Data extraction tools. On-device investigative capabilities. Digital forensic software. Spyware.

Regardless of what you call it, technology that lets someone access and control every aspect of someone else’s smartphone is being used more and more these days.

Such tools enable unknown actors to take remote control of a digital device without the legitimate owner knowing – or doing – anything. All stored data, all activities and logs, all device features and functions are open to someone using what is known as zero click spyware technology.

That someone could be a criminal. That someone could be the government.

And that’s led one Canadian Member of Parliament to call for a study into the federal government’s of tech tools capable of extracting data from mobile phones, computers and tablets.

Trois-Rivières MP René Villemure said he was “stunned” to learn of the extent that Canadian government agencies use such tools, with reference to a recent Radio-Canada story that reported at least 13 federal departments and agencies have done so, and he wants to know more.

So, on January 29^th, 2024, the Standing Committee on Access to Information, Privacy and Ethics, of which Villemure is vice-chair, will start its study.

The Committee will look closely at the impact the use of data extraction tools and technologies has on privacy, perhaps of the more than 300,000 federal service employees or the population as a whole. Federal institutions are expected to carry out a privacy impact assessment (PIA) before they collect or handle personal information, and the study will also look at whether privacy rules or protocols were followed.

Villemure and the Information, Privacy and Ethics committee have looked into similar topics before, such as when it was revealed that the RCMP had been using data collection tools to capture text, audio and imagery from targeted devices.

Such tools may not be malicious spyware in the common sense of the term, but even specialized digital forensic software can be used improperly, for multiple purposes and by multiple actors. An array of new products from a burgeoning private surveillance industry has already created a “free-for-all environment for the spread of technology that is causing immediate and regular harm” according to a United Nations about spyware and its global ramifications.

And technology researchers at Citizen Lab in Toronto work to identify cyber threats worldwide, and data extraction tools like the Pegasus program, on which it has done groundbreaking reporting. Pegasus is but one of many data extraction tools available (and often marketed directly to governments around the world). Companies like FinFisher, with its FinSpy software, QuaDream, Cytrox, RCS Labs, Pegasus-makers NSO and more are developing a wide range of surveillance and data extraction technologies.

Villemure’s motion before the and the Information, Privacy and Ethics committee  asks “that the Committee undertake a study on the use of technological tools capable of extracting personal data from telephones and computers in investigative processes carried out by several departments and agencies of the federal government; that the Committee is interested, in particular, in the reasons which justify the use of this investigative material by the various government institutions and in the privacy impact assessment process.”

 

-30-