News·CBC Investigates

Inside 10 cases where the RCMP hit a digital wall

The RCMP shared details of 10 "high-priority" investigations with CBC News and the Toronto Star to begin a public debate on expanding police capabilities while investigating crimes involving digital and online evidence.

Mounties make their case for new powers to track tech-savvy suspects

Two hands shaded in greeny-dark hover over a laptop keyboard, with the screen above showing vertical rows of 1s and 0s.
Police say they need new investigative powers to track tech-savvy suspects who hide their digital tracks. (Kacper Pempel/Reuters)

The RCMP shared details of 10 "high-priority" investigations with CBC News and the Toronto Star to begin a public debate on expanding police capabilities while investigating crimes involving digital and online evidence.

This coincides with a federal review of Canada's Anti-Terrorism Act and a public consultation on the government's green paper on national security, which includes proposals to enhance police powers.

The RCMP provided summaries and interviews on the cases but withheld names, locations and key details that could compromise ongoing investigations, prosecutions and secretive police techniques.

The CBC's Dave Seglins, left, and Robert Cribb of the Toronto Star underwent the RCMP’s top secret security clearance so they could review case summaries at headquarters in Ottawa. (RCMP)

CASE 1: Child abuse video on locked phone

Police have testimony from a child alleging sexual assault by their father who they say recorded the crime on his phone. The phone is locked by a pass code and investigators have not been able to access the video. Police have no legal authority to compel the man to unlock his phone. The case remains under investigation.

CASE 2: VoIP phones encrypted

The RCMP obtained a warrant to tap the phones of an individual suspected of financial fraud in Eastern Canada, only to discover that the VoIP (voice-over-internet protocol) phone network the suspect was using encrypted the calls. Police made several covert entries into the suspect's office to install devices to bug the calls. At one point, the interception method failed, and for two weeks "valuable" evidence was missed.

CASE 3: 'Too much information'

Police say they intercepted cell and residential communications of a "high-risk traveller" in Eastern Canada suspected of planning to join a terrorist group overseas. The internet/phone provider lacked interception capabilities, so police spent considerable resources to install their own equipment, but were eventually swamped by 21 million data points (web searches, images, videos, texts). Much of the data was encrypted and unintelligible. The case remains under investigation.

CASE 4: Delays seeking foreign information

Police waited close to four months to get "high-value" evidence in order to stop a suspected "high-risk traveller" from leaving Western Canada to join extremists overseas. Police say they concluded the case but were hampered by an inability to intercept communications outside of Canada and delays in the MLAT (mutual legal assistance treaty) process. Police had to forward a Canadian judge's order through government channels so it could then be delivered to a social media company outside the country. The company eventually filled the order, sending the material back to police — again through government channels — but police discovered the messages were encrypted and unreadable.

CASE 5: A 10-month wait to access records

During an investigation into a group of ISIS supporters who police believed were "high-risk travellers" based in Eastern Canada, the RCMP spent 10 months trying to obtain social media communications outside Canada. Analysis of the data is continuing, and police have evidence that one of the suspects is abroad in a "high-risk country." The case remains under investigation.

Police, Power and Privacy: A 5-part series

  • Wednesday: Exclusive interview with RCMP Commissioner Bob Paulson

Case 6: Terrorist group communications prove elusive

The Mounties say they're investigating a group of individuals suspected of participating in a terrorist organization and plotting to travel overseas. Police attempted a court-ordered interception of their devices but found the communications were encrypted. As a result, police had to design technical solutions, which meant they needed an extension of the court order, and this has delayed the process. The communications among the suspects have not been obtained. The case is still under investigation.

CASE 7: Digital chatter unreadable

Police obtained warrants to conduct surveillance on a group of people in Eastern Canada suspected in a terrorism conspiracy in 2014. Police discovered the main suspect's phone was connecting to multiple cellular networks, none of which was technically equipped to intercept the suspect's text and internet traffic. The Mounties spent two months and $250,000 to engineer a custom tool that would intercept the target's communications, only to discover all of it was encrypted and unreadable. The individuals remain under investigation.

Case 8: Interception too costly

The Mounties seized kilos of cocaine and arrested low-level members of an alleged drug and human trafficking organization in Eastern Canada. After obtaining a warrant to monitor suspects' communications, investigators determined it would cost hundreds of thousands of dollars to install interception hardware at the targets' internet service provider. Police abandoned the effort and resorted to using undercover officers and agents. The alleged criminal bosses and their organization are still operational.

CASE 9: Laptops, phones blocked

The RCMP, working with foreign intelligence agencies, obtained warrants to intercept residential and cellular traffic of a group of suspected "high-risk travellers" in a city in Western Canada. Police believed they were planning to join extremist groups overseas. Investigators attempted to intercept more than 30 laptops, cellphones and computers being used by the group but could only "successfully infiltrate" two of them. While those two devices delivered a bounty of evidence — 4.4 million pieces of data, including videos, images, web pages, text messages and emails — some of the data was encrypted and unreadable.

CASE 10: Aaron Driver's encrypted chats

Aaron Driver, a 24-year-old ISIS supporter suspected of planning a major urban attack, was killed by police outside a house in Strathroy, Ont., back in August. (Rob Campbell-Pereira/Facebook)

RCMP investigators were unable to read ISIS supporter Aaron Driver's encrypted messages in 2015 with suspects involved in attacks in Texas and Australia. They say encryption thwarted their ability to understand how far along Driver may have been in his bomb plot. He was killed in August 2016 outside his home in Strathroy, Ont., after police were tipped off to a martyrdom video Driver had made. The FBI alerted Canadian police to an "imminent" attack. He was killed amidst police gunfire and the partial detonation of a bomb he was carrying.

ABOUT THE AUTHOR

Dave Seglins and Chelsea Gomez are journalists with the CBC News Investigative Unit in Toronto. They partnered with Robert Cribb, investigative journalist at the Toronto Star, to examine the growing digital challenges in police investigations and proposals to change laws affecting the privacy of Canadians. [email protected] and [email protected]