Guard dog or watchdog? It’s time to set the story straight about CSEC spying
It’s the same old song and dance—and frankly, Canadians are getting tired of it.
Jean-Pierre Plouffe, the Communications Security Establishment Canada’s supposed watchdog, concluded his investigation of the ultra-secretive spy agency’s recent invasive collection of Canadian metadata at public Wi-Fi terminals in a major Canadian airport with a statement that unsurprisingly parrots CSEC’s own spy doublespeak:
"CSEC activity does not involve ‘mass surveillance’ or tracking of Canadians or persons in Canada; no CSEC activity was directed at Canadians or persons in Canada."
Yes, Canada. You read that right. There’s no need to worry.
Take comfort in the fact Plouffe’s office has declared nothing is amiss when it comes to CSEC collecting our private, sensitive information without transparency, accountability, and apparently without much knowledge even from our own government representatives; that legal experts have referred to CSEC’s oversight as “so woefully inadequate that it’s the worst out of the so-called advanced democracies”, and in the fact that Plouffe considers his office to have the ability to conduct effective reviews of CSEC’s dubious activities despite the fact that a lone CSEC commissioner with a few staff and a tiny budget is meant to keep track of a $460 million agency built on secrecy.
Let’s not forget that this Commissioner “gets to review redacted reports of CSEC activities, sometimes years after the fact”.
Here’s an extra tidbit of interest: Plouffe argues that “past commissioners have reviewed CSEC metadata activities and have found them to be in compliance with the law”.
Perhaps Plouffe has missed the memo, so here we are to remind him of the fact that his predecessor, Justice Robert Decary, stated in his final report that he uncovered records suggesting that some of CSEC’s spying activities “may have been directed at Canadians, contrary to law”.
He may also be unaware of the fact that Decary’s predecessor, Justice Charles Gonthier, reported similar complaints, noting that incomplete and missing records made it impossible for him to determine whether or not CSEC had been breaking the law. Heck, John Adams, CSEC’s chief during Gonthier’s time said that as a result of operations that may have been illegal, he “shut the place down for a while”.
His statement refers to “metadata”, so it’s all good, right? The same “metadata” that CSEC’s chief suggests is authorized under the National Defence Act and therefore lawful even though the word metadata does not appear in the Act at all.
But this is all water under the proverbial bridge, Canada—you can trust Plouffe, right?
As Ontario’s information and privacy commissioner Ann Cavoukian and privacy expert Avner Levin recently noted, “Canadians deserve far more than carefully crafted assurances.”
We agree—so without further ado, we’re here to mythbust these spyspeak claims that have come to exemplify our government’s defence of its invasion of our privacy.
Spyspeak claim 1: CSEC’s collection of metadata via Wi-Fi was an effort to understand global communication networks and was not directed at Canadians or people in Canada
In case you missed it, here’s what you need to know: on January 30, 2014, CBC broke the story that CSEC had spied on thousands of law-abiding Canadian travellers through a program that was designed to capture the unique MAC addresses of devices used by Canadian travellers using free Wi-Fi before their flights.
In a Senate hearing following national outrage over this revelation, CSEC chief John Forster stated:
This exercise involved a snapshot of historic metadata collected from the global Internet. There was no data collected through any monitoring of the operations of any airport. Just a part of our normal global collection.
For now, let’s ignore the fact that Forster has failed to differentiate between metadata and data (Patrick MacGuire has a great piece in Vice that we recommend you read).
Let’s focus on the fact that Forster assumes such vast and invasive collection of our data without our knowledge, justification, accountability, oversight, and transparency is just part of “normal” operations for the agency—operations that Canadians are not supposed to question further despite the fact that this “trust-us” model has long worn thin.
Let’s also focus on the fact that Forster has referred to this operation as “game-changing”—and yet this is the same person who has cautioned against stronger legislative oversight after declaring current methods—i.e. the one lone CSEC commissioner—a “robust mechanism”.
What’s Forster so afraid of if he really has nothing to hide?
Spyspeak claim 2: “If CSEC were tracking the movements, on-line or other activities of persons at a Canadian airport, that would be illegal.”
This latest installment in “tired, old excuses that carry no weight” comes straight from Plouffe in his defence of CSEC’s collection of our metadata. Other variations include “CSEC is forbidden from targeting the private communications of Canadians such as emails and phone calls” and CSEC is “mandated to collect foreign signals intelligence to protect Canada and Canadians, and by law, only directs its foreign intelligence activities at foreign entities.”
Since the Snowden revelations first broke last summer, CSEC has insisted that no Canadians have been “targeted” by their dragnet surveillance. That tune changed in December 2013, when CSEC officials quietly posted a an online statement during the winter holidays to say that Canadian data has been scooped up “incidentally”.
After these latest revelations, CSEC’s story has changed again—they now claim that they have indeed collected Canadians’ data (but only their metadata)—which they claim is not unlawful since it’s supposedly authorized under the National Defence Act (despite, as mentioned above, the fact that “metadata” does not appear in the Act at all).
But it’s a game of semantics, Canada. CSEC has essentially conceded that it has collected our data, changed the definition of “tracking” data to one that is arguably nonsensical, and effectively attempted to mislead Canadians...again. As reporter Ryan Gallagher notes,
Again and again, officials have used narrowly defined words or jargon terms in a carefully crafted way in order to issue non-denial denials in which they appear to refute an allegation but on closer reading do not really refute it at all.
He also notes:
CSEC's IP profiling definitely fits the dictionary definition of "tracking" as it is understood by most people—but does it fit the narrower military definition? Perhaps CSEC believes that IP profiling [CSEC’s term for its tracking method] does not constitute ‘precise and continuous’ tracking. But if so, it should be explaining this—as otherwise its denial is highly misleading.
Spyspeak claim 3: We’re only collecting your metadata, Canada—you’ve got nothing to worry about.
Our metadata is information about our information. At this point, it’s almost offensive that CSEC and our government assumes that Canadians do not know just how revealing metadata actually is. Just ignore the fact that Dr. Vint Cerf, who co-invented the Internet, argued that metadata “can be much more revealing that the content of our communications.”Journalist Glenn Greenwald reiterates this point when he says that “metadata is actually more invasive than listening to the content of your calls or reading your email.”
Yes, they are not collecting the content of your data—just information that will show your “movements and associations through an airport, across town or across the country” while collecting “a digital trail that can reveal where you live, work, travel, what you purchase online, who you associate with, even what time you are likely to go to bed, wake up and leave home.” No biggie, Canada. Just move along now.
So where does this leave us?
Let’s recap: Canadians were initially told that ultra-secretive spy agency CSEC does not collect our data—that is, until we were casually informed that our data was being scooped up “incidentally”, all before it was revealed that CSEC was effectively tracking the information of law-abiding Canadians (albeit with a different “definition” of tracking that concludes that we were not being tracked at all!). We’re also told not to be alarmed because the type of data being collected is not really content-specific, just enough to create a digital trail of our lives, contacts, connections, medical history, interests, religious beliefs, credit history, et cetera. But if you’re worried, you shouldn’t be, because CSEC’s lone commissioner has effectively put on the broken record that CSEC was merely collecting our metadata which is not unlawful.
Let’s change this script, shall we? Don’t believe the spin. Don’t let these powers attempt to circumvent the truth that this type of spying on law-abiding Canadians is wrong—and if we can be convinced that it is not unlawful, then these laws clearly need to be updated to keep up with the rapid technological advances that define our age.
Remember, it wasn’t that long ago when the U.S. NSA gave this same old speech that nothing they did was unlawful, until a court found that its collection of phone record metadata effectively was. Thanks to a constitutional challenge announced by the BCCLA and your OpenMedia.ca team, CSEC’s activities will finally be subject to the same legal scrutiny here in Canada.
It’s time for our government to step up, come clean, stop all spying on innocent Canadians and put effective legal measures in place to ensure such spying never happens again. Join thousands of Canadians and send a letter to your MP to demand they take a stand against this mass, suspicionless surveillance at OpenMedia.ca/Stand.