture for enterprise customers is based on a symmetric key system whereby the customer creates their own key and only the customer ever possesses a copy of their encryption key," the company said in a recent statement. "RIM does not possess a 'master key', nor does any 'back door' exist in the system that would allow RIM or any third party to gain unauthorised access to the key or corporate data."

In early July, the Indian government had threatened to ban the firm's services in India because security agencies expressed their inability to monitor BlackBerry's highly encrypted messages. But last week, the chief for internal security at the ministry of home affairs ruled out the possibility of an all-out ban after fresh assurances of cooperation from RIM. Satendra Prakash, the DoT spokesman, insisted the government did not intend to harass telecom service providers, but said security was a growing "concern". India faces several terror threats.

Mr Prakash pointed out security rules were being tightened not just for BlackBerry, but for other telecom players in the Indian market. Google's Gmail service and the Voice-over-IP service Skype are also under scrutiny for similar reasons. The DoT issued a circular on its website on July 29 declaring that all mobile phone carriers must have their equipment certified by an approved international audit agency. This, officials say, is to prevent any spyware or malware technology from being embedded in cell phones. It also made it mandatory for carriers to seek security clearance from India's ministry of telecommunications before placing equipment orders.

Some carriers say the tightening of telecom rules could slow down their expansion plans in India, the world's second-largest wireless telecom market with 640 million mobile phone connections. In a letter last week to DoT, Ericsson, a Swedish telecom company with a growing presence in India, said the new rules were "unjustly onerous and unprecedented for a vendor like Ericsson". Added Kiran Karnik, the former president of India's National Association of Software and Services Companies: "Whether the technology is good or bad, evil or godsend, depends on context, perspective and use.

"A knife can kill, and the surgeon's knife can save a life. Ultimately, it is not the technology or the weapon that takes lives, but the finger that pulls the trigger, the mind that conceives the crime. "Our security is, doubtless, at stake," he said. "But so is our way of life, our freedom."