What is all the fuss about the BlackBerry? First it was India, then Indonesia and the United Arab Emirates that threatened to ban the very popular BlackBerry Messaging or BBM service but they were beaten to the punch by Saudi Arabia and Kuwait. Why are these countries banning it and what does it mean for freedom of speech should Thailand follow in their footsteps?
BlackBerry’s way of doing things started off life in a different era when people were stuck on slow 2.5G data and corporations were still getting to grips with mobile email and needed to make sure it was controlled. This led to a very proprietary but secure solution which had the added benefit of using very little data to avoid high roaming costs.
Only much later did Research In Motion, the Canadian company that makes and sells BlackBerry phones, move into the consumer market and offer many of the same benefits of push mail, messaging and, unfortunately in the light of today, watertight security to the consumer. Security that is so tight that is is not only impossible for officials to know what is being sent or received, but not even able to know whom the message is sent to or from.
How different? Return for one moment to the end of March and the so-called negotiations between Messrs Weng, Jatuporn and Veera on the one hand and Abhisit and Co on the other. Remember the incessant sounds of the BlackBerry beeping?
Someone was communicating with the people in that room. Suppose Jatuporn sent a message, the phone has an always-on encrypted pipe from the handset straight through to RIM’s servers somewhere in Canada and from that server in Canada to someone else using a BlackBerry anywhere in the world.
Even if someone put a gun to the head of someone in the three telcos demanding information on the messages coming and going (or perhaps not a gun, but a proper court order as per the cybercrime law), all they could say was that there may have been a spike in the information coming and going from that room to Canada, but that is all they can say. The telcos cannot read the message, cannot see who it is it to or even what kind of data is involved. It could be a message, an email or even a website or a custom application created by a secret society. There is nothing that the telcos or the international Internet gateway can do to shed light on the secrets being exchanged.
If Jatuporn and his Merry Men were using even high grade encryption on a traditional PC or other smartphone, anyone intercepting the message (legally, of course) might not be able to pry into the message, but they could at least say if it was an email or an instant message and quite probably be able to tell the nice ICT Ministry-certified Cyber Inspector that the secret message came from Montenegro or Dubai, or that it was just an I miss you letter from his poor mummy.
Given privacy concerns on the Internet, this seems like a good thing. It prevents secrets such as credit card numbers being stolen and it gives control back to corporate IT departments to keep trade secrets intact and prevent industrial espionage.
The problem for governments is that it renders them incapable of doing anything and effectively turns over all control to Canadian jurisdiction. Lovely when you want a first-world business with Sarbanes-Oxley, HEPA or any other acronym level compliance level to keep your company listed on the New York Stock Exchange and your CIO out of jail. Not so lovely when you are a government bent on making Orwell's vision of Nineteen Eighty-Four a reality, cracking down on freedom of speech and jailing dissidents who just happen to think differently from you.
Kuwait said that pornography though the encrypted pipe was the main concern and gave RIM 48 hours to comply. But if they comply, what next? The word acceptable has different meanings in different countries and Thailand is now a prime example for reasons that shall not be mentioned.
In the late nineties, the US of A tried to put the genie back in the bottle and ban encryption. Some of us might remember export-level Netscape. The idea was that secure encryption could only be used within the United States and the rest of the world would make do with 40-bit encryption can can easily be decyphered by the boffins in the US government.
Of course, that idea did not work. Not only did it lead to the encryption industry going north of the border into Canada, but it only meant that good law-abiding people lacked safety and the people who needed encryption, be it terrorists or the Burmese opposition, used it anyway.
But what of BlackBerry? Most countries either demand in-country servers or a back-door into the system to intercept messages. That sounds simple enough, apart from the can of worms that that such a move opens. Security and privacy under Thai jurisdiction is hardly the same as security and privacy under Canadian law. What of roaming? Can a businessman from Thailand access his BBM while roaming in Dubai? Can an Indian do so when roaming in Kuwait? And what of non-RIM hosted servers?
BIS, the BlackBerry Internet Service, is the main Canadian server most are connected to. But before BIS, there was the BlackBerry Enterprise Server. Many corporations choose to run their own super-secure server which has even more options. There is also Zimbra, an open source alternative to BES and many other options.
BlackBerry was targeted because it was the most popular and most visible but there are others. Grasp that line of thought, multiply it by infinity, take that do the depth of forever and you will have barely a glimpse of what I am talking about.
Gmail? Since the, er, incident with Chinese government hackers, it now encrypts web connections with the Gmail server by default. Skype promises secure end to end encrypted voice and messaging and similarly, India demanded that Skype install a backdoor for its intelligence apparatus to listen in on our secrets.
Banning BBM leads to a philosophical question. How much of our privacy do we entrust with the state in exchange for security? Definitely, BBM renders Thailand's Computer Misuse Act impotent, but if it were really, universally, unequivocally evil, Thai prosecutors could apply for a court order in Montreal. If this movement continues what of Google? What of Skype? Indeed, what of anyone big enough to be noticed that relies on encryption? Facebook? Twitter? YouTube? What of cloud computing?
Cloud computing relies on servers somewhere else, somewhere in a different jurisdiction; somewhere that cannot be raided by Thailand's cyber inspectors on the control of a Thai court.
On a more philosophical question, is anonymity in itself a crime? Is privacy without anonymity enough? Ask that to jailed Chinese dissident Li Zhi who was jailed after Yahoo provided information that linked him to a certain email address.
The temptation is high today for Thailand to follow in the footsteps of these somewhat conservative and one might even say repressive states. How the powers that be react against this backdrop will have repercussions for many years to come. Does Thailand take the high ground and accept the brave new world, or do we set up a somebody else's problem field and bury our head in the sand?
RIM's co-CEO Mike Lazaridis put it bluntly, “if they can't deal with the Internet, they should shut it off.” It is not like many countries are not trying.
