Canadian Police Have Had BlackBerry's Global Decryption Key Since 2010 (vice.com) 62
Justin Ling and Jordan Pearson, reporting for Vice News: A high-level surveillance probe of Montreal's criminal underworld shows that Canada's federal policing agency has had a global encryption key for BlackBerry devices since 2010. The revelations are contained in a stack of court documents that were made public after members of a Montreal crime syndicate pleaded guilty to their role in a 2011 gangland murder. The documents shed light on the extent to which the smartphone manufacturer, as well as telecommunications giant Rogers, cooperated with investigators. According to technical reports by the Royal Canadian Mounted Police that were filed in court, law enforcement intercepted and decrypted roughly one million PIN-to-PIN BlackBerry messages in connection with the probe. The report doesn't disclose exactly where the key -- effectively a piece of code that could break the encryption on virtually any BlackBerry message sent from one device to another -- came from. But, as one police officer put it, it was a key that could unlock millions of doors. Government lawyers spent almost two years fighting in a Montreal courtroom to keep this information out of the public record. Motherboard has published another article in which it details how Canadian police intercept and read encrypted BlackBerry messages. "BlackBerry to Canadian court: Please don't reveal the fact that we backdoored our encryption," privacy and security activist Christopher Soghoian wittily summarizes the report. "Canadian gov: If you use Blackberry consumer encryption, you're a "dead chicken".
Re: (Score:1)
Well they're not going to take their BlackBerrys with them if they do go. iPhone users are safe though...
Are you so simple? (Score:1)
No wonder TPTB has such an easy time having total control over you guys
If you still think that TPTB got the keys to only the Blackberries I have couple of really nice bridges to sell ya!
Re: Are you so simple? (Score:2)
So you think it's a stretch to assume that if BB would share the key with the Canadian Feds for a murder case, they would also do so for the US Feds for terrorism/the children/WOD/Snowden/etc/etc/etc? Please
Re: (Score:1)
Forgot the smiley... Sorry
I thought this was common knowledge? (Score:5, Insightful)
Back in the day (and one of the many reasons RIM went down the tubes) was because they have global decryption keys for both BES and BIS. It's right there in the specifications and marketing of the Blackberry communications.
Re: (Score:2, Troll)
I think the question at this point is either:
Will Obama finally get a new phone?
Or
Will Obama be the good citizen that he wants everybody else to be and forever hold on to a phone that is backdoored?
Re:I thought this was common knowledge? (Score:5, Informative)
No, they only had the keys for the consumer parts, which is the same problem all messaging services that doesn't allow you to run your own server has.
In theory you could secure BlackBerries but it always required an enterprise license and running your own servers with your own keys.
Re: (Score:3)
Read the spec. BES encryption keys (on your own server) get published to the Blackberry device the first time it connects (when it is by definition unaware of what your BES keys are) encrypted with the Blackberry Global Key. That is if there are no other back doors in the encryption (since the standard is closed source, you never really can be sure). They eventually (this was news about a decade ago) gave in to India and gave their government access to all systems in India, why do you think the US can't do
Re: (Score:2)
A) That's not how BES "encryption" works. Even RIM has gotten off the notion of calling it "encryption" and are now calling it "scrambling".
B) It is well known that not just India but a host of other countries have access to the keys. The Mounties are the least scary police agency in the world.
C) There was a paper about 10 years ago that explained how to 'crack' the BB "encryption" scheme.
Re: (Score:2)
In theory you could secure BlackBerries but it always required an enterprise license and running your own servers with your own keys.
Correct me if I'm wrong, but it sounds like this would just limit the scope of the issue. The key would still be a shared key for all your users, right? If so, that's not a fix at all.
Re: (Score:2)
You wouldn't know it if you listened to the BB stock pumpers who frequent many online forums. They're constantly talking about BB's incredible security as opposed to Apple and Android.
Just one more nail in the coffin.
Re: (Score:2)
Read the BlackBerry website (it's linked through the story). All messages, even on the 'enterprise' version are "scrambled", the enterprise version simply uses a different key to "scramble"; in other support documents they point out that "scrambled" does not mean encrypted.
Re: (Score:2)
The mail server was for personal use only and never intended for general rollout.
Just wait until she gets to the oval office. HillaryMail will assign a free universal email account to every US citizen
big_h_47@mail.whitehouse.gov
Big Whoop (Score:5, Funny)
This effects at most like what.....3 people?
Re: (Score:1)
affects, it doesn't bring about people...
Re: (Score:2)
just buy the Priv.
despite the name, ignore all the "privacy" stuff, and just use regular android that it ships with.
it is as bad as any android phablet from samsung or google, but has a physical keyboard with a touchpad sensor on each key! (so i hope eventually we get Swype-style input overthe physical keyboard)
of course, for now, since it is a shitty as any current smart phone, sometimes the virtual keyboard eats up the screen even with the hardware one open...
This is about... (Score:1)
Reminds Me of the Song... (Score:2)
"By By Blackberry"
Summary and story have it wrong (Score:2)
The story specifically talks about PIN to PIN messaging using BBM. That is one SERVICE, not an entire DEVICE. So, they're able to decrypt a consumer communication, but nothing on the actual device or any other communications that BES is responsible for.
2010? Thats before BB10 was released (Score:2)
This story is talking about BB7 Operating system from back in the day before the current BB10 OS was released and is specifically talking about Pin to Pin communications on Blackberry Messenger for non BES (Blackberry Enterprise Server) corporate customers.