Cyber spy agency found to have broken privacy laws - Canadian Government Executive
AccountabilityManagementPolicySecurity
seal of the CSE Commissioner
January 29, 2016

Cyber spy agency found to have broken privacy laws

The Communications Security Establishment of Canada shared information on Canadians with its foreign partners, according to a review released by the federal watchdog responsible for the spy agency

The Communications Security Establishment of Canada came under fire yesterday when it was revealed it broke privacy laws by sharing information about Canadians with the electronic spy agency’s foreign counterparts and other parties. In a report released yesterday,  CSE Commissioner Jean-Pierre Plouffe said he found several deficiencies in how the Ottawa-based agency collected and handled metadata pertaining to Canadians. Plouffe, who has been CSE commissioner since 2013, has made eight recommendations to improve the way the CSE operates. His annual report covered the period 2014 to 2015.

“I have met with Mr. Plouffe, and advised him that I support his recommendations,” Minister of National Defence Harjit Sajjan, said in a statement today. “CSE discovered, on its own, that certain types of metadata were not being properly protected prior to sharing with allies, due to technical deficiencies in the CSE system.”

Jean Pierre Plouffe
Jean-Pierre Plouffe

The CSE, which is administered by the Department of National Defence (DND), is responsible for intercepting, collecting and analyzing foreign signal intelligence (SIGINT) and protecting Canadian government electronic information and communications networks. By law, it is prohibited from directing its operations on Canadians. The agency provides intelligence information to Canadian government clients but it also shares some information with so-called Five Eyes partners (an intelligence alliance comprised of Australia, Canada, New Zealand, United Kingdom and the United States) and non-Five Eyes, second party partners.

Metadata is information associated with communications that are used to identify, describe, manage or route that communication. It includes, but is not limited to, a telephone number, an email or IP (Internet protocol) address, network and location information.

“CSE will not resume sharing this information with our partners until I am fully satisfied the effective systems and measurements are in place,” said Sajjan.

In his review of the CSE, Plouffe said he found that “metadata ministerial directives lack clarity regarding the sharing of certain types of metadata with Five Eyes partners, as well as other aspects of CSE’s metadata activities.”

Metadata mishandled

“In addition, while I was conducting this current comprehensive review, CSE discovered on its own that certain metadata was not being minimized properly,” he said.

Minimization is a process by which Canadian identity information contained in metadata is rendered unidentifiable prior to being shared, according to Plouffe. It is a privacy protection measure which the CSE is expected to implement as a matter of ministerial directive.

“Therefore, the fact that CSE did not properly minimize Canadian identity information contained in certain metadata prior to being shared was contrary to ministerial directive and to the CSE’s operational policy,” according to the commissioner.

Plouffe also said that his review revealed that there was a lack of proper record-keeping in the CSE’s process.

He also found incidents of procedural errors in the handling of information and that policies and procedures relating to the retention of private communications “were not followed in some instances.”

Recommendations and caveats

The report was not clear on the volume of data or the number of Canadians impacted by these lapses. Plouffe also said that he believed CSE personnel were not intentional in their failures.

Among Plouffe recommendations were the improvement to the clarity of ministerial directives, the removal of ambiguities regarding the CSE’s to conduct IT security activities that risk the interception of private communication, and the update of process documentation and development.

He also said “CSE should develop caveats” to attach to specific operational material that may be shared with Second Party partners to ensure the information would not be used without expressed authorization from CSE.

About this author

Nestor Arellano

Nestor is a Toronto-based journalist who specializes in writing about technology and business. He is the editor of Vanguard Magazine and the associate editor of IT in Canada and a regular contributor to CGE.

0 comments

There are no comments for this post yet.

Be the first to comment. Click here.

Accountability
 
In his article, Gaming the System, How the misuse of data impedes...
 
My observation is people often take the view, “no one else...
 
The recent 2018 Senate Report examining the Government of Canada’s Phoenix...
 
Human services agencies play a vital role in society, providing a...
 
Tornado warnings broadcast a few weeks ago in Eastern Ontario and...
 
Canada’s international reputation for welcoming and integrating newcomers is unparalleled. At...
 
A few years back, consultants with ghSMART told us the biggest...
 
On today’s show, J. Richard Jones sits down for a chat...
 
Procurement modernization has been a Government of Canada (GC) policy priority...
 
It takes a lifetime to build a reputation and just moments...
 
Over the past two decades, codes of ethical conduct have become...
 
Earlier this year the Canadian government took a crucial step by...
 
On the global scene, technology has revolutionized and automated the work...
 
Over the past decade, major Canadian procurement projects have encountered increasing...
 
Prime Minister Justin Trudeau has, on many occasions, expressed his commitment...
 
In this episode, CGE radio show host J. Richard Jones speaks...
 
There is growing pressure on governments around the world to be...
 
Public servants are responsible for providing advice and support to the...
 
Today, the challenges facing governments are increasingly shifting away from traditional,...
 
Management in the Government of Canada is continuously searching for new...
 
Rankings of public sector entities has been big trend for quite...
 
Canadian Government Executive media through its upcoming TechGov event is providing the...
 
Ships docked in a harbour may not be going anywhere; however,...
 
The International Monetary Fund (IMF) in issuing its annual review of...
 
There’s no shortage of organizations claiming to have a digital transformation...
 
Cybersecurity professionals have sounded the alarm for years, and they are...
 
Cost estimation is becoming an extremely important skill within government due...
 
In this special episode of CGE Radio, your host John Jones...
 
Security professionals have an obligation to communicate risks and recommendations to...
 
Risk is always present in any undertaking, no matter the size...
 
Cost overruns have become institutionalized in the federal government, according to...
 
Last year, procurement Minister Jody Foote was prompted by the swirling...
 
Professionals, managers, and executives in the cost estimation industry can gain...
 
In this episode, hear from Carl Hammersburg, Manager, Government and Healthcare...
 
A new study from the Conference Board of Canada gives our...
 
In the world that we are living in today, free and...
 
The delivery method developed by Sir Michael Barber, chief adviser to...
 
Rules and accountability are helpful in developing and standardizing processes but...
 
Canadian doctors were told that climate change impacts human health and...
 
Even as talks between the government and federal workers affected problems...
 
The largest effort in 20 years to seek public input on...
 
Ottawa has overhauled the process by which justices are picked for...
 
July 27 was pay day some federal public workers that finally...
 
The Senate committee looking into Canada’s Syrian refugee program wants the...
 
In this episode, editor-in-chief, Patrice Dutil talks about the need for...
 
Yes, according to the former head of the Canadian Security Intelligence...
 
As much a 20 per cent of grade seven students in...
 
A Quebec superior court judge facing allegations that he helped commit...
 
In a move meant to the strengthen liability and compensation regime...
 
We often read news articles about rampant drug addiction and suicide...
 
Upon receiving numerous complaints regarding add-on fees that turn making economy...
 
Are you absolutely clear what the government wants to achieve? Are...
 
Veterans Affairs Canada is not adequately managing the drug component of...
 
Whether responding to emergencies back home or assisting regular troops abroad,...
 
Some public servants will have to request their departments for emergency...
 
A landmark Supreme Court ruling has paved the way for some...
 
The Canadian Radio-television and Telecommunication Commission (CRTC) yesterday heard from several...
 
At least one prime minister has resigned, another in under fire,...
 
It appears it was not just the Mounties that were affected...
 
A while back there have been numerous media reports about the...
 
Performance auditing can lead to more efficient, effective, and economical program...
 
Written By Jason McNaught The Public Service Alliance of Canada was...
 
Independence has long been regarded as a cornerstone of the auditing...
 
Canada is a diverse nation, in language, culture, geography, and, ultimately,...
 
Public sector organizations are under increasing pressure to identify all risks...
 
The government of Canada has implemented several measures over the past...
 
Whether at the territorial, provincial or federal government level, internal audit...
 
An organization’s reputation can take years to build but it can...
 
On October 30, Ontario began second reading of the Public Sector...
 
In the well-known children’s story, an Emperor falls victim to the...
 
The Nova Scotia Office of the Ombudsman is a small operation...
 
I think the ombudsman needs to be independent, because without independence...
 
Today’s business environment changes rapidly to adjust to evolving conditions and...
 
The best internal auditors actually are really good managers first. I...
 
The recent controversy about the actions of some staff members in...
 
Most professionals don’t need more than a sentence at a cocktail...
 
Recent research by the Institute of Internal Auditors Canada aims to...
 
When is it that a politician becomes part of the governing...
 
It’s been a busy couple of weeks on the information, privacy...
 
In 1996, a new budget watchdog, the Parliamentary Budget Officer, was...
 
The Ontario government is moving forward with the creation of a...
 
The Office of the Public Sector Integrity Commissioner of Canada (PSIC)...
 
After the Auditor General’s (AG) report was released on April 30,...
 
In the U.K. system, Permanent Secretaries are what we call Deputy...
 
We are living in a period of rapid change and limited...
 
US public sector employees don’t trust their management to do the...
 
The news of Mark Carney’s nomination as the new Governor of...
 
Following Singapore’s independence in 1965, the controversial leadership of Lee Kuan...
 
Over the past few years, the preparation and delivery of the...
 
In healthcare, cost-cutting can result in cutting what is valued most...
 
For over 20 years Colin Bennett has been exploring issues of...
 
Even before controversy shook the organization to its foundation, Ornge was...
 
It will be the largest international multi-sport event ever held on...
 
We’ve all seen the headlines – BC Ferries, Ornge, la Caisse...
 
It can happen, and it’s noteworthy when it does. Government, business...
 
Kevin Page’s mandate as the first Parliamentary Budget Officer comes to...
 
Governments are challenged to meaningfully mitigate the effects of the financial...
 
Canada is facing a huge financial challenge brought on by massive...
 
For the past one hundred years, democratic states have been moving...
 
It’s so much easier and less painful to learn from the...
 
CGE Vol.13 No.7 September 2007 "If the Public Service, as a...
 
When pondering leadership, we immediately think of exercising our influence downward...
 
CGE Vol.13 No.1 January 2007 "How can I be held accountable...
 
CGE Vol.13 No.2 February 2007 Canada’s Performance 2006 is the sixth...
 
CGE Vol.14 No.1 January 2008 The furor over the $300,000 that...
 
CGE Vol.14 No.2 February 2008 Let’s say you’re a senior manager,...
 
CGE Vol.13 No.1 January 2007 Perhaps it’s a legacy of the...
 
The Independent Blue Ribbon Panel on Grants and Contributions called for...
 
Au Canada, le secteur bénévole et à but non lucratif vit...
 
As the global economy struggles to regain some forward momentum, Canadian...
 
This will be a defining budget for Stephen Harper. It will...
 
It is difficult to determine when the debate about the need...
 
For the next few years, the federal government’s overarching agenda will...
 
Much of the current conversation about the federal government’s economic agenda...
 
Bill Greenlaw is the elected president of the Institute for Public...
 
Have you ever asked yourself the question: ‘How would I evaluate...
 
Last fall, Alberta’s Employment and Immigration department posted online the workplace...
 
In 2006 the world was feeling the aftershocks of a number...
 
CGE Vol.13 No.4 April 2007 Robert Parkins, editorial director, met recently...
 
In the past two decades, the nature of the state has...
 
In recent months, the attention of Canadians has been focused on...
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
In his article, Gaming the System, How the misuse of data impedes...