BlackBerry Offers Glomar, 'Bad Guys Got Caught,' In Non-Comment On Canadian Law Enforcement's Full Access To Encrypted Messages

Say That Again

from the 'in-conclusion,-Blackberry-is-a-land-of-contrasts' dept

BlackBerry has finally responded to Motherboard’s story on the Royal Canadian Mounted Police’s apparent full access to encrypted communications — something that hinted the RCMP may have been given BlackBerry messaging’s “Golden Key.” Sort of. It’s mostly an indirect Glomar followed by a statement that confirms something people already know.

BlackBerry still has not commented directly to Motherboard or VICE News on the specifics of the investigation, but CEO John Chen published a blog post on Monday addressing the report in broad strokes… very broad strokes.

[…]

“Regarding BlackBerry’s assistance,” Chen wrote instead, “I can reaffirm that we stood by our lawful access principles. Furthermore, at no point was BlackBerry’s BES server involved.”

BES is BlackBerry Enterprise Server — the only option available where customers can lock BlackBerry out of access to communications. With BES, encryption keys are set by users, which means BlackBerry can no longer decrypt messages using its global PIN encryption key. Notably, this option is only available to corporate or government customers. Everyone else gets vanilla encryption, which can be decrypted by BlackBerry for law enforcement. Or, as appears to be the case in Canada, the key can be handed out to law enforcement agencies, allowing them to decrypt at will… because there’s only one encryption key for all non-BES users.

According to BlackBerry CEO John Chen, the ends justify the means he pointedly won’t be discussing in detail.

We have long been clear in our stance that tech companies as good corporate citizens should comply with reasonable lawful access requests.

[…]

This very belief was put to the test in an old case that recently resurfaced in the news, which speculated on and challenged BlackBerry’s corporate and ethical principles. In the end, the case resulted in a major criminal organization being dismantled.

BlackBerry continues to play both sides of the equation, providing “regular” users with less secure communications while claiming to be the “gold standard” in encrypted communications — a privilege it only extends to some of its customers, unlike Apple or Google, which provide encryption to all of their customers.

The company has nothing to offer customers in the way of assurances, but it does seem to be going out of its way to soothe the nerves of law enforcement officials frustrated by smartphone encryption. It may make a big deal about its fight against Pakistan and its demands for access (Chen highlights this in his blog post), but it seems less than likely to go to bat for a majority of its users when faced with overreach by more “acceptable” governments.

Filed Under: backdoor, blackberry, canada, encryption, glomar, john chen, key, rcmp
Companies: blackberry

Homeland Security Will Finally Admit To Banned Flyers That They're On The No Fly List

Surprises

from the sued-into-acting-like-a-responsive-agency dept

Good news has arrived for fliers who’d like to know exactly what the hell is going on when they’re forbidden to board an airplane.

The government will no longer refuse to confirm or deny that persons who are prevented from boarding commercial aircraft have been placed on the “No Fly List,” and such persons will have new opportunities to challenge the denial of boarding, the Department of Justice announced yesterday in a court filing.

Thanks to several lawsuits, the DHS is no longer able to Glomar its way out of responding to travelers who suspect they’ve been blacklisted from flying. This filing addresses Mohamed v. Holder, but builds on revised redress procedures promised in the wake previous lawsuits.

Under the previous redress procedures, individuals who had submitted inquiries to DHS TRIP generally received a letter responding to their inquiry that neither confirmed nor denied their No Fly status. Under the newly revised procedures, a U.S. person who purchases a ticket, is denied boarding at the airport, subsequently applies for redress through DHS TRIP about the denial of boarding, and is on the No Fly List after a redress review, will now receive a letter providing his or her status on the No Fly List and the option to receive and/or submit additional information.

It’s a huge step forward from just being told less-than-nothing by the agency’s misnamed “Traveler Redress Inquiry Program.” The first step has the DHS performing its own “redress review” — something that appears to have no time limit for responses. And that’s the beginning of the process. Members of the public will finally receive better and more detailed responses, but they will asked to perform several rounds of hoop-jumping, with the first couple of steps seemingly redundant.

If such an individual opts to receive and/or submit further information after receiving this initial response, DHS TRIP will provide a second, more detailed response. This second letter will identify the specific criterion under which the individual has been placed on the No Fly List and will include an unclassified summary of information supporting the individual’s No Fly List status, to the extent feasible, consistent with the national security and law enforcement interests at stake.

Other than “because we’re a bureaucracy,” there doesn’t seem to be any reason full details could not be provided in a single letter. But that’s the government for you: if it’s not killing trees and utilizing its underused postal service, it’s not being productive. Why do in one step what can be done in several (also: in triplicate, if possible), etc.

Even with these redress improvements, some travelers will still receive answers containing little to no information or guidance.

The amount and type of information provided will vary on a case-by-case basis, depending on the facts and circumstances. In some circumstances, an unclassified summary may not be able to be provided when the national security and law enforcement interests at stake are taken into account.

On the upside, the DHS will actually allow this to be a bit more adversarial. Travelers will be able to submit responses to the DHS’s initial No Fly List determination and submit information that might prompt a reconsideration of their inclusion on this list. The final decision is still the government’s but at least it’s open to basing its decision on more than its own security-first worldview and limited, supposedly inculpatory data.

Filed Under: dhs, glomar, homeland security, no fly list, transparency

New York City Court Buys NYPD's Claims Of 'National Security,' Grants It Power To 'Glomar' FOIL Requests

Legal Issues

from the don't-have-to-confirm-or-deny-jackshit,-citizen dept

A New York City court has given the NYPD one of the few things separating it from the “big boys” (CIA, FBI and NSA): the permission to issue “Glomar responses” (the infamous “we can neither confirm nor deny…”) to FOIL (Freedom of Information Law) requests. Like the audacity of the department itself in pursuing this additional method of keeping the public separated from public documents, the decision is unprecedented.

The decision appears to be the first time that a court anywhere in the U.S. has upheld the use of such a tactic by a state agency. The Glomar response has historically been used only with regard to requests made to federal agencies that involve sensitive matters of national security.

That a New York court would find in the home team’s favor is perhaps inevitable. The NYPD, along with various officials, have long portrayed the safety of New York City as inextricably intertwined with the safety of the nation itself — a view partially justified by the city’s position as the epicenter of the 9/11 attacks.

But doing so allows a department with a proven track record of open hostility towards FOIL requests another way to abuse its position. On top of heavy redactions, an in-house classification system that has no apparent legal basis, and plain old stonewalling, the NYPD will now be able to simply claim it can’t even acknowledge the existence of responsive documents. This shifts the balance too far in its favor.

At the federal level, use of Glomar responses is premised on the argument that there are certain matters of national security that would result in irrevocably harm if divulged to the general public. It has been criticized by open government groups, including the Reporters Committee, because it allows agencies to deny FOIA requests without giving detailed reasons that the requesters can argue against. Once an agency invokes the Glomar doctrine, courts generally afford it great weight and rarely inquire further.

And that’s at the federal level, where claims of national security should carry with them a bit more credulousness. The actual “Glomar” in the original “Glomar response” referred to the CIA salvage vessel being used to find a sunken Soviet submarine. These days, it’s used to tell FOIA requesters that the NSA can neither confirm nor deny it uses terms like “collect it all,” or has compiled any data at all on the requester him/herself.

The NYPD has now been granted a federal power, without having to show its national security claims are valid. If the requested documents do indeed contain information possibly damaging to national security, why isn’t there a federal agency involved? It’s well known that the NYPD prefers to run a highly autonomous agency — one that inserts itself into terrorist investigations overseas but openly rebuffs FBI assistance in its own town. But if you’re going to claim you may or may not be in possession of investigatory documents with national security ramifications, then you should also be asked to explain why the FBI, DHS or other national agency isn’t included on the CC line, and why this federal agency isn’t the one kicking out the Glomar response.

Considering the documents currently being Glomared (“…a request by Imam Talib Abdur-Rashid for records regarding NYPD surveillance of himself and his mosque…”) are related to the counter-terrorist investigations of the recently shuttered “Demographics Unit,” there’s a good chance no federal agency would touch them with a 10-foot redaction. The division seemed to pride itself on willful violations of civil liberties, but this methodology turned the (often minimal) fruits of its investigations too toxic for even the CIA to partake in.

So, the NYPD may actually be sitting on something that implicates national security, but it’s finding no federal takers thanks to its inability to respect the Constitution or to work well with others. That’s a problem. But it’s not nearly as much of a problem as being granted a new power to abuse in its quest for law enforcement opacity.

Filed Under: foia, foil, glomar, national security, new york city, nypd