
NFI can decrypt encrypted BlackBerry emails - Bootvis
https://translate.googleusercontent.com/translate_c?depth=1&hl=en&rurl=translate.google.com&sl=auto&tl=en&u=https://www.security.nl/posting/455261/NFI%2Bkan%2Bversleutelde%2BBlackBerry-mails%2Bontsleutelen%3Fchannel%3Drss&usg=ALkJrhh7YMUAm2LVCjZthOzh3D_nmerI-w
======
aroch
Blackberry's CEO has already indicated that the company is willing and able to
defeat device encryption for law enforcement:

"At BlackBerry, we understand, arguably more than any other large tech
company, the importance of our privacy commitment to product success and brand
value: privacy and security form the crux of everything we do. However, our
privacy commitment does not extend to criminals,"

[http://blogs.blackberry.com/2015/12/the-encryption-
debate-a-...](http://blogs.blackberry.com/2015/12/the-encryption-debate-a-way-
forward/)

In the same blog he says the company doesn't put backdoors in, but how do they
plan in defeating Android's hardware encryption if there isn't one?

~~~
vox_mollis
Yes, except in this case it appears that the defendant was using PGP on the
device, and BB was not involved in the decryption effort at all. So either
nation-state compromise of PGP itself (unlikely), or key compromise (more
likely).

Edit: I wouldn't dismiss compromise of PGP out of hand entirely, even though
it sounds crazy. Both the judge and NFI denied the defense the ability to
audit the NFI's methods. I can't imagine hamstringing the defense like this if
it was a simple case of "your dumbass client left his key in plaintext on the
device". So there is a very slight fishy smell, here.

~~~
strictnein
Some of the recent leaked docs point to the NSA having problems with PGP these
days, but the rumor back in mid-90s was that they successfully broke it in
multiple ways, which lead the Feds to drop the case against Zimmerman.

No idea of the validity of this story, but it seems plausible at least:
[http://kraut.co/2015/02/28/1994-when-the-nsa-loved-
pgp/](http://kraut.co/2015/02/28/1994-when-the-nsa-loved-pgp/)

