NEWS ANALYSIS: Reporters citing court filings in Canada say that the company provided assistance to the RCMP in decoding messages in a criminal case.
Canada’s federal police force, the Royal Canadian Mounted Police, has been decrypting BlackBerry Messenger messages since 2010, according to papers uncovered in a joint investigation conducted by Vice News and Motherboard following a two-year fight by government lawyers to keep that information from being released.BlackBerry has long pointed to its supposedly unbreakable encryption for BBM. Now it appears that the company only had one encryption key for most of its individual users, and that the company kept the key.
The RCMP was able to begin decrypting messages after the company shared the key with the police agency.This may not be the only time that BlackBerry has shared its encryption key with governments.
During the same period of time, the company reached agreements with governments in India, Pakistan, the United Arab Emirates and Indonesia after being threatened with expulsion from the countries involved when the national police couldn’t find a way to break BlackBerry’s encryption.
In each case, the threats went away after meetings between those national governments and BlackBerry executives.”If all of this is true, it’s clearly a black eye,” said Jack Gold, principal analyst at J.
Gold Associates. “BlackBerry has been known forever for its security.”
Gold noted that enterprises using BlackBerry Enterprise Services may not have been affected, since those organizations have the ability to create their own encryption keys.
“But if you’re a BBM user because you thought it was secure, then it’s not,” Gold said. “This obviously is not good.”It’s unclear how broadly BlackBerry encryption is compromised.
BlackBerry stopped providing its private network, BlackBerry Internet Services, to most users around the same time as it apparently helped the RCMP get into the encryption.
At one point, older devices used BlackBerry’s network as the pathway for email as well as for BBM messages. Whether that service used the same encryption key as BBM isn’t known.RCMP’s access to a BBM encryption key presents a clear parallel to demands by the U.S.
Department of Justice and the FBI that tech companies, including Apple, help them break the encryption of mobile devices and email messages.
The apparent difference is BlackBerry’s willingness to work with law enforcement.
BlackBerry is based in Waterloo, Ontario, Canada.U.S. tech firms have been publicly less cooperative with requests from the FBI to help bypass encryption on mobile devices.
Apple began encrypting the contents of its iPhone devices following a series of scandals in which the personal information and photos of celebrities were leaked and released on the Internet.