BlackBerry CEO John Chen has responded, a week late and only through the company’s official blog, to the furor generated by media reports that the Royal Canadian Mounted Police force has used a “global encryption key” to intercept and decrypt over one million “electronic communications on BlackBerry devices (Pin to Pin messaging)” between 2010 and 2012 in order to bust an Italian crime ring operating in Quebec through an operation dubbed “Clemenza”.
While it’s heartening to know that the RCMP is tech-savvy enough to end the careers of 32 criminals and seize $1 million in criminal proceeds, the idea that the Mounties have apparently been able to unlock the encrypted BBM messages of every single non-corporate BlackBerry user for years now has left something of a bad taste in the mouths of the phone maker’s loyal customer base.
Chen’s response to the media allegations hits all the right notes in a completely vague and non-committal way, painting BlackBerry as a good and lawful corporate citizen, but sounds very thin compared to the public declaration of refusal made by Apple’s Tim Cook.
“When it comes to doing the right thing in difficult situations, BlackBerry’s guiding principle has been to do what is right for the citizenry, within legal and ethical boundaries,” writes Chen. “We have long been clear in our stance that tech companies as good corporate citizens should comply with reasonable lawful access requests. I have stated before that we are indeed in a dark place when companies put their reputations above the greater good.”
With that last jab, Chen implies that Cook’s public dispute with the FBI amounts to showboating with more of a feel-good PR function than any basis in reality.
In December, Chen described as “acrimonious and polarizing” Apple’s squabble with the FBI over the agency’s desire for the iPhone manufacturer to cough up a back-door solution for cracking the phone of one of the San Bernadino mass shooters.
In a post-Snowden world, however, this willingness to collaborate with law enforcement might not strike the average phone user as admirable so much as a betrayal.
Chen also says nothing to confirm or deny whether the RCMP’s access to BlackBerry’s BBM messaging system is limited only to the 2010-2012 span of the criminal operation, or whether the federal police still have access to BlackBerry’s servers.
Chen has thereby effectively surrendered the territory that BlackBerry’s users used to be able to smugly lord over the hopelessly compromised users of Apple and Android phones, namely the company’s reputation for security.
While BlackBerry has for years ridden the coattails of its long-held reputation for security, Apple now claims to operate the “most effective security organization in the world”, having added layers of security and encryption as well as its Touch ID “Secure Enclave” cloud storage for keeping track of users’ fingerprints.
The RCMP allegations rest on 3,000 pages of court documents obtained by VICE Canada, which details an operation that the Mounties call the “BlackBerry interception and processing system,” involving the maintenance of a server in Ottawa that “simulates a mobile device that receives a message intended for [the rightful recipient]”, which according to an affidavit from RCMP sergeant Patrick Boismenu “performs the decryption of the message using the appropriate decryption key.”
“Regarding BlackBerry’s assistance,” Chen wrote, “I can reaffirm that we stood by our lawful access principles. Furthermore, at no point was BlackBerry’s BES server involved.”
As Chen knows, the BlackBerry Enterprise Server serves only enterprise clients, meaning that non-enterprise BlackBerry users are fair game.
As Crown attorney Robert Rouleau made clear in an ex parte hearing contained in the court documents acquired by VICE, “So right now, with my device, if I’m not on the [Business Enterprise Server], I’m a dead chicken. That’s the reality of it, that’s what we don’t want the general public to know.”
Before we get all patriotic over BlackBerry’s willingness to help law enforcement legitimately catch bad guys, it should be pointed out that the federal Office of the Privacy Commissioner has launched an investigation into the RCMP’s refusal to acknowledge whether or not it employs “Stingrays”, also known as International Mobile Subscriber Identity (IMSI) catchers.
Stingrays collect collect cell phone identifying data, text messages and phone calls by mimicking a cell phone tower, without distinguishing between civilian phone use and criminal activity.
Basically, they’re listening to everything and not telling anyone, and for good measure refusing to answer whether or not they even engage in such behaviour.
This article is brought to you by VersaPay (TSXV:VPY) . VersaPay ARC allows you to manage AR with no paper, no hassle, and no trips to the bank. This not only allows you to eliminate costs and get paid faster, but improves your customers’ experience doing business with you. VersaPay ARC is the simple and secure way to manage your entire AR process online. Our cloud-based solution allows you to collaborate with your customers through your own web portal. Click here to learn more.
According to Open Media, “People whose data is captured by a Stingray device receive no notification, and have no way of challenging the intrusion on their privacy. A number of police forces in the U.S., including the FBI and NYPD, have admitted to using Stingrays, but to date no Canadian police force has done so.”
Aside from endorsements from President Obama, BlackBerry has earned a reputation over the years for being difficult to crack from less savory sources, having been the preferred phone of the elusive Mexican drug lord Joaquin “El Chapo” Guzmán, whose commitment to BlackBerry didn’t prevent him being tracked by the Drug Enforcement Agency and Mexican officials in the lead-up to his eventual recapture.
Earlier this month, an RCMP operation called J-Tornado resulted in an 84-month sentence being handed down to Robert Patrick White, the New Brunswick “right-hand man” of a drug ring operating between Halifax and Montreal.
The Mounties managed to bring down this criminal organization by distributing pre-rigged BlackBerry phones among the drug ring’s associates, with a court statement detailing that “the distribution of the phones and resulting intercepts allowed law enforcement to gather evidence of the organization’s activity, the identity of its members, its hierarchy and modus operandi.”
No doubt, the drug dealers swept up in this bust took one look at the BlackBerry phones being handed to them and thought that they were now in good, secure hands.
So on the one hand, we can admire John Chen for his honesty. BlackBerry is a good corporate citizen that cooperates in a responsible way when asked to do so by law enforcement.
And along with that admission vanishes the last shred of BlackBerry’s reputation for being “more secure” than iPhones or Androids, and with it the final strong selling point that BlackBerry was able to use to differentiate itself from its competitors.
We Hate Paywalls Too!
At Cantech Letter we prize independent journalism like you do. And we don't care for paywalls and popups and all that noise That's why we need your support. If you value getting your daily information from the experts, won't you help us? No donation is too small.