Telecoms regulators of the United Arab Emirates recently blocked all encrypted email and data communications over Blackberry’s, which to the chagrin of many users rendered the high-end devices into not much more than ordinary mobile phones capable of only SMS and voice calls. Demands for RIM to open its encrypted network are not new. Almost two years I flagged on this blog similar requests to RIM from the Home Ministry in India, which at the time over Kashmir and arguably more so after the shocking Mumbai terrorist attacks late-2008, is fearful the Blackberry services and by extension, RIM mobile devices are used by terrorists.
UAE’s interest in controlling Blackberry communications appears to have a very different reason, even though it was publicly stated – unsurprisingly – that the need to monitor communications stems from national security concerns. For sure, as this Economist article flags, terrorists are using them in the UAE.
In January a team of suspected Israeli agents assassinated Mahmoud al-Mabhouh, a senior man in Hamas, the Palestinian Islamist group, in a hotel room in Dubai, the UAE’s commercial capital. The hit-squad’s members, like a Pakistan-based terrorist group which attacked hotels in Mumbai in 2008, are believed to have communicated securely using BlackBerrys, frustrating a police investigation that identified them by CCTV footage.
However, as this report by the human rights group Frontline notes, authorities are also clamping down on civil protest movements (smart mobs / swarms) organised using Blackberry communications.
At least four young activists in the United Arab Emirates (UAE) have been arrested or have been dismissed from their jobs after attempting to organise a peaceful protest march using BlackBerry devices, in response to increasing oil prices in the region. Other activists have been sought by the police in relation to their participation in the attempted organisation of the protest.
That terrorists use Blackberry’s is no excuse for the clampdown on the service writ large, or civil protest movements inconvenient to government, since the telos of this simplistic logic is a total blackout of all Internet, web and mobile communications networks, since they have all been used, or are used, for terrorism. On the other hand, although it will always and necessarily be subject to contestation in a democracy, governments have a right to legally tap into communications that it believes constitute a clear and present danger to public safety and security. And there’s the rub, for RIM does not allow this.
Or does it?
In what seems to be a historic reversal of company policy, RIM seems to have caved into demands to open up its encrypted communications on-demand. As this story in the Economist avers,
SOME sort of a deal seems to have been thrashed out over the weekend, according toreports from Saudi Arabia, under which its spooks will be able to snoop to their heart’s content on messages sent over BlackBerrys within the kingdom. All last week, as it negotiated with the Saudi, United Arab Emirates (UAE) and Indian authorities over their demands for monitoring, the smart-phones’ Canadian maker, Research In Motion (RIM), was dodging journalists’ demands for proper explanations about what exactly is negotiable about the phones’ security. The Economist asked five times in four days for an interview, and got nowhere. Other news organisations had a similar experience.
The responses that the Economist were able to elicit guaranteed security for BES – or the enterprise version of Blackberry – and NOT BIS, which in plain English, is what most customers of telcos sign up to As the article goes on to note,
First, all of the reassurances about message security seem only to apply to “enterprise” customers—large organisations that give BlackBerrys to their staff, and which route messages through a server on their own premises. RIM’s statement appears to make no promises to the millions of BlackBerry users worldwide who are contracted directly to a mobile-telecoms operator. Their messages are routed via RIM’s own servers, which are dotted around the world. Wherever RIM puts them, it has to comply with local authorities’ demands for access. It is reported that RIM has agreed to put servers inside Saudi territory, which would of course be under Saudi jurisdiction. Presumably the other governments demanding greater access to message monitoring will want something similar, since the company does say it co-operates with all governments “with a consistent standard”.
This is cause for concern not just for all of RIM’s customers, but specifically for Etisalat’s Blackberry customer base in Sri Lanka. As noted in the Economist,
Last year Etisalat, a mobile-phone firm controlled by the UAE’s government, sent an offer of a “software upgrade” to its BlackBerry users. According to RIM, it turned out to be, in effect, a piece of spyware that could pass on any messages sent from their BlackBerrys. As the company put it: “Independent sources have concluded that it is possible that the installed software could then enable unauthorised access to private or confidential information stored on the user’s smartphone.” Etisalat continued to insist it was only intended to improve the telephones’ performance.
Whether these ‘software performance upgrades’ are also delivered to customers outside of the UAE is a pertinent question.
The Centre for Policy Alternatives, where I am a Senior Researcher, released last week a comprehensive report on the freedom of expression online in Sri Lanka, the first of its kind looking at challenges to FOE on the internet, web and on mobiles in the country and also flagging international examples where governments, including those in the West, sought to contain and control online content. News of UAE’s ban on Blackberry and RIM’s ostensible capitulation came too late for inclusion in this report, but it does add to the concerns in it over increasing calls to scrutinise private communications through coercion (by using the closure of markets as a bargaining chip – India alone reportedly has one million Blackberry users) and extrajudicial means.
The UAE is not alone. Our powerful northern neighbour India has, allegedly, gone much further into encroaching RIM’s communications infrastructure. As first reported in The Economic Times,
Canada’s Research in Motion (RIM) has for the first time agreed to allow Indian security agencies to monitor its BlackBerry services, in an attempt to avert an outright government ban. The company has offered to share with security agencies its technical codes for corporate email services, open up access to all consumer emails within 15 days and also develop tools in 6 to 8 months to allow monitoring of chats, telecom department documents (dated August 2) available with ET show. In an internal note, the telecom department said RIM had agreed to come around, following serious pressure from the Indian government…
“After some persuasion, the (BlackBerry) representative agreed that they can provide the Metadata of the message ie the IP address of the BES and PIN & IMEI of the BlackBerry mobile. The concerned internet service provider can also tell the location of the services as well. From these information, the security agencies can easily locate the BES and obtain the decrypted message. They also stated that they have a setup to help the security agencies in tracking the messages in which security agencies are interested in,” the DoT’s internal note recording these meetings add.
As the Economist quips on this issue,
Given India’s tough line (unsurprising, given its terrorism worries), if it doesn’t get the “tools” to read messenger chats, then RIM may be shut out of a huge market; on the other hand, if BlackBerry services are not blocked in India in the coming months, this is bound to raise suspicions that its authorities have somehow gained (not necessarily from RIM itself) the means to read chats and other messages.
But are these concerns new, and does the open discussion of RIM’s alleged capitulation to the requests by the Indian and Saudi governments constitute progress – in that they are at least debated in the open, and not surveillance planned and conducted in total secrecy? As the Economist notes, the capabilities of America’s National Security Agency and its British counterpart, GCHQ in real life possible even exceed that which is portrayed by Hollywood in films like The Bourne Supremacy. It is easy here to get into an endless debate on the perceived hypocrisy of the West – promoting internet freedoms on the one hand, and monitoring almost all internet communications on the other.
What I concerns me more are the more immediate and physical implications for human rights defenders living in, or communicating with partners, colleagues, friends and family under repressive regimes. Nokia Siemens in Iran: Shame or all’s fair game for telcos? was a blog post I penned in 2009 on the sale of equipment to Iran by Nokia that enables the clampdown on, inter alia, the freedom of expression. At the time, Ben Roome, a spokesperson for Nokia Siemens who also commented on my blog, was on the defensive and made no reference to the provisioning of surveillance technologies to surveillance agencies in Iran. But this year, Barry French of phone company Nokia Siemens explained that they had provided Iran with lawful interception capability in mobile networks, but admitted the company committed an error providing active surveillance technology for monitoring centres.
If for example leading HR defenders, who rely on secure communications for their activism and advocacy, now find that some of these channels are compromised by local authorities, they risk even more their safety and security, as well as those they work and are in touch with. The issue here is not so much with the CIA, NSA or GCHQ listening in, but rather, the fact that their home governments – often the perpetrators of some of the worst human rights abuses – can listen in.
There is of course only one way this will go. Markets rule, and the overriding imperative to access and monetise new markets will trump the inflexibility of telcos (and in fact, ISPs) to open up their ‘secure’ networks. What HR defenders and activists must take from these emergent developments is that continuing education on how ICTs can be compromised, just as much as they can be secured and leveraged for activism, is no longer something they can brush aside.
Knowing, after all, is half the battle.
Updates
ICT for Peacebuilding (#ICT4Peace) 