The revelations this week that the Canadian Security Intelligence Service (CSIS) has broken the law by retaining, for a period of 10 years, electronic data of the private information of Canadian individuals has shattered the public’s confidence in the country’s leading spy agency, according to privacy advocates.

A federal court ruling by Justice Simon Noel made public this Thursday, found that CSIS had broken the law by retaining massive amounts of private information on Canadians in its database and had failed its duty to inform the court of its data collecting program. The federal court zeroed in the agency’s previously-unknown Operational Data Analysis Centre and CSIS’s scheme of amassing huge amounts of information which are not directly related to its investigations.

Metadata retention is illegal

“This retention of associated data is illegal,” Justice Noel said in a heavily redacted 126-page judgment. Associated data or metadata includes information such as email addresses, and telephone numbers but not the recordings of phone conversations or content of emails. Because substantial parts of the judgment were blacked out, it’s hard to determine the nature of the information gathered by CSIS.

Justice Simon Noel
Justice Simon Noel

The ruling, however, stated, the “scope and volume of incidentally gathered information has been tremendously enlarged” and has led to the retention of metadata that is not relevant to any active investigation.


More privacy safeguards in Five Eye’s data sharing sought

Cyberspy agency shared Canadian metadata with foreign partners

“This revelation is disturbing because the program of CSIS is very good at collecting a huge amount of data from a large number of people but is not very good at getting the real targets,” said Dr. Ann Cavoukian, former Information and Privacy Commissioner of Ontario and now executive director of the Privacy and Big Data Institute at Ryerson University. “The program uses machine learning to create a profile on individuals through their connections and interaction.”

Fears of false positives

The problem is, she said, such a system is prone to creating false positives.

Dr. Ann Cavoukian
Dr. Ann Cavoukian

“Innocent people can be labeled as threats…It can ruin your life,” Cavoukian said. “This is the metadata collection program we all fear.”

In a press conference on Thursday, CSIS Director Michel Coulombe accepted the court’s decision but tried to play down the seriousness of his agency’s actions.

“I deeply regret the court’s serious concerns with respects to meeting our duty of candor, and I commit to continuing my efforts with the deputy minister of justice to address this concern,” he said. “All associated data collected under warrants was done legally. The court’s key concerns relate to our retention of non-threat-related associated data linked with third-party communication after it was collected.”

Michel Coulombe
Michel Coulombe

Doubts cast on current oversight

However, the federal courts ruling brings to question current checks and balances meant to protect Canadian’s privacy rights, according to Michael Geist, Canada Research Chair in Internet and e-commerce law at the University of Ottawa.

“The ruling reveals a level of deception that should eliminate any doubts that the current oversight framework is wholly inadequate and raises questions about Canadian authorities commitment to operating within the law,” Geist wrote in his blog. “The court found a breach of a ‘duty of candor’ (which most people would typically call deception or lying) and raises the possibility of a future contempt of court proceeding.”

He also noted that Thursday’s revelation follows the recent release or a report from the Security Intelligence Review Committee which raises concerns about the bulk data collection program of CSIS. That report recommended that CSIS inform the federal court of its data collection activities.

That recommendation was rejected by CSIS and the court only became aware of the metadata retention program only through the SIRC report, Geist pointed out.

Michael Geist
Michael Geist

“In light of what we now know, Canadians simply cannot be confident that security intelligence agencies are safeguarding and respecting our rights and freedoms,” he said.

Repeal of Bill C-51 sought

Cavoukian agrees. She also pointed out that the federal court decision also revealed that CSIS is now no longer required to obtain a warrant to gain access to people’s tax records from Revenue Canada, thanks to Bill C-51.

Bill C-51, brought in by the former Conservative government, which introduced sweeping data gathering powers for intelligence and law enforcement agencies. Bill C-51 received Royal Assent in June 2015 as the Anti-Terrorism Act, 2015, and came into force in August 2015. It introduced the Security of Canada Information Sharing Act (SCISA). SCISA’s current standard dictates that certain federal government institutions may share information amongst themselves so long as it is “relevant” to the identification of national security threats.

Canada’s Privacy Commissioner David Therien, believes “that threshold is inadequate and could expose the personal information of law-abiding Canadians. He said a more reasonable threshold would be to allow sharing “where necessary.”

The Liberal government promised to repeal elements of C-51 that pose risks to privacy, but it has done nothing so far, said Cavoukian.

“We have to hold the Prime Minister accountable to this,” she said. “We have to pressure him to walk his talk.”