BlackBerry appeared Monday to acknowledge it helped Canadian federal police crack a Montreal crime syndicate that had been using its messaging system, while insisting its smartphone security remains impenetrable.
In a blog post, BlackBerry chief executive John Chen reiterated the company’s long-held stance “that tech companies as good corporate citizens should comply with reasonable lawful access requests.”
The comments are the latest in a wider public discussion on how much access law enforcement officials should have to encrypted devices and how to balance security issues with user privacy rights. It was triggered when Apple recently refused an FBI request for access to the iPhone of San Bernardino mass shooters.
Vice news and its sister publication Motherboard last week reported that BlackBerry may have helped Canadian federal police eavesdrop on BlackBerry so-called PIN-to-PIN messages sent between members of a suspected criminal organization in Montreal.
It was revealed that the Royal Canadian Mounted Police (RCMP) had obtained BlackBerry’s global cryptographic key, allowing the agency to read all messages sent between BlackBerry smartphones.
This provoked a reaction from Prime Minister Justin Trudeau calling for better oversight of Canadian security and intelligence agencies.
The RCMP said it had intercepted and decrypted more than one million BlackBerry messages in connection with its investigation, which began in 2010.
Thirty-two people were eventually charged with gangsterism, drug trafficking, extortion, assault and other offenses. All pleaded guilty at trial.
Chen said BlackBerry does not provide blanket access to its systems, but does in specific instances such as criminal investigations.
“For BlackBerry, there is a balance between doing what’s right, such as helping to apprehend criminals, and preventing government abuse of invading citizen’s privacy,” Chen said.
He noted, however, that BlackBerry enterprise servers used by corporate and government clients are off limits.
They are “impenetrable” since clients control the encryption key for these communications, said Chen.