Go to the Globe and Mail homepage

Jump to main navigationJump to main content

(� Pedro Nunes/Pedro Nunes)
(� Pedro Nunes/Pedro Nunes)

Privacy

Canadian data, foreign threats: Spying in the digital age Add to ...

A government spy agency that’s prohibited from monitoring Canadian citizens is now using “information about Canadians” to zero in on foreign threats.

The ambiguous statement, found in a new government report detailing the activities of Communications Security Establishment Canada, could sanction a range of intelligence-gathering activities – including the controversial practice of mining “metadata” from digital communications.

More related to this story

Metadata – often called data about data – are found in e-mails and their attachments, and contain digital signatures that can reveal when, where and by whom documents were created.

The collection of metadata has caused controversy in other countries, but never in Canada, where the Communications Security Establishment Canada operates as an ultra-secretive agency. About the only thing that is known about the classified practices is that they were halted and resumed after some “major changes,” including directives signed by Defence Minister Peter MacKay.

“I cannot comment on specific operational activities,” Adrian Simpson, a CSEC spokesman, told The Globe. He stressed that reviews upheld that the activities in question were “carried out in accordance with the law, ministerial requirements and CSEC’s policies and procedures.”

“CSEC is prohibited from directing its activities at Canadians, anyone in Canada or Canadians anywhere in the world,” he said.

For decades, signals-intelligence agencies in the West have been allowed to safeguard national security by eavesdropping on foreigners’ conversations. Spies can whatever phone lines and satellite signals they can, so long as they never listen in on fellow citizens.

But in the digital age, governments run increasingly sophisticated dragnets, scooping up and scouring through millions of intercepted Internet conversations daily. Such practices create legal ambiguities.

“The whole issue of what constitutes boundaries for signals-intelligence agencies in cyberspace is a big debate right now,” said Rafal Rohozinski, a security expert affiliated with the University of Toronto’s Munk School.

A watchdog agency that reviews the CSEC’s activities released an annual report to Parliament on July 20. “When other means have been exhausted, CSEC may use information about Canadians when it has reasonable grounds to believe that using this information may assist in identifying and obtaining foreign intelligence,” it reads.

Sometimes, collecting metadata is relatively benign. It can involve aggregating sets of data to spot trends, much like the way meteorologists discern national forecasts from localized information.

For example, while CSEC can’t usually monitor the communications of specific Canadian terror suspects, it can glean insights by zooming out for big-picture patterns. One way to do that, Mr. Rohozinski said, would be to look at data flows between Canadian cities and Yemen, where an Internet-savvy al-Qaeda offshoot works to recruit Westerners.

Metadata, however, can be more revealing. Documents that circulate on the Internet travel around like postmarked letters marked with return addresses – e-mails and attachments have embedded codes that speak to the who, where and when behind their creation.

The U.S. National Security Agency found itself mired in controversy a few years go, after it skirted domestic-spying bans by secretly upholding that this sort of American metadata was fair game, distinct from communication contents.

There’s little to suggest the CSEC would go that far. The federal agency’s activities are reviewed by a watchdog body now headed by a former Federal Court of Appeal judge. Robert Décary, appointed last year, wrote in his annual report that he was satisfied the CSEC activities in question are lawful, even if his predecessors felt them borderline..

“This was the first review of these activities since … their resumption under new policies,” the watchdog’s report says. It concludes that the surveillance activities are “in accordance with the law” and follow “major changes to certain policies, procedures and practices.”

Much of the concern arises from the possibility that CSEC could hand over metadata intelligence to domestic law-enforcement and security agencies.

As it stands, the RCMP and CSIS have to develop their domestic investigations before coming to CSEC – usually with warrants – if they want specific intelligence. The rules guiding handovers are strict because, even though all agencies run surveillance operations, they do so under vastly different mandates and legal standards.

The spy agency, however, stood by its practices.

“CSEC is extremely diligent when it comes to the privacy of Canadians,” Mr. Simpson said.

Follow on Twitter: @colinfreeze

 

In the know

Most popular video »

Highlights

More from The Globe and Mail

Most Popular Stories