The RCMP has admitted to using spyware and other questionable methods to hack into phones and other electronic devices.
Malware and other hacking methods were only used in extreme circumstances when other options proved ineffective, the national policing force affirms.
According to the RCMP, it used these methods in 10 investigations between 2018 and 2020.
“This is a kind of capability that they have done everything possible to keep incredibly quiet,” senior researcher at the University of Toronto’s Citizen Lab Christopher Parsons told Politico.
“This is a remarkable finding and, for the first time, publicly reveals that the RCMP is using spyware to infiltrate mobile devices, as well as the broad capabilities of their spyware.”
The federal force cited the proliferation of encrypted communication methods as a reason for employing the tactics.
Revelations about the RCMP’s secretive methods came in a recent House of Commons filing, which detailed how “on-device investigative tools” helped the RCMP in investigations.
Among those are viruses “installed on a targeted computing device that enables the collection of electronic evidence.”
Malware capabilities include sweeping text message data, emails, photos, videos and other files as well as financial information.
The RCMP could also tap into “audio recordings of private communications and other sounds within range of the targeted device.” The malware also gave the federal police access to “photographic images of persons, places and activities viewable by the camera(s) built into the targeted device.”
“In less than a generation, a high number of Canadians migrated their daily communications from a small number of large telecommunication service providers, all of which provided limited and centrally controlled services to customers, to countless organizations in Canada and elsewhere that provide a myriad of digital services to customers,” wrote the disclosure.
“That decentralization, combined with the widespread use of end-to-end encrypted voice and text-based messaging services, make it exponentially more difficult for the RCMP to conduct court-authorized electronic surveillance.”
The RCMP also admitted that the federal privacy commissioner was not notified before the program was initiated in 2016.