The saga of Saudi Arabia’s decision to ban BlackBerry service over security concerns continues. The Saudi kingdom has apparently granted a temporary reprieve to mobile operators offering BlackBerry services, giving them a short time to test possible technical workarounds to the government’s security concerns. BlackBerry maker RIM’s chief concession here appears to be allowing Saudi Arabia to host its own BlackBerry servers, so all BlackBerry messaging traffic in the country is managed and stored within its borders, rather than flitting away to overseas data centers.
If true, the compromise would mark the first time RIM has permitted countries to host their own BlackBerry services…and possibly sets out a roadmap for nations like the United Arab Emirates, Indonesia, and India that are also concerned about the security implications of BlackBerry service.
It’s not entirely clear how hosting local servers makes encrypted BlackBerry communications any more accessible to governments: in theory, data and messages are encrypted before they ever reach BlackBerry servers, and RIM has been adamant that it doesn’t have any back door or magic way to break users’ encryption keys. The only known ways to decrypt the data is by brute force (a process that could take a very long time and considerable computing power) or possession of the users’ encryption key.
However, local servers could remove legal barriers to obtaining copies of encrypted communications. Currently, if a government wants to lawfully obtain copies of a BlackBerry user’s communications—encrypted or not—it’s an international matter: orders must be issued to RIM (in Canada) and the information obtained from data centers in the UK or North America. Locally-based servers could potentially streamline the legal process, and be handled entirely by authorities within a nation’s borders.
