Canadian police used BlackBerry's key to unlock BBM messages

New report claims over 1 million messages were decrypted over two years.

BlackBerry's big selling point is its stance on mobile security, but a report from Vice and Motherboard reveals at least one national police force were able to bypass that security. A cache of documents revealed that Canada's Royal Canadian Mounted Police had the ability to intercept and crack encrypted messages sent through BlackBerry's BBM service. The RCMP's findings in an operation called Project Clemenza led to seven men confessing their roles in a murder conspiracy, but over 1 million messages were captured and unlocked by a server in Ottawa along the way.

The only people immune to that sort of potential snooping were those with BlackBerrys connected to an enterprise server. Corporate BlackBerry servers generate their own encryption keys, but devices that don't use those servers -- that is, all personal BlackBerrys -- rely on an identical peer-to-peer encryption key loaded onto the phone when built. Somewhere along the way, the RCMP obtained that key and used it to unlock BBM messages in transit. And as you might have guessed, the juiciest questions this report raises don't have satisfying answers.

How did the RCMP obtain that global key? No one is sure, though court documents obtained by Vice and Motherboard suggest BlackBerry has a some sort of working relationship with Canada's federal police, at least when it came to intercepting BBM messages. In light of the FBI's recent privacy dust-up with Apple, it's possible the RCMP somehow obtained it with the help of a third party.

Still, the simplest, most logical answer is that BlackBerry gave Canadian authorities the access they wanted. The company, after all, counts multiple national governments among its customers. In fact, while the events of Project Clemenza were unfolding, the Indian government insisted that BlackBerry give officials a lawful way to monitor some of the company's network data in the country. BlackBerry eventually relented, though the access given was limited to email and web traffic and the read-status of BBM messages.

Perhaps more important is whether or not the RCMP still has the key. Unless BlackBerry changed the key at the close of Project Clemenza -- a process Motherboard points out would require handset updates on a massive scale -- the RCMP likely still has the ability to decrypt BBM messages. We've reached out to BlackBerry for its side of the story and the company declined to comment. (We'll update this article if they talk, but you shouldn't hold your breath.)