When BlackBerry went to New Delhi

BlackBerry must comply with Indian law. India needs a new debate on privacy.

Yes, terrorists can use anything to communicate with each other, plan attacks and help carry them out.

Hafiz Mohammed Saeed can write letters, in code, and send it by post to his sleeper agents in India. He probably does that. But not all means of communications are alike in their ability to help terrorists carry out attacks. A terrorist with a satellite phone with real-time voice and data connection is far more dangerous than a terrorist who carries letters in his pocket. So the argument that terrorists can use anything to communicate is not a valid counter to the argument that government agencies can prevent, investigate and prosecute terrorists better if they are capable of intercepting or blocking real-time communications.

For instance, there is a reasonable argument that the damage to life and property in Mumbai during the 26/11 attacks might have been lower if the terrorists had been denied access to real-time communications, from satellite phones, to cellular phones to broadcast television. There is also a reasonable argument that the ability to intercept the phone calls made by the terrorists plays an important role in prosecuting them in courts of law and in courts of public opinion. India’s law enforcement agencies have had the ability to tap your phone for ages, but apart from the odd political scandal, it is difficult to build a case that this has somehow led to the infringements of the rights of ordinary citizens.

The current debate over Blackberry’s messaging system must be placed in this context. The ongoing discussion between the Indian government and Research In Motion (RIM), the Canadian company that provides BlackBerry services, involves two inter-related issues.

First, whatever might be RIM’s values, business practices and corporate policies, its business in India is governed by Indian law. The contention that “no one else has a problem with our service” is no defence—India has security considerations that might be peculiar to it, and as long as the requirements are constitutionally legitimate, RIM must comply. It is disingenuous to conflate the legitimate authority of a constitutional democracy—imperfect as India’s is—with that of the demands made by totalitarian or authoritarian states. The two are morally and practically different. [See this editorial in the Globe and Mail].

RIM could insist—as it has just done—that it is not treated any differently from others in the field, but it cannot get away with the excuse that its corporate policy overrides the rule of law in India.

Second and the more important issue is for India to establish due processes to determine just who, under what circumstances and under what checks and balances gets to actually block or intercept communications. A national debate over digital privacy, powers of government and mechanisms for redressal is now urgent, as the Indian economy and society become ever more reliant on communications networks.

It is clear that citizens need greater, more credible safeguards. It is also clear that the government needs to be more capable of addressing threats that arise from advances in communications technology. What is not clear is whether the political establishment sees these as priorities worthy of wider public deliberation. The usual practice of passing legislation without adequate parliamentary debate is neither likely to reassure citizens of their rights nor offer new ideas to law-enforcement agencies.

This blog has consistently argued against blunt measures like banning telecommunication services, even and especially in insurgent & terrorist affected areas. Governments must learn how to operate in an information-rich, networked world. Therefore, to the extent that the Indian government’s threat to block BlackBerry services is a device to press RIM to better co-operate with the law-enforcement agencies, it is tolerable. Such a threat is credible only if it can hurt both the government itself and RIM. This appears to be the case.

However, it would be a serious mistake if the government were to make such a ban permanent. Not because India needs the BlackBerry, but because the underlying rationale is self-defeating.

13 thoughts on “When BlackBerry went to New Delhi”

  1. The government seems to think that privacy doesn’t matter at all! It’s not the fact that they’re asking Blackberry to hand over their keys that irritates me. It’s the fact that the government has not even had a debate over whether or not there are alternatives and what is acceptable or not.

    The chances of me dying in a terrorist attack are lower than being hit by lightning. This doesn’t justify the loss of privacy of millions of citizens.

    We need a sense of perspective here. Using the excuse of “National security” to scare people, the government is just pushing policies through that infringe on civil liberties.

    If the terrorists have made us give up our privacy, then they have already won.

    1. Who says the government’s has not had a debate? Indeed they have, and if you’ve followed the news, the decision to block BlackBerry from end-August was taken after a debate involving several government agencies & ministries. They have had that debate, which should reduce your irritation.

      There’s a moral and social difference between death by lightning and death by terrorist attack. There are no externalities to your death by lightning, but there are externalities to your death by terrorist attack. That’s another way of saying other than your loved ones, no one is affected if lightning strikes you dead…but lots of people are affected if a terrorist were to shoot you dead. Because there is an externality, trying to stop it is a justified. The privacy concerns of 1 million BlackBerry users are outweighed by the security concerns of all 1.14 billion of us, if the two come into direct conflict.

      The terrorists don’t care about your privacy, the bit about them winning when you lose your privacy is just a cliche.

      1. There are certain freedoms that are more important than the lives of people. Which is why our freedom fighters were willing to give up their lives for it.

        What’s the meaning of a free country if the government can spy on citizens? Do you trust the government to do their spying responsibly? Is there a legislative act to protect privacy?

    2. Give your previous comment about probabilities, I suppose what you really mean is:
      “There are certain (of my) freedoms that are more important than the lives of (other) people.”

      But yes, you must think deeply about some of them. Others, you can Google.

  2. You know who the bloody terrorists are. You can tap their conversations all you like. If the communication is scrambled, you can always disrupt it. These numbers are registered. These are real people. If the problem is that bogus ID’s are proliferating, then prosecute the fools who gave those SIM cards’

    However, if the law enforcement is looking to finger entirely new suspects, then overhearing a conversation is not going to do any good. Even ordinary goondas can invent very innocuous sounding code language.

  3. “Nobody else has a problem with our service” is certainly a lie. Last week, when I was in Chennai, my Blackberry services did not work. I read on the net then that China has allowed email/Enterprise services only for corporate users. China almost came to banning Blackberry before a truce was worked out.

  4. Who we going to blame if any other terrorist attack happen with the help of technical equipments like blackberry. Is blackberry own that responsibility. I afraid they wont. Privacy of indians are necessary but not at the expense of our security. Yes GOI does need more sophisticated and smart technology to deal with technological threats but until then these measures are the only way out. Even in USA where individual privacy is a big issue, gov has technology to tap or monitor the blackberry conversations. As acorn correctly mentioned,terrorists have lots of ways to communicate with each other but does it mean that we give them one more only because of our ‘privacy infringement’ paranoia.

  5. As with lots of commentary on this issue, this piece displays an alarming lack of understanding about the BlackBerry architecture.

    Firstly, RIM is not saying no one else has a problem with its service. Sure, quite a few repressive regimes do have a problem and that is common knowledge. Of the 175 countries where BlackBerry is used, the only countries that have a problem are mostly repressive regimes and India. Nice company for us to keep.

    Secondly and more importantly, the Indian government has a problem with BlackBerry Enterprise Server (BES), which is only used by organisations (both private and government) and needs a physical server and other enterprise communications infrastructure at the user organisation (e.g. Infosys). BIS, the version that consumers use, is only scrambled and not encrypted, and can easily be hacked into. However, business communication needs to be secure and is often encrypted, as the BlackBerry enterprise system is, with the key only available at the BES and the device on that BES. But VPNs, and heck, even Gmail and your Internet banking transactions also leverage encryption. The Indian software services and ITeS industry leverages encryption to transfer data.

    Going by the logic used against BlackBerry, everything should be banned, because the government can’t snoop on most of this communication. How do we know that terrorists haven’t set up a dummy BPO and are using encrypted data on a VPN to communicate, because if they have the capabilities to set up a BES and use it, they definitely can use VPNs.

    Since the blog mentions that the loss of precious life during the Mumbai attacks could have been lower if the terrorists didn’t have access to communication, I wonder how monitoring BlackBerry or any device would have made an iota of a difference there. In the case of the Mumbai attack, many reports spoke of how the terrorists grabbed mobile phones from victims and called their handlers. Security agencies could have used jammers, but that would have prevented even victims using mobile phones from communicating with the outside world and providing valuable information. The terrorists used mobile phones and even if the actual almost-illiterate terrorists didn’t know, their handlers would have known voice calls would be monitored–but I doubt they cared, secure in the knowledge that Pakistan would never act against them.

    And also, BES is always used in conjunction with a mail server. So, mail is always replicated on the mail server. It’s not some independent network that bypasses everything else.

    RIM has made it clear that it does not have the capability to give the government back-door entry into BES, because that’s the way BES is built. So, BES will most likely be banned. The real issue here is–does India Inc. have a right to communicate and conduct perfectly legal business in a manner that is confidential and secure or does everything have to be open to snooping? If the latter is the case, on Aug 31 we can pretty much kiss goodbye to our software services and BPO sectors. And of course, quite a lot of our business communication will be wide open to attacks by hackers (and no prizes for guessing from where) because our communication is no longer securely encrypted.

    Plus, Gmail and Skype are next. What fun!

    1. Like Ivor I am surprised at the focus on BES. It seems to be the most unlikely mechanism for terrorists to operate using, in an ad-hoc basis. Of course a group of individuals who want to have a more well established secure mechanism to communicate will have the time and means to invest in a BES account.

      The whole thing with BES feels a bit fishy though, as if some vested interests were at play.

  6. RIM’s objections seem to be regarding Enterprise customers who send business secrets encrypted on the BBM network, which is a legitimate business objection — that would remove a lot of the value provided to RIM’s enterprise customers.

    The current RIM official stance does not seem to indicate they have any objections to granting access in the case of terrorism or criminal activity.

    Quote from relevant WSJ article:

    RIM also insisted in the statement that carriers only be permitted to grant access to BlackBerry traffic in the “context of lawful access and national security requirements as governed by the country’s judicial oversight and rules of law.”

  7. >>There are certain freedoms that are more important than the lives of people.

    This argument is not incorrect, Comrade Park, but caveats apply. If governments must value rights above loss of life at all, it can’t be innocent life but that of terrorists. Which is why security forces must hunt terrorists down and bust their arse for good; the commie/Islamist noise about “fake encounters” notwithstanding.

  8. RIM/Blackberry in India is toast anyway with India’s 3G/4G spectrum in the hands of the telcos, and with cheap ipad-like devices. These 2 events will ensure internet penetration possibly rivaling India’s mobile growth. RIM and Crackberry are in serious trouble – whether they have their way or not is of academic interest.

Comments are closed.