Information & Ethics Committee on Feb. 6th, 2024

Go ahead, Ms. Martel.

Thank you, Ms. Martel. You did not use all your speaking time. It's good for the committee, which will be able to ask more questions.

Mr. Brisson, you have the floor for five minutes for your opening remarks.

Thank you, Mr. Brisson. You also took less time than anticipated. That's good. The committee members will have more time to ask their questions.

We'll start our first round of questions.

Mr. Kurek, you have the floor for six minutes.

Thank you very much.

Thanks to our witnesses for joining us here today.

Certainly I, as well as members of this committee and many Canadians, were concerned when the reports in the media came out that what would be, I think, accurately interpreted as quite invasive technology was being used. Certainly there was concern, which has led to the point we're at today, in light of some erosion of trust that has taken place in regard to governmental institutions over the last number of years in particular.

I do have a couple of questions. I'm going to start on the privacy impact assessment side of things. I'll ask this to both departments.

We heard from the commissioner last week that neither of your departments has submitted privacy impact assessments. Perhaps you could, in about 30 seconds—and I'll start with DND, and then go to NRCan—describe to me where that is at, whether or not you have submitted the privacy impact assessments, and whether or not you plan to?

DND, I'll start with you.

If I'm interpreting that correctly, the process is ongoing, but you have not submitted to the Information Commissioner a PIA regarding observation of devices?

Okay.

NRCan...?

I appreciate that. I think one of the concerns we've heard is about a little bit of a disconnect. We had the commissioner last week talk about how he's happy to work with departments and agencies, yet had not received PIAs. Especially in light of hearing NRCan has procured software that would be capable of doing this, certainly, I would hope that the PIA process is ongoing and even could be done prior to the procurement of such software.

When it comes to tools capable generally of extracting personal information—I'll start with NRCan—has your department used a tool like that in the past?

Has information ever been gathered from people who are outside of the organization? I'm not talking about employees, but from people outside of the NRCan organization. Has information ever been gathered using these sorts of tools by your department?

I'll ask the same question to DND, and could I get it in 30 seconds or so?

Has it ever been used on anybody outside of DND or the Canadian Armed Forces?

Thank you.

I guess this is unsolicited advice, but especially in light of some of the media reports that have come out on this, I would hope there's a more proactive approach across departments and governments. The Information Commissioner wants to work with departments. Rebuilding some of that trust that's been lost is certainly something I would encourage all those who are...and I'll probably say it again: Let's work hard to make sure we can rebuild that trust that needs to be there with Canadians.

Thank you.

Thank you, Mr. Kurek.

Everyone's making my job really easy today. That was right on time.

Ms. Khalid, you have six minutes exactly, hopefully. Go ahead.

Oh, oh! We all have wishful thinking, Chair.

Thank you so much to our witnesses for being here today.

What I'm hoping to do is to talk to each department individually, so my questions will be similar for both of you.

First and foremost, to National Defence, what is the purpose of a privacy impact assessment to you?

Do you think it is necessary for a privacy impact assessment to be conducted within your department to ensure the trust that democracy depends on to function?

Why are we reading reports that you have not conducted a privacy impact assessment?

Are you in touch with our Privacy Commissioner to help you through that process?

What are some of the challenges that you and your department are dealing with to ensure that a PIA is conducted effectively?

Are you surveilling Canadians?

If you needed to surveil a Canadian, is there a legal process through which you would do that?

Thank you very much for that.

I'm moving on to NRCan with the same questions.

What is the purpose of privacy impact assessments to you?

How high does privacy rank within your department in terms of priorities as you conduct your operations?

Why haven't you conducted a privacy impact assessment?

Have you been in contact with the Privacy Commissioner on this privacy impact assessment challenge?

Are you surveilling Canadians?

What are the challenges your department faces in dealing with privacy when it comes to ensuring privacy for Canadians while also fulfilling your roles?

Thank you.

Thank you, Mr. Pelletier.

Mr. Villemure, you have the floor for six minutes.

Thank you, Mr. Chair.

I want to thank all the witnesses for being here. I'll ask both departments the same questions, starting with National Defence.

Ms. Martel, has your department purchased tools to collect data from mobile devices or computers?

What are these tools?

In short, what were the tools purchased for?

There are people on the networks.

The privacy impact assessment wasn't done in this case, right?

Do you agree with the Privacy Commissioner of Canada that some departments and agencies, including yours, are violating certain administrative provisions of the Privacy Act?

Do you think that following the letter of the law is enough to generate trust?

You said something earlier that surprised me. When it comes to privacy, expectations are lower.

You spoke about the expectation of privacy, which is lower in the case of a government device, for example, than…

Okay. Thank you.

I would now like to turn to you, Mr. Brisson, from the Department of Natural Resources.

As you said earlier, your department purchased tools but didn't use them. Why did you purchase the tools and why didn't you use them?

You're ready.

What level of authority is required to purchase this type of tool? Is it authorized by you, as deputy minister, or by someone lower or higher in the hierarchy?

So there are certain requirements.

What are you looking for? Employee misconduct?

What are you looking for?

Ultimately, it's about identifying misconduct.

Thank you.

Thank you, Monsieur Villemure and Monsieur Brisson.

Mr. Green, you have six minutes. Go ahead, please.

Thank you very much.

I begin my comments with Mr. Yarker. Would you agree that the spirit of this conversation is about trust?

I think it's safe to say.... Maybe I'll put this question another way. Those who are enrolled in the military, by virtue of their enrolment in the military, aren't exactly citizens. I wouldn't necessarily compare your members to members of the Department of Agriculture, for instance. Is that correct?

You did make a statement earlier, though, about it not being within your mandate to surveil Canadians.

In your role, are you a military intelligence officer?

Have you ever had any dealings with Canadian joint operations command?

How closely?

Would you have worked with them at the time when they were surveilling Black Lives Matter, back in 2021?

Again, when I talk about trust and the importance for Canadians watching to know the differences in who's mandated to do what, I find it quite shocking, quite frankly, that the Canadian military had a file on BLM, that they said they were surveilling local context for operations in Canada and that in the file they had deemed them hostile foreign actors.

As somebody who has been to many of those rallies and involved in that work, I can't help but think that maybe, at some point, I was surveilled in that way. If you're familiar with their operations, what technology would they have used to track the movements of a protest organization or protests across the country?

Is there AI technology that's used, to your knowledge, to surveil online social media activity, or is that done manually through the joint operations command?

Is there any context in which your department—and Ms. Martel, feel free to jump in on this—would use open-source information collection for social media usages by the members of the Department of National Defence?

The question is outside of your scope. I'll take that.

As I mentioned when you came in, part of our work is being at the end of the line of questioning and picking up on things that were said. I'm just making sure that it kind of aligns with my past experiences. I'm still kind of startled by the military's use in that application. If you want to report that back to your superiors to know that's still a question I have here at the privacy and ethics committee, I would love to have an answer to that.

In this work, I know that we've tried to create a distinction between an on-device information collection tool, spyware, versus this kind of forensic use. Are there also on-device applications that you use in the Department of National Defence?

Okay, so there's no ongoing monitoring that would happen.

I'll get more specific.

Are you familiar with the technology called Pegasus?

Is there anything like Pegasus—not the brand name but the application of it?

Would you have knowledge of its being used in the Department of National Defence?

That's fair enough. Thank you very much.

Heading down to both of you folks, we're making the distinction again between—and I think it's an important distinction to make—something that's used for forensic, which needs the actual physical device in hand as part of an investigation versus what is deemed to be spyware. I used the reference to Pegasus, but these are things that would be surreptitiously collecting data in real time all the time.

To your knowledge, do you ever use those types of applications within the application of federal devices?

What's the rationale then, just one more time for the sake of this committee, for the purchase of this type of forensic device?

How often do these security issues come up? Do you have a report in your departmental reporting back that we had 36 of these incidents?

Okay. At a future date, if we went in camera, is that something we could discuss without the media and the public present?

Okay. Thank you very much.

Thank you, Mr. Green and Mr. Pelletier.

That concludes our first round of questioning.

We're going to go to five, five, two and half, and two and half, starting with Mr. Brock.

Go ahead, sir.

Thank you, Chair.

Thank you, witnesses, for your attendance today.

I want to start by looking at first principles. This study essentially arose after a report by the CBC late last fall on how the Government of Canada and various departments—two of which are before the committee today—had used software and hardware to spy not only on the federal public service but on Canadians.

We found out about this particular incident probably years after the fact, and the information was obtained through an ATIP request by a professor at York University, an expert in privacy, who had some concerns about the ability of government officials to spy on employees and Canadians. He received information regarding the contracts—there were two contracts with the departments—he was reviewing. Radio-Canada received these contracts, and Radio-Canada reached out to both the departments for an explanation regarding their use of this spyware.

I wanted to lay the ground rules out, because I think doing so is important for the first question I will pose, which will be for National Resources. There appears to be a little bit of a disconnect, and I want you to help explain this particular issue. Radio-Canada reached out to your department. I don't know who it was in particular, but your department confirmed that you had the software, you had the hardware, but you had not provided the PIAs in relation to that. That's one issue.

Then I saw in a report by the CBC following the appearance of the Privacy Commissioner—this was in a report dated February 2—that National Resources Canada told the commissioner, after his appearance I would imagine, that it had bought the data extraction tools but never used them.

Why then would you tell Radio-Canada you did this, but you've never used PIAs, and then conversely tell the commissioner that you had the tools but never used them? Do you see a bit of a disconnect there?

Over the years your department has probably had instances of employee misconduct. Would that be fair to say?

Can either of you speak to that issue?

In the course of those investigations, did you ever use software and hardware similar to the ones we're talking about today?

When you used other tools, did you file a PIA?

Do you understand that there's a directive by the Treasury Board—

—that PIAs need to be adopted across the board?

Yes, you are aware of that.

Thank you, and I'm out of time.

Thank you, Chair.

Thank you, Mr. Brock.

We have Mr. Bains for five minutes.

Go ahead, please.

Thank you, Mr. Chair.

Thank you to our guests for joining us today. You all have very important roles to play.

My first question is for the Department of Natural Resources. Do you believe the data, assets and lab systems that NRCan operates are protected and secure?

What do you do to make sure that they're protected? How do you monitor and protect that?

You mentioned NRCan is adapting to an increased focus on security. Can you elaborate on some of the threats facing Canada?

Is that to our natural resources in general?

You mentioned domestic. Can you share what the domestic threat is?

Do you mean intellectual property, things like that?

What circumstances occurred that warranted the procurement of this offer?

How often are you reviewing? Is this just constant?

Are government employees made aware of when the forensic tools are used during investigations? I think that question may have been asked slightly differently.

Can you give an example maybe?

How much time do I have?

You have 15 seconds.

Okay. Thank you very much for your time.

Thank you, Mr. Bains.

Thank you, Mr. Pelletier.

Mr. Villemure, you have the floor for two and a half minutes.

Thank you, Mr. Chair.

Ms. Martel, Mr. Pelletier said earlier that there were other ways to achieve the same results. Is that also true for you?

I'm talking about other ways to achieve the same results.

Are there other less invasive ways to achieve the same results?

Can you elaborate on this?

Okay. Thank you.

Mr. Pelletier, my colleague asked you earlier whether employees know that they're being investigated with these tools. I imagine that, when people start working for you, they fill in all sorts of forms that authorize certain things. However, is that the same as clicking “I accept” when you visit a website but don't read the terms of use?

Like you, I think that makes sense, but are employees regularly reminded about security?

So, if you ended up using that particular tool, people wouldn’t be able to say they had forgotten or didn’t know it could be used. In other words, they were informed.

Very well. Thank you very much.

Thank you, Mr. Villemure.

Mr. Green, you have two and a half minutes.

Thank you.

I'm going to go back to my friend, Mr. Yarker. I want to have, in fairness, the opportunity for the public to get a sense of what risk Canada is under in terms of cybersecurity and cyber-threats.

In a succinct way, can you express the importance of the work that you do in terms of protecting our country from foreign attacks and possible disruptions, including very serious military breaches?

In some way, it's like a fourth dimension to the typical, traditional military operations. It's a complete new world with technologies that surpass most people's imaginations.

Is that fair to say?

Do you feel adequately prepared for what's out there?

I thank both you and Ms. Martel for your service to the country.

I'm going to go over to you fellows at the end of the table around the privacy impact assessment, recognizing that you haven't had to use it. What I'm trying to get out of this study, in terms of the real legislative value of it, is what the process, the systems and the steps it takes are.

You said that you bought the tech and you're prepared to use it if you need it. You said that you would do a PIA if you needed to use the tech. Why not do it in advance?

Do you have the ability, the decision-making capability, to go from this meeting and just start a PIA, or is that something you have to...?

Is that something you will commit to doing after leaving this committee?

I will take that as a commitment. I appreciate it.

Thank you, Mr. Green and Mr. Brisson.

We have time for four and four. We are going to go to Mr. Barrett. That will take us to near the top, and then we will switch over to our next panel.

Go ahead, Mr. Barrett.

Let's clarify here. There was the article that was referenced by my colleague before from the CBC. The story was from November 29, 2023. The article was “Tools capable of extracting personal data from phones being used by 13 federal departments, documents show”. Those departments listed include your departments.

General and Ms. Martel, does your department have that capability—yes or no?

Okay. You have the capability.

You said that you don't monitor individuals. You only monitor networks.

The tools capable of extracting personal data from phones, how is that monitoring a network and not monitoring an individual?

Okay.

Right. In your investigation, one of your investigative tools is to access an individual's phone. You would use this software as a tool, and part of your process would be to access an individual's phone.

Give a quick yes or no. I have limited time.

Okay. I don't think that was clear in your initial responses.

Do members have a right to privacy?

Have you used this capability on members' phones?

On phones assigned to members...?

Are members allowed to log into personal cloud-based accounts on issued phones?

Is it a violation of their terms of employment to do that?

The general said yes, and you said no, so there's obviously a disagreement even at the table. I would expect that if you surveyed members they might have differing ideas if we're not even sure at this level.

Sure.

To do government work on these phones people use messaging applications. Those messaging applications are usually the same application they use on their personal device, which would give you access to the personal information on their device.

Did you get a PIA before you first used this technology?

Did you complete the process prior to first using it?

You don't believe that you need to do a PIA before using it.

The question is very clear, Madam.

Did you or did you not complete a PIA before first using this tool? You did, or you didn't.

Okay. My question is why you think that you don't need to do it, but I'm out of time.

Your members are Canadian citizens. Canadians by your agreement have a right to privacy, and your failure to undertake a PIA is a failure to safeguard and respect the privacy of your members.

I'm sorry that I don't have more time to continue.

Thank you, Mr. Barrett.

Mr. Kelloway, you have four minutes. Go ahead, please.

Thank you, Mr. Chair.

My questions are for National Defence.

During the course of your testimony, you indicated that DND's usage of digital forensic tools complies with government policies and standards, and they are only used on an internal basis. Then, upon being issued an official departmental device, are DND employees clearly advised that their devices are subject to forensic digital tools?

Thank you for that.

Considering that National Defence officials deal with matters of the utmost national security on their official devices, do you consider it an essential security measure that DND employees are subject to digital monitoring when using their official devices?

Thank you for that. I appreciate it.

To either of you, do you know of any other national defence or national security entity within our country, or for that matter any allied nation, that ensures total privacy for employees who handle national security information?

Thank you for that.

Mr. Chair, how much time do I have left?

You have a minute and 45 seconds, but I'm going to give you an extra half-minute because Mr. Barrett took an extra half-minute.

That's very kind of you. I appreciate it.

I'm going to pivot to Natural Resources, if I can.

I'm hearing today that your digital tools were procured through Shared Services Canada and that they've never been used. I'm wondering at what point in time the department determined that a requirement existed to procure these services through Shared Services Canada.

I have one last question, if I have the time.

During the course of your testimony, Mr. Brisson, you indicated that Natural Resources uses forensic digital tools in order to mitigate threats. Are these threats solely with respect to the department's own internal systems, or does this include threats relating to Canada's natural resources?

Thank you, Mr. Chair.

Thank you, Mr. Kelloway.

On behalf of the committee, I want to thank the witnesses from our first panel: Mr. Yarker, Ms. Martel, Mr. Brisson and Mr. Pelletier.

We will suspend the meeting for a few minutes to set up the next witness panel.

Welcome back, everyone.

We're going to start our second panel.

As a reminder to all our witnesses, please be mindful of the earpieces. Keep them away from the microphones when you're speaking to protect our interpreters from any hearing damage.

I would like to welcome the witnesses appearing during the second hour of our meeting today.

From the Canada Border Services Agency, we have Mr. Aaron McCrorie, who is the vice-president, intelligence and enforcement. From Correctional Services Canada, we have France Gratton, assistant commissioner, correctional operations and programs, as well as Tony Matson, assistant commissioner and chief financial officer, corporate services.

From the Royal Canadian Mounted Police, I want to welcome Mr. Bryan Larkin, who is our deputy commissioner, specialized policing services, and Nicolas Gagné, superintendent, Royal Canadian Mounted Police.

We're going to start with opening statements of five minutes.

Mr. McCrorie, I understand that you are going first. You have five minutes. Please start.

Thank you.

Thank you, Mr. McCrorie.

Next, we'll go to Ms. Gratton.

Please go ahead for up to five minutes.

Thank you for your opening remarks, Ms. Gratton.

Mr. Larkin, you're next for up to five minutes. Go ahead, sir.

Thank you, Deputy Commissioner Larkin.

We're going to start with our first six-minute round.

Mr. Brock, you have six minutes. Go ahead, please.

Thank you, Chair.

Thank you to the witnesses for your attendance today. I'm going to start by making some opening remarks.

This story broke as a result of an ATIP from a York University professor, an expert in privacy. The data was turned over to Radio-Canada. Radio-Canada reached out to your respective departments asking if you're using the software, confirming that you're using the software, and if you had first conducted privacy impact assessments. According to their written responses, as per Radio-Canada, none did.

My first question is for the CBSA.

When did you purchase the software, sir, from Shared Services Canada?

How many times have you used this particular software in question?

Will you table with this committee a number as to how many times you used this specific software from the date of purchase?

We're talking hundreds.

We're talking about hundreds of investigations using this software and not once did your department seek out a privacy impact assessment. Is that correct?

Is it the PIA?

You understand, sir, that the PIA is not optional.

It's a directive by the Treasury Board.

When the commissioner testified last week, the commissioner reached out to your department and specifically asked you when you were going to start conducting PIAs. Your response was that you're looking into it, or you were about to start it.

What was your actual response? Are you still looking into the use of this mandated process, or have you actually started as a result of this controversy?

We have an auto theft crisis in this country. It's reaching alarming rates—so much so that the government is conducting a summit, which I believe is happening this Thursday.

The CBSA is in charge of protecting our borders. Is that correct?

Justin Trudeau's and this government's mismanagement of our federal ports has turned them into parking lots for stolen cars that then disappear overseas. For instance, the port of Montreal—where the majority of stolen cars leave Canada—only has five CBSA agents to inspect the massive volume of containers that leave each year, according to Le Journal de Montréal. They also have one X-ray scanner that constantly breaks down. The federal ports in Vancouver, Prince Rupert and Halifax tell a similar story.

According to Peel detective Mark Haywood, the CBSA checks “less than one per cent” of all containers leaving the country. We're talking thousands of containers leaving every week. Why?

With all the money the government is providing the CBSA, why are you contributing to this crisis—

I have a point of order, Chair.

What is the relevance to this study?

Thank you for the point of order. I think I've mentioned before, Ms. Damoff, that I generally give a lot of latitude to members of Parliament. I expect that Mr. Brock will come back to where we're at.

Perhaps we'll find out. He has a minute and 31 seconds left.

Mr. Brock, go ahead, please. You have the floor.

His title is “intelligence and enforcement”. This question I'm posing to him is squarely within his ability to answer.

With the hundreds of millions of dollars that the government is transferring to the CBSA to assist you in doing your work to enforce and to inspect, why has the department been so derelict in its responsibilities to inspect these containers? This clearly sends a message to the criminal underworld and the organized crime units that Canada is a haven for this type of activity.

We have law enforcement right here who I'm sure are very frustrated with your lack of attention to this issue. Please explain to law enforcement why we only have five agents.

Why?

Ask for resources.

We're telegraphing to the world that we're not inspecting the containers leaving and we're not inspecting the containers arriving. That's why we have a fentanyl crisis. We have the illicit, deadly drugs coming from Asia that are not being inspected at the ports in Vancouver.

I have a point of order, Chair.

Mr. Brock, the six minutes are up.

Thank you, sir.

Thank you.

Go ahead on your point of order, Ms. Khalid.

I just wanted to bring up that, unless auto theft is being conducted by surveillance devices, I don't see how that's relevant, Chair.

I appreciate that. Thank you.

Go ahead, Ms. Damoff.

Thank you, Chair.

Thank you to all of the witnesses for being here.

I'm just going to start with a rhetorical question. I'm wondering if Mr. Brock is suggesting that this software be used to combat auto theft. I didn't hear that work its way into his question.

Trade would come to a halt if we inspected every single shipping container that left Canada. Is that not correct?

Thank you.

Moving on to what our study is actually about, I have just a quick question.

Chair, I have a point of order.

We had two Liberal members interrupt Mr. Brock because of his line of questioning. Then Ms. Damoff continued on the exact same line of questioning.

This isn't a question, Chair, about the Standing Orders or relevance. It's about looking to disrupt a member who rightfully has the floor, who is within his time and who is asking questions and giving an opportunity to respond.

We've seen this before. If we want the meetings to descend into pure chaos, that invitation can be accepted, but now that we've seen that there are games being played, I think that the disruptions from Liberal members need to end.

Thank you, Mr. Barrett.

Again, we've been on this committee together long enough, all of us, to know that I generally give a lot of latitude to members to utilize their time in the manner in which they choose. We have subject matter experts in front of us. Yes, we are dealing with a subject. My expectation is that we are going to get back to where we need to go with that subject.

I don't like, frankly, these constant interruptions and points of order just because we don't like what somebody's saying or what a line of questioning is. That goes for all sides.

Ms. Damoff, you have five minutes and 22 seconds left. Please continue with your line of questioning.

You have the floor. Go ahead, please.

Thank you.

I need just very quick answers from all three of you. Maybe we'll start with the RCMP and work this way.

Is this software used on your employees' phones?

Thank you.

Thank you.

Thank you. My next question is for CBSA.

You talked about seized devices. If I'm going through security coming into Canada and I'm taken off to secondary screening and you seize my phone, is that an instance where you would use this software?

When it's seized and reviewed manually, is this software not used?

Okay. Thank you for that.

I think the RCMP might be best-placed to speak to this.

Can you explain the process you need to go through in order to get information from a cellphone? It's a criminal investigation. What is the process that you need to go through in order to use this software or anything else to access a phone?

There have been implications that this software is being used to access Canadians' phones. I think I'm hearing from all of you that the case is that, if this software is used for the general public.... We heard previously that there are employees who are subject to its use on their phones. None of you are in that situation, but I think, more broadly, Canadians can feel confident that you're not accessing their cellphones without following the proper judicial process.

Thank you.

Actually, having been part of an RCMP technical briefing on another issue, I would love to take you up on that. I would encourage the chair to perhaps follow up on the committee's taking advantage of the offer we've just been given.

Thank you, Ms. Damoff.

Just to advise the committee, if there is a desire, we would need a travel request on behalf of the committee to do that, which would be sent to the Liaison Committee. I believe the deadline for that is February 16. That's something for the committee to consider.

Mr. Villemure, you have the floor for six minutes.

Thank you very much, Mr. Chair.

I will address all three organizations and ask them to answer me one after the other.

During the investigation by Radio-Canada, you said you had not conducted any privacy impact assessments. Did I understand correctly?

Let’s start with you, Mr. Larkin.

Thank you.

Mr. McCrorie, I’m listening.

So it’s ongoing, but it’s not finished.

Ms. Gratton, over to you.

I see. Is that the answer you gave Radio-Canada during its investigation?

Mr. McCrorie, did you say the same thing to Radio-Canada as part of its investigation, meaning that you were following the process, or did you say no?

Did you respond to Radio-Canada in the course of its investigation?

Very well.

Mr. Larkin, I’m listening.

Very well.

Ms. Gratton, you talked earlier about proportionality when using this tool. Could you tell us more?

Would you say it’s easier to get information with the help of that tool even if, in the end, it requires authorizations that are just as hard to get?

Thank you.

Mr. McCrorie, I have the same question for you: do you use this tool because it’s easier? Is the information you get this way more reliable, even if it involves a privacy impact assessment and other processes?

I see.

Mr. Gagné, I think you have an answer for this question.

Do you use those tools to get around the password that locks the phone or to get the information on the phone?

That’s perfect.

Ms. Gratton, at this committee, we’re trying to assess different situations in order to propose legislative improvements that would lead to better public policy.

Protecting privacy is a subject that’s been on everyone’s mind for some time. People are worried. In the various testimonies we've heard at committee, people have told us that when they click “I accept” online, they don’t always know what they’re accepting. They know they want to get the software, for example, but we are realizing that education on privacy isn’t adequate.

Another of the committee’s mandates is to maintain public trust in institutions like the Royal Canadian Mounted Police, the Canada Border Services Agency and the Correctional Service of Canada.

Some articles in the media, such as those published by the CBC/Radio-Canada, can sow doubt in the public’s mind. As soon as the article in question was published, people turned to me to ask what was going on. They were worried. Do you think you can reinforce the public’s trust through this morning’s testimony on how you use technological tools?

Mr. Villemure, your witness will have to answer very quickly, because your time is up.

Very well, thank you very much.

Thank you.

Mr. Green, you have six minutes. Go ahead, please.

Thank you.

I was sharing with my colleague that I am finding it difficult to imagine that, out of the hundred-plus organizations that I just requested send us back information, we're going to see a huge deviation in the answers that we're receiving.

I think we've established—feel free to correct me if I'm wrong—that the use of this technology is an investigative use, whether it's through law enforcement agencies or through staff in terms of federal employees. I am to understand that most of you have this within the legal framework.

Have any of your agencies used it with your employees?

Okay.

Mr. McCrorie.

Ms. Gratton.

Forgive me. I'm not impugning anybody, but drones are one way that contraband comes in. It's sometimes suggested that staff are, on rare occasions, involved in bringing in contraband.

Have you ever had an occasion to investigate or use this technology with any of the corrections staff?

Is it safe to say that all of your staff are issued federally issued devices?

In your case, none of them are ever monitored in this way.

That's fair.

Notwithstanding the car thefts, I think we've established the facts, which are that this panel, which I think would have the greatest rationale for and likelihood of using this technology for investigative purposes, has provided very straightforward answers to what this is and what this isn't. I accept that.

We have all these other groups—and I'm just saying this for the purpose of the committee, not as part of the line of questioning. We have at least three or four of these meetings at two hours apiece.

We have at least six.

I'm going to put on the table right now and say that I'm struggling to find where the conclusion of this will be in terms of the value and the diminishing return on value of the questions.

I'll share with the committee that I am considering a way in which we might be able to digitally communicate with people and share with them a list of agreed-upon questions for response, because I'm not sure how another three days, six hours, eight hours or 10 hours of this is going to go. I know there are lots of people with live motions. I would also state that I'm at a point now in this committee where I'm hoping to steer it back onto our legislative schedule and away from whatever happens to have been in yesterday's headlines, to do the important work of the committee and to hopefully start to address the gaps in legislation.

I just don't know what's left here, so I'm actually done with the rest of my line of questioning.

I thank you all for being here. I don't think there's anything more that needs to be said in terms of the scope of your work. I appreciate you for it. I would say I look forward to seeing you back here again, but that's not always the case.

With that, I'll hand my time back over to the committee.

Thank you, Mr. Green. In the two minutes that you would have had left, I'd like to explain where we are right now for the benefit of the committee.

We do have another panel that's scheduled to come in on Thursday. I don't think the notice of meeting has been published at this point, but it will be by later today. Based on the list we had in the motion, the panels will consist of at least three or four of those departments.

The clerk has gathered all of the contact information regarding the motion that was passed the other day about the privacy impact assessments. We haven't done anything with that because we just received the complete list during the meeting. That takes us up to next week, when we're expected to continue with more panels based on the motion. That takes us up to the 27th, when we're going to have the RCMP commissioner and the staff sergeant come in and speak about the SNC-Lavalin motion that was passed as well.

That's where we are right now in terms of the meetings of the committee, Mr. Green.

Go ahead, sir.

The one group I'm most keenly interested in hearing from is the unions. I want to hear from the representatives, because if there's no real complaint there from the representatives of the actual federal employees, it becomes very difficult for me to pursue something that may or may not be a privacy issue. I would think that those collective agreements would have stipulated most explicitly where there would be a contravention of their privacy rights.

If it could be possible, Mr. Chair, to prioritize the invitations to our union representatives to come before this committee, for me, that would determine whether this is something I would see fit to continue to pursue.

This is a very dynamic meeting. We just received confirmation about Jennifer Carr, who was on the list, from the Professional Institute of the Public Service. She's confirmed for February 15. We may be able to advance. We've had one other confirmation from one of the unions, Mr. Green. We could adapt the meeting schedule to reflect what you said, but have the president of the Professional Institute of the Public Service, Ms. Carr.

We're still in our rounds, but I'm going to open it up for Mr. Barrett for some comments. I will open it up to Ms. Khalid or others if they have other comments as well.

Go ahead, Mr. Barrett.

I'm generally aligned with the thought that we not just have a Groundhog Day of meetings, but I do think the question of ministerial accountability is important. These PIAs are not optional, so if we're going to set a work plan to wrap this up before six meetings and Mr. Green wants to prioritize hearing from the workers' representatives, if that box is being checked, then I would say we should prioritize hearing from the people who are accountable for not having gotten the PIAs.

We should prioritize which ministers we want to hear from. I think there was a discussion about having the procurement minister or the Treasury Board minister come before committee, so we should get those on the books. Then Mr. Kurek suggested that, if we had questions for the remaining departments, perhaps we should collect those questions from all parties, set a deadline, submit them to the departments with a deadline for response and then move on.

Okay. I appreciate those comments, Mr. Barrett.

As chair I am guided by the clerk and the analysts in following the motion that was adopted by the committee. If there is a desire to take in some of the suggestions that have been proposed during this discussion, then I will need direction from the committee on just what to do in that regard.

Ms. Khalid, Mr. Villemure has ceded to you. Go ahead, please, Ms. Khalid.

I'm just going to ask the witnesses for their patience on this, because we may resume the line of questioning. We don't have much time left.

Ms. Khalid, go ahead.

Thanks very much, Chair.

I really think the issue that's been highlighted is important. I'm quite intrigued by some of the testimony we've heard thus far. I really agree with Mr. Green that we need to hear from unions and the public service.

I'll put that on my campaign poster.

I really think that, instead of ending it at this time, we should abbreviate it and see if there is something that we as a committee can recommend to ensure that privacy and privacy impact assessments have the value within our departments that they should.

At this time, I am in favour of abbreviating the study with more of a focus on unions and the public service, as Mr. Green has suggested, and going from there.

I appreciate the comments. I will tell you that the President of the Treasury Board has been invited. We're waiting for a date for that.

What I'm hearing are two sides. There is what Mr. Green has suggested, and then there is what Mr. Barrett has suggested. Mr. Green wants to hear from those who are impacted. Mr. Barrett wants to hear from those who are in charge. Perhaps the clerk and the analysts and I can collectively find a way to get to that point over the course of the next couple of meetings. The challenge we have is that we do have the meeting ready to go on Thursday, and it will involve departments as per the motion. We can continue on with that. We may abbreviate the number of meetings down from six to maybe five at this point, because this is the second one that we've had on this.

Mr. Green, I saw your hand. Go ahead, please.

We can negotiate in public with the Treasury Board president and the staff who are watching to say that, if they can be available to this committee sooner rather than later, then we can wrap it up. Otherwise, we're going to be in a scenario of having all departments come before the committee. Let's hopefully get that as a bit of an incentive for the president to come before the committee.

Here's what I would like to do then.

Mr. Green, if possible, we can continue for the next few minutes with our witnesses. I'm going to suggest that we continue with the next meeting with the departments. We will have a committee business meeting, at which I can update the committee on where we are with the witnesses. We've taken about 10 or 15 minutes on this, which I think is unfair to the witnesses who presented themselves today.

I think we have clear direction from the committee on where we want to go with this. I would ask now that we continue with our witnesses. We'll go ahead with Thursday's meeting and then have a subcommittee meeting at that point. I'll make time for that if that's okay. Then I can update you on where the President of the Treasury Board is and where some of the other witnesses that were suggested here in this discussion are. Is that fair? Are we agreed? Okay.

We have Mr. Green's round completed.

I think I have Mr. Kurek next for five minutes.

Go ahead.

We're going to have very shortened rounds here. We do have a little bit of extra time because of the suspension, but we'll have five, five, two and a half, two and a half, and then we'll conclude.

Go ahead, Mr. Kurek.

Thanks very much.

I appreciate the witnesses.

I will just give some unsolicited advice. Let's be proactive on PIAs. The commissioner came before the committee and said that he wants to work with you and that he will be as responsive as he possibly can, so let's make sure—instead of our finding out from the media and going through this rigamarole—that departments, agencies and the like are proactive. I think that will save you all a lot of these tough questions.

We had different witnesses in the first hour of this meeting who talked a lot about the potential use of this technology when it comes to employees. I know there are ECCC, NRCan and a whole host of others. You're talking about this in terms of law enforcement and its application, but I just want to, if I may, find out where you are in terms of the people who work for your departments—those within law enforcement administration. I do not mean the program specifically, because you have answered on that very clearly, but I'd like to hear from you about whether there are tools, techniques and methods through which you would observe employees and other individuals who work for you in terms of the data that could be on their devices.

Let's start with the RCMP. I'm hoping for very brief responses, because I have some other questions.

I apologize, but I'm really short on time.

Mr. McCrorie, go ahead.

I would ask you to bring that up to whoever within the CBSA is responsible for that and to ask them to provide that answer in writing to this committee. That would be very helpful.

Ms. Gratton, go ahead.

Again I would ask that you bring that up the chain and make sure to get those answers to the committee.

Mr. McCrorie, I am curious, because there has been talk about investigations. Over the course of COVID there were conversations around ArriveCAN and a whole host of instances surrounding that and about people who crossed the border during the pandemic when there were restrictions. Were these sorts of investigations ever initiated because of COVID-related enforcement?

It's very clearly limited to breaches of the Criminal Code, so for somebody who—

Okay. You're telling me—and feel free to clarify—that when it came to any COVID-related enforcement, this technology would not have been used.