Saudi deal won’t affect Canadian BlackBerry users

BlackBerry users in Canada and the U.S. needn’t worry about Research in Motion Ltd.’s negotiations with countries like Saudi Arabia, Indonesia, India and Lebanon affecting the security of their devices, analysts say.

“It’s highly unlikely there will be any significant changes if you are a Canadian or American business user of the BlackBerry traveling to any of the countries that are in negotiations with the company,” said Kevin Restivo, senior analyst at IDC Canada Ltd.

Corporate security is a major selling point for the BlackBerry, he said. “I would say it’s highly unlikely, if not impossible, for RIM to compromise on anything with regards to encryption of e-mail, messages or revealing messages that are encrypted,” he said.

And while reports say RIM has reached an agreement with the Saudia Arabia, RIM and the government “have essentially said very little,” Restivo pointed out. There have been no confirmations of any kind of agreement and “nothing has been announced or revealed formally,” he said.

Business users in North America, including those visiting or working in Saudi Arabia, should continue to expect service as usual, said Jayanth Angl, senior research analyst at Info-Tech Research Group Ltd.

“There’s been no change to the service yet and certainly nothing that in any way would affect BlackBerry service for the rest of the users worldwide,” he said.

Angl said it’s a “bit early” to speculate on whether the talks between RIM and Saudi Arabia will have an impact on the security of devices for users based in Canada and U.S.

“Other than the Saudi Arabian threat of a ban pulled back … there hasn’t been anything released officially that says whether it was because they reached an agreement,” he said.

Until RIM announces some type of change to the BlackBerry service – whether it’s the details of the solution they have implemented for Saudi Arabia or otherwise – it’s all speculation, said Angl.

“Many clients and many organizations have clearly chosen BlackBerry for its security benefits, including the encryption, so it’s not something that really we can say is going to go one way or the other at this point,” he said.

Saudi Arabia’s Communications and Information Technology Commission (CITC) said last week that it would suspend BlackBerry services in the country because the services violated local regulations. 

The CITC ordered the three mobile service providers in the country that offer BlackBerry services – Etihad Etisalat (which uses the brand name Mobily), Saudi Telecom Company (STC) and Zain Saudi Arabia – to suspend the service as of Aug. 6.

It subsequently provided an extension to operators until end of Aug. 9 to test the solutions they were working on with RIM. The deadline passed without a cut in services, according to reports.

On Aug. 10, a CITC official said BlackBerry data services can continue in Saudi Arabia after RIM agreed to monitoring of e-mail and instant messaging data services. RIM has agreed to place some of its communication servers in the country, said the official on condition of anonymity.

In a statement, CITC said it had decided to allow BlackBerry Messenger, RIM’s instant messaging service, as part of the regulatory requirements had been met. Other regulatory requirements have not been met by operators, but CITC’s statement did not specifically say which ones.

Lebanon’s Telecommunications Regulatory Authority (TRA) said last week it would begin negotiations with RIM to provide security agencies access to communications on the BlackBerry network.

RIM is also in discussions with India’s government, which is demanding access to BlackBerry communications for its security agencies. Indian government officials said last week that the talks were ongoing.

BlackBerry’s service is to be suspended in United Arab Emirates (UAE) from Oct. 11 because it does not fall in line with the country’s regulations, the UAE telecommunications regulator said on Sunday.

Indonesia asked RIM last year to put a server in the country for security reasons to handle only domestic data traffic, and the company is still considering the proposal, said the commissioner of Badan Regulasi Telekomunikasi Indonesia (BRTI).

In a statement, RIM said customers of the BlackBerry enterprise solution can “maintain confidence” in the integrity of the security architecture. “There is only one BlackBerry enterprise solution available to our customers around the world and it remains unchanged in all of the markets we operate in,” states the company.

“RIM cooperates with all governments with a consistent standard and the same degree of respect. Any claims that we provide, or have ever provided, something unique to the government of one country that we have not offered to the governments of all countries, are unfounded,” states RIM. 

RIM also released a customer update earlier this month assuring enterprise customers that the company “will not compromise the integrity and security of the BlackBerry Enterprise Solution.”

In the update, RIM says the BlackBerry security architecture was specifically designed to provide corporate customers with the ability to transmit information wirelessly with the confidence that no one, including RIM, could access their data.

BlackBerry’s security architecture for enterprise customers is based on a symmetric key system, states RIM, whereby the customer creates the key and is the only one who possesses a copy of the encryption key.

“The BlackBerry security architecture for enterprise customers is purposefully designed to exclude the capability for RIM or any third party to read encrypted information under any circumstances,” states RIM.

The company “would simply be unable to accommodate any request for a copy of a customer’s encryption key since at no time does RIM, or any wireless network operator, ever possess a copy of the key,” states RIM.

The location of the data centres and the customer’s choice of wireless network are also irrelevant factors from a security perspective, according to the company, because end-to-end encryption is utilized.

“Transmissions are no more decipherable or less secure based on the selection of a wireless network or the location of a data centre,” states RIM.

— with files from John Ribeiro 

Follow me on Twitter @jenniferkavur.

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now