British intelligence agency called in to break BlackBerry encryption

[Peter Fairbrother]

http://www.zdnet.com/blog/igeneration/british-spy-agency-called-in-to-crack-blackberry-encryption/12281


"British intelligence service, MI5 has been drafted in to assist its 
sister service, GCHQ in cracking the BlackBerry encryption code"

Now GCHQ are the code boys and MI5 are supercops, and maybe Zdnet just 
got it the wrong way round.

Or maybe GCHQ are asking MI5 for help in collecting plaintext/ciphertext 
pairs in order to attempt a crack - MI5 get the plaintexts by seizing 
Blackberries (or more likely getting the ordinary cops to seize them) 
and reading the messages on them, and GCHQ gets the cipherexts by 
interception.


In order to access the content of messages, whether encrypted or not, 
CGHQ needs a warrant under RIPA.

These warrants come in two types, an ordinary warrant and a certificated 
warrant for when the communication is sent or received from abroad.

Ordinary warrants can only cover one person or one premises per warrant, 
but certificated warrants can include "fishing" warrants and cover large 
numbers of people and places.

The number of warrants issued is reported to Parliament annually, it's 
been about 1,500 - 2,000 or so for the last few years. It is unknown how 
many of them are certificated RIPA s.8(4) fishing warrants.



Looking at a Blackberry message from Yob Adam in Peckham to Rasta Bob in 
Brixton, the message is first encrypted and transmitted from Adam's 
Blackberry to RIM's servers in Paris, where it is decrypted. RIM then 
re-encrypt it and transmit it to Bob. Only link encryption is used, no 
end-to-end encryption.

So the two _transmissions_ are sent to or from Paris, even though the 
sender and intended recipient of the _message_ are both in the UK.

Unfortunately RIPA doesn't use the terms "transmission" or "message", it 
uses "communication"; and that term isn't well enough defined that 
someone couldn't say the transmission is a communication - and thus GCHQ 
can intercept it with an external warrant, which can include collection 
and examination of all traffic for fishing purposes.

Whether a Court would agree with that interpretation is perhaps unlikely 
- but it's not likely that it's ever going to be tested by a Court.


Of course GCHQ may not be relying on that interpretation. I have no 
evidence that they are - maybe they consider RIM in Paris to be a single 
premises, though again that might be legally dubious.

They may even be collecting Blackberry messages under ordinary warrants, 
one per perp, but if so the Home Secretary's fingers will be getting 
sore - she has to sign each warrant.

If there are no relevant warrants (and if Zdnet are right and GCHQ are 
intercepting en masse) then CGHQ would be behaving illegally. I don't 
think that's very likely, they would want some form of warrant even if 
it's a bit dubious legally to cover themselves. I'm just curious as to 
what that might be.



-- Peter Fairbrother