Skip to main content

Social networking, cloud computing and mobile connectivity have together fundamentally transformed our world, but they come with a dark side. As we move about our daily lives, we secrete a constant stream of data, a digital electronic cloud of bits and bytes that follows us around indefinitely.Getty Images/iStockphoto

The watchdog agency that sounded the alarm on Canada's metadata surveillance program has also raised red flags about how that intelligence is exchanged with CSIS.

Newly obtained correspondence shows that retired Supreme Court judge Charles Gonthier worried that mass-collection surveillance methods could blur lines between domestic- and foreign-intelligence gathering in Canada, by muddying the mandates of the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment Canada (CSEC or CSE).

For almost a decade, the CSEC, an electronic eavesdropping agency, has been explicitly authorized to collect metadata – phone logs, Internet protocol addresses and similar information – in hopes these data trails will map out groups of terrorists. The practice was revealed in The Globe and Mail last week.

Mr. Gonthier was concerned about whether domestic spy agencies seeking suspicious citizens could tap into foreign-surveillance metadata motherlodes, without warrants.

To this end, he sent a flurry of letters to top Ottawa security officials five years ago. Mr. Gonthier, who then worked as the watchdog for the CSEC, urged continued walls between agencies – especially when it came to sharing the fruits of surveillance programs.

"I recommend that CSE ensure that the CSIS-CSE Memorandum of Understanding is revised to reflect current practises," Mr. Gonthier wrote to Defence Minister Peter MacKay in a memo in January 2008.

That September, he followed up, telling Mr. MacKay that intelligence exchanges involving the CSEC metadata program were a specific area of concern. "This is important because it determines the legal requirement (e.g. ministerial authorization v. a court warrant) in cases where activities may be 'directed at' a Canadian," Mr. Gonthier wrote. "It also determines which agency is responsible for the information, and how that information collected should be handled."

Mr. Gonthier also asked questions about whether the CSEC metadata program would sufficiently protect the privacy of Canadian communications as information was shared.

For good measure, Mr. Gonthier, who died in 2009, copied leaders of CSEC, the Privy Council Office, and the Defence Department on such memos. The bureaucracy initially resisted changes before Mr. MacKay eventually signed on to tighter rules. The successors to Mr. Gonthier at the watchdog agency (known as the Office of the CSE Commissioner) have said that while they are satisfied that some of the changes will better protect privacy, they are still reviewing the metadata program.

After the Sept. 11, 2001 terrorist attacks, Canada passed the Anti-Terrorism Act, which gave the Defence Minister latitude to authorize surveillance programs that "incidentally" collect Canadian telecommunications if they point to terrorist threats in the wider world.

The metadata program was one of those programs.

Never directly scrutinized by the courts or Parliament, CSEC is forbidden from spying on Canadians – unless a federal security agency first comes calling with a judicial warrant authorizing it to share specific intelligence, or to assist in domestic intelligence-gathering.

The biggest "client" agency is CSIS, whose intelligence officers interview suspicious people in Canada. CSIS officers can only themselves get wiretaps if they can convince a judge they have "reasonable grounds" to suspect a Canadian of being a security threat.

Marrying the different legal standards has always been tricky. But new mass-collection surveillance programs can kick-start investigations without probable cause, simply by revealing suspicious relationships.

Mr. Gonthier also suggested CSEC needed reassurances – in writing – thats its partnerships with CSIS were legal.

He specifically said CSEC should better vet CSIS requests for information "to ensure all information required under CSE policy is contained … including the written assurance that the (CSIS) information was required lawfully, in accordance with an investigation or warrant."

In the United States, such practices have already emerged as controversial. "Metadata, in essence, replaced probable cause. The so-called wall between intelligence and law enforcement simply didn't exist," said Thomas Drake, a 56-year-old who was a U.S. National Security Agency executive in the early 2000s.

"In many cases NSA became the hunter – they would find information and pass it on," he told The Globe in an interview.

Today Mr. Drake is celebrated as a whistle-blower, after the U.S. government failed to prosecute him on charges that he had illegally leaked information about the NSA. He urges the public to be wary of government surveillance. The NSA "wanted their hands on every single piece of metadata they could find," he said.