BlackBerry: We're Here To Kick Ass And Sell Out Users To Law Enforcement. And We're (Almost) All Out Of Users.
from the thank-you,-sir!-may-I-get-you-another?-and-another? dept
Back in mid-April, it was discovered that Canadian law enforcement (along with Dutch authorities) had the ability to intercept and decrypt BlackBerry messages. This level of access suggested the company had turned over its encryption key to the Royal Canadian Mounted Police. BlackBerry has only one encryption key for most customers -- which it maintains control of. Enterprise users, however, can set their own key, which cuts BlackBerry out of the loop completely.
BlackBerry CEO John Chen -- despite publicly criticizing Apple for locking law enforcement out of its phone with default encryption -- refused to provide specifics on this apparent breach of his customers' trust. Instead, he offered a non-denial denial, stating that BlackBerry stood by its "lawful access principles."
The matter was left unsettled… until now.
A specialized unit inside mobile firm BlackBerry has for years enthusiastically helped intercept user data — including BBM messages — to help in hundreds of police investigations in dozens of countries, a CBC News investigation reveals.
This unit, which cracks open BlackBerries for nearly anyone who comes asking, is very proud of its work.
One document obtained by CBC News reveals how the Waterloo, Ont.-based company handles requests for information and co-operates with foreign law enforcement and government agencies, in stark contrast with many other tech companies.
"We were helping law enforcement kick ass," said one of a number of sources who told CBC News that the company is swamped by requests that come directly from police in dozens of countries.
Go team! While these sources remain generally upbeat about throwing customer privacy and security to the wind, the official word from the company is less enthused. In fact, it's nonexistent.
In response to questions from CBC News, a BlackBerry spokesperson said it "will not address the questions given the extremely sensitive nature of this process."
This unadvertised service is apparently so popular BlackBerry has streamlined the process. It offers government agencies a list of boxes to check for what kind of information they'd like retrieved from a phone (including the ominously vague "other"), as well as the option to declare any request "exigent."
It also asks that the requesting party sign off on some boilerplate saying the request is legal in the requester's country and that it is not being done to "control, suppress or punish… political or religious opinion."
Of course, BlackBerry is not a government agency so it really can't do anything if someone "perjures" themselves by signing the form and moving directly towards suppression, punishment, etc. The best it can do is not allow that entity to make any more requests. I'm guessing this almost never happens because the quoted sources seem like a bunch of overly-cheery do-gooders. Policing the police would require BlackBerry to second-guess the government entities it seemingly can't wait to assist.
"Narco trafficking, human trafficking, money laundering, kidnapping, crime against children, knowing you are stopping those things … how do you not love doing something like that?" said the insider.
Yup. [Insert whatever the Canadian equivalent of "'Murica!" here.]
In its hurry to help supposed good guys track down alleged bad guys, the Canadian branch of BlackBerry's "full give" operations is skirting around statutes meant to protect locals from inappropriate demands made by foreign countries.
Christopher Parsons, a research associate at the University of Toronto's Citizen Lab, who has studied the privacy practices of tech companies, is worried by the secrecy of BlackBerry's process and its potential for abuse.
[...]
He said BlackBerry is allowing foreign police to bypass the Mutual Legal Assistance Treaty, a diplomatic agreement that allows Canadian officials to review requests from foreign police and consider whether they are legal under Canadian law.
But, as Parsons points out, law enforcement agencies are probably thrilled to have someone on the inside willing to violate treaties with the drop of pre-printed form. Adhering to MLAT may result in significant delays, whereas approaching BlackBerry directly sets its team of super-secret gofers in motion immediately.
Of course, the major downside here is that very few criminals are likely still using BlackBerries. Most of the company's customers are enterprise users and they have the ability to lock down their phones so tight not even BlackBerry can get into them. But for all the panicked talk about going dark, BlackBerry's special ops unit says it's still surprised at how many criminals are unaware the company is basically the local PD at this point.
The nails were already in the coffin for BlackBerry. Each new exposure of its highly-proactive law enforcement assistance is only going to hasten the dwindling of its user base.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: blackberry, encryption, law enforcement, lawful access
Companies: blackberry
Reader Comments
Subscribe: RSS
View by: Time | Thread
I assure you, I will never own a Blackberry given the response here in this article.
I've heard a lot about corporations moving out over taxes and it keeps popping up in the back of my mind that taxes might just be the excuse for leaving. After all, if you're given a NSL, you can't talk about it but you can take action and lay claim to other reasons as the cause to move.
[ link to this | view in chronology ]
Blackberry will never learn
Blackberry will never learn. They will ride this horse all the way into bankruptcy. Then, when the company is history, they will blame some other factor for their own demise. This is all so predictable right now, so that fact that they have not learned at this point means they will never learn.
I wonder if the original success of Blackberry was related to its relationships with governments?
[ link to this | view in chronology ]
Re:
Nah, they won't learn a thing. If that was a learnable lesson for them, they would have learned it back when they were RIM after they got caught assisting oppressive governments in their efforts to spy on political dissidents and were unapologetic about it.
It was shortly after that when they lost their dominant market position.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
A police warrant is one that the police give themselves. You may as well not even have a warrant requirement if you're going to let the police write their own.
[ link to this | view in chronology ]
Re: Re: Re:
"Draw seven red lines, three with blue ink, two with green ink, and two with transparent ink, all perpendicular. Oh, and one of the lines must be in the shape of a kitten."
It is sad/amusing when people are so full of themselves that they think they can successfully order math around.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Hollywood accountants do it all the time.
[ link to this | view in chronology ]
"Not even BlackBerry"
[ link to this | view in chronology ]
Re: "Not even BlackBerry"
[ link to this | view in chronology ]
Re: Re: "Not even BlackBerry"
Some software has recently been moving to reproducible builds, which can provide strong evidence that the binary code and source code match (but doesn't rule out bugs or backdoors disguised as bugs, or bad design). BB, by contrast, might be making detailed technical claims, but I haven't seen anything that would "prove" it. Please link to such proof if you have it.
[ link to this | view in chronology ]
Re: Re: Re: "Not even BlackBerry"
[ link to this | view in chronology ]
Re: Re: Re: Re: "Not even BlackBerry"
Security and cryptography are hard, as has been demonstrated repeatedly. Even software written and peer-reviewed by brilliant people has been broken, whether there were intentional backdoors or not.
[ link to this | view in chronology ]
Blackberry story 6/13
[ link to this | view in chronology ]
Re: Blackberry story 6/13
Heck, I run my own mail server at home - $380/year in license fees - and it has Blackberry Enterprise Server built in. I can set my own key.
Though I'm no longer using a Blackberry.
[ link to this | view in chronology ]
"security"
[ link to this | view in chronology ]
Re: "security"
[ link to this | view in chronology ]
Re: Re: "security"
They've always viewed the user as an adversary. Their products are more locked-down than Apple's (at least Apple used to release some kernel source code).
[ link to this | view in chronology ]
Re: Re: Re: "security"
[ link to this | view in chronology ]
Re: Re: Re: Re: "security"
When there is Blackbery in the middle, giving your messages to the police on demand, there is no security. A secure messaging system ensure that only the sender, and intended can read the messages, and decide who to pass the contents onto.
[ link to this | view in chronology ]
Re: Re: Re: Re: "security"
[ link to this | view in chronology ]
Re: Re: Re: Re: "security"
This is simply untrue. If it's possible to Blackberry to give information about user communications or the data on the devices, then not only aren't their devices the most locked down, you can't even argue that they're locked down at all.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: "security"
People sometimes confuse this with security. Those marketing locked-down devices encourage such confusion.
[ link to this | view in chronology ]
Re: "security"
[ link to this | view in chronology ]
Re: Re: "security"
Six lines to hang him, etc.
I love the phones but not the way BB would throw me under the bus at the behest of malicious governments.
BB's contempt for its few remaining customers will be its undoing, and sending you on here to be a shill won't change that. Perhaps you could take this information back to CEO Chen?
[ link to this | view in chronology ]
Re: Re: "security"
Sorry, you were saying?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Cana-duh!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Secondly, all of your responses so far have shown that you know even less than my two year old grandson does about encryption.
Thirdly, get a life and stop supporting the viewpoint that all are guilty until proven innocent.
Nuph Said.
[ link to this | view in chronology ]
Everyone should have known this from India's demands
[ link to this | view in chronology ]
Re: Everyone should have known this from India's demands
Once they decided this I said there was no future for Black Berry and its all down hill from there.
The only question is the date on when they shutter. It's coming and we all will see it.
Sure they could save themselves, but that might be a risk they are not willing to take because they have to get out of bed with those corrupt regimens to do it. A lot of folk kill their lovers when they leave the bed and I am certain that if they left India that might happen.
[ link to this | view in chronology ]
Re: Everyone should have known this from India's demands
[ link to this | view in chronology ]
Re: Re: Everyone should have known this from India's demands
[ link to this | view in chronology ]
Then something happened and they got new administration which I would trust as much as any wall Street type.
[ link to this | view in chronology ]
Dear Government...
Please make us relevant again.
Signed,
Your Best Pal, BlackBerry.
[ link to this | view in chronology ]
Re: Dear Government...
[ link to this | view in chronology ]
Re: Re: Dear Government...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
What's that
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Blackberry is for the Leaders of the World
[ link to this | view in chronology ]
Laundering
[ link to this | view in chronology ]
Re: Laundering
[ link to this | view in chronology ]
Going out of business sale!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Very biased article
[ link to this | view in chronology ]
Re: Very biased article
Not all countries have trustworthy judges. There are plenty of totalitarian governments, and plenty of democracies with corrupt judges.
Which is why U.S. law prohibits the likes of Apple, Facebook, and Google from intercepting communications on behalf of foreign agencies. And it's why Canada is party to the Mutual Legal Assistance Treaty, a diplomatic agreement that allows Canadian officials to review requests from foreign police and consider whether they are legal under Canadian law.
BlackBerry is allowing foreign police to bypass the process, with BlackBerry being the one that makes that decision, as opposed to the Canadian government.
> For all the people who think their privacy is violated, have you committed any crimes? If you have not committed crimes I am not clear how you can be worried about anything.
Seriously....? SERIOUSLY?
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."
- Cardinal Richelieu
There's have been plenty of people scooped up, disappeared and tortured by the US government - "the leader of the free world" - on the vaguest of evidence, later let go with an "er, never mind." Or in simple criminal law, cases where people were jailed purely through confirmation bias. The more details you have about someone, the more you can build a picture of guilt where none exists. A phone hands over a mountain of details.
There have been plenty of examples of people's private information scanned by police with purely malicious intent. Just last week for example, reported here, Forty-One Secret Service Employees Punished For Illegally Accessing Congressman's Private Data In Hopes Of Discrediting Him
[ link to this | view in chronology ]
Re: Very biased article
Since the warrants they require are from the courts of the nation the user is in, the requirement is of little meaning. Warrants only mean that the action is legal in the given nation. They do not mean that the action is proper or ethical.
"If you have not committed crimes I am not clear how you can be worried about anything."
Ahh, I see now. You believe that governments are virtuous and that if you aren't breaking the law then you have nothing to fear. I doubt if anything I could say would disabuse you of this fallacy, but there are lots of longstanding examples of how wrong this is.
[ link to this | view in chronology ]
Re: Very biased article
Shall we have a look at your phone? If you have not committed crimes I am not clear how you can be worried about anything.
[ link to this | view in chronology ]
Re: Very biased article
Emergencies notwithstanding, why on earth should I have to obey a policeman?
[ link to this | view in chronology ]
You /sure/ about that?
...
Most of the company's customers are enterprise users and they have the ability to lock down their phones so tight not even BlackBerry can get into them.
Given how eager they are to give access to other products of theirs I wouldn't put too much faith in the security of the enterprise version. I mean come now, they set up an entire department for the sole purpose of speeding up access to devices they sell to anyone with a badge and the five minutes it takes to fill out the form. This is clearly not a company that values the privacy of their customers in the slightest.
While it's possible that the enterprise version of their products is indeed truly secure, and doesn't have any backdoors that can be exploited whenever someone comes knocking at BB's door, given their other actions I certainly wouldn't trust it to be that way, and no-one who actually cares about security should trust them either.
[ link to this | view in chronology ]
Re: You /sure/ about that?
You are obviously not an expert on Blackberry so you are totally wrong about the enterprise Blackberry environments. If you were to actually go read about the technology you would actually discover that if an encryption key is set by the customer, nobody can crack it. Nobody. Doesn't matter if there was a back door, they couldn't encrypt the data. Being you don't understand how encryption works, I am not clear why you are even continuing to argue your claims. All you really want to do is trash Blackberry.
[ link to this | view in chronology ]
Re: Re: You /sure/ about that?
Sorry, but I've been around too long to be impressed by warrants or assume that just because one's been handed out that that means there's any real indicator of illegal activity(tea leaves and gardening supplies anyone?). There's also the teeny tiny little problem that it looks like they're accepting warrants from different countries and accepting them at face value without checking whether or not they're valid in the country the search is taking place in. A warrant in the UK for example does not necessarily meet the requirements of a warrant in Canada, but BB is treating it as just as valid, which is just a bit of a no-no.
You are obviously not an expert on Blackberry so you are totally wrong about the enterprise Blackberry environments.
Yup, you got me, the only reason I know or care about the company at all is because articles keep coming out about their practices, statements and screw ups. I didn't go to 'Blackberry 101' classes or get a doctorate in Blackberry, so clearly any statements or ideas I may toss out regarding them can be safely dismissed.
Speaking of expertise however, what's yours? Given your strident defense of them, some more laughable than others('If you have not committed crimes I am not clear how you can be worried about anything.', really?), I can't help but wonder if you're connected to them in some way, so by all means explain what makes you qualified to make the statements on them that you have been.
If you were to actually go read about the technology you would actually discover that if an encryption key is set by the customer, nobody can crack it. Nobody. Doesn't matter if there was a back door, they couldn't encrypt the data.
Yeah, that's kind of the entire point of a back-door, it completely bypasses the regular security. As such if one did exist then it wouldn't matter how strong the customer-side encryption was, because that security would never even come into play.
[ link to this | view in chronology ]
Re: Re: You /sure/ about that?
You obviously have no idea what an encryption back door is. Or maybe you do but are also a Blackberry shill.
Being you don't understand how encryption works, I am not clear why you are even continuing to argue your claims.
Now go stand in front of a mirror and repeat that over and over, to yourself.
All you really want to do is trash Blackberry.
All you seem to want to do is shill for them. I can't help but notice that your profile did not exist before this article.
[ link to this | view in chronology ]
Water-Based Locations
[ link to this | view in chronology ]
Re: Water-Based Locations
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Corporations and governments are basically the only entities willing to put up with them anymore, and that's basically because of the Enterprise BBM security stuff that isn't available to ordinary consumers.
[ link to this | view in chronology ]
Discount cops
This is the mindset of staff who would think nothing of rummaging through peoples private data of their own accord. Just because they can. Huge authority, zero responsibility.
[ link to this | view in chronology ]