Evidence of meeting #102 for Access to Information, Privacy and Ethics in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was pia.
A recording is available from Parliament.
Noon
Chief Enforcement Officer, Department of the Environment
We expect to have the privacy impact assessment associated with this technology completed by the end of the coming fiscal year.
Noon
Liberal
Noon
Conservative
The Chair Conservative John Brassard
Thank you, Ms. Khalid.
That concludes our first panel.
I want to thank Mr. Walker, Ms. Rogers, Mr. Napier and Mr. Ryan for appearing before the committee on this important subject.
We are going to suspend for a couple of minutes and go to the next panel. The meeting is suspended.
12:05 p.m.
Conservative
The Chair Conservative John Brassard
I call the meeting back to order for our second hour today.
I'd like to welcome our witnesses. From the Canada Revenue Agency, we have Eric Ferron, director general, criminal investigations directorate, compliance programs branch; and Anne Marie Laurin, acting director general and deputy chief privacy officer, access to information and privacy directorate, public affairs branch. From the Canadian Radio-television and Telecommunications Commission, we have Steven Harroun, chief compliance and enforcement officer; and Anthony McIntyre, general counsel and deputy executive director, legal services.
We're going to start with the Canadian Radio-television and Telecommunications Commission.
You will have up to five minutes to address the committee. Go ahead, please.
12:10 p.m.
Steven Harroun Chief Compliance and Enforcement Officer, Canadian Radio-television and Telecommunications Commission
Good afternoon and thank you for inviting us to appear before your committee.
Before I begin my remarks, I would like to acknowledge that we are gathered on the traditional, unceded territory of the Algonquin Anishinabe people.
My name is Steven Harroun. I am the chief compliance and enforcement officer at the CRTC.
I am joined today by the CRTC's general counsel, Anthony McIntyre.
The CRTC is an independent, quasi-judicial tribunal that operates at arm’s length from the government. We hold public hearings on telecommunications and broadcasting matters, and we make decisions based on the public record.
In addition, the CRTC plays a part in a larger federal government effort to protect Canadians from spam, malware, phishing and other electronic threats. The CRTC is one of three agencies, along with the Competition Bureau and the Office of the Privacy Commissioner, that work to promote and enforce compliance with Canada's anti-spam legislation, or CASL, as we call it.
The CRTC has a small team of less than 20 people that carries out this important mandate. CASL authorizes our investigators to request warrants from the courts to examine computers and other electronic devices when necessary. As part of those authorized activities, CRTC staff can use digital forensic tools during investigations. How we use these tools is very limited in scope and is done in keeping with the law. In the very limited circumstances in which we have used these tools, we have obtained judicial authorization through the courts in the form of a warrant.
Since 2022, the CRTC has only used these tools in two CASL investigations. In these cases, a warrant was obtained and the CRTC was successful in uncovering evidence related to potential CASL violations.
We take the use of digital forensics tools very seriously. We follow strict legislative and judicial parameters when using these tools.
Thank you for allowing us time to explain our limited use of these tools to help protect Canadians from harmful electronic threats.
We look forward to your questions.
12:10 p.m.
Conservative
The Chair Conservative John Brassard
Thank you, Mr. Harroun. You're well under time, which the committee appreciates.
We're going to the Canada Revenue Agency now.
You have up to five minutes to address the committee. Go ahead, sir.
12:10 p.m.
Eric Ferron Director General, Criminal Investigations Directorate, Compliance Programs Branch, Canada Revenue Agency
Thank you, Chair.
Thank you to the Standing Committee on Access to Information, Privacy and Ethics for having us here today. My name is Eric Ferron, and I am the director general of criminal investigations at the Canada Revenue Agency, the CRA. I am accompanied by my colleague, Anne Marie Laurin, acting director general of the access to information and privacy directorate, and deputy chief privacy officer.
Within the scope of my responsibilities, the criminal investigations program investigates significant cases of tax evasion, tax fraud and other serious violations of tax laws and, where appropriate, refers cases to the Public Prosecution Service of Canada, the PPSC, for possible criminal prosecution.
Ms. Laurin's responsibilities include providing strategic direction, expert advice and leadership on all access to information and privacy matters in support of the CRA's programs, services and priorities.
I would like to start by stating that the CRA does not use spyware tools to monitor its employees or Canadians. The criminal investigations program does use the technological tools that are the topic of today's discussion.
CRA criminal investigators and computer forensics analysts are public officers as defined by section 2 of the Criminal Code. As public officers, CRA investigators can obtain evidence during the conduct of a criminal investigation by way of search warrants, preservation orders and production orders pursuant to section 487 of the Criminal Code. This is in addition to the search powers provided by the acts administered by the CRA.
Warrants issued by the court grant authority to CRA investigators to search and seize personal information or data that could otherwise be protected by section 8 of the Canadian Charter of Rights and Freedoms. In granting a search warrant, the issuing justice or judge must balance the rights of the CRA to gather evidence as part of a criminal investigation with the rights of individuals. Under section 487 of the Criminal Code, search warrants are sought when there are reasonable grounds to believe that an offence has been or is suspected of having been committed.
The evolution of technology has expanded the use of search warrants beyond traditional physical locations. Subsections 487(2.1) and 487(2.2) of the Criminal Code speak to search warrants of computers and electronic data, allowing the CRA investigators to search the electronic devices they have seized for data. It is during the execution of these judicial authorizations that the CRA may use technological tools to extract data from electronic devices.
A privacy impact assessment for the criminal investigations program has been in place since 2016, and the CRA was in the process of finalizing updates to it in late 2023. The update to the assessment has now been finalized, and in line with best practices the program intends to continue reviewing its PIA on a regular basis to ensure it is up to date and reflects current operations.
Mr. Chair, this concludes my opening remarks. Ms. Laurin and I would be pleased to answer any questions that committee members may have.
12:15 p.m.
Conservative
The Chair Conservative John Brassard
Thank you, Mr. Ferron.
We are now starting the first round of questions.
Mr. Barrett, you have the floor for six minutes.
12:15 p.m.
Conservative
Michael Barrett Conservative Leeds—Grenville—Thousand Islands and Rideau Lakes, ON
Chair, I'm going to take this opportunity to give a notice of motion that will be moved at a later meeting. It reads:
Given that the former President of Sustainable Development Technology Canada testified before committee last week, claiming that the Minister of Industry knew about conflicts of interest at the taxpayer-backed fund since 2019, contradicting the minister’s claim that he found out about abuse at the fund just this year, and that senior government officials misled committee about their attendance at SDTC board meetings where conflicts of interest occurred by board directors and the CEO by directing taxpayer money to companies that they have an interest in, and that a senior Department of Industry official who oversaw an investigation into the fund compromised the investigation through interference and unethical behaviour, the committee dedicate five meetings related to developments at Sustainable Development Technology Canada.
I can send that text to the clerk, Chair, but this is an incredibly important issue. When I have the opportunity to move it at our next meeting, with notice having been given, I would encourage all members to consider over the next couple of days their support for it, because this is an incredibly important issue.
12:15 p.m.
Conservative
The Chair Conservative John Brassard
Thank you, Mr. Barrett, for that notice of motion. Once it is sent to the clerk, it will be put into the digital binder for committee members to have a look at.
Mr. Barrett, you have four minutes and 40 seconds. Go ahead, please.
12:15 p.m.
Conservative
Michael Barrett Conservative Leeds—Grenville—Thousand Islands and Rideau Lakes, ON
I'll give my time to Mrs. Kusie, please.
12:15 p.m.
Conservative
12:15 p.m.
Conservative
Stephanie Kusie Conservative Calgary Midnapore, AB
Thank you very much, Mr. Barrett, and thank you very much, Chair.
I'm going to again quote the Privacy Commissioner, who said that it's going to be “even more important to reassure Canadians” and that “we need to have that reflex of privacy by design and privacy at the front end.”
I must say, I was not quelled by the first group of departments that were here this morning. What I heard was, “We did not have the PIAs. Don't worry. We didn't use them on employees, but we used them in far more extensive and invasive other places.” I'm very concerned by that.
I will say that the committee agreed to communicate with all 137 federal institutions. It's unfortunate that, for these four organizations that are here today as models and as sort of a check on the other departments, this is the pressure that is on them this morning.
The last comment I'll make before I get to the questioning is that I find it ironic that the Privacy Commissioner actually learned of the invasion, if I can use that term, by the federal departments and agencies, from the government agency of Radio-Canada, which first posted this story. I think this is another very ironic piece of information, given this meeting this morning.
I'll start with you, Mr. Harroun, with the same question I used with your previous colleague.
Did your department procure surveillance gear that can be used to access employees' information and potentially the information of Canadians at large?
12:20 p.m.
Chief Compliance and Enforcement Officer, Canadian Radio-television and Telecommunications Commission
No, we do not procure surveillance gear. We have digital forensic tools, which we use to enforce CASL.
12:20 p.m.
Conservative
12:20 p.m.
Chief Compliance and Enforcement Officer, Canadian Radio-television and Telecommunications Commission
They do.
12:20 p.m.
Conservative
Stephanie Kusie Conservative Calgary Midnapore, AB
Was the PIA obtained for these tools prior to their use?
12:20 p.m.
Chief Compliance and Enforcement Officer, Canadian Radio-television and Telecommunications Commission
When CASL came into force in 2014, the CRTC conducted three PIAs, as it was a brand new program. One of those PIAs specifically references section 19, which is search warrants and the use of digital forensic tools. We've had a PIA since 2014.
12:20 p.m.
Conservative
Stephanie Kusie Conservative Calgary Midnapore, AB
You have valid PIAs for all of these tools that you are currently using.
12:20 p.m.
Chief Compliance and Enforcement Officer, Canadian Radio-television and Telecommunications Commission
That's correct.
12:20 p.m.
Conservative
Stephanie Kusie Conservative Calgary Midnapore, AB
Okay.
I'll ask the same question of Mr. Ferron.
Did your department procure surveillance gear that can be used to access employees' information and potentially the information of Canadians at large?
12:20 p.m.
Director General, Criminal Investigations Directorate, Compliance Programs Branch, Canada Revenue Agency
Criminal investigations has tools that we're discussing here today. They're not surveillance tools. They are digital forensics tools that we use as part of our criminal investigations.
We've had a PIA for the criminal investigations program as a whole since 2016. The tools that we have were purchased right before that.
12:20 p.m.
Conservative
Stephanie Kusie Conservative Calgary Midnapore, AB
Have you received any direction from the Treasury Board when it was announced that many departments were not in compliance with the required PIAs, Mr. Ferron?
12:20 p.m.
Director General, Criminal Investigations Directorate, Compliance Programs Branch, Canada Revenue Agency
The discussions with the Privacy Commissioner happened with my colleague here, so I'll let her address that question.
12:20 p.m.
Anne Marie Laurin Acting Director General and Deputy Chief Privacy Officer, Access to Information and Privacy Directorate, Public Affairs Branch, Canada Revenue Agency
Thank you for the question.
Both the OPC and Treasury Board sent follow-up questions regarding that. We indicated that we use the forensic tools for the purposes of criminal investigations. We did have a PIA in place. In fact, the Privacy Commissioner acknowledged receipt of that PIA and had no recommendations on it at the time.
