How Has the NSA Been Able to Spy on the BlackBerry Network?

BlackBerry plans to lay off 40% of its staff by the end of 2013 and recent Snowden leaks indicate that the NSA has been able to spy on the BlackBerry network. Could their massive business failures be related to their potential compliance with...

Sep 19 2013, 3:09pm

You can't hack a smashed phone. via Flickr.

There are a lot of exciting topics to discuss when it comes to the issue of smartphone surveillance. Just how completely wiretapped are the vibrating, light-up mini-computers that we tuck inside of our purses and pants pockets? Well, based on information that German newspaper Spiegel broke earlier this month—thanks to top-secret information given to them by everyone’s favourite surveillance industry fugitive Edward Snowden—it appears the NSA has boundless access when it comes to collecting the data we type into our smartphones and bounce off of satellites.

For anyone who has been following the waterfall of privacy-crushing leaks that have been pouring out of Edward Snowden’s attaché case, it’s not necessarily surprising to hear that American cell phone providers and hardware manufacturers have been compromised—especially now that we know the NSA has paid “millions” to make companies like Google and Yahoo more compliant with their gigantic spy network. What is surprising, for Canadians and non-Canadians alike, however, is that BlackBerry has been implicated in this latest rush of smartphone spying news as well.

BlackBerry, based in Waterloo, Ontario, is obviously the most successful Canadian telecommunications hardware manufacturer of all time—and unfortunately they’ve had a shitty few years. In 2011, BlackBerry got a bad rep during the London riots after it was discovered many demonstrators were using the proprietary BlackBerry Messenger to organize their protests, sweeping service outages later that year prompted an incredibly awkward, public video apology from Mike Lazaridis, one of BlackBerry’s co-founders, and in 2012 and 2013, roughly 5,000 jobs at BlackBerry were cut.

With so many business failures piling up—the Guardian referred to BlackBerry’s recent history as a “calamitous decline”—so evidently, drastic Hail Mary maneuvers needed to be pulled out of their telecom playbook. Last August, after a “four-year standoff” with the government of India, BlackBerry quietly gave the Indian government complete access to its encryption keys, in exchange for BlackBerry’s entrance into the Indian market—allowing BlackBerry to expand its wounded empire, while also compromising the security standards that have made the Canadian made keyboard phone the official choice of Barack Obama (even though he now prefers his iPad for security briefings).

So, could this mean the sharp drop in BlackBerry stock has forced the company to compromise its once famous security standards, in order to expand its reach globally and keep its business alive? When I reached out to BlackBerry to ask them about how and why the NSA is able to spy on their network, I received this pre-approved response:

It is not for us to comment on media reports regarding alleged government surveillance of telecommunications traffic. However, we remain confident in the superiority of BlackBerry's mobile security platform for customers using our integrated device and enterprise server technology. Our public statements and principles have long underscored that there is no “back door” pipeline to our platform. Our customers can rest assured that BlackBerry mobile security remains the best available solution to protect their mobile communications.

The breathtaking architecture of BlackBerry HQ. via WikiCommons.

Spiegel, who basically got the same answer from BlackBerry, rightfully pointed out the potential complications that would arise from the NSA working with a Canadian corporation, in order to collect the personal data of its users, or worse still, break into the BlackBerry network without the company's knowledge:

According to several documents, the NSA spent years trying to crack BlackBerry communications, which enjoy a high degree of protection, and maintains a special ‘BlackBerry Working Group’ specifically for this purpose… It is awkward enough that the NSA is targeting devices made by US companies such as Apple and Google. The BlackBerry case is no less sensitive, since the company is based in Canada, one of the partner countries in the NSA's ‘Five Eyes’ alliance. The members of this select group have agreed not to engage in any spying activities against one another.”

To try and get more clarity in this tangled issue of whether or not BlackBerry knows the NSA is spying on them, and how the Canadian government may be cooperating, I spoke to Robert Masse, a computer security and surveillance expert who now runs his own start-up called Swift Identity. First, Robert shed a bit of light on how Canada functions within the Five Eyes itself:

[Canada is part of the] Five Eyes, but the US controls it in the end. If Canada has pissed off the US for one reason or another, then the US will shut down the flow of intel. If Canada doesn’t do what the US asks, then Canada gets less access. It’s in everyone’s interest to cooperate with the Americans. It’s all a game of give and take… but the US always has the upper hand.

Say you’re in the RCMP and you go down to the states for a conference, you’re a Canadian and you’re always blown away with how much budget they have. It’s not ten times bigger—it’s infinitely bigger. When guys go down to the states and then come back, they’re just like ‘holy shit.’ They can’t believe the stuff they have access to.

The US has the ability to collect more intel than Canada. The US has submarines that can tap undersea cables. Canada has submarines that barely function as submarines. You can’t even compare the intel machine of the US against anything else in the world.”

So clearly, with so much influence and power coming out of the US, if the NSA really wanted to forge an intelligence partnership (aka build in a backdoor) to the BlackBerry network, they probably would have more than enough leverage to make it happen. That flexing of power, coupled with the recent decline in BlackBerry’s market share, might have produced the perfect storm that the NSA needed in order to get access to the BlackBerry network. Robert elaborated on all that:

Originally, I know BlackBerry did not want to cooperate with law enforcement. But in the past few years, with [BlackBerry giving India their encryption keys], maybe things have changed. It wouldn’t surprise me if they put in a [NSA] backdoor for the survivability of their business. You want to get the contracts… As things went down I’m sure that they had to make compromises.”

The possibility that customer security was compromised in order to strengthen BlackBerry’s overall business certainly seems more likely after the Wall Street Journal reported yesterday that BlackBerry will be cutting up to 40% of its workforce by the end of the year. It seems like the company is a sinking ship that’s being stripped for parts—which is bad (but not surprising) news for the Canadian economy. Plus, in this era of total corporate compliance with government surveillance, it seems highly unlikely that a genuinely security-conscious telecommunications company could ever rise from BlackBerry's once secure ashes.

These layoffs sure do sound like BlackBerry’s death knell—but the issue of NSA surveillance is still relevant to its existing consumer base. While it’s impossible, without some kind of information leak, to definitively say when and how the NSA cracked the BlackBerry network—though Spiegel does allude to a breakthrough from the British GCHQ intelligence agency in 2010 that was cause for “champagne”—it doesn’t seem like the Canadian government would have much of an issue with increasing our own surveillance powers at home by gaining access to the BlackBerry network, possibly with the help of the NSA.

Canadian law enforcement agencies work hand-in-hand with telecom providers to eavesdrop on phone calls, secretly read text messages, locate the whereabouts of suspects, and decrypt encrypted communications. Plus, the New York Times recently reported on how CSEC, Canada’s own NSA, helped the NSA become the “sole editor” of the National Institute of Standards and Technology’s encryption standard in order to make it deliberately weak for government surveillance purposes—which is a revelation that has shocked even the most well-informed cybersecurity experts.

Clearly BlackBerry is of interest to the surveillance agencies of the Five Eyes. Even with millions of lost customers in 2013 alone, over 75 million human beings worldwide still use BlackBerry devices. That’s a lot of BBM conversations and phone calls to keep track of. Whether or not BlackBerry willingly cooperated with the NSA is unknown—but if their massive losses in 2013, and the deal they made with India, are any indication of their corporate mindset these days—it seems likely they could have shook hands with the NSA as well to keep their heads afloat.

Follow Patrick on Twitter: @patrickmcguire

More about Canadian surveillance issues:

Is CSEC, the Canadian Version of the NSA, Trustworthy?

The Canadian Government Is Not Bothered by PRISM and the NSA

Canadians Should Be Concerned about the NSA and PRISM