Canada’s spy service is destroying undisclosed volumes of records relating to the communications of Canadians gathered over years.
This purge of a pool of data inside the Canadian Security Intelligence Service began a few months ago. “Approximately 70 per cent of the data has been destroyed and the remainder is expected to be destroyed in the coming months,” wrote CSIS spokeswoman Tahera Mufti, responding to questions from The Globe.
The records relate to CSIS’s logging of communications trails of ordinary Canadians who were not themselves considered threats, but who were once seen to be connected to terrorism suspects.
On Wednesday, a federal watchdog agency is expected to release its annual report to Parliament on CSIS’s intelligence-gathering activities. The data now being purged were first flagged as a major problem by an earlier Security Intelligence Review Committee report.
This controversy points to how national-security agencies are evolving, and mining growing volumes of data. Privacy advocates fear that such records about ordinary people will be gathered, kept and deleted in ways that lack transparency and accountability.
“This was a ‘Big Data’ surveillance effort that was operated in contravention of the authorizing law of CSIS, an incredibly secretive organization,” said Chris Parsons, a researcher at the University of Toronto’s Citizen Lab.
In 1984, Canada’s domestic intelligence agency was created to warn the federal government about suspected threats. Ever since, CSIS’s intelligence officers have run their wiretap applications through the Federal Court of Canada.
But surveillance technologies are changing, and two years ago a judge released a written ruling complaining his bench was being kept in the dark about the agency’s growing designs on data.
Justice Simon Noël further ruled that CSIS was unlawfully holding on to records relating to innocent people.
At issue was communications “metadata” – such as phone numbers and e-mail addresses – that had been indefinitely warehoused by CSIS starting in 2006. Intelligence analysts had input data into their systems about people who were initially seen to be in proximity to terrorism targets, but who ended up not themselves being considered threats.
The initial collection of this material was allowable, Justice Noël ruled, but CSIS keeping such data indefinitely was not. And the records were effectively left in limbo after his ruling two years ago. “I have considered ordering the destruction ... I decided not to do so,” the judge wrote.
Last year, the Liberal government introduced Bill C-59, allowing federal intelligence agencies more access to data, but under a system of strict checks and balances. For example, CSIS could gather and retain sensitive datasets about ordinary Canadians, but only with the prior approval of public safety ministers and judges.
Bill C-59 is now winding its way through Parliament, and CSIS director David Vigneault has arrived at parliamentary committees prepared to defend it. Briefing notes obtained by The Globe show that if an MP were to ask him about the metadata issue, the CSIS director would highlight the current purge. (It does not appear to have come up.)
“CSIS has taken a decision to destroy the data deemed to have been illegally retained. These destruction activities are imminent,” read Mr. Vigneault’s briefing notes from last November.
These briefing materials, released under Access to Information laws, explicitly state that CSIS now needs to gather certain kinds of data in “bulk” if the agency wants to keep up with what its closest allies elsewhere are doing.
“The acquisition of large volumes of information for analysis is a technique employed by intelligence agencies across the globe, and is an indispensable tool in support of modern national security investigations,” these materials say.
In his 2016 ruling, Justice Noël wrote that such growing capabilities will need to be closely monitored by courts and watchdog agencies.
“The end product is intelligence which reveals specific, intimate details on the life and environment of the persons the CSIS investigates,” his ruling says, adding that such techniques are “capable of drawing links between various sources and enormous amounts of data that no human being would be capable of.”
Prior to ordering the metadata destroyed, CSIS had worked “to quickly ‘fence’ the errant data to keep it from being used for intelligence-analysis purposes,” said Ms. Mufti, the agency’s spokeswoman.