CSEC watchdog says collecting metadata isn't spying; judge for yourself
It is the responsibility of the Communications Security Establishment Canada (CSEC) commissioner to ensure that the country’s most secretive spy agency’s actions remain within the confines of the law.
On February 14, Jean-Pierre Plouffe made that job a little easier for himself via a highly questionable interpretation of language that essentially broadened the scope of what is defined as legal CSEC conduct.
The key word Plouffe played with is metadata, a term that’s appeared in the news a lot since former security contractor Edward Snowden began leaking classified NSA documents to Glenn Greenwald and other journalists in June 2013.
Plouffe reviewed a spy program revealed by CBC News on January 30, in which CSEC used a Canadian airport Wi-Fi network to track the electronic devices of thousands of airline passengers.
He had to answer the question of whether or not CSEC had monitored the activities of Canadians or people in Canada. That question is important because CSEC is officially a foreign-intelligence agency that is forbidden by law from spying on Canadians or even foreign nationals on Canadian soil.
Plouffe ruled that despite CSEC having collected metadata from the electronic devices of thousands of people passing through Canadian airports, CSEC was not spying on people, but rather was using that information to “understand global communications networks”.
“CSEC isn’t tracking?” asked Ontario’s privacy commissioner in an interview with CBC News. “I don’t know what that means….Does he [Plouffe] mean that collecting metadata can’t equal the tracking of Canadians?”
It’s a very good question, at the core of whether or not CSEC has violated the law.
Should the Canadian government’s collection of metadata be classified as surveillance? On February 14, Plouffe decided that it should not. (A separate study the CSEC commissioner’s office is conducting on the metadata issue is expected to conclude late in the summer of 2015.)
What is metadata? The simplest example that I could think of is a photograph’s “Exif data”, as it's displayed on the picture-sharing website Flickr.
There’s quite a bit there, including the date and exact time when the image was taken, as well as GPS coordinates indicating where I was standing when I snapped that photo.
This is an example of innocuous metadata that I chose to make public.
What the Snowden leaks have revealed is that CSIS, the NSA, and other spy agencies have access to data just like it tied to citizens’ electronic communications, including telephone calls, text messages, emails, and communications over social networks such as Facebook.
Applied to telephone calls, for example, metadata similar to what’s embedded in that digital photograph lets CSEC agents know when a call was made and for how long it lasted. Cellphone metadata also reveals where you were standing when you hit the call button, who you called, where the person on the other end of the call was located, and where both of you moved as you remained on the line right up until the time the call ended.
The government watchdog charged with ensuring that CSEC does not spy on Canadians has decided that collecting that kind of information does not constitute surveillance.