On the eve of a crucial new national-security debate, parliamentarians are being told that federal spy agencies are out to data-mine "bulk" amounts of electronic records about ordinary people as they seek to spot extraordinary terrorist threats.
The Library of Parliament released a discussion paper this week on Bill C-59, an overhaul of the laws guiding Canada's intelligence agencies. Debate about it will begin in earnest in Ottawa on Thursday, when federal spymasters and police chiefs appear before a legislative committee beginning a review of the bill.
The Liberals introduced the legislation in June to fulfill their campaign promises to keep intelligence agencies in line. The legislation includes new accountability mechanisms and approves a host of new data-spying powers for the federal government's main spy agencies – the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE).
For example, the legislation mentions the word "datasets" (which it defines as electronic records) more than 150 times as it establishes legal pathways for CSIS and CSE to amass and analyze all manner of electronic records, while at the same time safeguarding Canadians' privacy. No specifics about any datasets are given, save for a restriction telling CSIS it cannot collect anyone's medical records.
In its customary analysis of legislation for MPs and senators before the passage of a major bill, the Library of Parliament points out that the two federal intelligence agencies are increasingly turning toward so-called big-data techniques in their bids to spot terror threats.
Parts of Bill C-59 "would accommodate the bulk acquisition of any publicly available information that has been published or broadcast for public consumption, including, for example, facial imagery captured in social-media posts," the report says.
It adds that it "appears that CSE and CSIS acquisition of publicly available information may be made in bulk, meaning the data will not be prefiltered to remove all non-target-related information."
This is a way of saying that intelligence agencies are increasingly seeking data about everyone, including citizens, not just targets of their investigations. The report says federal intelligence analysts are using computer algorithms to comb through big and disparate pools of data for information about possible terrorism.
For this reason, the report suggests C-59 could be a boon for corporations that put together bundles of data and sell them to government agencies. "Service providers and information brokers may be incentivized to collect and sell new forms of information packages on users," the Library of Parliament report says. "… Among the information-broker products that are already available to those willing to pay are credit histories, web browsing history, online purchases, social-media connections, marital status and a variety of information that enables the construction of detailed personal profiles."
Intelligence agencies do not rely only on electronic records bought and sold on the open market. In Canada and elsewhere, they can also acquire such material by spying, or by getting court orders to compel corporations to hand over records, or by persuading other governments and government agencies to share data.
The extent of these activities in Canada – both currently, and in the future under C-59 – is hard to gauge. The 2013 leaks from former U.S intelligence contractor Edward Snowden revealed sprawling domestic data-spying programs in the United States and Britain, yet little or nothing about similar programs in Canada, where privacy protections are stricter.
C-59 does clear a path for spy agencies to acquire some electronic records about Canadians for intelligence purposes. But it also imposes a host of checks and balances. For example, the minister of public safety, Federal Court judges and new classes of civil-servant watchdogs will closely scrutinize CSIS and CSE, watching just what kinds of data they "collect," "query," "exploit" and "retain" – words that describe different activities in data spying that require different levels of authorization.
"Robust safeguards are built into the datasets framework" of Bill C-59, said Scott Bardsley, a spokesman for Public Safety Minister Ralph Goodale. He added that "a modern intelligence agency requires the lawful authority to collect a broad range of data to detect threats and identify previously unknown trends and patterns."
Asked to provide examples of datasets CSIS – Canada's domestic spy service – might want, Mr. Bardsley said, "voter and census information from foreign countries" or "travel datasets, for example, pertaining to routes known to be used by [terrorist] foreign fighters."