BlackBerry readily gives user data to law enforcement: report
Tech firm BlackBerry has a reputation for ironclad privacy, but two developments this week have demonstrated this may not always be the case
WATERLOO, Ont.—A report from CBC News says mobile tech firm BlackBerry enthusiastically helps to intercept user data, and that the policy has played a leading role in several high profile investigations worldwide.
The report also says BlackBerry even has a unit—dubbed the Public Safety Operations team—charged with handling of warrants and police requests for taps on user information, and keeping those requests confidential.
In another hit to struggling tech firm’s reputation for ironclad security came from the Ontario information and privacy commissioner, who has ruled that the personal email and BlackBerry Messenger accounts of government and public sector staff are now subject to freedom of information requests.
Brian Beamish issued a guideline June 7 for Ontario’s public institutions to help them comply with access legislation.
All public servants should be aware that “records relating to government business are subject to provincial access legislation, even if created, sent or received through instant messaging tools or personal email accounts,” Beamish wrote.
“There has been some confusion around these issues, but it is imperative that all public servants, elected officials and political staff understand that information requests for records about public business cannot be evaded by using instant messaging or personal email accounts.”
Political staffers often use tools such as BlackBerry Messenger to communicate with each other, and those records don’t tend to be included in responses to access-to-information requests.
Tom Henheffer, the executive director of Canadian Journalists for Free Express, said guidelines are good but need some teeth, such as penalties, to have more of an effect.
Either get staff to stop using those services for government business or make sure they are in compliance with privacy legislation, Beamish wrote, though he favours the former.
“The IPC strongly recommends that institutions prohibit their staff from using instant messaging tools and personal email accounts for doing business, unless they can be set up to retain and store records automatically,” he wrote.
But there may be situations in which an institution “has a legitimate business need” to use those tools or accounts, Beamish wrote.
If so, the records have to be automatically and securely retained, they must be searchable in order to comply with access requests, and include them in records management planning and retention schedules, he said.
Instant messaging includes text messages, BlackBerry Messenger and PIN-to-PIN communications, WhatsApp, Facebook Messenger and Google Hangouts, Beamish noted.
Government Services Minister David Orazietti said in a statement that staff are already directed to use their government email account for government business and that government business is subject to access laws “regardless of where it takes place.”
The federal information watchdog in 2013 recommended a virtual ban on instant messaging with federally issued BlackBerrys and other wireless devices because the texts are often automatically deleted after 30 days.
Canadian Press reporter Allison Jones covered the Ontario information and privacy commissioner’s report from Toronto