Privacy Impact Assessment – Real Time IDentification (RTID)

The RTID system is RCMP’s solution to address challenges in the legacy fingerprint identification and criminal record system by re-engineering and automating legacy processes.  Transforming the current paper-based infrastructure into a seamless paperless electronic system will allow RCMP’s Canadian Criminal Real Time Identification Services (CCRTIS) to complete work in only hours and days that previously took weeks and months. Preliminary service delivery targets for RTID are:

• Two hours for all criminal ten print searches: Ten print identifications are usually required when police undertake a criminal booking.  This identification used to take as long as ten weeks;
• 24 hours for all latent searches:  Latent fingerprints are fingerprints found at crime scenes.  A routine latent search used to take up to six weeks;
• 72 hours for all civil services: Fingerprint and criminal record checks are required for security clearances by members of the public applying for jobs, requesting permission to travel, and for immigration purposes.  Civil clearances used to take several months to complete; and
• 24 hours for all criminal record updates: Record updates include additions of charges, convictions and parole data to a subject’s criminal record file.

Although the RTID system is not yet fully re-engineered and automated, the service delivery targets for criminal ten print searches, latent searches and civil clearances are being met for most requests. Work continues on RTID to achieve the service delivery target for all criminal record updates.

Utilizing the RTID system, the RCMP maintains the national repository for criminal, refugee and RCMP employee fingerprints. RTID includes a new Automated Fingerprint Identification System (AFIS) and a new National Police Services National Institute of Standards and Technology (NPS-NIST) Server. The new AFIS provides a significant improvement in the speed and accuracy of fingerprint searches. The new NPS-NIST represents a standards based interface that has enabled multiple vendors to develop input devices such as Livescans and remote NIST servers that can be used by police agencies, government departments and civil clearance organization to interface with RTID. This standards based interface allows an openly competitive environment for vendor’s devices to become certified to the NPS-NIST interface.

The RTID system will enhance the ability of Canadian police services, government departments and international law enforcement agencies to meet their mandates for public safety, national security and economic prosperity. RTID is a significant contributor to providing Safe Homes and Safe Communities. RTID will also benefit Canadian citizens seeking security clearances in order to obtain employment or travel internationally.

RTID is a Protected “B” system that uses the Government of Canada approved Public Key Infrastructure (PKI) Entrust implementation.  The RCMP manages its own PKI infrastructure and Certificate Authority; and employs a stringent internal role based access control (RBAC) mechanism where users are only permitted to view data relevant to their role.  Personal information stored in RTID is only accessible by authorized individuals or systems as governed by employee agreements in the RCMP Act.  Only RCMP certified devices can be used to interface with RTID; and the specific installation and configuration of these certified devices at an agency site must be approved by the RCMP.  Additionally, each agency interfacing with RTID must sign a Memorandum Of Understanding (MOU), agreeing to specific terms and conditions related to maintaining the privacy of an individual’s information.  As well, the RCMP will audit agencies interfacing with RTID to ensure all the terms and conditions of the MOU are being followed.

Sections 10 and 11 of the Privacy Act require a government institution to include in Personal Information Banks (PIB) all information under the control of the government institution and to publish an index of all personal information banks within the institution.  This information is collected by virtue of PIB CMP PPU 030, PPU 065, PPE 810 and PPE 811.  The provisions of the Privacy Act pertaining to access, collection, accuracy, completeness, and amending incorrect data apply.  Any interfaces with clients will be subject to an MOU to ensure that any exchange of criminal information is in accordance with the Privacy Act.

Consent of the individual for the collection of fingerprint images is required on civil transactions only. The individual’s consent is provided via a separate consent form.  It is the responsibility of the agency collecting the fingerprints to do so in accordance with the MOU governing the submission of fingerprint transactions and applicable statutes.  Fingerprint images for civil transactions are not retained on RTID. Additionally, the result of the civil fingerprint and criminal record check is only provided to whomever the individual consents. Typically the result is returned to the individual or the organization with which the individual is seeking employment. The civil contributing agency does not receive the result unless the individual has provided consent. Vulnerable Sector screening results are returned to the originating police service and Privacy Act requests are returned directly to the applicant.

As per government legislation, the collection of criminal and refugee prints does not require consent.  Criminal and refugee prints are retained on RTID.  As well, individuals seeking employment with RCMP are required to sign a consent form indicating that their prints will be searched and retained.  Fingerprints are received, retained, used and destroyed from RTID based on the provisions in the applicable government legislation and policies documents such as:

• Canadian Charter of Rights and Freedoms;
• Privacy Act/Privacy Regulations;
• Personal Information Protection and Electronic Documents Act (Part II);
• Access to Information Act/Regulations;
• Library and Archives of Canada Act;
• Immigration and Refugee Protection Act/Regulations;
• Identification of Criminals Act;
• Criminal Code of Canada;
• Criminal Records Act;
• Order-in-Council P.C.1992-1354 – Fingerprinting, Palmprinting, and Photography Order, (dated 18 June 1992; reproduced in Appendix I);
• RCMP Act/Regulations;
• Canada Evidence Act;
• Youth Criminal Justice Act;
• DNA Identification Act;
• Treasury Board of Canada Secretariat Privacy Impact Assessment Policy;
• Treasury Board of Canada Secretariat Privacy and Data Protection Policy/Guidelines;
• Treasury Board of Canada Secretariat Access to Information Policy/Guidelines;
• Treasury Board of Canada Secretariat Government Security Policy/Guidelines;
• Treasury Board of Canada Secretariat Management of Government Information Policy;
• RCMP Administration Manual;
• Federal Solicitor General Ministerial Directive – Release of Criminal Record Information by the Royal Canadian Mounted Police – signed May 26, 1987: as found in RCMP Operations Manual, Appendix 1-3-1, Revised 1990.08.31 or reproduced in CPIC Reference Manual Appendix IV-1-A;
• RCMP Operational Manual; and,
• Canadian Police Information Centre (CPIC) Reference Manual.

RTID is a highly secure system with extensive security features and procedures. Any functionality released to production undergoes extensive testing to ensure any result generated by RTID adheres to the legislation and policies concerning fingerprint and criminal records data. Additionally, there are manual procedures and regular audits that ensure the information released for an individual is accurate and sent to only those recipients authorized to receive the information.

Although unlikely, it is possible that the hard copy result or one of its pages could be mailed to the wrong individual. This risk is being mitigated by using windowed envelopes to the greatest extent possible.  As well, the civil response will have the address printed directly on the first page of the hard copy for insertion into the windowed envelope and the RCMP uses procedures to ensure that the correct information is placed in the envelope with the civil response.

It is also unlikely but possible that a breach of privacy can occur through internal RTID users and internal Information Technology (IT) staff.  This risk is mitigated through several technical and procedural processes, and training.  All RTID activity is monitored through audit logs and other security mechanism.  RCMP’s Access to Information and Privacy (ATIP) provides lectures to inform all employees their obligations and responsibilities regarding both the Privacy Act and the Access to Information Act.  All employees of the RCMP sign an Oath of Office and Oath of Secrecy that speaks specifically to disclosure issues.  RCMP’s Departmental Security Branch (DSB) investigates any possible breaches of security, assesses the injury, takes appropriate action and if necessary defines additional processes or procedures to mitigate the risk of the breach occurring.

In conclusion, the privacy issues identified in this Summary Privacy Impact Assessment (PIA) can be resolved through the development and documentation of appropriate procedures and processes that ensures compliance with the Access to Information and the Privacy Acts.