Last summer, I discussed the Snowden leaks and concerns about Canadian surveillance activities with a senior government official. The official remarked that in the wake of the Snowden revelations the political risk did not lie with surveillance itself, since most Canadians basically trusted their government and intelligence agencies to avoid misuse (the steady stream of Snowden leaks and Canada’s increasingly apparent role may have changed this analysis). Rather, the real concern was with being caught lying about the surveillance activities. This person was of the view that Canadians would accept surveillance, but they would not accept lying about surveillance programs.
Those comments came to mind over the past week with the latest revelations about CSEC metadata surveillance. While the story has been characterized as an airport wifi surveillance issue, it is clear that the airport wifi angle misses the real concern. The leaked document and subsequent explanations reveal an attempt to identify travel patterns and geographic locations using user ID data over a two week period provided by a Canadian source (CSEC referred to this as metadata in the Senate committee hearing yesterday) along with a database of geo-locations of IP addresses supplied by Quova (I once served as an advisor to Quova). By identifying airport wifi IP addresses along with broader usage data and geo-identifying information, CSEC hopes to be able to identify locational movements of individual users. Bruce Schneier provides a helpful review of the likely intent of the program.
While some argued the program tracks Canadians and is therefore illegal (citing Charter violations and activities beyond the CSEC mandate), the Justice Minister maintains the program is legal and CSEC has defended the program in a release the day after the story broke and again at the Senate committee yesterday. Moreover, the CSEC Commissioner has posted a somewhat cryptic statement that emphasizes the independence of the review process. Ryan Gallagher has responded to those statements with a post arguing the denials are hollow.
Yesterday’s Senate committee hearing did provide further insight into the program. CSEC painted the new revelations as a simple application of data it is already collecting. Noting that there have been ministerial approvals for metadata collection since 2005, CSEC suggests that this is effectively an exercise to determine whether the metadata can be used in conjunction with other data to determine location. It steadfastly defended its approach, seeking to distinguish between metadata (data about data) and content. Further, it noted that metadata is deleted according to retention limits contained in the ministerial approval (though no one raised the fact that those retention periods are secret).
I’m left with four takeaways from the past week.
First, CSEC’s surveillance activities of Internet communications in Canada are far more extensive than previously realized. Its trove of metadata – presumably obtained with the cooperation of Canada’s major telecom companies – provides enormous insight into the communications habits and activities of millions of Canadians. The use of metadata has been the subject of some concern from the CSEC Commissioner, yet the full scope of activities remain largely secret. Moreover, the ministerial directive on metadata appears to be so broad that it enables widespread tracking and surveillance as CESC is able to mine the data for a myriad of purposes.
Given those capabilities, assurances that metadata surveillance is less invasive than tracking the content of telephone calls or Internet usage ring hollow. Metadata can include geo-location information, call duration, call participants, and Internet protocol addresses. While officials suggest that this information is not sensitive, there are many studies that have concluded otherwise. These studies have found that metadata alone can be used to identify specific persons, reveal locational data, or even disclose important medical and business information. I discuss the issues associated with metadata – including Supreme Court of Canada and Bill C-13 concerns – here. For CSEC to argue that it otherwise does not track Canadians because it only accesses metadata, is misleading at best.
Second, the geographical limits of CSEC – its framework requires that foreign intelligence activities “not be directed at Canadians or any person in Canada” – are being completely blurred. The commingling of data through integrated communications networks and “borderless” Internet services residing on servers around the world suggests that distinguishing between Canadian and foreign data seems like an outdated and increasingly impossible task. CSEC’s repeated references to the “global Internet” as opposed to the Internet might well be an attempt to emphasize the foreign component of largely Canadian-based activities. Indeed, the fact that CSEC focuses on Canadian-based metadata (CSEC was asked yesterday why it doesn’t collect data from other countries instead) ensures that most of its metadata will include a Canadian component, thereby increasing the likelihood of Canadian surveillance.
Third, the government (including Justice and CSEC) are confident that the programs are legal under the current CSEC mandate. The metadata program operates under ministerial approval, which CSEC would argue extends to uses such as the IP location (or airport wifi) tests. Given the fears of being caught lying, it seems unlikely officials would adopt this position without internal legal reviews and advice.
Fourth, fixing the oversight of CSEC won’t solve the problem. Better oversight is currently being touted as the solution to the surveillance problem. The Liberals are proposing a new parliamentary committee review committee, the federal privacy commissioner has identified opportunities for better reporting and oversight, and Ontario privacy commissioner Ann Cavoukian has called for improved transparency and accountability.
Reforms to the current oversight system are needed but the recent experience demonstrates why they are not sufficient. The current system would certainly benefit from external reviewers, who might be more aggressive in questioning the scope of CSEC programs and the stretching of its mandate. Yet the far bigger problem lies with the law itself:
- The use of metadata should be openly examined by acknowledging that data mining capabilities mean that metadata can have the same privacy implications of the content of messages. Allowing CSEC to conduct widespread surveillance under the guise that it’s “only metadata” is an incredible violation of basic privacy expectations of most Canadians. The general ministerial authorization has led to a system of widespread surveillance. The scope of metadata must be better defined and judicial authorizations for specific collections instituted.
- While the current surveillance statutes may have been developed in a world where geography mattered, the communications borders have been largely blurred leaving a North American communications network that has little regard for national boundaries. Canadian law is therefore increasingly unable to provide credible assurances about the limits of domestic collection. As long as CSEC provides the illusion that there is a “global Internet” and a “domestic Internet” that are somehow different, its activities will unquestionably feature a prominent domestic component.
- Data sharing between agencies and between countries should be subject to strict limits, yet the Mosley federal court decision and the European Parliament’s discomfort with Canadian practices highlight how these limits need to be re-examined. CSEC officials often claim there are limits, but the Snowden leaks have renewed doubts about what happens out of the public spotlight.
Improved oversight will help, but it won’t solve these issues. The substantive law itself needs open debate and reform, with clear, public information on the limits of metadata and geography. Without it, better oversight will leave the foundational problems behind Canadian surveillance largely unchanged. only metadata