RCMP's BlackBerry-cracking methods could be revealed in Quebec court
Judge to decide if public gets to learn more about methods used to access Montreal mobsters' phones
A Quebec court could today pull back the curtain on secretive police techniques, including how the RCMP intercepted BlackBerry text messages to prove a murder conspiracy plot, as a judge considers whether to lift a publication ban in a case involving the Montreal Mafia.
The case stems from Project Clemenza, a police operation that resulted in scores of organized crime arrests in 2014. At the time, police announced they had intercepted more than one million BlackBerry messages tied to allegations of drug trafficking, kidnapping, arson, weapons and other violent offences.
- BlackBerry hands over user data to help police around the world 'kick ass'
- BlackBerry CEO tries to reassure users on encryption questions
That information led to the arrests of seven accused mobsters in the shooting death of Salvatore (Sal the Ironworker) Montagna, a high-ranking member of a New York crime family killed outside Montreal in 2011. Six of the suspects pleaded guilty to conspiracy to murder last March, while the seventh pleaded guilty to a lesser charge of being an accessory after the fact.
But the prosecution asked for — and was granted — a publication ban on many details around how the RCMP intercepted the mobile phones and descrambled the BlackBerry messages.
Chief Supt. Jeff Adam, who oversees the RCMP's Technical Investigations Services, declined to discuss with CBC News the specific methods used.
But given rapid changes in technology and public concern in the post-Snowden era, as mobile developers move toward more secure "end-to-end" encryption, he says investigators are finding their jobs increasingly difficult.
"What we're seeing now is … the best evidence of people conspiring to commit a crime is lost to us. And that's what we call 'going dark,'" Adam said.
Busting BlackBerry encryption
The RCMP's technical investigations lab in Ottawa has developed a reputation for its ability to crack BlackBerry devices — a company that has built its brand on the strength of its security.
There have been questions whether the RCMP has obtained BlackBerry's global encryption key to enable easy access to encoded communications.
In April 2016, authorities in England credited the Mounties with recovering encrypted emails and texts from BlackBerry phones to help convict two men of smuggling dozens of high-powered machine guns into the U.K.
How they did it is unclear. But court records from another case suggest one possibility.
For years, police forensic experts have been able to physically open devices, accessing their internal memory chips. The highly specialized procedure, dubbed "chip-off," involves using heat guns to remove sealed components inside a phone in a bid to thwart passwords and encryption.
The RCMP used this chip-off technique to retrieve BBM messages — even ones that had been deleted — to help convict two men in the 2011 murder of a popular Toronto-area real estate agent.
The Mounties also relied on software made by Cellebrite, a leader in digital forensics that specializes in retrieving hard-to-access data from a wide range of devices and apps, including BlackBerrys and iPhones.
Additionally, the RCMP has found ways around BlackBerrys customized to use PGP — a form of encryption known as "Pretty Good Privacy" — giving investigators access to emails and texts in a number of Canadian cases, including a Vancouver kidnapping plot and a cocaine and pot trafficking case in Thunder Bay, Ont.
"This encryption was previously thought to be undefeatable. The RCMP technological laboratory destroyed this illusion," a Thunder Bay judge remarked in that case.
It is unlikely that the RCMP cracked PGP itself, generally considered secure by cryptographers. Rather, they may have exploited a weakness in either the software or device to get around PGP.
'It's a battle'
Daniel Tobok, of Cytelligence, is a cybersecurity and data forensics specialist who used to work with Telus. He says techniques such as chip-off only work on older phones and law enforcement agencies are constantly in a "cat-and-mouse" race with tech-savvy criminals.
"Technology is advancing very quickly and new encryption methods are coming out. And the bad guys are starting to use them," Tobok said. "[Police] don't have budgets, they don't always have the right people … We are seeing a trend where law enforcement and the government sector are being shut out in the new evolution in encryption world, absolutely. It's a battle."
- Apple's privacy fight with the FBI explained
- Tim Bosma case shows Apple doesn't always say no to police
Despite talk of investigations "going dark," criminal defence lawyer Alan Gold believes police are better equipped to fight crime than they'll publicly admit.
"I think we see the tip of the iceberg because police, by nature, are secretive about their capabilities," Gold said.
What has changed, he said, is despite the rise of encrypted communications and devices, our reliance on technology has created a motherlode of potential evidence for police to target.
"What people don't appreciate [is] that they are essentially living in this giant visible sphere of digital information. And it's there forever."
ABOUT THE AUTHOR
