BlackBerry hands over user data to help police 'kick ass,' insider says
CBC gets peek into how secretive office answers requests from police around the world
A specialized unit inside mobile firm BlackBerry has for years enthusiastically helped intercept user data — including BBM messages — to help in hundreds of police investigations in dozens of countries, a CBC News investigation reveals.
CBC News has gained a rare glimpse inside the struggling smartphone maker's Public Safety Operations team, which at one point numbered 15 people, and has long kept its handling of warrants and police requests for taps on user information confidential.
A number of insiders, none of whom were authorized to speak, say that behind the scenes the company has been actively assisting police in a wide range of high profile investigations
But unlike many other technology companies, which regularly publish transparency reports, it is not clear how many requests BlackBerry receives each year, nor the number of requests it has fulfilled.
Insiders say, for example, that BlackBerry intercepted messages to aid investigators probing the political scandals in Brazil that are dogging suspended President Dilma Rousseff. The company also helped authenticate BBM messages in Major League Baseball's drug investigation that saw New York Yankees star Alex Rodriguez suspended in 2014.
- BlackBerry CEO tries to reassure users on encryption
- Apple's co-operation with police in Bosma case not unusual
One document obtained by CBC News reveals how the Waterloo, Ont.-based company handles requests for information and co-operates with foreign law enforcement and government agencies, in stark contrast with many other tech companies.
"Narco trafficking, human trafficking, money laundering, kidnapping, crime against children, knowing you are stopping those things … how do you not love doing something like that?" said the insider.
Although BlackBerry still counts businesses and governments around the globe among its customers, the company has acknowledged that its smartphone marketshare has declined significantly in the face of competition from Apple and Android phones.
In response to questions from CBC News, a BlackBerry spokesperson said it "will not address the questions given the extremely sensitive nature of this process."
The company also provided a statement that said, "BlackBerry's guiding principle has been to do what is right within legal and ethical boundaries when called upon to provide aid in the apprehension of criminals, or preventing government abuse of invading citizen's privacy. We have long been clear in our stance that tech companies, as good corporate citizens, should comply with reasonable lawful access requests."
BlackBerry has recently defended its co-operation with law enforcement amid high-profile cases such as the standoff between Apple and the FBI over access to an encrypted iPhone, and heightened concerns about privacy and government surveillance in the wake of revelations from U.S. whistleblower Edward Snowden.
"The Snowden stuff, I have a problem with that. Mass surveillance is an issue," another source said.
The Public Safety Operations team at BlackBerry's headquarters has streamlined a process to deal with what insiders characterize as a flood of requests from police. Lawyers review warrants and judicial authorizations before giving data analysts a green light to intercept and decrypt messages.
The company has developed an International Cover Letter (ICL) for police and government agencies to submit alongside a warrant.
CBC News obtained a version of the cover letter, one used by Italian authorities. It includes checkboxes for "emergency/exigent/routine" requests, to help BlackBerry prioritize life-threatening situations over routine investigations.
3 categories of information
It offers a menu of three categories of information BlackBerry can provide:
- Device, account, and subscriber data (including PIN, IMEI, SIM, BlackBerry ID, name, address, payment, and purchase information).
- Message transaction logs (times and dates of BBM and PIN message exchanges, current BBM contact list).
Multiple law enforcement and company sources tell CBC that the "Other" section is where police detail requests to intercept and descramble user communications, including the consumer versions of its once popular BBM and Pin-to-Pin messaging services.
The cover letter demands police sign a confirmation that their request is legal in their home country and affirm that it is "made in connection with the enforcement, investigation, or prosecution of violations of publicly promulgated criminal laws … and not the control, suppression, or punishment of peaceful expression of political or religious opinion."
Insiders say BlackBerry will only consider requests if they include a valid legal order from the foreign jurisdiction.
Potential for abuse
Christopher Parsons, a research associate at the University of Toronto's Citizen Lab, who has studied the privacy practices of tech companies, is worried by the secrecy of BlackBerry's process and its potential for abuse.
"The concern would be that there is a lawful order from a corrupt judge," said Parsons, who reviewed the ICL for CBC News. "There are countries in the world, unfortunately, where this does happen."
He said BlackBerry is allowing foreign police to bypass the Mutual Legal Assistance Treaty, a diplomatic agreement that allows Canadian officials to review requests from foreign police and consider whether they are legal under Canadian law.
'Sidestepping' the process
"This is direct. This is a sidestepping of that entire process. This is BlackBerry being the one that makes that decision, as opposed to the Canadian government," Parsons said. He acknowledged that the treaty process can take months, so police likely prefer dealing directly with BlackBerry.
U.S. law prohibits the likes of Apple, Facebook, and Google from intercepting communications on behalf of foreign agencies, which Parsons says contrasts to BlackBerry's practice.
- N.B. drug network tricked by BlackBerry 'Trojan horse'
- BlackBerry phone sales fall as it launches Priv
Company insiders, meanwhile, say advances in encryption are making interception of mobile communications increasingly difficult for police. Yet they also say they are surprised criminals have been slow to pick up on BlackBerry's co-operation with police to access messages.
"They are making the mistake thinking it's untouchable and nobody can see it … not aware there is a group in Canada that can access it, decrypt it and send it to law enforcement," said a source, who also says the team has a sense of "mission" helping law enforcement.
"If you have the ability to help put bad people that have committed crimes behind bars, why not help someone do that? What's your counter-argument to putting bad guys away?"
Please send tips to firstname.lastname@example.org or email@example.com or anonymously via CBC SecureDrop.