In the aftermath of the Snowden revelations in which the public has become largely numb to new surveillance disclosures, the Canadian reports over the past week will still leave many shocked and appalled. It started with the Ontario Provincial Police mass text messaging thousands of people based on cellphone usage from nearly a year earlier (which is not government surveillance per se but highlights massive geo-location data collection by telecom carriers and extraordinary data retention periods), continued with the deeply disturbing reports of surveillance of journalists in Quebec (which few believe is limited to just Quebec) and culminated in yesterday’s federal court decision that disclosed that CSIS no longer needs warrants for tax records (due to Bill C-51) and took the service to task for misleading the court and violating the law for years on its metadata collection and retention program.
The ruling reveals a level of deception that should eliminate any doubts that the current oversight framework is wholly inadequate and raises questions about Canadian authorities commitment to operating within the law. The court found a breach of a “duty of candour” (which most people would typically call deception or lying) and raises the possibility of a future contempt of court proceeding. While CSIS attempted to downplay the concern by noting that the data collection in question – metadata involving a wide range of information used in a massive data analysis program – was collected under a court order, simply put, the court found that the retention of the data was illegal. Further, the amount of data collection continues to grow (the court states the “scope and volume of incidentally gathered information has been tremendously enlarged”), leading to the retention of metadata that is not part of an active investigation but rather involves non-threat, third party information. In other words, it is precisely the massive, big data metadata analysis program feared by many Canadians.
The court ruling comes after the Security Intelligence Review Committee raised concerned about CSIS bulk data collection in its latest report and recommended that that inform the federal court about the activities. CSIS rejected the recommendation. In fact, the court only became aware of the metadata retention due to the SIRC report and was astonished by the CSIS response, stating that it “shows a worrisome lack of understanding of, or respect for, the responsibilities of a party [SIRC] benefiting from the opportunity to appear ex parte.”
There is little no reason to believe that the issues raised by the court or the revelations regarding surveillance on journalists – an act that undermines the freedom of the press and its ability to hold government to account – are isolated incidents. In fact, this is not the first time the federal court has felt misled about the activities of Canadian intelligence agencies. Justice Richard Mosley, a federal court judge, issued a stinging rebuke to Canada’s intelligence agencies and the Justice Department in 2013, ruling that they misled the court when they applied for warrants to permit the interception of electronic communications. While the government steadfastly defended its surveillance activities by maintaining that it operated within the law, Justice Mosley, a former official with the Justice Department who was involved with the creation of the Anti-Terrorism Act, found a particularly troubling example where this was not the case.
This week’s metadata case involves CSIS, but this year’s report from the Communications Security Establishment (CSE) commissioner uses legal language seemingly designed to obscure an otherwise clear admission that there are ongoing metadata violations within the CSE. The report notes that metadata activities were “generally conducted in compliance with operational policy” and that the “CSE has halted some metadata analysis activities” that were the subject of previous criticisms. The use of words like “generally” and “some” are no accident. The CSE Commissioner could have just as easily written that the CSE still does not conduct its metadata activities in full compliance with the law and that it has refused to stop some activities that were the subject of complaints. Yet the soft framing turns what should be a major story and source of concern into something largely ignored by the general public.
Moreover, Snowden has made it clear that Canadian securities agencies have been enthusiastic participants in numerous surveillance initiatives. Canadians played a lead role in projects focused on tracking travellers using airport Wi-Fi networks, monitoring millions of daily uploads and downloads to online storage sites, aggregating millions of emails sent by Canadians to government officials, and targeting mobile phones and app stores to implant spyware.
Meanwhile, all Canadian telecommunications companies still do not release transparency reports (Bell being the notable outlier), securities agencies won’t disclose their own breaches, and the federal government is consulting on the expansion of interception capabilities within Canadian networks and the revival of lawful access rules.
There are no silver linings here. Public Safety Minister Ralph Goodale responded to the court ruling by stating:
“In matters of security and intelligence, Canadians need to have confidence that all the departments and agencies of the government of Canada are being effective at keeping Canadians safe, and equally, that they are safeguarding our rights and freedoms.”
In light of what we now know, Canadians simply cannot be confident that security intelligence agencies are safeguarding and respecting our rights and freedoms. This government was elected on a mandate of real change. It must now put those words into action by overhauling legal oversight and enacting real change to Canadian surveillance programs and their agencies.