Nature

Longtime watchdog says RCMP use of spyware came as a surprise

The House committee this week launched a study into the use of spyware by the RCMP, following POLITICO’s revelation in June that police forces had admitted to using spyware to hack into mobile devices. . The RCMP has the ability to intercept text messages, emails, photos, videos, financial records and other information from cell phones and laptops, and remotely turn on the camera and microphone of a device.

Documents submitted to the committee by the RCMP indicate that the force used spyware to infiltrate 49 devices in 32 investigations since 2017. The investigations focused on serious crimes, including terrorism, murder and drug trafficking.

On Monday, however, an RCMP official told the committee that police forces had used similar technology as early as 2002. Mark Flynn, RCMP assistant commissioner for national security and protective policing, suggested that the use Intrusive technologies for surveillance had gradually evolved as encrypted communication became more widespread, making traditional wiretapping less useful.

Therrien said he accepts that encryption is a challenge for law enforcement and that there may be compelling reasons to use spyware in some investigations. But he disagreed with the RCMP’s characterization of spyware as just another necessary tool.

“There is no doubt that this particular tool is extremely intrusive. It’s more intrusive than traditional wiretap tools,” he said. “It’s on the individual’s digital device and…police have access to everything on that phone.”

The RCMP has already spoken publicly about the challenges of encryption. In 2016, the police force gave two news outlets an overview of 10 active investigations they said were blocked by encryption. But at the time, the RCMP said nothing about whether it already had tools to overcome the encryption.

Police say spyware is only used in the most serious cases, often involving national security and organized crime, and only with judicial authorization.

Therrien said he had no reason to doubt the force’s claims. “I don’t think the RCMP is a rogue institution,” he said. “I do not assume that the RCMP wishes to breach these terms and conditions. »

Yet he agreed with the recommendation of current Privacy Commissioner Philippe Dufresne, who appeared before the committee on Monday, that government institutions should be legally required to submit impact assessments to his office. on privacy before launching new programs that may affect people’s privacy. “If you want more transparency, make it a legal requirement,” he said.

In documents tabled in the House of Commons in June, the RCMP said it only started writing a privacy impact assessment in 2021, although spyware has already been used for years. . On Monday, Dufresne confirmed that he had not yet received any information from the police about the spyware program, although he expects a briefing later this month.

Therrien also echoed a warning offered to MPs yesterday by Flynn, who said foreign agents were likely targeting them using spyware. “There are a number of countries in the world that are not democratic, don’t care much about the rule of law, and it’s entirely possible…that other states are intercepting the communications of foreign nationals, including including Canadians, for their own purposes,” he told the committee. “According to the RCMP, it is a fact.

Although Therrien conceded that the RCMP may have valid reasons to use spyware in some cases, he said there should be laws governing the sale, import and export of this technology. He also suggested that its use be prohibited outside of law enforcement. “I really don’t see any compelling reason why anyone in the private sector should be able to use this technology,” he said.

On Monday, the RCMP confirmed that it was not using the controversial Pegasus spyware from Israeli company NSO Group. But the force declined to say who provides the technology it uses.

Testifying before the committee later Tuesday, Ronald Deibert, director of the Citizen Lab at the University of Toronto, said the government should be transparent about its spyware vendors. “There’s no operational security reason why we shouldn’t do this,” he said.

Deibert said spyware is a “nuclear-grade technology” and represents “a goldmine of information available to customers.”

The RCMP has a “habit” of adopting new technology and releasing it after the fact, Deibert said. “That’s not how you build trust in a country’s law enforcement. And we are better than that.

Brenda McPhail, director of the Canadian Civil Liberties Association’s privacy, technology and surveillance program, said there should be a moratorium on the use of spyware by law enforcement, pending a public debate on whether and how to use these tools.

She also raised concerns about law enforcement exploiting software vulnerabilities “rather than helping fix them.”

Both Deibert and McPhail have said that there needs to be strict export controls for the Canadian surveillance industry. The industry “currently operates in the shadows,” Deibert said. “We are really asleep at the wheel.”


Politico

Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.
Back to top button