The oversight body that monitors the super-secretive Communications Security Establishment Canada has concluded that the agency was not involved in “tracking of Canadians or persons in Canada.”
Instead, the oversight body says the spy agency was simply collecting so-called metadata in an exercise “to understand global communications networks.”
By law, CSEC cannot target Canadians anywhere in the world, nor anyone in Canada, including visitors.
A top secret CSEC document retrieved by U.S. whistleblower Edward Snowden and recently reported by CBC News, shows the spy agency was able to obtain data from an airport Wi-Fi internet service, identifying the smartphones and other wireless devices of passengers going through the terminal over a two-week period.
CSEC watchdog muzzled, defanged: Greg Weston
CSEC used airport Wi-Fi to track Canadian travellers: Edward Snowden documents
Read the documents (redacted) on CSEC's aiport Wi-FI tracking project
The document indicates CSEC was able to follow the devices by where they interacted with other Wi-Fi systems in hotels, coffee shops, libraries and other locations across Canada over a period of days after leaving the Canadian airport.
The CSEC watchdog, headed on a part-time basis by a semi-retired judge, Jean-Pierre Plouffe, concluded: “No CSEC activity was directed at Canadians or persons in Canada…that would be illegal.”
Plouffe’s office says its investigation exonerating CSEC consisted almost entirely of talking to CSEC.
“We questioned CSEC employees involved in the activity…and we examined results of the activity,” the oversight body said in a prepared statement posted to its website.
Cyber expert Ron Deibert says the ruling “makes a mockery of public accountability and oversight.”
The author of the best-selling book Black Code about internet privacy says the leaked Snowden document would lead most people to conclude that “the Government of Canada is indeed engaged in mass surveillance of Canadians.”
Disappointed by the ruling
Ontario’s privacy commissioner, Ann Cavoukian, says she is disappointed by the ruling.
“CSEC isn’t tracking? I don’t know what that means…Does he [Plouffe] mean that collecting metadata can’t equal the tracking of Canadians?”
Cavoukian says the reality of what the spy service was up to is being clouded in “doublespeak.”
“I don’t care if you call it tracking or a ham sandwich.”
CSEC director John Forster recently argued before a Senate committee hearing that collecting metadata isn’t tracking anyone.
The agency’s independent watchdog apparently agrees.
Metadata is information about a personal communication, but not the actual content – for example, the phone numbers of everyone a person calls, but not the actual content of those conversations.
In the case of the airport pilot project – it has since become fully operational – the metadata would have included the identifying codes on the airport visitors’ smartphones, and their locations over a period of days.
Deibert is director of the Citizen Lab for cyber issues at the University of Toronto’s Munk School of Global Affairs. He says metadata can be far more invasive than the content of a person’s actual phone calls and emails.
“Let’s be clear: Our movements, social relationships, habits, meetings, personal preferences, with whom we communicate and for how long, the websites we visit – all of that and more is what the government asserts it can collect and analyze,” Deibert says.
“That is deeply troublesome.”
Privacy commissioner Cavoukian says she was stunned to learn the ruling on CSEC was based almost entirely on Plouffe and his staff talking to the spy agency’s employees.
“With the greatest of respect, I was surprised they didn’t dig deeper on this given the scope of the issue and how exercised people have become over metadata collection.”
Plouffe’s office is currently conducting a study of the metadata issue with the final results expected sometime in the late summer of 2015, just before the next federal election.