When is an electronic spy agency targeting Canadians?
That’s a question raised by the latest revelations by the CBC from former NSA contractor Edward Snowden.
In a report on its Internet, TV, and radio outlets the broadcaster said documents from Snowden show the Communications Security Establishment Canada (CSEC) has vacuumed up device signals from people at an unnamed airport who used its public Wi-Fi service.
The report says CSEC tracked the devices for a week or more as they appeared at other public Wi-Fi hotspots including other airports, hotels and restaurants.
No communications were captured – email, text messages, VoiP calls – but the metadata shows CSEC can track a mobile device.
CSEC has maintained that it is forbidden by law from targeting Canadians – I take that to mean identifiable Canadians. Which is why the agency also insists that capturing metadata – such as a mobile devices’ individual identifier – is within its mandate.
What bothers privacy advocates is that with the amount of data floating around it isn’t hard to put a name to a device. That, of course, could be illegal. Of, course, it’s also useful to an intelligence agency only if the device owner doesn’t pass it around to others.
On the other hand if CSEC knows the device is being carried by a foreign citizen in this country the ability to surreptitiously track the movements can be valuable. The fact that Canada and allied spy agencies have this ability has now been exposed by Snowden. Experienced wrong-doers have known for years not to keep using the same mobile device. The disclosure could impair the ability of law enforcement and intelligence agencies to track those who are less experiences.
Yet the privacy implications haven’t been thoroughly debated. This is another story for the mounting evidence that it’s time for that debate, just as in the past Canadians debated the limits of telephone wiretapping.