When Canadian intelligence analysts launched a program to warehouse telecommunications data, the top spymaster of his time reassured his minister in a memo that judges would be told about it “at an appropriate juncture.”
Over the next decade, that juncture never materialized. This omission set the stage for a scathing court ruling last fall that shook the credibility of the Canadian Security Intelligence Service.
The 2006 CSIS memo recently acquired by The Globe and Mail under access to information laws raises questions about whether Canada’s spy service is revealing enough about its intelligence operations to its political bosses and the judges who oversee its wiretap warrants.
This correspondence was the first notification to a cabinet minister that CSIS had created a program called the Operational Data Analysis Centre (ODAC), in which the spy agency, once famous for destroying its data, would stockpile it instead for future use.
“I am satisfied that this measure is consistent with the wording of the CSIS Act, the Ministerial direction under which we operate,” read the memo. It also suggested the 14 Federal Court judges who authorize CSIS surveillance would likely find it compliant with the law.
But the judges disagreed. In the ruling last fall, they said they found out about ODAC by a fluke 10 years after it launched. Finding aspects of the centre illegal, they lambasted the spy service in a written ruling for failing to be candid with them.
In the aftermath, CSIS director Michel Coulombe apologized for the omissions and released a list of occasions on which the agency mentioned ODAC to cabinet ministers and intelligence watchdogs.
Yet some of the communications mentioned by Mr. Coulombe, who this week announced he will retire, still glossed over the legal implications of the data analysis program.
The July 20, 2006, memo sent to Conservative MP Stockwell Day, then the public safety minister, advised that CSIS had just created the new entity and that it performed a lawful and necessary national-security service.
“Virtually all Western [intelligence] services have, in the past several years but primarily since the 9/11 attacks, developed data exploitation,” wrote Jim Judd, the director of CSIS at the time. Over two and half pages he added that: “We are convinced of the need to move in this direction in view of the rapidly expanding capabilities of our targets and the consequent urgent requirement to do whatever is available to us to level the playing field.”
The targets were not made explicit, but terrorist attacks in Canada were top of mind. Six weeks before the memo was circulated, federal agents had rounded up a group of al-Qaeda-inspired teens and young adults. First spotted by CSIS, some suspects had been caught trying to build truck bombs, and one even expressed a desire to behead Parliamentarians.
The key to unlocking future plots, CSIS suggested, was the new ability to collect telecommunications trails known as metadata and store them for safekeeping and analysis. “In layman’s terms, metadata is information that describes how, when and where a communication occurred,” Mr. Judd explained. “… What we will now be doing, after analyzing and reporting on the data we collect, is retaining it in an ODAC database.”
He later added: “We also plan to brief the Federal Court on this initiative at an appropriate juncture.”
It is not clear what happened to that plan. Nor does the released – and redacted – version of the memo mention what kinds of metadata CSIS hoped to collect, how, who from or about whom.
The federal court judges’ ruling last year, which was the first public mention of ODAC’s operations, said CSIS never told any judge about the centre. They learned of it in a cryptic reference in an annual public report to Parliament from the watchdog agency that monitors CSIS.
The judges ruled that CSIS broke the law by using ODAC to retain certain kinds of records known as “associated data.” This meant that the spy agency had been indefinitely keeping call logs and Internet addresses related to people in proximity to its targets who were not themselves deemed threats. This violated laws that preclude CSIS from amassing more records than are “strictly necessary.”
After that finding, Liberal Public Safety Minister Ralph Goodale asked his officials for a summary of times when CSIS advised him or his predecessors about ODAC.
They were not many. Other access records show that Conservative Vic Toews got a verbal briefing when he toured CSIS headquarters in 2010. Beyond that, a few classified reports to successive public safety ministers obliquely referred to the centre.
“None of these documents discuss CSIS’ legal authority to retain ‘associated data’ or any related legal risks,” a top Public Safety official remarked to Mr. Goodale, one of the documents says.
CSIS sent one significant piece of correspondence late last year to the minister.
When the release of the Federal Court’s ruling was imminent, Mr. Coulombe wrote to Mr. Goodale to warn him the fallout would be embarrassing. “I wish to emphasize that CSIS will improve its practises involving the Court to ensure that duty-of-candour-related issues do not occur again,” he wrote.Report Typo/Error