Centre for Internet & Society

The government is just a step away from gaining access to RIM’s widely used BlackBerry Messenger (BBM) service, writes Shauvik Ghosh in an article published in LiveMint on 14 February 2012.

In a move that may raise serious questions regarding the privacy of corporate emails exchanged between individuals and employees, the Indian government is all set to gain “back-door” access to emails sent and received over Research In Motion Ltd’s (RIM) BlackBerry Enterprise Server (BES) within the next two-three months.

“There was a meeting last month with DoT (department of telecommunications) on the issue and the concerned security agencies and some home ministry officials,” a senior DoT official said requesting anonymity. “DoT has to furnish a list of enterprises from whom the key has to be acquired.”

The number of such firms is contained in an internal DoT note that was reviewed by Mint.

“There are about 5,000 enterprises using BES in India,” the note said. “These are communications between the employees of the enterprise only and therefore are not of high concern for security or intelligence agencies.”

However, the capability of using the key to access the communications when needed is still being developed.


Meanwhile, the government is just a step away from gaining access to RIM’s widely used BlackBerry Messenger (BBM) service.

“RIM has set up the necessary infrastructure in Mumbai to enable real-time access to BBM, as they had said they would,” said the official cited above. “They had provided for interception via the telecom service providers, but the intelligence agencies wanted direct access and so a server has been set up in Mumbai.”

The note said: “The company had installed the server in Mumbai. This has been inspected by a team of officers and permission for direct linkage for lawful interception was expected to be issued shortly.”

The move has raised red flags among privacy advocates over the motives of the government.

“There is no reason given by them on why they need to do this. There are no allegations of terrorists using BES or any indication that any of the 5,000 enterprises have any links to terrorists or other banned outfits in India,” said Pranesh Prakash, programme manager with digital media watchdog Centre for Internet and Society. “What is worrisome is that it is mainly commercial information that is shared on BES and in a large number of cases, this includes dealings with the government of India that they should not be privy to—things like auction bids, etc.”

Such powers can’t be used to pursue offences of financial nature, he said. “There cannot be economic reasons like tax evasion and such for intercepting such communications as the agencies that look into such offences are not authorized to or do not qualify to tap phones, etc.,” Prakash added.

On being asked about the development, an RIM spokesperson responded by citing the company’s January statement. This said RIM had provided a solution that enables India’s wireless carriers to address lawful access requirements for consumer messaging services, which include BBM and BlackBerry Internet Service email.

“The lawful access capability now available to RIM’s carrier partners meets the standard required by the government of India for all consumer messaging services offered in the Indian marketplace,” the company said in that note. “While the details of our regulatory discussions with the government of India remain confidential, we have been assured that all of RIM’s competitors must provide a lawful access capability to this same standard if they have not done so already.”

Mint reported last month that in order to prevent leakage of information, the government was proposing a legal provision, referred to as mandated local server hosting. This would put the onus on companies such as Skype and Google to locate the relevant part of their infrastructure within the country to allow investigative agencies ready access to encrypted communications on their servers.

Apart from leakage of data, the move is also expected to serve security interests and enable law enforcement agencies gain real-time access to information stored on servers and resolve jurisdictional ambiguity.

The original article was published in Livemint. Pranesh Prakash has been quoted in it.

Filed under: