Toronto Star ePaper

Spy agency may have broken privacy laws, watchdog says

Review finds staff had no guidance on releasing Canadians’ information

ALEX BOUTILIER

OTTAWA—Canada’s electronic spy agency may have broken privacy laws in sharing Canadians’ information with other intelligence and government agencies, according to a new watchdog report.

The National Security and Intelligence Review Agency (NSIRA) reported Friday that the Communications Security Establishment (CSE), Canada’s electronic espionage agency, approved turning over identifying information about Canadians to other government agencies in almost every case the watchdog reviewed.

The review suggested that CSE employees had no written guidance on whether a request for identifying information was justified, just on the logistics of how to release it.

In fact, of the 3,708 “identifiers” reviewed by the watchdog over a five-year period, CSE released 3,671 — roughly 99 per cent of the requests it received. The watchdog found 28 per cent of those requests did not have sufficient justification for releasing Canadians’ information.

“One of the concerns that has been raised (about CSE operations) … is exactly this. The concern is information that is incidentally collected about Canadians could be used to the detriment of their lives,” said Christopher Parsons, a researcher with the University of Toronto’s Citizen Lab.

Parsons gave the example about information passed on to the Canada Border Services Agency, which could then complicate an individual’s ability to re-enter Canada.

“This report explicitly calls out that sensitive groups have had their information turned over.

He added that the Canadian Security Intelligence Service (CSIS) “has a history of targeting environmentalists, Aboriginal groups and so forth … If it turns out the CSE has been inappropriately enabling CSIS to spy on legitimate civil rights groups, civil activism groups, that is a really, really bad look.”

The CSE is forbidden from turning its powerful intelligence-gathering tools on Canadians or anyone in Canada, but “incidentally” collects information on Canadians routinely in the course of its foreign intelligence gathering.

Any identifying information about Canadians is typically suppressed in CSE intelligence reports. But if other Canadian government or foreign services have legal justification, they can request the identifying information directly from the CSE.

In a response to the watchdog’s report, CSE management pushed back on the “overall findings” of the report, and suggested the NSIRA review does not “fully appreciate CSE’s commitment to, and work on, (the) protection of privacy.”

“CSE continuously refines our privacy-protection measures, including those associated with the disclosure process,” the agency wrote in its response.

“We are concerned that broad generalizations based on specific aspects of certain records within a single privacy measure may leave the reader with an incorrect impression about CSE’s overall commitment to privacy protections for Canadians.”

The agency noted that its former watchdog, the CSE commissioner, had confirmed CSE’s disclosures of Canadian identifying information complied with the law.

But Parsons noted that might point to a problem with the former watchdog’s reviews, rather than NSIRA’s findings.

“The CSE commissioner, who found that CSE was behaving within the scope of the law, in fact that might not be the case at all,” Parsons said.

“What else might NSIRA retroactively go back and look at and say, ‘Actually, the CSE commissioner got it wrong.’”

NEWS

en-ca

2021-06-21T07:00:00.0000000Z

2021-06-21T07:00:00.0000000Z

https://torontostar.pressreader.com/article/281629603230795

Toronto Star Newspapers Limited