Robin Wilton

In chaos theory, the saying was that a butterfly flaps its wings on one side of the world, and sets off a storm on the other. These days, it’s a humble BlackBerry which seems to be causing a rumbling chain of storm-fronts from one country to another. I read today that India is the latest country to threaten to ban BlackBerry devices unless RIM provides it with the means to intercept encrypted messages.

While it’s tempting to look at the list of countries which followed the UAE’s BlackBerry-banning lead and write them off as fragile, autocratic regimes interested only in using the ‘counter terrorism’/national security argument as a pretext for suppressing their own citizens, that would be simplistic. The fact is that this tension between government access (whether for law enforcement purposes or not) and encrypted communications traffic is neither new, nor unique to the Middle East and South Asia.

In olden days (well, the 90s), when I was providing technical pre-sales support for IBM’s cryptographic hardware products, the US government classified those products as “controlled munitions” – subject to the same export restrictions as military lasers, cluster bombs, ‘stealth’ paint, and so on. It was a heady thought for a young geek, but the shine soon wore off through frequent, dulling contact with bureaucratic make-work. (As a side-note – as the US slowly eased its export restrictions in the mid-90s, I became the first person to hold a public product briefing seminar on IBM cryptographic hardware products… in Moscow. In fact, the first-ever Internet search “hit” on my name returned a document written entirely in Russian except for the words “Robin Wilton”, “IBM” and “4755″. That surprised a few people, I can tell you…).

Neither were US export regulations the only hurdle. For instance, at the time (and I am out of date as to whether this is still the case) the government of Singapore insisted that telecomms traffic passing through it (for instance, from a bank’s Nikkei trading team in Tokyo to its head office in Europe) could not do so encrypted. The French government imposed restrictions on cryptographic products being imported (their import was considerably speeded up if the end user agreed to lodge the master keys in escrow with the French authorities…).

In other words, there is nothing new about government policy being used to attempt to control the distribution and use of cryptographic technology, and there is nothing new about technological advances creating new discomforts for policy-makers. In fact, I’m sure there were people blogging exactly the same points when the mass-produced, destructive and easy-to-use crossbow started to displace the good, honest but almost un-usable longbow.

I hope I haven’t generated the expectation of a simple answer, because there isn’t one. The problem of matching the policy interface, on one hand, with the technology interface, on the other, is a perennial and constantly-changing one. All I will say is, it is also a two-way problem: it is unrealistic to expect every country to have the same political opinion about whether or not a particular innovation is “acceptable” – whether it’s the anti-personnel mine or the mini-skirt; by the same token it is also, I think, unrealistic to expect a single technology implementation to ‘fit’ in all countries, jurisdictions, societies and cultures. The only constant, here, is that technology changes faster than culture can.

Those countries railing against the use of BlackBerries, Google, Skype, Twitter and the like may look, from the outside, as though they are trying to catch the wind in a fishing net, but they control the legislature and, ultimately, the means of enforcement. Conversely, RIM appear to be sticking firmly to the line that “The BlackBerry enterprise solution was designed to preclude RIM, or any third party, from reading encrypted information under any circumstances“, and that it will not modify that architecture to suit the wishes of individual governments.

If both sides remain intransigent, neither will win. For instance, imagine the economic impact on Bangalore’s high-tech communities (and the global market they serve) if all those web-based services are banned… and imagine the impact on RIM if they are locked out of some of the planet’s largest and fastest-growing markets.

The politics of encryption are such that we may never get the full details of what is agreed, or who blinked first – but a showdown is always exciting to watch.

1 Comment »

Category: Uncategorized     Tags:

Share

Tweet