In an exclusive interview with CBC News, the former head of Canada’s most secretive intelligence agency says there should be greater parliamentary scrutiny of the clandestine spy service at the heart of Brazilian espionage allegations.
Calls for more openness are certain to get louder in the wake of fresh allegations the agency spied on Brazil's mining and energy ministry in search of corporate secrets.
In a rare interview, former spymaster John Adams told CBC News he thinks the government must do more "to make Canadians more knowledgeable about what the intelligence agencies are trying to do on their behalf."
Adams recently retired after seven years as head of the Communications Security Establishment Canada, and he admits the agency has deliberately kept Canadians in the dark about its operations for decades.
“There’s no question that CSEC is very, very biased towards the less the public knows the better, and in fact it seems to have worked, because you very seldom see them on the front page of the newspapers.”
Part of CSEC's mandate is to monitor foreign communications, including those coming into Canada.
But it cannot target domestic telephone or email traffic.
"That's against the law," says Adams, who left the highly secretive Ottawa-based agency last year. "Absolutely not."
But, he adds, "We have got capability that is unique to this country. No one else has it," Adams said.
Warning for Canadians
Adams admits that CSEC is not immune from some of the practices causing a furor in the U.S. and Britain, but stresses they are all legal.
For instance, he says, CSEC is gathering huge amounts of so-called metadata from phone companies and internet providers, information on large numbers of people including their complete phone and email records.
“Metadata is an issue, there’s no doubt about it,” Adams says, “but they can only use what is relevant to ongoing investigations.”
American internet users are also up in arms over revelations that the NSA has been making deals with major telecommunications companies to get past the security encryption codes protecting customer data.
Adams won’t reveal details about how CSEC spies operate in this country, but they are apparently breaking through encryptions.
“The reality is encryption is ubiquitous, it’s everywhere, so clearly if intelligence agencies are going to seek information, they’re going to be able to breach encryption.”
All of which helps to explain Adams’s warning for average Canadians: if you think anything you read, write or send via the internet is private, think again.
"The reality is if you're on the internet, you literally might as well be on the front page of the Globe and Mail," Adams says.
“You have to know that probably if someone’s interested in you, they may well be listening or reading or whatever it might be.”
Don’t count on passwords for protection, either.
“If you use a word that’s in the dictionary, they’ll crack it in less than a minute.”
Adams says about 900 of CSEC’s roughly 2,000 employees are involved in the spy business, both gathering intelligence and analyzing it.
A lot are young, talented computer hackers.
“These young people … they’re computer scientists, they’re engineers, they’re just interested in the business. And they can do things with CSEC that if they did them outside of CSEC would frankly be against the law.”
Privacy commissioner concerned
Jennifer Stoddart, Canada's privacy commissioner, is among those who worry Canadians are being kept in the dark about what goes on at CSEC.
"We don't know enough about what CSEC does," Stoddart said in an interview, adding that her office doesn't have the authority to shine a light on CSEC.
The agency has its own watchdog, retired judge Robert Decary, who is stepping down for personal reasons at the end of the year.
Decary has a total staff of about a dozen people, only about half of whom are actual investigators.
Decary doesn’t give interviews, but Adams says CSEC processes more data in a day than all of Canada’s banks combined, so “obviously he doesn’t have the resources to look at everything.”
But Adams says the watchdog’s team does have access to enough key data to know whether CSEC is “doing something against the privacy law.”
In his final report to Parliament, Decary said he was unable in one instance to be able to determine if CSEC had broken the law, and he called for greater transparency.
Critics say Decary is not entirely independent, pointing out he reports to the defence minister, not Parliament, and even then his reports have to be vetted by CSEC for “national security reasons.”
As a result, Decary and his predecessors have produced reports that are rarely enlightening to the public.
Even Adams, the former CSEC director, says it's time for the agency to be more open and report to a special all-party parliamentary committee.
That may come soon if CSEC continues to land in hot water over its foreign spying.
Allegations that CSEC spied on Brazil are just the latest.
Documents obtained by U.S. whistleblower Edward Snowden and published in the British newspaper the Guardian in June suggest CSEC may have been part of a scheme to hack the phone calls and emails of ministers and diplomats at a G20 summit in London in 2009.
The leaked documents were apparently part of the intelligence debriefing after the summit, and those that made reference to spying on foreign diplomats included the CSEC’s official seal along with those of the NSA and the British spy service known as GCHQ.
Big Brother’s little brother
Thomas Drake, a former NSA intelligence executive turned American whistleblower, says the Canadian logo on the document is proof that CSEC was somehow involved in the London spying.
“The fact that their seal shows up on those slides means they are participants by virtue of that alone.”
Drake says the Canadian and American intelligence agencies have a close relationship, though the U.S. and British agencies generally call the shots because of the sheer size of their operations.
“You can assume that in terms of CSEC, that it is one of the little brothers of Big Brother NSA,” Drake says.
So CSEC is “generally going to go along with whatever NSA and GCHQ say. They are in partnership.”
CSE’s participation in spying at the London summit is now bound to raise questions about whether Canada spied on its own guests at the G20 summit the following year in Toronto.