BlackBerry Hands Over User Data To Help Police 'Kick Ass,' Insider Says

Reader Dr Caleb writes: A specialized unit inside mobile firm BlackBerry has for years enthusiastically helped intercept user data -- including BBM messages -- to help in hundreds of police investigations in dozens of countries, a CBC News investigation reveals. For instance, citing a number of sources, CBC says that BlackBerry intercepted messages to aid investigators probing the political scandals in Brazil that are dogging suspended President Dilma Rousseff. The company also helped authenticate BBM messages in Major League Baseball's drug investigation that saw New York Yankees star Alex Rodriguez suspended in 2014. One document obtained by CBC News reveals how the Waterloo, Ont.-based company handles requests for information and co-operates with foreign law enforcement and government agencies, in stark contrast with many other tech companies. "We were helping law enforcement kick ass," said one person.

All three customers will be disappointed

RIP BlackBerry, again.

Re:All three customers will be disappointed

[Lab+Rat+Jason]

Yeah, a leak like this makes me think someone WANTS to drive another nail in the coffin...

Re:All three customers will be disappointed

[MitchDev]

Yeah, a bit too convenient in light of the public reaction to the FBI/Apple fight....

Re:All three customers will be disappointed

[TroII]

It doesn't destroy any arguments. Apple can make concessions to the government of China in order to continue doing business there, without volunteering to make the same concessions to the American government. We're supposed to have more rights in the US than they do in China, and people at Apple think those rights are worth fighting for.

In before Blackberry shills

[LichtSpektren]

As difficult as it may be to believe, BlackBerry has an intense cadre of shills (or perhaps rabid insane fans) that pollute every Internet article they can find which sheds a bad light on BB.

For us normal humans with functioning brains, we're just waiting for when BB goes under, hoping they sell their patent for a physical keyboard to a respectable Android OEM.

Re: In before Blackberry shills

BlackBerry already has gone under. All articles about them are "In Memorium".

Re:In before Blackberry shills

I'm not a huge BB fan, but this really isn't news.

All major companies have done and continue to do what BB is doing as mentioned in the article, even those who refuse to write software to help unlock phones. They got praised for refusing to unlock phones but most ignored when people pointed out they gave up "cloud data" in a heartbeat.

Re:In before Blackberry shills

[geoskd]

They got praised for refusing to unlock phones but most ignored when people pointed out they gave up "cloud data" in a heartbeat.

People have no reasonable expectation of privacy with cloud data. Its is well understood that once you send your data out into the world, it is fair game. If you don't like it, encrypt it, or make sure it doesn't leave your private devices. That is why the push for encrypted communications. Third parties are legally required to hand over data, but there is no requirement that the data be decrypted if the third party doesn't have the tools to do so. Apple makes sure that they do not have the tools to decrypt, as do many other software and hardware developers. Blackberry *does* have the tools to decrypt, and they are waaaay too ready to do so.

Re:In before Blackberry shills

[SumDog]

I had a Treo and Centro. Single threaded. No memory protection. You could write to a random memory location and crash the entire OS. Everything was written in C (there was a Java micro edition ... I think it was IBMs, and I could run Opera with it; which was surprisingly decent .. until the Treo crashed).

I even got a Pre. I knew several other people who had them too. Then HP bought them and that was pretty much over.

I hate how we now only have two major players.

Re:In before Blackberry shills

[PraiseBob]

Why not say- "People have no reasonable expectation of privacy with postal mail. Once you send the letter from your mailbox, it is fair game."

Except, there are federal laws that specifically make it illegal for another private citizen to snoop on your mail, and require a warrant for law enforcement to snoop on your mail.

Re:In before Blackberry shills

[jandrese]

Apple didn't give up iMessage data, which is what this is the equivalent of. That's why the police wanted to break into the phone in the first place.

Re:In before Blackberry shills

[theshowmecanuck]

Then, they got lazy

I call this "Novell Syndrome." Many people here might not remember that at one time Novell built the absolute best LAN server software around. But they got big heads and refused to improve. They wanted to keep LAN administration an arcane art and were killed by Microsoft. Microsoft was to area networks as Apple was to smartphones (and whether you hate Microsoft or not, their server software is now ubiquitous). People wanted certain features and Microsoft/Apple listened while [RIM|Blackberry]/Novell didn't. Now anytime I see a company die because they got too full of themselves, I call it Novell Syndrome.

Re:In before Blackberry shills

Then, they got lazy

I call this "Novell Syndrome." Many people here might not remember that at one time Novell built the absolute best LAN server software around. But they got big heads and refused to improve. They wanted to keep LAN administration an arcane art and were killed by Microsoft. Microsoft was to area networks as Apple was to smartphones (and whether you hate Microsoft or not, their server software is now ubiquitous). People wanted certain features and Microsoft/Apple listened while [RIM|Blackberry]/Novell didn't. Now anytime I see a company die because they got too full of themselves, I call it Novell Syndrome.

It's not that Novell didn't improve, in fact a lot of modern AD copied a lot of the feature from Netware 4's NDS. In the late 90's/early 2000's, Netware 4's directory services were miles ahead of Active Directory in terms of both performance, functionality, reliability and scalability. It wasn't until XP that AD even became a contender, and, realistically AD didn't reach NDS's versatility until server 2008, and there are still aspects of AD that don't match the versatility NDS.

Novell's biggest problem was that they were hampered by the fact the Netware 3 rocked. DOS and Windows 3.x/9x clients (aka: The DOS client) were solid and reliable. The servers were bullet proof. Sure, it was "only" a file server, but at the time, that's all the vast majority of people needed. When companies started looking at replacing Netware 3, they were probably looking at Netware 5 or Active Directory.

Which brings us to Novell's 2nd biggest problem: Netware 5. It was based off of SuSE Linux, so the servers were stable, but the core of NDS was not, it was a good thing that NW5 had good clustering capabilities because something would crash all the time. They abandoned all of their native tools for NW4, and rewrote them in Java for NW5. And they sucked, as they were both slower they were not feature complete. you still needed the old NW4 applications to configure the server the first time out of the box. And, to add insult to injury, if you had a problem with getting the licensing files to work, you needed to go back and use a NW3 tool to get it to take. And unless you were an old hand at NW3, you would not know about said tool.

Another thing was that a Netware server by itself, couldn't do anything other then host NDS functionality. You couldn't get on the machine, set up NDS and then run Quake on it. Windows 2000+ you could, so it was easier for people to learn on (Remember, at the time you really needed to spend about $1,000 for a machine that approached usability, and to have to buy 2 would be out of most students reach)

Speaking of reach, Microsoft also let you get the server versions of the OS for a 60-180 day trail period. Netware? You had to spend around $1,000 for a 5 user license.

bad plan

[geoskd]

It is simply amazing that the folks calling the shots at Blackberry cant see how downright idiotic this policy is.

From a PR standpoint, its a miserable failure: Every news cycle for the last year, there has been some story or other implying that Cops are out killing innocent people in scores and droves. If you're blackberry, you get up and cheer on the killers.

From a monetary standpoint, this is a miserable failure. Lets just advertise that we hand out your information to every two bit despot and charlatan that asks. Thats a way to instill confidence in your product as a secure device fit for the leader of the free world. I wonder how sales of their newer devices is doing?

From an ethics standpoint, this is a miserable failure. "Those who will give up fundamental data security for a little perceived safety are morons" -Abraham Lincoln 1859

Re:bad plan

[QuietLagoon]

..."Those who will give up fundamental data security for a little perceived safety are morons" -Abraham Lincoln 1859...

"Don't believe everything you read on the Internet" --- Abraham Lincoln 1854

Luckily Blackberry is secure.

[captaindomon]

Good thing Blackberry is the most secure mobile platform for doing secure things, right? Right?

It's always been a cozy relationship

[plover]

BlackBerry has always been willing to cooperate with law enforcement agencies in exchange for making a device secure enough that top ranking government officials can trust it. After the election, Obama famously insisted on keeping his BlackBerry, so the NSA tweaked one for him. Both backs were scratched, but once the NSA was wound deeply into the device, do you think they ever let go? Doubt it.

Maybe they can capitalize on this. Imagine this marketing campaign: "People who own BlackBerry Phones are honest and and have nothing to hide [picture of Obama with his BB.] Terrorists hide behind iPhones [picture of police at San Bernadino.] What kind of phone do you want to be seen carrying?"

Re:And why is this wrong?

We know it's on the up-and-up because they make the police sign a letter

...The cover letter demands police sign a confirmation that their request is legal in their home country and affirm that it is "made in connection with the enforcement, investigation, or prosecution of violations of publicly promulgated criminal laws and not the control, suppression, or punishment of peaceful expression of political or religious opinion."...

I'm sure that's about as effective as the US Constitution has been for our own police force.

Re:And why is this wrong?

It's absolutely wrong if there is no warrant driving the specific collection of specific data from a suspect's account with Blackberry.

That pesky Fourth Amendment actually does mean something, even if people are so willing to toss it frequently into the garbage.

Re:And why is this wrong?

[mi]

Unless you are prepared to denounce all cooperation with police — in all countries — you'll need to cite concrete examples of cases, where Blackberry should not have helped the authorities in order to blame the company.

Re:And why is this wrong?

[Mente]

They probably aren't legally wrong. I'm sure someplace in the 142 page terms of use it says that they can release the data. However, in the course of an investigation, if police want to get into a safe, they don't contact the manufacturer to get them to open it. They apply for, from a judge, a subpoena to have the person of interest open the safe. If they refuse, then that judge can imprison the person for contempt. The safe manufacturer has no legal requirement to respond to such a request. They no longer have a legal interest in the ownership/use of the safe.

This is where the sticky point lies. You own the mobile device, but probably not the OS that runs on it. You only license that from the manufacturer. However, the data needing to be accessed is in storage, on the device which you own. The OS is only the method used to access it, much like the key/combination to the lock. So, is the company under any legal obligation to provide law enforcement with the key/combination? That depends. Apple got around this by having the user hold the key. Apple "can not" unlock the device because it doesn't hold the keys. In the Apple case, it was like asking the safe company to blow the door off a safe, because the user changed the combo and the safe company had no way to get/reset that combo. Its not the manufacturer's responsibility. If law enforcement wants to blow the doors off, it must do it itself. Which they did.

Re:And why is this wrong?

unless the investigation itself is bogus, of course.

I don't know about Brazil, but the way we prove investigations in the US aren't bogus is to get a judge to sign a warrant, or at a minimum, a subpoena.

There may be non-bogus investigations that do not use warrants or subpoenas, but I challenge you to prove it, a daunting task when there's no paper trail, except I guess a fax from another country from a cop doing coppy things trust me I'm a cop I promise cop's honor.

Re:And why is this wrong?

[geoskd]

police can ask other people about you without a warrant.

The problem here is that Blackberry has deliberately built their system in such a way as they will always have access to, and subsequently the ability to divulge, your secrets. If you don't want blackberry decrypting your communications and giving that information to anyone who asks; Don't use Blackberry. That is the lesson they are trying to teach their customers.

Blackberry has deliberately set themselves up as a third party to every conversation such that you as the individual no longer have any reasonable expectation of privacy and as such, the police don't even need a warrant to get at your information. Apple by contrast has gone to great lengths to ensure that they *are not a party to your information*, and as such Apple can't be compelled to give away your secrets because they don't have them.

As always, all bets are off if you use cloud services, but then that just makes you a moron.

Re:And why is this wrong?

[Mente]

The flaw in your example is that the pizza delivery guy witnessed the crime. Blackberry in these cases, did not witness, then report. They are simply being asked to blow the doors off the safe that may contain some information of interest. Even that isn't necessarily a problem. Law enforcement might want to contact the safe company and ask for their assistance to make sure the doors are blown off without damaging the contents, and the safe company engineers might be the best people to help achieve that.

The problem with cases like these is that they are increasingly being requested without the proper legal documentation/subpoena that would allow the evidence to be admissible in court. They are being used for fishing purposes. Information that they could use, then use other methods to verify the information obtained. For example, guy suspected in a murder case. They want data from the phone. The person of interest denies the request. Subpoena is requested and approved for the person of interest to turn over any information relevant to the issue at hand over to police. The person of interest refused and is found in contempt, then sent to prison. The manufacturer is asked to unlock the device so police can look through the device for evidence. The manufacturer, in this case, Blackberry complies. Now police have access to everything on the phone. Including a text message sent from the person of interest to someone else with evidence of a robbery that was committed 2 months prior. Now, since the subpoena didn't cover that prior crime, they can simply get a new subpoena for the recipient's device to have that message now meet the legal conditions required to be considered evidence to be used get an indictment on that unrelated crime.

What's the problem with that? I see that as a violation of the person's 5th amendment right against self-incrimination. But it is happening more and more frequently. With mixed results when being fought in court.

Re:And why is this wrong?

That pesky Fourth Amendment actually does mean something

This has nothing to do with the Fourth Amendment — police can ask other people about you without a warrant. It is neither illegal nor unethical for them to do so, nor is it for those people to respond — unless the investigation itself is bogus, of course.

Asking to obtain data that could reasonably be categorized within the bucket of "papers or effects", such as phone call data, messaging data, e-mail data, etc. I would generally consider to be skirting the Fourth Amendment.

Further, the Fourth Amendment was written and put in place specifically because of abuse of "writs of assistance", very similar to the purpose of National Security Letters and also similar to what "asking" corporations such as Blackberry to hand over data today is like.

From Wikipedia: "In general, customs writs of assistance served as general search warrants that did not expire, allowing customs officials to search anywhere for smuggled goods without having to obtain a specific warrant. These writs became controversial when they were issued by courts in British America in the 1760s, especially the Province of Massachusetts Bay. Controversy over these general writs of assistance inspired the Fourth Amendment to the United States Constitution, which forbids general search warrants in the United States."

Therefore, whether Blackberry willingly complies with weakening the Fourth Amendment or not (and it certainly is today according to TFA), Blackberry or any other corporation does not have my consent to turn over data to government entities without a warrant, even if they snookered it into their EULA.

There is really no justification for any corporation handing over any personal customer data to any government entity without a warrant. That's exactly why we have the Fourth Amendment, and it's sad so many are so accepting of the gross overstepping that occurs every day to trample on the rights that are supposed to be protected by that Amendment.