The complainant alleged that the Canada Border Services Agency (CBSA) had improperly withheld information under subsection 16(2) (facilitating the commission of an offence) of the Access to Information Act in response to an access request. The request was for the complete source code for the ArriveCAN application. The allegation falls under paragraph 30(1)(a) of the Act.

CBSA provided evidence to demonstrate that disclosure of the source code could be used by malicious actors to either hack the application, pose as the ArriveCAN application in the App Store/Google Play Store or to expose a security vulnerability which would place the personal information of individuals at risk.

CBSA also provided evidence that it considered relevant factors such as the public interest in disclosure, the sensitive nature of the information collected by the application and the purpose of the Act when exercising its discretion pursuant to subsection 16(2).

The complaint is not well founded.