Then RIM got into the consumer market.
Most consumers equate RIM’s products with security, email, BlackBerry Messenger (BBM), and a tepid suite of other smartphone features. Most of the people who report on the company tend to agonize over the fact that RIM complies with government surveillance laws. Such reports inevitably emerge each time that the public realizes that RIM meets its lawful access requirements for consumer-line products.
In this post, I want to briefly address some of the BBM-related security concerns and try to (again) correct the record surrounding the security promises of the messaging service. After outlining the deficits of consumer BBM products I briefly argue that we need to avoid fetishizing technology, encryption, or the law, and should instead focus on the democratic implications of the lawful access-style laws that governments use to access citizens’ communications.
In the interest of full disclose: I have family and friends who work at Research In Motion. I haven’t spoken to any of them concerning this post or its contents. None directly work on either BBM or RIM’s encryption systems.
The Origins of BBM Fears
Public commentators worry whenever RIM, or a government, admits that they have the capacity to decrypt personal BBM messages. Decryption is usually mandated because of lawful access requirements that RIM must comply with; the company doesn’t proactively make these messages available in the absence of legal pressures. What are lawful access laws? In general, they tend to grant governments access to citizens’ communications, typically by putting some kind of pressure on communications intermediaries (e.g. Facebook, ISPs, Twitter, RIM). For an overview of lawful access-style laws in the UK and US, see a report I’ve written on the subject, and for information on Canada’s recently tabled lawful access legislation see my earlier posts, or read the BCCLA’s report (.pdf) on the topic.
Governments target RIM on the basis that their service network is different from other mobile phone providers’. Specifically, the communications that are sent from, and often received by, BlackBerry devices will pass through RIM’s global service infrastructure. This infrastructure routes data and, given its centrality to BlackBerry device functionality, it is recognized by governments as a communications site that falls within the purview of lawful access powers.
In addition to routing and compressing data traffic, RIM’s service offerings also include a measure of security in excess of the practices adopted by their competitors. BBM, as an example, is encrypted. However, it is encrypted using a global key. RIM has written that,
The BlackBerry device scrambles PIN messages using the PIN encryption key. By default, each BlackBerry device uses a global PIN encryption key, which allows the BlackBerry device to decrypt every PIN message that the BlackBerry device receives.
This means that RIM can decrypt consumers’ messages that are encrypted with the global key. Consumer devices include all RIM offerings that are not integrated with a BlackBerry Enterprise Server (BES). The BES let’s administrators change the encryption key, which prevents RIM from using the global decryption key to get at the plaintext of BES-secured communication.
Many countries want access to consumer-level encrypted BBM communications. Of note, India had been threatening to expel RIM’s services from the country unless the company established a mechanism that let authorities decrypt and access BBM messages. Per a recent agreement between RIM and the Indian government, eight of India’s government organizations will have access to decrypted BBM messages. To access BBM messages,
The security agency concerned will first have to approach the Union Home Ministry and seek its permission to tap a particular BBM user’s number. The agency will then send a request to a service provider to access the data of the number. This will be followed by the operator connecting to the agency’s channel and divulging the user’s communication details.
BES policies will remain unchanged, with the Indian government agreeing that the only way to access BES-encrypted BBM, email, and Internet history will be through decrypted data stores that sit behind the BES. As a result, authorities will have to rely on warrants and other legal measures to compel BES-protected communications. This leaves businesses subject to the same laws they have always been subject to and means that RIM will not have to compromise on enterprise-level security.
Consumer BBM ‘Security’
Unfortunately, because RIM has failed to explain to non-enterprise consumers just how RIM’s services work, India’s ‘cracking’ of BBM has resulted in excessive concerns. Some worry about other countries – China, Pakistan, and so forth – compelling similar decryption compliance from RIM. They also worry that Canada or other Western nations could compel RIM to make decryption keys available, though they forget that Canada already (likely) has this capacity, as does the American government. RIM maintains a strong interest in lawful access legislation around the world and publicly recognizes that it is bound by the laws of countries where its products are offered.
The core technological issue, of course, is that BBM messages that rely on the consumer-provided BlackBerry Internet Service (BIS) have never been particularly secure. This insecurity was recognized, and written about, by the Communications Security Establishment Canada (CSEC) last year. CSEC identified the following security issues with BIS-based BBM/PIN-to-PIN communications:
- PIN-to-PIN transmission security: PIN-to-PIN is not suitable for exchanging sensitive messages. Although PIN-to-PIN messages are encrypted using Triple-DES, the key used is a global cryptographic “key” that is common to every BlackBerry device all over the world. This means any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device, if the messages can be intercepted and the destination PIN spoofed. Further, unfriendly third parties who know the key could potentially use it to decrypt messages captured over the air. Note that the “BlackBerry Solution Security Technical Overview”  document published by RIM specifically advises users to “consider PIN messages as scrambled, not encrypted”.
- PIN Address Vulnerability: A BlackBerry device that has been used for PIN messaging should not be recycled for re-use. The reason is that the hard-coded PIN cannot be erased or modified, and therefore the PIN does not follow a user to a new device. Even after memory wiping and reloading, the BlackBerry device still has the same PIN identity and will continue to receive PIN messages addressed to that PIN. This can expose unsuspecting users of BlackBerry devices to potential information compromise in the following ways:
- A new owner of the recycled BlackBerry device could view PIN messages sent from a colleague of the previous owner who is unaware that the message is now going to the wrong recipient (recall that the PIN is a device ID, and not a user ID).
- A message sent by the BlackBerry device’s new owner contains a known PIN credential which might be mistakenly accepted as being from the previous owner (impersonation).
- Bypass of Virus/Malware Scanning and Spam Filtering mechanisms: As described previously, PIN-to-PIN messaging bypasses all corporate e-mail security filters, and thus users may become vulnerable to viruses and malware code as well as spam messages if their PIN becomes known to unauthorized third parties.
In essence, CSEC and others who have probed the actual security guarantees of BIS-facilitated BBM messages have all come to the same conclusion: the offered security is better than absolutely nothing, but is absolutely insufficient to protect users from a moderately interested attacker. Certainly the government constitutes, at the absolute minimum, an interested attacker.
Don’t Focus On Technology and Exclude Law
The worries surrounding RIM’s making BBM communications available to law enforcement come from (at least) two general positions. The first tends to fetishize technology whereas the second attends to the democratic issues linked with lawful access laws themselves.
In speaking to the first: reporters who cover security and BlackBerry typically really don’t understand encryption. As soon as something is encrypted that means (to most reporters) that the communication is impenetrable. You often see articles that focus on how long it would take to brute force the decryption key, without any attention given to the various side-channel attacks that could leave the encryption intact while still gaining access to the plaintext. Consequently, whenever RIM ‘breaks’ their consumer products’ encryption the action is heralded as a serious moment.
Unfortunately, this reaction is naive and ignorant of the technical architecture of BBM and the BIS. Because of years of poor reporting on the topic of security generally, and BlackBerry security in particular, consumers and commentators are typically ill-positioned to really understand the compromise that RIM has made, or the actual levels of security that consumers enjoyed pre-compromise. In effect, the encryption that people thought was protecting them was marginal, at best, and is easily overcome at a technical level.
In speaking to the second position, however, there is a broader issue concerning the legitimacy of government surveillance. I would suggest that citizens cannot reasonably expect companies to regularly, and actively, ‘go to war’ with governments over the issues of citizens’ constitutional rights. While such opposition is often admirable (e.g. Twitter’s and Qwest’s opposition to overzealous US government surveillance), and is something we should praise, most companies will operate within the confines of the law as defined by legislative and judicial branches of the government. They will often obey the letter law, and not necessarily adhere to the normative ethos associated with basic law. Moreover, legal compliance is actually something that citizens tend to want: we want environmental regulations to be complied with, we want labor standards met, and so forth. The issue is (arguably) less with corporate compliance with governmental surveillance laws and more with the existence of those surveillance laws in the first place.
While companies that actively promote – and profit from – spying on the public should be shamed, we should resist focusing exclusively on companies who comply with lawful access provisions. Instead, we might focus on the excessive surveillance practices that the state claims are legitimate in the first place. This point, on the excesses of state power, is commonly lost on public commentators. While there is often a recognition that expanding the scope of lawful access powers are dangerous to civil rights, we rarely see a link between those laws and forced corporate compliance with them. This failure is dangerous and problematic, insofar as it distances the causal linkages and turns compliance into a “X company is bad” versus “X company has to do something we dislike because of Y questionable law.” Of course, the former narrative is easier to spin out rapidly, whereas the latter takes a bit of more time and nuance.
The expansions of lawful access powers are dangerous because the services that citizens use in their daily lives are run by corporations that are themselves bound by the laws of the land. Where those companies have operating footprints in countries which are strengthening lawful access powers, those companies may be forced to retrofit services to improve legal access to private communications. While companies can fight the good fight, and try to keep governments away from citizens’ communications, the same companies are typically required to comply with law at the end of the day.
We Need Democratic Narratives
In essence, there is a danger in fetishing BlackBerry Messenger security, or particular companies, or particular security promises. We should widen the narrative of lawful access discussions beyond technology and encryption to avoid emphasizing technology at the expense of democratic principles. Similarly, if we emphasize the roles of law, and its procedural legitimacy, we can potentially obfuscate the normative issues underlying our concerns with the law. These concerns are often not captured when we simply question procedural legitimacy.
I would suggest that it is more useful to take a holistic democratic accounting of lawful access laws and their implications. Where such laws are prospectively damaging to the fabric of the democracy, perhaps by threatening rights of free speech, association, and limitations of governmental search powers, then those are the areas that we as citizens, journalists, and commentators must focus our attention. Such democratic narrative can be supported by technological and legal facts and opinions, but critically the basic narrative is not on corporate products, whiz-bang technologies, nor legal minutia, but the very principles of a democracy. While we can all get lost in the expertise-languages associated with products, tech, and law, all citizens can engage in reasonable discussions of what they normatively expect their constitutional rights to mean in both theoretical and practical terms.
While the methods of engaging with the government vary – voting, writing government, publishing op-eds, or activism are all possibilities – what is key is that the citizenry become involved in the discourse surrounding governmental surveillance practices. Democracies live and die based on whether citizens are willing to defend their basic rights, the rights that enable their democracy in the first place. While attention to the technology undergirding those rights is important, we shouldn’t focus on technology (or the law used to undermine communications security) to the point where we forget the broader normative logics that are challenging the freedoms and rights that our democracies are based upon.