BlackBerry's reputation of secure devices once led to wide adoption of its devices among government officials, including President Obama. But now, court records reveal that the Royal Canadian Mounted Police have had a copy of BlackBerry's global decryption key.
According to a report on Vice.com, the Canadian Mounties have had this key since 2010. Such a key allows authorities to review encrypted messages passing through the company's BlackBerry Messenger (BBM) service.
However, it is likely that only consumer-grade smartphones are affected, because BlackBerry holds the decryption key for those, whereas the company offers enterprise clients the option to run their own network of devices and hold their own encryption key, notes Vice.
Nonetheless, the disclosure that the Mounties have the global key and that BlackBerry was assisting the Canadian authorities in a gangland murder case may hurt the struggling company's security reputation. It's not clear from the court records how the Mounties came into possession of the global encryption key, according to Vice, but it is noted in the documents that BlackBerry was lending a hand to the investigation.
"BlackBerry has always been associated as the most secure mobile device to own, and an information leak such as this is catastrophic for their image," Morey Haber, vice president of technology at security company BeyondTrust, told InformationWeek. "Every personal user of their technology can potentially have their messages decrypted without their knowledge, now that it is known that the decryption key is in the hands of third parties."
This revelation comes at a time when security and privacy issues involving smartphones are at the forefront, given the battle between Apple and the FBI. The federal agency was pressing Apple to build a backdoor to give authorities access to data on the iPhone belonging to one of the San Bernardino shooters. The FBI ultimately dropped that pursuit after it found a way to decrypt the iPhone with the help of a third party.
BlackBerry also prevailed in preventing Pakistan from forcing it to build a backdoor to its mobile operating system, but at the same time it has worked with other governments to gain access to users' information and data.
The company's stance is that it approaches "lawful access matters internationally within the framework of core principles." In providing certain governments access to users messages, it may have contributed to slower sales of its devices.
BlackBerry, which has been struggling in recent years, may have been well aware of this fact. Court documents show that the company and the Mounties challenged a judge's order to release more details about the relationship between the two parties, according to Vice.
While not clear how deep the relationship between BlackBerry and Canadian authorities goes, this disclosure will likely have an impact on BlackBerry well as the security industry at large.
"Any incident like this reduces people's faith in security companies delivering on their promises of providing robust encryption," said Maxim Weinstein, security advisor at Sophos, in an interview with InformationWeek. "I think you'll see security companies having to answer more questions than usual, in the coming weeks, about how they protect encryption keys and what they can or can't turn over to governments."