updated 02:50 pm EDT, Tue August 10, 2010
Saudis may snoop directly on BlackBerry
RIM's plan to set up Saudi Arabian servers may have failed and led the company to allow direct spying on the phones themselves, sources claimed on Tuesday. Contacts said that servers as gateways for BlackBerry Messenger traffic at each of the Saudi carries was "impractical" and that RIM was instead supplying "codes" for BlackBerry phones sold in the Arab state. Whether these were IMEI numbers or something else wasn't clear, but the Reuters tipster said each carrier had a PIN and an associated set of codes for all BlackBerries attached to that PIN.
The Canadian company has so far declined to comment and would only insist that it accommodated security concerns in a "consistent standard" which treats all countries equally. To date, however, it has only set up servers in Canada and the UK, each of which is designed primarily to smooth out traffic and not to ease monitoring users.
Saudi officials at the Communications and Information Telecommunications Commission also didn't comment.
Access to the direct codes wouldn't necessarily equate to direct monitoring, as BlackBerries often use temporary encryption keys on either end of a given conversation. The codes, if just identifiers, would let officials identify particular phones and their claimed owners but wouldn't expose the traffic by itself. RIM co-chief Mike Lazaridis has likened it to a wiretap in Western countries, where a court order to allow access doesn't automatically involve decrypting content.
A concession of the sort could still be dangerous for RIM, as it has built up trust for maintaining privacy. Direct access could make the system less secure in Saudi Arabia than Android or iPhone devices and would open the door to other countries asking for similar treatment.