The office of Defence Minister Harjit Sajjan is crafting a directive for how Canada's electronic spy agency shares its foreign signals intelligence with its closest allies, the Five Eyes partners.
The work follows a 2016 report from the oversight commissioner of the Communications Security Establishment (CSE). In it Jean-Pierre Plouffe revealed how the agency had illegally and unintentionally shared domestic metadata with those key allies: the United States, United Kingdom, Australia and New Zealand.
Metadata is information associated with phone or electronic communication that is used to identify, describe or route information.
CSE is authorized under the National Defence Act to — among other things — collect foreign signals intelligence and protect computer networks from cyber attack.
In an email to CBC News, Sajjan's press secretary Jordan Owens said CSE already has a "robust suite of privacy measures" that guide its work. But Owens said the agency is now conducting an analysis to support the defence minister's directive on information-sharing activities among the Five Eyes.
"This is a significant undertaking and we look forward to having more to share in the future as development on this directive progresses," wrote Owens.
- Canada's spy agency expects cyberattacks during 2019 federal election
- How, when and where can Canada's digital spies hack?
- 'Difficult to determine' scope of privacy breach in Five Eyes data sharing
In his most recent annual report on the agency, CSE Commissioner Jean-Pierre Plouffe said the government had assured him that the directive would "explicitly acknowledge the risks associated with this type of sharing, given that CSE cannot, for reasons of sovereignty, demand that its Five Eyes partners account for any use of such information."
CSE's commissioner first advised the defence minister to issue such a directive in 2013.
Christopher Parsons, research associate at The Citizen Lab at the Munk School of Global Affairs, said the purpose would be to authorize and draw boundaries around what is permissible when gathering and sharing data.
While there have been concerns about how the U.S. executive has treated intelligence information over the last six to eight months, Parsons said the directive may have as much to do with the current government's review of national security issues.
What Bill C-59 could mean
"So there's bill C-59 tabled before the summer recesses. As part of that there is total reformation of the CSE Act. So that means the government is really looking at how things work in terms of the collection and dissemination of intelligence information at the moment," Parsons told CBC News.
In his 2016-17 report, Plouffe said CSE's ability to carry out its mandate is largely due to maintaining good relationships with its allies and that disclosure of information revealing a Canadian's identity is rare.
In assessments of 161 cases examined in the last year, "only five involved the disclosure of Canadian identity information to a foreign entity."
Plouffe added that it is unlikely CSE would receive information gleaned from mistreatment.