BlackBerry is refuting recent media claims that its encryption was “cracked” in police investigations where data was recovered from encrypted devices.
Police in the Netherlands and Canada reported that they had managed to access data from BlackBerrys in recent investigations, prompting BlackBerry’s unsigned blog post stating that its devices are “secure as they have always been.”
The company also firmly denied that BlackBerrys have backdoors for law enforcement access.
The “cracked” reports first emerged after Dutch website Misdaadnieuws published documents from a criminal case claiming that the Netherlands Forensic Institute (NFI), a Dutch law enforcement agency, was able to access encrypted data from a BlackBerry PGP device.
Motherboard picked up the story and got confirmation from NFI and the Royal Canadian Mounted Police that they had recovered supposedly-encrypted data from BlackBerry PGP devices, although neither law enforcement agency would say how.
BlackBerry said in the blog post that it had no details about the types of device the reports were referring to, or how they were configured or protected, and suggested numerous ways other than “cracking” that the police might have used:
If such an information recovery did happen, access to this information from a BlackBerry device could be due to factors unrelated to how the BlackBerry device was designed, such as user consent, an insecure third party application, or deficient security behavior of the user.
BlackBerry also said “there are no backdoors in any BlackBerry devices,” and it doesn’t store and can’t share device passwords with law enforcement:
Furthermore, there are no backdoors in any BlackBerry devices, and BlackBerry does not store and therefore cannot share BlackBerry device passwords with law enforcement or anyone else. In other words, provided that users follow recommended practices, BlackBerry devices remain as secure and private as they have always been.
The demands for backdoors have only grown louder since the terrorist attacks in Paris in November and in the US city of San Bernardino a few weeks later.
Technology companies such as Apple, Google and Microsoft have long stated that backdoors are a bad idea – a position that the governments of the Netherlands and France have now come around to endorse.
BlackBerry has gone on record against backdoors many times, including just last month, when it nearly pulled its operations out of Pakistan until the government of that country relented in its demands for access to BlackBerry’s servers.
Nevertheless, BlackBerry CEO John Chen said in a 15 December blog post that his company’s “privacy commitment does not extend to criminals,” and BlackBerry would work with law enforcement wherever possible “within legal and ethical boundaries.”
SOPHOS STATEMENT ON ENCRYPTION
Our ethos and development practices prohibit “backdoors” or any other means of compromising the strength of our products for any purpose, and we vigorously oppose any law that would compel Sophos (or any other technology supplier) to weaken the security of our products.