BlackBerry Offers Glomar, 'Bad Guys Got Caught,' In Non-Comment On Canadian Law Enforcement's Full Access To Encrypted Messages

from the 'in-conclusion,-Blackberry-is-a-land-of-contrasts' dept

Tue, Apr 19th 2016 11:43am — Tim Cushing

BlackBerry has finally responded to Motherboard's story on the Royal Canadian Mounted Police's apparent full access to encrypted communications -- something that hinted the RCMP may have been given BlackBerry messaging's "Golden Key." Sort of. It's mostly an indirect Glomar followed by a statement that confirms something people already know.

BlackBerry still has not commented directly to Motherboard or VICE News on the specifics of the investigation, but CEO John Chen published a blog post on Monday addressing the report in broad strokes… very broad strokes.

[...]

“Regarding BlackBerry’s assistance,” Chen wrote instead, “I can reaffirm that we stood by our lawful access principles. Furthermore, at no point was BlackBerry’s BES server involved.”

BES is BlackBerry Enterprise Server -- the only option available where customers can lock BlackBerry out of access to communications. With BES, encryption keys are set by users, which means BlackBerry can no longer decrypt messages using its global PIN encryption key. Notably, this option is only available to corporate or government customers. Everyone else gets vanilla encryption, which can be decrypted by BlackBerry for law enforcement. Or, as appears to be the case in Canada, the key can be handed out to law enforcement agencies, allowing them to decrypt at will… because there's only one encryption key for all non-BES users.

According to BlackBerry CEO John Chen, the ends justify the means he pointedly won't be discussing in detail.

We have long been clear in our stance that tech companies as good corporate citizens should comply with reasonable lawful access requests.

[...]

This very belief was put to the test in an old case that recently resurfaced in the news, which speculated on and challenged BlackBerry’s corporate and ethical principles. In the end, the case resulted in a major criminal organization being dismantled.

BlackBerry continues to play both sides of the equation, providing "regular" users with less secure communications while claiming to be the "gold standard" in encrypted communications -- a privilege it only extends to some of its customers, unlike Apple or Google, which provide encryption to all of their customers.

The company has nothing to offer customers in the way of assurances, but it does seem to be going out of its way to soothe the nerves of law enforcement officials frustrated by smartphone encryption. It may make a big deal about its fight against Pakistan and its demands for access (Chen highlights this in his blog post), but it seems less than likely to go to bat for a majority of its users when faced with overreach by more "acceptable" governments.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoor, blackberry, canada, encryption, glomar, john chen, key, rcmp
Companies: blackberry

14 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

I.T. Guy, 19 Apr 2016 @ 11:52am

"This very belief was put to the test in an old case that recently resurfaced in the news, which speculated on and challenged BlackBerry’s corporate and ethical principles. In the end, the case resulted in a major criminal organization being dismantled."

As well as dismantling the public's trust in Blackberry. Good going John. Weren't those the funny little devices with the minuscule keyboard? I've seen one once or twice... before all Execs wanted iPhones.
[ link to this | view in chronology ]
sman88, 19 Apr 2016 @ 12:13pm

Blackberry is still around????
[ link to this | view in chronology ]
- Anonymous Coward, 19 Apr 2016 @ 12:28pm
  
  Re:
  was still around...
  
  After this, the very small spec representing BlackBerry has now disappeared in a small puff of smoke.
  [ link to this | view in chronology ]
Anonymous Coward, 19 Apr 2016 @ 12:29pm

Chen wrote instead, “I can reaffirm that we stood by our lawful access principles. Furthermore, at no point was BlackBerry’s BES server involved.”

In other words, governments and corporations can have secrets, while private citizens are not allowed that luxury.
[ link to this | view in chronology ]
Trin (profile), 19 Apr 2016 @ 2:55pm

Here's hoping this particular key gets released into the wild.

That would be a pretty strong argument for encryption that isn't backdoored (or has 'golden keys that only the good guys will use').
[ link to this | view in chronology ]
Ben (profile), 19 Apr 2016 @ 3:13pm

Server Server?
"BES Server" <==> "Blackberry Enterprise Server Server"

Brought to you by the redundant Department of Redundancy.
[ link to this | view in chronology ]
Ben (profile), 19 Apr 2016 @ 3:23pm

Really?
Or, as appears to be the case in Canada, the key can be handed out to law enforcement agencies, allowing them to decrypt at will…
Really? So, this is like the FBI using the one gut wrenching "because Terrorism!" case to show a need to crack an iPhone and be handed a tool to crack all iPhones (and then they would have it in their tool chest without needing to get one of those pesky warrant thingies for the "next" one).

...and since one government agency is just a part of the government, it means that effectively all government agencies would have it (like the NSA wouldn't be able to get it from the FBI if it wanted it?)

So, in Canada, it probably means *all* law enforcement agencies would have the non-BES key available, with no need to go to the courts (or Blackberry) to get permission. I thought Blackberry was stupid, but I didn't think they were *that* stupid. At least with keeping it to themselves, they would have a revenue stream from the requests for decryption.
[ link to this | view in chronology ]
- Padpaw (profile), 20 Apr 2016 @ 4:24am
  
  Re: Really?
  5 eyes means all of the US agencies will get it as well.
  [ link to this | view in chronology ]
anon, 19 Apr 2016 @ 6:15pm

Bye Bye, Blackberry. The nail is on the coffin and the hammer is raised.
[ link to this | view in chronology ]
Robert (profile), 19 Apr 2016 @ 11:43pm

Won't buy Blackberry
I won't buy a blackberry now. And I really wanted one
[ link to this | view in chronology ]
Anonymous Coward, 20 Apr 2016 @ 9:44am

Furthermore, at no point was BlackBerry’s BES server involved.”

Because ALL blackberry models pump data directly to the RCMP's server via their IP address*

*Includes but not limited to:

Text messages, documents (including contents), pictures of your wife's boobs, dick pics, personal and business emails, contact details, bank passwords (as they're typed into Bank apps - BB OS has detection code to known when running BofA and HSBC app etc).
[ link to this | view in chronology ]
Anonymous Coward, 20 Apr 2016 @ 9:46am

BES loaded - text message is being typed...

I think we should blow up ...message interrupted...

RCMP says "are you SURE you want to commit this terrorist act?"

continues typing the waving tube man and put it outside the car salesroom....
[ link to this | view in chronology ]
Tim, can you "say that again" in regular English, , 20 Apr 2016 @ 10:27am

WTF is "an indirect Glomar"?
Are you trying to say that RIM "indirectly" built a huge salvage ship, which they claimed was for deep-sea research, but was actually intended for use by the CIA to secretly recover a foundered Russian nuclear sub in the mid-Pacific?

If not, I have no idea what you were trying to say at the end of your first paragraph.
[ link to this | view in chronology ]
Anonymous Coward, 21 May 2016 @ 7:38am

BES
Pronounced B S
[ link to this | view in chronology ]