Parliament’s top security committee to probe RCMP's use of spyware

Nick Taylor-Vaisey and Maura Forrest
·3 min read

OTTAWA, Ont. — A top-secret committee of Canadian parliamentarians has launched an investigation into the national police force's use of spyware to conduct covert surveillance.

The all-party National Security and Intelligence Committee of Parliamentarians (NSICOP), chaired by Liberal MP David McGuinty, will conduct a "framework review" of the "lawful interception of communications by security and intelligence organizations."

NSICOP's study will focus on "challenges resulting from the impact of rapidly changing and emerging technology, including the use of end-to-end encryption, and the limitations of the current framework faced with these challenges."

The committee, which includes three senators, three opposition MPs and three Liberal MPs in addition to McGuinty, will also scrutinize the risks posed to Canadians' privacy rights with "modernizing" the rules for national security agencies' data collection methods.

“Maintaining the ability of our security, policing and intelligence organizations to lawfully obtain and use communications data while ensuring the protection of privacy and digital security is essential to protecting Canadians against increasingly complex threats," McGuinty said in a press release.

The background: The issue came to light after POLITICO’s revelation in June that the RCMP had admitted to using spyware to hack mobile devices. The police force has the ability to intercept text messages, emails, photos, videos, financial records and other information from cellphones and laptops, and to remotely turn on a device’s camera and microphone.

The House ethics committee has separately launched a study on the spyware file.

Documents submitted to the committee by the RCMP say the force has used spyware to infiltrate 49 devices as part of 32 investigations since 2017. The investigations involved serious crimes, including terrorism, murder and drug trafficking.

On Aug. 9, an RCMP official told the committee the police force has used similar technology as far back as 2002. Mark Flynn, the RCMP’s assistant commissioner for national security and protective policing, suggested the use of intrusive technology for surveillance has evolved gradually, as encrypted communication became more widespread, making traditional wiretaps less useful.

Experts want action: Canada's former privacy commissioner, Daniel Therrien, said he was never informed about the RCMP’s use of spyware, despite spending eight years as the commissioner, from 2014 until earlier this year.

“It was surprising that in the context of many, many debates in the public about the challenges of encryption, that when I was privacy commissioner, I was not told that a tool was used to overcome encryption,” Therrien told the ethics committee.

Several of the committee's witnesses said privacy needs to be recognized as a fundamental human right, and that Canada needs strict rules about the sale, import and export of intrusive spyware. Therrien said its use should be banned outright in the private sector.

Ronald Deibert, director of the University of Toronto’s Citizen Lab, added his voice to privacy experts calling on the RCMP to be more transparent about its spyware vendors.

The Citizen Lab has evidence of the export of Canadian-made censorship and surveillance tech that has helped to facilitate violations of human rights law and that would be deemed “unacceptable” if it were utilized here, he said.

“I'm shocked to say that there really is zero licensing or export controls in this country for the export or sale of spyware and surveillance technology of the type that we're talking about,” Deibert told MPs.

Zi-Ann Lum contributed to this report.