Canadian police 'obtained' BlackBerry master encryption key

About one-third of all smartphone owners in North America used a BlackBerry during the two-year period that Canadian law enforcement were decrypting messages.
Written by Zack Whittaker, Contributor
(Image: CNET/CBS Interactive)

Canadian's police have obtained encryption keys used by consumer BlackBerry devices, once thought to be one of the most secure mobile devices on the market.

A new report from Vice News found the revelations buried in court documents relating to a Montreal crime syndicate case, showing how BlackBerry and cellular network Rogers cooperated with law enforcement.

Technical reports filed in court by the Royal Canadian Mounted Police show that officers intercepted and decrypted around one million messages used by BlackBerry's proprietary messaging technology in relation to the case. Law enforcement are said to have accessed the messages with the company's master encryption key, used to encrypt consumer messages sent to and from devices.

But how complicit BlackBery was remains to be seen.

It's not clear where the encryption key came from, the report said, but government attorneys had tried to keep details of the case a secret for almost two years.

Vice said in its report that the Canadian smartphone maker "facilitated the interception process" but document redactions masked any context. The publication said that the key could have been extracted directly from a device by a third-party contractor.

BlackBerry is long known to have used a master encryption key, used on every device to scramble messages. This gives the company access to all communications over its systems, and would permit it to hand over data to law enforcement when asked. But since the Edward Snowden revelations it was widely assumed that at least one of the Five Eyes governments colluding in mass surveillance -- of which Canada is a member -- had acquired the keys.

The company's enterprise system is not thought to be affected by the surveillance technique, as each individual server has its own encryption key that even BlackBerry doesn't have access to. The system was said to be designed to prevent BlackBerry from forcibly handing over its customers' business secrets.

It's not the first effort by a government to unscramble BlackBerry devices or messages. At the time the Canadian police had the key -- between 2010 and 2012 -- the company had a large slice of the smartphone market share.

In 2011, British intelligence agency GCHQ was reportedly called in to try to crack the key in an effort to uncover those who organized civil unrest during the London riots.

In recent years, many tech companies and phone makers have bolstered their encryption efforts to lock out law enforcement. Apple, and more recently Google, both have smartphones on the market that effectively shut out anyone other than the owner, much to the chagrin of local and federal law enforcement agencies.

Despite its once proud status as a security pioneer, Blackberry has in recent years fallen behind other companies, who have pushed back in the wake of the Snowden disclosures.

Chief executive John Chen last year criticized this effort, arguing that companies should not put themselves above the law, indicating that it would help governments in some cases. "We reject the notion that tech companies should refuse reasonable, lawful access requests," he said.

The company said in November that it had "no plans" to issue a transparency report on how many data demands it receives from government agencies.

A BlackBerry spokesperson declined to comment.

Editorial standards