RIM unable to honor India Gov demand

Canadian wireless device company, Research in Motion (RIM), maker of the popular Blackberry handheld communication device, has finally broken the silence surrounding Indian Government’ demands to handover the “keys” to decrypt secure email communications.

RIM claims that it not possible to handover the decryption keys and claims setting up a local datacenter would serve no purpose given the end-to-end security deployed in its solution. RIM further declared that its solution architecture is designed in a way that does not allow any third party including RIM to read the email data under any circumstances. On the 23rd of May, RIM sent this note to its customers:

“The use of strong encryption in wireless technology is not unique to the BlackBerry platform. Strong encryption is used pervasively on the Internet to protect the confidentiality of personal and corporate information. Governments have a wide range of resources and methodologies to satisfy national security and law enforcement needs without compromising commercial security requirements.”

This is not to be confused with BlackBerry hosted service for which RIM has probably handed over the decryption keys to the Indian Government.

The BlackBerry enterprise solution architecture is provided below (click to enlarge):

All communications between the BlackBerry Enterprise Server (BES), located on the corporate network, and the BlackBerry handheld devices are secured using a 256-bit AES cryptosystem. Furthermore, all newer BlackBerry handheld devices contain cryptographic kernel that conforms (PDF) to the NIST’s FIPS 140-2 Overall Level 1 standard (PDF) making it the most secure commercially available wireless devices for email communications available today.

What better reason to be worried when the your technology can’t cope up with anything better than 40-bit encryption?