RIM's fight to preserve encryption of emails

There's a lot of talk about public-private partnerships on security, but there also has to be a clear division between the two on what is private and what is not. For example, businesses want police to respond to help investigate major crimes, and police may want businesses to share information when their investigations hit a point at which they need emails or phone call lists. In the U.S. at least, this latter form of partnership (the providing of emails and phone records) is provided by subpoena. It's not that the businesses aren't willing to provide that information, but they want a specific and direct request, because such a direct police request allows them to maintain to their customers that they respect their clients' privacy up to the point that the judicial system supersedes that privacy protection with a direct and targeted demand.

So that's why SIW has been tracking news about RIM/BlackBerry's encrypted emails (see also prior coverage on this topic). The news, in summary, is that RIM provides an email handling service to its BlackBerry customers, and those emails are encrypted to ensure the privacy of those messages is maintained. The second part of the news is that some nations are objecting to the fact that they can't read all the emails being sent to their citizenry because those emails are encrypted by RIM, and RIM isn't just pushing over and giving the governments the keys to their digital castle.

Consider for a moment that the BlackBerry smartphones are still the dominant smartphones in the market (although Apple and Google are trying to change that with the iPhone and Android platforms) and that the BlackBerry has become the quintessential business device, especially for senior business leadership. It just makes perfect sense that RIM provides encryption of these emails, and it makes sense that RIM isn't handing away those encryption keys willy-nilly to whatever government that is requesting them.

Were RIM to give up the keys, and those emails became unencrypted, they might accidentally be made available to wrong persons in these governments. After all, once RIM gives away those encryption keys, the company would have difficulty retaining control over how they were used, and at that point, why would encryption even be necessary? (If you think things really stay private inside a government, point your web browser over to Wikileaks where you'll find tons of government documents from around the world). The argument from such governments for access to RIM's BlackBerry emails is that potential terrorists could use encrypted email systems and thus remain under the radar of law enforcement, and that's why they need full access to the emails. But that's a week argument; it holds little water. And under that type of argument, personal privacy ends up on a slippery slope.