According to an exclusive report from Vice News, the Canadian police have had a BlackBerry master encryption key in their possession since 2010 and used it to intercept over 1 million messages sent using the company's BlackBerry Messenger (BBM) service.
The encryption key was used by the Royal Canadian Mounted Police (RCMP) during a criminal investigation related to a Montreal crime syndicate that took place between 2010 and 2012. How the federal police force obtained it is unclear as all of the court documents used in the case were heavily redacted.
Careful analysis of the documents showed that the RCMP had a server set up in Ottawa that was able to simulate a mobile device and intercept messages. BlackBerry's master key was then used to decrypt the messages.
It is unclear as to whether the company has since changed its master key after the completion of the case or whether the RCMP is still making use of its interception system.
BlackBerry has used a global encryption key to protect BBM messages sent from its mobile phones for quite some time now. The company has not said outright that the messages sent using its service are completely protected but many users placed their trust in BlackBerry because of its focus on strong security and encryption.
The company's CEO John Chen has previously said that it is willing to cooperate with law enforcement agencies only under special circumstances. Perhaps the RCMP's investigation was an exception but the fact that it held BlackBerry's master key for such a long period of time raises further questions.
Luckily though for businesses, BlackBerry's enterprise-grade encryption allows companies to use their own master key which would protect their messages from being intercepted.