BUSINESS STRATEGY

ASSIGNMENT ON RIM
BLACKBERRY

Submitted To: Submitted By:

Prof. S.V. Bidwai Prateek Debnath
09BS0001640
 Research In Motion (RIM)
Research In Motion (RIM) is the designer and manufacturer of the award-winning BlackBerry®
smartphone, used by millions of people around the world. The company also creates software
for businesses and the operating system that allows the BlackBerry smartphone to provide
mobile access to email, IM, apps, media files, the Internet and more. The integration of
BlackBerry smartphones and software provides mobile access to email, applications and more.
It also allows virtual real-time communication, so you can stay in touch and up-to-date with the
people and things that matter most.

Research In Motion Facts

 Founded in 1984
 Headquartered in Waterloo, Ontario, Canada.
 Offices in North America, Asia-Pacific and Europe.
 Launched the BlackBerry smartphone in 1999.
 Led by Co-CEO Jim Balsillie and President.

The BlackBerry Ban Debacle

In the UAE: “The issue is against BlackBerry’s super-secure encrypted services”.

In India: “Indian officials say they need to be able to intercept BlackBerry messages.”

In Indonesia: “We don’t know whether data being sent through BlackBerry can be intercepted
or read by third parties outside the country.”

Background Info

There are two solutions for BlackBerry: 1) BlackBerry Internet Service and 2) BlackBerry
Enterprise solution.

The BlackBerry Internet Service is not necessarily that secure: Email messages and instant
messages that are sent between the BlackBerry® Internet Service and your BlackBerry device
use the security features of the wireless network. Messages that are sent between your
messaging server and the BlackBerry Internet Service are automatically encrypted if the server
supports SSL encryption. Other encryption mechanisms include PGP and S/MIME.
On the other hand, the security in the BlackBerry Enterprise solution is super strong. The
BlackBerry Enterprise Solution offers end-to-end encryption between the BlackBerry device and
the BlackBerry Enterprise Server (that resides at the enterprise’s premises) by using Advanced
Encryption Standard (AES) or Triple Data Encryption Standard (Triple DES).

The BlackBerry is not PKI-based but uses symmetric cryptography, meaning that there is a
master-key. In BlackBerry there is a unique master-key for each device and a per-message-key
that are dynamically generated. Messages are encrypted using the per-message key, and the
per-message key is in turn encrypted using the master-key. The master-key resides on the
device itself as well as inside the BlackBerry Enterprise Server (BES) that again resides at the
enterprise’s premises and not at the operator nor Canada or the UK RIM data-centers.

The “BlackBerry controversy”

Blackberry is the only handset that can elude the government of such a heinous act. It uses an
advanced encryption technique that Indian IT-rockstars can’t decrypt. Blackberry has already
been banned for few days in countries like UAE, Saudi Arabia, Indonesia for security reasons.
Blackberry Enterprise Service (BES) allows various enterprise agencies to send or receive data
without getting it hacked or tapped in between. Although when Blackberry interacts with other
handsets, it can be decrypted but when both the end-users use the same phone, decryption is
next to impossible.

The Government of India had asked the National Security Advisor to find a way to monitor
emails sent by Blackberry users in July 2008 itself.

This came after the Canadian company, Research in Motion (RIM) that runs the Blackberry
service refused to provide access as well is not ready to lower the encryption level as
demanded by the Indian agencies. RIM maintains that by agreeing to the demands of the Indian
agencies, the security of data will be compromised and could be easily hacked. The government
had also asked the company to set up a local server but that was rejected by the company.
While expressing its inability to share access, RIM had said that the security architecture for its
enterprise customers is based on a symmetric key system whereby the customers create their
own key and only they possess the copy of the encryption. Moreover, lowering the encryption
level, according to the company will enable hackers to hack into the network and steal
important business data. The company said that longer encryption protects important
transactions that are worth millions of dollars.
RIM does not possess a master key nor does any backdoor exist in the system that would allow
RIM or any third party to gain an unauthorised access to the key or corporate data, the
company had said, adding RIM, therefore, will be unable to accommodate any request for a
copy of a customer’s encryption key since at no time does RIM, or any wireless network
operator, ever possess a copy of the key. RIM has also alleged that the company is being singled
out by the government as several other companies are also providing the same service with
same level of encryption but being let off.
Recent News

India's government says it has withdrawn its threat to ban Blackberry services for at least two
months after the smart phone’s maker agreed under pressure to give security officials "lawful
access" to encrypted data. The country's interior ministry, which wants real time access to
corporate emails and instant messaging, said it would review Research in Motion (Rim)'s, the
Canadian makers of the device, proposals over the next 60 days.

It remains unclear precisely what concessions, if any, Rim agreed to in order to avert the ban,
which would hit about one million Blackberry users in the country."Rim has made certain
proposals for lawful access by law enforcement agencies and these would be operational zed
immediately," the ministry said in statement. "The feasibility of the solutions offered would be
assessed thereafter."

Critical Analysis

First, what all of the above means is that the issue against RIM is really against BlackBerry
enterprise users (i.e. businesses) and that the argument against the central network
architecture of the BlackBerry Infrastructure is really inconsequential since regardless of where
the central servers reside, across the globe or local to the country, they won’t be able to easily
break the symmetric encryption (remember, the master-keys don’t reside at the central data-
centers anyway).

So what this means is that the issue should not really be about the location of the servers
themselves, but the real issue here is obviously the requests by the respective governments to
monitor the messages themselves.

The next logical question is: “Must all services that cannot be intercepted must be discontinued
in those countries?”

RIM is in over 175 countries and even Obama uses RIM. And the world relies daily on Public-Key
cryptography and infrastructure for online transactions and secure messages. If governments
were to force a change that would break PKI or BlackBerry for that matter, that will be the end
of secure online transactions; you won’t be able to trust online purchases or share information
in a secure fashion. If governments can break into it, so will hackers.

Shutting down the BlackBerry services seems unlikely to me. Will RIM be forced to change their
architecture/infrastructure to satisfy these governments? Perhaps RIM should do a Google (as
when it pulled out of China).

And how is the market responding/treating RIM because of this debacle? “RIM’s Nasdaq-listed
shares [RIMM 53.39 -2.14 (-3.85%)] ended down 2.5 percent at $55.53 while its Toronto-listed
shares fell 4 percent to C$56.77. (CNBC.com) — and the ironic thing is that I bet you that those
same traders are BlackBerry users themselves who wouldn’t think about using their devices
without strong encryption.