Why are BlackBerry phones being targeted by governments around the world who want to eavesdrop on communications? Is is a conspiracy by Apple and Android to get the market to themselves? Or could it be something to do with technology.
There is a lot of interest at the moment in exactly why it is that governments around the world seem to be picking on BlackBerry as a security issue? Is it a conspiracy to make sure that iPhone and Android do well in home markets? Is it a conspiracy instigated by Apple to gain market share? What is going on?
The simple answer is that only RIM implement its own messaging system and with it its own security. All of the other mobile platforms use the standard Internet infrastructure to deliver email - SMTP/POP3 etc - and because of this their communications are as secure, or rather as insecure, as any Internet communications. Governments can read email and instant messaging fairly easily, no matter where it comes fro,m as soon as it gets inside their legal borders. So what this means is that iPhone and Android email is just Internet email and hence not worthy of special attention. But RIM and the Blackberry are different.
The major appeal of the BlackBerry is that it implements push messaging. It doesn't wait for you to check your email - it tells you when email arrives. Many BlackBerry users prefer this push approach because it means that they are alerted the instant there is anything to attend to. To make push services work RIM had to invent a server that would take email and other communications and push them out to BlackBerry devices.
As part of the process the server, the BlackBerry Enterprise Server or BES, encrypts all data using a unique private key stored along with the user's mailbox. Most email is not sent in encrypted form - but all BlackBerry email is encrypted from when it leaves the server to when it arrives in the phone. What this means in practice is that even if a government does intercept the message, either from the Internet or from the cell phone connection, it has to crack the encryption to read it. While cracking this level of encryption is something that can be done it requires a lot of computing power and doing it for every BlackBerry in even a small country would soak up a lot of resources - assuming it was possible.
There are two ways that a customer can access a BES. The first is to opt to use a server supplied by RIM to forward email. In this case the server might be located anywhere. The alternative is to get your company to host its own BES server. In either case RIM doesn't have access to the encryption keys selected by each user and doesn't even have access to the server in the second case. It also claims that there is no "master key" enabling messages to be decrypted.
It is obvious that RIM would prefer not to host the messaging servers and to encourage users to do it themselves they have released BES Express - a lightweight free version that you can install on your mail server. Self hosted BES servers clearly remove the responsibility for encryption from RIM and back onto the user. Notice that users of alternative messaging devices can use encryption, but they generally opt not to because it introduces another level of complexity.
Of course there is a lesson in all of this for developers - don't enhance security if it means you have to keep the keys or host the server. iPhone and Android communication are as secure as the user cares to make them - but security or lack of it is no-one else's concern but the user.
Mobile platforms of the world!
BlackBerry "Super Apps" Developer Challenge
Better Tools for BlackBerry developers
The web is pull not push