CSEC commissioner calls for safeguards on Five Eyes data sharing
Declassified report recommends further safeguards for Canadians' privacy when sharing data with allies
The watchdog that keeps an eye on Canada's electronic spy agency says it cannot be sure the intelligence service's Five Eyes partners abide by promises to properly protect information about Canadians.
A newly declassified report shows the federally appointed watchdog has recommended that Defence Minister Rob Nicholson issue a directive to Communications Security Establishment Canada that sets out expectations for safeguarding Canadians' privacy when CSEC shares information with its key allies.
- CSEC gathers personal info while defending against cyberattacks
- Canadian cyberspy agency CSEC fretted about staff after Snowden leaks
- CSEC: What do we know about Canada's eavesdropping agency?
The watchdog, known as the CSEC commissioner, has also urged the spy agency to regularly report detailed statistical data to the minister about the international information sharing.
The Canadian Press obtained a heavily censored copy of the commissioner's findings and recommendations under the Access to Information Act.
Ottawa-based CSEC monitors foreign communications of intelligence interest to Canada, and exchanges a large amount of information with similar agencies in the United States, Britain, Australia and New Zealand.
Leaks from Edward Snowden, a former contractor for the U.S. National Security Agency — CSEC's American counterpart — have raised questions about operations of the so-called Five Eyes intelligence network.
Defence minister authorizes certain interceptions
The leaked documents revealed that the NSA had quietly obtained access to a broad swath of emails, chat logs and other information from major Internet companies, as well as data about a huge volume of telephone calls. They also told how Britain's Government Communications Headquarters had tapped fibre-optic cables to extract Internet data.
CSEC insists it targets only foreign email, telephone and satellite traffic. However, the spy service acknowledges it cannot monitor global communications in the modern era without gathering at least some Canadian information.
In certain cases the defence minister authorizes CSEC activities that would otherwise risk breaching the Criminal Code provision against intercepting the private communications of Canadians.
Initial inquiries by the CSEC commissioner found the spy service did take measures to uphold the privacy of Canadians in what it shares with the four chief allies — for instance by suppressing Canadian identities in reports supplied to them.
However, the commissioner's office undertook further study to determine how much information about Canadians is being shared with the partners and whether they were fulfilling commitments to protect sensitive details.
"These activities may directly affect the security of a Canadian person," says the 34-page report, originally classified top secret, for Canadian eyes only.
"Precision and accuracy of language in exchanges of information can be critical and affect outcomes, including how individuals are treated."
The report says that beyond "certain general statements and assurances" between CSEC and its foreign sister agencies, the commissioner's office was "unable to assess the extent" to which the four partners "follow the agreements with CSEC and protect private communications and information about Canadians in what CSEC shares with the partners."
CSEC undertaking risk assessment
It recommended a new ministerial directive based on a risk assessment — an in-depth analysis of how legal and policy regimes in the different countries could affect CSEC's compliance with the law and protection of Canadian privacy.
"The commissioner's office understands that such a risk assessment would not be a trivial undertaking," the report says.
"However, in light of recent events, we believe it is essential."
CSEC and the minister have accepted the recommendations and the intelligence service "is already implementing them," CSEC spokesman Andrew McLaughlin said Monday.
Nicholson's office had no immediate comment.
The newly obtained report was completed in July 2013 by then-CSEC watchdog Robert Decary just after Nicholson took over the defence portfolio. Decary has since been succeeded as CSEC commissioner by former Quebec judge Jean-Pierre Plouffe.
The CSEC watchdog's office said Monday the commissioner continues to actively monitor the spy agency's dealings with its Five Eyes partners.
In underscoring the potential dangers of losing control of information about Canadians, the report points to the case of Ottawa engineer Maher Arar, who was tortured in a Syrian prison over false terrorism allegations. An inquiry concluded information the RCMP passed to the United States likely led to his ordeal.
But the report also stresses that CSEC's ability to fulfil its foreign intelligence collection mandate rests in large part on building and maintaining productive relationships with foreign counterparts.
"According to CSEC, the Five Eyes alliance is more valuable now than at any other time in history, given the increasingly complex technological challenges faced by the partners."