Blog

The BlackBerry Emergency

By Mishi Choudhary | August 14, 2010

According to the Government of India, private service providers like AirTel and Vodafone are failing in their legal obligations under the Information Technology Act, hastily amended in the days immediately following the Mumbai 7/11 attacks, by not providing access to the content of emails and texts sent to or from BlackBerry users. As a lawyer, I have some doubt about this legal position, no doubt under discussion between GoI and the service providers. But there is no doubt that the Government has failed to make clear the context of this dispute, or the real consequences of the demands it is making.

BlackBerry devices use the wireless networks of the local service providers to deliver email and texts through servers operated by Research in Motion located outside India. If you or I as individuals buy a BlackBerry through one of the offering service providers, our email and text traffic will not be encrypted, and GoI will have whatever access to our communications the law requires. If, however, your BlackBerry was given to you as an employee of an MNC or a large local enterprise, for work use, those emails and texts will be encrypted so that only the sender and receiver, but not Research in Motion (RIM) and not the local Indian wireless service provider, will be able to read them. Since these parties do not have access to the content of encrypted messages, and therefore cannot provide what Government says the Act requires, the Government now threatens to force a halt to their services as of August 31.

Unless a ring of terrorists is embedded entirely within some MNC, and is using its email and messaging system to plan terrorist attacks or other crimes using corporate BlackBerries, such a service cut would not be likely to prevent the planning or execution of any attacks. What it would do, however, is effectively cut off India from the global financial system. The ability of banks, insurance companies, law firms, consultancies and other professional service enterprises to operate around the globe depends entirely on the flow of confidential intra-firm communications. People cannot do business anywhere unless they can be sure that their firm’s business communications are not being overheard by competitors or other parties using breaches in communications networks. So every such enterprise relies upon mechanisms that ensure complete confidentiality on which the movement of trillions of crores every day in the world economy depend. BlackBerry provides one portion of that network to a large subset of that market. Any country which shuts off encrypted BlackBerry communications has shut down its place in the global economy.

Government knows, what the extent of its threat implies if our connection with the global economy is temporarily lost. But if the Government were clear with the public now about the small security benefit to gain and the magnitude of the harm it will cause if its threat is carried out, its dis-proportionality would raise questions in the mind of the public. Apparently GoI believes that such a threat can, from its very desperate dramatic quality, induce a useful result. Unfortunately, this too is wrong. Because nobody but the enterprises themselves have an access to the decrypted information, Government must get inside the BlackBerry itself if it is to read the messages.

Thus, it is likely that GoI is pressurizing the local service providers like Airtel and Vodafone to put spyware within the BlackBerries attached to their networks. Thus, an arriving investment banker or CEO from New York or Frankfurt would have his BlackBerry subject to the introduction of spyware by the network, along with all the BlackBerries used by Indian financial services firms. There is precedent for this effort. One UAE wireless company, Etisalat, was caught installing spyware on more than 100,000 enterprise BlackBerries in the Emirates last year. Research in Motion was required by its customers to bear the cost of software upgrades to the system to remove the spyware and secure their business communications. Etisalat has been fundamentally injured in its credibility in international business, and is in some danger of becoming a global pariah.

GoI is making threats that could only be fulfilled at cataclysmic cost to the economy. It will in effect result in causing immense harm to India’s telecommunications sector and our reputation in the global financial services economy, where so many of our jobs are being created. In the end, it would inflict immense damage, much greater than any terrorist could ever cause scarcely achieving any additional security.

Please email any comments on this entry to press@softwarefreedom.org.

Other SFLC blog entries...