Documents obtained by the CBC suggest that a department within mobile phone company BlackBerry has been sharing user data with law enforcement agencies from multiple countries around the world. In addition, a series of comments by company insiders suggest that it has handed over device, account, and subscriber data, as well as metadata about messages when confronted with requests from law enforcement. In interviews, several insiders defended the company’s policies, suggesting that they were used for the legitimate purposes of stopping narcotics trafficking, money laundering, and other crimes. They also suggested that there were checks and procedures in place to govern the sharing of user data. BlackBerry does not publish information on the number of requests it receives from law enforcement on accessing user information.

Citizen Lab Postdoctoral Fellow Christopher Parsons reviewed the documents for the CBC, and explained that the company’s secrecy around these practices left open the possibility of privacy abuse. He argued that BlackBerry was enabling foreign police services to bypass the Mutual Legal Assistance Treaty, used to allow Canadian officials to first review requests from foreign police and determine if they are compliant with Canadian law.

“This is direct. This is a sidestepping of that entire process. This is BlackBerry being the one that makes that decision, as opposed to the Canadian government,” Parsons said. Parsons went on to contrast this with United States law, which prohibits companies like Apple and Google from accessing user communications for foreign police agencies.

Read the full CBC article.

In another interview with VICE Motherboard, Christopher Parsons was asked to comment on the discovery of court documents produced as part of a 2010 RCMP drug bust in Montreal. The documents shed light on the RCMP’s use of mobile device identifiers, also known as IMSI catchers. IMSI catchers induce nearby phones to connect and communicate information to them in the manner of cell towers, including the device’s unique ID, SIM card ID, and carrier. Some IMSI catchers are capable of intercepting text and phone calls. Though the technology is known to be commonly used in the US, the RCMP has remained guarded on its use of such technology. Testimony from peace officers indicates that since Project Clemenza, the RCMP’s IMSI catcher capabilities have increased, though the extent of this is unclear.

“The RCMP has received numerous requests from the public and journalists about their use of IMSI catchers, and they’ve routinely refused to produce those documents, or they’ve claimed they simply don’t exist,” said Christopher Parsons. “We know now that flatly isn’t the case. We know that there are a large number of documents, and they stretch across the RCMP.”

Testimony from RCMP officers included the suggestion that internal authorization to use IMSI catchers could come from a senior RCMP official even before a judge issues a general warrant. The RCMP has declined to confirm whether this is still the case since the operation. Parsons expressed concern with the lack of transparency surrounding the process, saying “We don’t even understand the authority under which these things are authorized, and that strikes me as a very serious problem. We have to understand the laws that affect us.”

Read the full VICE Motherboard article.