National Post (National Edition)
CSIS use of security data troubles privacy watchdog
In a newly released November 2011 reply to CSIS, the privacy commissioner’s office expressed concern about possible use of security assessment information for purposes other than immigration or job clearances.
CSIS’s security screening program helps the government prevent newcomers who pose a threat from entering Canada and acquiring legal status. It is also intended to ensure people of security concern do not gain access to classified information, sensitive sites or major events.
The privacy commissioner’s letter recommended that people be told the information they provide to CSIS may be used “for purposes beyond the provision of security assessment services, such as general law enforcement, national security, or within the context of an investigation.”
CSIS took almost a year to respond, but in November 2012 the spy service told the commissioner’s office that while the data analysis centre was indeed using
CSIS spokeswoman Tahera Mufti said the data analysis centre continues to use security assessment information in support of national security investigations — for instance, to corroborate a name or address.
“CSIS takes very seriously all potential privacy considerations related to its work and is committed to ensuring that its activities are transparent, accountable and in compliance with privacy legislation, guidelines and best practices,” Mufti said.
An independent judge or tribunal should look over CSIS’s shoulder before the spy service searches through a huge database of pooled information to match up bits of data, said University of Ottawa law professor Craig Forcese, a specialist in national security.
It would be ridiculous to suggest CSIS should stop exploiting data through advanced analytics, he said. “I think the question is whether there are sufficient safeguards on how they do it.”
Ann Cavoukian, executive director of the Privacy and Big Data Institute at Ryerson University, called for an “exhaustive examination” of the spy service’s information processing by an independent body such as the privacy commissioner.
“I really think that’s essential, and I’m not going to take CSIS’s word on this stuff.”
Tobi Cohen, a spokeswoman for the privacy commissioner, said she could provide few additional details given the classified nature of the file.
However, Cohen said, the spy service has been talking with the commissioner’s office about the data analysis centre as a result of the November court ruling.
In addition, CSIS is working on a new privacy impact assessment concerning use of security assessment information in national security probes, she said. It will help the commissioner’s office gauge whether use of the information “is appropriate and complies with privacy law.”