BlackBerry Decryption Key Held By Canadian Mounties, Report Says - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Cybersecurity

BlackBerry Decryption Key Held By Canadian Mounties, Report Says

Struggling smartphone maker BlackBerry has been dealt a major blow after court records revealed that the Royal Canadian Mounted Police has a copy of the company's global decryption key.

Encryption Debate: 8 Things CIOs Should Know
Encryption Debate: 8 Things CIOs Should Know
(Click image for larger view and slideshow.)

BlackBerry's reputation of secure devices once led to wide adoption of its devices among government officials, including President Obama. But now, court records reveal that the Royal Canadian Mounted Police have had a copy of BlackBerry's global decryption key.

According to a report on Vice.com, the Canadian Mounties have had this key since 2010. Such a key allows authorities to review encrypted messages passing through the company's BlackBerry Messenger (BBM) service.

However, it is likely that only consumer-grade smartphones are affected, because BlackBerry holds the decryption key for those, whereas the company offers enterprise clients the option to run their own network of devices and hold their own encryption key, notes Vice.

(Image: alexsl/iStockphoto)

(Image: alexsl/iStockphoto)

Nonetheless, the disclosure that the Mounties have the global key and that BlackBerry was assisting the Canadian authorities in a gangland murder case may hurt the struggling company's security reputation. It's not clear from the court records how the Mounties came into possession of the global encryption key, according to Vice, but it is noted in the documents that BlackBerry was lending a hand to the investigation.

"BlackBerry has always been associated as the most secure mobile device to own, and an information leak such as this is catastrophic for their image," Morey Haber, vice president of technology at security company BeyondTrust, told InformationWeek. "Every personal user of their technology can potentially have their messages decrypted without their knowledge, now that it is known that the decryption key is in the hands of third parties."

This revelation comes at a time when security and privacy issues involving smartphones are at the forefront, given the battle between Apple and the FBI. The federal agency was pressing Apple to build a backdoor to give authorities access to data on the iPhone belonging to one of the San Bernardino shooters. The FBI ultimately dropped that pursuit after it found a way to decrypt the iPhone with the help of a third party.

BlackBerry also prevailed in preventing Pakistan from forcing it to build a backdoor to its mobile operating system, but at the same time it has worked with other governments to gain access to users' information and data.

Are you prepared for a new world of enterprise mobility? Attend the Wireless & Mobility Track at Interop Las Vegas, May 2-6. Register now!

The company's stance is that it approaches "lawful access matters internationally within the framework of core principles." In providing certain governments access to users messages, it may have contributed to slower sales of its devices.

BlackBerry, which has been struggling in recent years, may have been well aware of this fact. Court documents show that the company and the Mounties challenged a judge's order to release more details about the relationship between the two parties, according to Vice.

While not clear how deep the relationship between BlackBerry and Canadian authorities goes, this disclosure will likely have an impact on BlackBerry well as the security industry at large.

"Any incident like this reduces people's faith in security companies delivering on their promises of providing robust encryption," said Maxim Weinstein, security advisor at Sophos, in an interview with InformationWeek. "I think you'll see security companies having to answer more questions than usual, in the coming weeks, about how they protect encryption keys and what they can or can't turn over to governments."

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Broadway0474
50%
50%
Broadway0474,
User Rank: Ninja
4/18/2016 | 9:51:35 PM
Re: Nothing new here
Someone's got to win. Obviously not RIM as the only way they get near the news is when their main selling point is proven to be nonexistent worse than we imagined.
jastroff
50%
50%
jastroff,
User Rank: Ninja
4/16/2016 | 12:09:15 PM
Re: Nothing new here
Interesting reporting -- makes me think again the technology security issues and the law are a zero-sum game -- nobody wins
melgross
100%
0%
melgross,
User Rank: Ninja
4/16/2016 | 9:46:35 AM
Nothing new here
It's been known for some time that RIM had given Saudi Arabia and India some way into their system. Lazaridis was giving an interview, and was then unexpectedly asked about the Saudi and Indian situation that had occurred shortly before. The incident in question was where authorities from both countries demanded a way in, or they would end sales in their countries. There was a standoff that suddenly ended. RIM claimed to have given up nothing, but sales resumed. When Lazaridis was asked what happened, he got angry, complained he didn't know about that question, and walked off. I've always believed that if nothing occurred, he would have said so. We now know, from what Chen said right after the dispute between Apple and the FBI occurred, that Blackberry will allow authorities into their phones with a "legitimate" warrent from any country. What legitimate means is anyone's guess. Chen said that the only thing Blackberry wouldn't give up was access to the BES servers and their NOKs. So, we do know that Blackberry gives this up. Pakistan wanted access to those, and that was what Blackberry denied, not access to their phones. It's possible that Saudi Arabie, India, and others, beside Canada, have their key. I would be surprised if it were otherwise.
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
How to Assess Digital Transformation Efforts
Lisa Morgan, Freelance Writer,  5/14/2019
Commentary
Is AutoML the Answer to the Data Science Skills Shortage?
Guest Commentary, Guest Commentary,  5/10/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
Slideshows
Flash Poll