The head of the Canadian Security Intelligence Service said the spy agency accepts the federal court’s finding that CSIS had broken the law in retaining massive amounts of potentially revealing private digital information on Canadians. However, CSIS director Michel Coulombe argued that his agency did no “knowingly” exceeded its mandate and that its collection of metadata was within the bounds of the law.
CSIS acknowledged it was a “significant omission that the court was not informed earlier of the existence of its metadata collecting and processing program, as well as its approach to data retention, Coulombe said.
But he argued: “I would like to reiterate that all associated data was legally collected under warrants…At no point did CSIS deliberately seek to withhold this information from the Court, and the Court acknowledged that there is no evidence to suggest CSIS did.”
He also said that CSIS, “in consultation with the Department of Justice,” interpreted the CSIS Act to “allowed for the retention of non-threat related associated data linked with third party communications that were collected while under warrant.”
RELATED CONTENT
CSIS metadata bombshell highlights broken oversight system
More privacy safeguards in Five Eye’s data sharing sought
“The Federal Court has disagreed with this interpretation and we accept their decision,” Coulombe said. “I would like to make it clear that the Service was not knowingly exceeding the scope of the CSIS Act.”
A federal court decision by Justice Simon Noel that was released last week, found that CSIS had broken the law by retaining, for a period of 10 years, private metadata of Canadian individuals.
In 2006, CSIS embarked on a project processing metadata (information such as telephone numbers and email addresses, but not containing the actual message) using a powerful program the agency called Operational Data Analysis Centre (ODAC). The program uses algorithms which find links between data on activities and individuals and helps create a data trail or people that may have connections to people under CSIS surveillance.
“This retention of associated data is illegal,” said Noel.” The “scope and volume of incidentally gathered information has been tremendously enlarged” and has led to the retention of metadata that is not relevant an active investigation.
In his statement, Coulombe said his agency’s data collection was known to “key government stakeholders.
He said ODAC was created to “derive more value from the data already being collected under warrant using data exploitation techniques.”
The creation of ODAC and its operation was presented to the Minister of Public Safety in July 2006, he said. An explanation of the requirement for advanced data analytics and the ability of ODAC to retain data, including metadata, for extended periods of time, was also provided.
Coulombe said the minister of public safety was also brief on the program in 2010 and information on the program was shared “over the years with various government stakeholders,” including the Security Intelligence Review Committee (SIRC), the Privacy Commissioner, including a Privacy Impact Assessment, and the Inspector General of CSIS.
“…these briefings may not have specifically addressed the retention of the subset of associated data on which the Court has now ruled,” Coulombe pointed out. “The intent of the Service, however, was to ensure key stakeholders were aware of ODAC, its capabilities, and intentions around retention.”
The CSIS director also said that the 2014-2015 report on the SIRC’s review of CSIS’ use of associated data, did not conclude that the retention of associated data was illegal although it suggested that the Federal Court be made aware of it.