OTTAWA—Canada’s electronic spy agency broke privacy laws by sharing information about Canadians with foreign partners, a federal watchdog says.
The Communications Security Establishment passed along the information—known as metadata—to counterparts in the U.S., Britain, Australia, and New Zealand, said Jean-Pierre Plouffe, who keeps an eye on the highly-secretive agency.
Metadata is information associated with a communication—such as a telephone number or e-mail address—but not the message itself.
The Ottawa-based CSE uses highly-advanced technology to intercept, sort, and analyze foreign communications for information of intelligence interest to the federal government.
Documents leaked in 2013 by former American spy contractor Edward Snowden revealed the U.S. National Security Agency—a close CSE ally—quietly had obtained access to a huge volume of e-mails, chat logs, and other information from major Internet companies, as well as massive amounts of data about telephone calls.
As a result, civil libertarians, privacy advocates, and opposition politicians demanded assurances the CSE was not using its extraordinary powers to snoop on Canadians.
The spy agency legally is authorized to collect and analyze metadata churning through cyberspace, and it inevitably comes across data trails about Canadian messages and calls.
Privacy advocates have stressed that metadata is far from innocuous as it can reveal much about a person’s online behaviour.
In his annual report for 2014-15, completed last year but made public only today, Plouffe said certain CSE metadata activities raised legal questions that he continued to examine and assess.
In a statement, Plouffe said he’s since completed that legal assessment.
In collecting metadata, the CSE is required to take measures to protect the privacy of Canadians.
Plouffe said the spy service discovered on its own that certain types of metadata containing Canadian identity information were not being properly “minimized” (i.e., removing potentially revealing details) before being shared with the CSE’s four key foreign partners.
The former head of the CSE informed the watchdog, as well as the defence minister, about the matter.
CSE then suspended the sharing of this metadata with its partners.