Information Technology News.


A new plugin designed to prevent the creation of dead content links

Share on Twitter.

Sponsered ad: Get a Linux Enterprise server with 92 Gigs of RAM, 16 CPUs and 8 TB of storage at our liquidation sale. Only one left in stock.

Sponsered ad: Order the best SMTP service for your business. Guaranteed or your money back.

February 1, 2016

Privacy consultant Ann Cavoukian is criticizing the Canadian federal government for not better protecting the telecommunications metadata that two intelligence agencies regularly collect in Canada.

“This is not just some unimportant information that was released,” said Cavoukian, the executive director of the Ryerson University Privacy and Big Data Institute.

“I am concerned that additional measures weren’t taken to ensure that before information was shared with our external partners, there was no data on Canadians, metadata or otherwise.”

Defence minister Harjit Sajjan issued a statement saying that in that case “the privacy impact was low,” but Cavoukian disagreed.

“Metadata can be far more revealing than the actual content of communications,” she added. And others agree with her.

CSE commissioner Jean-Pierre Plouffe said he was told in 2014 that the agency realized that metadata it had been gathering hadn’t been anonymized properly before being shared with the U.S., Britain, Australia and New Zealand. That was contrary to a directive from the minister of defence.

It was the “height of irony,” she added, that reports describing the problems by federal watchdogs on the country’s electronic spy agency, the Communications Security Establishment (CSE) and its domestic intelligence services, the Canadian Security Intelligence Service (CSIS), were released last week on Data Privacy Day.

By special law, CSE is prohibited from directing its metadata activities at a Canadian or at any person in Canada. But if it collects metadata from electronic spying — data that identifies, describes, manages or routes telecommunications — it then has to protect privacy in the use of that metadata.

The CSE has since fixed the issue and has suspended sharing certain metadata with our allies, Plouffe said. But he also found CSE’s system for minimizing certain types of metadata “was decentralized and lacked appropriate control and prioritization.

CSE also lacked a proper record-keeping process, he added. Additionally, he found the defence minister’s order lacks specificity regarding the application of privacy provisions to certain processes.

Furthermore, the directive does not even provide clear guidance regarding a specific metadata activity that is routinely undertaken by CSE in the context of its foreign signals intelligence mission.

But he didn’t think CSE was trying to get around the minister’s order, however. According to a new report, CSE blamed the problem on software.

For its part, CSIS can always go to a Canadian court for a warrant to intercept communications and metadata of specified people from telecom providers based in Canada.

According to the review committee, any communications of people other than those named in the search warrant had to be destroyed.

But the warrant also said it could be kept if it “can assist” in the investigation of a threat to the security of Canada. And so that metadata was retained.

The review committee said the issue is that CSIS didn’t make it clear in 2011 to the Federal Court judge of that data when it changed the wording of warrant conditions.

The review committee recommended that CSIS be clear to the court about its retention and the use of metadata in the future.

But the report also adds that CSIS doesn’t agree it had to do that, arguing that it was clear in 2011 to the Federal Court and that in any rate the court doesn’t have any general supervisory authority.

The review committee’s suggestion, therefore was “inappropriate and unwarranted,” it said.

Meeting with various reporters after the report was released, Public Safety minister Ralph Goodale said CSIS has briefed the Federal Court about its use of metadata and therefore has complied with the report’s recommendation.

Separately, some people might be interested to know that CSIS is having the same trouble controlling data access as others do.

The review committee looked at CSIS’s practices surrounding access lists, the way the intelligence agency tracks how sensitive information is accessed and by whom.

The committee “found examples of a haphazard application of this process, as well as a great lack of documented procedures governing the functioning and maintenance of its access lists. Therefore, the SIRC recommended that CSIS immediately develop robust procedures governing access lists.”

Order a powerful Linux Enterprise server with 92 Gigs of RAM, 16 CPUs and 8 TB of storage at our liquidation sale. Only one left in stock.

Get the best SMTP service for your business. Guaranteed or your money back.

Share on Twitter.

IT News Archives | Site Search | Advertise on IT Direction | Contact | Home

All logos, trade marks or service marks on this site are the property of their respective owners.

Sponsored by Sure Mail™, Avantex and
by Montreal Server Colocation.

       © IT Direction. All rights reserved.