Open secrets: BlackBerry might share what's on your phone

CEO John Chen defends helping law enforcement as reports emerge that multiple governments can unlock BlackBerry communications

 Open secrets: BlackBerry might share what's on your phone
Flickr/Alex Wellerstein

As Apple and Microsoft battle the U.S. government to keep customer data secure from prying eyes and to keep secured electric data unavailable through backdoors, BlackBerry is defending government access to customer communications -- and may have provided the keys to several governments (including Canada and Saudi Arabia) -- so that they can unlock data as desired. 

CEO John Chen has said multiple times that tech companies must balance customer privacy with "lawful" government interests. He's even written that "our privacy commitment does not extend to criminals."

Chen's views mirror the arguments made by the FBI, the Justice Department, and the Burr-Feinstein encryption-access bill. On the face of it, it sounds reasonable. Who wants to help criminals?

Ironically, it's BlackBerry that has been the gold standard for secured communications, which is why it is used by presidents, prime ministers, secretaries of state, defense chiefs, and spies worldwide -- organizations that want assurance that everything they communicate is safe from eavesdropping.

But if BlackBerry is willing to cooperate with various governments to provide access, as it says it is, then those communications can't be assumed to be safe. After all, agents of other governments -- spies -- are criminals in those other governments' eyes.

Chen's rationale for providing access to at least some BlackBerry communications is a trapdoor to a Pandora's box we should not open. It amazes me that the very governments that want their people's data and communications to be fully secure are happy to break into others' data and communications -- even when using the same technologies. Once there's a backdoor, there's no guarantee of security.

Beyond the "just desserts" irony of the spies wanting access to each other's devices, though they themselves use the same devices, is a deeper, broader harm: the notion that individual rights aren't worth protecting when it's inconvenient for the government.

In most Western countries, you're innocent until proven guilty. That's not true in many other countries, where disagreeing with the government is essentially a crime -- and it's not only China, Iran, and North Korea, but more open nations like Russia, Jordan, and Thailand. Even "enlightened" Western countries like France, Britain, and America routinely spy on their citizens, criminal or not. 

What's happened is that "criminal" now means "suspect," and governments have decided that potential criminals should be treated like actual ones. Worse, many have decided that anyone who can help identify potential or actual criminals should be forcibly made to reveal any information they have.

These requests will of course be "lawful" -- all "lawful" really means is that the government has decided it is. There may be processes to follow, but that's merely a matter of degree. In the United States, we have secret courts to make these decisions when the regular laws get in the way.

Every country will set its own definition of "lawful" and "criminal," so "lawful" and "criminal" are meaningless, arbitrary standards. That's the danger of BlackBerry's thinking -- it may feel good or seem expedient, but it causes a deeper harm each time that erodes our liberties and the type of society that we claim to want.

BlackBerry says customers' BES servers have no backdoors and have never been compromised for government requests. Chen suggests cooperation with governments is in other areas of BlackBerry's technology chain -- perhaps its network operations centers, for example. (The key that BlackBerry has apparently shared is the default that individuals use unless their organization has its own BES server; each organization's BES server has its own key, unknown to BlackBerry similar to Apple not knowing users' encryption keys on iOS devices.)

Although I have no doubt about Chen's sincerity and BlackBerry's integrity, I believe the company's rationale for cooperation with data-access requests is dangerous. If you use a BlackBerry and read Chen's views on how it cooperates on "lawful" requests, do you really believe your data is safe? I wouldn't -- because BlackBerry is not adverse to opening its doors.

I hope everyone who still uses a BlackBerry thinks about that the next time they pick up their phone -- especially if they think that using a BlackBerry makes them more secure than if they used another device. At this point, they will never really know.

Copyright © 2016 IDG Communications, Inc.

How to choose a low-code development platform