NFI press officer Tuscha Essed said, “We are capable of obtaining encrypted data from BlackBerry PGP devices.” The agency handles forensic investigations in criminal cases in the Netherlands.
The news came to light when Dutch blog “misdaadnieuws.com” or Crime News published documents ostensibly sourced from the NFI last December; the blog reported that encrypted emails as well as deleted messages could be read using forensics software developed by private security firm Cellebrite.
The report also stated that, in order to decrypt its contents, law enforcement would need to have physical access to the device.
That’s worrying because even if you went to the trouble to purchase a custom BlackBerry device equipped with PGP encryption capabilities, your emails may still be accessible in case someone gained access to your device.
A number of vendors sell such modified BlackBerrys, which sometimes have additional security measures in place like a disabled microphone and a USB port configured only for charging. As such, they’re only intended for sending and receiving private email.
Law enforcement agencies including the UK’s National Crime Agency as well as the Federal Bureau of Investigation and the Drug Enforcement Administration did not confirm to Motherboard whether they could decrypt BlackBerrys, as “confirming or denying this capability provides information on tactics, techniques and procedures that we can’t discuss.”
Update: BlackBerry published a blog post and statement affirming that the company believes its devices are as secure as they’ve ever been:
We are confident that BlackBerry provides the world’s most secure communications platform to government, military and enterprise customers. However, we can’t comment on this claim as we don’t have any details on the specific device or the way that it was configured, managed or otherwise protected, nor do we have details on the nature of the communications that are claimed to have been decrypted.