BlackBerry is a staple of mobile security, but recent reports indicate that the company is willing to break into its own devices at the authorities' request.
The company helped the Royal Canadian Mounted Police (RCMP) to intercept and decode messages that were sent and encrypted through BlackBerry's BBM service. Canadian authorities have reportedly had a masterkey for BlackBerry devices since 2010.
The findings are part of Project Clemenza, an operation that allowed the RCMP to apprehend seven men who were involved in a murder conspiracy. During the operation, more than 1 million messages were archived and cracked by a server in Ottawa.
The report comes from Vice and Motherboard and shows that not all mobile manufacturers share Apple's stand on encryption and cooperation with the government.
BlackBerry clients who were connected to an enterprise server were not affected by the break-in.
This is because corporate BlackBerry servers operate using internal encryption keys, whereas handsets that use public servers function using the peer-to-peer encryption key embedded into the smartphone during the manufacturing process. In case you were wondering, all personal BlackBerrys use public servers.
Somehow, the RCMP got the key and wasted no time to start unlocking BBM messages. The most interesting questions regarding the case are still unanswered.
Did RCMP manage to crack the handset's encryption by its own means? No official statement came regarding the subject, but Vice and Motherboard cited court documents hinting that BlackBerry was in close cooperation with the Canadian law enforcement agency.
It is possible that RCMP took an approach similar to the one FBI deployed in the case of the iPhone 5s belonging to one of the San Bernardino shooters: delegating a third-party to do the dirty work.
The Bureau finally employed a third-party to crack open the iPhone of San Bernardino shooter Syed Farook after Apple repeatedly refused to give the authorities full access to the device. Earlier this year, Apple appealed to the United States Congress in the dust-up it has with the FBI over encryption issues and security.
In comparison, there is a strong chance that BlackBerry simply offered authorities the access key needed to unlock the data from the suspects' phones. As the company counts several national governments among its clients, it is logical to cater to their needs.
During the development of Project Clemenza, the Indian government pointed out that BlackBerry should permit officials a lawful way to monitor a part of the network data belonging to the company.
One important question that remains unanswered is if the RCMP still holds the decryption key.
Motherboard notes that unless the company delivered a massive update post Project Clemenza, the RCMP is probably still able to break into BBM messages. At the time of writing, we are unaware of such an update taking place.
BlackBerry refused to take an official standpoint on the story, but we will keep you posted with any news we have.
Device encryption has become one of the hottest topics in the tech industry after the recent legal clash between the FBI and Apple. Whether or not companies should renounce their privacy policies and yield themselves to national security arguments is a long debate, and it seems to be merely starting.