Our last blog focused on Apple’s refusal to compromise its global device security in response to an FBI court order. Blackberry appears to have taken a different approach in a similar situation. Recently, Vice reported that the RCMP possesses a global encryption key for Blackberry. Documents released in a Montreal case reveal that the RCMP used the encryption key in a criminal investigation, Operation Clemenza. However, the encryption key could, in theory, be used to access other consumer Blackberry devices.
The extent of Blackberry’s involvement in the Operation Clemenza investigation remains unclear. Blackberry resisted publication of these records. What is known is that, through some means, police obtained a global key to Blackberry devices.
In a recent blog Blackberry CEO John Chen, commented that while privacy is a core principle of Blackberry, tech companies should comply with reasonable lawful access requests.
Concerns about Blackberry security are not new. Former Ontario Privacy Commissioner Ann Cavoukian has noted that rumors were circulating in 2010 that Blackberry shared its decryption key with two foreign governments. Further, the Globe and Mail reported in 2014 that leaked federal documents suggested Blackberry PIN to PIN messaging should be considered as “scrambled” but not encrypted.
While it is too early to draw any conclusions on consumer response to Blackberry’s position on privacy, it is clear that privacy is becoming a marketing asset. In the case of Apple, privacy protection appears to have helped Apple’s brand. The jury is out on Blackberry.
One of the major themes at the iPro Innovations 2016 Conference was security – at the corporate and firm level as well as from a consumer perspective. The common thread for each is that security is paramount and it needs to be better.
Chris Valasek is a hacker – but he’s one of the good guys. Valasek, a keynote speaker at Innovations, explained that he started off as a programmer who was not very good at his job creating new things, but he was really good at breaking them. So that’s what he set out to do – but with a greater good in mind. His goal is to show the world how important it is for products and services to be secure right from launch or implementation, instead of being patched along the way after the holes are exposed.
Along with his ‘partner-in-crime’, Charlie Miller, Valasek was able to hack into Jeeps throughout North America and take over physical control of entire vehicles, remotely. And all without being detected or leaving any trace. The purpose of this exercise was to expose security flaws (if they in fact existed) and prove his point: that product developers need both builders and breakers – he says developers need to “innovate and secure-o-late”.
What does all of this mean for us, as consumers? Valasek emphasizes that we don’t need to go offline and we should absolutely “embrace the chaos”; but at the same time that we are asking about price, warranties and service levels, we also need to ask questions about security and make certain that our product and service providers are doing the same.