Skip to main content

IMSI catchers work by lifting digital identifiers off all phones in a vicinity, a technique that can give investigators the ability to zero in on an unknown phone used by a known suspect if they can follow the signal as the suspect moves.Fernando Morales/The Globe and Mail

Canada's domestic spy service has been capturing the phone-identifying data of terrorism suspects for years without judicial knowledge or oversight, according to a ruling released Tuesday.

But the Canadian Security Intelligence Service's warrantless use of data-capturing devices is legal and proper in most instances, the ruling says, as long as the agency restricts what it does with captured information.

The decision from Federal Court Chief Justice Paul Crampton relates to CSIS warrant applications for an "Islamist terrorism" investigation, although the identities of the target individuals are being withheld. It amounts to the most detailed ruling to date by any Canadian court on government agents' use of devices known as IMSI catchers, "Stingrays," or "cell-site simulator" (CSS) technology.

Such machines have been secretively used by federal agents and police for well over a decade in Canada, but there has only been public and judicial discussion about them following recent disclosures about their use by police. The fundamental legal question for the courts is whether use of IMSI catchers runs afoul of laws intended to protect privacy. The legal questions about IMSI catchers caused CSIS to suspend its use of the devices in January but the use has since resumed, a spokeswoman said Tuesday.

Phone identifiers known as "IMSIs" exist for a mobile phone to connect to a cellphone network, and portable IMSI catchers essentially impersonate cellphone towers to surreptitiously capture this information. These digital identifiers do not, however, identify a person or reveal how or what they are communicating.

IMSI catchers work by lifting digital identifiers off all phones in a vicinity, a technique that can give investigators the ability to zero in on an unknown phone used by a known suspect if they can follow the signal as the suspect moves. That can put investigators in position to seek authorizations to do more invasive follow-up spying on specific individuals. No actual eavesdropping is done at this stage.

CSIS has been given a range of invasive powers by Parliament, but is usually required to first seek warrants to conduct targeted surveillance or searches. But Judge Crampton gives CSIS a green light to use IMSI catchers warrantlessly, reasoning that the task of protecting national security outweighs any privacy stakes inherent in anonymous digital identifiers. "That is to say, state objectives of public importance (i.e. national security) are predominant, the intrusive nature of the search was minimal, and the method of the search was both highly accurate and narrowly targeted," his ruling reads.

The ruling speaks only to the collection of digital identifiers. Judge Crampton lays out scenarios where CSIS would need warrants or other authorities to do follow-up investigation.

First, approaching a phone company to figure out who controls which phone would still require a prior judicial order for CSIS.

Second, using an IMSI catcher to lock onto a specific phone to track the movements of a suspect is considered a more invasive use. Whether CSIS needed judicial warrants for such spying is said to have been a grey area but "CSIS has since conceded that this use of CSS technology must be sanctioned by a warrant issued by this court," the ruling reads.

Third, some models of the machines – including ones owned by CSIS – can also intercept people's communications. Such eavesdropping would also require judicial approval.

Fourth, it is contemplated that CSIS might well be tempted to hold on to the phone identifiers of not just its targets, but also people in proximity to them, so that these big pools of information that could be data mined for investigative leads. But this would also require the approval of judges, says Judge Crampton, whose ruling notes that CSIS is currently routinely destroying such data about third parties.

There is also a broad caution that CSIS must take great care in sharing any captured identifiers pulled from the phones of Canadian terrorism suspects with allied counterterrorism agencies elsewhere. That stipulation is consistent with a previous Federal Court ruling that said such CSIS information sharing could cause Canadian suspects "to be detained or otherwise harmed" once they cross borders.

It's not hard to understand why. Spymasters in the United States have publicly said they can, and do, lethally target terrorism suspects abroad based on their phone data. Judge Crampton's ruling does not speak to this scenario, but does lay out other consequences of cross-border information sharing. "Among other things, this may have significant adverse consequences of individuals' ability to travel outside Canada, and for their ability to obtain new employment or maintain existing employment."

The new ruling said that warrant-signing Federal Court judges learned about the extent of CSIS's use of IMSI catchers last year, only after reading a 2014 report written by a watchdog agency known as the Security Intelligence Review Committee.

"This is the first proceeding in which CSIS has explicitly sought the court's views regarding its use of [cell site simulator] technology to obtain information and intelligence in the course of an investigation, without a warrant," the ruling reads. "CSIS has used CSS technology for that purpose for several years. However, prior to Feb. 10, 2016, the court was unaware of that fact."

Report an error

Editorial code of conduct