OTTAWA—There’s no way to know if the RCMP complied with privacy laws in requesting Canadians’ personal information without a warrant, or even how often the Mounties made such requests, according to Ottawa’s privacy watchdog.
Privacy Commissioner Daniel Therrien said his office was not able to track how often the national police force requested access to Canadians’ personal information without a warrant — because the RCMP don’t track that information themselves.
“We were disappointed to find that limitations in the RCMP’s information management systems meant we were unable to assess whether such controls were in place,” said Therrien, in a statement.
“It was not possible to determine how often the RCMP collected subscriber data without a warrant. Nor could we assess whether such requests were justified.”
Therrien’s office revealed they were formally reviewing the RCMP’s warrantless access practices after the Star and the Halifax Chronicle Herald reported that police forces asked nine telecommunications companies for their customers’ information 1.2 million times in 2011 alone.
In the wake of those revelations, two of Canada’s “big three” telecommunication firms — Rogers and TELUS — have begun releasing annual transparency reports into how often police request their users’ information. Bell Canada has refused to do so.
The RCMP has repeatedly said, both in public and through disclosures obtained through access to information law, that the force does not keep track of how often warrantless requests are made — the one thing confirmed through Therrien’s investigation.
Since launching the review in October 2013, Therrien’s office interviewed 50 RCMP members, including senior officers, field agents making warrantless requests, and IT specialists.
After reviewing RCMP databases, which receive round two million new entries per year, the watchdog’s investigators could only find a few cases where they could identify a warrantless request had been made.
“We found that other than through a manual review of each case file, the RCMP does not currently have the capacity to produce a report that would identify some or all of the particular operational files in which an access to subscriber information was made without a warrant, and report on the frequency of such requests,” the report, tabled in Parliament Thursday morning reads.
“The RCMP also stated that compiling such information is complicated by the fact that a complex criminal case may involve numerous warrantless requests for customer names and addresses related to phone numbers.”
Therrien’s office recommended the Mounties begin monitoring and tracking the number of warrantless requests made, and to report aggregate figures publicly. The RCMP largely agreed with the privacy watchdog’s recommendation.
“The RCMP will establish a working group to explore mechanisms which are both efficient and cost-effective to better monitor and report on warrantless requests for subscriber information,” the police note in their response to Therrien’s report. “A report in this regard will be presented to our Departmental Audit Committee by April 2015.”
The question of warrantless access to Canadians’ personal information was complicated by the Supreme Court last June. The top court ruled in a case known as Spencer that searches for “basic subscriber information” — names, addresses, internet protocol (IP) addresses, telephone numbers — without a warrant violated Canadians’ rights against unreasonable search and seizure.
The RCMP note that the Department of Justice and Public Safety Canada are still working on a unified interpretation of Spencer and its implications.
“While it is anticipated that the number of warrantless requests will be reduced in light of the R. v. Spencer decision, warrantless access will continue to be sought in specific situations, such as exigent circumstances or where authorized by a reasonable law,” the police said in Therrien’s report.