Court finds CSIS program illegally kept metadata
Spy agency rebuked over secret program
• A previously unknown unit of Canada’s intelligence service has been illegally keeping data unrelated to national security threats, the Federal Court disclosed Thursday.
In a hard-hitting ruling that was partly blacked out, Justice Simon Noël rebuked the Canadian Security Intelligence Service for not telling the court about a secret metadata program launched in 2006.
The Operational Data Analysis Centre was unknown even to the judges who had been issuing the warrants to collect the information it mined, according to Noël’s ruling.
While CSIS had intended to notify the court and seek its input, that never happened. Judges only learned of its existence recently when CSIS acknowledged what it was doing.
“The CSIS has breached, again, the duty of candour it owes to the court,” Noël wrote, adding that the agency had operated outside its legal authority.
Although the judge ruled retaining the metadata (data derived from the data) was illegal, he did not order its destruction.
The ruling was handed down Oct. 4 but was withheld from the public while parts were redacted.
At a news conference after the decision’s release, CSIS director Michel Coulombe said he had halted use of the data while the matter was reviewed.
CSIS had legally acquired the data and thought it was permitted to retain it, he said. “It is now clear that the Federal Court disagrees with this interpretation, a decision which we fully accept.”
But he defended data analytics, saying it had “proven to be an effective tool,” helping to understand and predict the actions of those being investigated over national security concerns.
Public Safety Minister Ralph Goodale said the government would not appeal the decision and would ask the Security Intelligence Review Committee to “monitor the situation carefully to ensure compliance.”
Goodale said he intended to speak to the CSIS executive about Noël’s findings and had taken note of the court’s observation that the CSIS Act was “now more than 30 years old and showing its age.”
The ruling touched on an issue many governments are struggling to address: amid heightened fears over terrorism, how far can they can intrude into the lives of their citizens in the name of national security?
When CSIS is using its intrusive warrant powers and comes across information
THERE IS LITTLE OVERSIGHT FOR CSIS’S ANALYTICAL PROGRAMS AND OUTPUT.
unrelated to national security threats, that information was supposed to be discarded.
But the agency had been indefinitely keeping the metadata, using it to gain “insight otherwise impossible to glean,” Noël wrote in his decision.
He acknowledged the raw metadata “consists mostly of numbers,” “may only have limited privacy impacts” and had yielded useful intelligence, creating new investigative leads.
“Having said that, when the numbers and names are put together upon an investigative request, the intelligence product resulting of the analysis may reveal more and therefore have a greater impact in privacy interests,” he wrote.
“I am fully cognizant of the consequences my decision has on the CSIS’s mandate and functions,” he wrote. “Ultimately, the rule of law must prevail; without it, the actions of people and institutions cannot be trusted to accurately reflect the purpose they were entrusted to fulfil.”
Stephanie Carvin, an assistant professor at the Norman Paterson School of International Affairs, said disputes like the one over CSIS data practices may be less likely once the government increases oversight of intelligence agencies under Bill C-22.
“There is little oversight for CSIS’s analytical programs and output. It is my hope that with more oversight in C-22 and other potential reforms that these kinds of incidents will be avoided and analytical functions are given more scrutiny,” she said.