Several days ago, the U.K. Guardian and Washington Post newspapers reported on U.S. surveillance programs involving the massive intercept of electronic and voice communication data. The most notable of these, called “PRISM”, is described by the Guardian as allowing U.S. intelligence officials (and specifically the National Security Agency or NSA) “to collect material including search history, the content of e-mails, file transfers and live chats”. The focus is on foreign communications that take place outside of the U.S. but transit through the systems of U.S. internet firms. Meanwhile, the same report noted that U.S. intelligence services may be compelling at least one large telecommunications firm to “turn over the telephone records of millions of U.S. customers,” pursuant to a warrant issued by a special U.S. national security court.
These revelations have fuelled speculation about whether similar surveillance programs exist in Canada. Since by definition, such programs are secret, it is not possible to answer this question. It is, however, worth understanding the legal landscape in which national security surveillance operates in Canada, focusing specifically on Communications Security Establishment Canada (CSEC). CSEC is Canada’s equivalent to the National Security Agency, and performs similar functions.
What Does CSEC Do?
By law, CSEC mandate includes: acquiring and using “information from the global information infrastructure for the purpose of providing foreign intelligence” and providing “technical and operational assistance to federal law enforcement and security agencies in the performance of their lawful duties.” In other words, it spies.
When and on Whom Can CSEC Spy?
CSEC can spy on foreigners and on Canadians, but the rules that apply to each of these scenarios are radically different.
Spying as part of collecting foreign intelligence:
First, under its mandate, CSEC can collect “foreign intelligence”. Much (probably most) of this foreign intelligence is just that: foreign. There is no Canadian person or person in Canada involved in the communication being intercepted. With this kind of communication, there are no legally prescribed authorizations that must be obtained prior to intercept.
Still, in a world whose telecommunications systems are webbed together, even “foreign intelligence” may have a Canadian nexus – for instance, it may be that a telephone call sent to or originating in Canada might be intercepted. Or the communication of a Canadian located overseas might be captured. Meanwhile, CSEC’s rules insist that its foreign intelligence activities “not be directed at Canadians or any person in Canada; and ... shall be subject to measures to protect the privacy of Canadian in the use and retention of intercepted information.” Squaring this expectation with the reality of webbed communication can be tricky.
For this reason, special authorization is obtained where CSEC’s foreign intelligence activities might capture communications with a Canadian nexus: a “ministerial authorization” must be issued by the Minister of National Defence. And this authorization can only be made where the minister is satisfied, among other things, that the interception is directed at foreign entities outside of Canada and privacy protecting measures are in place in the event that Canadian communications are captured.
In practice, ministerial authorizations have been issued on a “just in case” basis – that is, because one can never be sure that the communications intercepted will lack a Canadian nexus, authorizations are sought regularly to make sure CSEC remains on-side the law. As described by the commissioner charged with review of CSEC in his most recent annual report, ministerial authorizations “relate to an ‘activity’ or ‘class of activities’ specified in the authorizations ... the authorizations do not relate to a specific individual or subject (the whom or the what). (The CSEC commissioner is historically a former senior judge who operates at arm’s length from CSEC in reviewing the agency’s conduct.)
As of last year, there were six authorizations in place.
Spying as a technological appendage to CSIS or the RCMP: