Quick Summary of the long post below: NOTHING HAS CHANGED. RIM has not agreed to anything new and the government has not got anything out of RIM apart from lessons in how technology works. This is just a face-saving exercise for all parties concerned.

Full Post: When the ‘breaking’ news started hitting the wires, that Canadian company Research in Motion (RIM) had conceded to the Indian government’s demand to allow "monitoring" of blackberry services, I was stunned. There is no way RIM could have agreed to this because a) It would be suicidal for their global business and b) in certain cases they themselves don’t have the ability to decrypt data ie. the encryption key lies with the customer and not RIM. (For a simple explanation of this basic cryptography principle, read the double-lock solution here).

I quickly dialed a source in RIM who by now was pulling hair out and said something on the lines of "I don’t know who’s more challenged – your government or your media". When I prodded the source a bit, I was told that the devil is in the detail of the Home Ministry’s statement:

"RIM has made certain proposals for lawful access by law enforcement agencies and this would be operationalised immediately. The feasibility of the solutions offered would be assessed thereafter," a Home Ministry statement said.

Apparently all that RIM told the government as part of these "certain proposals" is that if the GoI wanted to monitor BES (Blackberry Enterprise Service) in India, they should approach the individual customers who have these servers on their premises and get the encryption keys from them. RIM’s extent of ‘co-operation’ with the government will probably be just in providing the physical whereabouts of all such servers. There is still no solution to the original problem of BES servers of companies that reside outside India and there is still no way for the government to get access to this data. Actually, let me clarify – they CAN get/intercept the data – its just that it will be in a scrambled (encrypted) format that they will not be able to crack without a key. So, once again, two people using foreign-purchased Blackberries within the sovereign territory of India, can continue to freely exchange email via their respective BES servers (outside India) and there is still nothing the Indian government can do about it.

Installing "servers" within India are of no consequence in the case of BES. The reason why IT managers like RIM’s solution is that the encryption key resides solely with the client company and all data leaves its premises encrypted. It’s only when it hits a non-encrypted email service that is needs to be unscrambled, but not when it’s being exchanged within the same company’s network. There are a number of freely available closed loop encryption services where data is never decrypted by anyone except the sender and recipient and nearly all of these are accessible from India.

Of course there’s nothing that the government can do about a number of other encrypted email services out there or the increasing number of mobile apps that allow even voice traffic to proceed in completely encrypted format. But somehow, the Blackberry has become the whipping boy. The problem is in Indian law itself. Deeming that any service encrypted higher than 40-bits is unlawful (without permission), is effectively stating that the Internet as we know it, cannot function in India for all practical purposes. If Indian ISPs were to follow this law strictly, they’d either have to individually block every Hushmail – like service out there which is practically impossible, or block the flow of ALL encrypted data (including legitimate e-commerce, online banking, e-trading etc). It’s akin to asking ISPs to block ALL pornographic material online, which obviously they’ve not been able to and are thus technically violating their ISP license conditions, and by logical extension, the law of the land, as we speak.

My colleague Sandeep Gurumurthi, currently ET Now’s corporate editor in Delhi, broke this story over 2 years ago. Another 60 days for this farce to continue, I guess …

Cross-posted at technoholik.com