The Netherlands’ national forensics agency has confirmed it is able to read messages sent from BlackBerry devices protected with PGP encryption, after evidence taken from such a device was reportedly used to help successfully prosecute a suspect in a Dutch drugs transport case last month.
The Netherlands Forensics Institute’s (NFI) disclosure sheds light on the encryption arms race between law enforcement agencies and those seeking to conceal their communications using encryption.
Law enforcement bodies, including those in the UK, have criticised the rapid expansion of encrypted communications as hindering the efforts of security services.
The NFI confirmed in a statement that it has the ability to decode encrypted messages stored on “BlackBerry PGP” handsets, as they are known – BlackBerry devices sold by third parties customised with PGP encryption tools co-developed by PGP and BlackBerry, and connected via third-party BES servers. The agency declined to provide further details.
PGP advertises the technology involved, called PGP Support Package for BlackBerry, as a way of securing emails between any PGP-enabled sender and recipient mobile device or desktop client.
The devices are widely used by criminals to organise illegal activities, according to law enforcement authorities.
Last month Dutch blog Misdaadnieuws (Crime News) published what it called confidential documents disclosing that the NFI was using technology developed by Israel-based mobile tools maker Cellebrite to decrypt messages on BlackBerry PGP handsets.
In a case cited as an example in the documents, the NFI said it was able to decipher 279 out of the 325 encrypted messages stored on a BlackBerry PGP device, according to Crime News.
A court in East Brabant in early December 2015 sentenced a defendant to five years in prison based in part on evidence obtained from a BlackBerry PGP device, the blog reported.
The NFI used Cellebrite’s Universal Forensic Extraction Device (UFED) technology, according to Crime News, which identified a specific version of a desktop tool called UFED4PC. The NFI’s disclosure was also reported by online industry journal Motherboard.
UFED devices are widely used by government and military agencies to extract and decrypt data from mobile devices, with The Guardian reporting in 2009 that up to 35 of the 43 police forces in England and Wales use them. In December 2014 BBC crime drama The Fall featured the decryption of mobile data by investigators using UFED technology as a key dramatic point.
In July of last year Cellebrite stated that its UFED forensics products were “widely used” by US federal government bodies. Cellebrite claims to have government, corporate security and private investigative agency customers in more than 100 countries.
The technique used doesn’t involve intercepting communications, but rather extracting and decrypting data from the device itself, with the most thorough method involving making a bit-for-bit copy of everything in the device’s memory, from which users can recover deleted data and decipher encrypted messages, according to Cellebrite.
UFED products are able to handle data from most mobile device makers, but BlackBerry devices have a particular reputation for security, being widely used by government customers. Cellebrite claims to have been the first to enable physical extraction and decoding of the flash memory in BlackBerry devices.
The debate over encryption goes beyond law enforcement, with many claiming that civil liberties are at stake. Apple has argued that government efforts to ensure their access to encrypted communications weaken security for all users.
Campaign group Liberty has argued that the broad use of UFED devices by British police to recover data from suspects’ mobile devices step beyond laws originally designed to enable searches of clothes and handbags.
The group called for legislation to be updated to clarify when police are entitled to extract mobile phone data and to ensure legal safeguards.
Are you a security pro? Try our quiz!
CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation
Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
View Comments
The reason the messages were able to be de-crypted was due to extremely negligent PGP hosting policies. They were storing all the private encryption keys on their servers along with a record of all the messages. These are two EXTREMELY bad things to do when hosting a PGP Encryption Service.
This wasn’t a case of anything being hacked, this would be equivalent to saying your PC got hacked when you left a Post-It note on your monitor with your password on it.
Reputable PGP Service providers do not store their users messages, or more importantly their private keys on their servers.
This was a case of neglect, not a case of anyone being hacked.