I call the meeting to order.
Welcome, everyone, to the 34th meeting of the Standing Committee on Justice and Human Rights. Today is Monday, September 28, 2009.
You have before you the agenda for today. You will have noticed that today we are continuing our review of Bill .
We have before us four organizations.
Just so you know, one organization cancelled. The Canadian Association of Chiefs of Police had to bow out at the last minute. That leaves us with four organizations.
First, representing the Information Technology Association of Canada, we have Bernard A. Courtois.
We also have the Office of the Privacy Commissioner of Canada. Jennifer Stoddart is the commissioner, and Carman Baggaley is the strategic policy adviser.
Representing the Canadian Bar Association, we have Gaylene Shellenberg, who is a lawyer with that organization, and also Daniel MacRury, who is the treasurer.
Finally, we have the RCMP represented. We have Chief Superintendent Stephen White and also Inspector Kerry Petryshyn.
Welcome to all of you. I think you've been told the process. Each organization has 10 minutes to present. Then we'll open the floor to questions from our members.
Mr. Courtois, please proceed. You have 10 minutes.
As you mentioned, my name is Bernard Courtois. I am the President and CEO of the Information Technology Association of Canada, the national association of the information technology and communications industry. We are very interested in seeing our economy develop into a digital, Internet economy.
We've been working for quite a while on all the issues around how Canada should make sure that it secures its place for success in the way that the global economy is going, becoming an Internet economy and a digital economy. We participated, along with many other people around our industry and others, in a big forum last June on trying to set an agenda for leadership in the digital economy for Canada.
There have been numerous gatherings around this issue. Every time we get people to look at this, the whole issue of confidence in the Internet and the digital economy as an economic instrument is front and centre. Confidence means that users have to have a sense that our laws are adapted to reflect these new realities, including the new threats that have come about because of the misuse of technology.
There is no doubt that for quite some time the whole issue of identity theft and identity fraud has been identified as a very important danger to protect Canadians against. Therefore, we welcome this bill and the approach it takes to tackle this problem. This includes a number of aspects: an open-ended list of what may be involved in identity documents and so forth, along with the possibility of reviewing the bill in five years. This is an area that moves so fast, we will want to live through this experience and see whether any adjustments should be made, particularly in the area of reasonable inference and whether that is enough to really capture and catch the behaviour that we want to catch, or whether at some point the capturing of someone else's identity information is, in and of itself, a sufficient inference.
On the whole, what we're here to do is to say that our association, which represents the industry most intimately involved with creating the Internet or bringing it to Canadians and the technology that makes it work, views this bill as an important element. We are quite supportive of getting it passed as soon as possible.
Those are my introductory comments. Thank you.
Thank you very much, Mr. Chairman. I don't think I'll take 10 minutes.
I have appeared on this question several times in the past few years. I've been fairly outspoken about the problem. I'm very pleased to see that the government is taking action on it today.
Polling conducted by my office this year has revealed that one in six Canadians has experienced some form of identity theft. Over 90% of Canadians are concerned about this issue of identify theft.
As you know, identify theft is a broad term that is often used to describe a wide range of behaviour. It can include credit card fraud, it often involves pretexting--pretending to be someone else in order to purchase goods or services or obtain that person's personal information. There are also more sophisticated techniques such as skimming, which involves stealing personal information from the magnetic strips of debit and credit cards through the use of small electronic devices.
I'm sure everyone here has received numerous phishing e-mails from what appear to be reputable organizations such as banks and caisses populaires--even the Government of Canada was a victim of phishing last year--asking us to verify our account information or provide personal information to the sender.
As technology evolves, identity thieves are constantly looking for new ways to obtain personal information. Just last month a man who has been called the world's most prolific identity thief pleaded guilty in Florida to stealing tens of millions of credit and debit card records by identifying and exploiting weaknesses in retailers' wireless networks.
Identity thieves then use this personal information to withdraw money from bank accounts, obtain loans or credit cards, obtain government benefits and even take out mortgages.
We often talk about identity theft in terms of the financial cost and while victims of identity theft may suffer significant financial loss, they are also likely to feel that their privacy has been invaded.
The lessons of the past few years teach us that stronger protections are needed if privacy is to have any meaning at all in the face of contemporary challenges. Bill is a significant step in the right direction. However, it should form part of a broader-based strategy to address identity theft and identity fraud.
The recent introduction of anti-spam legislation is also an important contribution to this process. The proposed Electronic Commerce Protection Act prohibits the sending of unsolicited commercial electronic messages without consent. It includes targeted provisions against phishing and spyware, and it provides a private right of action against spammers. The Act also sets out a coordinated approach to enforcement that allows for co-operation and information sharing with foreign authorities.
So that's another piece of legislation that is already before this House.
I would like to see a similar coordinated approach to ID theft. We have the expertise and the resources. There is the PhoneBusters anti-fraud call centre operated by the RCMP, the Competition Bureau, and the Ontario Provincial Police. There are excellent resources on identity theft on the Safe Canada website set up by Public Safety Canada. Now we really need the police and regulators, the public and private sectors, and federal and provincial officials to work together.
In our recommendations for the reform of the Privacy Act we have asked for stronger regulation, including better security safeguards, and we continue to believe that broader access to the courts is important for Canadians. In the review of our private sector legislation, PIPEDA, we have similarly recommended changes that would allow us to better regulate personal information handling practices, and we have called for mandatory breach notification for the private sector. These measures would empower Canadians to prevent identity theft and motivate companies and government organizations to properly safeguard personal information under their control.
Thank you once again, Mr. Chairman, for inviting me to speak on this very important issue. I will answer any questions as best I can.
Thank you, Mr. Chairman.
I would like to thank the honourable members for the opportunity to make a submission today on behalf of the Canadian Bar Association criminal justice section.
The Canadian Bar Association criminal justice section commends the efforts of Bill to address identity theft and related criminal activity, as these are serious problems giving rise to significant individual and societal losses. We appreciate that Bill S-4 would restrict the scope of some of the proposed new offences so as not to inadvertently capture unrelated or innocent conduct, particularly in relation to new offences concerning identity documents and information. We also support Bill S-4’s proposed removal of certain reverse onus provisions of the Criminal Code. We recommend several amendments that we believe add clarity and certainty to the proposals contained in Bill S-4.
The CBA criminal justice section's comments today are guided by three principles. One is the principle of legislative restraint. Revisions to the Criminal Code should only be made where existing provisions are inadequate. Two, any new proposals must comply with the Charter of Rights and Freedoms. Three, changes to the Criminal Code alone are generally insufficient to address serious or complex problems. To be effective, such changes must be accompanied by refinements in law enforcement practice and procedure, increased public education, or other legislative amendments.
The last observation may be particularly applicable to the problem of identity theft. The federal Privacy Commissioner and other organizations have noted that an effective response to identity theft will require a comprehensive approach, including a broad range of initiatives in addition to changes to the Criminal Code. In other words, there has to be more than one tool in the toolbox to address this serious problem.
We would like to make the following recommendations. First, Bill should be amended to expressly exclude the general provisions of attempt and counselling and certain types of de minimis behaviour.
Second, the relationship between the new offences proposed in Bill S-4 and the existing general provisions should be clarified.
Third, the proposal to prohibit possession of identity information should be amended to offer greater clarity by replacing the term “is reckless” with more explicit language.
Fourth, the exemption for certain police activities in clauses 7 and 9 of Bill S-4 should be removed.
In relation to recommendations one and two, the bill defines a new category of documents described as identity documents. It proposes a wide range of offences, including procurement, possessing, and selling social insurance numbers, drivers licences, etc. Given the combined scope of the definition and the proposed offences, we believe that the bill's proposal to add new defences to the existing concept of lawful excuse is appropriate. It is a clear attempt to restrict the reach of these provisions and is consistent with the concerns we have addressed in the past.
In spite of Bill 's proposed restrictions, other jurisdictions go further to restrict the reach of similar provisions in two ways. First, they expressly exclude the general provisions of attempt and counselling. Second, they expressly exclude certain types of de minimis behaviour, such as for young persons possessing identity documents to gain admission to licensed premises.
The criminal justice section recommends that Bill S-4 be amended to expressly exclude general provisions of attempt and counselling and certain de minimis behaviour. There also should be some clarity between the existing provisions and the new bill.
On our third recommendation, the section believes that the term “reckless” should be clarified. Proposed section 402.2 prohibits possession for the purpose of transmission, making available, distribution and sale, or offer for sale of that information where an individual knows, believes, or is reckless as to whether the information will be used to commit an indictable offence containing an essential element of fraud, deceit, or falsehood.
Including recklessness as a form of the mental element for this offence could be seen as responding to the Supreme Court of Canada in R. v. Hamilton. We also note concerns about the formulation, particularly as it might apply to businesses or industries that handle large volumes of such information. While the term “reckless” is used in the Criminal Code, it is not free from controversy and occasional interpretive difficulty.
To provide greater clarity and to address some of the business and industry concerns, we suggest more explicit language. For example, in R. v. Hamilton, the Supreme Court of Canada equated recklessness with “conscious disregard of the substantial and unjustified risk”.
In the Hamilton decision, the Supreme Court of Canada, at paragraph 28, stated:
|| The “substantial and unjustified risk” standard of recklessness has venerable roots in Canada and in other common law jurisdictions
It cited cases, and then the court went on to say:
|| Finally, a brief word on R. v. Sansregret.... The Court in that case defined recklessness as the conduct of “one who, aware that there is danger that his conduct could bring about the result prohibited by the criminal law, nevertheless persists, despite the risk...in other words, the conduct of one who sees the risk and who takes the chance”.... The Court, in Sansregret, did not set out the degree of risk required to attract criminal sanction.
As well, in the decision, the Supreme Court of Canada said at paragraph 33:
||We have not been invited in this case to revisit Sansregret or to consider afresh the governing principles of recklessness
It is our submission today that, without clarity in the definition, the courts will have to consider afresh the governing principles of recklessness.
That deals with our concern in relation to recklessness.
Our fourth recommendation to you today deals with the exceptions for police and other official acts. Clauses 7 and 9 propose another exemption for certain activities for public officers as defined by section 25.1 of the Criminal Code. Given the existing legislative scheme, it is unclear why another exemption might be necessary. The Canadian Bar Association criminal section has strongly opposed an exemption from criminal liability for police or their agents, arguing that the law should apply to everyone, but acknowledges that the existing sections contain certain detailed procedural safeguards and reporting requirements. We see no reason the acts specified in Bill would be inadequately addressed by the existing scheme, and we are opposed to creating further exemptions of this sort.
The criminal justice section recommends that the police activities in clauses 7 and 9 of Bill be removed.
In conclusion, this section recognizes the prevalence and seriousness of identity theft. We appreciate the efforts in Bill to provide narrowly circumscribed new offences to address the issue without inadvertently capturing what should properly be non-criminal activity. To further advance this objective, we suggest some clarity in the language of the bill—for example, surrounding the mental element of recklessness, as well as a clarification of the interaction between some of the proposed offences and the attempt and counselling provisions of the code. We also appreciate the proposal to increase the use of a hybrid structure of offences to give greater flexibility and scope to prosecutorial discretion in dealing with these matters.
I would like to thank the honourable members for this opportunity this afternoon.
Good afternoon, Mr. Chair and honourable members of the committee. Thank you very much for inviting us to be a part of today's hearing. Here with me is Inspector Kerry Petryshyn, officer in charge of major fraud and bankruptcy within our commercial crime branch.
I appreciate having this opportunity to present the RCMP's perspective on the current state of identity theft and fraud in Canada.
White collar crimes come in many different forms, including mass marketing fraud, payment card fraud, identity theft and identity fraud, capital markets fraud, and money laundering, as a few examples. The significant growth of technology and the widespread use of computers have led to great advances in research and global communications, but they've also opened the floodgates for enterprising criminals. Technology has had a significant impact on the manner in which economic crimes are committed, their frequency, and the challenges faced by investigators dealing with this type of crime.
As businesses and financial transactions become more and more Internet dependent, new opportunities are emerging to facilitate financial crimes. Before computers and the widespread use of the Internet and other associated technology, stealing and using another person's identity was a relatively difficult crime to commit. Criminals had to invest considerable time and effort in the process, and the risks were high. To assume someone's identity, a thief had to break into a house, or steal a purse or a wallet. Today's technologically adept thieves can do just as much damage in the time it takes to swipe your bank card through the reader at a cash register.
The same technology that has made our lives more convenient by allowing us to shop from home and operate in a virtually cash-free marketplace has also given rise to countless new criminal opportunities for identity thieves.
They can now steal your personal information from the comfort of their home offices half a world away, taking advantage of everyday transactions that require people to share personal information for identification purposes.
The growing impact of identity theft and fraud is deeply troubling. A 2008 EKOS survey found that 9 out of 10 Canadians were somewhat concerned that they could be victimized by identity theft and fraud. The survey also indicated that Canadians ranked the economic crimes of fraud and identity theft as their number one concern, more troubling than terrorism, organized crime, and gang violence.
That's why we have to view economic crime as being every bit as serious as many other types of criminal activity. It is true that identity theft and fraud, for example, are less physically dangerous than many types of criminal activity; however, their social damage can be very severe and can undermine the trust that people have in their society.
The cost to a person who has had his or her identity stolen can be enormous: financial loss and the investment of hundreds of hours trying to re-establish identity and good credit all take their toll.
A recent study by McMaster University estimated that in 2008 1.7 million Canadian identity theft victims spent 20 million hours and $150 million clearing their names. Of course, individuals aren't the only victims. Stolen identities are also used to commit frauds involving government services, benefits, and official documents. Financial institutions and retailers, the foundation of our economy, suffer growing losses every year.
Evidence indicates that identity fraud isn't just committed by enterprising individuals. Organized criminal groups are also applying their considerable resources to this expanding field of opportunities.
Quantifying the damage is extremely difficult. Many instances of this type of fraud go unreported, so definitive statistics are hard to come by. PhoneBusters, the Canadian Anti-Fraud Call Centre jointly operated by the RCMP, the Ontario Provincial Police, and the Competition Bureau of Canada, can only maintain statistics on the complaints they receive. In other words, the more than 11,000 complaints received by the call centre in 2008 reflect only a small percentage of the problem.
The Canadian Council of Better Business Bureaus indicated that identity theft was the fastest growing type of fraud in North America, with the cost to consumers, banks, credit card firms, and retailers estimated to be in the billions of dollars each year.
Raising public awareness about protecting personal information is currently the best tool we have for preventing identity fraud. Along with members working in RCMP detachments across the country, members in our financial crime units make numerous presentations to educate the public on this issue.
Whether these presentations are made to businesses, government agencies, or community groups, the messages are the same: protect your personal information, shred unwanted personal documents, and be wary of suspicious e-mails. Prevention is still the best cure, but prevention can only do so much.
Identity fraud is clearly emerging as an immense problem. In consultation with key stakeholders and other law enforcement agencies, the RCMP is developing an identity fraud strategy focusing on criminal intelligence and analysis, prevention through education and awareness, and disruption and enforcement.
We are also heading up the creation of an international identity fraud working group, the objective of which is to obtain an overview of other countries' identity fraud strategies, discuss related joint priorities, and develop an international strategy.
Currently the Criminal Code does not contain specific offences pertaining to identity theft. Most Criminal Code offences relating to property crimes were enacted before computers and the Internet were even invented. While the Criminal Code addresses most fraudulent uses of personal information by identity thieves, it does not address the unauthorized collection, possession, and trafficking of personal information for the purpose of future criminal activity.
As I indicated in my opening remarks, the changing environment is one of the greatest challenges we face in our efforts to combat financial crime. The growing sophistication of this type of criminal activity is abetted by the same techniques and technologies that spur legitimate opportunities for business.
Why be reactive when we can be proactive? We must be constantly examining our environment to identify new tools that can greatly assist us in investigating white collar crime.
Bill will close legislative gaps that currently allow criminals to collect, possess, and traffic in personal identification information and documents. Legislative amendments aimed at closing the identity theft gap would help the RCMP and other law enforcement agencies protect not only individual Canadians but also the integrity of our economy. We welcome laws that will move us closer to this goal.
Mr. Chair and honourable members of this committee, that concludes my prepared remarks. Now we will be happy to answer any questions you may have.
Thank you, Mr. Chairman.
Ladies and gentlemen, thank you all for your presentations.
As Ms. Stoddart noted, Parliament has been concerned about this issue for some time now, and with good reason. I think we have come to the point where we need to move fairly quickly to adopt this bill. I hope that we can work with colleagues to make that happen as soon as possible.
I want to ask Mr. MacRury a question about his comments and then perhaps Chief Superintendent Stephen White.
Mr. MacRury, at the beginning of your comments you said that Criminal Code amendments or changes to criminal legislation represented one tool amongst many others to deal with what is obviously a growing and serious problem with economic crime, white collar crime, and in this particular case, identity theft. What other tools would you advocate?
I know I am getting you off your script, and I may ask you about a specific amendment you suggested, but I was curious when you began by saying that it's one tool. What other tools do you think Parliament or the government could give police forces or prosecutors to clamp down on what is a growing problem?
It is obviously in our presentation, but thank you for the question.
Obviously what was mentioned by the RCMP, which is an international strategy, is very important. I've had the opportunity of prosecuting cybercrime cases, and we might as well face the reality that these have no boundaries. So having more of an international strategy, I believe, is certainly one aspect that has to come about as well.
Also, for example, the training of police and prosecutors in this area is always important. As indicated by the others who have testified today, this is an ever-changing area. So it's important to keep up-to-date and to keep ahead of the curve.
For example, in my province, I had the opportunity of being trained about cybercrime at the district attorney school in South Carolina. Then through the auspices of Justice Canada, they trained prosecutors across the country on cybercrime.
So these types of strategies, I would submit, are certainly important. Education and prevention are important.
As somebody who has practised criminal law for over 20 years, I can personally say that we can deal with deterrence and everything else, but unfortunately, when it gets to our stage, the damage has been done. So we need to help people by educating them to watch out for these perpetrators. I think education is a very important aspect to protect Canadians.
Certainly, whatever enhancement and cooperation we can get from all sectors, as Ms. Stoddart said, is crucial.
Thank you, Mr. Chairman.
This is a brief question, perhaps to Chief Superintendent White. What we've learned at this committee and what we've learned in conversations across the country is that police forces across the country--the RCMP obviously being the biggest one--are wrestling with the very difficult context of economic crime. We've seen in Quebec examples of white collar crime that have shaken confidence in whole sectors of the economy. We've seen it across the country. It's not only in Quebec, but it has achieved a lot of media attention there.
One thing we've heard, Chief Superintendent, is that again, Criminal Code amendments are part of the solution--tough sentencing, making it impossible to receive accelerated parole, for example. These are all things we would support. But our sense from police officers is that that alone is not enough. The police forces are asking for more resources and more tools, whether it's amending the Criminal Code with respect to electronic surveillance or modernizing some of the technology that police can access.
I'm wondering if you could very briefly tell us what other suggestions you have for this committee or for Parliament in terms of making your life easier in catching these criminals, hopefully before, as Mr. MacRury said, much damage is done.
Obviously the broader spectrum of white collar crime would bring into play a lot greater tools than the issue before us today with regards to identify theft, identify fraud. I think one of the big issues, and Mr. MacRury mentioned it, is how we can take a more comprehensive collective approach, specifically with regards to issues like identify theft and identify fraud, but even broader, expanding that out to issues like mass marketing fraud, which is still a huge problem here in Canada today and internationally. That comes down to a collective effort, especially with regards to the collection of intelligence information, the analysis of that.
Actually, if we could do a good job at that, it should lead us on two spectrums. One, the more information intelligence we can gather collectively from across the country from all law enforcement agencies and bring that together into a national central hub where we can analyze it.... Because a lot of this activity that's taken place, whether it be identify theft, identity fraud, or mass marketing fraud, is taking place from outside of Canada. None of the victims are centred in any one particular area in Canada. The whole success of people involved in this type of activity is that they target a broad scope of victims across a broad geographic area, basically right across the country.
Individually, in a lot of jurisdictions, two or three small complaints with regards to identify theft, identify fraud, for example, may not mean a whole lot to local police jurisdictions if they're prioritizing their investigations. However, if we collect that all together nationally, that's where we start to identify and see a big picture. Getting that national picture helps us to identify the large organizations that are involved in this type of activity. The stats clearly indicate that if we have millions of victims here in Canada, law enforcement will not be able to investigate all those individual complaints. The best approach I think we can take is to collectively get as much information as we can, identify the emerging issues that are coming forward with regards to identify theft and identify fraud. If we can identify them as they're emerging, then we could do a much better job in terms of awareness, education, and prevention, which should be, for all of us collectively, our ultimate goal. At the same time, if we can identify the large organizations that are involved in this and impacting Canadians, that's where we can focus and prioritize our resources.
First of all, I want you all to know that I am somewhat disappointed. This is the first meeting of this committee that I have attended. In the case of the other committees, I always liked to read the witnesses' submissions before the meeting, in order to be able to ask more relevant and intelligent questions. I only received one submission in advance of this meeting, and only when I arrived here at that. That was the brief of the Canadian Bar Association. I had tremendous faith in the witnesses that they would tell us whether or not they agreed with this proposed legislation which, in our opinion, seemed necessary a priori, but initially, difficult to develop.
You can correct me if I am wrong, but as I understand it, Ms. Stoddart, the Office of the Privacy Commissioner is more or less completely satisfied with the proposed legislation. The Canadian Bar Association has suggested a few changes to us, but it is very difficult to follow along without a written text. It's so much easier with one. I also understand that law enforcement agencies are more or less prepared for this legislation.
I would like to ask a question that has long concerned me and I would appreciate a succinct answer. Twelve numbers appear on the back of our credit cards. What is the purpose of the last three digits on the back of the card that are not embossed? I used to think they had something to do with security, that basically, they were tied in some way to our relationship with the individual... People have asked me if they are required to give out these last three digits over the Internet when requested to do so.
Perhaps Mr. Courtois, an industry representative, could enlighten us.
I would be very happy if you would follow up on this for me. I'm not asking you to reveal any confidential information. RCMP operations will not be affected. I would greatly appreciate it if you could let me know how many people are employed in your largest unit and in your specialized informatics unit.
I would like to read the Canadian Bar Association's submission. However, as I recall, the changes that you are proposing are few and relatively minor. Basically, as I understand it, you, the experts, are satisfied with the proposed legislation and believe that we should move to adopt it as quickly as possible. Is that right?
I have one final comment. Back in 2000, I was struck by a television program that I saw. It showed the CBC interviewing some people back in 1950. They were asked to give their predictions for the year 2000. Many predicted that people would be travelling to the moon and into space. They predicted honeymoons spent in zero gravity conditions, video phones and all kinds of things. A lieutenant in the French navy was also interviewed. I really don't know why he was, but he gave the best prediction of all. He predicted that computers would transform our lives by the year 2000. He was spot on with his prediction.
I still bragged about being computer illiterate in 1996. Since then, I have made an effort to improve my skills and I will admit that I couldn't do without my computer today. However, I do get the impression that some of the information that I transmit via my computer could become public knowledge. My banking transactions are conducted strictly with my bank. I feel that if I start to transfer sums of money from one bank to another, I could be a victim of theft. Am I cautious enough? I agree that it's a marvellous tool for paying bills. So far, I have not had any unpleasant experiences. However, I think that if I were to start transferring funds from one bank to another, then I would be putting myself at risk. I've just read an excellent novel by the name of Millénium that deals with this very subject. Has anyone else read it?
I'd like to thank you all for being here.
Mr. MacRury, the point you raised with regard to clauses 7 and 9 is the same point that I had raised with the minister and the officials when they were here. The justification we got, particularly with regard to proposed section 368.2, was that they specifically wanted to exclude it from section 25 of the code because they would be using it so often. The paperwork of having to report it would become so difficult that they may in fact not use the technique, one of the tools.
I must admit that I didn't catch it at the time, but I wasn't sure, after I thought about the answers later--this was one of those bright thoughts you have after the fact rather than at the time--how they would know that in terms of how often they would use it. Superintendent White or Inspector Petryshyn, you might be able to make some comment on that. From your experience with prosecutions, perhaps, does that make sense?
Finally, on the same point, Ms. Stoddart, again I think I missed the significance of what's in clause 7. It's not just police forces who would be asking this; it's also the Canadian Forces, along with the department or agency of a federal or provincial government. Any one of those agencies can now ask for a forged document, in effect, to be created. I'm just wondering if you would have any concerns about the potential for abuse there, given that you have such a broad scope of agencies who might in fact be asking for that.
Mr. MacRury, perhaps I can start with you, please.
Very briefly, I don't have problems with clause 7. I'm not a criminal lawyer, but this opinion is based on a few things.
One is that in the years in which I've been Privacy Commissioner I have been continually amazed by the sophistication of the privacy breaches that we see. There are links to organized crime, to international organizations, and the difficulty for all our societies to come to grips with them. We've been involved in one of these international cases ourselves, and so on.
Secondly, I read that this paragraph is limited to those who act in good faith, which seems to me to put an important qualifier on it.
Thirdly, my understanding is that in many areas of the law it is necessary to use, let's say, forged documents, or what others say are forged documents, in order to set up a situation to prove a misdemeanour or an infraction of civil law. Certainly in the years I worked in human rights legislation it was a well-known fact that you could use testing to prove that, for example, certain types of housing are not rented to certain types of citizens, whether it be on the basis of their race or the fact that they have children, and so on. So it does not seem to me inherently offensive that we use to further the public good a document that was produced specially and would otherwise fall afoul of the other provisions of the act.
Thank you very much, Mr. Chair; and thank you to the witnesses for being here today.
I'm usually, and in this instance, particularly concerned about victims. They are the people who seem to be least considered when legislation is being formed. But in Bill , as far as I'm concerned, the victim seems to be the primary concern, and that's a refreshing change.
This question is primarily for the RCMP, but Ms. Stoddart, please feel free to interject should you have something to add that you feel is pertinent.
What I particularly like about this bill is that it contains a provision where offenders will be required to pay restitution to the victims of identity theft and fraud when it comes to the costs of reclaiming their own identity. As I've mentioned, this is a welcome provision.
Having been recently a victim with one of my credit cards being cloned, I can say it didn't cost me anything directly, but we all have to be adult enough to know that when the credit card companies suffer a loss, guess who ends up paying for that loss: it is each and every one of us. So as we attempt to mine out these organizations, these criminal enterprises, and go after them, I believe this is a welcome provision.
By the way, I recently saw some numbers on the cost of identity theft, and I think it was conservatively estimated, just for Canada alone, at about $2 billion a year. Again, because of its nature, we don't know, but $2 billion as a conservative estimate means it's probably closer to $4 million or $5 million, I suspect.
Chief Superintendent and Inspector, in your experience, what kinds of hardship will a person who is victimized by identity theft face, and how likely are they to recoup anything? I ask that not to be facetious or anything. I know much of it will be anecdotal, when you speak to members who are in the field, etc.
Perhaps Ms. Stoddart can then also comment from her perspective.
Thank you for your questions, honourable member, I think they go to the heart of why I'm supporting this bill. We do see provisions, unusually--this is a growing trend in Canadian law--for compensation to the victim and not just to the crown.
The issue of damages in the work we do, which is not criminal work, as the RCMP have explained, does vary widely and depends on the harm. Some people may have misuse of their personal information, but it's very hard for them to prove what harm they suffered, even emotional harm in some cases. It's a very broad range. Usually, in our experience, in that case the organization that mishandled the personal information--remember we are dealing with privacy matters, not with criminal issues--will restitute the amount of the loss and usually a bit more in terms of a moral compensation to the victim once this is proved by our investigation process.
The issue you raised that all Canadians indirectly bear the costs of credit card fraud is one I'm very happy to see you raise. I have spoken about this very much in the past few years. I thought that I'd just add to your deliberations today.
I mentioned one of the world's greatest computer fraud artists who has just been convicted. He was involved in the data theft at TJX, which my office investigated with the Alberta commissioner's office two years ago. We were the first body in the world to make our investigations known. He has been charged in the United States with a 19-count indictment that includes conspiracy, wire fraud, and aggravated identity theft charges under an agreement with the prosecutors. This was in late August. He'll face a maximum of 25 years in prison and will forfeit more than $2.8 million in cash. Unlike in some of the other examples that Inspector Petryshyn gave us, it seems that he had quite a few assets that could be liquidated in order to restitute his victims.
Thank you very much, Mr. Chair.
This afternoon I heard the Privacy Commissioner reiterate something I found in a May 28, 2009, statement she made, to the effect that one in six Canadians have experienced some form of identity theft. That same report also indicated that over 90% of Canadians are concerned about identity theft.
I know this bill is substantially the same as Bill from the last session.
I've seen reports from PhoneBusters that in 2007 $6 million was lost to identity theft, and up until October 31, 2008, $8 million was lost. I've seen reports that Canadian banks and credit companies estimate that we lost $2 billion per annum. There are 1.7 million victims. So I was really pleased to hear comments from the Liberal member, Mr. LeBlanc, and also from the Bloc member, Monsieur Ménard, to the effect they think we need to pass this bill quickly.
I think Canadians can be glad that we have a government that has taken this problem seriously. It is a crime of the 21st century, it's been said, and I'm glad we have a justice minister who has taken it seriously.
Thank you to all of the witnesses.
I'm grateful for your attendance today. In particular, I admire Mr. MacRury as a good example of a prosecutor who knows that in law there is not a defence side or a prosecution side, but only justice, because some of the recommendations in the CBA report are what I would otherwise think of as defence recommendations.
I would like to focus in particular on the recommendation made on page 3 of the brief.
I will start with a question for Mr. MacRury about what is called de minimus behaviour in his brief, which is very close to the legal concept we have in our common law courts of de minimis. I am thinking that a lawyers' organization like the CBA would not likely toss out a term that is so similar, unless it might be intending to refer to the same thing; but I'm not sure, and I would like to know, to begin with, if in that recommendation you are talking about what a lawyer in the common law system would refer to as de minimis conduct in a criminal case.
Good day, sirs. My question is directly mainly to the RCMP representatives. I may also have a question for Ms. Stoddart regarding a specific matter
Most likely you have read the bill now before the committee. I want to be certain that you understand me. Consider the following example. Some people have obtained and used a Quebec health insurance card, even though they do not live in this country. I'm sure you read about this in the newspapers. Thousands of people managed to obtain a health insurance card that entitled them to received free medical services paid by the residents of Quebec, even though they did not live in Quebec.
First of all, I would like to know if the bill will apply to fraud cases of this nature.
Secondly, we have another problem, one that is also occurring in Quebec. I'm not talking about Ontario, even though it has experienced the same thing. Foreigners managed to obtain social insurance cards that entitled them to receive a certain amount every month as well as free services. We are not dealing with identity theft in such cases. These individuals used the system fully to obtain benefits. You understand the difference.
Would the bill make it easier for the provinces or the federal government to take action against these individuals?
Thank you very much, Mr. Chairman, and to all our witnesses.
Like Mr. Norlock, my question here is going to be on the theme of victims' rights or lack thereof. I've always felt that in a lot of our laws made by lawmakers like ourselves and enforced very questionably sometimes by our judges, the criminal's rights seem to be looked after more than the victim's rights.
This came about when I heard the comments on, I believe, section 25 and another section. I apologize if I don't have the right numbers. Mr. MacRury, you seem to have a problem with some of the aspects of that, which surprises me, because I strongly believe we should be giving the police all the tools they need.
I know in an example up in my own area of Owen Sound just a couple of years ago, police out doing regular patrols at 3 o'clock in the morning found a suspicious vehicle, which turned out to be loaded right to the roof with marijuana. That case got thrown out of court because of improper search and seizure. The public still shakes their head at that one. So I'm all in favour of anything we can do to give the police the tools they need.
We talk about the recouping of properties, or whatever, in order to reimburse the victims. If, under bankruptcy laws, a corporation or company can protect individuals from losing their personal property, does the same thing apply here under this law, when you can confiscate properties and what have you? I apologize if it sounds like a foolish question, but I'm not a lawyer, and I'd like to know if those same protections are there. I hope they're not, but I'd like to hear your comments on it.
Can a member of an organization be protected under the law if his organization, and he's a known member of it, commits a fraud?