A Canadian federal court dropped a bombshell this week when it revealed that intelligence services have been collecting and storing the metadata of Canadians not suspected of committing any crimes.
In a ruling announced Thursday, the court said the bulk data analysis program operated by the Canadian Security Intelligence Services — it’s essentially Canada’s CIA — involved retaining “non-threat, third-party” information on a large scale. The ruling, however, remains heavily redacted.
Public Safety Minister Ralph Goodale told reporters on Friday that he, the minister responsible for the spy agency, was first briefed on the program in January and didn’t become aware of the “full scope of the issue” until early October.
The data analysis program, which dates back to at least 2006, saw the CSIS storing any metadata it obtained during the course of an investigation regardless of whether that data was pertinent to the case at hand. The database, which contained phone numbers, names, GPS locations, and IP addresses, was stored on the spy agency’s servers and regularly used for subsequent investigations.
Even if someone simply called the phone of a suspect being surveilled, that person’s metadata could enter the database.
“CSIS has been illegally storing information on untold numbers of Canadians who pose no threat at all,” Murray Rankin, an opposition Member of Parliament and a former lawyer for CSIS’ oversight body, told reporters on Friday. “They’ve been doing so for over a decade.”
Rankin called the information stored and analyzed on these servers “deeply, deeply invasive information.”
CSIS is one half of Canada’s spy apparatus. The Communication Security Establishment, Canada’s signals intelligence agency akin to the NSA, is tasked with doing big data analysis but is forbidden from surveilling or collecting data on Canadians.
Generally, CSIS needs a warrant to intercept communications or tap phone conversations. If the agency acquires data on Canadians who are not subject to an investigation, or if the data isn’t relevant to a known national security threat, CSIS is legally required to delete the information.
The court found that CSIS didn’t follow the law.
“With respect to third-party data, CSIS has halted all access to, and analysis of, associated data while we undertake a thorough review of the decision in order to assess potential operational and legal impacts, and determine our way forward,” CSIS Director Michel Coulombe told reporters at a Thursday evening press conference.
Goodale has not said whether he’ll compel the spy agency to get rid of the database.