This story is over 5 years old

The Harper Government Insists it’s Legal to Collect Metadata

CSEC's defense of its metadata collection program is steeped in confusing, government doublespeak.

by Patrick McGuire
Feb 4 2014, 7:33pm

John Forster, head of CSEC, testifying yesterday. Via the Senate/CBC.

Last Friday, Canada got its first major taste of Snowden’s trove of surveillance files when it was revealed through the CBC that CSEC—Canada’s NSA—ran a metadata collection program at a major Canadian airport in 2012. The program was designed to capture the unique MAC addresses of the iPhones and laptops of travellers using free WiFi before their flights. Ronald Deibert, the author of Black Code: Inside the Battle for Cyberspace, called this type of data-collection outright illegal in a column he wrote for the Globe and Mail. Meanwhile Stephen Rigby, Canada’s National Security Advisor, claims metadata: “does not represent a compromise of private communications by Canadians. It’s data about data and so it is well within the parameters of CSEC’s operations.” 

For anyone who has been following the political drama in the United States surrounding the NSA fallout, a defense like Stephen Rigby’s is a broken record of spy agency doublespeak. The idea that metadata is somehow innocuous because it is “about data” is a frustrating, semantically overwrought, and illogical defense that avoids the real issue of government culpability when it comes to the invasion of its citizens’ privacy.

As Glenn Greenwald told VICE while discussing the NSA’s collection of metadata from Verizon customers: “In many instances, metadata is actually more invasive than listening to the content of your calls or reading your email.” In that interview, he provides the example of a woman calling an abortion clinic. If you’re simply listening to the content of that call, you may only hear that woman making an appointment to see a doctor—but if you know the number she’s calling, you can identify it as an abortion clinic, and get a much more detailed picture of what’s going on in her private life.

In the case of CSEC, there is no evidence of a similar cell phone data sweep program operating out of Ottawa. The airport WiFi program, however, apparently allows CSEC to create a metadata trail of a person’s travels throughout the globe, using their unique MAC address built into their phone or laptop as the tracking key as they sweep and collect information—which must mean they are collecting information from other public WiFi hubs to develop these trails as well.

John Forster, the head of CSEC, described the WiFi program in his own words at a Senate hearing yesterday: “This exercise involved a snapshot of historic metadata collected from the global internet. There was no data collected through any monitoring of the operations of any airport. Just a part of our normal global collection.” Forster’s apparent inability to equivocate metadata and data is troubling, and his appraisal of CSEC’s day-to-day duties as “normal global collection” may be ordinary to the agency, but it certainly requires further questioning. Forster has also admitted the metadata of Canadians gets collected by CSEC because “there are foreign and Canadian information mixed together in the internet,” a statement that is also rooted in confusing semantics—does foreign mean terrorist? Or is Canada okay with gathering information on pesky foreigners, like their friends in the NSA, who only need to be 51 percent sure that their target lives outside of America?

CSEC's gathering of the "haystack" by sucking up as much information as they can in order to find the "needle" (the terrorists are needles in this hokey analogy that permeates the intelligence community's defense) is a problematic strategy that sounds more like mass surveillance than a useful terrorist-catching system.

In the Dark Knight, when Bruce Wayne is staring at a mass surveillance apparatus that uses every Gotham City resident’s cell phone to sniff out the Joker, he faces more of a moral quandary than CSEC or the NSA has ever demonstrated in public; and he destroys the machine after finding the bad guy! Who is the Joker, exactly, that the Canadian government is so afraid of? In a hearing yesterday, Michel Coulombe, the head of CSIS, pointed to Syria, al-Qaeda, and the Iranian nuclear program as bad guys that ostensibly threaten Canada—while also indicating CSIS is concerned about “over 130 Canadians” operating as extremists abroad; noting that these 130 lapsed Canadians are CSIS’s primary concern.

In a section of the Canadian government’s “2013 Public Report on the Terrorist Threat to Canada,” in a section entitled “No Country is immune from terrorism,” Canada’s ready-for-whatever approach to supervillainy is summarized as such:

“A terrorist attack could still occur within Canada. The April 2013 arrests of individuals in Quebec and Ontario who were allegedly conspiring to carry out a terrorist attack and the tragic events in Boston remind us of this possibility. Terrorists may also attempt to recruit supporters, raise funds or acquire other forms of support in Canada. The terrorist threat impacts how we conduct diplomacy, business, travel, security and development assistance, both at home and abroad. It can threaten Canadian charities, foreign investments and international development projects. It can threaten Canadian goals, prosperity and quality of life. Terrorism poses a risk to Canadians travelling abroad - tourists, soldiers, diplomats, aid workers and business people. Terrorists may target an individual, a community or Canadian society as a whole. A threat to any Canadian is a threat to us all.“

The problem with “terrorism” is that it can be used as a way to frame every facet of our society as being endangered (charities, goals, prosperity, quality of life, business, travel) by such a nebulous and all-encompassing threat. With precisely zero terrorist attacks—and yes, there have been close calls—on Canadian soil to date, and the odds of an American being killed in a terrorist attack ranking lower than drowning or being in a car accident, it’s hard to understand why we should be signing off on massive surveillance systems in the name of foreign boogeymen. Especially when it’s already been disproven that the NSA’s mass surveillance systems could have stopped 9/11.

Unfortunately the Canadian government has decided to offer insultingly insufficient answers to the public instead of discussing these issues in any meaningful way. For example, according to Paul Calandra, Stephen Harper’s Parliamentary Secretary, Glenn Greenwald is a “porn spy” who sold “stolen documents” to the CBC, while quoting CSEC’s technically true (but essentially false) statement that “no Canadians’ communications were collected.” While Paul hasn’t got back to me about what it means to be a porn spy, his ranting and raving is disappointingly juvenile and completely avoids the content of Snowden’s leaks.

In an article titled “Canada's WiFi Surveillance and CSEC's Non-Denial Denials” written by Ryan Gallagher, who helped break the latest CSEC story with the CBC and Glenn Greenwald, he analyzes the frustrating responses from Harper’s government:

“CSEC's denial that it 'tracked' Canadians or foreign travellers, I think, hinges upon a narrowly defined interpretation of the word. The US Department of Defence, for instance, uses 'tracking' as a specific technical term meaning the "precise and continuous position-finding of targets by radar, optical, or other means." CSEC's IP profiling definitely fits the dictionary definition of "tracking" as it is understood by most people—but does it fit the narrower military definition? Perhaps CSEC believes that IP profiling [CSEC’s term for its tracking method] does not constitute ‘precise and continuous’ tracking. But if so, it should be explaining this—as otherwise its denial is highly misleading.”

Clearly the government is playing a game of semantics to avoid the issues detailed in Snowden’s leaks. With more documents presumably on the way from the “porn spy” and co., it will be harder and harder for the government to hide behind ambiguous definitions of proprietary terminology. Meanwhile, legal action from groups like the British Columbia Civil Liberties Association, who launched a lawsuit against CSEC in October for “collecting Canadians’ private communications and metadata information in a manner that violates the Charter of Rights and Freedoms” will hopefully push forward a review process that can dismantle the super-surveillance systems which appear to be operating silently in Canada.