:
Good morning. Thank you.
It's a pleasure to be here this morning to at least clarify what we feel is a correction that needs to be made in the PIPEDA legislation, which will allow the RCMP to collect informal information in a more congenial fashion and allow us to do our day-to-day job.
Obviously the RCMP is one of your national police forces, but it's also the uniform police service across Canada. We service eight provinces, three territories, we're in over 200 municipalities, and we're throughout Canada in over 700 locations.
However, having said that, through the feedback we're getting through our membership, the RCMP has increasingly encountered challenges with respect to the changes invoked under PIPEDA five years ago, especially when it comes to collecting information from the private sector and private organizations. which, prior to the revisions of five years ago—was freely permitted to receive, and very seldom met with any rebuttal from our colleagues.
I can tell you that in my interactions with the communities and civic duty throughout Canada over the last 33 years, I have found that we have an excellent relationship in general in a majority of cases with the communities we serve, and also with the organizations and public institutions that we request information from. That has been proven in many surveys, where our client satisfaction, which includes the business community, rates well above or close to 92% on an annual basis. So there is an element of trust between us and our service delivery.
However, there is confusion now amongst the organizations when we deal with them and ask them for information that in reality is just information at the beginning of any review or any instance whereby we receive information. It's like gathering a 1,000-piece puzzle. We really don't know what we have when we seek such information. In gathering those pieces of the puzzle they add up to a point where we feel it's either criminal or non-criminal, and then we move in to the criminal side, where search warrants and that are required. However, under PIPEDA in recent years we have found that the changes to sections 7 and 9 have made it a little more confusing for the partners we're dealing with on a day-to-day basis to ensure we prevent crime and provide safe homes and safe communities throughout Canada.
I would say that it's well publicized because of the wording in section 7 that deals with lawful authority. Many people have defined that to mean court-ordered, or court documents, and therefore they have refused to provide simple customer name and address and simple information that was obviously provided before. So there's real confusion around that terminology under section 7. We can talk about the well-publicized case in St. Thomas, Ontario, whereby a suspect was identified and an Internet service provider did provide the information without a warrant, which was under his discretion and his definition of lawful access. Therefore the police were able to glean enough information in the early stages to get a search warrant and therefore apprehend the individual, who was assaulting a very young lady.
In a recent case in British Columbia, a person with Alzheimer's disease walked off, he had a medical alert bracelet, and the people we called to glean information on that individual told us that they weren't allowed to give us the information without a court authorization. So even in a medical alert, where we deal with people who may have epilepsy and stuff like that, you need to know whom you're dealing with, even at the very front line. So it deals with members at the front line, serious crimes, child exploitation, and also the protection of other individuals.
With respect to the warrant aspects, we have had some case law whereby the information that we seek under PIPEDA really is not described as information that warrants a search warrant. It has been ruled on in three different cases in the early nineties and just before that, whereby the customer name and address are not really considered a violation of one's rights under the Charter of Rights and Freedoms.
What we're trying to do under section 7 is readjust the yardsticks, back to where they were prior to the present legislation, to get back to where the interpretation under section 7 is really about giving organizations the permission to provide us that information in the performance of our duties and at the same time transfer the risk back to us.
Obviously, a lot of organizations feel that if they provide that simple information they're putting themselves at civil risk. What we're trying to do is say, no, for them as corporate citizens—it's almost like the good Samaritan situation under first aid—it's permissible to give us that information, and we take on the risk if we misuse it and abuse it.
So one of the things we're looking at is clarity under section 7. We'd like “lawful authority” to be redefined to say that it is permissible to provide information to those acting in accordance with the performance of their duties without a court order or without any authorization from the judiciary.
As I move on to section 9, I guess the same thing could be said with respect to some of the changes whereby a person can call to find out whether information has been released. In that regard, sometimes early on in our investigations we're not sure what we're looking at.
If we're in a major city and somebody is buying two tonnes of fertilizer and we would like to know their name, I could say, for example, that if we accessed their name, we would prefer that the supplier not call the individuals to let them know we had accessed their name, because we're analyzing the information to determine where we're going with it. Also we would like the privilege of being able to instruct the organizations not to release the information until they hear from us any further on that particular issue.
Sections 7 and 9 provide basically our reason for being here today; it's to clarify and to allow us to perform our duties on a daily basis in a more informal and collaborative manner with the citizens we serve, and with the citizens by reflection—the organizations—that we seek personal information from.
I won't go through all of my speaking notes. They're in front of you today, but that is the key message I'd like to give.
I would say that there are issues around regulations about how we act. We have a lot. We have the RCMP Act, as you know; there's a code of conduct in there. If members access information for personal use, and not in line with the duties they perform on a daily basis, they can be reprimanded, they can be fined, they can be dismissed, depending on the degree to which they use the information.
That goes right down to accessing CPIC to find out whether your neighbour has an outstanding warrant or a criminal charge against them, or whether they have a criminal record. If we find out, members are reprimanded, and as to the degree of severity, we deal with our members internally.
So we have the internal one, we have the Criminal Code for abuse of process and breach of trust, we have the PIPEDA legislation, we have our Sources of Federal Government Information, which also directs us not to misuse information. We have our secret offences act; as an officer today and long after we retire, up until our death, we're not allowed to disclose information.
You also have the Public Complaints Commission. If there's an issue wherein we've abused our authorities, the public has the access to go to the Public Complaints Commission, which has full access to our files and records, to see whether we were derelict or overly aggressive or abused someone's rights under the Charter of Rights and Freedoms.
Along with my colleagues Superintendent Earla-Kim McColl and Superintendent Art Crockett, I hope today to address specific questions and give examples to heighten your awareness as to the impediments the present wording has imposed upon us, from those of a serious nature right down to those of a local nature with respect to the day-to-day operations of our law enforcement service.
:
Thank you, Mr. Chair, and thank you, officers, for giving us your presentation.
I went through this presentation and deliberations you made to us, and looked at the two perspectives you are coming from. I certainly agree with you on those. With regard to ISP providers, if you don't get that information, child abuse can be on there. On the other hand, you say if the general public had access to the information on the investigation you are undertaking, there might be circumstances where it might also benefit the public.
Can you draw a line where they have access to the information you are investigating? Air India, for example, is a perfect case scenario. PIPEDA wasn't even in effect at the time.
The grave perception in the community right now is that the RCMP and CSIS...you know, you did not have the collaboration, or there wasn't enough public access to those investigations, and we would have avoided that big incident at that time. And there might be some other cases where the public might have some access to the investigation you are undertaking.
What is your opinion on those circumstances?
:
If you are talking about open source information on the ISPs, which is available to the public, yes, you are right. It's where our tech crime people use information and analyze it to determine whether there is any criminality, whether there's a financial institution at risk, to alert them that we have seen this open source information on the Internet.
With respect to child exploitation—I'm sure the superintendent will talk about that in a minute—even as speak here at this committee, it's going on right now.
With respect to the exchange of information between CSIS and the RCMP, CSIS gathers intelligence in a less informal way, and not with respect to criminal issues within Canada. They look at national security issues when they gather information. When it becomes criminal, they will share that information, because now it moves into our mandate. Vice-versa, if we have intelligence that should be shared with them with respect to national security issues, then we have mechanisms by which we share with CSIS.
I'm in technical operations. A lot of the technical tools we develop are shared with CSIS with respect to how we use technology and surveillance and whatever. We have an excellent relationship with CSIS with respect to the MOUs in place for exchanging technical tools that allow them to do their jobs as well. It depends on the level, because each of us has a different mandate. We are law enforcement, and they are intelligence gathering for national security, whereby they brief the PCO and allow them to know of an impeding threat or a possible threat to Canadians as a whole. The RCMP, on the other hand, are guided by the various statutes and regulations along with the Criminal Code, as far as law enforcement is concerned.
I would say the collaboration in the recent arrest in Toronto would heighten the fact of how integration.... We worked well with not only CSIS but also multiple police agencies.
I hope I answered your question.
:
I've not really seen breaches. We're very cognizant of the fact that the justice system determines what evidence comes in and what evidence gets thrown out. If they feel that information we gleaned required a judicial order, they will dismiss that evidence. We have a watchdog called the justice system when we glean information or gather that open source information and informal information.
That's why I say that there comes a point in time when, all of a sudden, we've gleaned enough information to establish that there is a criminal act or a possible criminal act. Then we use that information, in reality, to write the search warrant. In other words, we can't go with the cart before the horse. What we do is we gather that information. The information we gather informally allows us to develop what we need in order to get a search warrant.
In a lot of cases, as you know, we don't know if a search warrant or a criminal act is in place. It could be just a simple issue. It could be a missing child. It could be a missing person. Or it could be under the national sex offender registry—we want to know if a certain person stayed at a hotel that day, because they shouldn't be travelling outside their jurisdiction without notifying the local authorities, because they need permission to do so. So we need to know if a pedophile stayed in a local hotel that evening, and if we don't have access to that information, or if the hotel interprets PIPEDA, under its present standing, to say that, no, we need a search warrant, well, we have no grounds for a search warrant, because we're fishing. We don't even know if the person stayed there.
I know, being before a justice of the peace.... I mean, search warrants now run eight or nine pages. A part VI could run you 1,000 pages if you want to get a wiretap.
Right now, all we're looking for is that the industry be allowed—and have a little more clarity in the wording—to say that it is permissible to provide us that information. Superintendent Crockett was one of the builders of the national sex offender registry legislation, and of course, Superintendent McColl is doing the missing children and the child exploitation. But I have proceeds-of-crime people here with me as well.
Thank you for being here this morning. I found the way you presented this to us interesting. It was clear and precise, and you cited women and children as examples. But you'll have to go further because what you're requesting in sections 9 and 7 goes much further than that.
You've presented the good side to make us aware of the issue. Ultimately, in the case of pedophiles, we could give you freedom to investigate in order to obtain information. However, that would open the door to all other investigations. However, public trust in your service has crumbled in recent years. Having read the O'Connor report, I can tell you that you're loosening the reins a little too much. Information is being shared left and right. In that sense, your service has some deficiencies.
I know your book contains disciplinary measures. However, are you going to tighten up your watch over the information given to you so that it remains in your service and can't be used or shared and that what has happened does not reoccur?
This is not the first time this kind of thing has happened. I read the document that is distributed to all members every year on complaints concerning the RCMP. It's quite thick. So there's a lot of work to do. I'd like to know what you intend to do to better protect the personal information that you're going to gather from any agency and anyone.
Thank you, witnesses.
Building on what my colleague from the Bloc was asking, my understanding was that PIPEDA under section 7 already allowed or permitted organizations to use personal information without knowledge or consent.
The change made when the Public Safety Act amended PIPEDA was that they could not only use existing information that they held in order to share it, but they could collect further information at the behest of CSIS or the RCMP. They could seek out and gather it. They could be deputized, as it were, to go out to get more information, acting as agents for the RCMP.
This is what really concerns me. When you use the word “collect”, you have the right to collect further information. The private sector organizations that would be doing it are not subject to the charter rights, wherein everyone has the right to be secure against unreasonable search and seizure. It doesn't apply to a private organization acting on the request of the RCMP.
The chilling reality, as it strikes me, is that the information collection is without knowledge and consent. The individual might never know the fundamental rights to privacy the Supreme Court has established in its interpretation of the charter could be violated by a private sector organization. You would then have absolutely no right to redress, as you would if it were a public sector institution doing an end run on rights.
I think section 7 as amended by the Public Safety Act gives an end run to charter rights. It gives the RCMP and CSIS a mechanism to take an end run. Do you not agree that this invites a tremendous abuse of individual charter and privacy rights if it's a private sector organization at the request of an enforcement agency for sketchy reasons?
It's not only to stop a pedophile or some of the issues you cited. The reasons cited are for national security, the defence of Canada, which I think we can all agree would be laudable or worthwhile initiatives, or the conduct of international affairs. The conduct of international affairs is so wide and so abstract that it could mean almost anything.
Has this come up in the context of the RCMP? Have you contemplated the impact of the word “collect” rather than the word “use”?
:
We need to be consulted before they release the information to the individual on whom we're seeking information, because of the severity or level. And sometimes it heightens one's anxiety. Oftentimes we're working on just a tip, or there's a malicious person trying to implicate somebody in something that they're not doing.
We would like the people who are providing us with the information to consult with us before they release it so they understand the severity of it. It could be life threatening, in some cases, if they call somebody and say that we're looking, because the person would know that we received the name through somebody else. We may have somebody providing information who's embedded in an organized crime group, and if we call to validate, and a person finds out that we called to seek certain information, then that person will know that somebody gave us that name, and then you have an internal issue.
So yes, we would like to be consulted before one lets a member of the general public or an organization know that we're looking into personal information. Again, it's not that we have a criminal investigation going on. We're trying to gather information. It's just the beginning. We don't even know what we're growing and what we're looking into.
You must understand that as law enforcement officers, we set off trying to prove a person's innocence. Through that gamut, at the end of the day, we determine whether they're innocent or not. We don't go to work every day thinking we're going to put people in jail. We come to work not knowing what to expect. We receive information and we act on it, and we try to gather that information informally to determine whether there is an action, or in fact whether you even have to create an investigation.
With respect to what you're saying, I just go back. If we let people release information without consulting us, it could cause serious harm to individuals, and it also could cause serious harm to, let's say, an organized crime or terrorism file that we may be just starting to ramp up.
We use a certain methodology in the RCMP called a Sleipner model to determine whether it is an organized crime group or a terrorist group. That's information that is analyzed to determine whether it's good intelligence and whether there's sufficient grounds there to warrant a search warrant and move forward with a criminal offence or a criminal charge or a criminal investigation.
What we're really talking about here is just the first seed in the ground. We don't even know what the seed is. We don't know whether it's a flower or vegetable. When we do that, oftentimes we do it for the benefit of the public, and oftentimes they call us and ask if we've done anything with that.
The information we're talking about, remember, is the very basic information. It's at a very low level, but it could spur on, within a month, a very violent scenario.
It's really a point of clarification, and I'll use this time if I can.
Going back to Mr. Martin's points that were being made, the reason I couldn't find the section was that I had the understanding that Mr. Martin was talking in terms of the availability of collecting this information under paragraph 7(3)(d), vis-à-vis foreign jurisdictions, national security, and international affairs. To be clear, that was all in the context of disclosure, not collecting.
In terms of collecting information, Mr. Martin talked in terms of how an organization can collect information, but paragraph 7(3)(d) doesn't pertain to collection. It pertains to disclosure only, so the information would have to be existing.
When we go to collection without consent, it's subsection 7(1) that applies. There's nothing in subsection 7(1) that suggests that the only reason you can collect it under subsection 7(1) is that it “is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws”. So there are limits, and under the collection of personal information, there's a test that is contained in subsection 7(1) that would apply in those cases.
Thank you, Mr. Chair.
:
There are people who cooperate very well, and there are organizations that are very helpful. But we are finding more and more that companies get support from legal counsel, who generally want to advise their clients to be risk-averse. If it's not completely clear, their advice to their client would be that if there's a risk, and it says legal authority, then go get a warrant. Then you'll be covered; so don't release anything.
We're looking at the private sector and businesses who say, I'd like to give you this, but my counsel advises that I need a warrant.
So when we try to articulate our understanding that the act is actually enabling, they refer back to reduce the risk, and until it's clear, ask for a warrant.
In some cases, it's very good, we are happy, and it works. In others, it is not working. Our problem is that because it is not clear in all cases, there is a trend to move towards being more risk-averse and to release less information.
It was not our belief that PIPEDA was meant to do that. It was not meant to be a barrier to allowing communities to get involved, but in fact it was meant to be an enabler. So we are asking that the words be changed.
Where you might see a contradiction, it's not because it affects everyone the same—in some cases very well, in some cases no.
:
Yes, and I'll talk about the Public Complaints Commission because that's the number one watchdog.
As you know, with the recent O'Connor report and stuff like that, in the near future the RCMP will have an oversight committee and a governance structure. Throughout Canada your municipal boards, police boards, and committees can take action long before it gets to the Privacy Commissioner if somebody misuses the information.
I often think we're the defenders of human rights and protect basic privileges. Along with all that oversight are the number of regulations we fall within that allow us to take immediate action against anybody who violates the trust we have been given through PIPEDA, and ask for that information. If that information is not in line with the execution of their duties, a number of regulations and guidelines allow us to discipline an individual for outright breach and, depending on the severity of what they exchanged, determine the level of sanction against the individual.
Under our new commissioner, the direction to the Privacy Commissioner on public complaints is that our books are open. They can have access to see if there's any abuse. The Auditor General, who has been in to our organization on numerous occasions, represents the best interests of Canadians as a whole. She has never identified that we've misused this type of information.
So in light of what you've asked, the answer is yes.
:
Thank you, Mr. Chairman.
Let me just start by saying that I do understand the point you've raised, and I do have some sympathy for the points you've raised, especially in the identification of pedophiles, etc. I'm trying to go beyond that, though, to explore what PIPEDA means to the RCMP in the context of, let's say, terrorist investigations, where it may be CSIS or the RCMP.
Under PIPEDA—and Mr. Stanton is correct in the chapter and verse that he cited—information collected by a private sector organization in secret, and without any constraints other than that the organization has suspicion that something is going on, that information could well be handed over to the RCMP and form the basis of a charge. Wouldn't that fit under the rubric of tainted evidence, if the information was garnered in a way that violated the individual's expectation of privacy, because he had a relationship with that company, maybe even a contractual relationship that guaranteed him the right to privacy that information wouldn't be used?
To me it opens the door, because private sector organizations don't operate under the same legal obligations as law enforcement and national security. You would have to have reasonable grounds to suspect something illegal was going on. They—the language used here—are “suspect”. So if your boss has a suspicion that you have something in your locker, that's all he needs to go on. You need something greater than that, reasonable grounds. I think that it's a slippery slope to tainted evidence, leading to possibly righteous convictions, but from a tainted evidence source.
:
From our point of view, we determine whether it's evidence or not.
We have collaborations, obviously, with the hydro sector and other major infrastructure industries that have internal corporate security. Yes, if we identify a person who has a certain affiliation with a certain group, we alert them to let them know that they should keep an eye on that individual. They may in fact work on our advice to them.
In this private-public partnership that government is trying to drive—and we're at the table all the time—as one of the concerns they have the private sector people say, “We have all this to offer, and what can you offer us?”
Going back to the original concern, we say it deals with what level of security people have within each industry. Do they meet our top secret—? Can they be held accountable under the secret offences act? That determines how close our interoperability is.
For our part, either we can alert them as to an internal operative who could bring down Hydro Ontario by throwing one switch; or they might say, we're highly suspicious of this individual, who seems to be accessing files within our system that really have nothing to do with their job. So they may gather information, but when it reaches us, we look at it, and that step becomes the footings for us now to ask whether this is an investigative time, whether this is evidence.
The crown prosecutor or the Department of Justice will look at it and weigh whether or not it's admissible or inadmissible, and we flow from that.
But yes, you're correct. If I were an investigator and knew somebody who was working on a bridge and who might want to blow up the bridge between Detroit and Windsor, I would certainly let Transport Canada know—for instance, I'd like you to keep an eye on that person, because they're affiliated with certain groups. Then they would start gathering information for their self-protection.
In the old days, we wouldn't tell the bank the robbers were coming. So the robber would come, go into the bank, put everybody at risk, and leave. Then we'd arrest him outside the door and say, there, we caught you robbing the bank. Now what we do is call the bank to let them know there's a possible—
I will return to where I left my question last time, and back to the assistant commissioner. This is a real-time example with fictitious names, and it is a very recent example.
Let's say Dow Jones's spouse got murdered, and Income Trust is a friend of this Dow Jones. An RCMP officer picks up a phone and goes to the white pages of the book. The RCMP officer picks up the phone, calls the Income Trust person, tells Income Trust that they are doing an investigation against Dow Jones, says that a murder has happened, and asks if Income Trust is friends with that person. The way I look at it is this. You said you should not be disclosing it, and that if it's disclosed it can jeopardize the investigation totally. Even though that Income Trust is not the right person, this RCMP officer just went to the white pages, and he was calling every Income Trust listed in the phone book.
The way I look at it is if this Income Trust person who was called by the RCMP goes out and tells Dow Jones that there is an investigation going on, and that they are looking for a person named Income Trust who is a friend with you, I think it is going to jeopardize the whole thing. On one side this could really be the person in that particular murder, but on the other hand if those are innocent, it can jeopardize the integrity of those two people as well.
Would you like to comment on that, under this act?