BlackBerry trades on the security of its platform; but new information has revealed that this platform is not nearly as private as it advertises. Vice News has published an investigative report detailing a secret programme by the Royal Canadian Mounted Police (RCMP) to intercept and decrypt messages sent over BlackBerry Messenger.
Technical information about the secret programme surfaced during the trial of several individuals accused of a gang related murder. The prosecution produced messages sent between the accused that proved their parts in the crime. The defence questioned the validity of the messages as there was no mentioning of where the evidence came from – and thus, no way to tell if they were accurately collected.
Known as Project Clemenza, the programme allowed the RCMP to read over a million private messages sent from the encrypted BBM service. It turns out that the federal investigators had managed to obtain the global encryption key used by BlackBerry to secure messages sent by users.
At this point, the RMCP refused to reveal where it got the encryption key from. Similarly, BlackBerry declined to comment on how the investigators managed to decrypt so many of its messages. However, BlackBerry CEO John Chen has been up front about his willingness to cooperate with law enforcement agencies in the right situations. It could just be that a gangland murder happens to be the right situation.
The issue at the moment is that the RCMP is now able to read any BBM message that it happens to intercept; which isn’t too difficult considering the tools available to law enforcement agencies. Crown attorney Robert Rouleau told a judge in an ex parte hearing that he is just as vulnerable to the surveillance as anyone else.
It should be noted that while the RCMP apparently has the global encryption key for BBM, this does not allow it to read messages sent over the BlackBerry Enterprise Service. BES allows corporate entities to create their own private communications network – with its own private encryption key.
The RCMP had had originally fought to keep the existence of Project Clemenza from being disclosed to the defence. However, the judge did not agree that the information needs to be secret and ordered all information revealed during the trial. Despite this, the global encryption key itself has remained secret to prevent it from entering into public record and jeopardise millions of BBM users.
BlackBerry’s apparent willingness to cooperate with law enforcement agencies stands in stark contrast with Apple’s stance against the FBI. CEO Tim Cook has fought the US justice system’s order to unlock the iPhone 5C belonging to a terrorist. While that case has passed now that the FBI has managed to unlock it on their own, it is only a matter of time before another case appears.
In this age of privacy concerns, BlackBerry’s willingness to share its global encryption key may end up hurting its reputation as a secure communications platform. Which is really the only thing that the company has going for it these days.