On Monday, Motherboard reported that leading Dutch forensics investigators say they are able to read encrypted messages sent on PGP BlackBerry phones—custom devices which are advertised as more suited for secure communication than off-the-shelf models.
A myriad of other law enforcement agencies would not comment on whether they have this capability, but court documents reviewed by Motherboard show that the Royal Mounted Canadian Police (RMCP) can also decrypt messages from PGP BlackBerrys.
“This encryption was previously thought to be undefeatable,” one 2015 court document in a drug trafficking case reads, referring to the PGP encryption used to secure messages on a BlackBerry device. “The RCMP technological laboratory destroyed this illusion and extracted from this phone 406 e-mails, 25 address book entries and other information all of which had been protected.”
In another case from 2015, centering around charges of kidnap and assault, three out of four BlackBerrys seized by the RCMP were analysed by the “Technical Assistance Team in Ottawa and the contents were decrypted and reports prepared.”
The court documents don’t make an explicit reference to what brand of custom BlackBerry the seized devices were, if at all. But the documents do state that law enforcement were able to decrypt emails that had been encrypted with PGP from the device.
Transcripts of many messages sent during the crimes are included in one of the court documents. In the kidnapping case, the suspects allegedly exchanged messages while following the target.
“We have his car in sight in a underground,” reads one.
“KK. If its good do it,” is the reply.
The Dutch investigators’ ability to obtain encrypted data from PGP BlackBerrys was first noted in December last year, when blog “misdaadnieuws.com,” or Crime News, published documents supposedly sourced from the Netherlands Forensics Institute (NFI). The NFI is a body that assists law enforcement in evidence retrieval.
According to the documents published by Crime News, the capability is reliant on forensics software sold by private company Cellebrite, although it is not totally clear how exactly the device and message encryption is bypassed.
In the Canadian drug trafficking case, court documents say the seized BlackBerrys had three levels of security: “Entry was protected by a password, the device was protected by encryption generally and e-mails processed by this particular device were protected by PGP.”
The RCMP may have brute-forced the password if it was weak enough, deployed a forensics technique called chip-off to rip data from the phone's flash memory, or used another method. Regardless, the RCMP manged to obtain a wealth of data from the phones it seized.
After the publication of Monday's article, Annie Delisle, a media relations officer from the RCMP, told Motherboard in an email that, “The RCMP does not generally provide information on techniques or technologies used in criminal investigations.” When reached Tuesday, Sergeant Media Relations Officer Harold Pfleiderer said, "we continue to decline comment on investigative techniques."