More than a million encoded BlackBerry messages have been viewed by police as part of a crackdown against Quebec organized crime.
In arresting more than 30 people Thursday, the RCMP took the rare step of publicly highlighting its interception of the Canadian company’s supposedly secure “PIN-to-PIN” communications.
While such techniques have been used in past cases, this is the first time Mountie commanders have drawn so much attention to their use – and on such an enormous scale.
This unprecedented seizure comes as Canadian lawmakers – and the wider public – reassess just what kind of intercepts government authorities should be able to get from the country’s phone and Internet companies.
( How are Canada’s privacy laws about to change? Read The Globe’s easy explanation)
On Friday, the Supreme Court will weigh in on whether police need to first get a judge’s permission to compel Internet companies to disclose basic customer information, which can now be handed over without any warrant. Parliament is on the cusp of passing a law that would explicitly shield corporations from any liability they could face by yielding records to government authorities.
Each BlackBerry device has a unique eight-digit number called a personal identification number (PIN). Direct PIN-to-PIN messaging is perceived to be relatively secure compared to most Internet communications, given how this format allows BlackBerry users to send encrypted messages directly between devices over wireless networks while bypassing standard e-mail servers.
Senior police commanders told reporters in Montreal their investigation, dubbed “Operation Clemenza,” focused on messages linked to crimes committed between 2010 and 2012. “This was the first time that this technique was used on such a large scale in a major investigation in North America,” the RCMP said in a statement.
Experts canvassed by The Globe say that the Mounties could not have directly cracked the codes belonging to BlackBerry, a company that is often still touted as the maker of the world’s most secure commercial smartphones.
Instead, it’s likely that authorities got a judicial order compelling the Waterloo, Ont., company to help decode communications.
Yet police aren’t saying what happened. Neither is BlackBerry.
“We can’t comment on an ongoing investigation,” company spokesman Adam Emery told The Globe in an e-mail.
Pressed as to what BlackBerry could say to reassure customers that their communications are secure, Mr. Emery sent a link to a corporate blog saying Blackberry’s “enterprise” customers still enjoy an “unprecedented level of end-to-end security.”
(According to one observer, “enterprise” customers route their coded messages through the corporate servers, whereas retail customers route their communications through BlackBerry’s headquarters.)
The RCMP-led investigation resulted in the arrest of 33 suspects on drug-trafficking, assault, extortion, kidnapping and arson charges.
Two feuding “cells” were targeted in the probe.
One was associated with Giuseppe (Ponytail) De Vito, known as a captain in the Mafia “family” controlled by the Montreal godfather Vito Rizzuto. He died suddenly of cyanide poisoning in a federal penitentiary last year. The other cell was allegedly headed by Antonio and Roberto Bastone, two brothers arrested Thursday.
News that Mounties in Quebec had managed to intercept PIN-to-PIN messages first surfaced more than two years ago.
Then, alleged Rizzuto associate Raynald Desjardins was arrested on first-degree-murder charges in the shooting death of Salvatore (Sal the Ironworker) Montagna. The dead man was identified by U.S. authorities as a former acting head of New York’s notorious Bonanno crime family of New York.
The new charges filed in Operation Clemenza suggest a much wider net was being cast at that time.
Yet, like all telecommunications companies in Canada and abroad, BlackBerry must oblige lawful orders when government authorities seek corporate help in advancing investigations.
The sweeping nature of such orders in foreign jurisdictions became clearer last week, when the U.K. communications giant Vodafone publicly complained it is being forced to cede “direct access” to its databases in a handful of foreign countries where local laws give governments complete warrantless access.
By law, Canadian interception practices are far more constrained. Yet in recent years, even federal government security agencies have warned employees not to trust their government-issued BlackBerrys too much – given how unnamed adversaries can figure out ways to see what is being written.
“Messages protected using [BlackBerry’s] global encryption key … consider [these] messages only as ‘scrambled’ and not ‘encrypted,’ ” reads part of a presentation that is given to new recruits at Communications Security Establishment Canada.
CSEC ought to know. The federal electronic-intelligence agency has spent 70 years making and cracking codes for the benefit of Ottawa officials. Slides leaked last year by former U.S. security contractor Edward Snowden strongly suggest that CSEC was part of a U.K.-led effort to crack BlackBerrys controlled by foreign diplomats attending a 2009 G20 meeting in London.
Records previously obtained by The Globe show that the RCMP sought CSEC’s investigative help on 85 occasions between 2009 and 2012. It is not known whether Operation Clemenza was part of any of these requests.