Real Time IDentification (RTID)
The RTID system is the Royal Canadian Mounted Police's (RCMP) solution to address challenges in the legacy fingerprint identification and criminal record system by re-engineering and automating legacy processes. Transforming the remaining paper-based infrastructure into a seamless paperless electronic system will allow the RCMP's Canadian Criminal Real Time Identification Services (CCRTIS) to complete work in only hours and days that previously took weeks and months. Service delivery targets for RTID are:
-
Two hours for all criminal ten-print searches: Ten-print identifications are usually required when police undertake a criminal booking. This identification used to take as long as ten weeks.
-
24 hours for all latent searches: Latent fingerprints are fingerprints found at crime scenes. A routine latent search used to take up to six weeks.
-
3 business days for all civil services: Fingerprint and criminal record checks are required for security clearances by members of the public applying for jobs, requesting permission to travel, and for immigration purposes. Civil clearances used to take several months to complete.
The RTID system is now largely automated and service delivery targets for criminal ten-print searches, latent searches and civil clearances are being met for almost all requests. Work continues to achieve the service delivery targets for all criminal identity searches and criminal record updates. This includes work on the Criminal Justice Information Modernization (CJIM) project to implement the first phase of electronic disposition updates for criminal records.
The first phase of the CJIM project will see a pilot distribution of the CJIM Rich Web Client to select law enforcement agencies in early 2015. The web client will enable rapid, accurate and timely electronic updates of the court disposition (e.g., guilty, acquitted, etc.) to criminal charges previously filed against an individual. The initial phase will only apply to charges submitted electronically, with a service delivery target:
-
Two minutes for publishing criminal record updates: Once automation is turned on, the criminal record update for electronically submitted dispositions will be published to the Canadian Police Information Centre (CPIC) system within two minutes of reception. The CPIC system contains summary and detailed criminal records and is queried tens to hundreds of thousands of times daily by Canadian law enforcement agencies. Paper based disposition updates currently take weeks or months to complete.
The RCMP has long supported the accurate and timely identification of individuals claiming Asylum status on behalf of Citizenship and Immigration Canada (CIC) and the Canada Border Services Agency (CBSA). With the introduction of the Temporary Resident Biometrics (TRB) and Immigration Information Sharing (IIS), joint initiatives between the RCMP, CIC and the CBSA, this support will expand to manage the identity of foreign nationals from select Visa required countries.
The TRB project introduced searching and storing of Temporary Resident fingerprints from select countries. The IIS project will consolidate the processing of all immigration related fingerprints and introduce two new functions to support information sharing with the United States (US). The RCMP will create an ability for CIC to search Canadian Immigration fingerprints to respond to a query from the US immigration as to whether an individual in the US immigration process has had contact with Canadian immigration. Additionally, CIC will be able to extract fingerprints of immigration clients already enrolled in RTID and share them with the US for investigative purposes. Service delivery targets for RTID/TRB/IIS are:
-
Three business days for Immigration enrolments: Immigration enrolments search fingerprints collected during the immigration application process against the immigration and criminal fingerprint databanks, and save the fingerprints in the Immigration databank.
-
Three business days for searches from the US: Immigration fingerprints originating from the US will be searched and the response returned to CIC. If there is a positive match, CIC determines what information to share with the US, based on Canadian law and international treaties. Unlike Canadian immigration enrollments, US fingerprints will not be saved.
-
24 hours for Immigration amendments and purges: Amendments record biographic changes to an immigration enrolment and purges remove a specific enrolment or entire file, as requested by CIC.
-
24 hours for extracting Immigration fingerprints: CIC will make ad-hoc requests for copies of specific Immigration fingerprints held in an RTID databank to share with US immigration in support of immigration information sharing.
-
30 seconds for Immigration identity verifications: For foreign nationals from visa-required countries, CBSA may perform a verification confirming the identity of the individual entering Canada.
Utilizing the RTID system, the RCMP maintains the national repositories for criminal, immigration and RCMP employee fingerprints. RTID includes an Automated Fingerprint Identification System (AFIS), a Verification Subsystem, a National Police Services National Institute of Standards and Technology (NPS-NIST) Server (NNS) and works in tandem with the Criminal Justice Information Management server. The NNS manages RTID submissions and responses, the CJIM server manages criminal record updates, and the Verification Subsystem verifies a set of fingerprints collected at a Canadian border against the set obtained during the application process to confirm the individual's identity upon arrival in Canada.
The RTID system will continue to enhance the ability of Canadian law enforcement, government departments and international law enforcement agencies to meet their mandates for public safety, national security and economic prosperity. RTID is a significant contributor to providing Safe Homes and Safe Communities. RTID will also benefit Canadian citizens requiring a Criminal Record check to support their application for a security clearance in order to obtain employment or travel internationally.
RTID is a Protected "B" system that uses the Government of Canada approved Public Key Infrastructure (PKI) implementation. The RCMP manages its own PKI infrastructure and Certificate Authority; and employs a stringent internal Role Based Access Control (RBAC) mechanism where users are only permitted to view data relevant to their role. Communications with external agencies employ the appropriate level of protection, through message encryption and other techniques. Personal information stored in RTID is only accessible by authorized individuals or systems as governed by employee agreements in the RCMP Act. Only RCMP certified devices can be used to interface with RTID; and the specific installation and configuration of these certified devices at an agency site must be approved by the RCMP. Additionally, each agency interfacing with RTID must sign a Memorandum of Understanding (MOU), agreeing to follow all applicable Federal, Provincial and Municipal privacy laws and policies with respect to maintaining the privacy of an individual's information. Additionally, the MOU provides the RCMP the option to audit agencies to ensure all the terms and conditions of the MOU are being followed.
Sections 10 and 11 of the Privacy Act require a government institution to include in Personal Information Banks (PIB) all information under the control of the government institution and to publish an index of all PIBs within the institution. This information is collected by virtue of PIB RCMP PPU 030, PPU 065, PPE 810 and PPE 811. The provisions of the Privacy Act pertaining to access, collection, accuracy, completeness, and amending incorrect data apply. Any interfaces with external clients will be subject to an MOU to ensure that any exchange of criminal or immigration information is in accordance with the Privacy Act.
Consent of the individual for the collection of fingerprint images is required on civil transactions only. The individual's consent is provided with a separate consent form. It is the responsibility of the agency collecting the fingerprints to do so in accordance with the MOU governing the submission of fingerprint transactions and applicable statutes. Fingerprint images for civil transactions are not retained on RTID. The result of the civil fingerprint and criminal record check is only provided to whomever the individual consents. Typically the result is returned to the individual or the organization with which the individual is seeking employment. The civil contributing agency does not receive the result unless the individual has provided consent. Vulnerable Sector screening results are returned to the originating police service and Privacy Act requests are returned directly to the applicant.
Fingerprints for criminal and immigration purposes are collected under the authority of Canadian legislation. Individuals seeking employment with the RCMP are required to sign a consent form indicating that their prints will be searched and retained. Fingerprints are received, retained, used and destroyed from RTID based on the provisions in the applicable government legislation and policies documents such as:
-
Canadian Charter of Rights and Freedoms;
-
Privacy Act / Privacy Regulations;
-
Personal Information Protection and Electronic Documents Act (Part II);
-
Access to Information Act / Regulations;
-
Library and Archives of Canada Act;
-
Immigration and Refugee Protection Act / Regulations;
-
Identification of Criminals Act;
-
Criminal Code of Canada;
-
Criminal Records Act;
-
RCMP Act / Regulations;
-
Canada Evidence Act;
-
Youth Criminal Justice Act;
-
DNA Identification Act;
-
Treasury Board of Canada Secretariat Directive on Privacy Impact Assessments;
-
Treasury Board of Canada Secretariat Policy on Privacy Protection;
-
Treasury Board of Canada Secretariat Access to Information Policy / Guidelines;
-
Treasury Board of Canada Secretariat Government Security Policy / Guidelines;
-
Treasury Board of Canada Secretariat Policy on Information Management;
-
RCMP Administration Manual;
-
Ministerial Directive, Minister of Public Safety – Release of Criminal Record Information by the Royal Canadian Mounted Police;
-
RCMP Operational Manual; or
-
CPIC Policy Manual.
RTID is a highly secure system with extensive security features and procedures. Any functionality released to production undergoes extensive testing to ensure that any result generated by RTID adheres to the legislation and policies concerning fingerprint, biographic, immigration and criminal record data. There are also manual procedures and regular audits that ensure the information released for an individual is accurate and sent to only those recipients authorized to receive the information.
Although unlikely, it is possible that the hard copy result or one of its pages could be mailed to the wrong individual. This risk is being mitigated by using windowed envelopes to the greatest extent possible. As well, the civil response will have the address printed directly on the first page of the hard copy for insertion into the windowed envelope and the RCMP uses procedures to ensure that the correct information is placed in the envelope with the civil response.
Although unlikely, it is possible that when requesting fingerprints of an immigration file, CIC erroneously requests the fingerprints of an individual whose identity it is not authorized to share with the US. Biographic and file information is provided in response to CIC's request to mitigate this risk. CIC validates this to assure that the fingerprints requested are those of the correct individual before sharing them with the US.
CIC's policy for individuals awarded Canadian Citizenship is to request a purge of their identity information held on CIC's behalf by the RCMP. There is an extremely low possibility that the individual's identity could be released to a law enforcement agency in the period between the RCMP receiving CIC's purge request and executing the removal of the individual's identity from the databank. This risk is mitigated by purging the prints promptly.
The retention period of immigration identity information is determined by CIC policy. The risk of the RCMP retaining information beyond the required period is very low but possible. Although the RCMP takes all precautions to ensure that Immigration information is kept in the RTID databanks as per CIC's instructions, it is possible that enrolment, amendment or purge instructions are not executed properly due to system outages, defects or invalid submissions. The risk is mitigated through consistent RTID system monitoring to ensure that failures are detected and manually corrected, if possible. CIC is electronically notified of the outcome of their submissions or, in the rare case of processing issues, by RCMP staff, if required.
It is also unlikely, but possible, that a breach of privacy can occur through internal RTID users and internal Information Technology staff. This risk is mitigated through several technical and procedural processes and training. All RTID activity is monitored through audit logs and other security mechanisms. RCMP's Access to Information and Privacy (ATIP) provides lectures to inform all employees of their obligations and responsibilities regarding both the Privacy Act and the Access to Information Act.
All employees of the RCMP sign an Oath of Office and Oath of Secrecy that speaks specifically to disclosure issues. Employees are reminded of their responsibilities regarding security and safeguarding information as part of their annual performance evaluation and acknowledge these responsibilities with their supervisors. RCMP's Departmental Security Branch (DSB) investigates any possible breaches of security, assesses the injury, takes appropriate action and, if necessary, defines additional processes or procedures to mitigate the risk of the breach occurring.
In submitting criminal record updates, it is possible, but not likely, that the external contributor may input incorrect information that does pass validation and business rule verification, but is nonetheless incorrect and results in a Criminal Record with erroneous information. Note that this is not a new risk; it exists with the current paper process. To minimize this, charge disposition data is entered in a highly structured manner. The disposition reporting service contains predefined standard charge and disposition descriptions, and all dispositions submitted must pass a very extensive and thorough set of validation and business rules before updating a criminal record. Any exceptions to the standard workflow are reviewed by experienced RCMP criminal record experts before being allowed to update the criminal record. Additionally, the final step of the process presents the updated Criminal Record text to the contributor and they must approve it before it can be published to CPIC.
It is also extremely unlikely but possible that an individual could be erroneously identified to subjects on file (false match). This risk is being mitigated by configuring the AFIS, which provides automated fingerprint matching, with very conservative match thresholds to ensure that the system renders accurate responses. When the system cannot automatically confirm a positive or negative match, a fingerprint expert will manually confirm the match.
Fingerprints are received, retained, used and destroyed from RTID based on the provisions in the applicable government legislation and policy documents set forth in this document.
In conclusion, the privacy issues identified in this Summary Privacy Impact Assessment can be resolved through the development and documentation of appropriate procedures and processes that ensure compliance with the Access to Information and the Privacy Acts.
- Date modified: