[Cryptography] Canadian Police Had BlackBerrys Global Decryption Key since 2010

[D. Hugh Redelmeier]

| From: Henry Baker <hbaker1 at pipeline.com>

| Exclusive: Canadian Police Obtained BlackBerry?s Global Decryption Key

| Oops!  Now every tin-pot government will want the same key...  That's why it's called a slippery slurp.

I'm not sure of the issue here.  Am I missing something?

My understanding (inferred) has been that anyone owning the BES* can
read the BBM traffic going through it.  Law enforcement (or other
security folks) can go after that owner.

For ordinary mortals, the BES is run by Blackberry (or perhaps the
phone company).  And governments regularly compel them to produce the traffic.

A few years ago, a few countries wanted access to traffic.  In the
end, all it took to appease them was Blackberry placing their BES in
the country so local traffic would be accessible to the government.

That still left the corporate BESes in a different situation.  If the
government wanted access to their traffic, they'd need a production
order for that company and the company would know it was the subject
of an investigation.

As I understand it, it is even practical for a modest sized company to
run a BES.


* BES stands for Blackberry Enterprise Server.  I don't know what it
would be called when run by Blackberry -- probably something different.