Imagine for a moment that everybody's front door has the same key. Now imagine that the police have a copy of that key, and can saunter into your living room to poke around your belongings while you're out, and without your knowledge.
By way of metaphor, this is exactly how the Royal Canadian Mounted Police, Canada's federal police force, intercepted and decrypted "over one million" BlackBerry messages during an investigation into a mafia slaying, called "Project Clemenza," that ran between 2010 and 2012.
Using these messages and other evidence, the Crown mounted a case known as R. v. Mirarchi against seven men connected to the killing of Sal "the Ironworker" Montagna, a reputed member of the New York Bonanno crime family, on the outskirts of Montreal. On March 30, six of the men pleaded guilty to conspiracy to commit murder, and the seventh to being an accessory after the fact.
According to privacy expert Christopher Parsons from Canadian security research hub Citizen Lab, the RCMP may still have the ability to read anybody's encrypted BlackBerry messages, as long as the phone isn't linked to a corporate account.
"So right now, with my device, if I'm not on the [Business Enterprise Server], I'm a dead chicken. That's the reality of it, that's what we don't want the general public to know"
While Apple recently fought the US Department of Justice in court over an order to create new software to help unlock a terror suspect's phone—and has pledged to continue to do so—Canada's police and device manufacturers have been comparatively silent on the issue. Now, for the first time, Canadians have a clearer picture of how digital surveillance in this country works, at least when it comes to BlackBerry phones, although much is still unknown.
The revelations could also spell bad news for BlackBerry, which has struggled financially in recent years and built its brand on the supposed security of its messaging system. During the case, witnesses from the RCMP and BlackBerry testified that revealing BlackBerry's encryption key would be, in short, bad for business.
BlackBerry (formerly RIM) encrypts all messages sent between consumer phones, known as PIN-to-PIN or BBM messages, using a single "global encryption key" that's loaded onto every handset during manufacturing. With this one key, any and all messages sent between consumer BlackBerry phones can be decrypted and read. In contrast, Business Enterprise Servers allow corporations to use their own encryption key, which not even BlackBerry can access.
According to more than 3,000 pages of court documents pertaining to the case that resulted from Project Clemenza, obtained by VICE Canada, the RCMP maintains a server in Ottawa that "simulates a mobile device that receives a message intended for [the rightful recipient]." In an affidavit, RCMP sergeant Patrick Boismenu states that the server "performs the decryption of the message using the appropriate decryption key." The RCMP calls this the "BlackBerry interception and processing system."
The defence in the case surmised that the RCMP must have used the "correct global encryption key," since any attempt to apply a key other than BlackBerry's own global encryption key would have resulted in a garbled mess. According to the judge, "all parties"—including the Crown—agree that "the RCMP would have had the correct global key when it decrypted messages during its investigation."
"By resorting to the global key," the judge's decision on the Crown's objection to disclosing the key states, "the RCMP was able to decrypt the intercepted messages." It isn't clear how the RCMP obtained the key, and the judge's statement addressing the matter is heavily redacted due to a sealing order.
"It is not a good marketing thing to say we work with the police"
The defence initially argued that the RCMP should disclose the global encryption key in court, but it was ultimately considered privileged and withheld. If the key used in Project Clemenza was revealed in open court, Boismenu said, then it would "essentially mean to disclose a key that would unlock the doors of all the houses of the people who use the provider's services, and that, without their knowledge."
The key, according to Boismenu, is so powerful that it could be used to "illegitimately" decipher any "prerecorded communications encrypted with that key"—so it's striking that the RCMP had access to it.
Indeed, Crown attorney Robert Rouleau stated in an ex parte hearing: "So right now, with my device, if I'm not on the [Business Enterprise Server], I'm a dead chicken. That's the reality of it, that's what we don't want the general public to know."
Disclosing such a key would be disastrous for BlackBerry, the court heard. BlackBerry director of national security Alan Treddenick said in an affidavit from November of 2015 that disclosing the key used in Project Clemenza would "potentially impact relationships with other BlackBerry end-users and law enforcement criminal investigations globally for all foreign countries that BlackBerry operates and provides communication services," and in Canada.
RCMP inspector Mark Flynn testified in a heavily redacted transcript that BlackBerry "facilitated the interception process," however, Flynn also stated that facilitation could mean mere information sharing or a physical action to aid interception.
Flynn further testified that revealing the key would jeopardize the RCMP's working relationship with BlackBerry, and harm BlackBerry itself, since "it is not a good marketing thing to say we work with the police."
If BlackBerry has not changed the global encryption key since Project Clemenza, Parsons of Citizen Lab said, then "the RCMP would still possess the capability to decrypt all PIN-to-PIN communications that do not use unique encryption keys, which are only available for devices associated with BlackBerry Enterprise Servers."
It's unlikely that BlackBerry has changed the key, Parsons said, partly because changing the global key would mean rolling out a "massive update that likely was on the per-handset level."
The RCMP also used a spy tool popular with US police known as an IMSI catcher, or "StingRay," which collects phone numbers and other identifying information from devices within a one kilometre radius, according to court documents.
According to the defence, "thousands" of innocents were likely surveilled with IMSI catchers during Project Clemenza alone. An affidavit from Jocelyn Fortin, an RCMP officer for 12 years, reveals that she had IMSI catcher training dating back to 2005.
The Office of the Privacy Commissioner of Canada, the country's top privacy watchdog, recently opened an investigation into the RCMP's secretive use of the controversial surveillance technology.
It's not entirely clear how the RCMP obtained BlackBerry's global encryption key, based on the court records obtained. However, redacted court documents state that the RCMP sent so-called "comfort letters" to BlackBerry asking for assistance in intercepting messages and in "taking the appropriate steps and proceeding with configurations to ensure successful interceptions of certain devices."
The defence also states that the RCMP communicated with BlackBerry whenever the police began monitoring a new BlackBerry PIN "to request their assistance," and when they stopped.
If the key didn't come directly from BlackBerry, Parsons said, then the RCMP could have independently swiped it from a device, or hired a third party contractor to do all the work for them.
Watch more from Motherboard: The Lost Art of Canada's Doomed Pre-Internet Web
"In the latter two cases, even if BlackBerry did change the global encryption key, it's plausible that the RCMP would be able to just get the new key and use it, assuming that BlackBerry even changed the key in the first place," Parsons explained.
The RCMP declined to comment on the case at hand, saying instead, "Using encryption to secure data and communications assists in crime prevention but may also inhibit the lawfully authorized interception of communications and evidence gathering in national security and criminal investigations."
While the courts may "compel" a third party—like BlackBerry—to help during an investigation, the RCMP statement reads, "there is no specific power in the Criminal Code to compel a third party to decrypt or develop decryption tools, nor is there any requirement for telecommunications services to provide these services."
Defence lawyer Michael Lacy, however, said that this statement is "an overstatement of the law," and that even though there is no explicit power relating to encryption backdoors in the Criminal Code, there may still be legal means to order a company to assist the police with decryption.
BlackBerry declined to comment on this story.
A spokesperson for Rogers, the only service provider explicitly named by the court as potentially co-operating with the RCMP, wrote in an email: "We safeguard customers' information and fully comply with Canadian privacy law. At the same time we are required by law to respond to federal, provincial and municipal government and law enforcement agencies when they have a legally valid request—like a search warrant or court order."
"People are willing to say things or do things online when they believe that they enjoy security"
While Apple fought the US Department of Justice in court over a request to create new software to help unlock an iPhone used by a terror suspect, BlackBerry has been very explicit about its intent to work with, and not against, law enforcement when it comes to encryption.
BlackBerry CEO John Chen stated in a 2015 blog post: "We reject the notion that tech companies should refuse reasonable, lawful access requests. Just as individual citizens bear responsibility to help thwart crime when they can safely do so, so do corporations have a responsibility to do what they can, within legal and ethical boundaries, to help law enforcement in its mission to protect us."
While the RCMP used their spy tech to investigate a grisly gangland murder in this case, Parsons noted that this kind of surveillance can have a cooling effect on how innocent people act online.
"People are willing to say things or do things online when they believe that they enjoy security," said Parsons. "In this case they caught a bunch of mobsters, but there's a lot of people that may engage in risky or politically sensitive communications because they believe that their BlackBerry communications are secure."
Some observers might have already assumed that the RCMP had the ability to intercept and decrypt BlackBerry messages (for example, the RCMP has cracked into BlackBerries retrofitted with PGP encryption), but never knew for sure—or how they really did it—until now.
A flowchart published in Boismenu's affidavit shows that encrypted BlackBerry messages are first filtered by a carrier according to active interception orders and sent to RCMP, all before they reach the intended recipient.
The RCMP may then further filter the messages they receive, and execute a series of technical actions on a server—including decryption—which are really "the same steps that would be made by the device of the rightful recipient of the information," according to Boismenu. Finally, the decrypted messages are stored on the RCMP's server in Ottawa.
A few unknowns remain in this case. For example: did BlackBerry itself provide the RCMP with the global encryption key, and has that key changed?
There is little doubt, however, that during Project Clemenza, the RCMP had the key to every consumer BlackBerry user's digital front door. And now, we don't know if the locks have been changed.