BLACKBERRY CEO John Chen has claimed that the company did "nothing wrong" in response to claims that it gave Canadian police access to customers' BBM messages.
It was suggested in reports last week that BlackBerry had provided access to the firm's universal decryption key, enabling them to pore over one million BBM messages.
Chen has defended his company's actions in response to requests for help in criminal investigations, and has said that assisting the police is the right thing to do.
"When it comes to doing the right thing in difficult situations, BlackBerry's guiding principle has been to do what is right for the citizen within legal and ethical boundaries," Chen said.
"We have long been clear in our stance that tech companies as good corporate citizens should comply with reasonable lawful access requests. I can reaffirm that we stood by our lawful access principles."
Chen criticised Apple's contrasting approach, saying that "we are indeed in a dark place when companies put their reputations above the greater good".
Vice News, citing declassified documents from a Royal Canadian Mounted Police criminal investigation between 2010 and 2012, revealed last week that Canadian police kept a dedicated server at its headquarters in Ottawa to intercept messages.
The server was connected to the network of Canadian mobile operator Rogers, which also cooperated with investigators.
It has been known for years that the architecture of the BBM system is flawed owing to the existence of the universal decryption key of which many governments have already taken advantage and which has probably been widely reversed engineered and exploited in any case.
The weaknesses of BBM are best explained in this article from Encrypted Mobile: "The Achilles' heel of BBM is that, while PIN-to-PIN messages are encrypted using Triple DES, RIM [as BlackBerry was called until 2013] adds a global cryptographic 'key' which is shared between every device [it has] manufactured.
"This automatically allows a situation (in theory, at least) where, if the messages can be intercepted at the cellular service provider's network and the hacker manages to spoof the intended recipient's PIN, any BlackBerry device can be used to decrypt all PIN-to-PIN messages sent by any other BlackBerry device.
"While this has never happened as yet, or at least has not been brought to our attention, the scenario lies entirely within the realm of possibility."
Security expert Bruce Schneier and Facebook chief information security officer Alex Stamos have taken a more cynical view. Stamos wrote when he was CISO at Yahoo in 2011 that BBM is not secure from determined police and security authorities.
"[BlackBerry messages] are encrypted with a shared symmetric key that is installed on every BlackBerry. This key has been handed over to governments by RIM, and even if it hadn't been most intelligence services would be able to reverse engineer it out of the BlackBerry OS," he said.
"It is completely possible for adversaries with the ability to sniff the mobile network to read BBM messages. I would expect most first-world and some developing law enforcement agencies already do this regularly."
Stamos explained that the governments of China, Russia, the UAE and the US "definitely" had the ability to crack and read BBM messages in 2011. Many more will be able to do so now.
Furthermore, Schneier suggested that BlackBerry has threatened to withdraw from countries such as Pakistan and the UAE only when the governments demanded unrestricted access to BBM messages.
Otherwise, the company has provided access on a case-by-case basis if requested to do so.
"India, China, and Russia threatened to kick BlackBerry out for this reason, but relented when RIM agreed to 'address concerns', which is code for 'allowed them to eavesdrop'," said Schneier in a blog post.
"RIM is providing a communications service. While the data is encrypted between RIM's servers and the BlackBerrys, it has to be encrypted by RIM. So RIM has access to the plaintext."
In other words, BlackBerry itself was always the biggest weak point in BBM security, and governments have routinely brought pressure to bear on the company for access to those messages. µ
Everything is going to be the same, just a bit different
Firm missed out on being 'first' by just a few hours
Firm promises that charging is about to hit 'warp speed'
No fax given