Mass surveillance in Canada explained

The Edward Snowden revelation that the Communications Security Establishment (CSE), without a warrant, used free airport Wi-Fi service to gather the communications of all travellers using the service and to track them after they had left the airport sparked an ongoing unfounded concern about mass surveillance in Canada.[1] It was reported but unverified that the number of Canadians affected by this surveillance is unknown apparently even to the Canadian Security Intelligence Service.[2]

Key Government Bodies

The Department of National Defence (DND), the Communications Security Establishment, CFINTCOM and the Canadian Security Intelligence Service CSIS

Communications Security Establishment Canada (CSE)

The Communications Security Establishment Canada (CSE) is Canada's signals intelligence agency. The agency is responsible for foreign signals intelligence and for protecting the Canadian government's electronic information and communication networks. It reports to the Minister of National Defence, who is in turn accountable to Cabinet and Parliament. CSE is part of the Five Eyes, or the alliance of spying agencies of the United States, Australia, New Zealand, the United Kingdom and Canada.

CSE originated in World War II, as a military signals corps meant to collect foreign intelligence signals. The agency only came into public awareness, however, with the 1974 CBC TV documentary The Fifth Estate: The Espionage Establishment. Since the events of 9/11 and Canada's subsequent 2001 Anti-Terrorism Act, the CSE's capacities have expanded significantly, in terms of legal mandate, available technology, and financial resources. Today, it employs roughly 2000 people[3] and its estimated 2015-2016 budget was $1.075 billion.[4] The agency expects a net increase of $59.5 million in federal funding in the coming year[4]

The 2001 Anti-Terrorism Act amended the National Defence Act to establish the CSE's mandate as follows:

CSE is bound by the Canadian Criminal Code, the Canadian Charter of Rights and Freedoms, the Privacy Act, and all Canadian laws. The agency cannot legally intercept the private communications of Canadians, except for foreign communications that originate or end in Canada. Ministerial authority for such interception is given on a case-by-case basis. Additionally, for reasons of national security, the Security of Information Act permanently binds CSE employees to secrecy, meaning they cannot legally disclose certain information without special authorization.[5]

Per CSE's own description,[6] all of the agency's activities must be necessary to fulfill their relevant mandate; proportionate to the risk being mitigated or the foreign intelligence of interest; effective at protecting the privacy of Canadians; and as minimally intrusive as possible.

The agency is overseen by the CSE Commissioner's Office, which conducts an annual review of CSE activities and their compliance with the law and ministerial authority. The CSE Commissioner can issue recommendations as to the CSE's conduct, which are then, in theory, implemented by the Minister of Defence. To date, the Commissioner has yet to find any CSE activities to be in violation of Canadian law.

Metadata surveillance

CSE is responsible for the Canadian government's metadata surveillance program. Even though metadata does not include the content of the communication itself, it yields a substantial amount of information about its source devices, users and transmissions.

A national security measure to track patterns of suspicious activity, the Canadian metadata surveillance program was first implemented in 2005 by secret decree.[7] It was then suspended for a year in 2008, amid concerns that the program could amount to unwarranted surveillance of innocent Canadians. However, the program was renewed in 2011 via ministerial directive from then-Defence Minister Peter MacKay. The program was broadly approved by the CSE Commissioner at the time.

CSE claims that it does not collect or use metadata to target Canadians without a warrant, as doing so would violate the National Defence Act. The agency holds that it only uses metadata to identify foreign intelligence targets and their social networks, and possible cyber threats.[8] However, CSE acknowledges that the subsets of metadata that it legitimately collects may inadvertently include metadata on the private communications of Canadians. To reduce this allegedly inevitable incursion of privacy, the agency takes measures such as limiting the length of time that metadata can be stored, restricting access to metadata to authorized CSE personnel, redacting any identifying information about Canadians when sharing intelligence with allies, and cooperating with the CSE commissioner's review of activities.

Oversight

There are actually no oversight for the Communications Security Establishment.

Security Intelligence Review Committee

Legal Framework

Privacy Act

Notes and References

  1. News: CSEC used airport Wi-Fi to track Canadian travellers: Edward Snowden documents.
  2. News: Ottawa Bureau Reporter. Boutilier. Alex. February 2, 2017. February 2, 2017.
  3. Web site: Toronto Star. thestar.com.
  4. Web site: Canada's spies expecting a budget boost - Toronto Star. thestar.com. 23 February 2016 .
  5. Web site: Consolidated federal laws of canada, Security of Information Act. Legislative Services. Branch. laws-lois.justice.gc.ca. 6 October 2023 .
  6. Web site: How does CSE protect the privacy of Canadians?. Web Experience. Toolkit. www.cse-cst.gc.ca. https://web.archive.org/web/20170613001216/https://www.cse-cst.gc.ca/en/inside-interieur/privacy-privee. 2017-06-13.
  7. News: Data-collection program got green light from MacKay in 2011. COLIN. FREEZE. 10 June 2013. The Globe and Mail.
  8. Web site: Metadata and our Mandate. Web Experience. Toolkit. www.cse-cst.gc.ca. 27 October 2020 .