Communications Security Establishment has “mislead” 

A person works on their iPad with difficulty as a large lock sits on the screen.
Those ads on Facebook are about to get even more specific. mohamed_hassan via Pixabay

An Edward Snowden whistle blowing moment for Canada with mass surveillance loopholes

The Communications Security Establishment (CSE) have been raising concerns over TikTok gathering data on Canadian citizens. However, according to recently released documents gathered by the British Columbia Civil Liberties Association (BCCLA), the CSE have been spying on Canadian citizens for decades.  

The BCCLA initially opened a lawsuit against the CSE in 2013. The initial claim of the lawsuit is that gathering the metadata and private communications of Canadians violates charter rights to privacy.  

The CSE was founded during the cold war, though only had its official mandate created in 2001, following the 9/11 attacks. The CSE fill a similar role to America’s NSA, which had the whistle blown on it by Edward Snowden in 2013.  

Snowden revealed, with the information the NSA collected on citizens, it could put together quite intimate profiles on nearly anyone. Snowden also revealed the information was being shared among the Five Eyes network, which are five countries who agree to share security information, including Canada’s CSE. With the possible implication of the CSE, the BCCLA opened its lawsuit.  

The case finally ended in late 2022, and now the BCCLA has released the documents discovered during the court process. Throughout the near decade-long court process, the case was kept in secrecy during the hearings.  

In their news release, the BCCLA concluded that their findings “paint a picture of a powerful spy agency in dire need of oversight.” 

One of the tactics to avoid oversight that the BCCLA found is that the CSE “redefines common words” with the goal of creating a “misleading impression of CSE’s actions to the public, and potentially to the ministers.”  

The example used by the BCCLA is the specific definition of ‘intercept.’ In normal parlance, if a communication is intercepted, it is obtaining the contents of the communication between two people, and in Canadian law a similar definition is used elsewhere. So, a normal person would consider a wiretap or reading another person’s emails interception. 

However, the CSE redefine ‘intercept’ to only apply to information they receive from a particular redacted source. So, using the CSE’s definition, if they surreptitiously read a person’s email, that wouldn’t count as the message being intercepted – allowing the CSE to confidently say that it doesn’t intercept communications when they in fact do collect the contents and metadata of communications by many Canadians.  

Despite the mandate preventing CSE from spying on Canadians, loopholes have allowed CSE to collect enormous amounts of data on Canadians. One such loophole is that, if the CSE get the information from another Five Eyes partner, it does not need to follow the usual channels it would if they had got the information themselves. 

Additionally, the CSE collects “all telecommunications” that pass through its collection points, and the BCCLA estimates that these collection points are likely at “internet backbones leading in and out of Canada.” So even using common sites that are not based in Canada, like Google or Facebook, could result in the CSE collecting an individual’s metadata. 

The CSE currently justifies this collection under the mandate by keeping Canadian information separated and redacting it from reports. However, that data is still maintained, and there is an extremely vague loophole allowing that data to be accessed “as needed to fulfill official duties.” 

In fact, the collected metadata of Canadians in this manner was accidentally shared by CSE with Five Eyes partners for five years. Between 2009 and 2014, the CSE shared the metadata of Canadians with foreign powers, some of which contained those Canadians’ IP addresses or identifiable telephone information. Former defence minister Jason Kenney was alerted to this and failed to alert the public. There is also no clear evidence if there were any repercussions. 

The latest documents BCCLA was able to uncover were from 2015. While we do not know what the CSE have done since then, surveillance activities as of 2015 had been increasing and showed no signs of slowing down.  


Comments are closed.