United Arab Emirates announced on August 1st that it had failed to reach an agreement on data traffic with Research in Motion, maker of the BlackBerry, and would suspend messenger, e-mail and web-browsing services on BlackBerrys from October 11th. There are lots of smart-phones in the world that handle e-mail and web browsing; why pick on BlackBerry? From the UAE’s telecoms regulator:
BlackBerry data is immediately exported off-shore, where it is managed by a foreign, commercial organization. BlackBerry data services are currently the only data services operating in the UAE where this is the case.
Whenever you read about a dispute between a web-based service and a country, you need to ask yourself only one question: where is the server located? The conflict between Google and China came down to the conditions under which Google could locate servers in China. Closer servers offer a faster load-time, but servers on the Chinese mainland fall under Chinese law. WikiLeaks, as well, takes advantage of server law by routing all links through servers in countries with strong protections for whistleblowers and journalists.
Countries have two basic technical methods of controlling the flow of information over the internet. First, they claim legal jurisdiction over information stored on servers within their own borders. Second, they can read or block traffic moving through the choke-points where internet cables cross the border. Undersea cables bring the internet to the UAE at only two locations, and both of the country’s internet-service providers comply enthusiastically with an internet access-management policy, which means that the country can control whatever data reside within or arrive at its border. According to the Open Net Initiative, the emirates’ authorities passively read internet traffic and actively block access to sites that feature VoIP, pornography, gambling, terrorism, hacking skills, social networking, unorthodox views on Islam, posts critical to the UAE and anything under Israel’s top domain. (They also, curiously, block access to hitler.org.)
The problem, from the emirates’ perspective, is data that are neither stored in-country or readable as they cross the border. A virtual private network (VPN) encrypts data so they are only readable to the sender and recipient, and at no point in between. So last year the country began to monitor internet cafes for VPNs. (The sweep included checks for Skype and other VoIP services, which might explain why the country’s duopoly of telecoms providers is so enthusiastic.) So: server control, border control and regular sweeps for VPNs. The only loophole left was BlackBerry service which, like a VPN, encrypts its data to make them readable only on the device and at the server.
The BlackBerry, then, offers a way to get information to a server outside a country without having anyone inside that country read it. The key here is the location of the server; a country is generally happier when it has all servers in its own warm jurisdictional embrace. Expect to see this problem again. From Bloomberg,
BlackBerry services may be banned in India unless the Canadian company agrees to resolve security concerns, a government official with direct knowledge of the matter said July 29. India told Research In Motion to set up a proxy server in the country to enable security agencies to monitor e-mail traffic, according to three government officials, who declined to be identified as the information is confidential.