Tired of having to muscle its way past encrypted evidence using traditional means, the RCMP is looking to Canadian small businesses to create new decryption solutions using artificial intelligence (AI).
The Mounties and other federal departments are challenging firms to create an AI-based decryption solution to make it easier to crack encrypted data seized during criminal investigations than its current tactics.
There’s no assurance the force will actually award a contract. The competition announcement, made Thursday, says the force could pay up to $1 million to develop a working prototype to those who make the final round of applicants. Proposals are due by December 16.
“The current method of utilizing massive decryption systems and attempting to brute force a password is both very inefficient and overall, rarely successful,” the force explained in its announcement.
“The standard practice of individuals using encryption is increasing worldwide, as such is becoming the single most effective method to stymie criminal investigations. This challenge aims to leverage public sector innovation to help address this issue, as it may help other federal agencies such as Canada Border Services Agency, the Department of Defense, Department of Fisheries and Oceans, Canada Radio-television and Telecommunications Commission and the Canada Revenue Agency.”
The competition deals with encrypted documents and not encrypted wireless communications.
Proposed solutions must:
–accept and process material of any size from common forensic file types. (for example, e01, ad1, dd, ex01);
–generate subject-specific password word lists based on a user’s data activity, a user’s interests and passwords discovered on ingested forensic images;
–process web history from common web browsers;
–process common documents, such as files from Microsoft Word, Excel, Adobe and others;
–and export password derivatives in text format for use in decryption software.
Proposed solutions should also be able to identify common encrypted files from the device images (for example luks, bitlocker, truecrypt and others); ingest known passwords into a database, and utilize that database to generate password derivatives; have a user-friendly graphical user interface (GUI); and initiate decryption jobs using generated password lists using common decryption software such as Elcomsoft, Passware, Hashcat and others.
Eligible firms must have 499 or fewer full-time equivalent employees, with research and development activities that take place in Canada. Not all employees have to live here, but half or more of the firm’s annual wages, salaries and fees have to be currently paid to employees and contractors who spend the majority of their time working in here.
In addition, half or more of its senior executives (vice-president and above) must have Canada as their principal residence.
The contest will have two phases. In phase one, winning firms can get up to $150,000, excluding applicable taxes, shipping, travel and living expenses. Phase one contracts would last up to six months.
Applicants making it to phase two could get a contract of up to $1 million, excluding applicable taxes, shipping, travel and living expenses, for up to 24 months.
The challenge is being offered under the government’s Innovative Solutions Canada program, where government departments can ask small businesses to come up with a new product, service or solution that answers a specific challenge they face. The government says it could act as a first customer under this program, helping businesses commercialize their innovations.