The Honourable Jean-Pierre Plouffe submitted his report in June 2015 to then Minister of National Defence, Jason Kenney. It appears that the Conservative government, under fire at the time over Bill C-51, did not table the report in the House of Commons, effectively suppressing it until after the election. The report was inherited by the incoming Liberal government and tabled in January 2016.
The report acknowledges the ongoing global surveillance debate, referencing the Snowden documents and legislative initiatives by the former Conservative government. It states that Canadians “deserve reassurance” that intelligence activities “do not unreasonably infringe on the privacy of Canadians.” Commissioner Plouffe’s intentions are laudable, but he is only partially correct. Canadians deserve much more than reassurance; they deserve clear answers on the scope and authority of Canadian intelligence agencies.
Metadata lies at the center of this controversy. According to the report, “CSE discovered on its own that certain metadata was not being minimized properly. Minimization is the process by which Canadian identity information contained in metadata is rendered unidentifiable prior to being shared.” As a result, “CSE took corrective actions and proactively suspended the sharing of certain types of metadata in order to protect the privacy of Canadians while developing a solution to the problems it encountered in this area.”
The Commissioner noted, “the fact that CSE did not properly minimize Canadian identity information contained in certain metadata prior to being shared was contrary to ministerial directive, and to CSE’s operational policy.” While Canadians should be concerned, there are much larger privacy issues in play.
Intelligence activities are vital to protect Canadians. To remain effective, the agencies must rely on highly sensitive sources and methods, and share information with trusted allies. Most of their operations must remain secret. However, the national interest is not threatened by a full and frank discussion of the authority agencies have to conduct electronic surveillance and the limits to which they are subject.
The Criminal Code generally prohibits the interception of private communications between Canadians, and section 273.64 (1) of the National Defence Act establishes a three part mandate for CSE:
(a) to acquire and use information from the global information infrastructure for the purpose of providing foreign intelligence, in accordance with Government of Canada intelligence priorities;
(b) to provide advice, guidance and services to help ensure the protection of electronic information and of information infrastructures of importance to the Government of Canada; and,
(c) to provide technical and operational assistance to federal law enforcement and security agencies in the performance of their lawful duties.
On the surface, Canadians should be confident that their private communications will not be monitored as part of the above mandate. However, despite the objections of their own Privacy Commissioner, the former Conservative government clearly did not consider metadata part of the communication. In other words, eavesdropping on a telephone call between two Canadians requires a warrant, but recording the time, date, length, and telephone numbers of every call is apparently fair game. Similarly, collecting email content might violate the law, but recording the to and from fields apparently does not.
Despite the wave of concern, there is no credible reason to believe that Canada’s intelligence agencies exceed their legal authority except by accident. The available evidence suggests that they operate within their applicable legal frameworks. It is the frameworks that concern Canadians, and the responsibility for addressing that lies with Parliament.
Canadian intelligence agencies face the formidable challenge of combating espionage and terrorism while navigating numerous laws and ministerial directives. Our new government has promised significant improvements in the area of oversight, a major step in the right direction. But oversight focuses primarily on ensuring that rules are obeyed. It is those rules that must be clarified.
If protecting Canadians truly requires that intelligence agencies engage in large scale metadata collection, Parliament should explicitly legislate that power. Instead of operating in the shadows between the National Defence Act and the Criminal Code, supplemented by ministerial directives, CSE should be governed by legislation that unifies and clearly defines all authorities and responsibilities. Parliament must take responsibility for what intelligence agencies are allowed, and not allowed, to do in the name of national security.
Have a security question you’d like answered in a future column? Email firstname.lastname@example.org
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…