BlackBerry CEO denies global encryption key compromised
BlackBerry is the “most secure” mobile platform and will comply with “reasonable lawful access requests for customer data, the company’s boss has said.
CEO John Chen made the statements clarifying the company’s position on encryption and aiding law enforcement following revelations by Motherboard that Canadian police were able to intercept and read encrypted BlackBerry messages during an organised crime investigation.
Describing BlackBerry’s take on recent debates about how much access governments should have to service and hardware providers’ encryption systems, Chen writes that “we have long been clear in our stance that tech companies as good corporate citizens should comply with reasonable lawful access requests. I have stated before that we are indeed in a dark place when companies put their reputations above the greater good.”
That’s an obvious dig at Apple, which has consistently refused to help the US intelligence and law enforcement services by developing a method of breaking its own phones’ security, as well as the many companies that have supported their position, including Microsoft and Google.
Chen’s statement further implies that the Royal Canadian Mounted Police (RCMP) didn’t have direct access to BlackBerry’s message encryption key: “Regarding BlackBerry’s assistance, I can reaffirm that we stood by our lawful access principles. Furthermore, at no point was BlackBerry’s BES server involved. Our BES continues to be impenetrable – also without the ability for backdoor access – and is the most secure mobile platform for managing all mobile devices.”
That runs contrary to Motherboard’s claim that court documents indicate the RCMP had access to BlackBerry’s global encryption key, used for all non-corporate BBM messages – corporate users running their own BlackBerry Enterprise Server can define their own messaging encryption key.
Motherboard refers to court documents, part of a 2010 investigation into a mafia killing, which state that the RCMP maintains a server in Ottawa that “simulates a mobile device that receives a message intended for [the rightful recipient]” and “performs the decryption of the message using the appropriate decryption key.” The judge later summarised this, saying that “by resorting to the global key, the RCMP was able to decrypt the intercepted messages.” Other details have been sealed, so it’s impossible to conclusively use them to establish whether the police had access to the global key or were helped by BlackBerry to move the suspects they were monitoring onto a dedicated BES server which they controlled.
The court documents are reportedly partially sealed, meaning that it’s unlikely more precise details of the interception method will come to light.
However, both users and service providers have a growing concern with ensuring that private messages remain private, as evidenced by the recent popularity of high-security end-to-end encryption systems such as Open Whisper System’s Signal protocol, which is now a feature of WhatsApp as well as the Signal messenger.
