Recent news reports have presented somewhat contradictory analysis of government plans in the United Arab Emirates (UAE), Saudi Arabia, and other countries to block the use of BlackBerry smart phones as a form of pressure on Research in Motion, BlackBerry's Canadian manufacturer. All the reports agree that these governments feel RIM has made at least some BlackBerry messages too private and secure, but reports disagree about how private they actually are and exactly what RIM is being asked to do.
Many observers have noted that we're likely to stay in the dark about some of these details. As Jonathan Zittrain put it, "we're only seeing a small slice of a government-to-company negotiation — the public threat part — so exactly what's being asked hasn’t been disclosed, and neither the government nor RIM have much incentive to say more." We particularly appreciate the analyses of the situation from Prof. Zittrain and our former colleague Danny O'Brien at the Committee to Protect Journalists. Both emphasize that only a portion of BlackBerry communications are really strongly encrypted: those sent through BlackBerry's business-oriented BlackBerry Enterprise Service, but not those sent through the ordinary BlackBerry Internet Service. (Of course, all BlackBerry users — and other smartphone users — can optionally use other encryption tools to protect themselves. The subtle distinction between BES and BIS is just one reminder that users need to be skeptical about exactly what kind of protection they're getting. It also raises concerns that Blackberry's recent statements that fail to differentiate between the products may be misleading a large number of their customers — we believe Blackberry should immediately clarify this).
In any case, the UAE government's rhetoric that it must have a backdoor into all communications is very alarming. It reminds us of the situation here in the United States during the 1990s, when the Federal government repeatedly sought to keep strong cryptography out of the general public's hands and to put U.S. government backdoors into communications products. We often call that time the "crypto wars." During them, the civil liberties and business communities fought to make sure Americans would be allowed to use the best available privacy tools to protect their communications. EFF was heavily involved in the crypto wars, litigating the Bernstein case to protect programmers' rights to publish encryption software. Ultimately the government dropped plans like the Clipper Chip that would have been a backdoor into Americans' communications and dramatically reduced the government regulations that stood in the way of Americans getting strong cryptography in their tools.
Today, the crypto wars often feel like ancient Internet history. We all use strong cryptography every day to protect our privacy and security, whether we see it or not, and the picture is getting brighter in many ways as more web sites and services support the routine use of encryption.
But the UAE government position seems like 1995 all over again, with government officials insisting that some privacy tools are just too secure to let the public use them.
Press reports also suggest that UAE officials have compared their announced restrictions to "lawful intercept" laws (like the U.S. Communications Assistance for Law Enforcement Act) that force communications carriers to provide wiretapping assistance to government officials. But those laws have never forbidden users from using their choice of encryption software or forced carriers to block any communications, domestic or foreign, because of how they were encrypted or who had the keys. So millions of people in every country routinely use strong cryptography to protect their communications at home or when they travel.
The UAE's and Saudi Arabia's announced restrictions are particularly scary because it seems that the same rationale will lead to government blocks on all sorts of other communications — from web mail to virtual private networks — that those governments deem too private and secure. They also show that the right to use encryption technology to protect privacy needs to be defended all around the world. Quite possibly, the crypto wars never ended.