Evidence of meeting #103 for Access to Information, Privacy and Ethics in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was information.
A recording is available from Parliament.
NDP
Matthew Green NDP Hamilton Centre, ON
That wasn't the question I asked. The question I asked was this: How many times has Shared Services contracted this technology out to different departments?
Assistant Deputy Minister, Enterprise IT Procurement and Corporate Services Branch, Shared Services Canada
We don't have any subcontracting contracts with the other organizations. We procure the services, including technology, which is available to all federal government departments. The departments can use those tools—
NDP
Matthew Green NDP Hamilton Centre, ON
I'll put the question more directly, sir, and I'm hoping for a direct answer.
You do what you've just described. How many times has this product been accessed and by how many departments?
Assistant Deputy Minister, Enterprise IT Procurement and Corporate Services Branch, Shared Services Canada
I'll have to check that information and get back to you later.
We purchased licences for tools that can be used by all departments. I don't have a report telling me which department used what tool at what frequency. I don't have that information, but I can check to see if it exists.
NDP
Matthew Green NDP Hamilton Centre, ON
Okay.
Going back to the contrast between this particular forensic tool and the on-device investigative tools, which we studied here via the RCMP, would the RCMP have had to go through Shared Services in the procurement process, or would they just be direct-to-vendor as well?
President, Shared Services Canada
It would depend. We do provide IT services for the RCMP, but typically anything that's policing action would be directly them through their normal contracting processes or potentially through Public Services and Procurement. I'd have to verify that.
NDP
Matthew Green NDP Hamilton Centre, ON
Do you have insight or oversight into the procurement practices of other departments?
President, Shared Services Canada
No. It's only when we're doing a shared service and providing the shared licensing where we can get a cost benefit.
NDP
Matthew Green NDP Hamilton Centre, ON
Okay, that suffices.
Let me just put this question to you: Have you ever, through your work, purchased on-device investigative tools?
President, Shared Services Canada
At Shared Services Canada, no, I can't think of a time in my career when I've done that.
NDP
Matthew Green NDP Hamilton Centre, ON
Okay. That's important.
Sir, when you were talking about the privacy impact assessments, you had mentioned that your work had predated.... It was going back to 1996. I think you even referenced BlackBerry.
Is it safe to say, though, that you're not using the same technology from 1996?
Chief Digital Officer, Competition Bureau Canada
We're using an evolution of what we used back then, yes.
NDP
Matthew Green NDP Hamilton Centre, ON
I think it's pretty safe to assume, given Moore's law, that it would be leaps and bounds beyond the technology of 20 years ago.
Is that correct?
Chief Digital Officer, Competition Bureau Canada
Yes, it is, in the ways that we can access the data. Before, it was all or nothing, and now we can actually slice and dice and choose what we see. Yes, it is—
NDP
Matthew Green NDP Hamilton Centre, ON
Would it be a material difference from the technology that you would have used in 1996?
Chief Digital Officer, Competition Bureau Canada
We didn't have telephones. These are really in line with telephones, so—
NDP
Chief Digital Officer, Competition Bureau Canada
Yes, it would have been computers—
Chief Digital Officer, Competition Bureau Canada
On the actual technology, I would base it more around the arrival of BlackBerrys and flip phones. We did process those in 2009 and 2010.
NDP
Matthew Green NDP Hamilton Centre, ON
To my point, now, in 2024, we're talking about technology that's an order of magnitude beyond your initial implementation.
The reason I bring that up is that I'm concerned when you say that your program predates the directive, because I interpret a directive from the Treasury Board to be a directive—for all departments. When we have departments picking and choosing when they are under the auspices of a privacy impact assessment....
I'll just go ahead and state that all of this could have been avoided, in my opinion, if these departments had just followed directives and done the PIAs. What we're left with, as a committee, is contemplating what the remedies are, which is to make it a legal requirement of departments.
How would you respond to a question that asks whether making this a legal requirement would provide you with clearer guidelines as to the applicability of the PIA and the use of your technology.