News

The Harper Government Still Thinks CSE Is Acting Legally

Even though we all know your downloads of Game of Thrones are getting snooped on right this second.

by Justin Ling
Feb 4 2015, 2:00pm

Surveillance cameras. Photo via Wikimedia Commons

The Canadian Government says that, despite conclusive evidence supplied by Edward Snowden, CSE is not breaking the rules.

News broke on Jan. 28 that Communications Security Establishment Canada (CSE) was running a bulk data collection program targeting users of file sharing sites like Megaupload and Rapidshare, according to Snowden documents from 2012.

That program caught Canadians in its web, according to the documents, which is something that CSE is forbidden from doing.

But Rob Nicholson, the Minister for National Defence, says that as the minister in charge of CSE, he's not worried about it.

"CSE has to abide, of course, by the rules, and the commissioner that has a look at this has confirmed that they have acted within Canadian law," Nicholson said the next day.

When VICE pointed out that the documents, which were reported by CBC and The Intercept, appear to directly contradict that they were abiding by the rules, Nicholson was unfazed.

"They [the CBC] may report, but all the information from the Privacy Commissioner is that they comply, and they have to comply with it."

Nicholson likely meant the CSE Commissioner, who oversees the agency, not his privacy counterpart. But the agency has already allegedly broke its mandate in a questionable spying operation. In 2014 it was revealed the CSE ran an airport wifi spying operation that allegedly collected the data of Canadians who passed through the as-yet-unnamed airport.

Moreover, in last year's report, the CSE Commissioner said interception of Canadians' data only happened 66 times. In each of them, Plouffe said he was confident that the data was obtained unintentionally and that they each contained such critical information that thought ought to be sent on to other agencies', albeit with the personal information of the individual protected.

Justice Minister Peter MacKay maintained the same innocent tract when asked about the CSE's ongoing operations.

"In accordance with the law CSE is involved in data collection of foreign entities to do so in the interest of protecting Canadians' privacy, guarding against cyber attacks, and, as we know, there have been occurrences of radicalization online that is of real concern," MacKay said outside the House of Commons, adding that the Commissioner—ex-judge Jean-Pierre Plouffe—keeps watch over CSE and has, thus far, not found any wide-spread abuse of the process.

Associate Minister of Defence Julian Fantino, who appears to be the new political chief for CSE, repeated roughly the same lies as the other two ministers. Apart from installing Fantino into the job, the Prime Minister also appointed bureaucrat Greta Bossenmaier as the new head of CSE. That appointment was much to the surprise, ironically, of the intelligence-gatherers at CSE.

As one CSE source told me, it was my tweet that alerted the signals intelligence spooks to their new boss. In other words, the musical chairs of CSE high command was a surprise to its employees.

CSE's mandate explicitly forbids them from capturing Canadians in their bulk surveillance programs. The law explicitly says that CSE cannot target Canadians, and it must take steps to ensure that Canadians' privacy is respected.

Evidently, that's not happening.

In theory, the CSE Commissioner—the one person with authority to oversee the agency's activities—can single out those instances where the agency does capture Canadians' data, and ask the agency to do better in the future.

A spokesperson for the Commissioner's office said that CSEC's activities are reviewed to ensure that they are targeted only at foreign individuals, and that they don't scoop up Canadians' information in the process.

When VICE asked how he Commissioner could be confident in that, given that sites like Megaupload would be used by thousands of Canadians, the spokesperson cited a section of last year's report.

"I examined a number of new automated processes of CSE, with privacy protections being built into them," writes Plouffe in the report. "I verified CSE's use of technology to diminish the possibilities of human errors or privacy violations."

He does not expand on what processes those are.

However, The Intercept reported that two of the IP addresses mentioned in the Powerpoint presentation were Canadian.

NDP leader Thomas Mulcair says the news underscores the need for a Parliamentary review process for CSE. "What we really need in Canada is a system of oversight like they have in the United States," he said.

There is NSA oversight reports that are issued to the President's Intelligence Oversight Board showing some unlawful activity. Even so, Congress is still woefully unaware of the extent the NSA spies on American citizens.

VICE asked what can be done in the short term to combat the apparent overreach. Mulcair shrugged. "We're in an election year, and the only thing that's going to change this type of behaviour is a change of government."

Liberal leader Justin Trudeau echoed the need for a better review process.

"We continue to believe that strong oversight, like all of our Five Eyes partners have, is going to be important in this area," Trudeau said, referring to the top secret intelligence sharing collective between New Zealand, Britain, Australia, Canada and the United States.

OpenMedia echoed the call, launching a campaign to the Prime Minister: stop spying on us.

VICE asked MacKay whether a Parliamentary review is in order.

"The CSE Commissioner's report indicates that they have been operating inside the law, and that's what your question was."

Follow Justin Ling on Twitter.