Blackberry’s sole remaining selling proposition – security – has gone up in smoke with the revelation that the Royal Canadian Mounted Police has the master key to decrypt messages on consumer phones. Investigative stories by Vice and Motherboard document how the Mounties read encrypted messages, and leave little doubt that it was with the company’s active assistance…
Neither the RCMP, nor BlackBerry ever confirmed where the global key actually came from and the documents shed little light on the matter. They also didn’t deny it.
In fact, BlackBerry has recently signalled a willingness to deal with law enforcement on encryption, with company CEO John Chen writing last year that “we reject the notion that tech companies should refuse reasonable, lawful access requests.”…
Crown prosecutors pulled out a variety of excuses as to why the information about the origin of the key, and the exact nature of BlackBerry’s cooperation with the RCMP, should remain strictly private.
Enterprise customers are immune to the particular technique used. Companies that set up their own servers also set their own encryption keys, so Blackberry’s master key won’t work. That’s thin comfort, though. Blackberry uses a proprietary encryption system that might or might not have deliberately designed weak spots.
Until now, the assumption was that it was secure. There’s never any guarantees when it comes to security, but there’s also never been any particular reason to doubt Blackberry’s integrity. Now there is, and that will scare away some security conscious customers, the very people Blackberry has worked so hard over the years to cultivate.
There’s nothing harder to build and easier to lose than a reputation.