Science

BlackBerry CEO tries to reassure users on encryption questions

BlackBerry CEO John Chen wants to assure users that the company "stood by our lawful access principles" when it helped the RCMP in a major criminal case that has raised questions about the encryption of the company's phones.

John Chen won't say if company gave RCMP encryption key for all consumer BlackBerry cellphones

BlackBerry's John Chen will not say whether the company gave the RCMP the universal encryption keys to all consumer BlackBerry phones. (Frank Gunn/Canadian Press)

BlackBerry CEO John Chen wants to assure users that the company "stood by our lawful access principles" when it helped the RCMP in a criminal case that has raised questions about the encryption of the company's phones.

"When it comes to doing the right thing in difficult situations, BlackBerry's guiding principle has been to do what is right for the citizenry, within legal and ethical boundaries," Chen said in a blog post Monday.

"We have long been clear in our stance that tech companies as good corporate citizens should comply with reasonable lawful access requests."

Chen acknowledged that his blog post was a response to an article published on Motherboard, an online technology magazine, last week about Project Clemenza, an RCMP investigation into a Mafia slaying that ran between 2010 and 2012.

The article cited an affidavit in which the RCMP described a "BlackBerry interception and processing system" that decrypts messages using "the appropriate decryption key."

Such a "global" decryption key would have been able to decrypt messages sent between consumer BlackBerry phones, and would still be able to do that if the key has not been changed (although it wouldn't affect the encryption of corporate account phones, which use the BlackBerry Enterprise Server [BES] and have different encryption keys.)

The article said BlackBerry declined to comment on the story.

"A few unknowns remain in this case," it concluded. "For example: did BlackBerry itself provide the RCMP with the global encryption key, and has that key changed?"

Ethical principles 'challenged'

Chen says the article "speculated on and challenged BlackBerry's corporate and ethical principles."

However, Motherboard observed Monday that Chen's response was "neither confirming nor denying the answer to the most burning question raised by our investigation: Did BlackBerry give the Royal Canadian Mounted Police … the key to every consumer BlackBerry user's digital front door?"

A Motherboard article cites an affidavit in which the RCMP described a 'BlackBerry interception and processing system' that decrypts messages using 'the appropriate decryption key.' (Geoff Robins/Canadian Press)

Instead, Chen wrote only: "Regarding BlackBerry's assistance, I can reaffirm that we stood by our lawful access principles. Furthermore, at no point was BlackBerry's BES server involved."

BlackBerry's lawful access principle states that it sometimes receives requests for assistance from authorities such as police forces.

"We are guided by appropriate legal processes and publicly disclosed lawful access principles in this regard, as we balance any such requests against our priority of maintaining privacy rights of our users," the principle states. "We do not speculate or comment upon individual matters of lawful access."

The questions about BlackBerry's co-operation with police come amid ongoing legal battles in the U.S. between Apple and U.S. law enforcement over Apple's refusal to unlock iPhones involved in several criminal cases and provide police with access to customer data.

In December, Chen caused controversy with another blog post about privacy and lawful access. Without naming Apple, Chen slammed a recent update to Apple's operating system which makes it impossible for the company to unlock the devices, even if there's a search warrant for a criminal investigation. He later defended the post in more detail.