Full RIM customer statement on BlackBerry security issues
Posted in: Beep Beep
Posted by: David George-Cosh on August 3, 2010 12:06 PM
Tags:
BlackBerry, Etisalat, In, Motion, Research, RIM, UAE
Research In Motion (RIM), the Canadian maker of the BlackBerry, issued the following statement to its customers yesterday in response to the security issues raised by India, the UAE and Saudi Arabia. Although several news organisations have quoted parts of the statement, in the interest of full transparency as well as to fully inform BlackBerry's customer base in the UAE, we are publishing the entire unedited copy below:
Dear Valued BlackBerry Customer:
Due to recent media reports, Research In Motion (RIM) recognizes that some customers are
curious about the discussions that occur between RIM and certain governments regarding the
use of encryption in BlackBerry products. RIM also understands that the confidential nature of
these discussions has consequently given rise to speculation and misinterpretation.
RIM respects both the regulatory requirements of government and the security and privacy
needs of corporations and consumers. While RIM does not disclose confidential regulatory
discussions that take place with any government, RIM assures its
customers that it is committed to continue delivering highly secure and
innovative products that satisfy the needs of both customers and
governments.
Many public facts about the BlackBerry Enterprise Server security architecture have been well
established over the years and remain unchanged. A recap of these facts, along with other
general industry facts, should help our customers maintain confidence about the security of their information.
• RIM operates in over 175 countries today and provides a security architecture that is
widely accepted by security conscious customers and governments around the world.
• Governments have a wide range of resources and methodologies to satisfy national
security and law enforcement needs without compromising commercial security
requirements.
• The use of strong encryption in wireless technology is not unique to the BlackBerry
platform. Strong encryption is a mandatory requirement for all enterprise-class wireless
email services.
• The use of strong encryption in information technology is not limited to the wireless
industry. Strong encryption is used pervasively on the Internet to protect the
confidentiality of personal and corporate information.
• Strong encryption is a fundamental requirement for a wide variety of technology products
that enable businesses to operate and compete, both domestically and internationally.
• The BlackBerry security architecture was specifically designed to provide corporate
customers with the ability to transmit information wirelessly while also providing them
with the necessary confidence that no one, including RIM, could access their data.
• The BlackBerry security architecture for enterprise customers is based on a symmetric
key system whereby the customer creates their own key and only the customer ever
possesses a copy of their encryption key. RIM does not possess a "master key", nor
does any "back door" exist in the system that would allow RIM or any third party to gain
unauthorized access to the key or corporate data.
• The BlackBerry security architecture for enterprise customers is purposefully designed to
exclude the capability for RIM or any third party to read encrypted information under any
circumstances. RIM would simply be unable to accommodate any request for a copy of a
customer's encryption key since at no time does RIM, or any wireless network operator,
ever possess a copy of the key.
• The BlackBerry security architecture was also purposefully designed to perform as a
global system independent of geography. The location of data centers and the
customer's choice of wireless network are irrelevant factors from a security perspective
since end-to-end encryption is utilized and transmissions are no more decipherable or
less secure based on the selection of a wireless network or the location of a data center.
All data remains encrypted through all points of transfer between the customer's
BlackBerry Enterprise Server and the customer's device (at no point in the transfer is
data decrypted and re-encrypted).
RIM assures customers that it will not compromise the integrity and security of the BlackBerry Enterprise Solution.
RESPECT
thanks for this usefull informations..
now i find what i want to know..
thanks..
If this is 100% accurate, how did RIM agree to share the "encrypted" information with the Indian government??!!!
QUOTE If this is 100% accurate, how did RIM agree to share the "encrypted" information with the Indian government??!!!
Who says they did? Had they reached an agreement the Indian government would not still be threatening to shut them down.
Fair play to RIM. Stick to your principles. Another own-goal by the UAE, hot on the heels of the ill-fated attempt last year to install spyware.
My utmost Respect to RIM, this is truly professional statement. There are much more security conscious nations out there that made no issue of Blackberry's security architecture. I am a BlackBerry Certified Enterprise Administrator myself, and i tell you RIM rules in security, versus apple, microsoft and any other mobile platform.
This move from UAE is like another commentator said, an "own-goal" for the UAE. Last year spyware fiasco only proved Etisalat's TRA real intentions.
this memo s quite popular in the net these days but prob is i couldnt find any official link between RIM and this memo.
anyone has any idea about official rim url of this statement?