Research in Motion/Blackberry Device Exploitation Guidelines for Law Enforcement

The following table describes Research in Motion/Blackberry requirements for disclosure of user data to law enforcement. The table shows what legal process is required to request user data, the type of data each process can typically obtain and the legal authorities authorizing each form of request. The table is from a course for DEA agents on mobile device exploitation and is accompanied by a script to be read by an instructor.

Request TypeRequired Legal ProcessStatutory AuthorityInformation Generally Available
Basic Subscriber Account InformationAdministrative Subpoena18 U.S.C. § 2703 (c) (2)
  • User name rarely available

  • Billing address not available

  • Date account established often available

  • Billing phone number not available

  • Email address associated with account available if RIM Provided email account, e.g. enduser@carrier.blackberry.net, or if the email account is a third party integrated ISP email account, e.g. enduser@ISP.com, not available if email is simply forwarded from a BB account

  • Phone number, SIM, IMSI, IMEI, and PIN number associated with the Smartphone often available, carrier/service provider information, chat names, BES info (rarely available), SIM registration and authentication information
BES Server Identifying InformationAdministrative Subpoena18 U.S.C. § 2703 (c) (2)
  • BES IP Address available

  • Billing Information maybe available
Transactional RecordsCourt Orders18 U.S.C. § 2703 (d)
  • PIN to PIN logs

  • BBM logs

  • Browser logs, requesting large time frames of browser logs will substantially delay your return of information

  • SIM Card history logs

  • BIS email logs
Content of emailPreservation Letter18 U.S.C. § 2703 (f)
  • Prior to serving a search warrant, a preservation letter MUST be sent to RIM
Content of emailSearch Warrant18 U.S.C. § 2703 (a)
  • Maybe available for 30 days if target has RIM provided email account, e.g.enduser@carrier.blackberry.net, and the message is over 2KB
Content of email sent via BESN/AN/A
  • Not available, RIM does not have BES encryption keys
Content of PIN to PIN MessagesCourt OrdersTitle 3
  • RIM does not retrospectively retain content for PIN to PIN messages, RIM does possess a data intercept capability of PIN Messages
Content of BBMCourt OrdersTitle 3
  • RIM does not retrospectively retain content for BBM messages, RIM does possess a data intercept capability of BBM Messages
Content of email sent via BISCourt OrdersTitle 3
  • RIM has a data intercept capability of RIM provided email such as enduser@carrier.blackberry.net
Pen RegisterCourt Orders18 U.S.C. § 3122 and 3123
  • RIM has the capability to conduct a PR/TT of communications occurring over PIN to PIN messages and Blackberry Messenger
T-IIICourt OrdersTitle 3
  • RIM has a data intercept capability to intercept communications occurring over PIN to PIN messages, Blackberry Messenger and RIM provided emails

Share this:

Facebooktwitterredditlinkedinmail