A pair of articles by the Toronto Star and CBC have revealed a number of situations where the authors report on why authorities may be right to ask for new investigatory powers. A series of cases, combined with interviews with senior RCMP staff, are meant to provide some insight into the challenges that policing and security agencies sometimes have when pursuing investigations. The articles and their associated videos are meant to spur debate concerning the government’s proposal that new investigatory powers are needed. Such powers include a mandatory interception capability, mandatory data retention capability, mandatory powers to compel decryption of content, and easy access to basic subscriber information.
This post does not provide an in-depth analysis of the aforementioned proposed powers. Instead, it examines the specific ‘high priority’ cases that the RCMP, through a pair of journalists, has presented to the public. It’s important to recognize that neither the summaries nor underlying documents have been made available to the public, nor have the RCMP’s assessments of their cases or the difficulties experienced in investigating them been evaluated by independent experts such as lawyers or technologists. The effect is to cast a spectre of needing new investigatory powers without providing the public with sufficient information to know and evaluate whether existing powers have been effectively exercised. After providing short commentaries on each case I argue that the RCMP has not made a strong argument for the necessity or proportionality of the powers raised by the government of Canada in its national security consultation.
Case One: Child abuse video
Police have testimony from a child alleging sexual assault by their father who they say recorded the crime on his phone. The phone is locked by a pass code and investigators have not been able to access the video, which would be crucial evidence. Police have no legal authority to compel the man to unlock his phone. The case remains under investigation.
This case uses a string of allegations to make an argument that existing policing powers are deficient for investigating child abuse crimes. Specifically, there is an assumption that the allegation of the video’s existence is the same as it actually existing and that, were there a video and it were accessible to police, the video would provide ‘crucial’ evidence. These allegations are not presently borne out by fact: unable to decrypt the device, police cannot know for certain that the alleged activities were recorded nor know that a video would corroborate a victim’s statements. The result is they cannot know that ‘crucial’ evidence is inaccessible.
While police may lack the powers to compel access to the phone there are other avenues that may be available, such as malware or other methods of intruding into the device. Alternately, officers might lie in wait until the suspect unlocked their phone and subsequently tackle the suspect to take the device away from them before it can be re-locked. Where a passcode is used the authorities might use video surveillance to register the code to later enter the device, which is a practice undertaken by policing and security agencies in other jurisdictions.
This synopsis also does not reveal that the lack of video evidence has ended the investigation, nor that absent this particular piece of alleged evidence that the case cannot be taken forward. Instead it indicates there is a roadblock that authorities must overcome but not how they have, or can, overcome it.
Case 2: VoIP phones encrypted
The RCMP obtained a warrant to tap the phones of an individual suspected of financial fraud in Eastern Canada, only to discover that the VoIP (voice over Internet protocol) phone network the suspect was using encrypted the calls. Police made several covert entries into the suspect’s office to install devices to bug the calls. At one point, the interception method failed, and for two weeks “valuable” evidence was missed.
To obtain an interception warrant the authorities would have had to demonstrate they had strong grounds to believe the suspect in question was engaged in illegal activities and that the interception was one of the only ways they could collect evidence. While the case recognizes there was a temporary issue with conducting the interception it was overcome by microphonic surveillance, a method that the RCMP has utilized for decades. Perhaps most worrying is not that the VOIP call was encrypted — along with all of the VOIP provider’s other customers who had legitimate interests in protecting their privacy by keeping their calls secured from third-party monitoring — but that the RCMP’s method failed. It’s unclear whether this failure was due to the target moving offices, the bug failing to operate, or something else entirely.
Ultimately, the assertion that “valuable” evidence was missed cannot be proven. If we assume that the journalists were merely reporting on the summary of the case they were shown and interviews they conducted (as opposed to other evidence from other investigative techniques directed at the same targets), then the RCMP could not prove the value of the evidence absent its collection. Valuable evidence might have been lost but absent an additional, secondary, surveillance mechanism this assertion cannot be borne out in fact.
Case 3: ‘Too much information’ tests RCMP capacity
RCMP intercepted cell and residential communications of a “high-risk traveller” in Eastern Canada suspected of planning to join a terrorist group overseas. The Internet/phone provider lacked interception capabilities, so police spent considerable resources to install their own equipment, but were eventually swamped by 21 million data points (web searches, images, videos, texts). Much of the data was encrypted and unintelligible. The case remains under investigation.
Police have their own equipment that is capable of integrating with telecommunications carriers’ equipment, and they have the competence to install it when a carrier does not possess the surveillance capacities desired by the RCMP. That authorities have to expend their funds to initiate such surveillance is not inherently a bad thing because it forces authorities to engage in a careful evaluation of where best to expend limited public funds: this means that authorities will, presumably, prioritize high-risk cases as opposed to broadly using a surveillance infrastructure for lower-priority cases. Such economic rationales are one of the ways that society ensures police are circumspect in how broadly they engage in surveillance.
The problem for the RCMP was that there is so much data that they cannot process it, and that what they can process is often unreadable because of the safeguards that all citizens enjoy in the course of their daily lives. That our communications, sometimes, are encrypted means that criminals and foreign governments and rival businesses are less able to conduct surveillance on Canadian citizens: encryption keeps us all safer. And while ‘much’ of the information that was collected by the RCMP was unreadable it wasn’t true that all the data was unreadable, nor that the lack of full visibility into the communications stymied the investigation. Moreover, without knowing what was encrypted we don’t know that encryption was a significant problem, only that there was some information that could not be readily accessed.
Though the RCMP, through the journalists, has framed this as an issue of the RCMP lacking adequate data science facilities what the summary suggests is that the RCMP is competent to continue their investigation even when they lack such facilities.
Case 4: Delays seeking foreign info
RCMP waited close to four months to get “high-value” evidence in order to stop a suspected “high-risk traveller” from leaving their home in Western Canada to join extremists overseas. Police say they concluded the case but were hampered by an inability to intercept communications outside of Canada and delays in the MLAT (mutual legal assistance treaty) process. Police had to forward a Canadian judge’s order through government channels, which were then delivered to a social media company outside the country. The company eventually filled the order, sending the material back to police — again through government channels — but police discovered the messages were encrypted and unreadable.
Canadian authorities generally cannot intercept communications that mostly, or wholly, take place outside of the country where there is no ‘domestic’ touchpoint. So even a mandated domestic interception capability would not necessarily help to “intercept communications outside of Canada.” The crux of the challenge facing the RCMP in this case is related to the MLAT process.
The MLAT process is often difficult for law enforcement agencies to work through, in part because of the number of process checks that the Canadian and receiving (e.g. American) governments undertake. These checks are meant to ensure that the originating warrant (in this case, Canadian) and request for data comports with a receiving country’s legal standards. The rationale for this process is to provide a high level of due process to the targets of an investigation: while this means that Canadian warrant requests are slow to return with responsive data, warrants from countries lacking an equivalent rule of law are less likely to provide responsive data on the basis of the warrant not comporting with receiving nations’ due process standards. These evaluations of warrants are an important human rights protection because it stops countries with corrupt judges or poor rule of law from accessing information about dissidents, activists, and opposition politicians without good cause.
So, while the timeliness of accessing information through MLATs is an issue for Canadian authorities, it isn’t a problem that a new Canadian law can fix. Instead, fixing the MLAT process will require additional resourcing in the receiving country to accelerate the process of reviewing the foreign warrant. And, importantly, in this case the police were ‘hampered’ but not ‘prevented’ from continuing their case. In fact, police concluded the case despite the delays in access to materials and encrypted nature of the materials that were received.
Case 5: A 10-month wait to access records
During an investigation into a group of Daesh (also known as ISIS or ISIL) supporters who police believed were “high-risk travellers” based in Eastern Canada, the RCMP spent 10 months trying to obtain social media communications outside Canada. Analysis of the data is continuing, and police have evidence that one of the suspects is abroad in a “high-risk country.” The case remains under investigation.
Authorities exercised their lawful powers to obtain data and were ultimately successful in receiving it from a foreign company. While authorities now have evidence that the suspect is abroad, they did not seek to detain the individual or prevent their departure. The journalists do not indicate whether authorities sought such powers or contemplated finding further rationales to lawfully detain or prevent the movement of the suspect. Moreover, there is no indication that the suspects are actually likely to be ‘high-risk’ travellers. Instead we are left with a concern that someone may have ‘gotten away’ without possessing any supporting information that the RCMP actually exhausted all of their methods, or that the suspect is actually the high-risk traveller the RCMP alleges suspects them to be.
Case 6: Terrorist group communications prove elusive
RCMP are investigating a group of individuals suspected of participating in a terrorist organization and plotting to travel overseas. Police attempted a court-ordered interception of their devices but found the communications were encrypted. As a result, police had to design technical solutions which meant they needed an extension of the court order, and this has delayed the process. The communications among the suspected terrorists have not been obtained. The case is still under investigation.
The RCMP has a pre-existing reason for why they think that these individuals may be participating in a terrorist organization or planning on travelling overseas. So the agency already has some means of collecting information and (presumably) placing high-value targets under surveillance.
There are a few points that are helpful to consider when discussing the communications encryption of these kinds of persons that the RCMP has placed under surveillance:
- Where persons are using foreign-designed tools that include encryption the RCMP may be unable to compel decryption because the creators of the tool could be outside Canada’s legal jurisdiction; and
- Other cases in the set presented by the Toronto Star and CBC (e.g. Case 9) suggest that the RCMP may be able to penetrate targets’ devices and thus access the plaintext of communications directly from devices themselves. If this is the case, then the difficulties in decrypting some information in transit may largely be rendered moot.
This case fails to clarify the specific problem(s) the RCMP is facing: is the problem linked solely with encryption? Or does it lie with the difficulty in getting an extension to their interception order? Or does it lie with finding alternative interception methods?
Case 7: Digital chatter unreadable
RCMP obtained warrants to conduct surveillance on a group of people in Eastern Canada suspected in a terrorism conspiracy in 2014. Police discovered the main suspect’s phone was connecting to multiple different cellular networks, none of which was technically equipped to intercept the suspect’s text and Internet traffic. The Mounties spent two months and $250,000 to engineer a custom tool that would intercept the target’s communications, only to discover all of it was encrypted and unreadable. The individuals remain under investigation.
The Solicitor General’s Enforcement Standards (SGES) requires that mobile providers be capable of intercepting text messages, voice calls, faxes, and other kinds of communications as a condition of receiving wireless spectrum license. In this case, the involved carriers could not provide access to such messages and, as such, were at least partially non-compliant with their regulatory requirements. There is no indication that action intended to force compliance has since taken place.
However, even if the mobile carriers could have disclosed communications at the time they received the interception order they would have simply provided encrypted communications data. So enforcing the pre-existing mandated interception capability wouldn’t have been useful in providing access to the encrypted data in question.
So what could authorities do? They could try to exploit the endpoint device (i.e. mobile phone) in this case or use video surveillance to try and capture what the individuals are typing or reading on their mobile phones (similar to what is sometimes done in Australia). They could also try to gain physical access to the devices in order to clone data for later decryption at an RCMP facility. But there is no indication as to whether these alternate approaches, or further ones, were pursued by the RCMP. Nor has the inability to decrypt the suspects’ communications caused the RCMP to terminate the investigation: there are presumably enough tools that the government can continue to keep this case file open.
Case 8: Interception too costly
The RCMP seized kilos of cocaine and arrested low-level members of an alleged drug and human trafficking organization in Eastern Canada. After obtaining a warrant to monitor suspects’ communications, investigators determined it would cost hundreds of thousands of dollars to install interception hardware at the targets’ Internet service provider (ISP). Police abandoned the effort and resorted to using undercover officers and agents. The alleged criminal bosses and organization are still operational.
This is a case where the RCMP made a fiscal decision: the agencies decided it would be less expensive to use human intelligence as opposed to electronic surveillance to try and collect evidence on alleged bosses. It remains unproven that electronic surveillance at an Internet service provider would have been successful in collecting evidence — other cases noted by the RCMP indicate that encryption might have stymied their surveillance efforts — and thus the imputation that interceptions of communications would have put the organization out of business and bosses in jail is uncertain at best. Moreover, there is no indication of the actual effectiveness of the human agents: while the bosses and organization may continue to exist, would this case have wrapped up should suspects have said something incriminating over the phone or through unencrypted Internet-based communications? Or are charges, right now, being prepared against the bosses and organization but yet to be filed? Absent additional information it’s impossible to actually evaluate the impact that a lack of intercepted communications is having on this case.
Case 9: Laptops, phones blocked
The RCMP, working with foreign intelligence agencies, obtained warrants to intercept residential and cellular traffic of a group of suspected “high-risk travellers” in a city in Western Canada. Police believed they were planning to join extremist groups overseas. Investigators attempted to intercept more than 30 laptops, cellphones and computers being used by the group but could only “successfully infiltrate” two of them. While those two devices delivered a bounty of intercepted evidence — 4.4 million pieces of data, including videos, images, web pages, text messages and emails — some of the data was encrypted and unreadable.
The language used in discussing this case is strange: orders were received to target a significant number of electronic devices but were only successful in “infiltrating” two of them. While other cases revealed that interception challenges lay with telecommunications providers it isn’t clear that there is a similar problem in case. Specifically, it isn’t evident that the problem is linked with authorities’ inabilities to conduct lawful interceptions or is linked with authorities only being able to install malware or other surveillance tools on only two of the targeted devices. And, regardless, a large volume of data was produced by through effort.
Moreover, we do not know which ‘foreign intelligence agencies’ the RCMP was coordinating with. While the collected data might have been inaccessible to the RCMP it may have been accessible to its foreign partners (e.g. France’s DGSE, Britain’s GCHQ or MI5, or the United States’ FBI or NSA). And left unstated is whether the RCMP successfully contributed to the international partnership by providing the information it had collected: was it necessarily to ‘infiltrate’ all thirty devices or was infiltrating the pair sufficient to advance the intelligence operation the RCMP was collaborating in?
Furthermore, this is one of the few cases where there is no indication that the case was halted, is continuing, or is concluded: was this a case that the RCMP, itself, ever planned to prosecute? Or was the RCMP principally operating in an assistance role to a foreign agency that might be responsible for bringing charges?
Case 10: Aaron Driver’s encrypted chats
The RCMP was unable to read Daesh supporter Aaron Driver’s encrypted messages in 2015 to and from other suspects involved in attacks in Texas and Australia. Despite suspicions, RCMP say encryption thwarted their ability to understand how far along Driver may have been in his bomb plot. He was killed in August 2016 outside his home in Strathroy, Ont., after police were tipped off to a martyrdom video Driver had made. The FBI alerted Canadian police to an “imminent” attack. He was killed amidst police gunfire and the partial detonation of a bomb he was carrying.
Despite the RCMP’s inability to read Driver’s encrypted communications the government was able to obtain judicial orders to seize his equipment and analyze his electronics and communications. Moreover, they were able to obtain a peace bond against Mr. Driver. And much of the encrypted communication that the RCMP was unable to penetrate was sent to online forums — perhaps where the operators were unwilling to produce plaintext communications after receiving a lawful order to do so — and Twitter. No mention is made in stories provided by the Toronto Star or CBC to whether production orders ultimately produced data from those forums or Twitter.
Ultimately, the FBI’s discovery of the martyrdom video led to the RCMP being warned about Driver’s imminent threat. This was a situation where integration between foreign law enforcement bodies, combined with information sharing, worked. While the RCMP presents this as a failure based on encryption it is instead a near-failure based on the government of Canada’s deficient surveillance of Driver’s online activities that was alleviated by the successes of the FBI’s own surveillance.
The Case Is Not Made
The RCMP has largely declined to directly and publicly engage with experts about the challenges they assert they are facing: civil liberties groups, academics, and government officials are all willing to work with the RCMP and other agencies to ensure that adequate powers exist to conduct legitimate investigations. But such powers must both be necessary and proportionate. It is not enough that selected powers would be helpful: they must be absolutely required and only infringe upon Canadians’ rights in a manner that is proportionate to the risks at hand.
The RCMP, in sharing selections of cases with journalists instead of whole case files, has presented these cases in the most charitable lights possible. The RCMP has not provided their summaries to the public, let alone detailed case information. And the journalists lacked the entirety of the files that they would need to effectively evaluate whether the summaries cast the respective investigations in the same light as would be done by a critical reader of the entirety of each file.
The powers that the government is proposing in its national security consultation — that all communications made by all Canadians be retained regardless of guilt, that all communications be accessible to state agencies on the basis that any Canadian could potentially commit a crime, that security of communications infrastructure should be secondary to government access to communications — are deeply disproportionate to the challenges government agencies are facing. The cases chosen by authorities to be selectively revealed to journalists do not reveal a crisis of policing but that authorities continue to face the ever-present challenges of how to prioritize cases, how to assign resources, and how to pursue investigations to conclusion. Authorities have never had a perfect view into the private lives of citizens and that is likely to continue to be the case, but they presently have a far better view into the lives of most citizens, using existing powers, than ever before in history.
The powers discussed in its consultation, and that the RCMP has implicitly argued for by revealing these cases, presume that all communications in Canada ought to be accessible to government agencies upon their demand. Implementing the powers outlined in the national security consultation would require private businesses to assume significant costs in order to intercept and retain any Canadian’s communications. And such powers would threaten the security of all Canadians — by introducing backdoors into Canada’s communications ecosystem — in order to potentially collect evidence pursuant to a small number of cases, while simultaneously exposing all Canadians to the prospect of criminals or foreign governments exploiting the backdoors the RCMP is implicitly calling for.
While the government routinely frames lawful interception, mandated decryption, and other investigatory powers as principally a ‘privacy-vs-security’ debate, the debate can be framed as one of ‘security-or-less-security’. Do Canadians want to endanger their daily communications and become less secure in their routine activities so that the RCMP and our security services can better intercept data they cannot read, or retain information they cannot process? Or do Canadians want the strongest security possible so that their businesses, personal relationships, religious observations, and other aspects of their daily life are kept safe from third-persons who want to capture and exploit their sensitive and oftentimes confidential information? Do we want to be more safe from cybercriminals, or more likely to be victimized by them by providing powers to government agencies?
Yes, we are in the midst of a privacy and security debate. But the cases presented by the RCMP to the public, through the Toronto Star and CBC, reveal that we are just as much in the midst of a security versus insecurity debate. It is critical that we concentrate on the latter and establish the facts of that debate before advancing to the former debate. If we do anything else, we risk misconstruing the debate over privacy on the basis of bad, incorrect, or misleading information, and end up with a result that undermines Canada’s national security instead of strengthening the security that each and every Canadian deserves.