The RCMP has had backdoor access to BBM since at least 2010


One of Canada’s historic tech companies may have given the country’s national law enforcement agency the keys to its kingdom.

Court documents obtained by Vice Canada and Motherboard Canada relating to a 2011 Montreal gang murder case reveal the Royal Canadian Mounted Police has intercepted and decrypted more than one million BBM messages in connection to a set of investigations called Project Clemenza.

The court documents go on to reveal the law enforcement agency has a server in Ottawa that is capable using the “appropriate decryption key” to intercept and decrypt messages sent between consumer BlackBerry devices. The RCMP’s name for this system is “BlackBerry interception and processing system,” and based on the description of its capabilities, it’s very likely this server, and by extension the RCMP, has access to BlackBerry’s global encryption key.

This key is loaded onto every single consumer BlackBerry device, and it is what is supposed to keep messages sent between two BlackBerry devices secure. Corporate and government BlackBerry devices that run on a BlackBerry Enterprise Server (BES) have their own encryption key, which means the RCMP does not have access to those smartphones.

The court documents obtained by Vice don’t reveal how the RCMP obtained BlackBerry’s global encryption key. However, based on the legal actions of both the government and the company itself, the implication is that the RCMP was given backdoor access.

Lawyers from the federal government spent two years attempting to prevent the documents from being released to the public. Moreover, both the government and BlackBerry refused a judge’s order to clarify whether they were working together.

That said, It’s possible the RCMP’s technical unit was able to obtain the key on its own. Alternatively, similar to the San Bernardino case in the U.S., the RCMP could have also gone to a third-party like CelleBrite, the Israeli tech firm that reportedly helped the FBI hack Syed Rizwan Farook’s iPhone 5c, for help. As Christopher Parsons, the managing director for the Telecom Transparency Project and one of the experts interviewed by Vice in its articles, notes, the court documents from the Project Clemenza case don’t provide enough details to make a definitive judgment.

The privacy implications are clear, however. Despite BlackBerry’s declining fortunes, Canada’s national police agency has enjoyed unfettered access to a significant number of the personal messages sent by Canadians for several years. Moreover, if the RCMP still has access to BlackBerry’s global encryption key, and there’s no reason to believe it doesn’t, no consumer BlackBerry device is secure.

When the encryption battle between the FBI and Apple over the San Bernardino shooting flared up in the U.S., MobileSyrup asked BlackBerry to state its stance on the case. The company declined to comment. In a blog post from last year, BlackBerry CEO criticized Apple for its unwillingness to cooperate with law enforcement agencies. “We reject the notion that tech companies should refuse reasonable, lawful access requests,” he said in the blog post.

[source]Vice, Motherboard[/source]