RCMP officials and the federal Public Safety Minister side-stepped a number of key questions during a parliamentary hearing over the law-enforcement agency’s use of controversial tools that secretly capture data from cellphones.
Members of Parliament on Monday pressed the officials to reveal details about the software that the service is using to pry into the cellphones of suspects. While officials confirmed that the RCMP is not using Pegasus – a highly controversial hacking software developed and licensed by the Israeli company NSO Group – they did not offer the name of the company or program being used.
Ahead of the hearings, the House standing committee on access to information, privacy and ethics, which is conducting a two-day study of the RCMP’s use of the tools, asked the force for a list of warrants that had been issued to use it.
In a letter to the committee, a copy of which was obtained by The Globe and Mail, RCMP Commissioner Brenda Lucki declined to offer the information, citing concerns about negatively impacting investigations. Commissioner Lucki did not appear before the committee.
“It was quite disappointing, in fact, troubling to receive, in Commissioner Lucki’s letter, what amounts to a point-blank refusal of information,” said Conservative committee chair Pat Kelly during the hearing. “A blanket refusal to a committee is troubling.”
Parliamentary committee to begin study of RCMP’s use of cellphone spyware
During the hearing, parliamentarians expressed concerns over the RCMP’s transparency. The service did not inform or consult with the Office of the Privacy Commissioner of Canada before establishing its Covert Access and Intercept Team (CAIT) program in 2016. The program uses “on-device investigative tools” (ODITs). MPs also questioned why the RCMP took five years to begin drafting a privacy impact assessment of the program. The assessments are used to help determine the impact of a program on the privacy of Canadians.
The RCMP’s use of these tools was revealed in June in its response to an order-paper question. In its response, the RCMP described being able to use the tools to covertly gain access to text messages, e-mails, photos and videos stored on a cellphone or other electronic device, as well as to collect audio recordings from within range of the device and capture images using a built-in camera.
In his opening statement, Bryan Larkin, the RCMP’s deputy commissioner for specialized policing services, said ODITs are never used to conduct “mass surveillance,” but are targeted, time-limited, and require judicial authorization. He said the numbers on the tools’ usage shows the RCMP’s “cautious and measured approach.”
The RCMP has used ODITs in 32 investigations since 2017, during which 49 devices were targeted, Mr. Larkin said. An RCMP document provided to the committee shows that the use of ODITs appears to be linked to serious cases, including murder and terrorism.
Asked if he could share more information about the technology during an in-camera session, Mr. Larkin told the MPs he would “welcome” the opportunity.
The RCMP began drafting a privacy impact assessment of the CAIT program, including its use of ODITs, in 2021, according to its order-paper response.
Mark Flynn, the RCMP’s assistant commissioner of federal policing, national security and protective policing, said that the agency considers privacy in the content of the material – not the method of delivery.
“This is a new method of invading privacy, but invading privacy at the same level that it had been previously,” he said, referencing long-standing techniques such as installing listening devices and hidden cameras.
Mr. Flynn did note, however, that the RCMP is moving toward being more public about its activities.
Public Safety Minister Marco Mendicino, who testified ahead of RCMP officials, declined to specify what software is being used to conduct the service’s surveillance of cellphones. “Some of the investigative techniques are kept confidential to preserve operational integrity,” Mr. Mendicino said, specifying that Pegasus is not used by the RCMP.
At different points, Conservative MPs Damien Kurek and Ryan Williams, in particular, pressed Mr. Mendicino for specifics on the tools’ use, but received limited answers.
Asked by both MPs if other agencies under Mr. Mendicino’s authority, such as the Canadian Security Intelligence Service or Correctional Service Canada, also use the tools, Mr. Mendicino did not answer directly. He stated that if and when such techniques are used, the use is consistent with the Charter.
“So, we’ll take that as a yes,” Mr. Kurek replied.
Earlier in the day, federal privacy commissioner Philippe Dufresne told the committee that he learned of the RCMP’s use of the tools through the media, after which his office reached out to the RCMP. He said that his office is awaiting a briefing from the RCMP on the use of the tools later this month.
Mr. Dufresne refrained from criticizing the RCMP’s use of ODITs, saying several times that he has yet to review the relevant information related to their use.
The privacy commissioner did not shy away, however, from advocating for a reform to the federal Privacy Act. He hopes to see a legal requirement for government institutions to produce privacy impact assessments ahead of any new program that that could impact Canadians’ privacy. Institutions are currently required to do so by a Treasury Board policy, but not a legal obligation, he explained.
“We see situations like this one where [a privacy impact assessment] is done very late, after the tools have been used for some time,” Mr. Dufresne said. “We’re not in a position where we can address or prevent, we’re in reactive mode.”
The parliamentary committee will hear from privacy advocates and researchers on Tuesday.
For subscribers only: Get exclusive political news and analysis by signing up for the Politics Briefing.