BlackBerry’s Supposed Security Takes a Hit; Canadian Police Intercepted Over 1 Mn Messages Sent Over BBM
Blackberry may no longer be one of the top tech companies, but it kept a hold of the title of being the most secure mobile operating system, favored by the governments and the corporate sector thanks to its security features. All of this reputation that Blackberry has earned around security is going to change now that the results of a joint investigation by Motherboard and Vice have been revealed.
RCMP stated that it had obtained "the key that would unlock the doors of all the houses of the people who use the provider's services, and that, without their knowledge."
How did the Canadian Police get BlackBerry's global decryption key
The investigation found out that the Canadian Police have been in possession of a Blackberry master key since 2010. The report says that the Royal Canadian Mounted Police (RCMP), the country's federal police agency, used the key in a criminal investigation between 2010 and 2012 to intercept over 1 million BlackBerry messages sent using the encrypted, "secure" BBM service. It is still unclear who exactly provided the key to the Canadian Police, as BlackBerry is yet to give an official statement.
According to the reports, government lawyers have been fighting to keep the information out of public record for over 2 years, and the discussions are heavily redacted in the court documents. But BlackBerry was involved in the case, as the documents reveal that the witnesses from both the "RCMP and BlackBerry testified that revealing BlackBerry’s encryption key would be, in short, bad for business."
[...] while neither the RCMP nor BlackBerry confirmed that the cellphone manufacturer handed over the global encryption key, and both fought against a judge's order to release more information about their working relationship, the Crown prosecutors admitted that the federal police service had access to the key.
Canadian carrier Rogers also assisted the RCMP in the investigation. While neither BlackBerry nor the RCMP is ready to say how the Police obtained the global key to encrypted BBM messages, documents confirm that the police keep a server in Ottawa to stimulate a mobile device receiving messages meant for the intended recipient. Once received, the "BlackBerry interception and processing system decrypts the message using the master-key." The key is termed so powerful that "it could be used to “illegitimately” decipher any “prerecorded communications encrypted with that key.”
In the latest Apple's battle with the FBI over encryption, several tech companies sided with Apple saying that government's ability to get access to users' devices without warrants and without their knowledge will affect user privacy and security too. However, BlackBerry's CEO had actually alleged Apple for locking out the law enforcement.
BlackBerry is in a unique position to help bring the two sides of this debate together, to find common ground and a way forward. BlackBerry’s customers include not only millions of privacy-conscious consumers but also the banks, law firms, hospitals, and – yes, governments (including 16 of the G20) – that use our products and services to protect their highest value resources every single day. We stand as an existence proof that a proper balance can be struck.
We can't say how the law firms and the non-Canadian government customers of BlackBerry would feel about the latest revelations. The privacy experts have said that the RCMP may still have the ability to read anyone's encrypted BlackBerry messages, without them having any knowledge about this intrusion.