Back in mid-April, it was discovered that Canadian law enforcement (along with Dutch authorities) had the ability to intercept and decrypt BlackBerry messages. This level of access suggested the company had turned over its encryption key to the Royal Canadian Mounted Police. BlackBerry has only one encryption key for most customers -- which it maintains control of. Enterprise users, however, can set their own key, which cuts BlackBerry out of the loop completely.
BlackBerry CEO John Chen -- despite publicly criticizing Apple for locking law enforcement out of its phone with default encryption -- refused to provide specifics on this apparent breach of his customers' trust. Instead, he offered a non-denial denial, stating that BlackBerry stood by its "lawful access principles."
The matter was left unsettled… until now.
A specialized unit inside mobile firm BlackBerry has for years enthusiastically helped intercept user data — including BBM messages — to help in hundreds of police investigations in dozens of countries, a CBC News investigation reveals.
This unit, which cracks open BlackBerries for nearly anyone who comes asking, is very proud of its work.
One document obtained by CBC News reveals how the Waterloo, Ont.-based company handles requests for information and co-operates with foreign law enforcement and government agencies, in stark contrast with many other tech companies.
"We were helping law enforcement kick ass," said one of a number of sources who told CBC News that the company is swamped by requests that come directly from police in dozens of countries.
Go team! While these sources remain generally upbeat about throwing customer privacy and security to the wind, the official word from the company is less enthused. In fact, it's nonexistent.
In response to questions from CBC News, a BlackBerry spokesperson said it "will not address the questions given the extremely sensitive nature of this process."
This unadvertised service is apparently so popular BlackBerry has streamlined the process. It offers government agencies a list of boxes to check for what kind of information they'd like retrieved from a phone (including the ominously vague "other"), as well as the option to declare any request "exigent."
It also asks that the requesting party sign off on some boilerplate saying the request is legal in the requester's country and that it is not being done to "control, suppress or punish… political or religious opinion."
Of course, BlackBerry is not a government agency so it really can't do anything if someone "perjures" themselves by signing the form and moving directly towards suppression, punishment, etc. The best it can do is not allow that entity to make any more requests. I'm guessing this almost never happens because the quoted sources seem like a bunch of overly-cheery do-gooders. Policing the police would require BlackBerry to second-guess the government entities it seemingly can't wait to assist.
"Narco trafficking, human trafficking, money laundering, kidnapping, crime against children, knowing you are stopping those things … how do you not love doing something like that?" said the insider.
Yup. [Insert whatever the Canadian equivalent of "'Murica!" here.]
In its hurry to help supposed good guys track down alleged bad guys, the Canadian branch of BlackBerry's "full give" operations is skirting around statutes meant to protect locals from inappropriate demands made by foreign countries.
Christopher Parsons, a research associate at the University of Toronto's Citizen Lab, who has studied the privacy practices of tech companies, is worried by the secrecy of BlackBerry's process and its potential for abuse.
[...]
He said BlackBerry is allowing foreign police to bypass the Mutual Legal Assistance Treaty, a diplomatic agreement that allows Canadian officials to review requests from foreign police and consider whether they are legal under Canadian law.
But, as Parsons points out, law enforcement agencies are probably thrilled to have someone on the inside willing to violate treaties with the drop of pre-printed form. Adhering to MLAT may result in significant delays, whereas approaching BlackBerry directly sets its team of super-secret gofers in motion immediately.
Of course, the major downside here is that very few criminals are likely still using BlackBerries. Most of the company's customers are enterprise users and they have the ability to lock down their phones so tight not even BlackBerry can get into them. But for all the panicked talk about going dark, BlackBerry's special ops unit says it's still surprised at how many criminals are unaware the company is basically the local PD at this point.
The nails were already in the coffin for BlackBerry. Each new exposure of its highly-proactive law enforcement assistance is only going to hasten the dwindling of its user base.
Permalink | Comments | Email This Story
from Techdirt http://ift.tt/1XjvLmN
via IFTTT