Spyware normally associated with the intelligence world is being used by 13 federal departments and agencies, according to contracts obtained under access to information legislation and shared with Radio-Canada.

Radio-Canada has also learned those departments' use of the spyware did not undergo a privacy impact assessment as required by federal government directive.

The tools in question can be used to recover and analyze data found on computers, tablets and mobile phones, including information that has been encrypted and password-protected. This can include text messages, contacts, photos and travel history.

Certain software can also be used to access a user's cloud-based data, reveal their internet search history, deleted content and social media activity.

Radio-Canada has learned other departments have obtained some of these tools in the past, but say they no longer use them.

Evan Light, associate professor of communications at York University's Glendon campus in Toronto and an expert in privacy and surveillance technology, said he's shocked by the widespread use of such spyware within the federal government.

"It's worrisome and dangerous," said Light, who filed the original access to information request to find out more about how police agencies in Canada are using the technology.

"I thought I would just find the usual suspects using these devices, like police, whether it's the RCMP or [Canada Border Services Agency]. But it's being used by a bunch of bizarre departments," he said.

According to the documents Light shared with Radio-Canada, Shared Services Canada purchased the equipment and software for the end users from suppliers Cellebrite, Magnet Forensics and Grayshift. (The latter two companies merged earlier this year).

The companies say they have developed strict controls to ensure that their technologies are used in accordance with the law, according to their websites.

'Normalization' of surveillance A directive from the Treasury Board of Canada Secretariat (TBS) requires that all federal institutions carry out what it calls a privacy impact assessment (PIA) prior to any activity that involves the collection or handling of personal information, with the goal of identifying privacy risks and ways of mitigating or eliminating them.

According to the directive, which took effect in 2002 and was revised in 2010, federal departments must then provide a copy of their PIA to the TBS and the Office of the Privacy Commissioner.

Radio-Canada asked each of the federal institutions using the spyware if they had first conducted privacy impact assessments. According to their written responses, none did. The Department of Fisheries and Oceans said it intends to do so.

The fact that these assessments were never done "shows that it's just become normalized, that it's not a big deal to get into somebody's cell phone," said Light. "There's been a normalization of this really extreme capability of surveillance."

Some departments said a PIA wasn't necessary because they had already obtained judicial authorizations such as search warrants, which impose strict conditions on the seizure of electronic devices.

Others said they only use the material on government-owned devices — for example, in cases involving employees suspected of harassment.

Privacy 'not an abstract concept' Treasury Board President Anita Anand declined Radio-Canada's request for an interview.

According to her office, each federal institution is responsible for enforcing privacy laws and policies, but her office did not say what happens when these institutions fail to fulfil those obligations.

Privacy protection should be a key element "before adopting high-risk technological tools to collect personal information," the privacy commissioner wrote in an email to Radio-Canada.

Dufresne also reiterated that he wishes the federal government made PIAs "a binding legal obligation" under the Privacy Act.

Light said he's disappointed no one in the federal government seems accountable for the use of spyware that could have a "dramatic" impact on people's lives.

"We have a right to privacy. It's not an abstract concept," he said.

Considering my phone is still connected to the department of defense in england, I have to assume its the military that tapped my phone, turns out it could be anyone. Truth and justice in Canada are a joke. I dont get the weird cryptic emails anymore, so thats good, I guess.

Only more proof that America is/was the only bastion of free democracy.