'Outrageous': RCMP can unlock BlackBerry messages

by Josh Dehaas (feat. Tom Keenan)

CTV News
April 15, 2016

Privacy experts are expressing concern and outrage after the revelation that the RCMP has had a key to unlock encrypted PIN-to-PIN messages between personal BlackBerry users since at least 2010, and has used that key to decrypt about one million messages.

Ann Cavoukian, Ontario’s former Privacy Commissioner, said the computer code would have allowed police to open not just the “bad guy’s” communications, but “yours, mine and anybody’s.”

That fact, she says, is “outrageous.”

Cavoukian, who is now a professor at Ryerson University in Toronto, said she was doubtful when she first heard a rumour in 2010, that BlackBerry was planning to provide such a key to appease governments in the United Arab Emirates and Saudi Arabia.

“I said, absolutely not,” she recalled. “There is no way that BlackBerry would release that kind of information.”

Cavoukian said that she wrote a letter to the company, which elicited a “rude response” telling her she was being unpatriotic, and that BlackBerry would go ahead with providing the key.

“I gave up my BlackBerry; I got an iPhone,” she said. “We have to applaud (Apple CEO) Tim Cook because he has not done what they’re doing,” she added, referring to Cook’s refusal to give the U.S. FBI the means to circumvent the security on its iPhone devices. The FBI subsequently said it found a way to hack the iPhone 5C of the San Bernardino attacker Syed Farook.

Cavoukian did not know police had access to such a key for Canadians’ personal BlackBerrys until news broke this week. While it is not clear whether it was hacked by the RCMP or disclosed by the company, Cavoukian believes it was handed over.

Chris Parsons, a security researcher at the University of Toronto’s The Citizen Lab, called the revelation “worrying.”

“The worry isn’t that the RCMP has been abusing this,” he said. “My concern is, principally, that they’ve been using this for so long and Canadians had no idea that this capacity exists.”

Parsons said the revelation illustrates how little Canadians understand about how authorities are using their powers.

Tom Keenan, a privacy expert and author of the book “Technocreep,” told CTV News Channel that his concern is people who aren’t doing anything illegal could still suffer consequences if police believe they might be doing something wrong.

Keenan offered a hypothetical situation in which a person is flying to the U.S. and sends a BlackBerry message that says, “I’m really gonna kill it in the United States.” That person may get hassled at the border because police can surreptitiously see the message, he said.

All three experts pointed out that the key could not be used on the BlackBerry Enterprise Server phones which are typically used by corporations and governments.

Although BlackBerry hasn’t commented on the revelation, CEO John Chen wrote a blog post in December that “privacy and security form the crux of everything we do,” but added, “our privacy commitment does not extend to criminals.”

Chen also took an apparent jab at Apple, by pointing out that it had “recently refused a lawful access request in an investigation of a known drug dealer because doing so would “substantially tarnish the brand” of the company.”

“We are indeed in a dark place when companies put their reputations above the greater good,” Chen wrote.

Prime Minister Justin Trudeau was asked by a reporter in Waterloo, Ont., Thursday whether he is confident that the RCMP has been using the key only with court orders. Trudeau responded that he sees this as an “issue that obviously is of concern to many people”

The Prime Minister added that he was elected “on a commitment to bring in proper oversight of our national security agencies and police agencies” and that his government is working to “reassure people that we are both keeping them safe and protecting our rights and freedoms.”

Vice News reported Thursday that recently released court documents related to a Montreal organized crime investigation, known as Project Clemenza, showed the RCMP had decrypted one million BlackBerry messages between 2010 and 2012.