Watchdogs report lapses in CSIS, CSE intelligence practices
by Amanda Connolly | Jan 28, 2016, ipolitics
Both of Canada’s spy agencies took serious hits to their credibility Thursday in a pair of reports that slammed the Communications Security Establishment for breaking the law and sharing Canadians’ metadata, and slapped the Canadian Security Intelligence Service with an accusation that it is not adequately dealing with insider threats.
A review by the Security Intelligence Review Committee, the board tasked with after-the-fact review of CSIS’s activities, suggested that the domestic spy agency had significant shortfalls in how it assesses insider threats and tracks and investigates breaches of secure information.
The report flagged multiple issues with how CSIS conducts internal investigations, particularly that employees are insufficiently trained to conduct investigations into the breach of secure information and how to conduct sensitive investigations, and stressed that there is a “haphazard application” of how the agency tracks who accesses sensitive information.
But since modern intelligence agencies are less siloed than those in the past, that could be a big problem, said one former spy.
“I started during the Cold War and in those days, everything was deeply departmentalized because everybody was in fact worried about insider threats, they were worried about that Soviet mole because there had been so many inside operations against Western intelligence agencies,” said Ray Boisvert, former assistant director of intelligence at CSIS. “We’ve completely forgotten about those lessons of the past … I’d have to be worried that we’re not doing enough to look at insiders.”
Boisvert said the current climate of increased information sharing within domestic agencies raises questions about how prepared agencies like CSIS, but also government departments and other national security bodies, are to protect themselves from those who would betray their positions.
“You’ve got to remember the Jeffrey Delisle story,” he said, referring to the former Canadian navy sub-leiutenant who was convincted in 2013 for passing information to the Russians.
“Could that happen again? Absolutely.”
METADATA SHARING FLAGGED
The nation’s cyber intelligence agency, the Communications Security Establishment (CSE), was also found to have major problems with how it shares information.
It was found to have shared unprotected metadata about Canadians with Five Eyes allies, with Commissioner Jean-Pierre Plouffe stressing in his annual report to Parliament that the agency needs a new ministerial directive to clarify exactly what its responsibilities are in using and sharing Canadians’ metadata.
“I found that the metadata ministerial directive lacks clarity regarding the sharing of certain types of metadata with Five Eyes partners, as well as other aspects of CSE’s metadata activities,” Plouffe writes in his 2014-2015 report on the agency’s activities.
Metadata consists of information used to identify a communication such as a phone number, internet protocol address or email.
It does not include the content of the communication itself. [Who believes that?]
Defence Minister Harjit Sajjan said the agency stopped sharing the metadata once it discovered that a technical glitch with its software meant certain types of metadata weren’t being protected before sharing. Sajjan said the sharing will not start again until he is assured that Canadians’ privacy will be protected. [Will that displease Gerard Protti, his AER and Encana?]
In a first for the agency, senior CSE officials held a technical briefing after the release of the report and stressed that it would have taken significant analysis to link any of the information that was accidentally provided with specific Canadians — but did not acknowledge suggestions that it would not be difficult for allied countries receiving the metadata to piece it together with information they obtain on their own in order to identify the individual.
The officials refused to say in the briefing how many Canadians had their metadata shared or whether they knew what the exact number is.
TIMING RAISES QUESTIONS
The official would not comment on accusations that this kind of activity could be interpreted as mass collection without a specific target or goal.
It’s also not clear why the CSE’s non-compliance was not shared with Canadians earlier.
The breaches took place in 2014, while the former Conservative government was in power.
“I can’t answer the question about the former government, what their reasons were,” said Sajjan….
Neither the Conservatives nor the NDP raised the topic in question period on Thursday, although NDP public safety critic Randall Garrison released a statement to .
“”Reports released today from two of Canada’s surveillance agencies renewed concerns about the threats to privacy and civil liberties in Canada,” Garrison said in the release. He called for the Liberals to put safeguards in place to ensure that CSE does not violate privacy laws again but did not specifiy what measures he would like to see. [They broke the law, they keep breaking the law. They can’t even tell the truth in court. What laws make regular law-breakers heed the law, especially if they’re legally immune, including for Charter violations, eg, AER and Harper’s vile Bill C51?]
On the SIRC report, Garrison called the issues it raised “equally troubling” and said that allegations in the report that suggest CSIS practices did not follow international law are concerning. [Emphasis added]
CSIS obtained taxpayer info from Canada Revenue Agency without warrant [How Harper, AER, Encana et al like it best?] by Jim Bronskill, Canadian Press, January 28, 2016, ipolitics
The Canadian Security Intelligence Service repeatedly obtained taxpayer information from the Canada Revenue Agency without presenting a court-approved warrant for the data.
That revelation was among several concerns raised in the latest annual report of the Security Intelligence Review Committee, which monitors CSIS compliance with law and policy.
The report tabled Thursday said the spy service must do more to ensure insiders don’t pilfer secret material. It also urged CSIS to inform the Federal Court how it uses metadata — the telltale digital trails that accompany messages and phone calls — collected from cyberspace.
The findings came the same day the watchdog over the Communications Security Establishment, Canada’s electronic spy agency, found the CSE had improperly shared metadata about Canadians with key foreign allies.
The reports prompted the NDP to express concern about erosion of civil liberties.
Public Safety Minister Ralph Goodale stressed the Liberal government was embarking on a comprehensive review of Canada’s national security and intelligence framework with the twin aims of effective security and respect for rights.
Far from being an isolated incident, there were “multiple instances” of a CSIS regional office getting warrantless access to taxpayer data from the federal revenue agency, the review committee said in its report for 2014-15.
Questions about the practice were first raised by the Federal Court, prompting CSIS to ask the review committee to look into the matter. Following the incident, there were assurances the sensitive revenue agency information had been purged from a CSIS database when, in fact, it was still there, the review committee’s report says.
Spy service management issued a “stern reminder” to employees of the need for a warrant to collect taxpayer information, but the review committee says that may not be sufficient.
The committee made several recommendations, calling on CSIS to assess its own handling of the incident after it became clear information had been improperly collected. The spy service complied with that request.
Review committee chairman Pierre Blais said CSIS had made “a mistake” but he expressed confidence the committee would not “see that in the future.” [Intentional “mistake?” Does CSIS have any credibility? Any trustworthiness?]
The Canada Revenue Agency had no immediate explanation as to why it gave CSIS the data. [Emphasis added]
[Refer also to:
2014 01 31: Communications Security Establishment Canada (CSEC) illegally spied on Canadians; Harper government insisted CSEC never spied on Canadians; Spy agency’s work with CSIS, RCMP fuels fears of privacy breaches
Slide from Ernst pressentations