Research in Motion has been in the news a lot over the last few days. Last week, the news broke that the governments of the United Arab Emirates and India threatened to suspend service to RIM customers in their countries because of alleged threats to national security. I was quoted in today\u2019s USA Today about this unfolding story.But let us be clear: the \u201csecurity problem\u201d that officials in these governments were citing had nothing to do with actual security. As we have written about extensively, the BlackBerry device is well-designed from a security perspective. Its cryptography modules are FIPs-certified, and all of its communications are encrypted using industry-standard algorithms. We have called the BlackBerry the \u201cgold standard\u201d of secure corporate devices and continue to stand by that assessment.The security issue these two governments \u2013 and more recently, the governments of Saudi Arabia,\u00a0Indonesia\u00a0and Lebanon\u00a0\u2013 have is that they cannot decrypt the traffic that passes through RIM\u2019s servers, making it impossible to monitor e-mail and messaging coming from or to devices inside their countries. In short, rather than being insecure, the RIM devices are too secure (Mr. Orwell, white courtesy phone...).\u00a0Political judgments aside, this story shows just how important traffic and content analysis has become for national governments\u00a0\u2013 and how strong encryption will continue to be an important tool for those who wish to evade these controls. (See the Tor project\u00a0for an example of \u00a0how far some will go to guarantee their anonymity online.)When I spoke with USA Today, the reporter asked me, \u201cWhy is all this happening now?\u201d While it would be inappropriate for me to speculate about the motivations of sovereign nations, perhaps the better question is \u201cWhy RIM?\u201d It\u2019s worth stepping into the Hot Tub Time Machine and reviewing a little history.The BlackBerry was introduced in 1999 as a two-way pager on steroids. Back then, TCP\/IP over GSM (and other wireless networks) was just a pipe dream. RIM implemented a\u00a0system by which all traffic is collected from the mobile networks of the sender, funneled through RIM servers and then routed back onto the recipient\u2019s mobile networks and pushed to the handset. In essence, RIM \u2013 rather than the Interwebs \u2013 provided the routing capabilities needed to ensure that mail and messages are delivered. That was necessary, and worked well, when Internet data plans were not universally available.\u00a0It gave BlackBerry instant push e-mail and guaranteed delivery. And critically, it was a competitive advantage that no other wireless vendor had.From the standpoint of national security, a \u201cbonus\u201d of this centralized approach was because RIM controls the keys that encrypt traffic to and from consumer (non-BES) devices,\u00a0governments like the US had a central point of accountability. They could simply compel RIM to deliver unencrypted data for reasons of national security under the authority of laws such as the US\u2019 CALEA statute. The exact details of the arrangements RIM has made with the governments of the US and Canada have never been disclosed, but it is generally understood that these governments have this ability. In the case of BlackBerry devices tied to corporate BES servers, companies rather than governments hold the keys, so interception isn\u2019t possible in the ways that it is with consumer BlackBerry devices.However, RIM\u2019s centralized model is now a weakness because smaller governments like the UAE are now demanding the same rights that US and a few other sovereign governments reputedly enjoy.This is a no-win situation for RIM. If they refuse the UAE (or the Indian, Saudi, Lebanese and Indonesian governments), they lose customers. If they cave in, where does it stop? There are 175 more national governments that might want the same privileges.\u00a0More to the point, if they cave in, they will weaken their reputation for security with enterprise buyers, even those with BES servers not otherwise susceptible to interception. How comfortable would you be, as an IT security manager, if you suspected\u00a0(even erroneously) that e-mail could be intercepted by a half-dozen, or many, sovereign governments? Not very.This story shows how one of RIM\u2019s historical strengths \u2013 namely, its own proprietary delivery network for delivering e-mail and messaging \u2013 is now turning into a weakness.\u00a0Ultimately, RIM should dismantle its centralized delivery network for its consumer devices and move to a decentralized model, where (1) the Internet provides the routing and (2) centralized communications monitoring is much more difficult. That is what Microsoft and Apple, in essence, do today because the devices connect directly to company servers rather than through a single service provider. There is no way national governments could tap encrypted iPhone or Windows Mobile traffic even if they wanted to, short of approaching each company directly. Whereas in the RIM case, they have just one throat to choke.Decentralized encrypted communications is made possible by the universal availability of TCP\/IP data networking on top of cellular networks. There is nothing stopping RIM from switching to a model like this, and they probably should. Otherwise, it is going to be Death by 1000 Cuts from every government that wants to intercept BlackBerry traffic.Mike Lazaridis, the co-CEO of RIM, said in today\u2019s Wall Street Journal: \u201cEverything on the Internet is encrypted... If they can't deal with the Internet, they should shut it off.\u201d Indeed, the same could be said about RIM\u2019s proprietary delivery network.Andrew Jaquith will be speaking at Forrester's Security Forum, September 16-17, 2010 in Boston, MA.