BlackBerry CEO Promises To Try To Break Customers' Encryption If The US Gov't Asks Him To

from the I-got-you dept

The DOJ's reps -- along with the new FBI boss -- keep making noises about device encryption. They don't like it. What they want is some hybrid unicorn called "responsible encryption," which would keep bad guys out but let law enforcement in. The government has no idea how this is supposed to be accomplished, but it has decided to leave that up to the smart guys at tech companies. After all, tech companies are only in it for the money. The government, however, answers to a higher calling: public safety -- a form of safety that apparently has room for an increase in criminal activity and nefarious hacking.

There's one cellphone company that's been conspicuously absent from these discussions. A lot of that conspicuous absence has to do with its conspicuous absence from the cellphone marketplace. Pretty much relegated to governments and enterprise users, Blackberry has been offering encrypted messaging for years. But it's been offering a different sort of encryption -- one it can remove if needed.

Enterprise users hold their own encryption keys but individual nobodies have their encryption keys held by Blackberry. Blackberry would likely be held up as the "responsible encryption" poster boy by the DOJ if only it held enough marketshare to make an appreciable difference. Instead, it's of limited use to the DOJ and FBI.

But that doesn't mean Blackberry isn't willing to submit multiple height bids whenever government says jump. Over the past couple of years, it has come to light Blackberry routinely decrypts messages for inquiring governments. Apparently, there's some sort of golden key law enforcement can use to access communications -- one multiple governments seem to have access to.

There are still some unanswered questions about enterprise accounts -- the ones Blackberry doesn't hold the keys to. This poses the same problem for law enforcement that other, more popular phones do. But rather than point out the problems with the government's demands for "responsible encryption," Blackberry has irresponsibly chosen to proclaim its willingness to hack into its own customers' devices if the government asks.

[CEO John] Chen, speaking at a press Q&A during the BlackBerry Security Summit in London on Tuesday, claimed that it wasn't so simple for BlackBerry to crack its own protections. "Only when the government gives us a court order we will start tracking it. Then the question is: how good is the encryption?

"Today's encryption has got to the point where it's rather difficult, even for ourselves, to break it, to break our own encryption... it's not an easily breakable thing. We will only attempt to do that if we have the right court order. The fact that we will honor the court order doesn't imply we could actually get it done."

Oddly, this came coupled with Chen's assertions its user protections were better than Apple's and its version of the Android operating system more secure than the one offered by competitors.

This proactive hacking offer may be pointed to in the future by DOJ and FBI officials as evidence Apple, et al aren't doing nearly enough to cooperate with US law enforcement. Of course, Chen's willingness to try doesn't guarantee the company will be able to decrypt communications of certain users. But I'm sure Chen's positive attitude will be used as leverage in talks with tech companies the DOJ clearly believes have added encryption to their devices solely as a middle finger to US law enforcement. This belief clearly isn't true, but the DOJ in particular has already show it's willing to be completely disingenuous when arguing for weakened encryption.

Finally, Blackberry may be opening up to law enforcement but it won't be sharing anything more with its remaining users.

Chen also said there were no plans for a transparency report that would reveal more about the company's work with government. "No one has really asked us for it. We don't really have a policy on whether we will do it or not. Just like every major technology company that deals with telecoms, we obviously have quite a number of requests around the world."

This seems a bit unfair. Blackberry will be offering more to the government and telling the public less. Then again, the general public is likely no more interested in a Blackberry transparency report than it is in Blackberry smartphones.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 30 Oct 2017 @ 2:13pm

    Re: Re: Deployment vs encryption

    It wouldn't really be a "back door", because a provider isn't generally managing the keys so they can do this. They're doing it so users can recover from lost devices, forgotten passwords, ... It's really more of a weakness or design compromise in the "front door" because the code on the sender+recipient phones will be acting normally. Like when the manager of an apartment complex holds keys to all units. (They're not doing it to let cops in, but they've put themselves into a situation where they'll have little legal choice but to comply with a warrant.)

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories

Close

Email This

This feature is only available to registered users. Register or sign in to use it.