QC: RIM versus UAE
I’ll admit to being surprised by the amount of coverage this is getting but even so I’ll make a quick comment on the RIM versus UAE kerfuffle because there is a bit of misunderstanding out there, even from the security experts:
When people hear Blackberry they automatically think email, and the reaction is: that’s odd for UAE to take such a stand to sniff email. We know countries are pretty open about sniffing web browsing, but getting actual emails is usually a much more piecemeal process for countries. Perhaps it is little known but unlike most (consumer oriented) smart phones (iphone, Android) all Blackberry web browsing is encrypted and tunnels to a central RIM data center and then out on to the net. A few years ago when I would browse the web on my BB, all IP-Address-to-location mapping services would have me being in Canada (I am in SF). It’d be funny when you’d get to a page that says “Sorry this Service is not available in Canada,” and you’d think: why not? are these sites doing it just to kick Canada?
RIM has a NOC in upstate NY for US customers now.
This unique network architecture is a legacy of RIM’s enterprise focus and to it being early to the mobile data space (pre-WAP, even). One of the reasons for this architecture was in pre-3G days RIM could “magic process” the web traffic for the Blackberry (minimize the graphics, and otherwise rewrite the site) for a better browsing experience. This tunneling is probably completely unnecessary now from a performance standpoint and perhaps even deleterious.
The other reason was when selling into enterprises data security was, and still is, a big deal and a big selling point. I covered this more exhaustingly in my strategic overview of the wireless space here:
The fact that all web browsing is encrypted and tunneled back to a central RIM NOC was a big point when selling into the enterprise and government. This architecture allowed RIM to tell corporations: when your negotiating team is in Indonesia trying to close that deal with a quasi-government owned company you don’t have to worry about the local wireless carrier cooperating with your counter party to snoop your team’s mobile web traffic.
At this point you got to kinda feel sorry for poor RIM, as the handset market shifts to a consumer focus they have this architecture that is required for enterprise but hurts web performance on the consumer side. This will become even more pertinent in the future if you look at the conversation around 4G where the worry is, yes, throughput is fantastic, but latency and especially initial connection latency will really hurt perceived interactive web performance.
To make matters worse the expectations placed on RIM are different than those placed on their competitors. The perception is that if you blow your deal because of your web surfing on the iphone, well then you’re a just a dumb-ass, if you blow it because of web surfing on your Blackberry, well that’s RIM’s fault!
Compounded with this is RIM’s ability to charge those juicy monthly fees they bill through carriers for this data center magic is under constant pressure and erosion and they sure as hell don’t want to rock the boat any further by shifting all Blackberry web traffic through wireless carrier terminated IPs.
And even if RIM tried to walk consumers (those on that dismal BIS) away from the encrypted tunnel network architecture for performance reasons, they’ll get blasted by the industry/press for opening up their consumer’s traffic to snooping by an act of commission. This while their competitors sit by and watch the drama with their acts of omission.
The other question people brought up is: why focus on Blackberry traffic? The web browsing experience on a Blackberry is terrible, and this is reflected in the disparity between a web usage on Blackberries and those of iphone/Andorid. Users don’t browse the web at nearly the same rate on the Blackberry as users do on those other platforms, so the actual web traffic on Blackberries must be minuscule. But we all have a mental model of the bureaucratic decision making processes so its not much of a stretch to supose the UAE decision went something like this: we monitor the web, oh this iphone web surfing is really taking off let’s monitor that. Ok we are, what about other mobile devices? What about the Blackberry?.. err it’s tunneled to Canada (or to another extra-territorial regional NOC as they seem to indicate), well let’s force RIM to give us the feed…
Can’t a guy get a break around here?!?
No wonder the RIM co-founder is “pissed,” as reported by the nytimes.