Rcmp Spyware Minister Defends Years Of Use

During hours of witness testimony at the House of Commons Access to Information, Privacy and Ethics Committee, a number of remarkable revelations were made Monday about the RCMP’s use of “on-device investigative tools,” or ODITs. Specifically, it was revealed that the number of years and the number of investigations in which these techniques have been deployed extended beyond what had previously been reported to Parliament, and that to date the RCMP has not consulted with Canada’s privacy commissioner about the use of spyware to essentially hack into electronic devices. “ODITs are extremely rarely used[ly] and in limited cases. Their use is always targeted, is always time-limited and should never be unwarranted or mass surveillance. These tools are not used covertly … and the evidence collected, including how it was collected, is subject to disclosure and judicial review,” RCMP Deputy Commissioner for Specialized Policing Services Bryan Larkin told MPs, insisting the use of spyware by the RCMP is entirely within the law. “The amount and type of data collected is determined on a case-by-case basis and under strict terms and conditions,” Larkin said, explaining how police “surreptitiously” install a computer program on suspects’ devices. The commission commissioned the study to determine what tools the RCMP uses, and the terms and conditions of using that software, after documents tabled in the House of Commons in June shed new light on the installation of spyware by police to conduct surveillance and tracking and data collection from digital devices. “Police sometimes need to use advanced technology-based capabilities to address investigative obstacles, such as those caused by encryption,” reads part of the RCMP’s submission to the House of Commons. The agency also said at the time that those “on the device are investigating [sic] tools” were used 10 times between 2018-2022 and that “in each case judicial authorization was obtained” before the tools were deployed. In a later disclosure to the commission, RCMP Commissioner Brenda Lucki confirmed that national police have in fact used this technology on the device in 32 investigations to target 49 devices since 2017. Lucki also provided a list of the types of investigations the RCMP has used the technology for, according to Liberal MP and committee member Lisa Hepfner, who read her response during Monday’s hearing, citing terrorism , kidnapping, drug trafficking and murder as examples. The information developed further Monday afternoon when a senior RCMP officer suggested to MPs that the RCMP has in fact used technology with similar capabilities for two decades. “I don’t know where all the technology used here comes from, but I can say that I have a long history with it and from 2002 to 2015. It was all Canadian technology that we used.” said RCMP Assistant Commissioner Mark Flynn. “We have never used this tool without prior court authorization. However, having said that, if a situation arose that required it, there are provisions that allow certain designated individuals to use this type of tool to monitor communications in emergency situations, but I’m not aware of any situation where that’s been done,” Flynn said. “And, the sheer practicality of developing that type of tool and technique would take it beyond the time period in which such an authorization would be valid.” THE SOFTWARE IS NOT PEGASUS: I ASK Appearing shortly before senior RCMP officials, Mendicino said he is confident the RCMP’s use of software to conduct surveillance and data collection as part of its investigations has been limited by law to only be allowed for “the most serious offences.” “. “There are strict requirements in the Criminal Code that require accountability, including what facts the RCMP will rely on before court approval of this type of technique. There are other safeguards to ensure that only certain agents make these applications to court.” he said during a hearing as part of the special summer study on the subject. Mendicino said the type of spyware tools being considered by the committee are considered an “investigative necessity,” pursued only as a last resort. He said that in seeking court approval to use these tools, the RCMP must “balance ensuring that the state has the tools necessary to protect the safety and security of all Canadians while also upholding Charter rights of the people .” While it declined to offer many details about the specific software being used, citing “the need to ensure the ability to effectively use investigative tools on the device,” the government confirmed that it is not Pegasus. Controversial spyware developed by Israeli company NSO Group has raised alarm bells internationally after it was discovered that it is being used by governments in many countries to hack phones and spy on politicians, journalists, businessmen and human rights activists. “I want to be clear with committee members that Pegasus technology is not used by the RCMP,” the public safety minister said, suggesting the federal government has banned the use of that particular software. Medicino also said Monday that the tools were not used during the time period in which the emergency law was enacted in response to the Freedom Accord protests and blockades earlier this year. “WE ARE IN REACTIVE MODE”: COMMISSIONER Prior to Mendicino’s testimony, Canada’s privacy commissioner testified before the committee, making sure to argue that the late disclosure of use of these tools is a clear example of why Canada’s privacy law needs updating. “The Privacy Act does not require the RCMP or any government agency to prepare privacy impact assessments… in my view, but the Treasury Board does in its policies. I hope to see this as a binding legal obligation in a modernized version of the Act on privacy,” Commissioner Phillippe Dufresne told the committee on Monday. The Office of the Privacy Commissioner of Canada has been advocating updating Canada’s privacy laws in many ways for years. On Monday, the commissioner tried to argue that this case is representative of why it should become a legal obligation for government agencies and agencies like the RCMP to present a proactive privacy assessment for any new tools. He tried to argue that it would allow the commissioner to provide meaningful input, while taking into account confidentiality issues, before they were put to use. In that case, the commissioner said the RCMP launched a privacy impact assessment on the spyware in 2021, years after it first came into use. “We see situations like this, where this is done very slowly, after the tools have been in use for some time. So we are not able to deal with or prevent, we are in a reactive mode. And advice and recommendation, I hope this becomes legal obligation in the Privacy Act, because then hopefully there will be more timely compliance with that requirement,” Dufresne said. “This is not about choosing between the public interest and the privacy of Canadians, but these checks and assessments should be done before the fact and should not be something we discover in a media article or a committee meeting for example. So. Those preliminary checks should be done and my office consulted when necessary,” he said, suggesting that doing so would go a long way toward increasing Canadians’ trust in intuitions, knowing that the implications of the new technology in privacy were evaluated from the beginning. Mendicino said Monday that the federal government is “committed” to working with the privacy commissioner’s office on that file, saying it was “unfortunate” that the top federal privacy authority wasn’t involved from the start, but it won’t was committed to pursuing new privacy requirements for the RCMP under the Act. RCMP YET TO SHARE INFORMATION Parliament’s privacy watchdog said it first learned about the spyware in June, after documents tabled in Parliament at the request of a Conservative MP were first reported by Politico. At the time, his office contacted the RCMP asking for more information. The RCMP have yet to provide anything, but have indicated they intend to provide the Commissioner with a briefing and demonstration later this month. Dufresne said his office will review the information obtained from that meeting to “ensure that any privacy-infringing programs or activities are legally authorized, necessary to meet a specific need, and that the invasion of privacy caused from the program or activity is commensurate with the audience. the interest is at stake”. If the commissioner finds that the RCMP’s use of these spyware tools has privacy deficiencies, his office will provide the RCMP with recommendations for changes. “We would expect them to make the necessary changes,” he told the committee. When told of the lack of information sharing with the privacy commissioner, Conservative MP and committee member Damien Kurek said it was “disappointing” and “doesn’t set a good precedent”. Kurek said it reminded him of behaviors by other federal agencies the committee had previously examined through their work on mobility data and facial recognition software. PRIVACY EXPERTS TO TESTIFY A second full day of hearings is scheduled for…

title: “Rcmp Spyware Minister Defends Years Of Use " ShowToc: true date: “2022-11-07” author: “Marianne Gregoire”

During hours of witness testimony at the House of Commons Access to Information, Privacy and Ethics Committee, a number of remarkable revelations were made Monday about the RCMP’s use of “on-device investigative tools,” or ODITs. Specifically, it was revealed that the number of years and the number of investigations in which these techniques have been deployed extended beyond what had previously been reported to Parliament, and that to date the RCMP has not consulted with Canada’s privacy commissioner about the use of spyware to essentially hack into electronic devices. “ODITs are extremely rarely used[ly] and in limited cases. Their use is always targeted, is always time-limited and should never be unwarranted or mass surveillance. These tools are not used covertly … and the evidence collected, including how it was collected, is subject to disclosure and judicial review,” RCMP Deputy Commissioner for Specialized Policing Services Bryan Larkin told MPs, insisting the use of spyware by the RCMP is entirely within the law. “The amount and type of data collected is determined on a case-by-case basis and under strict terms and conditions,” Larkin said, explaining how police “surreptitiously” install a computer program on suspects’ devices. The commission commissioned the study to determine what tools the RCMP uses, and the terms and conditions of using that software, after documents tabled in the House of Commons in June shed new light on the installation of spyware by police to conduct surveillance and tracking and data collection from digital devices. “Police sometimes need to use advanced technology-based capabilities to address investigative obstacles, such as those caused by encryption,” reads part of the RCMP’s submission to the House of Commons. The agency also said at the time that those “on the device are investigating [sic] tools” were used 10 times between 2018-2022 and that “in each case judicial authorization was obtained” before the tools were deployed. In a later disclosure to the commission, RCMP Commissioner Brenda Lucki confirmed that national police have in fact used this technology on the device in 32 investigations to target 49 devices since 2017. Lucki also provided a list of the types of investigations the RCMP has used the technology for, according to Liberal MP and committee member Lisa Hepfner, who read her response during Monday’s hearing, citing terrorism , kidnapping, drug trafficking and murder as examples. The information developed further Monday afternoon when a senior RCMP officer suggested to MPs that the RCMP has in fact used technology with similar capabilities for two decades. “I don’t know where all the technology used here comes from, but I can say that I have a long history with it and from 2002 to 2015. It was all Canadian technology that we used.” said RCMP Assistant Commissioner Mark Flynn. “We have never used this tool without prior court authorization. However, having said that, if a situation arose that required it, there are provisions that allow certain designated individuals to use this type of tool to monitor communications in emergency situations, but I’m not aware of any situation where that’s been done,” Flynn said. “And, the sheer practicality of developing that type of tool and technique would take it beyond the time period in which such an authorization would be valid.” THE SOFTWARE IS NOT PEGASUS: I ASK Appearing shortly before senior RCMP officials, Mendicino said he is confident the RCMP’s use of software to conduct surveillance and data collection as part of its investigations has been limited by law to only be allowed for “the most serious offences.” “. “There are strict requirements in the Criminal Code that require accountability, including what facts the RCMP will rely on before court approval of this type of technique. There are other safeguards to ensure that only certain agents make these applications to court.” he said during a hearing as part of the special summer study on the subject. Mendicino said the type of spyware tools being considered by the committee are considered an “investigative necessity,” pursued only as a last resort. He said that in seeking court approval to use these tools, the RCMP must “balance ensuring that the state has the tools necessary to protect the safety and security of all Canadians while also upholding Charter rights of the people .” While it declined to offer many details about the specific software being used, citing “the need to ensure the ability to effectively use investigative tools on the device,” the government confirmed that it is not Pegasus. Controversial spyware developed by Israeli company NSO Group has raised alarm bells internationally after it was discovered that it is being used by governments in many countries to hack phones and spy on politicians, journalists, businessmen and human rights activists. “I want to be clear with committee members that Pegasus technology is not used by the RCMP,” the public safety minister said, suggesting the federal government has banned the use of that particular software. Medicino also said Monday that the tools were not used during the time period in which the emergency law was enacted in response to the Freedom Accord protests and blockades earlier this year. “WE ARE IN REACTIVE MODE”: COMMISSIONER Prior to Mendicino’s testimony, Canada’s privacy commissioner testified before the committee, making sure to argue that the late disclosure of use of these tools is a clear example of why Canada’s privacy law needs updating. “The Privacy Act does not require the RCMP or any government agency to prepare privacy impact assessments… in my view, but the Treasury Board does in its policies. I hope to see this as a binding legal obligation in a modernized version of the Act on privacy,” Commissioner Phillippe Dufresne told the committee on Monday. The Office of the Privacy Commissioner of Canada has been advocating updating Canada’s privacy laws in many ways for years. On Monday, the commissioner tried to argue that this case is representative of why it should become a legal obligation for government agencies and agencies like the RCMP to present a proactive privacy assessment for any new tools. He tried to argue that it would allow the commissioner to provide meaningful input, while taking into account confidentiality issues, before they were put to use. In that case, the commissioner said the RCMP launched a privacy impact assessment on the spyware in 2021, years after it first came into use. “We see situations like this, where this is done very slowly, after the tools have been in use for some time. So we are not able to deal with or prevent, we are in a reactive mode. And advice and recommendation, I hope this becomes legal obligation in the Privacy Act, because then hopefully there will be more timely compliance with that requirement,” Dufresne said. “This is not about choosing between the public interest and the privacy of Canadians, but these checks and assessments should be done before the fact and should not be something we discover in a media article or a committee meeting for example. So. Those preliminary checks should be done and my office consulted when necessary,” he said, suggesting that doing so would go a long way toward increasing Canadians’ trust in intuitions, knowing that the implications of the new technology in privacy were evaluated from the beginning. Mendicino said Monday that the federal government is “committed” to working with the privacy commissioner’s office on that file, saying it was “unfortunate” that the top federal privacy authority wasn’t involved from the start, but it won’t was committed to pursuing new privacy requirements for the RCMP under the Act. RCMP YET TO SHARE INFORMATION Parliament’s privacy watchdog said it first learned about the spyware in June, after documents tabled in Parliament at the request of a Conservative MP were first reported by Politico. At the time, his office contacted the RCMP asking for more information. The RCMP have yet to provide anything, but have indicated they intend to provide the Commissioner with a briefing and demonstration later this month. Dufresne said his office will review the information obtained from that meeting to “ensure that any privacy-infringing programs or activities are legally authorized, necessary to meet a specific need, and that the invasion of privacy caused from the program or activity is commensurate with the audience. the interest is at stake”. If the commissioner finds that the RCMP’s use of these spyware tools has privacy deficiencies, his office will provide the RCMP with recommendations for changes. “We would expect them to make the necessary changes,” he told the committee. When told of the lack of information sharing with the privacy commissioner, Conservative MP and committee member Damien Kurek said it was “disappointing” and “doesn’t set a good precedent”. Kurek said it reminded him of behaviors by other federal agencies the committee had previously examined through their work on mobility data and facial recognition software. PRIVACY EXPERTS TO TESTIFY A second full day of hearings is scheduled for…