While RCMP Says Spyware Use Is Legal, It’s ‘Extremely Intrusive’: Former Privacy Commissioner


While the RCMP says the use of spyware is legal, “there is no question” that police covertly collecting personal and other information from Canadians’ devices “is an extremely intrusive practice,” says former privacy commissioner Daniel Therrien.

Testifying as part of a parliamentary study into the RCMP’s use of “on-device investigative tools” or ODITs, Therrien said that while the RCMP has the ability to hack into electronic devices, such an invasion of privacy may still be possible. justified.

“What is at stake is the balance between privacy and other public interests,” Therrien said Tuesday during testimony before the House of Commons Ethics, Privacy and Access to Information Committee.

“There’s no question that this particular tool is extremely intrusive, more intrusive than traditional wiretapping tools. It doesn’t just record communications on the phone between Person A and B. It’s on the phone, on the digital device of the individual”. he said.

To maintain that balance, Therrien said “there has to be an extremely compelling public interest to justify the state being able to have that kind of information and use these tools.”

During Monday’s testimony, it was revealed that the RCMP has been using spyware for longer years and in larger criminal investigations than previously reported to Parliament.

MPs also heard that, to date, the RCMP has not consulted with Canada’s privacy commissioner about the actions of the Technical Investigative Services’ covert access and interception team.

Therrien, who was Canada’s privacy commissioner from 2014 to 2022, told lawmakers on Tuesday that he also learned about spyware use at the same time as the rest of the country.

The former privacy watchdog said it was “shocked by the tool itself, how intrusive it is and that I’ve used it for so long.”

“It’s the inclusiveness of the tool that surprised me, not the fact that the state would use the technology in the context of investigations,” Therrien said.

Therrien added that he was also surprised that, given years of public debate over legal access and encryption, the RCMP did not inform him, in his capacity as privacy commissioner, about his ability to use spyware tools.

The committee launched the special summer study to further explore the RCMP’s use of these tools, after papers filed in the House of Commons in June shed new light on the RCMP’s covert installation of spyware. police force capable of remotely accessing cell phones and computer microphones, cameras, as well as other information on suspects’ devices.

Tuesday’s hearings follow hours of testimony Monday from Public Safety Minister Marco Mendicino, senior RCMP officials and Canada’s privacy commissioner.

The hearings will continue Tuesday afternoon, followed by Canada’s Privacy and Access Council Chair Sharon Polsky, followed by representatives from Citizen Lab and the Canadian Civil Liberties Association.


According to RCMP Commissioner Brenda Lucki, the RCMP has used ODIT in 32 investigations to target 49 devices since 2017. However, RCMP Assistant Commissioner Mark Flynn told committee members Monday that the RCMP has been using technology with similar capabilities dating back to the early 2000s

The minister and the RCMP sought to emphasize to MPs how these encryption circumvention tools are used very rarely, in a specific way that respects the Charter, in a limited number of types of investigations such as terrorism and organized crime, and only with judicial. authorization issued after demonstrating a high threshold of probable cause.

While it declined to provide details about what software is being used, citing “the need to safeguard the ability to effectively use investigative tools on the device,” the government confirmed Monday that it is not the controversial software developed by the Israeli firm NSO Group called Pegasus. .

Privacy Commissioner Phillippe Dufresne argued that the late disclosure by national police forces of their use of such intrusive tools is a clear example of why Canada’s privacy laws need to be updated to force federal agencies to be Up front about plans to use any technology that might have privacy implications.

The commissioner suggested that doing so would also go a long way toward increasing Canadians’ trust in institutions.

As part of its work, the committee has asked the RCMP to provide a list of arrest warrants obtained, as well as other related information; however, this request has met with resistance from the RCMP, prompting the committee to explore its options to compel more information in an appropriate setting.

On Tuesday, Therrien told MPs from his years of experience pushing to update Canada’s Privacy Act that “in order to come to the conclusion that we need legislative change, we would first need to know how the privacy laws have been applied.” current provisions and test if there should be no concern”.

The committee aims to finish its study and present a report to the House of Commons, with possible recommendations for changes to the law or oversight mechanisms, by the start of the fall session on September 19.

Leave a Comment