Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Blackberry Encryption Android Government Operating Systems Privacy Security Software United States

BlackBerry CEO Promises To Try To Break Customers' Encryption If the US Government Asks Him To (techdirt.com) 107

An anonymous reader writes from a report via Techdirt that claims the company has "chosen to proclaim its willingness to hack into its own customers' devices if the government asks." From the report: From a Forbes article: "[CEO John] Chen, speaking at a press Q&A during the BlackBerry Security Summit in London on Tuesday, claimed that it wasn't so simple for BlackBerry to crack its own protections. 'Only when the government gives us a court order we will start tracking it. Then the question is: how good is the encryption? 'Today's encryption has got to the point where it's rather difficult, even for ourselves, to break it, to break our own encryption... it's not an easily breakable thing. We will only attempt to do that if we have the right court order. The fact that we will honor the court order doesn't imply we could actually get it done.'"

Oddly, this came coupled with Chen's assertions its user protections were better than Apple's and its version of the Android operating system more secure than the one offered by competitors. This proactive hacking offer may be pointed to in the future by DOJ and FBI officials as evidence Apple, et al aren't doing nearly enough to cooperate with U.S. law enforcement. Of course, Chen's willingness to try doesn't guarantee the company will be able to decrypt communications of certain users. Blackberry may be opening up to law enforcement but it won't be sharing anything more with its remaining users. From the Forbes article: "Chen also said there were no plans for a transparency report that would reveal more about the company's work with government. 'No one has really asked us for it. We don't really have a policy on whether we will do it or not. Just like every major technology company that deals with telecoms, we obviously have quite a number of requests around the world.'"

This discussion has been archived. No new comments can be posted.

BlackBerry CEO Promises To Try To Break Customers' Encryption If the US Government Asks Him To

Comments Filter:
  • Isn't there a law or code of some sort that says not to murder, harm, sue, or otherwise ruin a paying customer?

    • by ShanghaiBill ( 739463 ) on Monday October 30, 2017 @05:23PM (#55460141)

      Hold on. The headline is very misleading. He did NOT say they would attempt to crack if the government ASKED. He said they would do it ONLY for a court order, which is not ASKING, it is demanding.

      All companies are required to obey court orders.

      • Companies are free to fight court orders he is implying he will not contest anything or even look too hard. It does not matter as their platform is dead.

        • he is implying he will not contest anything or even look too hard.

          You are stretching his words far beyond anything he actually said. He doesn't say he would challenge a court order, he doesn't say he wouldn't.

          • "We will only attempt to do that if we have the right court order. "

            What part of this is difficult for you to understand?

          • Two big issues he is not saying he will fight any court orders, seeing that they commonly come with a gag order and having been on the receiving end in the hosting sector yea you have to fight them as the majority are junk they get dumped or changed with any pushback cops shop around for rubber stamp judges it can be as simple as waiting till the easy one is up in the rotation. Second blackberry should not be in a position to honor those court orders other than there is the encrypted blob and metadata even

      • by Megol ( 3135005 )

        And attempting to do it would probably be asking the engineers and then relay their response to the court: "it's impossible"

        • by brantondaveperson ( 1023687 ) on Monday October 30, 2017 @05:44PM (#55460273) Homepage

          Of course it's not impossible.

          You deliver the court a PC, something nice and powerful, running a brute-force decryption crack attempt on the encrypted payload. Then you give them a reasonable estimate regarding how long they might expect to have to wait until the machine finds the correct key. That this length of time exceeds the lifetime of the universe might be understood to be the plaintiff's problem.

          • Brute forcing the encryption is impossible in a practical sense, but that is not the only, or even the best way to crack a phone.

            Backdoors?
            Bugs?
            Soak the phone in liquid N2, then remove the RAM and scan the VM.
            Check the keyboard/screen for abnormal wearing or body oil.

          • by Agripa ( 139780 )

            Of course it's not impossible.

            You deliver the court a PC, something nice and powerful, running a brute-force decryption crack attempt on the encrypted payload. Then you give them a reasonable estimate regarding how long they might expect to have to wait until the machine finds the correct key. That this length of time exceeds the lifetime of the universe might be understood to be the plaintiff's problem.

            The US Supreme Court ruling in Eldred versus Ashcroft established that "limited time" is not perpetual so it will take the government only a "limited time" (and an easily calculated bound time) to brute force any encryption system. What are they complaining about?

            Just like when a police officer stops you, he tells the court that you "eventually" pulled over no matter how quickly you did so.

      • Re: (Score:3, Interesting)

        by ewanm89 ( 1052822 )

        I haven't trusted blackberry since 2012 [intoday.in]. They already sold out back then.

    • TL;DR summary:

      Businessman subject to repressive government publicly promises to obey edicts of repressive government.

  • And? (Score:5, Funny)

    by MightyMartian ( 840721 ) on Monday October 30, 2017 @05:23PM (#55460137) Journal

    I'm sure all eight remaining BB customers are totally freaked out. Best switch to Windows Phone to keep their niche player cred.

    • by ffkom ( 3519199 )
      Yeah, but only those 2 of them can now buy Windows phones who are not yet in jail or beheaded because Blackberry squealed on them to their totalitarian government.
  • Okay (Score:5, Funny)

    by alvinrod ( 889928 ) on Monday October 30, 2017 @05:24PM (#55460147)
    Not that I was going to seriously consider buying a Blackberry product before, but I can't think of any possibly way this would make me want to change my mind.

    Is he just saying stupid shit like this so he can get fired and collect his golden parachute?
    • Re: (Score:3, Informative)

      by farble1670 ( 803356 )

      Is he just saying stupid shit like this so he can get fired and collect his golden parachute?

      The Blackberry CEO didn't say anything other than he'd comply with the "right" court order, which is true for anyone that wants to avoid going to jail. You might have to read further than the headline next time before you post.

      • Re: (Score:3, Informative)

        by Anonymous Coward

        Apple refused to just 'comply' with the FBI's warrant and vociferously fought it in court. Enough so that the FBI withdrew their request. BB's CEO seems like he's ready to just roll over on you.

        • Enough so that the FBI withdrew their request.

          It was withdrawn because the device was cracked by an Israeli firm.

          BB's CEO seems like he's ready to just roll over on you.

          Saying you'll comply with a court order isn't rolling over. What should he have done when asked? "BB promises to disobey local laws and regulations". He'd have been promptly dismissed by the board for gross negligence.

          • Re:Okay (Score:5, Informative)

            by n329619 ( 4901461 ) on Monday October 30, 2017 @08:57PM (#55461141)

            Enough so that the FBI withdrew their request.

            It was withdrawn because the device was cracked by an Israeli firm.

            Not before they fought in court, with Tim Cook writing public letter about protecting the people's right, with some of the public interviewee realizing FBI on the wrong, with a number of technology giants supporting Apple including MS and FBI finding themselves in a position for a possible bad precedent against them.

            Only then they "just a day before the hearing" [iphonehacks.com] went and signed $15,278.02 contract with Cellebrite (Israeli company).

            There is zero reason they should be "postponing the hearing" and also signing a contract on a day before postponing, unless they've ran out of time on something bad against them. Apple really did "enough" to make the FBI withdrew their request.

            • Apple had to posture because they were embarrassingly hacked by NSA for years. They were shamed by Snowden and wiki leaks for how invaded they were internally. BlackBerry's closest hacking revelation was the NSA's TAO turned an endpoint and was able to get BES communication after a targetted hit. They had to, they were security incompetent and needed a show for the public.
    • Re:Okay (Score:5, Interesting)

      by darkmeridian ( 119044 ) <william.chuang@g ... m minus language> on Monday October 30, 2017 @05:55PM (#55460327) Homepage

      The article is deceptive and clickbait. Everyone has to comply with court orders, even though you can appeal them, but if you lose your appeal, you have to comply. The BB executive is making the point that "heck, our encryption is so good that we can't crack it even if we had to do it."

      • The article is deceptive and clickbait.

        Actually, the article is exactly correct and properly representative of what the Blackberry CEO said. Your interpretation applies (to some insignificant extent) only to enterprise customers, who possess the encryption keys. For everyone else, Blackberry possesses the encryption keys. For the former, Blackberry has promised to not oppose a court order if it is properly formatted. For the latter, Blackberry has promised to turn over the decrypted data upon request by any properly formatted court order.

        For

        • For the latter, Blackberry has promised to turn over the decrypted data upon request by any properly formatted court order.

          which is no where near being a

          ... proactive hacking offer ...

        • You look petty saying "properly formatted" . It's a fucking government court order, it's someone's fucking job to make sure they are all properly formatted to be approved by a fucking judge. How do you go on trying to say this is accurate reporting when you insert your own meaning, that means fuck all and were never said? You're a fucking asshole. You have no credibility.
  • If he was asked to put in a backdoor "by court order", would he....

    Thats the $64,000 question , and to be honest I and everyone else simply do not know. Unfortunately in this case that amounts to distrust.

    BB is gone burgers
    • by Anonymous Coward

      Actually, there are already implications that there *IS* already a back-door in their software. It is alluded to in the last couple of paragraphs of the article.

    • by PolygamousRanchKid ( 1290638 ) on Monday October 30, 2017 @06:36PM (#55460525)

      If he was asked to put in a backdoor "by court order", would he....

      Governments already require telcos to implement backdoors under the guise of "Lawful Interception": https://en.wikipedia.org/wiki/... [wikipedia.org]

      I developed for an ISP platform of "a major provider" in Europe a while back, and guess what . . . ?

      Yes, it was conform in providing this LI service to the folks, um, "entitled" to it. It was even implemented so that the platform operators could not see who was being tapped. This was because the spooks feared that "criminals" would smuggle in their own folks to work as operators, who could then tip off the criminals when the spooks were tapping them.

      The spooks are supposed to have the proper judicial approvals . . . but it's like a dubious dance club catering to underage drinkers . . . no one is checking IDs at the door.

      Someone should directly ask Blackberry how they assist "lawful" organization trace and tap communications on their systems.

      Whoops! That pesky little National Security Letter Gag Order, again . . .

      • In one case, they had future BBM messages intercepted and stored which allowed them to catch pedophiles. They were basically saying, 'we do this kind of thing, we feel like we're doing the right thing'. They are privy to some fucked up sickos, and many people have no problems legally catching these fuckers. It's hard to take a stance on not helping when you know what bad shit bad people do. You become complicit when you stand around and let it happen.
    • If he was asked to put in a backdoor "by court order", he wouldn't need to because they already have a back-door.

      I'll take that $64,000. Thank you.

  • by Anonymous Coward
  • by Anonymous Coward

    BUT FEAR ITSELF

  • by Chas ( 5144 ) on Monday October 30, 2017 @05:53PM (#55460317) Homepage Journal

    Seriously.

    They're so customer unfriendly it's not even funny.

    "Yeah. We know you paid a lot of money for our products. But fuck you! Because we have an "in" with the gub-mint!"

  • by DaMattster ( 977781 ) on Monday October 30, 2017 @06:01PM (#55460359)
    I wasn't aware Blackberry is even relevant anymore. Now I have even more reason to stay away ... as if there weren't enough reasons anywway.
  • by 93 Escort Wagon ( 326346 ) on Monday October 30, 2017 @06:32PM (#55460517)

    ... says 2008 me.

  • They have always done this, even when they were Research in Motion. The only change is that they are saying it's hard to break the encryption. At least when they had their own OS and applications which interacted with the enterprise software the company had keys, on a regional basis, to decrypt the data. It sounds like they can't decrypt the phone itself easily, but are happy to try. I'm sure that they still have the ability to decrypt anything that goes through the enterprise software.

  • by supernova87a ( 532540 ) <kepler1.hotmail@com> on Monday October 30, 2017 @07:11PM (#55460661)
    That I have never heard of Blackberry / RIM being in the news for resisting or challenging a government order to reveal customer data speaks a great deal to me.

    At least I have some public signalling by Apple that they think about whether they should or not. Maybe BB thinks about this as well, but I don't hear about it.
  • You'll try to help police get into a protected phone? He should be fired for make that statement.
    • Did I overlook something? Isn't privacy the thing that gives a device value? Would life be devalued if we lost it all?
      • Yes, once a device has no privacy or when you have a public statement that the company behind the device doesn't give a rats ass about security, the device becomes worth almost nothing.
        • Thank you! You are awake.. I know that you were born into an era that has not known much freedom. And were loosing more by the day :( ..Look at the old Woodstock Festivals to see people enjoying freedom on youtube.
          • I work in high-security IT, it's my job to make sure that no one and nothing can track or read anything my team does. I understand more than most people the need for privacy.
  • by XSportSeeker ( 4641865 ) on Tuesday October 31, 2017 @01:35AM (#55461787)

    I've been repeating this for quite a while now, but I dunno for what reason, people have apparently forgotten all about the case involving the Canadian Mounted Police, a master decryption key for all non-enterprise accounts, and extremely crappy response from your same very own John Chen who was also the CEO back at the time.

    Let me refresh people's memories:
    https://www.theverge.com/2016/... [theverge.com]
    https://news.vice.com/article/... [vice.com]
    http://blogs.blackberry.com/20... [blackberry.com]
    https://www.computerworld.com/... [computerworld.com]

    If anyone was stupid enough to fall into the obvious and very false statement that the new Blackberry had better costumer protection in place in comparison to Apple or other Android brands, it's on you for not doing very basic research.
    It's like getting surprized with a new round of scandals of Lenovo laptops having malware pre-loaded on their bios. There have been enough cases to know what the position of the company is. If you are still throwing your money at them, you are just reinforcing the behavior and proving to them that it's acceptable.
    John Chen has said nothing there that he didn't already say in the past. While he is the CEO of the company, such behavior is to be expected. Anyone who cares about their own personal privacy and about having proper standards on costumer protection should've already let go of the brand by now.

    • by nnull ( 1148259 )

      What difference is this with Android fracturing again with Samsung, LG and every other brand now making their own closed source custom framework for Android? LG now installs applications for me without my knowledge (Ignoring Google Play Store completely), throws ads on my idle screen, and most likely spies on me all the time despite being encrypted. Samsung is on the path of doing the same thing and Google is taking the closed source approach to Android (And telling me how this is a good thing). And on top

    • How the fuck is BBM, a chat thing, considered your actual phone? It's no different than text, except that the whole world can access text messages through numerous ss7 holes. Fucking dummies.
  • Encryption (Score:3, Insightful)

    by ledow ( 319597 ) on Tuesday October 31, 2017 @06:00AM (#55462249) Homepage

    Aside from petty criminals, I would be shocked that any decent terrorist was even bothering to rely on any kind of third-party to provide their encryption anyway. I mean, that's just stupid.

    Use ANY communications medium you like. The same metadata would be present on just about all of them. And encrypt the message before you send it. It's not hard.

    Then you know that only the guy with the key can decrypt it and it doesn't matter what Blackberry/WhatsApp/Facebook etc. record - they only get the same metadata anyway. And, also, you could send the message by carrier pigeon if you were that paranoid. It would barely matter.

    What we're catching with such stupidity are not the master criminals, but the idiots. The idiots are easy to spot anyway, precisely because they give the game away from the metadata. While the master criminals aren't hindered in the slightest. Meanwhile, all our privacy is stripped away on the inference that we're somehow stopping the master criminals by doing so.

    I object to the stupidity, dumbing down, and taking me for an idiot - much more than I object to someone claiming to help the government decrypt if ordered to do so.

Real Programmers don't eat quiche. They eat Twinkies and Szechwan food.

Working...