On Saturday, India Today reported that the India government is getting its way when it comes to tapping into BlackBerry devices.
I sure hope RIM handles this clearly with the remaining global media sources who haven't yet written about this. For years, there have been significant misunderstandings about RIM security. It has lead to a lot of crappy reporting. And unless RIM takes a different strategy this time, it's bound to lead to more of the same.
The India Today article is well written. The issues are clearly laid out. The government needed RIM's help to decrypt BBM messages coming from BIS accounts. So to be very clear, RIM is not helping the government decrypt BES messages. RIM has always said they don't hold the keys to BES decryption. Those keys are specific to each BES installation.
BBM, which is used by about one million consumers in India, is not as secure as BES. Sure, it uses 256 bit encryption, and is much more secure than a normal email. But the encryption key is shared. It's the same key across all users. So as long as the government has the key, and the encrypted message, it can decrypt whatever it wants.
Thorsten Heins clearly mentioned, on the company's Q4 conference call, that consumers don't value the security of RIM as much as the company initially thought. If that's the case, let's not make a big deal out of this. So what if RIM put a server in India so that local BBM traffic runs through that server. It doesn't change the enterprise security story one bit. And for the 99.9999% of us who are not potential "threats", what do we have to be concerned about?