The solution proposed by Research In Motion to intercept BlackBerry services has run into technical glitches.
A trial held on July 19 on Vodafone’s network threw up a number of short comings, which a testing team comprising of officials from the Intelligence Bureau and the Department of Telecom have flagged up.
According to an internal note seen by Business line, the Canada-based RIM has offered a solution to decrypt BlackBerry Messenger Services (BBM), BlackBerry Internet Services (BIS) along with providing call-related information and location of server for BlackBerry Enterprise Services (BES).
The company has located a server in Mumbai for enabling the interception. In addition, an external data client has been deployed to segregate the BlackBerry traffic from the other traffic. All the telecom companies are required to deploy the data client and connect it to the RIM server in Mumbai.
“While carrying out the testing of BBM services, it was observed that decryption was in readable format but call-related information was not in proper format wherein the information provided was PIN of the BlackBerry user. Based on PIN alone, security agencies may not be able to identify the actual user of BlackBerry,” the internal DoT note stated.
On testing the Internet services, it was observed that decryption was in a normal readable format only for BlackBerry email services and not for Web browsing. Even in the case of email, attachments were not getting reflected in the intercepted communication.
“On downloading and reading of attachment by the recipient, separate communication message was appearing in interception without having any correlation with earlier intercepted communication. These two communications requires to be interlinked,” the note stated.
On enterprise services, the testing team observed that data provided had enterprise server reference in a coded form by which it was not possible to identify the enterprise name and public IP address.
RIM had roped in cyber intelligence solutions provider Verint to develop the monitoring platform for Indian security agencies.
Concerns have also been raised about taking BlackBerry traffic out of the country to Verint’s server in Israel.
However, DoT sources termed these issues as teething troubles. “We will ask RIM to address these concerns. Telecom companies will also be told to get ready to integrate their network to RIM’s monitoring solution,” the DoT source said, adding that similar action will be taken on other technology firms offering encrypted data services in the country. When contacted RIM declined to comment on the specifics of the trials but said that it always follows a consistent set of Lawful Access Principles in India and everywhere else.
“We reaffirm that encrypted BlackBerry Enterprise communications in India, and everywhere else, remain secure and the content of these encrypted communications can only be accessed by the owners of the BES, who maintain control of their confidential information. RIM has not entered into an agreement with the Indian Government concerning lawful access,” the company said.
The company said that strong encryption is a fundamental commercial requirement for any country to attract and maintain international business anyway and similarly strong encryption is currently used pervasively in traditional VPNs on both wired and wireless networks in order to protect corporate and government communications.