Canada
Experts voice privacy concerns over RCMP’s use of ‘intrusive’ spyware
OTTAWA – Privacy and civil liberties experts are sharing their concerns Tuesday with MPs studying the RCMP’s yearslong use of spyware in major investigations, calling the previously undisclosed tools “extremely intrusive” and criticizing the RCMP’s belated disclosure of its use of these tools.
Canada’s former privacy commissioner Daniel Therrien said that while he believes the RCMP when they say its use of spyware is lawful and warranted, there is “no doubt” the covert collection by police of personal and other information from Canadians’ devices “is an extremely intrusive practice.”
“What’s at play is the balancing of privacy and other public interests,” Therrien said Tuesday during his testimony before the House of Commons Access to Information, Privacy and Ethics Committee as part of its study into the RCMP’s use of “on-device investigation tools,” or ODITs.
“There is no question that this particular tool is extremely intrusive, more intrusive than traditional wiretap tools. It does not just record communications on the phone between person A and B. It sits on the phone, on the digital device of the individual,” he said.
Given this, Therrien said there “needs to be an extremely compelling public interest to justify the state being able to have that kind of information and use these tools.”
While the courts do have a judicial oversight role, Therrien is suggesting there could also be an additional layer of privacy-focused oversight from a body such as the Office of the Privacy Commissioner of Canada.
“I don’t think the RCMP is a rogue institution. And currently, they say, and I accept that they use ODITs only with judicial authorization… That said it might well be a good idea to have auditing processes,” Therrien said.
The committee struck up the special summer study to further explore the RCMP’s use of these tools, after documents tabled in the House of Commons in June shed new light on the police force’s covert installation of spyware capable of remotely accessing cell phone and computer microphones, cameras, as well as other information on suspects’ devices.
Throughout the study, attempts have been made by MPs to clarify the RCMP’s use of these tools are limited and not “mass surveillance.”
Hearings will be continuing Tuesday afternoon, with representatives from Citizen Lab and the Canadian Civil Liberties Association slated to testify starting at 3 p.m. ET.
FORMER COMMISSIONER ‘SURPRISED’
To date, the RCMP has not consulted with Canada’s privacy commissioner about the spyware use conducted by the Technical Investigation Services’ Covert Access and Intercept Team. Privacy Commissioner Phillippe Dufresne says there are plans for a briefing scheduled later this month.
Therrien, who was Canada’s privacy commissioner between 2014 and 2022, told MPs on Tuesday — like his successor — he also learned about the spyware use at the same time as the rest of the country.
The former privacy watchdog said he was “surprised by the tool itself, and how intrusive it is, and that it was used for so long.”
“It is the inclusiveness of the tool that surprised me, not the fact that the state would use technology in the context of investigations,” Therrien said.
Therrien added he was also surprised that given the years of public debate over lawful access and the issue of encryption, the RCMP did not inform him – in his capacity as the privacy commissioner — of their ability to use spyware tools.
Privacy and Access Council of Canada President Sharon Polsky told MPs on Tuesday she agrees it is problematic the RCMP has not collaborated with the privacy commissioner, despite there being no legal requirement to do so.
“It’s only after they get caught with their hands in the cookie jar. I think they’re doing themselves a disservice, they and every law enforcement agency across the country, a disservice when they are not forthcoming,” she said in response to a question from Conservative MP and committee member Damien Kurek on Tuesday.
“It also puts them on the defensive rather than coming forward and saying, ‘We need to use this type of tool’ … Help educate the public as to why you need this particular type of tool. Don’t wait to be put on the hot seat,” Polksy said.
RCMP SHEDS NEW LIGHT ON USE
Tuesday’s hearings follow hours of testimony on Monday from Public Safety Minister Marco Mendicino, senior RCMP officers, and Canada’s privacy commissioner.
During those hearings, it was revealed the RCMP has been using spyware for years longer and in more major criminal investigations than what was previously reported to Parliament.
The minister and top officers sought to emphasize to MPs how these tools to bypass encryption are used extremely rarely, in a targeted fashion that upholds the Charter, in a limited number of types of investigations such as terrorism and organized crime, and only ever with judicial authorization issued after demonstrating a high threshold of probable cause.
According to RCMP Commissioner Brenda Lucki, the RCMP has used ODITs in 32 investigations to target 49 devices since 2017. However, RCMP Assistant Commissioner Mark Flynn indicated to committee members on Monday the RCMP has actually been using technology with similar capabilities dating back to the early 2000s.
As part of its work, the committee has called for the RCMP to provide a list of warrants obtained as well as other related information, however, this request has been met with resistance from the RCMP, prompting the committee to explore its options to compel further information in an appropriate setting such as an in-camera meeting or through redacted documents.
Further, the RCMP has refused offer any details about what specific software is being used, citing “the necessity to safeguard the ability to effectively use on-device investigative tools.” While the government confirmed on Monday it is not the controversial software developed by Israeli firm NSO Group called Pegasus, MPs have questioned why the name of the vendor is being withheld.
“It’s hard to imagine how the name of a vendor would undermine national security,” said Liberal MP Nathaniel Erskine-Smith during the first of Tuesday’s two meetings.
On Tuesday, Therrien told MPs from his years of experience pushing for updates to Canada’s Privacy Act that, “to come to the conclusion that we need legislative change, we would first need to know how the current provisions have been applied, and to prove if there’s to be any concern.”
While some committee members have expressed a desire to extend their probe, no further public meetings to hear from witnessess have been scheduled as part of this study. When the committee initially agreed to take on this special summer study, the aim wa to finalize the report—with potential recommendations for changes to Canada’s privacy laws or oversight mechanisms, as has been suggested by some witnesses— in advance of the start of the fall sitting, on Sept. 19.
Tragic Collision: 13-Year-Old Killed, 4 Others Critical in Que. Highway Crash
Taiwan Plans Two-Day Missile Test
157 Arrested in France Amid Overnight Riots Over Teen’s Death
Drug Cartel Violence Surges in Mexico After Anti-Gang Activist’s Death
