Spy agency criticized for Canadian data-gathering

The Communications Security Establishment Canada (CSEC) routinely sweeps up information on Canadian citizens in the course of monitoring global communications and assessing the vulnerability of federal computer networks. That information can be held in a CSEC data bank for as long as 30 years, something a security expert calls “remarkable.”

The federal Info Source guide to personal information held by the government says the information held in the CSEC database can include a person’s full name, email address, IP address and metadata about the communication – which itself may include incidental personal details.

CSEC says the Canadian information is not deliberately targeted, but that in the course of its monitoring of foreign communications it can’t help but gather some data from inside the country.

Wesley Wark, a visiting professor at the University of Ottawa’s graduate school of public and international affairs, says that the full extent of the information held as a result of cybersecurity activities is still unknown.

In a Canadian Press story published on the CTV News web site, Wark also criticized independent annual reports on CSEC’s activities as “insider exercises that tell Canadians little.” Wark challenged senators to make any sense of the reports.

Information released under an Access to Information request say that when CSEC intercepts a private Canadian communication, “it can only be used or retained if it is deemed essential to international affairs, defence or security.” A CSEC spokesperson said that any information collected during an assessment of a federal network is destroyed afterwards — even sooner if it isn’t needed to help protect the network being assessed.

Because the gathering of a certain amount of Canadian data is unavoidable, CSEC has been given special authorization by the federal defence minister, in order to avoid contravening Criminal Code prohibition against intercepting the private communications of Canadian citizens.

Information from the data bank, fortuitously named CSEC PPU 007, may be shared with Canadian police agencies “or foreign bodies” under the provisions of formal agreements. CSEC works particularly closely with its U.S. counterpart the National Security Agency (NSA) and its other “Five Eyes” partners in Britain, Australia and New Zealand.

Andrew Brooks
Andrew Brooks
Andrew Brooks is managing editor of IT World Canada. He has been a technology journalist and editor for 20 years, including stints at Technology in Government, Computing Canada and other publications.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web