Responses to Information Requests

​​​​​​​Responses to Information Requests (RIRs) are research reports on country conditions. They are requested by IRB decision-makers.

The database contains a seven-year archive of English and French RIRs. Earlier RIRs may be found on the European Country of Origin Information Network website.

RIR​s published by the IRB on its website may have attachments that are inaccessible due to technical constraints and may include translations of documents originally written in languages other than English or French. To obtain a copy of such attachments and/or translated version of the RIR attachments, please email us.​

Related Links

Disclaimer

Disclaimer

Responses to Information Requests (RIRs) cite publicly accessible information available at the time of publication and within time constraints. A list of references and additional sources consulted are included in each RIR. Sources cited are considered the most current information available as of the date of the RIR.            

RIRs are not, and do not purport to be, conclusive as to the merit of any particular claim for refugee protection. Rather, they are intended to support the refugee determination process. More information on the methodology used by the Research Directorate can be found here.          

The assessment and weight to be given to the information in the RIRs are the responsibility of independent IRB members (decision-makers) after considering the evidence and arguments presented by the parties.           

The information presented in RIRs solely reflects the views and perspectives of the sources cited and does not necessarily reflect the position of the IRB or the Government of Canada.          

1 August 2019

MEX106333.E

Mexico: Access to databases of personal information by police or a third party, including who has access; recent data breaches (2017-August 2019)

Research Directorate, Immigration and Refugee Board of Canada

1. Plataforma México
1.1 Overview

According to a 2008 presentation by the Secretariat of Public Security (Secretaría de Seguridad Pública, SSP) [1], Plataforma México is a telecommunications and information system, which [translation] "integrates all the databases related to public security" (Mexico Oct. 2008, 2). According to the website of San Luis Potosí's Executive Secretariat of the State Council for Public Security (Secretariado Ejecutivo del Consejo Estatal de Seguridad Pública), Plataforma México is a national network that houses forensic databases used by public security personnel, administered by the federal General Coordination of the Secretariat of Public Security (Coordinación General de Secretaría de Seguridad Pública) (San Luis Potosí n.d.). The same source states that the system is used in, [translation] "among other applications," "forensics, related to kidnapping, extortion, blackmail and fraud," as well as for "crime prevention and law enforcement, border areas, terrorist activities and migration" (San Luis Potosí n.d.).

According to the Libro Blanco del Programa Presupuestario R903 "Plataforma México", which includes a summary of the development and use of Plataforma México from December 2012 to September 2018 and was prepared by Mexico's National Security Commission (Comisionado Nacional de Seguridad, CNS), Plataforma México is the

[translation]

information tool of the Mexican State to support the performance of public security institutions in the country, which has linked the different public security systems of the three levels of government, promoting interoperability and information exchange.

It currently has a wide infrastructure of [t]elecommunications, [r]adio and [c]omputing, to which more than 900 units of the three levels of government are connected. There are more than 100 databases and more than 60 information systems. (Mexico Oct. 2018, 3)

According to the same source, the network includes over 793 million records (Mexico Oct. 2018, 4).

According to the US Department of State's Country Reports on Human Rights Practices for 2008, Plataforma México began to be implemented in April 2008 and "enhanced law enforcement information exchanges among police" (US 25 Feb. 2009). US Country Reports 2012 states that the "SSP continued to expand the Intranet-based communications and analytical platform, Plataforma M[é]xico, which was continually updated with information on police at all levels and was utilized for personnel evaluations and ongoing investigations" (US 19 Apr. 2013).

According to the 2008 SSP presentation, Plataforma México integrates the government of Mexico's network, 32 interconnection nodes of the state capitals and Federal District, 45 sub-interconnection nodes, connectivity to state networks, the Office of the Attorney General (Procuraduría General de Justicia, PGJ) network, SSP network of state and municipal offices, the state supreme court [high court] (Tribunal Superior de Justicia, TSJ) network, police academies network, and the penitentiary network (CERESOS [centros de reinserción social]) (Mexico Oct. 2008, 6). The website of San Luis Potosí's Executive Secretariat of the State Council for Public Security similarly indicates that the following institutions are included in the Plataforma México network:

[translation]

  • Public Security (Seguridad Pública) agencies and institutions in the three levels of government;
  • Federal and local offices of the Attorney General (PGJ);
  • Federal, state and municipal detention centers (Centros de Reclusión);
  • Certification, Accreditation and Monitoring Centers (Centros de Certificación, de Acreditación y Control de Confianza) or counterparts;
  • State Public Security Councils (Consejos Estatales de Seguridad Pública);
  • Academies and Institutes of Public Security and Law Enforcement (Academias e Institutos de Seguridad Pública y Procuración de Justicia);
  • Agencies and Institutions of the Federal Government (Gobierno Federal) that require permission to access the tools and/or applications of Plataforma México. (San Luis Potosí n.d.)

The same source also indicates that the network includes the following databases:

  • A database of Standardized Police Reports (Informe Policial Homologado, IPH), which are accounts [translation] "of a police action describing the time, method and manner in which an event occurred";
  • Automated Fingerprint Identification System (AFIS) (Sistema Automatizado de Identificación Dactilar);
  • Driver's License Registration (Registro de Licencias de Conducir);
  • National Register of Arms and Equipment (Registro Nacional de Armamento y Equipo);
  • National Registry of Penitentiary Information (Registro Nacional de Información Penitenciaria, RNIP);
  • Automated Voice Identification System (AVIS) (Sistema Automatizado de Identificación de Voz);
  • National Registry of Public Security Personnel (Registro Nacional de Personal de Seguridad Pública);
  • A database of stolen and recovered vehicles (Vehículos Robados y Recuperados);
  • DNA database (San Luis Potosí n.d.).

According to the 2008 SSP presentation, Plataforma México is able to identify information provided in police reports and position it on a map, which can then be used to generate statistics and intelligence for law enforcement (Mexico Oct. 2008, 9).

Sources indicate that investment in Plataforma México decreased under the Enrique Peña Nieto administration [2012-2018] (Vanguardia for El Universal 7 Dec. 2018; Reporte Indigo 23 Nov. 2015), but that the Andrés Manuel López Obrador administration seeks to revive the network (Vanguardia for El Universal 7 Dec. 2018; Capital 7 Dec. 2018). Further information could not be found among the sources consulted by the Research Directorate within the time constraints of this Response.

1.2 Access

According to the CNS Libro Blanco on Plataforma México, as of the end of September 2018, there were 13,254 registered active users on the Plataforma México system, including 5,206 at the federal level, 4,723 at the state level, and 3,325 at the municipal level (Mexico Oct. 2018, 66). Further information on access to the Plataforma México system, including illegal or unauthorized access by third parties, could not be found among the sources consulted by the Research Directorate within the time constraints of this Response.

2. Other Access to Information by Government

According to guidelines on collaboration regarding matters of public security and justice by the Federal Telecommunications Institute (Instituto Federal de Telecomunicaciones), user data stored by telecommunications companies includes the name and address of the registered user, source and destination numbers, and the type, duration, date and time of the communication (Mexico 2015, Art. 14). According to a report on collaboration between security and justice authorities and telecommunication companies in Mexico, prepared by the Network in Defense of Digital Rights (Red en Defensa de los Derechos Digitales, R3D), a Mexican non-profit organization that promotes digital rights, information obtained in an access to information request showed that, between 2016 and 2017, telecommunication companies received approximately 146,000 requests for user data, including localization data, of which 46,110 requests were submitted by unauthorized or unidentified entities; of these, 40,839 requests were granted (R3D 2018, 3, 13).

According to sources, the cellphones of journalists in Mexico have been targeted by Pegasus spyware provided by Israel-based cyber intelligence company NSO Group (Citizen Lab 27 Nov. 2018; The Times of Israel 28 Nov. 2018), which allows operators to access private messages, as well as the phone's camera and microphone (Citizen Lab 27 Nov. 2018). The same sources report that the Mexican government uses (The Times of Israel 28 Nov. 2018) or is "linked" to the Pegasus spyware (Citizen Lab 27 Nov. 2018). Further information could not be found among the sources consulted by the Research Directorate within the time constraints of this Response.

3. Security of Information

Information on data breaches was scarce among the sources consulted by the Research Directorate within the time constraints of this Response.

Sources report a data breach in April 2016 of over 93 million Mexican voter registration records that included names, addresses, birthdates (IBTimes 25 Apr. 2016a; Mexico News Daily 22 Apr. 2016), and national identification numbers (IBTimes 25 Apr. 2016a). According to an April 2016 article by the International Business Times (IBTimes), a digital global news publication with headquarters in New York and London (IBTimes n.d.), Mexican authorities had not publicly identified the "suspected culprit" (IBTimes 25 Apr. 2016b). Further information could not be found among the sources consulted by the Research Directorate within the time constraints of this Response.

This Response was prepared after researching publicly accessible information currently available to the Research Directorate within time constraints. This Response is not, and does not purport to be, conclusive as to the merit of any particular claim for refugee protection. Please find below the list of sources consulted in researching this Information Request.

Note

[1] The Secretariat of Public Security (Secretaría de Seguridad Pública, SSP) was replaced in 2012 by the National Security Commission (Comisionado Nacional de Seguridad, CNS), which fell under the Secretaría de Gobernación (SEGOB) (Animal Político 14 Dec. 2012). On 30 November 2018, the Secretariat of Citizen Security and Protection (Secretaría de Seguridad y Protección Ciudadana) was created (Mexico 2018, Art. 26), which replaces the CNS (La Jornada 7 Jan. 2019).

References

Animal Político. 14 December 2012. "Así quedó la Ley Orgánica de la Administración Pública Federal." [Accessed 30 July 2019]

Capital. 7 December 2018. Noemi Gutiérrez. "Gobierno federal actualizará la 'Plataforma México'." [Accessed 9 July 2019]

Citizen Lab. 27 November 2018. John Scott-Railton, et al. "Reckless VI: Mexican Journalists Investigating Cartels Targeted with NSO Spyware Following Assassination of Colleague." [Accessed 25 July 2019]

International Business Times (IBTimes). 25 April 2016a. Jason Murdock. "Mexican Voter Database Containing 93.4 Million Records Leaks Online." [Accessed 12 July 2019]

International Business Times (IBTimes). 25 April 2016b. Jason Murdock. "Mexico Election Hack: Political Party Behind Leak of 93.4 Million Voter Records?" [Accessed 12 July 2019]

International Business Times (IBTimes). N.d. "About Us." [Accessed 29 July 2019]

La Jornada. 7 January 2019. Dennis A. García. "Comisión Nacional de Seguridad Adeuda 10 mil mdp de Viáticos." [Accessed 31 July 2019]

Mexico. October 2018. Secretaría de Gobernación (SEGOB), Comisionado Nacional de Seguridad (CNS). Libro Blanco del Programa Presupuestario R903 "Plataforma México". [Accessed 19 July 2019]

Mexico. 2018. Decreto por el que se reforman, adicionan y derogan diversas disposiciones de la Ley Orgánica de la Administración Pública Federal. [Accessed 26 July 2019]

Mexico. 2015. Acuerdo Mediante el Cual el Pleno del Instituto Federal de Telecomunicaciones Expide los Lineamientos de Colaboración en Materia de Seguridad y Justicia y Modifica el Plan Técnico Fundamental de Numeración, Publicado en el Diario Oficial de la Federación el 21 de Junio de 1996. Diario Oficial de la Federación. [Accessed 25 July 2019]

Mexico. October 2008. Secretaría de Seguridad Pública (SSP). "Plataforma México: Sistema de interconexión para la generación de inteligencia operativa." [Accessed 9 July 2019]

Mexico News Daily. 22 April 2016. "Massive Data Breach Reveals Voter Info." [Accessed 11 July 2019]

Red en Defensa de los Derechos Digitales (R3D). 2018. ¿Quién No Defiende Tus Datos? [Accessed 11 July 2019]

Reporte Indigo. 23 November 2015. Julio Ramírez. "Plataforma México en 'Off'." [Accessed 12 July 2019]

San Luis Potosí. N.d. Secretariado Ejecutivo del Consejo Estatal de Seguridad Pública. "Plataforma México." [Accessed 9 July 2019]

The Times of Israel. 28 November 2018. "Israeli Spyware Said Used by Mexican Government to Target Dissident Journalists." [Accessed 25 July 2019]

United States (US). 19 April 2013. Department of State. "Mexico." Country Reports on Human Rights Practices for 2012. [Accessed 19 July 2019]

United States (US). 25 February 2009. Department of State. "Mexico." Country Reports on Human Rights Practices for 2008. [Accessed 22 July 2019]

Vanguardia for El Universal. 7 December 2018. "Busca AMLO 'revivir' a la Plataforma México; tiene 'secretos' del crimen." [Accessed 12 July 2019]

Additional Sources Consulted

Oral sources: Academic who conducts research on cartels in Mexico; academics who conduct research on security issues in Mexico; law office in Mexico City that practices in the field of privacy law; Mexico – embassy in Ottawa, Federal Police; US – Department of State, Drug Enforcement Administration.

Internet sites, including: Al Jazeera; Amnesty International; Committee to Protect Journalists; Council on Foreign Relations; El Universal; Factiva; Freedom House; The Guardian; Human Rights Watch; Milenio; The New York Times; Organisation for Economic Co-operation and Development; Organization of American States; Privacy International; Proceso; Redalyc; Time; UN – Office on Drugs and Crime; The Washington Post.

​​
​​

​​​