Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Blackberry Canada Government Privacy Security

Canadian Police Have Had BlackBerry's Global Decryption Key Since 2010 (vice.com) 62

Justin Ling and Jordan Pearson, reporting for Vice News: A high-level surveillance probe of Montreal's criminal underworld shows that Canada's federal policing agency has had a global encryption key for BlackBerry devices since 2010. The revelations are contained in a stack of court documents that were made public after members of a Montreal crime syndicate pleaded guilty to their role in a 2011 gangland murder. The documents shed light on the extent to which the smartphone manufacturer, as well as telecommunications giant Rogers, cooperated with investigators. According to technical reports by the Royal Canadian Mounted Police that were filed in court, law enforcement intercepted and decrypted roughly one million PIN-to-PIN BlackBerry messages in connection with the probe. The report doesn't disclose exactly where the key -- effectively a piece of code that could break the encryption on virtually any BlackBerry message sent from one device to another -- came from. But, as one police officer put it, it was a key that could unlock millions of doors. Government lawyers spent almost two years fighting in a Montreal courtroom to keep this information out of the public record. Motherboard has published another article in which it details how Canadian police intercept and read encrypted BlackBerry messages. "BlackBerry to Canadian court: Please don't reveal the fact that we backdoored our encryption," privacy and security activist Christopher Soghoian wittily summarizes the report. "Canadian gov: If you use Blackberry consumer encryption, you're a "dead chicken".
This discussion has been archived. No new comments can be posted.

Canadian Police Have Had BlackBerry's Global Decryption Key Since 2010

Comments Filter:
  • by guruevi ( 827432 ) on Thursday April 14, 2016 @11:44AM (#51908623)

    Back in the day (and one of the many reasons RIM went down the tubes) was because they have global decryption keys for both BES and BIS. It's right there in the specifications and marketing of the Blackberry communications.

    • Re: (Score:2, Troll)

      I think the question at this point is either:

      Will Obama finally get a new phone?

      Or

      Will Obama be the good citizen that he wants everybody else to be and forever hold on to a phone that is backdoored?

    • by Carewolf ( 581105 ) on Thursday April 14, 2016 @11:50AM (#51908685) Homepage

      No, they only had the keys for the consumer parts, which is the same problem all messaging services that doesn't allow you to run your own server has.

      In theory you could secure BlackBerries but it always required an enterprise license and running your own servers with your own keys.

      • by guruevi ( 827432 )

        Read the spec. BES encryption keys (on your own server) get published to the Blackberry device the first time it connects (when it is by definition unaware of what your BES keys are) encrypted with the Blackberry Global Key. That is if there are no other back doors in the encryption (since the standard is closed source, you never really can be sure). They eventually (this was news about a decade ago) gave in to India and gave their government access to all systems in India, why do you think the US can't do

      • by unrtst ( 777550 )

        In theory you could secure BlackBerries but it always required an enterprise license and running your own servers with your own keys.

        Correct me if I'm wrong, but it sounds like this would just limit the scope of the issue. The key would still be a shared key for all your users, right? If so, that's not a fix at all.

    • You wouldn't know it if you listened to the BB stock pumpers who frequent many online forums. They're constantly talking about BB's incredible security as opposed to Apple and Android.

      Just one more nail in the coffin.

  • Big Whoop (Score:5, Funny)

    by wkwilley2 ( 4278669 ) on Thursday April 14, 2016 @12:03PM (#51908811)

    This effects at most like what.....3 people?

    • by Anonymous Coward

      affects, it doesn't bring about people...

  • BBOS, and not Android which is what RIM -- yes I still call them that -- uses now!
  • "By By Blackberry"

  • The story specifically talks about PIN to PIN messaging using BBM. That is one SERVICE, not an entire DEVICE. So, they're able to decrypt a consumer communication, but nothing on the actual device or any other communications that BES is responsible for.

  • This story is talking about BB7 Operating system from back in the day before the current BB10 OS was released and is specifically talking about Pin to Pin communications on Blackberry Messenger for non BES (Blackberry Enterprise Server) corporate customers.

"Nuclear war can ruin your whole compile." -- Karl Lehenbauer

Working...