Is Blackberry “NSA-proof”? Don’t bet on it
One gets the feeling nothing’s truly private. Which is why a recent claim by U.S. investment banker Peter Misek that the Blackberry is “NSA-proof” raised eyebrows.
In the interview with CBC News, Misek argued that based on conversations his company has had with the NSA, he is convinced the security agency has not successfully cracked Blackberry’s custom cryptography. “That security is so good, it takes four million years on brute compute force to hack it.”
Cyber-security experts were quick to disagree:
— profdeibert (@RonDeibert) September 13, 2013
Internal NSA documents recently obtained by Germany’s Der Spiegel newspaper outline a concerted effort by NSA specialists to collect encrypted Blackberry communications:
“As far back as 2009, the NSA specialists noted that they could “see and read” text messages sent from Blackberrys, and could also “collect and process BIS mails.”
The NSA reportedly set up a “Blackberry Working Group” with the sole focus of cracking Blackberry communications.
Any claim that a device can be “spy-proof” is absurd on its face, says Katherine Maher, Director of Strategy for Access Now.
“There is no such thing as uncrackable encryption,” she said. “Anything is crackable with enough resources and time. … To make that assertion is mathematically impossible.”
The documents obtained by Der Spiegel included an image from a presentation called “Your target is using a Blackberry? Now what?” The image showed an email from a Mexican government agency that was sent using Blackberry encryption technology but that was still intercepted by the NSA.
Even Blackberry itself has never claimed to be NSA-proof. In an emailed response to a Global News query Friday afternoon, spokeswoman Rebecca Freiburger wrote:
“It is not for us to comment on media reports regarding alleged government surveillance of telecommunications traffic. However, we remain confident in the superiority of BlackBerry’s mobile security platform for customers using our integrated device and enterprise server technology. Our public statements and principles have long underscored that there is no ‘back door’ pipeline to our platform. Our customers can rest assured that BlackBerry mobile security remains the best available solution to protect their mobile communications.”
These reassurances may be misleading, Maher said: Blackberry’s encryption for business clients is little comfort for individual mobile owners. And while Blackberry has categorically ruled out any “back doors,” “It doesn’t actually make reference to whether or not something like a private key would be shared with an intelligence service.”
Blackberry’s assertion it’s the most secure choice out there could be true, Maher says – to a point.
For a big business, “the adversary they might be concerned about is far more likely to be in the realm of corporate espionage, so [Blackberry] may offer services adequate to their needs.”
Government spies – with more computing power and more time – are another story altogether.
© Global News, 2013