A new plugin designed to prevent the creation of dead content links
Share on Twitter.
Sponsered ad: Get a Linux Enterprise server with 92 Gigs of RAM, 16 CPUs and 8 TB of storage at our liquidation sale. Only one left in stock.
Sponsered ad: Order the best SMTP service for your business. Guaranteed or your money back.
February 1, 2016
Privacy consultant Ann Cavoukian is criticizing the Canadian federal government for not better
protecting the telecommunications metadata that two intelligence agencies regularly collect in Canada.
“This is not just some unimportant information that was released,” said Cavoukian, the executive director
of the Ryerson University Privacy and Big Data Institute.
“I am concerned that additional measures weren’t taken to ensure that before information was shared
with our external partners, there was no data on Canadians, metadata or otherwise.”
Defence minister Harjit Sajjan issued a statement saying that in that case “the privacy impact was low,”
but Cavoukian disagreed.
“Metadata can be far more revealing than the actual content of communications,” she added. And others agree with her.
CSE commissioner Jean-Pierre Plouffe said he was told in 2014 that the agency realized that metadata it
had been gathering hadn’t been anonymized properly before being shared with the U.S., Britain, Australia and
New Zealand. That was contrary to a directive from the minister of defence.
It was the “height of irony,” she added, that reports describing the problems by federal watchdogs
on the country’s electronic spy agency, the Communications Security Establishment (CSE) and its domestic
intelligence services, the Canadian Security Intelligence Service (CSIS), were released last week on
Data Privacy Day.
By special law, CSE is prohibited from directing its metadata activities at a Canadian or at any person
in Canada. But if it collects metadata from electronic spying — data that identifies, describes, manages or
routes telecommunications — it then has to protect privacy in the use of that metadata.
The CSE has since fixed the issue and has suspended sharing certain metadata with our allies,
Plouffe said. But he also found CSE’s system for minimizing certain types of metadata “was decentralized
and lacked appropriate control and prioritization.
CSE also lacked a proper record-keeping process, he added. Additionally, he found the defence
minister’s order lacks specificity regarding the application of privacy provisions to certain processes.
Furthermore, the directive does not even provide clear guidance regarding a specific metadata activity
that is routinely undertaken by CSE in the context of its foreign signals intelligence mission.
But he didn’t think CSE was trying to get around the minister’s order, however. According to a new
report, CSE blamed the problem on software.
For its part, CSIS can always go to a Canadian court for a warrant to intercept communications and
metadata of specified people from telecom providers based in Canada.
According to the review committee, any communications of people other than those named in
the search warrant had to be destroyed.
But the warrant also said it could be kept if it “can assist” in the investigation of a threat to
the security of Canada. And so that metadata was retained.
The review committee said the issue is that CSIS didn’t make it clear in 2011 to the Federal Court
judge of that data when it changed the wording of warrant conditions.
The review committee recommended that CSIS be clear to the court about its retention and the use of
metadata in the future.
But the report also adds that CSIS doesn’t agree it had to do that, arguing that it was clear in
2011 to the Federal Court and that in any rate the court doesn’t have any general supervisory authority.
The review committee’s suggestion, therefore was “inappropriate and unwarranted,” it said.
Meeting with various reporters after the report was released, Public Safety minister Ralph Goodale
said CSIS has briefed the Federal Court about its use of metadata and therefore has complied with
the report’s recommendation.
Separately, some people might be interested to know that CSIS is having the same trouble controlling
data access as others do.
The review committee looked at CSIS’s practices surrounding access lists, the way the intelligence
agency tracks how sensitive information is accessed and by whom.
The committee “found examples of a haphazard application of this process, as well as a great lack
of documented procedures governing the functioning and maintenance of its access lists. Therefore, the
SIRC recommended that CSIS immediately develop robust procedures governing access lists.”
Order a powerful Linux Enterprise server with 92 Gigs of RAM, 16 CPUs and 8 TB of storage at our liquidation sale. Only one left in stock.
Get the best SMTP service for your business. Guaranteed or your money back.
Share on Twitter.