BlackBerry CEO Promises To Try To Break Customers' Encryption If the US Government Asks Him To (techdirt.com) 107
An anonymous reader writes from a report via Techdirt that claims the company has "chosen to proclaim its willingness to hack into its own customers' devices if the government asks." From the report: From a Forbes article: "[CEO John] Chen, speaking at a press Q&A during the BlackBerry Security Summit in London on Tuesday, claimed that it wasn't so simple for BlackBerry to crack its own protections. 'Only when the government gives us a court order we will start tracking it. Then the question is: how good is the encryption? 'Today's encryption has got to the point where it's rather difficult, even for ourselves, to break it, to break our own encryption... it's not an easily breakable thing. We will only attempt to do that if we have the right court order. The fact that we will honor the court order doesn't imply we could actually get it done.'"
Oddly, this came coupled with Chen's assertions its user protections were better than Apple's and its version of the Android operating system more secure than the one offered by competitors. This proactive hacking offer may be pointed to in the future by DOJ and FBI officials as evidence Apple, et al aren't doing nearly enough to cooperate with U.S. law enforcement. Of course, Chen's willingness to try doesn't guarantee the company will be able to decrypt communications of certain users. Blackberry may be opening up to law enforcement but it won't be sharing anything more with its remaining users. From the Forbes article: "Chen also said there were no plans for a transparency report that would reveal more about the company's work with government. 'No one has really asked us for it. We don't really have a policy on whether we will do it or not. Just like every major technology company that deals with telecoms, we obviously have quite a number of requests around the world.'"
Oddly, this came coupled with Chen's assertions its user protections were better than Apple's and its version of the Android operating system more secure than the one offered by competitors. This proactive hacking offer may be pointed to in the future by DOJ and FBI officials as evidence Apple, et al aren't doing nearly enough to cooperate with U.S. law enforcement. Of course, Chen's willingness to try doesn't guarantee the company will be able to decrypt communications of certain users. Blackberry may be opening up to law enforcement but it won't be sharing anything more with its remaining users. From the Forbes article: "Chen also said there were no plans for a transparency report that would reveal more about the company's work with government. 'No one has really asked us for it. We don't really have a policy on whether we will do it or not. Just like every major technology company that deals with telecoms, we obviously have quite a number of requests around the world.'"
Benedict Judas Quisling goes all Boeing (Score:3)
Isn't there a law or code of some sort that says not to murder, harm, sue, or otherwise ruin a paying customer?
Re:Benedict Judas Quisling goes all Boeing (Score:5, Informative)
Hold on. The headline is very misleading. He did NOT say they would attempt to crack if the government ASKED. He said they would do it ONLY for a court order, which is not ASKING, it is demanding.
All companies are required to obey court orders.
Re:Benedict Judas Quisling goes all Boeing (Score:5, Informative)
Companies are free to fight court orders he is implying he will not contest anything or even look too hard. It does not matter as their platform is dead.
Re: (Score:3)
he is implying he will not contest anything or even look too hard.
You are stretching his words far beyond anything he actually said. He doesn't say he would challenge a court order, he doesn't say he wouldn't.
Re: Benedict Judas Quisling goes all Boeing (Score:1)
"We will only attempt to do that if we have the right court order. "
What part of this is difficult for you to understand?
Re: (Score:2)
"We will only attempt to do that if we have the right court order. "
What part of this is difficult for you to understand?
The definition of the word "right".
I think he means those secret courts that you can't appeal or even disclose that you have to give up. They're called the FISA Court: https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:3, Insightful)
And the US Constitution and Bill of Rights handicap the US when dealing with countries such as China, Russia, or NK. While the NSA and CIA are subject to daily scrutiny the same cannot be said about US adversaries. You will never see any protesters in China, Russia, or NK demanding details of their countries intelligence agencies.
Yeah and the US Gov is so handicapped by that scrutiny that their rates of regime-changing per decade are lower than China, Russia or NK. And the incarceration rates too.
Without such handicaps the US Gov would have to interfere with democracies by paying for social media ads and fake news/users rather than making up lies and sending US citizens to kill brown people. /s
Re: (Score:1)
If an imminent national security related matter is discovered the Constitution and Bill of Rights get thrown out the window. After all the Constitution and Bill of Rights are not suicide pacts. And the US Constitution and Bill of Rights handicap the US when dealing with countries such as China, Russia, or NK. While the NSA and CIA are subject to daily scrutiny the same cannot be said about US adversaries. You will never see any protesters in China, Russia, or NK demanding details of their countries intelligence agencies.
Okay, so we have a constitutional government, with all its benefits and civil liberties, unless the authorities decide that it's just too dangerous and inconvenient to have one. In that case they just throw the whole thing out the window. Saying the Constitution is not a suicide pact is a red herring. We have never been in a situation in which honoring and respecting and following the Constitution would have resulted in everyone's death.
Seriously, what is this bullshit? You know why no one is demanding
Re: (Score:1)
Saying the Constitution is not a suicide pact is a red herring. We have never been in a situation in which honoring and respecting and following the Constitution would have resulted in everyone's death.
You appear to be unfamiliar with the concept of metaphor.
Re: (Score:2)
Two big issues he is not saying he will fight any court orders, seeing that they commonly come with a gag order and having been on the receiving end in the hosting sector yea you have to fight them as the majority are junk they get dumped or changed with any pushback cops shop around for rubber stamp judges it can be as simple as waiting till the easy one is up in the rotation. Second blackberry should not be in a position to honor those court orders other than there is the encrypted blob and metadata even
Re:Benedict Judas Quisling goes all Boeing (Score:5, Interesting)
Being scared of terrorists in a country almost bereft of terrorism is just shy of being an accomplice.
Re: (Score:2)
And attempting to do it would probably be asking the engineers and then relay their response to the court: "it's impossible"
Re:Benedict Judas Quisling goes all Boeing (Score:5, Funny)
Of course it's not impossible.
You deliver the court a PC, something nice and powerful, running a brute-force decryption crack attempt on the encrypted payload. Then you give them a reasonable estimate regarding how long they might expect to have to wait until the machine finds the correct key. That this length of time exceeds the lifetime of the universe might be understood to be the plaintiff's problem.
Re: (Score:2)
Brute forcing the encryption is impossible in a practical sense, but that is not the only, or even the best way to crack a phone.
Backdoors?
Bugs?
Soak the phone in liquid N2, then remove the RAM and scan the VM.
Check the keyboard/screen for abnormal wearing or body oil.
Re: (Score:2)
Of course it's not impossible.
You deliver the court a PC, something nice and powerful, running a brute-force decryption crack attempt on the encrypted payload. Then you give them a reasonable estimate regarding how long they might expect to have to wait until the machine finds the correct key. That this length of time exceeds the lifetime of the universe might be understood to be the plaintiff's problem.
The US Supreme Court ruling in Eldred versus Ashcroft established that "limited time" is not perpetual so it will take the government only a "limited time" (and an easily calculated bound time) to brute force any encryption system. What are they complaining about?
Just like when a police officer stops you, he tells the court that you "eventually" pulled over no matter how quickly you did so.
Re: (Score:3, Interesting)
I haven't trusted blackberry since 2012 [intoday.in]. They already sold out back then.
Re: (Score:2)
That aside, this attitude is why BlackBerry collapsed. People wanted security. They got complicity instead
..the decline of blackberry had nothing do with security.
but it did have everything to do with being unable to sell phones on any operator-bundling free market. they got used to that they had an operator in their pocket with their servers running at the operator and those traffics got priority and using their push technology. that became irrelevant before 2010 and they have been going downhill ever since and the operator bundling of really expensive phones where the customer doesn't understand the cost went
Re: Benedict Judas Quisling goes all Boeing (Score:2)
TL;DR summary:
Businessman subject to repressive government publicly promises to obey edicts of repressive government.
Re: (Score:1)
Hmm... No, the above post isn't proof that you've never trusted BlackBerry. A strong indication perhaps...
And? (Score:5, Funny)
I'm sure all eight remaining BB customers are totally freaked out. Best switch to Windows Phone to keep their niche player cred.
Re: (Score:2)
Okay (Score:5, Funny)
Is he just saying stupid shit like this so he can get fired and collect his golden parachute?
Re: (Score:3, Informative)
Is he just saying stupid shit like this so he can get fired and collect his golden parachute?
The Blackberry CEO didn't say anything other than he'd comply with the "right" court order, which is true for anyone that wants to avoid going to jail. You might have to read further than the headline next time before you post.
Re: (Score:3, Informative)
Apple refused to just 'comply' with the FBI's warrant and vociferously fought it in court. Enough so that the FBI withdrew their request. BB's CEO seems like he's ready to just roll over on you.
Re: (Score:2)
Enough so that the FBI withdrew their request.
It was withdrawn because the device was cracked by an Israeli firm.
BB's CEO seems like he's ready to just roll over on you.
Saying you'll comply with a court order isn't rolling over. What should he have done when asked? "BB promises to disobey local laws and regulations". He'd have been promptly dismissed by the board for gross negligence.
Re:Okay (Score:5, Informative)
Enough so that the FBI withdrew their request.
It was withdrawn because the device was cracked by an Israeli firm.
Not before they fought in court, with Tim Cook writing public letter about protecting the people's right, with some of the public interviewee realizing FBI on the wrong, with a number of technology giants supporting Apple including MS and FBI finding themselves in a position for a possible bad precedent against them.
Only then they "just a day before the hearing" [iphonehacks.com] went and signed $15,278.02 contract with Cellebrite (Israeli company).
There is zero reason they should be "postponing the hearing" and also signing a contract on a day before postponing, unless they've ran out of time on something bad against them. Apple really did "enough" to make the FBI withdrew their request.
Re: Okay (Score:2)
Re: (Score:2)
His company is CANADIAN! Why the hell should he care about NSA?
Yes, because who ever heard of a company selling products outside of their country or origin?!?
Re:Okay (Score:5, Interesting)
The article is deceptive and clickbait. Everyone has to comply with court orders, even though you can appeal them, but if you lose your appeal, you have to comply. The BB executive is making the point that "heck, our encryption is so good that we can't crack it even if we had to do it."
Re: (Score:2)
Re: (Score:2)
wrong. You always have a choice
Yeah, you can choose to go to prison [wikipedia.org].
You are the best kind of correct, but that's not much of a choice.
Re: (Score:2)
The article is deceptive and clickbait.
Actually, the article is exactly correct and properly representative of what the Blackberry CEO said. Your interpretation applies (to some insignificant extent) only to enterprise customers, who possess the encryption keys. For everyone else, Blackberry possesses the encryption keys. For the former, Blackberry has promised to not oppose a court order if it is properly formatted. For the latter, Blackberry has promised to turn over the decrypted data upon request by any properly formatted court order.
For
Re: (Score:2)
For the latter, Blackberry has promised to turn over the decrypted data upon request by any properly formatted court order.
which is no where near being a
... proactive hacking offer ...
Re: Okay (Score:2)
The REAL question is (Score:2)
Thats the $64,000 question , and to be honest I and everyone else simply do not know. Unfortunately in this case that amounts to distrust.
BB is gone burgers
Re: (Score:1)
Actually, there are already implications that there *IS* already a back-door in their software. It is alluded to in the last couple of paragraphs of the article.
Re:The REAL question is (Score:5, Interesting)
If he was asked to put in a backdoor "by court order", would he....
Governments already require telcos to implement backdoors under the guise of "Lawful Interception": https://en.wikipedia.org/wiki/... [wikipedia.org]
I developed for an ISP platform of "a major provider" in Europe a while back, and guess what . . . ?
Yes, it was conform in providing this LI service to the folks, um, "entitled" to it. It was even implemented so that the platform operators could not see who was being tapped. This was because the spooks feared that "criminals" would smuggle in their own folks to work as operators, who could then tip off the criminals when the spooks were tapping them.
The spooks are supposed to have the proper judicial approvals . . . but it's like a dubious dance club catering to underage drinkers . . . no one is checking IDs at the door.
Someone should directly ask Blackberry how they assist "lawful" organization trace and tap communications on their systems.
Whoops! That pesky little National Security Letter Gag Order, again . . .
Re: Russian court order? (Score:2)
In Soviet America, laws enforce the courts!
Re: The REAL question is (Score:2)
Re: (Score:2)
If he was asked to put in a backdoor "by court order", he wouldn't need to because they already have a back-door.
I'll take that $64,000. Thank you.
Re: The REAL question is (Score:2)
Can a given communication device be lawfully sold in the United States, Russia, and/or China? If so, it spies on you!
Re: The REAL question is (Score:2)
Sold out years ago (Score:1)
Blackberry sold out to governments giving them access back in 2012 [intoday.in]
Exactly. And Blackberry got what they deserved... (Score:2)
No Surprise (Score:1)
If you don't know me by now...
Blackberry Offers 'Lawful Device Interception Capabilities' [slashdot.org]
BlackBerry Hands Over User Data To Help Police 'Kick Ass,' Insider Says [slashdot.org]
BlackBerry CEO 'Disturbed' By Apple's Hard Line On Encryption [slashdot.org]
... then you will never never know me.
NOTHING TO FEAR (Score:1)
BUT FEAR ITSELF
Re: (Score:2)
Fuck me! Blackberry just INVITES irrelevance! (Score:3)
Seriously.
They're so customer unfriendly it's not even funny.
"Yeah. We know you paid a lot of money for our products. But fuck you! Because we have an "in" with the gub-mint!"
Re: (Score:2)
I didn't say they weren't ALREADY irrelevant you shitstain.
I simply said that they keep inviting it.
Relevance (Score:3)
This is a BIG DEAL (Score:4, Funny)
... says 2008 me.
How is this news? (Score:2)
They have always done this, even when they were Research in Motion. The only change is that they are saying it's hard to break the encryption. At least when they had their own OS and applications which interacted with the enterprise software the company had keys, on a regional basis, to decrypt the data. It sounds like they can't decrypt the phone itself easily, but are happy to try. I'm sure that they still have the ability to decrypt anything that goes through the enterprise software.
BB vs. Apple (Score:3)
At least I have some public signalling by Apple that they think about whether they should or not. Maybe BB thinks about this as well, but I don't hear about it.
Blackberry is a Joke (Score:2, Insightful)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Apparently people have very short term memories (Score:4, Insightful)
I've been repeating this for quite a while now, but I dunno for what reason, people have apparently forgotten all about the case involving the Canadian Mounted Police, a master decryption key for all non-enterprise accounts, and extremely crappy response from your same very own John Chen who was also the CEO back at the time.
Let me refresh people's memories:
https://www.theverge.com/2016/... [theverge.com]
https://news.vice.com/article/... [vice.com]
http://blogs.blackberry.com/20... [blackberry.com]
https://www.computerworld.com/... [computerworld.com]
If anyone was stupid enough to fall into the obvious and very false statement that the new Blackberry had better costumer protection in place in comparison to Apple or other Android brands, it's on you for not doing very basic research.
It's like getting surprized with a new round of scandals of Lenovo laptops having malware pre-loaded on their bios. There have been enough cases to know what the position of the company is. If you are still throwing your money at them, you are just reinforcing the behavior and proving to them that it's acceptable.
John Chen has said nothing there that he didn't already say in the past. While he is the CEO of the company, such behavior is to be expected. Anyone who cares about their own personal privacy and about having proper standards on costumer protection should've already let go of the brand by now.
Re: (Score:2)
What difference is this with Android fracturing again with Samsung, LG and every other brand now making their own closed source custom framework for Android? LG now installs applications for me without my knowledge (Ignoring Google Play Store completely), throws ads on my idle screen, and most likely spies on me all the time despite being encrypted. Samsung is on the path of doing the same thing and Google is taking the closed source approach to Android (And telling me how this is a good thing). And on top
Re: Apparently people have very short term memorie (Score:2)
Encryption (Score:3, Insightful)
Aside from petty criminals, I would be shocked that any decent terrorist was even bothering to rely on any kind of third-party to provide their encryption anyway. I mean, that's just stupid.
Use ANY communications medium you like. The same metadata would be present on just about all of them. And encrypt the message before you send it. It's not hard.
Then you know that only the guy with the key can decrypt it and it doesn't matter what Blackberry/WhatsApp/Facebook etc. record - they only get the same metadata anyway. And, also, you could send the message by carrier pigeon if you were that paranoid. It would barely matter.
What we're catching with such stupidity are not the master criminals, but the idiots. The idiots are easy to spot anyway, precisely because they give the game away from the metadata. While the master criminals aren't hindered in the slightest. Meanwhile, all our privacy is stripped away on the inference that we're somehow stopping the master criminals by doing so.
I object to the stupidity, dumbing down, and taking me for an idiot - much more than I object to someone claiming to help the government decrypt if ordered to do so.