The only people immune to that sort of potential snooping were those with BlackBerrys connected to an enterprise server. Corporate BlackBerry servers generate their own encryption keys, but devices that don't use those servers -- that is, all personal BlackBerrys -- rely on an identical peer-to-peer encryption key loaded onto the phone when built. Somewhere along the way, the RCMP obtained that key and used it to unlock BBM messages in transit. And as you might have guessed, the juiciest questions this report raises don't have satisfying answers.
How did the RCMP obtain that global key? No one is sure, though court documents obtained by Vice and Motherboard suggest BlackBerry has a some sort of working relationship with Canada's federal police, at least when it came to intercepting BBM messages. In light of the FBI's recent privacy dust-up with Apple, it's possible the RCMP somehow obtained it with the help of a third party.
Still, the simplest, most logical answer is that BlackBerry gave Canadian authorities the access they wanted. The company, after all, counts multiple national governments among its customers. In fact, while the events of Project Clemenza were unfolding, the Indian government insisted that BlackBerry give officials a lawful way to monitor some of the company's network data in the country. BlackBerry eventually relented, though the access given was limited to email and web traffic and the read-status of BBM messages.
Perhaps more important is whether or not the RCMP still has the key. Unless BlackBerry changed the key at the close of Project Clemenza -- a process Motherboard points out would require handset updates on a massive scale -- the RCMP likely still has the ability to decrypt BBM messages. We've reached out to BlackBerry for its side of the story and the company declined to comment. (We'll update this article if they talk, but you shouldn't hold your breath.)