December 2, 2015 - Comments Off on Blackberry’s Pakistani “Security” Exit
Pakistan's insistence on complete and total access to the personal data of its citizens will see Blackberry ceasing operations by the end of 2015. In July of this year the Pakistan Telecommunication Authority (PTA) demanded that the Canadian smartphone and enterprise service company, which has operated in Pakistan since June 2005, be given complete and unfettered access to its encrypted Blackberry Enterprise Services. Demanded ostensibly on security grounds, this access would permit the PTA and other authorities to eavesdrop on confidential and encrypted communications between customers of the BES. If Blackberry did not meet this demand, the PTA insisted, then it would be shut down by November 30, 2015.
November 30 has come and gone, with Blackberry refusing to hand over access to the Pakistani government, which will now result in their departure from Pakistan. Although the deadline has now been extended to December 30, the company has said that it will leave Pakistan entirely, rather than compromise its customers' data. The rise of Android, iOS, FirefoxOS and other smartphone operating system platforms has resulted in a dramatic loss of market-share for Blackberry, formerly Research in Motion (RIM). Blackberry's ES, as well as its popular Blackberry Messenger (BBM) service, still remains in demand by military, government and business personnel, due to a marketed reputation for strong security.
Marty Beard, the CEO of Blackberry, wrote a blog post on the Pakistan situation, explaining that the demand by the PTA was not, in their eyes,
“a question of public safety; we are more than happy to assist law enforcement agencies in investigations of criminal activity. Rather, Pakistan was essentially demanding unfettered access to all of our BES customers’ information. The privacy of our customers is paramount to BlackBerry, and we will not compromise that principle.”
Laudable as that may sound, Blackberry has been able to offer concessions under pressure in the past. 2013 saw it permitting the government of India to monitor its servers – after much push and pull on the matter – and it cooperated with British police to investigate the number of BBM users that were alleged to have taken part in, and coordinated, the London Riots in 2011, thanks to the messaging app. In order to operated in Russia and China in 2007 and 2008 respectively, furthermore, RIM handed over security permissions to the state telecoms of each country. It has also offered concessions in regards to bans and the threats of bans by Saudi Arabia, the UAE and other restrictive Gulf nations As an article by Techcrunch that looked at Blackberry's Pakistani departure has suggested however, these examples took place pre-Snowden, and perhaps the whistle-blowing revelations lead to a shift in encryption practices.
The Pakistani Context
Blackberry's approach to encryption and the data of its users may be inconsistent, but of far greater concern is that of the behaviour of the Pakistani state. Long before the terrorist attack on the Army Public School in Peshawar in December 2014, Pakistan's security and intelligence agencies have been in pursuit of greater legislative and technological means of enhancing their surveillance. The leaks earlier this summer of data belonging to the Italian spyware manufacturer Hacking Team revealed that private sector representatives (working on behalf of Pakistani government intelligence agencies) were attempting to purchase software suites that were designed for stealth infiltration of smartphones, computers, etc.
Post-Peshawar 2014, saw the implementation of the National Action Plan, an umbrella plan that essentially allows for civil liberties to be secondary to national security. In the context of the NAP, the Prevention of Electronic Crimes Bill 2015, which the Electronic Frontier Foundation has said “gives new meaning to the world draconian”, is being vigorously promoted by the government as a panacea to tackle cybercrime, terrorism, and online harassment. In truth, however, the PECB does little in the way of tackling these concerns, and instead promotes total surveillance, the potential criminalisation of the rights to privacy and freedom of expression, under overly broad political language that could easily be subject to abuse.
The problematic approach of Blackberry aside, what we have seen here is an attempt to demand complete access to user data by the government, even before the PECB has even been made law. It sets a troubling precedent that could discourage tech industry growth and investment in Pakistan, in addition to violating international treaties regarding human rights.
Written by Adnan Chaudhri
Published by: Digital Rights Foundation in Blog