Canada - Octopus Cybercrime Community

Back Canada

Status regarding Budapest Convention

Status : Party See legal profile

Cybercrime policies/strategies

The National Cyber Security Strategy: Canada's Vision for Security and Prosperity in the Digital Age was published by the Canadian government in 2018. Cyber security is understood in the sense of: the protection of digital information and the infrastructure on which it resides. The vision of a secure cyber space, as presented through the cyber security strategy, is focused on three themes: Security and Resilience; Cyber Innovation; Leadership and Collaboration.

The Canadian NCSS is based on the findings of a 2016 launched Cyber Review that received responses from a variety of stakeholders: federal government cyber community, cyber security experts, business leaders, government officials, law enforcement, academics, and engaged citizens. The Cyber Review revealed three main trends:

There is support for law enforcement's efforts to address cybercrime while protecting privacy in cyberspace: Canadians acknowledge that law enforcement faces challenges addressing cybercrime, and are concerned by the rising threat of cybercrime for individuals, private and public sector organizations, and governments.
There is a wide ranging need for improved cyber security knowledge and skills;
There are calls for strong federal leadership on cyber security.

The strategic context acknowledges the importance of Cybercrime and Advanced Cyber Threats. The Government of Canada proposes several measures it would take to efficiently combat cybercrime, including: collaborative action with partners and enhanced cyber security capabilities; enhance law enforcement capacity to respond to cybercrime - support coordination across law enforcement agencies and with federal, provincial, territorial, and international partners; enhance cybercrime investigative capacity and make it easier for Canadians to report cybercrime.

The National Cyber Security Strategy: Canada's Vision for Security and Prosperity in the Digital Age also announced the creation of a National Cybercrime Coordination Unit “to expand the RCMP’s capacity to investigate cybercrime”.

The Royal Canadian Mounted Police Cybercrime Strategy presented in 2015 for the period 2015 – 2020 (and beyond) pursues the vision of reducing the threat, impact and victimization of cybercrime in Canada. It clearly defines cybercrime as falling into two categories:

“technology-as-target - criminal offences targeting computers and other information technologies, such as those involving the unauthorized use of computers or mischief in relation to data, and;
technology-as-instrument - criminal offences where the Internet and information technologies are instrumental in the commission of a crime, such as those involving fraud, identity theft, intellectual property infringements, money laundering, drug trafficking, human trafficking, organized crime or terrorist activities, child sexual exploitation or cyber bullying.”

The 10 specific actions proposed by the strategy are the following:

Action Item #1: Create a new investigative team dedicated to combat cybercrime (dedicated investigative capacity to address cybercrime)

Action Item #2: Establish a governance structure for cybercrime priorities and operations. (The RCMP's cybercrime governance structure will fall under RCMP Federal Policing Criminal Operations. Other oversight mechanisms will be in place for the RCMP's specialized services that support)

Action Item #3: Create a dedicated intelligence unit to identify new and emerging cybercrime threats. (RCMP will establish a dedicated cybercrime intelligence unit within the RCMP National Intelligence Coordination Centre (NICC)

Action Item #4: Improve digital evidence capabilities for cybercrime investigations.

Action Item #5: Expand cybercrime investigative training opportunities for Canadian law enforcement (RCMP will develop and implement new courses on digital and mobile device analysis, and Internet-based open source and online covert investigative technique delivered through Canadian Police College, Technological Crime Learning Institute (TCLI).

Action Item #6: Examine ways to more effectively recruit cybercrime investigators and other individuals with technical skills to combat cybercrime.

Action Item #7: Strengthen public-private partnerships and other liaison efforts in combating cybercrime.

Action Item #8: Examine ways to enhance the Canadian Anti-Fraud Centre (CAFC) as a trusted data and intelligence source on financially-motivated cybercrimes.

Action Item #9: Examine ways to improve the collection and analysis of suspicious cybercrime incidents involving Canada's critical infrastructure and other vital cyber systems. (CMP will examine ways to improve its collection and analysis of suspicious cybercrime incidents involving Canada's critical infrastructure and other vital cyber systems. This initiative will consider the RCMP National Critical Infrastructure Team (NCIT) and its analysis of cybercrime threats to critical infrastructure and other vital cyber systems)

Action Item #10: Improve the intake and triage of reported cybercrime incidents. (RCMP will also examine its international networks involving reported cybercrime incidents and foreign requests for law enforcement assistance, including INTERPOL, G7 and the Council of Europe's Convention on Cybercrime 24/7 networks)

Action Item #11: Examine integrated enforcement models for combating cybercrime. (An emphasis will be placed on examining national law enforcement coordination and deconfliction measures for technically complex and multi-jurisdictional cybercrimes)

Action Item #12: Expand international collaboration with close allies to better understand and combat cybercrimes that are transnational in character. (Bolster its international role in combating cybercrime, such as playing more active and leadership roles in shared international threat assessments and prioritization activities against cybercrime. This work may include international law enforcement activities involving the RCMP, such as: the Five Eyes Law Enforcement Group, Cyber Crime Working Group; the Europol's Cyber Crime Centre, Joint Cybercrime Taskforce; the G7 Roma Lyon Group, High-Tech Crime Subgroup; the NCFTA International Task Force; and the INTERPOL Global Complex for Innovation.)

Action Item #13: Examine ways to further inform Canadians and industry of emerging cybercrime threats.

Action Item #14: Continue to support the modernization of Canada's legal and policy tools to keep pace with technological change.

Action Item #15: Continue to work with the broader Canadian law enforcement community to devise a 'national' picture of - and response to - cybercrime.

(Source: The Royal Canadian Mounted Police Cybercrime Strategy)

Cybercrime legislation

State of cybercrime legislation

Canada's anti-spam legislation (CASL) came into effect July 1, 2014.

Both substantive and procedural criminal law framework of Canada, as amended by Protecting Canadians from Online Crime Act 2015 (intended to fully implement the Budapest Convention on Cybercrime), is fully in line with the Convention requirements.

Substantive law

Criminal Code (1985) – includes provisions on privacy (Part VI, Section 183); communications interception (Part VI, Section 184); handling data stored on computer devices; computer and payment card data offences; child pornography offences; and harassment.

PART VI deals with Invasion of Privacy provides relevant definitions related to interception of communication

Part IX, Offences against Rights of Property, Offences resembling theft contains Section 342 Possession of device to obtain unauthorized use of computer system or to commit mischief, dealing thus with theft, forgery of credit cards and unauthorized use of computer, namely:

342.1 without lawful excuse, makes, possesses, sells, offers for sale, imports, obtains for use, distributes or makes available a device that is designed or adapted primarily to commit an offence under section 342.1 or 430, knowing that the device has been used or is intended to be used to commit such an offence

342.2 forfeiture

402: Identity theft

403: Identity fraud

Section 430 (1.1) Mischief in relation to computer data: Everyone commits mischief who wilfully

(a) destroys or alters computer data;

(b) renders computer data meaningless, useless or ineffective;

(c) obstructs, interrupts or interferes with the lawful use of computer data; or

(d) obstructs, interrupts or interferes with a person in the lawful use of computer data or denies access to computer data to a person who is entitled to access to it.

The Protecting Canadians from Online Crime Act amends the Criminal Code and introduces:

a new offence of non-consensual distribution of intimate images as well as complementary amendments to authorize the removal of such images from the Internet and the recovery of expenses incurred to obtain the removal of such images, the forfeiture of property used in the commission of the offence, a recognizance order to be issued to prevent the distribution of such images and the restriction of the use of a computer or the Internet by a convicted offender;

Procedural law

In terms of procedural powers, the Protecting Canadians from Online Crime Act amends the Criminal Code on procedural powers to introduce:

(b) the power to make preservation demands and orders to compel the preservation of electronic evidence; (corresp. Art. 16 BC)
(c) new production orders to compel the production of data relating to the transmission of communications and the location of transactions, individuals or things; (corresp. Art. 18 BC)
(d) a warrant that will extend the current investigative power for data associated with telephones to transmission data relating to all means of telecommunications;
(e) warrants that will enable the tracking of transactions, individuals and things and that are subject to legal thresholds appropriate to the interests at stake; and
(f) a streamlined process of obtaining warrants and orders related to an authorization to intercept private communications by ensuring that those warrants and orders can be issued by a judge who issues the authorization and by specifying that all documents relating to a request for a related warrant or order are automatically subject to the same rules respecting confidentiality as the request for authorization. (corresp. Art. 21 BC)

Royal Canadian Mounted Police Act (1985) includes provisions on searching of computers and digital evidence handling.

Evidence Act (2010) includes provisions on electronic documents, computer systems and search and seizure of evidence.

The RCMP is the only federal organization with the mandate and authority to investigate criminal offences related to cybercrime. Law enforcement activities extend from identifying and prioritizing cybercrime threats based on criminal intelligence, to investigating and disrupting cybercrime activities, to handling digital evidence in support of cybercrime investigations.

The RCMP takes an intelligence-led approach to policing.

Whether tactical, operational or strategic, criminal intelligence enables the RCMP and other Canadian police forces to set priorities and allocate resources based on the most significant criminal threats to Canada. This concept also applies to cybercrime, especially given its transnational dimension and the inherent need to identify patterns and relationships between cybercrime data and other relevant data sources from multiple jurisdictions.

The RCMP may investigate cybercrime in response to a complaint or proactively as a result of criminal intelligence.

At the federal level, the RCMP investigates serious and organized crime, economic crime, a range of national security threats, and enforces Federal statutes. These investigations may extend to federal offences involving suspected cybercrime activities, such as money laundering and terrorist financing, market fraud, threats to Canada's critical infrastructure, intellectual property infringements or drug trafficking. The RCMP works in concert with domestic and international law enforcement partners and other stakeholders to combat cybercrime threats that cross jurisdictional boundaries and require joint force operations.

International policing plays a pivotal role in the RCMP's response to cybercrime. Cybercrime is often transnational, where a perpetrator in one country can affect victims in many others. As evidence of criminal activity may easily flow across national borders in cyberspace, the RCMP must work with multilateral partners to obtain and analyze evidence, which is enabled by police-to-police information sharing and formal legal mechanisms. Given the borderless nature of cybercrime, the RCMP works closely with its domestic and international law enforcement partners, and other stakeholders in both public and private sectors, to address common cybercrime threats through various enforcement measures, leading to arrests and charges or other disruption outcomes.

Through contract policing services, the RCMP plays a significant role in addressing cybercrime in contracted provinces, territories and municipalities. Law enforcement activities in these jurisdictions extend to a range of criminal offences where the Internet and related technologies play an integral role, such as online child sexual exploitation, local and regional types of fraud, or various offences associated with cyber bullying.

(Source: The Royal Canadian Mounted Police Cybercrime Strategy

Safeguards

Horizontally applicable safeguards and guarantees apply. Procedural powers as foreseen under the Budapest Convention generally require judicial warrant or order.

Related laws and regulations

Personal Information Protection and Electronic Documents Act (2000) contains provisions on data protection and electronic documents

Secure Electronic Signature Regulations

Specialised institutions

The Royal Canadian Mounted Police (RCMP) Technical Investigation Services (TIS) provides technical digital forensic services in cyber investigations throughout Canada.

The RCMP Integrated Technological Crime Units (ITCUs) also provide technical support and digital evidence analysis, nationally and internationally.

The RCMP National Intelligence Coordination Centre (NICC) assists the fight against cybercrime through the collection, analysis and dissemination of cyber threat and criminal intelligence.

The Canadian Anti-Fraud Centre (CAFC) is Canada's trusted source for reporting and mitigating online mass marketing fraud. It is a partnership among the RCMP, Ontario Provincial Police (OPP) and the Competition Bureau.

The RCMP National Child Exploitation Coordination Centre (NCECC) works with law enforcement partners, government agencies, non-government organizations and industry stakeholders across Canada and internationally to combat the online sexual exploitation of children. The NCECC also works closely with the Canadian Centre for Child Protection, an organization that operates Canada's national tipline for reporting the online sexual exploitation of children.

International cooperation

Competent authorities and channels

MLA authority in the absence of other treaties (Art. 27)

International Assistance Group

Dept of Justice

284, Wellington Street

Ottawa, Ontario

Canada, K1A 0H8

Authority for extradition and provisional arrests in the absence of other treaties (Art. 24)

International Assistance Group

Dept of Justice

284, Wellington Street

Ottawa, Ontario

Canada, K1A 0H8

24/7 Point of contact (Art. 35)

Royal Canada Mounted Police

National Operations Centre (NOC)

Ottawa, ON

Practical guides, templates and best practices

Mutual Legal Assistance Requests to Canada framework is set by:

Requests Made under Treaties/Conventions or By Designated Entities

The types of court-ordered assistance available to Canada’s mutual legal assistance partners under the statute include:

search and seizure;
gathering physical or documentary materials;
compelling witnesses to give statements or testimony, including by video or audio link,
transferring sentenced persons to the requesting country, with their consent, to give evidence or to assist in an investigation;
lending court exhibits;
examining a place or site in Canada;
enforcing foreign restraint, seizure and forfeiture orders; and
enforcing criminal fines

Requests Made by Non-Treaty Countries/Letters Rogatory

This avenue of cooperation requires that two essential conditions be met:

The request must be made by a judge, court or tribunal in the requesting country (Letters Rogatory); and
The criminal matter for which the assistance is sought must be pending before the foreign judge, court or tribunal.

Jurisprudence/case law

R. v. Weir, 1998 8 WWR. 228 – allegation of privacy breaches, involving a defendant charged with possession of child pornography, whereby the defendant’s ISP reported and passed suspect material within his email box to the police.

R. v. Cuttell, 2009 ONCJ 471 – involves an allegation of privacy breaches by the defendant, whereby child pornography was obtained by the police from the defendant’s ISP without a warrant.

R. v. McNeice, 2010 BCSC 1544 – involved the defendant, accused of child pornography offences, attempting to quash the search warrant authorising the search of the accused’s home and computer.