I’m having similar difficulty understanding Research In Motion’s statement in response to the news cascade following threats by the UAE and other countries to terminate its license to sell Blackberrys unless it’s more cooperative with government requests for surveillance.

Part of the confusion arises from the fact that we’re only seeing a small slice of a government-to-company negotiation — the public threat part — so exactly what’s being asked hasn’t been disclosed, and neither the government nor RIM have much incentive to say more.  And it’s hard to infer what’s on the table since the Blackberry is a Swiss army knife-style digital appliance — it makes phone calls, supports instant messaging, texts, and email — in communication both with other Internet users (including those without Blackberrys) and within a corporate environment.  When trying to figure out what RIM could share if it wanted (or were pressured) to, it helps to consider each service and environment separately.

So how does RIM’s public statement fit in?  Here’s the intro:

Due to recent media reports, Research In Motion (RIM) recognizes that some customers are curious about the discussions that occur between RIM and certain governments regarding the use of encryption in BlackBerry products. RIM also understands that the confidential nature of these discussions has consequently given rise to speculation and misinterpretation.

RIM respects both the regulatory requirements of government and the security and privacy needs of corporations and consumers. While RIM does not disclose confidential regulatory discussions that take place with any government, RIM assures its customers that it is committed to continue delivering highly secure and innovative products that satisfy the needs of both customers and governments.

Strong but vague so far — there’s a compromise to be struck, and RIM hopes to make the right one, bearing in mind the needs and interests of both its customers and its regulators.  It’s how the statement continues that’s puzzling, and to understand requires going from forest to trees for a bit:

Many public facts about the BlackBerry Enterprise Server security architecture have been well established over the years and remain unchanged. A recap of these facts, along with other general industry facts, should help our customers maintain confidence about the security of their information. …

• The BlackBerry security architecture was specifically designed to provide corporate customers with the ability to transmit information wirelessly while also providing them with the necessary confidence that no one, including RIM, could access their data. …

• The BlackBerry security architecture for enterprise customers is based on a symmetric key system whereby the customer creates their own key and only the customer ever possesses a copy of their encryption key. RIM does not possess a “master key”, nor does any “back door” exist in the system that would allow RIM or any third party to gain unauthorized access to the key or corporate data.

At last some specifics.  But they appear extremely selective.  The first bullet point above talks about the encryption of data between a handheld Blackberry and the server operated by RIM — a way station until the data finds its ultimate recipient.  (People intend to email each other, not RIM; the RIM server is just a way to route data from one person to another.)  So the first bullet point offers the assurance that the data can’t readily be accessed between the Blackberry user and the RIM way station.  Fair enough — such encryption is routine.  For example, those who use gmail in “secure” mode — these days it defaults to that — enjoy a similar protection.  No stethoscope gathering radio waves in between can easily decipher what’s going on.

OK, on to the next quoted bullet point, which suggests that once the data is in repose at the way station, even then RIM couldn’t access it.  But here there’s a qualifier: it’s the Blackberry “security architecture for enterprise customers.”  Enterprise customers is a term of art that means customers brought en masse under the umbrella of a corporate enterprise.  If Consolidated Widgets had previously had all its internal correspondence routed through a server in its own basement and wanted to farm that out, RIM could offer an “enterprise solution” where Consolidated Widgets would become its customer, and all of Widgets’s employees could be issued Blackberrys and corresponding email accounts.  In that case, promises RIM, email sitting on RIM’s server would still be inaccessible to RIM.  It’d be private between one sender and one recipient.

Why limit this feature to enterprise customers?  In part because encryption standards haven’t been widely enough deployed to support ready encryption between users without regard to the devices and platforms they’re using.  For me to send you an encrypted email that not even our respective email providers can access requires us to coordinate ahead of time on a standard.  For example, you might establish a key using the Philip Zimmerman’s legendary PGP (“pretty good privacy”) standard, and I could then use it to send you an email that only you can read.  But if you haven’t gone to that trouble, I’m stumped.

That’s not RIM’s fault, but it might make misleading a statement intended to address the overall surveillance controversy — a statement that on a quick read suggests that Blackberry email users enjoy utter secrecy, when in fact it’s necessarily only talking about “enterprise” users who are emailing each other under a single corporate umbrella.  With that understood, the last line of the RIM statement offers much less assurance than it might seem to the average Blackberry user:

RIM assures customers that it will not compromise the integrity and security of the BlackBerry Enterprise Solution.

If the BlackBerry Enterprise Solution is but a subset of what we think of when we think about Blackberrys — namely, intra-corporate stuff — then the fact that it’s assured it both little threat to a government like UAE, which is no doubt concerned about communications and organizing among citizens outside a single corporate environment, and little solace to those very citizens.  And that’s why our questions to RIM should stick to apples in cheeks rather than changing the subject to balls in hands: what assurances can be made about cooperation with government surveillance requests outside corporate intranets?  The assurances need not be without exception to be reasonable — but the parameters of whatever accommodation is reached should be made public.

I welcome correction if I’m misunderstanding RIM’s attempt to dispel misunderstandings.  …JZ

UPDATE 8/5/10: Bruce Schneier has written on the topic here.

Companies rarely share information about the cyberattacks they experience — conventional wisdom has it that it makes the company appear vulnerable, and drives customers away.  Here Google is open about the attacks, while of course assuring readers that it had tightened security as a result.  Google then links these attacks to a lessening of enthusiasm for doing business in China.  Eliminating censorship in google.cn is only mentioned after that.

Suppose the Chinese government acts as expected and tells Google that it may no longer operate in China.  Google.cn might vanish as a domain name, since it’s hosted under the Chinese country-code TLD of .cn, ultimately controllable by the Chinese government.  But the search engine found there could of course keep operating from a different location, like cn.google.com.  Suppose then that China attempts to filter out traffic to and from that new location — and to and from google.com for good measure, as it has done from time to time, especially before the advent of google.cn and its agreement to censor.  (We’ll be watching for such moves at herdict.org, a site where users can report Web blockages.)

What next?  My hope, and expectation, is that Google engineers who might have been a bit halfhearted about implementing censorship mandates in google.cn could be full-throttle in coming up with ways for Google to be viewed despite any network interruptions between site and user.  There are lots of unexplored options here.  They’re unexplored not because they’re infeasible, but because most sites would rather not provoke a government that filters.  So they don’t undertake to get information out in ways that might evade blockages.  Here, Google would have nothing more to lose, so could pioneer some new approaches.  Circumvention of filtering (or other blockages, for that matter) tends to happen on the user side of things, seeking out proxies like the Tor network, or anonymizer.com.

To be sure, many of the larger benefits of operating in China originally cited by Google four years ago — exposing the citizenry to services beyond those locally grown and monitored; engaging them beyond the “China Wide Web” to which some government officials aspire to limit them; and gaining market share that can create momentum and support for later loosening of restrictions — may attenuate.  Google.cn is less known and used than, say, the local Baidu search engine, which boasts about 60% market share.  That share is about to get even bigger.

But drawing a line is both the right move and a brilliant one.  It helps realign Google’s business with its ethos, and masterfully recasts the firm in a place it will feel more comfortable: supporting the free and open dissemination of information rather than metering it out according to undesirable (and capricious) government standards.

That’s it.  Its presence on a poster advertising the OpenNet Initiative’s academic book Access Controlled was enough to deem it prohibited by UN security forces at the Internet Governance Forum, who are shown in these videos removing the poster from the room over the objections of OpenNet colleagues Ron Deibert and Rafal Rohozinski.  Computerworld has a writeup here.

As Ron says: “If we cannot discuss topics about Internet censorship and surveillance policy at a forum about Internet governance then what is the point of something like the IGF?”

If you’re finding there are Web sites you can’t access, please consider filing a report at Herdict — or downloading the toolbar.