Canadian police intercepted 1mn messages using BlackBerry's master encryption key – report
The Royal Canadian Mounted Police (RCMP) managed to intercept messages sent through the phone's BBM service, according to court documents obtained by Vice News and Motherboard.
The papers indicate that the RCMP keeps a server in Ottawa which “simulates a mobile device that receives a message intended for [the rightful recipient].” From there, the “BlackBerry interception and processing system” decrypts the message using the master key.
In a technical report attempting to reveal the significance of the key, filed with Superior Court of Quebec, the RCMP said it had obtained “the key that would unlock the doors of all the houses of the people who use the provider's services, and that, without their knowledge.”
It is unclear how the police obtained the key, and neither the RCMP nor BlackBerry has confirmed that the phone manufacturer handed it over. Both parties reportedly fought against a judge's order to release more information about their working relationship.
It is also unknown whether the key has since been changed, or if the police are continuing to intercept messages.
Although people with BlackBerrys connected to an enterprise server were likely immune to having their messages intercepted, those customers represent the minority of BlackBerry users.
And while the RCMP's ability to intercept messages led to seven men confessing their roles in a 2011 gangland murder, over one million messages from innocent people were intercepted in the process.
In the trial against the men, the Crown prosecutor refused to answer how the police had obtained the master key, telling the judge: “I'm going to refrain from any comment because we're walking a very, very fine thread. I don't want to fall into a bear trap.”
Crown prosecutors used a number of excuses as to why the origin of the key and the nature of BlackBerry's cooperation with the RCMP should remain private.
In applications filed with the court, the prosecutors cited privilege to avoid answering the questions, and argued that disclosing BlackBerry's involvement may “have a negative commercial impact on the company.” They also claimed that admitting to BlackBerry's involvement could negatively affect the RCMP's relationship with the company, as well as other technology companies.
If BlackBerry willingly handed over the key to the RCMP, it wouldn't necessarily be surprising. The company's CEO, John Chen, wrote last year that “we reject the notion that tech companies should refuse reasonable, lawful access requests.”
The relationship between technology companies and the government has been shaky in recent months, particularly after Apple was ordered to give “reasonable technical assistance” to the FBI in February. The US government agency called for a specially made “key” that would bypass encryption on the phone of one of the San Bernardino shooting suspects. Apple refused to comply, however, saying the request would set a “dangerous” precedent for digital privacy.