No, it’s not an episode of Homeland, but it certainly feels like it could be one.
News emerged this week that Canada’s spy agency, CSIS, has been illegally collecting, storing, and sifting through average Canadians’ data for a full decade.
The agency is now taking fire after a Federal Court slapped it for “[failing] in its duty to be candid with the court” by secretly keeping the data, which had been collected under duly issued warrants.
How did this happen, what data are we talking about, and what does this mean for Canadians? For some perspective, we reached out to CP reporter Jim Bronskill who has been following the case.
Bronskill says the discovery has kicked off something of a hornet’s nest in Ottawa, prompting a hastily arranged media availability from CSIS’ director, with the agency saying it’s frozen its use of the data.
Public Safety Minister Ralph Goodale has also stepped up and says Canada’s spy watchdog SIRC will be monitoring CSIS.
But he says despite the furor, we still don’t even know what CSIS was doing.
“It’s not entirely clear because of secrecy around this whole thing, but what we do know is that in 2006, CSIS set up a kind of supercomputer program to sift through the information it had in its databases, and the thing that the judge had issue with was the fact that it was retaining information about people who were not the targets of security investigations,” he said.
Bronskill says what we do know is that the information collected appears to belong to third parties, like friends, family, or otherwise in contact with suspected spies, terrorists, or other people under investigation.
And what kinds of data are we talking about here, emails and phone calls? Fortunately not, says Bronskill – instead, CSIS was harvesting “metadata,” rather than the content of messages.
“The data trails around messages, so perhaps an address, or a phone number, timesamps, things like that. Which experts say can be very revealing about people nonetheless.”
He says this issue has come up before with Canada’s cyberspy organization, CSE, which works closely with the NSA, but it’s new ground for CSIS.
What we know is extremely limited – highlighted by the fact that the ruling itself is heavily redacted.
Bronskill says that leaves us with plenty of questions, for example: what exactly was the purpose of this computer program, what is its scope, how much information was collected, and what exactly was CSIS doing with it?
He says it’s not even clear if the information was valuable to CSIS or just a fishing expedition. The spy agency claims it was valuable.
Bronskill says it also raises questions about whether CSIS is using other databases of public information, and how the programs could be related.
“It begs big questions bout how CSIS is operating in the information age, and the digital age, and CSIS and the Minister are saying this week that the National Security Review underway should really look at these things,” he said.
Some of those questions may eventually be answered, with the court ruling prodding legislators to review the now 32 year old CSIS act which was written in an era of typewriters and landlines.
Bronskill says there may be future hearings on the issue, and a committee of parliamentarians is also being struck to review intelligence matters… though there’s no timeline on that either.
In the mean time, Canadians are left with a hefty question mark hovering over their digital privacy rights.