Blackberry Is Making User Data Too Easy To Access

Andrew Orr In the News

In recent news, it seems as if Blackberry is making it a little too easy for law enforcement to access user data – even going so far as to provide a helpful checklist.

The CBC reported that the list enables law enforcement from all around the world to “indicate whether they wish to receive device and subscriber information, message logs, or ‘other.'”

Blackberry even has a specialized team within the company specifically to intercept personal data to hand it out to “hundreds of police investigations in dozens of countries.

Unlike other tech companies, Blackberry doesn’t provide a transparency report about its machinations behind the scenes, so it’s not clear how many law enforcement requests it receives or how many of those requests it honors.

Categories of User Data

A version of the checklist found online gives a menu of three classes of data that Blackberry can hand out:

  • Device, account, and subscriber data (PIN, IMEI, SIM, Blackberry ID, name, address, payment, and purchase information)
  • Message transaction logs (times and dates of BBM and PIN message exchanges, current BBM contact list)
  • “Other” – this section is where police can request to intercept and de-scramble user communications

A source contacted by CBC News said:

“We were helping law enforcement kick ass…narco trafficking, human trafficking, money laundering, kidnapping, crime against children, knowing you are stopping those things…how do you not love doing something like that?”

Back in April, it was even revealed that the Royal Canadian Mounted Police is in control of Blackberry’s global encryption key, and if you have even a basic understanding of encryption, you’ll know this is scary news. From 2010-2012, the RCMP carried out “Project Clemenza” where they intercepted and decrypted over 1 million Blackberry messages during an investigation.

The RCMP can decrypt *any* message between Blackberry phones that aren’t on a private corporate network.

This news was in stark contrast to a report from Blackberry in 2015 when the company wrote “At BlackBerry, we understand, arguably more than any other large tech company, the importance of our privacy commitment to product success and brand value: privacy and security form the crux of everything we do. However, our privacy commitment does not extend to criminals.”

To put this security risk into context, the President of the United States is a Blackberry user, and although his phone is locked down using specialized software from the NSA, it’s still a scary thought knowing that if rogue hackers stole Blackberry’s encryption key from the RCMP, they could potentially target the President.

Christopher Parsons, a research associate at the University of Toronto’s Citizen Lab, discovered that Blackberry allows foreign police to go around the Mutual Legal Assistance Treaty, which is a diplomatic agreement that allows Canadian officials to review requests from foreign police and decide if they are legal.

In 2015 it was found that roughly 2.44 million Americans still use Blackberry phones:

blackberry users

While companies like Apple continue to fight for their customers’ privacy, even butting heads with the FBI earlier this year, Blackberry is handing out its users’ data to any government. In the end, this could damage the brand that Blackberry has created over time, the phone’s messaging system was touted as being secure. Now it seems services like iMessage have taken its place.