[NewsPoster]

Canadian law enforcement has had backdoor access to BlackBerry devices, it has been revealed, with the Royal Canadian Mounted Police obtaining the global encryption key for BlackBerry devices since 2010. Information revealed in court documents relating to a murder involving a Montreal crime syndicate shows law enforcement as being able to intercept and read approximately one million PIN-to-PIN BlackBerry messages as part of an investigation.

Documents from the RCMP provided to the court confirmed the mass interception of encrypted messages, reports Vice News, and that it had access to this backdoor. The global encryption key in the RCMP's hands effectively allowed encryption for any BlackBerry messages sent between users to be broken, and was used to do just this. However, neither the RCMP nor BlackBerry confirmed the key itself was provided to law enforcement officials by the Waterloo-based company.

Notably, the key in question affected just BlackBerry Messenger and consumer-grade devices. BlackBerry's enterprise services did not use the same key, and so were protected from being accessed using the same key. Due to the widespread use of the global key, it is also unlikely that BlackBerry changed the key once the investigation into the case was over.

It remains unclear if authorities had direct access to the key itself. However, the possibility exists that the RCMP retains the ability to access the messages of its citizens using BlackBerry devices with relative ease. There is no word on whether the law enforcement agency actually did access other devices outside of the investigation, but it is noted both BlackBerry and the RCMP tried to keep the details secret for over two years.

The issue brought up in the report echo the requests of the FBI to get backdoor access to mobile devices for investigatory purposes. Despite FBI attempts to get access to a backdoor, Apple did everything it could to avoid providing such assistance, forcing the FBI to get help from other means.

Late last year, BlackBerry CEO John Chen attacked Apple and other tech companies for resisting against law enforcement requests over encryption. In the blog post, Chen suggests users needed to have more protection, while also rejecting "the notion that tech companies should refuse reasonable, lawful access requests." Notably, Chen insists Blackberry refuses to add backdoors to its services, and that it had exited markets "when the jurisdictional authorities demand access that would abuse the privacy of law-abiding citizens."

[Makosuke]

Thing with this--as is the case with any "master keyed" encryption--is that whether the RCMP actually had the key themselves, or it was just held by Blackberry who used it to decrypt things the RCMP provided to them, the key exists somewhere, and *someone* has access to it.

And if *someone* has access to it, someone can also steal it.

So let's say only Blackberry had the key, and they only allowed the RCMP to make requests to use it. What if one of the employees that had access to it was paid handsomely by, say, the Chinese government to sneak it out and provide it to them? What if the Russian mafia threatened his or her family for a copy of the key? What if a foreign spy or hacker managed to get access to it without being detected? What if a corporation intent on corporate espionage begged, cheated, or hacked to get their hands on it?

In any of these cases, nobody knows the key was stolen, if they keep their mouth shut nobody knows who has it, and *everybody* who relied on BlackBerry messaging as a secure protocol could have their communications spied on unless they were entirely on an intranet. A company could use it to spy on their competitors, a criminal enterprise could use it for blackmail or insider trading, a government could use it to catch dissidents or spy on other governments.

It's easy to assume no one who isn't supposed to have the key will, but if an unscrupulous organization--criminal, corporate, or governmental--really wants information, they could be willing to go to a great deal of effort to get it, and you'd have no way of finding out that they succeeded.

[PJL500]

The content of this post has been deleted by the moderator due to the constant use of foul language and continual references to grossly indecent acts.

[chimaera]

I had been rooting for BlackBerry to pull through. More smartphone competition helps everyone. But not after this.

both BlackBerry and the RCMP tried to keep the details secret for over two years.

It doesn't matter if BlackBerry handed over the key, did decryptions upon government request, or if a 3rd party provided the service. The fact BlackBerry worked to keep it secret for years means they sold out their users. The encryption was worthless, and the company behind it was as trustworthy as the encryption.

Companies that won't stand up for their customers don't deserve to have customers. People in repressive countries depend on communications privacy for their lives every day. Some things you can't just say "sorry" for after they happen. BB chose the easy way and either complied, or hid a critical software breech after the fact.

Let BB fold.

[sidewaysdesign]

It's hard not to compare the apparently uncompromised enterprise network vs. the commercial network to the "perfectly legal" offshore shenanigans revealed in the Panama Papers.

Given BlackBerry's current standing, thankfully, this will only be of immediate concern to a handful of people.

[Inkling]

Quote: "BlackBerry's enterprise services did not use the same key, and so were protected from being accessed using the same key." Oh yes, it wouldn't do to allow law enforcement to go after corporate, white-collar crime involving millions of dollars. Much better to focus on the little guy engaging in $100 crimes.