Information & Ethics Committee on May 2nd, 2022

Okay.

In connection with the four elements you mentioned earlier, you said that there was an entity responsible for oversight.

What entity are you referring to?

So there ought to be a set of organizations that could together constitute another entity.

Thank you.

We go now to Mr. Green. It's nice to have you back. Go ahead for two and a half minutes.

Thank you.

Mr. Chair, we've heard in a previous answer by a witness today that a private industry is not able to regulate itself. You'll recall that in previous testimony, the RCMP disagreed with the findings of the Privacy Commissioner about violations that were present, so I want to ask the Office of the Privacy Commissioner about this.

The OPC found that the RCMP's use of Clearview AI contravened the Privacy Act and PIPEDA. The RCMP testified that they disagreed with the findings of the investigation. Through you, Mr. Chair, why does the OPC believe that the RCMP violated the Privacy Act and PIPEDA?

In other words, they can't do indirectly what they can't do directly. Is that correct?

Yet here we are, with a scenario in which we know that police services are using this surreptitiously through many ways of procurement, through purchases and also through trial examples as well.

We heard the RCMP state in their testimony that they had no idea who signed off on the use of this technology. Are you aware of any other police agencies in Ontario that currently use Clearview?

How would you close the loop specifically to ensure that these breaches of privacy, information and civil liberties aren't breached again in the future, not just by the private sector but most clearly through our law enforcement?

Thank you so much.

Thank you.

Now we go to Mr. Bezan for five minutes.

Thank you, Mr. Chair.

I want to thank our witnesses for their presentations and their participation in this important study. The announcement you made jointly earlier today definitely couldn't have been timed better, considering the work we're doing right now.

Mr. Therrien, to follow up on Mr. Green's questioning, you said the RCMP was unlawfully using Clearview technology. Were any penalties assigned to the RCMP—or to Clearview, for that matter?

Are you aware of the organization IntelCenter and the IntelCenter database of facial recognition technology?

Based upon access to information requests that we just got back, it appears that the RCMP, CSIS and the Department of National Defence are making use of this technology. I think it's something we need to dive into as well.

Their own documents suggest that they use open-source images to identify things like terrorists from the Internet and then provide that to law enforcement agencies like the RCMP and CSIS.

You can maybe take that under advisement.

When you talk about amending existing legislation, you're talking about the Privacy Act and PIPEDA. Should it be extended to include the Criminal Code?

When you're looking at the use of facial recognition technology and protecting charter and privacy rights, should we take the same approach as we do for wiretaps?

I know the CSE and CSIS do a lot of monitoring of online chatter, trying to focus on things like terrorism and transnational criminal organizations. Again, they can't do indirectly what they're prohibited from doing directly. Whenever they're going to be in violation of the charter, they have to get a warrant or ministerial authorization to ensure that they become charter compliant. When you talk about authorized purposes, is that what you had in mind? Do there need to be warrants or ministerial authorizations making the claim that it is required and proportionate to the violation that may happen to an individual's rights?