Evidence of meeting #34 for Justice and Human Rights in the 40th Parliament, 2nd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was identity.

A recording is available from Parliament.

On the agenda

MPs speaking

Also speaking

Bernard Courtois  President and Chief Executive Officer, Information Technology Association of Canada
Jennifer Stoddart  Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada
Gaylene Schellenberg  Lawyer, Legislation and Law Reform Directorate, Canadian Bar Association
Daniel MacRury  Treasurer, National Criminal Justice Section, Canadian Bar Association
Superintendent Stephen White  Director General, Financial Crime, Royal Canadian Mounted Police
Kerry Petryshyn  Officer in Charge, Major Fraud and Bankruptcy, Commercial Crime Section, Royal Canadian Mounted Police

3:30 p.m.

Conservative

The Chair Conservative Ed Fast

I call the meeting to order.

Welcome, everyone, to the 34th meeting of the Standing Committee on Justice and Human Rights. Today is Monday, September 28, 2009.

You have before you the agenda for today. You will have noticed that today we are continuing our review of Bill S-4, An Act to amend the Criminal Code (identity theft and related misconduct).

We have before us four organizations.

Just so you know, one organization cancelled. The Canadian Association of Chiefs of Police had to bow out at the last minute. That leaves us with four organizations.

First, representing the Information Technology Association of Canada, we have Bernard A. Courtois.

We also have the Office of the Privacy Commissioner of Canada. Jennifer Stoddart is the commissioner, and Carman Baggaley is the strategic policy adviser.

Representing the Canadian Bar Association, we have Gaylene Shellenberg, who is a lawyer with that organization, and also Daniel MacRury, who is the treasurer.

Finally, we have the RCMP represented. We have Chief Superintendent Stephen White and also Inspector Kerry Petryshyn.

Welcome to all of you. I think you've been told the process. Each organization has 10 minutes to present. Then we'll open the floor to questions from our members.

Mr. Courtois, please proceed. You have 10 minutes.

3:30 p.m.

Bernard Courtois President and Chief Executive Officer, Information Technology Association of Canada

Thank you, Mr. Chair.

As you mentioned, my name is Bernard Courtois. I am the President and CEO of the Information Technology Association of Canada, the national association of the information technology and communications industry. We are very interested in seeing our economy develop into a digital, Internet economy.

We've been working for quite a while on all the issues around how Canada should make sure that it secures its place for success in the way that the global economy is going, becoming an Internet economy and a digital economy. We participated, along with many other people around our industry and others, in a big forum last June on trying to set an agenda for leadership in the digital economy for Canada.

There have been numerous gatherings around this issue. Every time we get people to look at this, the whole issue of confidence in the Internet and the digital economy as an economic instrument is front and centre. Confidence means that users have to have a sense that our laws are adapted to reflect these new realities, including the new threats that have come about because of the misuse of technology.

There is no doubt that for quite some time the whole issue of identity theft and identity fraud has been identified as a very important danger to protect Canadians against. Therefore, we welcome this bill and the approach it takes to tackle this problem. This includes a number of aspects: an open-ended list of what may be involved in identity documents and so forth, along with the possibility of reviewing the bill in five years. This is an area that moves so fast, we will want to live through this experience and see whether any adjustments should be made, particularly in the area of reasonable inference and whether that is enough to really capture and catch the behaviour that we want to catch, or whether at some point the capturing of someone else's identity information is, in and of itself, a sufficient inference.

On the whole, what we're here to do is to say that our association, which represents the industry most intimately involved with creating the Internet or bringing it to Canadians and the technology that makes it work, views this bill as an important element. We are quite supportive of getting it passed as soon as possible.

Those are my introductory comments. Thank you.

3:35 p.m.

Conservative

The Chair Conservative Ed Fast

Thank you very much.

Ms. Stoddart, you have 10 minutes.

3:35 p.m.

Jennifer Stoddart Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada

Thank you very much, Mr. Chairman. I don't think I'll take 10 minutes.

I have appeared on this question several times in the past few years. I've been fairly outspoken about the problem. I'm very pleased to see that the government is taking action on it today.

Polling conducted by my office this year has revealed that one in six Canadians has experienced some form of identity theft. Over 90% of Canadians are concerned about this issue of identify theft.

As you know, identify theft is a broad term that is often used to describe a wide range of behaviour. It can include credit card fraud, it often involves pretexting--pretending to be someone else in order to purchase goods or services or obtain that person's personal information. There are also more sophisticated techniques such as skimming, which involves stealing personal information from the magnetic strips of debit and credit cards through the use of small electronic devices.

I'm sure everyone here has received numerous phishing e-mails from what appear to be reputable organizations such as banks and caisses populaires--even the Government of Canada was a victim of phishing last year--asking us to verify our account information or provide personal information to the sender.

As technology evolves, identity thieves are constantly looking for new ways to obtain personal information. Just last month a man who has been called the world's most prolific identity thief pleaded guilty in Florida to stealing tens of millions of credit and debit card records by identifying and exploiting weaknesses in retailers' wireless networks.

Identity thieves then use this personal information to withdraw money from bank accounts, obtain loans or credit cards, obtain government benefits and even take out mortgages.

We often talk about identity theft in terms of the financial cost and while victims of identity theft may suffer significant financial loss, they are also likely to feel that their privacy has been invaded.

The lessons of the past few years teach us that stronger protections are needed if privacy is to have any meaning at all in the face of contemporary challenges. Bill S-4 is a significant step in the right direction. However, it should form part of a broader-based strategy to address identity theft and identity fraud.

The recent introduction of anti-spam legislation is also an important contribution to this process. The proposed Electronic Commerce Protection Act prohibits the sending of unsolicited commercial electronic messages without consent. It includes targeted provisions against phishing and spyware, and it provides a private right of action against spammers. The Act also sets out a coordinated approach to enforcement that allows for co-operation and information sharing with foreign authorities.

So that's another piece of legislation that is already before this House.

I would like to see a similar coordinated approach to ID theft. We have the expertise and the resources. There is the PhoneBusters anti-fraud call centre operated by the RCMP, the Competition Bureau, and the Ontario Provincial Police. There are excellent resources on identity theft on the Safe Canada website set up by Public Safety Canada. Now we really need the police and regulators, the public and private sectors, and federal and provincial officials to work together.

In our recommendations for the reform of the Privacy Act we have asked for stronger regulation, including better security safeguards, and we continue to believe that broader access to the courts is important for Canadians. In the review of our private sector legislation, PIPEDA, we have similarly recommended changes that would allow us to better regulate personal information handling practices, and we have called for mandatory breach notification for the private sector. These measures would empower Canadians to prevent identity theft and motivate companies and government organizations to properly safeguard personal information under their control.

Thank you once again, Mr. Chairman, for inviting me to speak on this very important issue. I will answer any questions as best I can.

3:40 p.m.

Conservative

The Chair Conservative Ed Fast

Thank you very much.

Who will be speaking for the Canadian Bar Association?

3:40 p.m.

Gaylene Schellenberg Lawyer, Legislation and Law Reform Directorate, Canadian Bar Association

I'll begin and Dan will take over.

3:40 p.m.

Conservative

The Chair Conservative Ed Fast

Ms. Schellenberg, you have 10 minutes.

3:40 p.m.

Lawyer, Legislation and Law Reform Directorate, Canadian Bar Association

Gaylene Schellenberg

Thank you for the invitation to present the Canadian Bar Association's views on Bill S-4 to you today.

The CBA is a national association of over 37,000 members, including lawyers, notaries, law students, and academics. An important aspect of our mandate is seeking improvement in the law and the administration of justice, and it's from that perspective that we appear before you today.

With me is Dan MacRury, the current treasurer of our national criminal justice section. The section represents a balance of crowns and defence lawyers from every part of the country. Dan is a prosecutor from Sydney, Nova Scotia. I'll turn it over to him to present the substance of our submission to you.

3:40 p.m.

Daniel MacRury Treasurer, National Criminal Justice Section, Canadian Bar Association

Thank you, Mr. Chairman.

I would like to thank the honourable members for the opportunity to make a submission today on behalf of the Canadian Bar Association criminal justice section.

The Canadian Bar Association criminal justice section commends the efforts of Bill S-4 to address identity theft and related criminal activity, as these are serious problems giving rise to significant individual and societal losses. We appreciate that Bill S-4 would restrict the scope of some of the proposed new offences so as not to inadvertently capture unrelated or innocent conduct, particularly in relation to new offences concerning identity documents and information. We also support Bill S-4’s proposed removal of certain reverse onus provisions of the Criminal Code. We recommend several amendments that we believe add clarity and certainty to the proposals contained in Bill S-4.

The CBA criminal justice section's comments today are guided by three principles. One is the principle of legislative restraint. Revisions to the Criminal Code should only be made where existing provisions are inadequate. Two, any new proposals must comply with the Charter of Rights and Freedoms. Three, changes to the Criminal Code alone are generally insufficient to address serious or complex problems. To be effective, such changes must be accompanied by refinements in law enforcement practice and procedure, increased public education, or other legislative amendments.

The last observation may be particularly applicable to the problem of identity theft. The federal Privacy Commissioner and other organizations have noted that an effective response to identity theft will require a comprehensive approach, including a broad range of initiatives in addition to changes to the Criminal Code. In other words, there has to be more than one tool in the toolbox to address this serious problem.

We would like to make the following recommendations. First, Bill S-4 should be amended to expressly exclude the general provisions of attempt and counselling and certain types of de minimis behaviour.

Second, the relationship between the new offences proposed in Bill S-4 and the existing general provisions should be clarified.

Third, the proposal to prohibit possession of identity information should be amended to offer greater clarity by replacing the term “is reckless” with more explicit language.

Fourth, the exemption for certain police activities in clauses 7 and 9 of Bill S-4 should be removed.

In relation to recommendations one and two, the bill defines a new category of documents described as identity documents. It proposes a wide range of offences, including procurement, possessing, and selling social insurance numbers, drivers licences, etc. Given the combined scope of the definition and the proposed offences, we believe that the bill's proposal to add new defences to the existing concept of lawful excuse is appropriate. It is a clear attempt to restrict the reach of these provisions and is consistent with the concerns we have addressed in the past.

In spite of Bill S-4's proposed restrictions, other jurisdictions go further to restrict the reach of similar provisions in two ways. First, they expressly exclude the general provisions of attempt and counselling. Second, they expressly exclude certain types of de minimis behaviour, such as for young persons possessing identity documents to gain admission to licensed premises.

The criminal justice section recommends that Bill S-4 be amended to expressly exclude general provisions of attempt and counselling and certain de minimis behaviour. There also should be some clarity between the existing provisions and the new bill.

On our third recommendation, the section believes that the term “reckless” should be clarified. Proposed section 402.2 prohibits possession for the purpose of transmission, making available, distribution and sale, or offer for sale of that information where an individual knows, believes, or is reckless as to whether the information will be used to commit an indictable offence containing an essential element of fraud, deceit, or falsehood.

Including recklessness as a form of the mental element for this offence could be seen as responding to the Supreme Court of Canada in R. v. Hamilton. We also note concerns about the formulation, particularly as it might apply to businesses or industries that handle large volumes of such information. While the term “reckless” is used in the Criminal Code, it is not free from controversy and occasional interpretive difficulty.

To provide greater clarity and to address some of the business and industry concerns, we suggest more explicit language. For example, in R. v. Hamilton, the Supreme Court of Canada equated recklessness with “conscious disregard of the substantial and unjustified risk”.

In the Hamilton decision, the Supreme Court of Canada, at paragraph 28, stated:

The “substantial and unjustified risk” standard of recklessness has venerable roots in Canada and in other common law jurisdictions

It cited cases, and then the court went on to say:

Finally, a brief word on R. v. Sansregret.... The Court in that case defined recklessness as the conduct of “one who, aware that there is danger that his conduct could bring about the result prohibited by the criminal law, nevertheless persists, despite the risk...in other words, the conduct of one who sees the risk and who takes the chance”.... The Court, in Sansregret, did not set out the degree of risk required to attract criminal sanction.

As well, in the decision, the Supreme Court of Canada said at paragraph 33:

We have not been invited in this case to revisit Sansregret or to consider afresh the governing principles of recklessness

It is our submission today that, without clarity in the definition, the courts will have to consider afresh the governing principles of recklessness.

That deals with our concern in relation to recklessness.

Our fourth recommendation to you today deals with the exceptions for police and other official acts. Clauses 7 and 9 propose another exemption for certain activities for public officers as defined by section 25.1 of the Criminal Code. Given the existing legislative scheme, it is unclear why another exemption might be necessary. The Canadian Bar Association criminal section has strongly opposed an exemption from criminal liability for police or their agents, arguing that the law should apply to everyone, but acknowledges that the existing sections contain certain detailed procedural safeguards and reporting requirements. We see no reason the acts specified in Bill S-4 would be inadequately addressed by the existing scheme, and we are opposed to creating further exemptions of this sort.

The criminal justice section recommends that the police activities in clauses 7 and 9 of Bill S-4 be removed.

In conclusion, this section recognizes the prevalence and seriousness of identity theft. We appreciate the efforts in Bill S-4 to provide narrowly circumscribed new offences to address the issue without inadvertently capturing what should properly be non-criminal activity. To further advance this objective, we suggest some clarity in the language of the bill—for example, surrounding the mental element of recklessness, as well as a clarification of the interaction between some of the proposed offences and the attempt and counselling provisions of the code. We also appreciate the proposal to increase the use of a hybrid structure of offences to give greater flexibility and scope to prosecutorial discretion in dealing with these matters.

I would like to thank the honourable members for this opportunity this afternoon.

3:50 p.m.

Conservative

The Chair Conservative Ed Fast

Thank you very much.

We'll move on to the RCMP. Superintendent Stephen White, you have ten minutes.

3:50 p.m.

Chief Superintendent Stephen White Director General, Financial Crime, Royal Canadian Mounted Police

Thank you.

Good afternoon, Mr. Chair and honourable members of the committee. Thank you very much for inviting us to be a part of today's hearing. Here with me is Inspector Kerry Petryshyn, officer in charge of major fraud and bankruptcy within our commercial crime branch.

I appreciate having this opportunity to present the RCMP's perspective on the current state of identity theft and fraud in Canada.

White collar crimes come in many different forms, including mass marketing fraud, payment card fraud, identity theft and identity fraud, capital markets fraud, and money laundering, as a few examples. The significant growth of technology and the widespread use of computers have led to great advances in research and global communications, but they've also opened the floodgates for enterprising criminals. Technology has had a significant impact on the manner in which economic crimes are committed, their frequency, and the challenges faced by investigators dealing with this type of crime.

As businesses and financial transactions become more and more Internet dependent, new opportunities are emerging to facilitate financial crimes. Before computers and the widespread use of the Internet and other associated technology, stealing and using another person's identity was a relatively difficult crime to commit. Criminals had to invest considerable time and effort in the process, and the risks were high. To assume someone's identity, a thief had to break into a house, or steal a purse or a wallet. Today's technologically adept thieves can do just as much damage in the time it takes to swipe your bank card through the reader at a cash register.

The same technology that has made our lives more convenient by allowing us to shop from home and operate in a virtually cash-free marketplace has also given rise to countless new criminal opportunities for identity thieves.

They can now steal your personal information from the comfort of their home offices half a world away, taking advantage of everyday transactions that require people to share personal information for identification purposes.

The growing impact of identity theft and fraud is deeply troubling. A 2008 EKOS survey found that 9 out of 10 Canadians were somewhat concerned that they could be victimized by identity theft and fraud. The survey also indicated that Canadians ranked the economic crimes of fraud and identity theft as their number one concern, more troubling than terrorism, organized crime, and gang violence.

That's why we have to view economic crime as being every bit as serious as many other types of criminal activity. It is true that identity theft and fraud, for example, are less physically dangerous than many types of criminal activity; however, their social damage can be very severe and can undermine the trust that people have in their society.

The cost to a person who has had his or her identity stolen can be enormous: financial loss and the investment of hundreds of hours trying to re-establish identity and good credit all take their toll.

A recent study by McMaster University estimated that in 2008 1.7 million Canadian identity theft victims spent 20 million hours and $150 million clearing their names. Of course, individuals aren't the only victims. Stolen identities are also used to commit frauds involving government services, benefits, and official documents. Financial institutions and retailers, the foundation of our economy, suffer growing losses every year.

Evidence indicates that identity fraud isn't just committed by enterprising individuals. Organized criminal groups are also applying their considerable resources to this expanding field of opportunities.

Quantifying the damage is extremely difficult. Many instances of this type of fraud go unreported, so definitive statistics are hard to come by. PhoneBusters, the Canadian Anti-Fraud Call Centre jointly operated by the RCMP, the Ontario Provincial Police, and the Competition Bureau of Canada, can only maintain statistics on the complaints they receive. In other words, the more than 11,000 complaints received by the call centre in 2008 reflect only a small percentage of the problem.

The Canadian Council of Better Business Bureaus indicated that identity theft was the fastest growing type of fraud in North America, with the cost to consumers, banks, credit card firms, and retailers estimated to be in the billions of dollars each year.

Raising public awareness about protecting personal information is currently the best tool we have for preventing identity fraud. Along with members working in RCMP detachments across the country, members in our financial crime units make numerous presentations to educate the public on this issue.

Whether these presentations are made to businesses, government agencies, or community groups, the messages are the same: protect your personal information, shred unwanted personal documents, and be wary of suspicious e-mails. Prevention is still the best cure, but prevention can only do so much.

Identity fraud is clearly emerging as an immense problem. In consultation with key stakeholders and other law enforcement agencies, the RCMP is developing an identity fraud strategy focusing on criminal intelligence and analysis, prevention through education and awareness, and disruption and enforcement.

We are also heading up the creation of an international identity fraud working group, the objective of which is to obtain an overview of other countries' identity fraud strategies, discuss related joint priorities, and develop an international strategy.

Currently the Criminal Code does not contain specific offences pertaining to identity theft. Most Criminal Code offences relating to property crimes were enacted before computers and the Internet were even invented. While the Criminal Code addresses most fraudulent uses of personal information by identity thieves, it does not address the unauthorized collection, possession, and trafficking of personal information for the purpose of future criminal activity.

As I indicated in my opening remarks, the changing environment is one of the greatest challenges we face in our efforts to combat financial crime. The growing sophistication of this type of criminal activity is abetted by the same techniques and technologies that spur legitimate opportunities for business.

Why be reactive when we can be proactive? We must be constantly examining our environment to identify new tools that can greatly assist us in investigating white collar crime.

Bill S-4 will close legislative gaps that currently allow criminals to collect, possess, and traffic in personal identification information and documents. Legislative amendments aimed at closing the identity theft gap would help the RCMP and other law enforcement agencies protect not only individual Canadians but also the integrity of our economy. We welcome laws that will move us closer to this goal.

Mr. Chair and honourable members of this committee, that concludes my prepared remarks. Now we will be happy to answer any questions you may have.

Thank you.

3:55 p.m.

Conservative

The Chair Conservative Ed Fast

Thank you very much to all of you.

We will open the floor to questions, beginning with Mr. LeBlanc for seven minutes.

3:55 p.m.

Liberal

Dominic LeBlanc Liberal Beauséjour, NB

Thank you, Mr. Chairman.

Ladies and gentlemen, thank you all for your presentations.

As Ms. Stoddart noted, Parliament has been concerned about this issue for some time now, and with good reason. I think we have come to the point where we need to move fairly quickly to adopt this bill. I hope that we can work with colleagues to make that happen as soon as possible.

I want to ask Mr. MacRury a question about his comments and then perhaps Chief Superintendent Stephen White.

Mr. MacRury, at the beginning of your comments you said that Criminal Code amendments or changes to criminal legislation represented one tool amongst many others to deal with what is obviously a growing and serious problem with economic crime, white collar crime, and in this particular case, identity theft. What other tools would you advocate?

I know I am getting you off your script, and I may ask you about a specific amendment you suggested, but I was curious when you began by saying that it's one tool. What other tools do you think Parliament or the government could give police forces or prosecutors to clamp down on what is a growing problem?

3:55 p.m.

Treasurer, National Criminal Justice Section, Canadian Bar Association

Daniel MacRury

It is obviously in our presentation, but thank you for the question.

Obviously what was mentioned by the RCMP, which is an international strategy, is very important. I've had the opportunity of prosecuting cybercrime cases, and we might as well face the reality that these have no boundaries. So having more of an international strategy, I believe, is certainly one aspect that has to come about as well.

Also, for example, the training of police and prosecutors in this area is always important. As indicated by the others who have testified today, this is an ever-changing area. So it's important to keep up-to-date and to keep ahead of the curve.

For example, in my province, I had the opportunity of being trained about cybercrime at the district attorney school in South Carolina. Then through the auspices of Justice Canada, they trained prosecutors across the country on cybercrime.

So these types of strategies, I would submit, are certainly important. Education and prevention are important.

As somebody who has practised criminal law for over 20 years, I can personally say that we can deal with deterrence and everything else, but unfortunately, when it gets to our stage, the damage has been done. So we need to help people by educating them to watch out for these perpetrators. I think education is a very important aspect to protect Canadians.

Certainly, whatever enhancement and cooperation we can get from all sectors, as Ms. Stoddart said, is crucial.

4 p.m.

Liberal

Dominic LeBlanc Liberal Beauséjour, NB

So your point is that investments in prevention and education for those in the criminal justice system are equally important elements in fighting identity theft. It's not simply a matter of changing the Criminal Code that will solve the problem.

Did I understand you correctly?

4 p.m.

Treasurer, National Criminal Justice Section, Canadian Bar Association

Daniel MacRury

That's correct. In other words, we want to be able to cut the market off so that people don't get duped by these things. All you have to have is one victim before you. You realize, yes, you will get a conviction, and yes, you will get a sentence, but there's no doubt that their confidence in the system has been shaken.

4 p.m.

Liberal

Dominic LeBlanc Liberal Beauséjour, NB

Mr. MacRury, again, you perhaps referred to this in your comments with respect to recklessness, or maybe I inferred some element of a criminal intent, but you referred to an all-too-common example that we probably all see in our constituencies, and sometimes even in our own families, of the 18-year-old kid who wants to go out with his 19-year-old buddies to a pub and who has an ID card that may not be his own and who shows it a doorman to be able to go into the pub with his buddies. How would this provision apply to that circumstance, if it would apply at all?

4 p.m.

Treasurer, National Criminal Justice Section, Canadian Bar Association

Daniel MacRury

Well, I think it's wide enough that the legislation may apply, and that's our concern. I think this situation should specifically be excluded so it doesn't apply. This is a good piece of legislation, and you don't want someone using it too broadly and making the mistake of prosecuting somebody for that, when we have more serious individuals to go after. I guess that's our concern. Other jurisdictions have been more explicit in excluding that. I think it's important. It's in recommendations 1 and 2 in our brief.

4 p.m.

Liberal

Dominic LeBlanc Liberal Beauséjour, NB

Thank you.

Mr. Chairman, do I have any more time at all?

4 p.m.

Conservative

The Chair Conservative Ed Fast

Yes, you do. You have just under two minutes.

4 p.m.

Liberal

Dominic LeBlanc Liberal Beauséjour, NB

Thank you, Mr. Chairman.

This is a brief question, perhaps to Chief Superintendent White. What we've learned at this committee and what we've learned in conversations across the country is that police forces across the country--the RCMP obviously being the biggest one--are wrestling with the very difficult context of economic crime. We've seen in Quebec examples of white collar crime that have shaken confidence in whole sectors of the economy. We've seen it across the country. It's not only in Quebec, but it has achieved a lot of media attention there.

One thing we've heard, Chief Superintendent, is that again, Criminal Code amendments are part of the solution--tough sentencing, making it impossible to receive accelerated parole, for example. These are all things we would support. But our sense from police officers is that that alone is not enough. The police forces are asking for more resources and more tools, whether it's amending the Criminal Code with respect to electronic surveillance or modernizing some of the technology that police can access.

I'm wondering if you could very briefly tell us what other suggestions you have for this committee or for Parliament in terms of making your life easier in catching these criminals, hopefully before, as Mr. MacRury said, much damage is done.

4:05 p.m.

C/Supt Stephen White

Thank you very much.

Obviously the broader spectrum of white collar crime would bring into play a lot greater tools than the issue before us today with regards to identify theft, identify fraud. I think one of the big issues, and Mr. MacRury mentioned it, is how we can take a more comprehensive collective approach, specifically with regards to issues like identify theft and identify fraud, but even broader, expanding that out to issues like mass marketing fraud, which is still a huge problem here in Canada today and internationally. That comes down to a collective effort, especially with regards to the collection of intelligence information, the analysis of that.

Actually, if we could do a good job at that, it should lead us on two spectrums. One, the more information intelligence we can gather collectively from across the country from all law enforcement agencies and bring that together into a national central hub where we can analyze it.... Because a lot of this activity that's taken place, whether it be identify theft, identity fraud, or mass marketing fraud, is taking place from outside of Canada. None of the victims are centred in any one particular area in Canada. The whole success of people involved in this type of activity is that they target a broad scope of victims across a broad geographic area, basically right across the country.

Individually, in a lot of jurisdictions, two or three small complaints with regards to identify theft, identify fraud, for example, may not mean a whole lot to local police jurisdictions if they're prioritizing their investigations. However, if we collect that all together nationally, that's where we start to identify and see a big picture. Getting that national picture helps us to identify the large organizations that are involved in this type of activity. The stats clearly indicate that if we have millions of victims here in Canada, law enforcement will not be able to investigate all those individual complaints. The best approach I think we can take is to collectively get as much information as we can, identify the emerging issues that are coming forward with regards to identify theft and identify fraud. If we can identify them as they're emerging, then we could do a much better job in terms of awareness, education, and prevention, which should be, for all of us collectively, our ultimate goal. At the same time, if we can identify the large organizations that are involved in this and impacting Canadians, that's where we can focus and prioritize our resources.

4:05 p.m.

Conservative

The Chair Conservative Ed Fast

I'm going to have to stop you there. Thank you.

I'm just going to remind our witnesses to try to keep your answers as brief as possible. Thanks.

We'll move on to Monsieur Ménard. You have seven minutes.

4:05 p.m.

Bloc

Serge Ménard Bloc Marc-Aurèle-Fortin, QC

Thank you, Mr. Chair.

First of all, I want you all to know that I am somewhat disappointed. This is the first meeting of this committee that I have attended. In the case of the other committees, I always liked to read the witnesses' submissions before the meeting, in order to be able to ask more relevant and intelligent questions. I only received one submission in advance of this meeting, and only when I arrived here at that. That was the brief of the Canadian Bar Association. I had tremendous faith in the witnesses that they would tell us whether or not they agreed with this proposed legislation which, in our opinion, seemed necessary a priori, but initially, difficult to develop.

You can correct me if I am wrong, but as I understand it, Ms. Stoddart, the Office of the Privacy Commissioner is more or less completely satisfied with the proposed legislation. The Canadian Bar Association has suggested a few changes to us, but it is very difficult to follow along without a written text. It's so much easier with one. I also understand that law enforcement agencies are more or less prepared for this legislation.

I would like to ask a question that has long concerned me and I would appreciate a succinct answer. Twelve numbers appear on the back of our credit cards. What is the purpose of the last three digits on the back of the card that are not embossed? I used to think they had something to do with security, that basically, they were tied in some way to our relationship with the individual... People have asked me if they are required to give out these last three digits over the Internet when requested to do so.

Perhaps Mr. Courtois, an industry representative, could enlighten us.

4:05 p.m.

President and Chief Executive Officer, Information Technology Association of Canada

Bernard Courtois

The credit card system is not my particular area of expertise, but I do know that there are additional levels of security and verification. In some case, people are asked to give out only the numbers appearing on the back of the card. Occasionally, they are asked to provide the last three digits on the back of the card. In the case of somewhat more delicate transactions, the cardholder may be asked to provide some personal information that he or she shared with the financial institution when applying for the card.

These are merely additional layers of security that the person you are dealing with is relying on.