Spy agency improperly handled some information about Canadians: watchdog

OTTAWA—Canada’s electronic spy agency intercepted—and kept—several private communications of Canadians last year in violation of internal policies on personal information.

In his annual report, the watchdog that keeps an eye on Communications Security Establishment Canada says while many of the 66 intercepts involving Canadians were handled properly, some were not.

The findings prompted several recommendations to strengthen privacy protection.

Ottawa-based CSEC monitors foreign communications of intelligence interest to Canada, and exchanges a large amount of information with similar agencies in the United States, Britain, Australia and New Zealand.

Leaks from Edward Snowden, a former contractor for the U.S. National Security Agency—CSEC’s American counterpart—have raised questions about operations of the so-called Five Eyes intelligence network.

CSEC insists it targets only foreign email, telephone and satellite traffic.

However, the spy service acknowledges it cannot monitor global communications in the modern era without gathering at least some Canadian information.

In certain cases the defence minister authorizes CSEC activities that would otherwise risk breaching the Criminal Code provision against intercepting the private communications of Canadians.

In his report made public late Wednesday, CSEC watchdog Jean-Pierre Plouffe said the spy agency deletes “almost all” of the small number of such communications it unintentionally intercepts.

It is allowed to use or retain such information only if it is essential to matters of defence, security or international affairs.

Plouffe’s staff looked at all 66 private interceptions from 2012-13, listening to voice recordings, reading written contents or examining written transcripts of the communications. Of those, 41 were used in spy agency reports—with any Canadian identities suppressed—and the remaining 25 kept for future use.

The review revealed instances where CSEC employees did not correctly follow procedures, including:

• One case in which an interception was kept even though it was not essential to defence or security;
• Several interceptions that went unmarked for retention or deletion for weeks;
• Other instances of analysts keeping communications involving Canadians—in some cases for several months—that were no longer essential.

Plouffe recommended five improvements, urging spy service analysts to regularly assess, at minimum four times a year, whether ongoing retention of a private communication is strictly necessary.

Defence Minister Rob Nicholson, the cabinet member responsible for CSEC, accepted the recommendations. The spy agency is working to address them, the watchdog’s report says.

“My office and I will monitor developments,” Plouffe wrote.

CSEC had no immediate comment.

Despite the violations of procedure, Plouffe found that all of the CSEC activities he reviewed in the last fiscal year complied with the law.

Material disclosed by Snowden last year indicated that Canada had helped the United States and Britain spy on participants at the London G20 summit in 2009. Other documents from Snowden’s cache suggested CSEC once monitored Brazil’s department of mines and energy.

Plouffe said he’s concerned Snowden’s disclosures have prompted commentators to raise fears based on “partial and sometimes incorrect information regarding certain CSEC activities.”

Some critics have scoffed at Plouffe’s oversight efforts, painting him as more lapdog than watchdog—a characterization Plouffe vigorously rejects.

“I want to reassure Canadians, especially those who are skeptical about the effectiveness of review of intelligence agencies, that I am scrupulously investigating those CSEC activities that present the greatest risks to compliance with the law and to privacy,” he wrote.

“I will make public as much information as possible about these investigations, their resulting conclusions and any recommendations. Transparency is important to maintaining public trust.”