BlackBerry Willing to Break Own Encryption If Asked, Signals Critical Need for a Viable Alternative
In the post-Snowden era, the world has come to understand that our privacy, our cyber-secrets, are of utmost importance and that mass surveillance will not be tolerated. It was after Snowden's revelations about NSA's shifty behavior that the world started to change and to use encryption.
The first end-to-end encrypted messaging apps arrived, our browsers are forcing the matter on HTTPS adoption, our emails are somewhat protected by encryption too, even if only on company servers, smaller mail providers who offer E2E encryption have also become successful, although the efficiency here also depends on the user and whether the keys are kept safe. In fact, it has come to a point in time when if a messaging or email app doesn't provide encryption by default, they're not going to get many users. No encryption, no trust.
Google, Apple, and Microsoft, have all battled law enforcement agencies in the United States and elsewhere over the past few years, trying to protect users from their data being needlessly shared with law enforcement, believing on some level that your secrets are safe with them and not governments. If the demands were too broad, if there was little to no evidence the data should be revealed at all, if law enforcement asked them to break their own encryption to reveal data, these companies stood their ground and took the battle to the courtrooms.
And then, there's BlackBerry.
Just recently, BlackBerry CEO John Chen told Forbes that the company would try to comply to every court order it receives, even if that means trying to break its own encryption.
"Today's encryption has got to the point where it's rather difficult, even for ourselves, to break it, to break our own encryption... it's not an easily breakable thing. We will only attempt to do that if we have the right court order. The fact that we will honor the court order doesn't imply we could actually get it done," Chen said.
In the day and age when people have so many options to choose from in terms of smartphones or security, and people are becoming increasingly aware of the importance of encryption, admitting you'd try to break your own encryption must mean you're really not looking for new users or clients, especially since BlackBerry has shifted more towards software, security, and services due to low smartphone sales.
It should also be mentioned that the statement comes from a company that claims to have created the most secure version of Android on the market.
Of course, BlackBerry has never really been a company to stand up to law enforcement. When Google, Microsoft and Amazon signed an amicus brief to support Apple in its battle with the FBI over the iPhone of one of the San Bernardino shooters, BlackBerry didn't. They've also avoided releasing any kind of transparency reports up until now to reveal just how much interaction they have with the government.
What BlackBerry is doing here is shooting itself in the knee because regular users expect their data to be safely guarded by encryption, whether they understand the concept or not. Of course, the ideal world would see a better balance between privacy and security, especially when it comes to fighting crime and terrorism, which is a delicate situation. Barack Obama has asked tech companies to find a solution to offer law enforcement some help in decrypting devices owned by criminals or needed in investigations, saying that if they fail to do this, sometime in the future Congress could push a law that would force their hands, rather than have them find a solution in their own time that would offer users protection, but also provide law enforcement with the required data. Since that has not happened yet, having BlackBerry say it would try to break its own encryption rather than look for an alternative, any alternative, signals they’re throwing in the towel and failing its users.
Encryption's failing battle
By 2020, we will be unable to protect 75% of our online data. Or, as Arthur Keleti, cyber-secret futurist, describes in his book "The Imperfect Secret," 3 out of 4 of our most closely guarded cyber-secrets will end up online. These secrets may vary in sensitivity, but that doesn't mean they're not important. They can make us embarrassed, or we may even feel ashamed of some of them if they got out, depending on the type of secret we're talking here.
Regardless, it's a battle we all must partake in - trying to protect our data, or, better said, our secrets. Encryption is one way to make sure we have the upper hand, especially if that encryption is uncrackable, or if it requires considerable efforts to break it open; at the very least people will know you're putting in the effort of offering them protection. When it comes to BlackBerry, however, you can't but wonder what the purpose of the company is nowadays. If you won't protect your users, if you won't fight for them, then what are the guarantees our data is safe?
Sure, BlackBerry didn't come out and say it has the keys to access communications flowing through its servers; it has, at the very least, admitted it is willing to try to circumvent its own security if law enforcement demanded it.
A simpler solution was proposed by Keleti in the aforementioned book. What if we left an AI in charge of knowing who we each are, what our norms are and, by that line of thought, what our secrets are. This AI can lock the device, make sure no one can access the data, especially the more sensitive information there. In case law enforcement ever needs access to some type of data there, a request can be made and the AI can pull up the needed data. In this way, there's a balance between our need for privacy, and the need for law enforcement to get the data they need for their cases.
Until then, let's hope BlackBerry reconsiders its priorities.