Clashes between the maker of Blackberry smart phones and India, Saudi Arabia and the United Arab Emirates are the latest rounds in a cat-and-mouse game pitting authorities against technologies racing beyond their grasp.
“What is going on is this elegant dance we go through when countries think their sovereignty is being threatened by new technology,” said Mark Rasch, who headed the computer crimes division at the US Department of Justice for nine years.
“Governments are very ready to deploy technology that invades privacy, but privacy enhancing technologies make them nervous.”
Security experts put the row over Blackberry encryption capabilities in the context of decades of skirmishing around the security implications of new Internet and communications technologies — a battle that today also touches services like Google’s Talk messaging system and the telephone and video services provided by Skype.
In the most high profile case this month, BlackBerry maker Research in Motion (RIM) said Friday it was “optimistic” it could avert a threatened shutdown by India of the core features of the popular smartphone over security worries.
A delegation from the Canadian firm met India’s Home Secretary G.K. Pillai to discuss the government’s warning it would ban BlackBerry’s corporate email and messaging unless it gave security agencies access to the encrypted services.
The Indian ultimatum came after Saudi Arabia postponed imposing a BlackBerry ban as the conservative Muslim country reported progress in solving its own security concerns.
The UAE, however, has said it will ban BlackBerry messenger, email and web browsing services from October 11 for security reasons.
“There are lots of governments today, including the United States, with intelligence operations that can be impeded by technologies utilizing some kind of encryption,” said John Bumgarner, chief technology officer at the nonprofit US Cyber Consequences Unit.
“The argument is that technology such as BlackBerry, Google Talk, or Skype is impacting the ability to identify terrorist operations in their borders.”
Each of those services scrambles data with tough-to-crack codes, according to Bumgarner, whose group does threat research for US agencies.
There is an array of encryption tools that people can use for Internet telephone calls or email.
“They developed it so terrorist operatives could securely communicate with each other anywhere in the world,” Bumgarner said.
“There are plenty of ways, right now, to conduct covert communications on the Internet that cannot be intercepted by most intelligence organizations worldwide.”
A Pretty Good Privacy (PGP) application to encrypt email was created nearly 20 years ago by Philip Zimmermann, who later focused on doing the same for voice data in Internet telephone calls.
At a recent DefCon gathering of computer “hackers” in Las Vegas, startup Whisper Systems released free software to encrypt Internet telephone calls and text messages on smartphones running on Google-backed Android software.
People intent on scrambling digital communications could also piggyback onto online forums that have encryption capabilities, or even take advantage of encryption in seemingly innocent missives such as electronic greet cards.
“This is really a cat-and-mouse game between intelligence agencies and terrorist organizations,” Bumgarner said.
“Within a few minutes I can establish an encrypted call with almost anyone anywhere in the world that cannot be intercepted by intelligence agencies.”
A spy agency with sufficient resources could easily crack BlackBerry messages; it just might not be in real time, according to industry experts.
“By governments announcing that they are planning to monitor advance communication technologies, such as RIM servers they are just warning terrorists to find other ways to communicate,” Bumgarner said.
The clash between national security fears and computer innovations spans decades. In the 1980s US officials unsuccessfully pushed for encryption keys or “back doors” into computer data.
In late 1994, the US Congress passed the Communications Assistance for Law Enforcement Act that obligates telecom companies to “preserve” the ability of police to do lawful electronic snooping.
The act was updated in 2006 with an order to include ISPs and Internet telephone service providers.
But new technologies are again challenging the status quo.
“It isn’t difficult to encrypt communication such that nobody, not even governments, can eavesdrop on what you are saying,” said Ian Clarke, known for his work on a Freenet system for protecting online anonymity.
“Their only option is to threaten specific software providers, like Skype, to provide a “back door” into their software.”
As is apparently the case with RIM, not all software providers will be susceptible to such threats.
And there is open-source software, essentially publicly owned and improved programs, such as a GnuPG cryptographic tool, that can cause new headaches for authorities.
“It will play out over and over, there will be new technologies and challenges. Events like 9-11 will tip the balance one way and when we feel governments are being repressive it shifts back,” said Rasch.
Countries that shut out tools for protected communications run the risk of being branded unfriendly to legitimate business people who rely on protected communications in a competitive world.
“Governments can go to the extreme of simply banning such technologies, but the economic ramifications of this would be intolerable for all but the most draconian regimes, like North Korea,” Clarke said.
Story first published: 16th August 2010