Arrests show that even messages between BlackBerrys can be intercepted

BlackberryDavid Friend, The Canadian Press

TORONTO - Touted as one of the most secure ways to communicate, BlackBerry smartphones have been put in the spotlight after several police investigations said they were able to track criminals who used the device’s encrypted technology.

The latest case was revealed Thursday after Quebec police and RCMP officers said that more than one million instant messages sent through BlackBerrys helped gather evidence on two alleged organized crime groups.

This isn’t the first time police have said the supposedly uncrackable BlackBerry technology helped them capture an alleged crime ring, and it draws attention to the security around BlackBerry devices.

The RCMP said that 33 people were rounded up in Montreal, Quebec City, Laval and Gatineau, after investigators used a technique to intercept more than one million private PIN to PIN messages.

Independent technology analyst Carmi Levy said it shouldn’t come as a surprise that data was accessed.

“Law enforcement simply got a warrant and then obtained the keys to view encrypted traffic and then proceeded with their case,” Levy said.

“This does not call the fundamental security of PIN messaging into question. They were handed the keys to the front door. For anyone who thinks this exhibits a vulnerability in BlackBerry’s core technology, this is not the case.”

BlackBerry has traditionally encouraged its users to consider PIN to PIN messages as “scrambled” rather than “encrypted.”

The RCMP would not say whether BlackBerry co-operated in the case and representatives for BlackBerry said they were unable to address “an ongoing police investigation.”

But on BlackBerry’s website the company states that it will access personal information of its users in some cases, including in response to court orders, warrants and “other lawful requests or legal processes.”

Last year, a task force in Los Angeles intercepted BBM instant messages that helped uncover an organization that allegedly distributed cocaine across the U.S. and in Europe, according to a report in the Los Angeles Times.

In 2011, BlackBerry said it would co-operate with a police investigation into how BBM was used by some protesters to organize the London riots, saying that it co operates with authorities and complies with U.K. legislation.

Each of these cases has drawn attention to the accessibility of data on BlackBerry devices, which isn’t necessarily as simple as being either secure or unsecure.

Different technology on BlackBerry devices provide varying levels of security — from SMS texts, which offer little security, to messages sent through BlackBerry Messenger on the company’s enterprise servers, which are highly encrypted.

“It’s a problem in the way that BlackBerry has marketed some of its services to the consumer market,” said Christopher Parsons, a fellow at the University of Toronto’s Citizen Lab, which specializes on how privacy is affected by digital surveillance.

“It’s a very difficult security posture and probably one that most users … don’t fully understand.”

Parsons said many BlackBerry owners assume incorrectly that their smartphones meet the same standards as BlackBerrys used by major corporations and the U.S. government, even though they’re not operating on the same high-level security servers that have come to define the company’s advantage over its competitors.

BlackBerry plans to launch a more advanced security service called BBM Protected for its business customers this summer.

The company describes the technology as “a way for enterprise employees to speak safely and securely both inside and outside of the workplace” with an “unprecedented level of end-to-end security.”

BlackBerry will also charge a premium price for its customers to use the service.

Follow @dj_friend on Twitter

© The Canadian Press, 2014