For more than a decade now there has been ongoing debates about encryption and role it plays in the technology world, and unless you live under a rock, I'm sure you've have caught some of that debate by now. While not the sole reason for the rise in the debate, the recent attacks in Paris and San Bernardino, California have brought encryption and its use in technology to the forefront once again with many politicians and Government officials visiting the idea that limits must be placed on technology. Reason being, that same encryption used by the general public interferes with public safety because there's growing evidence it's also being used by terrorist organizations.
For their part, as a technology company where security and privacy is a core part of their offering, BlackBerry has remained relatively quiet on the encryption debate publicly outside of a few details shared about how they handle lawful access requests and the recent news that they would be pulling out of Pakistan due to the fact the Pakistani Government was requesting the ability to monitor all BlackBerry Enterprise Service traffic in the country, including every BES e-mail and BES BBM message, a request BlackBerry was not willing to meet as it would be a compromise in BlackBerry's core principles of protecting customers privacy. Now, though, BlackBerry CEO John Chen has decided to relay the company's stance through a blog post titled 'The Encryption Debate: a Way Forward' through the Inside BlackBerry Blog. We've copied it below, so nothing gets taken out of context.
Recent reports that messaging apps WhatsApp and Telegram have been employed by terrorists have brought the encryption debate to a head. The rhetoric has been acrimonious and polarizing, pitting privacy advocates who want strong protection from prying eyes against government officials frustrated by their inability to access criminals' encrypted data.
For years, government officials have pleaded to the technology industry for help yet have been met with disdain. In fact, one of the world's most powerful tech companies recently refused a lawful access request in an investigation of a known drug dealer because doing so would "substantially tarnish the brand" of the company. We are indeed in a dark place when companies put their reputations above the greater good. At BlackBerry, we understand, arguably more than any other large tech company, the importance of our privacy commitment to product success and brand value: privacy and security form the crux of everything we do. However, our privacy commitment does not extend to criminals.
BlackBerry is in a unique position to help bring the two sides of this debate together, to find common ground and a way forward. BlackBerry's customers include not only millions of privacy-conscious consumers but also the banks, law firms, hospitals, and – yes, governments (including 16 of the G20) – that use our products and services to protect their highest value resources every single day. We stand as an existence proof that a proper balance can be struck.
We reject the notion that tech companies should refuse reasonable, lawful access requests. Just as individual citizens bear responsibility to help thwart crime when they can safely do so, so do corporations have a responsibility to do what they can, within legal and ethical boundaries, to help law enforcement in its mission to protect us.
However, it is also true that corporations must reject attempts by federal agencies to overstep. BlackBerry has refused to place backdoors in its devices and software. We have never allowed government access to our servers and never will. We have made decisions to exit national markets when the jurisdictional authorities demand access that would abuse the privacy of law-abiding citizens.
We also reject any notion of banning or disabling encryption. The hacking epidemic over the past couple years shows that we need more, not fewer, security controls for our sensitive information. Frankly, it is surprising and unnerving that some national political leaders think that an encryption ban could even work on a technical basis. We, as a society, have decided that powerful computing devices that manage our identities, photographs, bank statements, and more are better to have than not. Users can install applications with encryption that precludes lawful access. If encryption services were banned, criminals would simply write their own encryption apps, resulting in a world where they have better encryption tools than the citizen populace, and our personal privacy would be the only casualty of this debate.
So the encryption ship has sailed; what, then, can service providers do to help strike the proper balance? The developers of Telegram demonstrated a simple example. Telegram offers two services: private point-to-point messaging and public group messaging (called channels). Telegram took decisive action to shut down criminal channels without affecting the point-to-point messaging service its customers depend upon for privacy. Make no mistake: service providers bear a dual responsibility to protect customer privacy zealously and to cooperate with lawful requests for investigative assistance.
It is practical to have public policy that supports law enforcement without impeding personal privacy. Ultimately, users have the right and responsibility to choose privacy with or without the potential for lawful oversight. We agree with the notion that there is no easy answer or formula to strike this balance. Hard things, we might say, are hard. That being said, it's time both sides of this encryption debate accept that pointing fingers is counterproductive. Technology, over the course of human existence, can be both used and abused. We all have a right to privacy as well as public protection. We must balance these, and the world's tech leaders must help consumers and governments alike make informed decisions.
That's some heavy stuff to take in, I know. But at least now we know where John Chen and BlackBerry as a company stand on it all. Taking it all into account, what do you folks think about it? Is there points made by Chen you can agree with, disagree with? Let us know in the comments.