Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Mac News > Royal Canadian Mounted Police had BlackBerry encryption key since 2010

Royal Canadian Mounted Police had BlackBerry encryption key since 2010
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Apr 14, 2016, 05:17 PM
 
Canadian law enforcement has had backdoor access to BlackBerry devices, it has been revealed, with the Royal Canadian Mounted Police obtaining the global encryption key for BlackBerry devices since 2010. Information revealed in court documents relating to a murder involving a Montreal crime syndicate shows law enforcement as being able to intercept and read approximately one million PIN-to-PIN BlackBerry messages as part of an investigation.

Documents from the RCMP provided to the court confirmed the mass interception of encrypted messages, reports Vice News, and that it had access to this backdoor. The global encryption key in the RCMP's hands effectively allowed encryption for any BlackBerry messages sent between users to be broken, and was used to do just this. However, neither the RCMP nor BlackBerry confirmed the key itself was provided to law enforcement officials by the Waterloo-based company.

Notably, the key in question affected just BlackBerry Messenger and consumer-grade devices. BlackBerry's enterprise services did not use the same key, and so were protected from being accessed using the same key. Due to the widespread use of the global key, it is also unlikely that BlackBerry changed the key once the investigation into the case was over.

It remains unclear if authorities had direct access to the key itself. However, the possibility exists that the RCMP retains the ability to access the messages of its citizens using BlackBerry devices with relative ease. There is no word on whether the law enforcement agency actually did access other devices outside of the investigation, but it is noted both BlackBerry and the RCMP tried to keep the details secret for over two years.

The issue brought up in the report echo the requests of the FBI to get backdoor access to mobile devices for investigatory purposes. Despite FBI attempts to get access to a backdoor, Apple did everything it could to avoid providing such assistance, forcing the FBI to get help from other means.

Late last year, BlackBerry CEO John Chen attacked Apple and other tech companies for resisting against law enforcement requests over encryption. In the blog post, Chen suggests users needed to have more protection, while also rejecting "the notion that tech companies should refuse reasonable, lawful access requests." Notably, Chen insists Blackberry refuses to add backdoors to its services, and that it had exited markets "when the jurisdictional authorities demand access that would abuse the privacy of law-abiding citizens."
     
Makosuke
Dedicated MacNNer
Join Date: Aug 2001
Location: California
Status: Offline
Reply With Quote
Apr 14, 2016, 06:23 PM
 
Thing with this--as is the case with any "master keyed" encryption--is that whether the RCMP actually had the key themselves, or it was just held by Blackberry who used it to decrypt things the RCMP provided to them, the key exists somewhere, and *someone* has access to it.

And if *someone* has access to it, someone can also steal it.

So let's say only Blackberry had the key, and they only allowed the RCMP to make requests to use it. What if one of the employees that had access to it was paid handsomely by, say, the Chinese government to sneak it out and provide it to them? What if the Russian mafia threatened his or her family for a copy of the key? What if a foreign spy or hacker managed to get access to it without being detected? What if a corporation intent on corporate espionage begged, cheated, or hacked to get their hands on it?

In any of these cases, nobody knows the key was stolen, if they keep their mouth shut nobody knows who has it, and *everybody* who relied on BlackBerry messaging as a secure protocol could have their communications spied on unless they were entirely on an intranet. A company could use it to spy on their competitors, a criminal enterprise could use it for blackmail or insider trading, a government could use it to catch dissidents or spy on other governments.

It's easy to assume no one who isn't supposed to have the key will, but if an unscrupulous organization--criminal, corporate, or governmental--really wants information, they could be willing to go to a great deal of effort to get it, and you'd have no way of finding out that they succeeded.
     
PJL500
Junior Member
Join Date: Jun 2011
Status: Offline
Reply With Quote
Apr 14, 2016, 08:05 PM
 
The content of this post has been deleted by the moderator due to the constant use of foul language and continual references to grossly indecent acts.
     
chimaera
Dedicated MacNNer
Join Date: Apr 2007
Status: Offline
Reply With Quote
Apr 14, 2016, 09:00 PM
 
I had been rooting for BlackBerry to pull through. More smartphone competition helps everyone. But not after this.
both BlackBerry and the RCMP tried to keep the details secret for over two years.
It doesn't matter if BlackBerry handed over the key, did decryptions upon government request, or if a 3rd party provided the service. The fact BlackBerry worked to keep it secret for years means they sold out their users. The encryption was worthless, and the company behind it was as trustworthy as the encryption.

Companies that won't stand up for their customers don't deserve to have customers. People in repressive countries depend on communications privacy for their lives every day. Some things you can't just say "sorry" for after they happen. BB chose the easy way and either complied, or hid a critical software breech after the fact.

Let BB fold.
     
sidewaysdesign
Fresh-Faced Recruit
Join Date: Feb 2011
Status: Offline
Reply With Quote
Apr 14, 2016, 10:06 PM
 
It's hard not to compare the apparently uncompromised enterprise network vs. the commercial network to the "perfectly legal" offshore shenanigans revealed in the Panama Papers.

Given BlackBerry's current standing, thankfully, this will only be of immediate concern to a handful of people.
     
Inkling
Grizzled Veteran
Join Date: Jul 2006
Location: Seattle
Status: Offline
Reply With Quote
Apr 15, 2016, 03:18 PM
 
Quote: "BlackBerry's enterprise services did not use the same key, and so were protected from being accessed using the same key." Oh yes, it wouldn't do to allow law enforcement to go after corporate, white-collar crime involving millions of dollars. Much better to focus on the little guy engaging in $100 crimes.
Author of Untangling Tolkien and Chesterton on War and Peace
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 06:24 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,