An admission from Canada’s national police force that it routinely uses powerful spyware to surveil citizens has prompted concern from experts, who warn the country is “asleep at the wheel” when it comes to regulating and reining in use of the technology.
During a parliamentary session in late June, the Royal Canadian Mounted Police submitted a document outlining how a special investigative team covertly infiltrates the mobile devices of Canadians. The tools, which have been used on at least 10 investigations between 2018 and 2020, give the police access to text messages, email, photos, videos, audio files, calendar entries and financial records. The software can also remotely turn on the camera and microphone of a suspect’s phone or laptop.
The RCMP, which has long evaded questions over whether it uses spyware to track Canadians, provided the information about its “on-device investigative tools” in response to a question from a Conservative lawmaker about how the federal government collects data on its citizens.
Ron Deibert, a political science professor at the university of Toronto and head of Citizen Lab, said the spyware, which gives police an “extraordinary window into every aspect of someone’s personal life” is akin to “nuclear-level technology” – but has little government oversight.
“There’s a culture of secrecy that pervades the intelligence and law enforcement community in this country,” he said
Deibert, one the world’s leading experts on the surveillance techniques used by authoritarian regimes, said he and others have long suspected police and government agencies in Canada were using the technology. But absent from the disclosure was any indication of who the government is purchasing the software from.
“That’s my biggest unanswered question,” he said. “Because we know there are some companies that are horrible when it comes to due diligence and routinely sell to governments that use it for grotesque human rights violations.”
Last year, a collaborative investigation between the Guardian and other major international outlets, called the Pegasus Project, revealed that spyware licensed by the Israeli firm NSO Group had been used to hack smartphones belonging to journalists, lawyers and human rights activists.
In 2021 the commerce department in the United States announced it had placed mercenary spyware companies like NSO on the country’s Entity List, effectively blacklisting them for their “malicious cyber activities” amid growing concern from US officials that the software