Subscribe to Email Updates

Subscribe

the-dos-and-donts-of-it-security.jpg

BlackBerry believes in encryption backdoors - believes it's good for business

By Graham Cluley on Nov 18, 2015 | 7 Comments

BlackBerry, once the darling of corporations the world over, is trying to rebuild itself and seize marketshare back from the iPhone and Android smartphones that have so dramatically overtaken it in recent years.

Part of the problem is that consumers have driven the decision making process about what devices should be used in the workplace, bringing in their smartphones from home and demanding that they can be used to access company files in order to do work and stay in touch with the business out of the office.

It remains to be seen whether new products such as the BlackBerry Priv (which claims to be a more privacy-centric Android device) will gain marketshare and capture the imagination of consumers and corporations- but the company's chiefs are definitely on a collision course with rivals like Apple.

The reason?

The two companies dramatically different approaches to encryption.

In a talk entitled "Securing Mobility, Protecting Privacy", BlackBerry Chief Operating Officer Marty Beard told delegates that the company is a strong believer in providing law enforcement agencies with methods to lawfully intercept communications.

As FedScoop reports, Beard is clearly banking on continuing to work closely with law enforcement, traditionally one of the company's strongest customers.

"We very much take a balanced approach” to the issue of encryption, [Beard] told the FedTalks government IT summit, differentiating Blackberry’s approach from that of some of their competitors who are "all about encryption all the way."

It feels like a rather different position than the one taken by the company - then named Research in Motion - five years ago, when it said to New York Times it would not give in to pressure to allow governments to access enterprise customers' messages.

Back then, BlackBerry's founder said that "if you were to ban strong encryption, you would shut down corporations, business, commerce, banking and the internet. Effectively, you’d shut it all down. That’s not likely going to happen."

I can understand why BlackBerry's current approach of not being "all about encryption all the way" might be a message that is attractive to some of BlackBerry's federal customers - but how well is it likely to sit with others?

Just last week, Apple chief executive Tim Cook was warning that all backdoors lead to insecurity:

"I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will."

"Any backdoor is a backdoor for everyone. Everybody wants to crack down on terrorists. Everybody wants to be secure. The question is how. Opening a backdoor can have very dire consequences."

 BlackBerry's co-operation with law enforcement agencies when it comes to interception of communications is nothing new of course.

Although it has attempted to reassure enterprise customers that their communications are safe in the past, there is no secret that BlackBerry has done deals with governments such as Saudi Arabia and India, providing mechanisms for spying on supposedly securely encrypted conversations.

For a long time, bad people have communicated privately and secretly by using encryption.

But they're not alone.

Encryption is also used by people who are persecuted, freedom fighters, journalists and activists.

And encrypted communications by regular members of the public and multinational companies who don't want their private conversations and files to fall into the hands of unauthorised parties.

If you're responsible for security inside your company you want to feel confident that nobody is spying upon your firm's activity, that there is no opportunity for commercial rivals or hackers to find out your company's plans or access your customers' records.

The truth is that it takes years for a company to build trust amongst its customers, and yet can take seconds to destroy.  You may not get the chance to ever rebuild that trust if it is lost, but you can be sure that it could take a lifetime to win back.

 

White Paper

Share This Post On

Author: Graham Cluley

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.