April 10, 2017


TORONTO – The RCMP held a press conference on April 5 to publicly confirm it uses a particular technology, an IMSI catcher, to conduct cellphone surveillance in investigations.

This does not come as a surprise, as details have emerged via revelations in court cases in recent months of their use in investigations such as Project Clemenza, an organized crime investigation in Montreal. CCLA has been calling for transparency in relation to the use of this technology for the last year.

This first official admission after years of refusing to confirm or deny their use is an overdue but important step towards improved accountability.

People in Canada deserve to know when the law enforcement bodies they entrust with public safety are using a highly intrusive, indiscriminately targeted, surveillance technology. And IMSI catchers are clearly such a technology. Also known as Stingrays (the brand name of one such device) or Mobile Device Identifiers (MDIs), an IMSI catcher mimics a cell phone tower and tricks cell phones into directing signals through the surveillance device rather than an actual cell tower. An IMSI catcher can potentially capture the call activity of thousands of innocent bystanders while looking for a single suspect or small group of suspects.

What are the questions we would like answered? Canadians deserve to know not just what these invasive devices are being used for, but also whether the benefits to public safety are proportionate to the privacy intrusions they create. In other words, we would like to see evidence that such devices are effective, and that they are being used with appropriate safeguards, only in situations where no other less privacy-invasive investigative technique is available. To this end, public reporting of some basic statistics about IMSI-catcher use should be part of the electronic surveillance reporting requirements of police, and the legislation governing reporting requirements should be revised to require it.

We also should be talking about what happens to the data. If it is really necessary to hold all of the data of non-suspects as part of the evidentiary record in a criminal investigation, what specific protocols are in place to ensure all of the data collected about non-suspects is not accessed, and never used for secondary purposes? What happens to information collected that never leads to charges? Is it deleted?

While it’s good to know that police are seeking warrants prior to using IMSI catchers, we should be talking about the appropriate standards for such warrants. In a transmission data record warrant (TDRW), which the RCMP have said they use at the initial stage of deployment, the standard is “reasonable grounds to suspect” the investigation will lead to evidence of a crime. Is this the right standard for using this technology, or should a higher level, “reasonable grounds to believe” be the threshold when the data collection is going to be so sweeping?

More broadly, what are the privacy risks we as a society are willing to accept in the name of public safety? It’s not about whether any one individual whose data is caught up unknowingly in a surveillance operation has anything to hide. It’s about the standards we want to set, in a free and democratic society, for the use of privacy-invasive technologies, and the values we want to protect. It’s about making sure that our public safety bodies are accountable to the people. Now that we finally, officially know that such technology is in use, it’s time to have the much-needed conversations about benefits and risks, about accountability, and about appropriate levels of transparency.


Brenda McPhail, Director, Privacy, Technology and Surveillance Project
416-363-0321 X523