George Gardiner wrote an editorial post on Oct 5th for IT Week noting the potential security / legal issues surrounding RIM’s Canadian-based data center that receives nearly all BlackBerry traffic to/from BlackBerry handhelds.
Having worked in the telecommunications industry, it came as no surprise that to learn that nearly all customers and carriers accessing or providing BlackBerry services are routed through RIM’s Canadian data center. George’s concerns centered around differences in privacy, security, and intercept laws between US, Canada, UK, EU, etc. (Original here, cached here)
This concern comes in stark contrast to the security and privacy offered by the BlackBerry handhelds. They almost all offer hardware-based 3DES encryption or AES encryption (AES is the current defacto), each handheld can encrypt ALL the content on the BlackBerry. Your data communications channel is encrypted back to RIM over your carrier’s network and your carrier likely has a dedicated data circuit connecting them directly to RIM’s data center.
The article suggests your data may be at additional exposure risk because it lives in a central point outside the control of your phone carrier’s control or your direct control and likely your country. Newsflash: Because your data is now in Canada it may not be as protected from interception as protections available in the US, UK, or EU. I read some interesting forum postings about the article, so I thought I’d pile on to the blog side of it.