BlackBerry, a Canadian smartphone developer, has come under fire after an article published by Motherboard revealed that Royal Canadian Mounted Police (RCMP) agents had decrypted over a million BlackBerry messages between 2010 and 2012. Because all messages sent with the BlackBerry Messaging App are encrypted with a global key, government agents can decrypt any of them once they have that key. Since some court documents relating to the case are sealed, it is unclear if BlackBerry gave the key to the RCMP or if the agency obtained it through some other means.
A blog post by BlackBerry CEO John Chen has been published, responding to this issue. The post stops short of outright stating that BlackBerry handed over the key to law enforcement, but the language heavily implies this is the case. The post opens with a call for tech companies to comply with lawful requests, "We have long been clear in our stance that tech companies as good corporate citizens should comply with reasonable lawful access requests. I have stated before that we are indeed in a dark place when companies put their reputations above the greater good."
The post also states that the overall outcome of the intercepted messages was positive because, "the case resulted in a major criminal organization being dismantled." In relation to BlackBerry's possible assistance to the RCMP in this case, Chen only gave a vague non-answer, "Regarding BlackBerry’s assistance, I can reaffirm that we stood by our lawful access principles."
The post also states that BlackBerry must perform a balancing act, helping police apprehend criminals while at the same time preventing government abuses. The post states, "We have been able to find this balance even as governments have pressured us to change our ethical grounds. Despite these pressures, our position has been unwavering and our actions are proof we commit to these principles."
Chen also reassures customers that the BlackBerry Enterprise Server (BES) was not compromised when the RCMP obtained the global key. BES is a middleware package that provides numerous services to businesses. In this case, the most relevant point is that BES allows users to choose their own encryption key for BBM communications. Chen assures users that, "Our BES continues to be impenetrable – also without the ability for backdoor access – and is the most secure mobile platform for managing all mobile devices." Although it's not made clear in the post what ethical principle allows for governments to have unrestricted access to personal communications but not business communications.
Do you agree with Chen's position that tech companies should comply with "lawful access requests?" Leave your comments below.
