Independent
journalism that swims
against the current.
Opinion
Rights + Justice
Politics

Mounties Stonewalled Request for Improperly Collected Data

Audit yielded trove of inaccurate information, memo says.

Michael Geist 3 Mar 2015TheTyee.ca

Michael Geist holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law. He can reached at mgeist@uottawa.ca or online at www.michaelgeist.ca.

image atom
The Privacy office audited the RCMP hoping to obtain information on its requests for subscriber information. Computer photo: via Shutterstock.

Last fall, Daniel Therrien, the government's newly appointed privacy commissioner of Canada, released the annual report on the Privacy Act, the legislation that governs how the government collects, uses and discloses personal information. The lead story from the report was the result of an audit of the Royal Canadian Mounted Police practices regarding warrantless requests for telecom subscriber information.

The audit had been expected to shed new light into RCMP information requests. Auditors were forced to terminate the investigation, however, when they realized that Canada's national police force simply did not compile the requested information. When asked why the information was not collected, RCMP officials responded that its information management system was never designed to capture access requests.

While that raised serious concerns -- the RCMP has since promised to study mechanisms for reporting requests with recommendations expected in April -- documents recently obtained under the Access to Information Act reveal that the publicly released audit results significantly understated the severity of the problem. Indeed, after the draft final report was provided to the RCMP in advance for comment, several of the findings were toned down for the public release.

Behind the scenes, however, documents suggest that privacy commissioner of Canada auditors were deeply concerned with what they found. In fact, just two days before the public release of the audit, one of the lead auditors wrote a memorandum to file to ensure that there was a paper trail chronicling what actually took place.

The memorandum specifically references a 2010 RCMP document that purported to list tens of thousands of warrantless subscriber information requests. The document indicated that 94 per cent of requests involving customer name and address information was provided voluntarily without a warrant.

The privacy commissioner of Canada auditors apparently expected that document, which was previously released under the Access to Information Act, to serve as the starting point for their review of RCMP practices. The internal memorandum notes, "We expected that these statistics would be accurate, complete, and up-to-date and that they would allow us to review RCMP files related to such warrantless requests."

Statistics inaccurate

Once the auditors began examining the data, however, they found something entirely different. The internal memorandum states that "based on the evidence below we found, on the contrary, that the statistics provided for 2010 (and later for 2011-2013) were inaccurate, incomplete, not current, and they were not useful identifying (Police Reporting Occurrence System) files for review."

The internal memorandum continues by citing specific problems with the RCMP evidence, acknowledging "problems with the reliability of data were also provided by way of interviews with senior officials." The details of those interviews are redacted, however, the memorandum states, "from these discussions we also found that statistics for warrantless access are inaccurate because of lack of reporting, multiple reporting or overlapping reporting."

The conclusion leaves little doubt about the problems the auditors encountered. It goes far further than the publicly released report, noting that "based on our review of statistics and interviews with senior officials at the RCMP we were unable to rely upon the numbers provided for warrantless access requests, nor was there any linkage between reports of such requests and the actual operational files containing such requests."

In short, the privacy commissioner of Canada set out to audit the RCMP in the hope of uncovering the details behind requests for subscriber information. What it encountered instead was inaccurate data and an effort to downplay the problems within the public report.

The incident highlights the limits of Canadian oversight over law enforcement and surveillance activities. The use of the privacy commissioner's audit power is frequently lauded as a mechanism to ensure that government does not run afoul of the law. Yet despite identifying inaccurate and incomplete data on a high profile privacy issue, the public audit report does not use the terms "inaccurate" or "incomplete."

The shortcomings in both practice and oversight point to the need for a strong legislative and policy response. As a starting point, the RCMP should provide detailed guidance on its policy on customer name and address requests and regularly report on those requests. Moreover, mandatory reporting requirements for telecommunications companies on subscriber disclosures could be added to Bill S-4, the government's privacy reform package that is currently before the House of Commons.  [Tyee]

Read more: Rights + Justice, Politics

  • Share:

Facts matter. Get The Tyee's in-depth journalism delivered to your inbox for free

Tyee Commenting Guidelines

Comments that violate guidelines risk being deleted, and violations may result in a temporary or permanent user ban. Maintain the spirit of good conversation to stay in the discussion.
*Please note The Tyee is not a forum for spreading misinformation about COVID-19, denying its existence or minimizing its risk to public health.

Do:

  • Be thoughtful about how your words may affect the communities you are addressing. Language matters
  • Challenge arguments, not commenters
  • Flag trolls and guideline violations
  • Treat all with respect and curiosity, learn from differences of opinion
  • Verify facts, debunk rumours, point out logical fallacies
  • Add context and background
  • Note typos and reporting blind spots
  • Stay on topic

Do not:

  • Use sexist, classist, racist, homophobic or transphobic language
  • Ridicule, misgender, bully, threaten, name call, troll or wish harm on others
  • Personally attack authors or contributors
  • Spread misinformation or perpetuate conspiracies
  • Libel, defame or publish falsehoods
  • Attempt to guess other commenters’ real-life identities
  • Post links without providing context

LATEST STORIES

The Barometer

Where Are You Feeling Inflation the Most?

Take this week's poll