Privacy Commissioner highlights concerns on RCMP's web surveillance with private tech

A federal watchdog warns that the RCMP may be jeopardizing the privacy of Canadians by engaging third-party technology companies with the ability to unearth sensitive internet information about the public.

Privacy Commissioner Philippe Dufresne, in a report presented to Parliament on February 15, 2024, expressed concerns about the RCMP's dependence on vendors whose services might bypass privacy laws that restrict law enforcement searches.

Mr. Dufresne looked into the RCMP's Project Wide Awake, a data-mining initiative initiated by the force following the 2014 killings of three Mounties. Internal RCMP reviews found that they couldn't handle the huge amount of public social media posts about the killer’s movements.

Now, the RCMP often hires outside companies for investigations, some of which can access hidden internet sources. The Tyee reported on Project Wide Awake in 2019. In 2020, NDP Ontario MP Charlie Angus complained to the Privacy Commissioner.

"Yet the sophistication of some vendors raises questions about whether police are accessing “open source” material – content sitting in plain view – or using the outside expertise to get at hard-to-access sources police could not likely tap into themselves," stated The Globe and Mail.

As per the commissioner's report:

What is clear, is that the RCMP did not conduct adequate due diligence to verify that the personal information provided to the RCMP by Babel X and its data providers was collected in compliance with Canadian privacy laws.

The RCMP was unwilling to commit to implementing our recommendations, including that it ceases collecting personal information via Babel X from sources that require logins or authentication to access (i.e., ones not indexable by traditional search engines that respect do-not-index tags) until it has completed a thorough review of each one for compliance with Canadian privacy laws. Therefore, this matter is unresolved, and continuing contraventions and violations of Canadians’ privacy rights may be occurring.

In addition, we found that the RCMP contravened the transparency provisions of the Act by failing to account for, in its PIB descriptions, information that it collects from what it categorizes as open sources, including social media and the dark web. While the RCMP acknowledged the need to update its PIB descriptions, it did not agree to implement our recommendation to ensure that the PIB descriptions are clear and meaningful. Consequently, the transparency component of the complaint is well-founded and not resolved.

In 2021, the RCMP got in trouble for using facial-recognition software illegally. After that, they set up the NTOP unit to check different tech they use, like software, drones, databases, algorithms, body-worn cameras, and tools for hacking cellphones.

Tabitha Peters

Journalist

COMMENTS

Be the first to comment

Please check your e-mail for a link to activate your account.