Canada’s spy agency has warned the Trudeau government that proposed changes to bolster privacy could undermine the ability of intelligence agents to collect and use information about citizens.
In a 14-page submission to the Justice Department, the Canadian Security Intelligence Service recommends any reforms include special language that takes into account “the critical public interest in national security activities” carried out by CSIS.
The Canadian Press used the Access to Information Act to obtain a copy of CSIS’s September 2019 submission, which responds to possible changes to the Privacy Act outlined in federal discussion papers.
“I note that some of the changes proposed in the papers could significantly impact the work of national security and investigative agencies, including CSIS,” wrote the spy service’s director, David Vigneault, in a cover letter.
The Privacy Act governs how federal agencies collect, use and disclose personal information and gives people the right to see, and correct, such data the government holds about them.
CSIS expresses particular concern about defining personal information in the law in an overly broad way, potentially making the intelligence service’s job more difficult.
For instance, video footage that is viewed, but not recorded, could be considered subject to the privacy law under an expanded definition, the submission says.
Defining publicly available information in the Privacy Act as it relates to CSIS would be welcome given a current lack of clarity, said Tim McSorley, national co-ordinator of the Ottawa-based International Civil Liberties Monitoring Group.
When citing what constitutes publicly available information, CSIS often uses the example of a telephone directory.
McSorley argues the scope is actually much wider, including social media posts and other data found online that can reveal details about someone’s travels, where they work, who they spend time with and even their religious beliefs.
Privacy, technology and data have evolved significantly, as have Canadians’ expectations around these issues, said CSIS spokesman John Townsend. “It is incumbent upon us to support this critical work by highlighting challenges and impacts from a national security perspective. Canadians would expect no less.”
In the submission, CSIS says the threshold for what amounts to “collection” of information, if changed in the law, should be tied to the “mandate and functions” of an agency such as CSIS.
Generally, personal data collected for one purpose is not supposed to be used in other ways.
The intelligence service suggests that information it collects with consent from someone undergoing a security clearance for a job should also be available, when relevant – and without receiving additional consent – to CSIS personnel investigating a national-security threat.
McSorley has grave reservations about such treatment for intelligence services.
“The notion that once information is collected, that there should be a broad exception for security agencies to use it in other manners, raises serious concerns,” he said.
CSIS also says privacy law should ensure the intelligence service:
– not be required to disclose the identity of foreign agencies with whom it shares information or the nature of the data exchanges;
– be exempt, in some cases, from informing people their data has been stolen or inadvertently leaked, since that could signal they are under investigation.
Spy databases may hold information about people who do not necessarily pose a threat to security, and a breach of their data should not be hidden from them, McSorley said.
“The idea that it could remain secret – it’s really troubling,” he said. “I think they would have to find some kind of middle ground there.”
Townsend said the concern with mandatory privacy breach notifications was that, as proposed, they would not take into account any potential impact on national security or an ongoing investigation.