This continued until the CBC-TV program the fifth estate aired an exposé of the agency’s activities (and links to U.S. intelligence services) in 1974. The next year, it was transferred to the Department of National Defence and renamed the Communications Security Establishment.
Its role shrank after the fall of the Berlin Wall. But the Sept. 11, 2001, terrorist attacks on the United States would reverse that trend. That December, Parliament passed Canada’s Anti-Terrorism Act, which effectively enlisted CSEC’s powers in the global fight against al-Qaeda. While the legislation better clarified the powers and limits of the surveillance agency, it also opened some chinks in the ironclad strictures against spying on Canadian citizens: Subject to checks and balances, the Minister of National Defence was given broad latitude to put in play certain programs that had been regarded as borderline.
“CSEC has significantly increased its ability to identify and collect communications,” says the agency’s own online account of its evolution. “Under the authority of several ministerial authorizations, [CSEC] has strengthened its most promising and technologically advanced collection activities.”
This brings us to the Canadian metadata program. The basic tradecraft of agencies such as CSEC or the NSA is simple enough: Suck up enough phone logs and Internet protocol addresses and the like, sort through them with enough technicians and computers and algorithms, and you can divine how data move among people. It’s in this way that metadata yield insights into patterns of suspicious activity.
But what to do when a citizen’s digital communication gets sucked up into the great big metadata-mulching machines? For decades, the consensus has been that democratic governments can eavesdrop on foreign conversations so long as they cover their ears when their own citizens enter the exchange.
Does metadata mining force a reconsideration of such practices? In Ottawa, the records show, that debate has been going on for a decade.
On March 9, 2005, Bill Graham, then defence minister, signed a top-secret directive that explicitly allowed CSEC to contemplate collecting some Canadian telecommunication trails, so long as they pointed to threats out in the wider world.
“I obviously signed the decree authorizing the collection of metadata because I was satisfied that was an essential thing they had to do,” Mr. Graham, now retired from Parliament, reflected in an interview with The Globe. He didn’t see the program as a fundamental change. “I saw it as one more tool in the toolbox.”
Mr. Graham said politicians like him must place great faith in their bureaucrats, because signals intelligence makes no more inherent sense to a cabinet minister than it does to the rest of us. “Unless you’re an expert yourself, it’s tough for you to grasp the total significance of what could seem a small, incremental change,” he said.
Besides allowing CSEC to fulfill its foreign-intelligence mission, the “incidental” collection of Canadian metadata was meant to better advise CSEC “clients” – namely the RCMP and CSIS. However, these domestic agencies need warrants to spy on Canadian telecommunications. They are also supposed to need warrants to get CSEC to divulge what it knows about specific Canadian telecommunications. But the ministerial directive gave CSEC broader legal cover.
In this period, the affable former Rhodes Scholar then in charge of CSEC had a nifty way of demonstrating how his agency was staying within the letter of the law.
“Metadata is the envelope information,” surveillance czar John Adams would tell his counterparts during briefings, sources say. Sometimes, the major-general-turned-mandarin would even wave a paper envelope to make his point that the metadata program is far from the digital equivalent of steaming open letters. Citizens’ communications contents were, are and would forever be sacrosanct inside the envelope, and off-limits. CSEC merely wanted a better glimpse at the address, return address and other routing information.
In this alluring metaphor, CSEC was nothing more than a third party who happens to see the outside of a mailed letter while it’s in transit. Metadata could be observed, mapped and shared without running afoul of laws precluding domestic surveillance.
The trick, of course, is for observers to get into a position to see all the envelopes whizzing around: They have to have the capacity to be inside every mailbox.
Even before Mr. Snowden, the NSA has had to deal with several leakers over the years, but CSEC technicians never tell – well, almost never.