Scotland Yard Read Encrypted BlackBerry Messages During RiotsScotland Yard Read Encrypted BlackBerry Messages During Riots
British police officials said they used confiscated BlackBerry smartphones to "break into" encrypted communications.
August 17, 2011
Strategic Security Survey: Global Threat, LocalPain
Strategic Security Survey: Global Threat, Local Pain (click image for larger view and for full slideshow)
What's the easiest way to access an encrypted smartphone communications network? Have a smartphone that can listen in.
At least, that was one tactic employed by police in London as they sought better intelligence on the outbreak of riots across England. So said Tim Godwin, acting police commissioner for the Metropolitan--the country's largest police force, which is more commonly known as Scotland Yard--on Tuesday, as he appeared before the U.K. Parliament's Home Affairs Committee. The committee, which oversees many of the country's police forces, is investigating the success or failure of police tactics used during the riots.
According to Godwin, as riots broke out in 22 of London's 32 boroughs last Monday and threatened to overwhelm police officers, he made the decision to begin eavesdropping and acting on encrypted BlackBerry Messenger (BBM) communications. Godwin said that by using BlackBerry smartphones seized by police, detectives were able to "break into" BBM and gain "live time monitoring," according to the Guardian. As a result, police officers were able to secure locations before rioting broke out, as well as proactively shut down stores and businesses in areas that faced looting. Police were also monitoring Twitter and Facebook, and Godwin's testimony suggested that police may have used confiscated BlackBerry smartphones to gain access to private Twitter feeds.
In Britain, multiple politicians had called for a curfew on BBM--widely used by the rioters, who were largely young and male--as well as social networks, to help quell the unrest. (As some privacy advocates have noted, such tactics echo strategies recently employed by autocratic rulers in such countries as Egypt and Libya, as they clung to power in the face of mass riots.) But Godwin confirmed that the police considered that tactic. "We did consider seeking the legal authority to switch it off. The legality is questionable, very questionable," he said, according to the Guardian.
Interestingly, BlackBerry manufacturer Research In Motion had released a statement in which it offered to assist investigators, in accordance with U.K. laws. Numerous security experts took that to mean that any police requests for BBM communications would, as usual, require a warrant.
Using a seized device to surreptitiously access BlackBerry Messenger communications, however, is gray territory. Furthermore, by detailing the difficulties police faced in amassing intelligence about planned rioting and looting, Godwin may not only be seeking exculpation for that intelligence gathering, but also laying the groundwork for a formal police request for new laws, giving them explicit power to eavesdrop on encrypted communications during times of unrest.
According to the Guardian, Godwin told the committee that police were not "at this moment of time" seeking the ability to deactivate social networks or eavesdrop on encrypted smartphone communications channels, during times of civil unrest. But news reports suggest that police are already working with the domestic intelligence service, MI5, as well as the country's electronic signals intelligence center, the Government Communications Headquarters, to decrypt BBM communications in the hunt for people who organized riots and looting.
Beyond using confiscated BlackBerry smartphones, police monitored riot-related and looting-related public messages sent via Twitter and Facebook, which resulted in multiple arrests.
But some of the resulting sentences have been criticized as being disproportionate. Notably, on Tuesday, two men were sentenced to four years in prison on charges of inciting a riot via Facebook. One 20-year-old man created a Facebook event page for "Smash Down in Northwich Town," and set the McDonald's in his town center as a meeting point. But he was the sole attendee and was arrested by waiting police. In the other case, a 22-year-old man created a Facebook page called "Let's Have a Riot in Latchford," but removed it the next day--after 300 people had viewed it--and published an apology on Facebook.
In handing down the stiff sentences, the judge said they were meant to serve as a deterrent.
At a full-day virtual event, InformationWeek and Dark Reading editors will talk with security experts about the causes and mistakes that lead to security breaches, both from the technology perspective and from the people perspective. It happens Aug. 25. Register now.
About the Author(s)
You May Also Like
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
What Ransomware Groups Look for in Enterprise Victims
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks