RCMP Have BlackBerry’s Encryption Key, Over 1M Messages Intercepted


There was a time when the Royal Canadian Mounted Police (Canada’s federal police force) had backdoor access to encrypted BlackBerry messages, Vice Canada reports. During that time, the RCMP intercepted and decrypted “over one million” BlackBerry messages.

To understand how the RCMP did that, you need to understand how BlackBerry’s encryption works: It encrypts BBM messages using a single “global encryption key” loaded onto every handset during manufacturing. Those who own that key can read all BBM messages sent between BlackBerry phones. The only exception is Business Enterprise Server, which
allows corporations to use their own encryption so not even BlackBerry can access it.

Now, as discovered by Vice Canada, the RCMP somehow obtained this global encryption key and used it during an investigation in a mafia slaying called “Project Clemenza”. The investigation ran between 2010 and 2012.

According to more than 3,000 pages of court documents pertaining to the case that resulted from Project Clemenza, obtained by VICE Canada, the RCMP maintains a server in Ottawa that “simulates a mobile device that receives a message intended for [the rightful recipient].” In an affidavit, RCMP sergeant Patrick Boismenu states that the server “performs the decryption of the message using the appropriate decryption key.” The RCMP calls this the “BlackBerry interception and processing system.”

Okay, so you may argue that BlackBerry has been collaborating with law enforcement agencies, just as Apple did and does now when forced to by law – except the San Bernardino iPhone 5c. You know what happened there, and you may also know that Apple assists law enforcement agencies in their investigations.

The problem with this case is that it is not known whether BlackBerry subsequently changed the global encryption key. If not, it means (metaphorically) that the RCMP has a key to your home and can “pay a visit” at any time without your knowledge. That’s alarming. You can read the full story at Vice Canada.