A parliamentary committee voted unanimously on Wednesday to investigate allegations that the government has used what some call “spyware” against federal employees.
The House of Commons ethics and privacy committee voted to hear the heads of several federal departments and Treasury Board head Anita Anand next month on the use of digital data recovery and investigative tools, as well as whether departments followed rules for doing a privacy impact review before implementing them.
Treasury Board is responsible for setting policies and procedures all government departments and employees have to follow.
The allegations stem from a November 30th report by Radio-Canada that “spyware normally associated with the intelligence world is being used by 13 federal departments and agencies.”
None of the departments did application privacy impact assessments on the tools as required by government policy, the news story says.
MP Mona Fortier, former Treasury Board president, who sits on the committee, said the government “is not here to spy on people and departments.”
“I know there are protocols and what I find concerning is that departments didn’t follow protocols” for doing application privacy assessments. Another Liberal MP denied the government uses “spyware.” But it does have digital tools for investigating allegations against government employees for fraud and other wrongdoing, she said.
Radio-Canada said the tools come from Cellebrite, an Israeli maker of tools for getting into mobile devices, and Waterloo, Ont.-based Magnet Forensics, which makes digital investigation solutions for governments and law enforcement agencies.
While several federal departments obtained some of the tools, Radio-Canada says it was told they are no longer used.
Speaking at the committee meeting in support of a study, Calgary Conservative MP Stephanie Kusie said she found the allegation the government could have captured texts, internet search histories, photos and more of federal public servants “very concerning.”
It amounts to a “normalization of surveillance,” she said. “It is terrifying.”
Kusie said she received no response when she asked Anand in writing to confirm the departments haven’t done privacy impact statements on the applications.
Liberals on the committee agreed to call witnesses on the allegations. But Hamilton MP Lisa Hepfner, parliamentary secretary to the Minister for Women and Gender Equality and Youth, denied the government uses “spyware” and urged opposition members to watch their “rhetoric.”
She described the applications as “specialized software for digital forensics” used for cyber incident response, and in internal investigations of civil servants when, for example, there is suspicion of fraud or workplace harassment.
“And it’s always done in accordance with internal protocols that govern the collection and storage of personal information to ensure its protection,” she said.
“I agree it’s concerning departments are not following the [policy for doing] privacy impact assessments. It’s a really important process and departments should be following that. Maybe the directive needs to be strengthened.”
But, she added, “spyware is not something that the Government of Canada uses. Spyware is illegal.” Nor, she said, does the government use malware or malicious code against employees.
The study will start Jan. 29, 2024. Also to be called as witnesses are Jennifer Carr, president of the Professional Institute of the Public Service of Canada, which represents more than 70,000 federal employees, and Chris Alyward, national president of the Public Service Alliance of Canada, which represents 230,000 federal staff.