Unlike in Britain and the United States, Parliament is not involved in holding Canada’s intelligence gathering agency to account.
Creepy truth: American spies with access to everyone’s data do occasionally succumb to the urge to snoop illegally through their love lives, peering into the private communications of former paramours.
Creepier truth: if you’re Canadian, you have no way of knowing whether one of your own spies does it to you.
Hypothetically, they don’t. Legally, they can’t. But that’s the problem, say critics of the fast-growing Communications Security Establishment Canada (CSEC), the Ottawa agency that scours global telephone logs, email and Internet trails for worrisome patterns — with CSEC it’s all hypothetical because Canada’s electronic watchers enjoy a secrecy second to none.
Nearly six months after former computer specialist Edward Snowden began tearing back the curtain on America’s National Security Agency with a series of stunning disclosures about the true extent of U.S. mass surveillance, Canada’s CSEC remains a silent bystander.
Apart from a single report by journalist Glenn Greenwald accusing CSEC of eavesdropping on Brazil’s mining and energy ministry, Canada’s electronic spies have thus far escaped the brunt of Snowden’s cascading disclosures.
That’s good, right? Sure it is. But it also leaves Canadians, including Parliament, almost completely in the dark on what the underscrutinized CSEC actually does, even as outraged Americans and Britons shine a bright light on — and mobilize to change — the ways their own governments consume private data.
“Canadians who think they are in the clear on these ongoing scandals need to grasp that we are the ones who need the debate the most,” said Ron Deibert, director of the University of Toronto’s Citizen Lab.
“The Canadian checks and balances just aren’t there. We have no parliamentary oversight of CSEC, no adequate independent entity to watch the watchers and act as a constraint on misbehaviour. It just doesn’t exist now.
“It’s not a question of people shrugging and saying, ‘Well, I’ve got nothing to hide.’ The real problem is oversight — and the potential for abuse if left unchecked.”
It’s an idea that even CSEC’s former chief, John Adams, concedes would be helpful.
Adams doesn’t think “oversight” is realistic, but supports the robust “review” of CSEC’s activities and sees the value in having a committee of security-cleared parliamentarians “fully briefed on what CSEC is doing.
“It would be an opportunity for them to provide feedback and observations and raise concerns perhaps about what CSEC is doing and CSEC could also use that forum as an opportunity to talk about what they might be doing or consider doing or to bounce off of them some thoughts,” said Adams.
“It would be an opportunity for (Parliament) to have some public debate but it would be a limited public debate because they’d have to be sworn to secrecy.”
This review does exist in the United States, though many argue the checks and balances have been abused and subverted in light of Snowden’s NSA disclosures.
Yet in the U.S., as the scandal grew, so too did Congressional scrutiny, with American politicians like Sen. Ron Wyden of Oregon leading the pushback against secrecy.
A case in point came in August, when the leak of a top-secret document revealed the NSA broke privacy rules and overstepped its legal authority thousands of times a year after 2008, when the agency was granted broad new powers by Congress.
Most of the violations were “unintentional,” but that sparked congressional queries for details on cases involving wilful misconduct by NSA spies. As pressure mounted, the NSA took the extraordinary measure of a public statement, acknowledging that a handful of its officers had used the agency’s enormous eavesdropping power to spy on romantic interests.
Those instances, though rare, were common enough to warrant their own spycraft label — LOVEINT, or “love intelligence.” Most of the officials involved resigned, were dismissed or were demoted to a lower pay grade with limited security clearance, the agency said.
But that’s only one piece of a much broader debate taking place in Washington, as two competing pieces of legislation emerge with the intent to rein back NSA powers and place congressional checks and balances on a stronger footing. An important element of that debate is whether America’s massive metadata effort — the gathering up of the entire haystack of phone and Internet communications — is worth the cost.
These questions are hardly ever asked north of the border, even though Canada is a partner in the so-called Five Eyes, sharing intelligence-gathering chores alongside the U.S., Britain, Australia and New Zealand.
Little is known of what that entails, precisely, although the Globe and Mail penetrated one layer of the CSEC bubble in June. The newspaper disclosed that a secret Canadian metadata surveillance program first launched in 2005 under then-prime minister Paul Martin was frozen amid privacy concerns, only to be reinstated in 2011 under new rules.
Hundreds of pages of records on the program, obtained through Access to Information requests, came back with large passages blacked out on grounds of national security, the Globe reported.
The lone watchdog agency overseeing CSEC, the Office of the CSE Commissioner, has given its blessing to the metadata program. But critics say the office and its staff of eight, which until recently received its funding directly from the Department of National Defence, as does CSEC, remains too close to Canada’s security establishment to effectively safeguard privacy concerns.
Once a year CSEC’s watchdog reports to Canadians. But far more often, it reports secretly to the defence minister with recommendations for adjustments in how CSEC conducts its business. In his most recent public report, released in August, outgoing commissioner Robert Decary ended his three-year term proclaiming that all activities complied with Canadian law with the exception of “a small number of records (which) suggested the possibility that some activities may have been directed at Canadians, contrary to the law . . . I was unable to reach a definitive conclusion.”
Decary, in a final assessment of his time as CSEC watchdog, wrote that he saw little value in a confrontational relationship. “With my years of experience, I see the office more CSEC’s conscience than as a sword of Damocles,” he wrote.
But even Decary nudged Canada’s spymasters toward greater openness, writing that “I believe that the ice has been broken and that the security and intelligence agencies understand they can speak more openly about their work without betraying state secrets or compromising national security.
“The greater the transparency, the less skeptical and cynical the public will be.”
University of Ottawa scholar Wesley Wark, who specializes in national security and the history of intelligence agencies, says the CSEC watchdog is simply not enough.
Unlike Britain and the United States, Canadian oversight leaves a “gaping hole . . . a big gap” because Parliament is not involved in holding intelligence agencies to account as Adams suggested, Wark told The Star.
The issue has simmered for years, said Wark, with failed attempts, most recently in 2005, to create a British-style Committee of Parliamentarians on National Security.
But oversight actually grew worse in 2011, said Wark, when CSEC was deemed an independent agency within the Department of National Defence, effectively eliminating a requirement to report to the national security adviser and Privy Council office. “It took that away entirely,” said Wark, “and put it all within (DND), where it’s very easy for CSEC to disappear down its secret hole.
“There’s a question about who is really in charge and who’s deciding to apportion CSEC resources in terms of current operations,” he said.
Among the key questions Wark says remain unanswered is how much bang CSEC gets for its buck. And whether, in Canada’s haste to satisfy the obligations of its Five Eyes commitments, we sell Canadian interests short.
Deibert, who this year published Black Code: Inside the Battle for Cyberspace, argues that while parliamentary oversight remains an admirable goal, the evolving issue of privacy-versus-surveillance warrants something more ambitious.
“I would go further: There needs to be somebody who is not part of Ottawa culture, who is adversarial, something with the authority and credibility of the Privacy Commission’s office,” said Deibert.
“Parliamentary oversight is necessary. But you also need oversight that doesn’t depend on favours or look through the lens of partisan politics.
“I just don’t think, as a society, Canada has caught up with the epochal scope of what has changed in the last 10 years. We’ve gone through the most profound transformation in how we communicate. Mobile and broadband technologies have turned us inside out — and at the same time these Cold War agencies are now turning their gaze inwards on us.
“It’s no longer spy-versus-spy and concern over foreign states with nuclear weapons. Now it’s about somebody blowing themselves up in a shopping mall. And so the threat model has turned toward all of society.”
Canada’s security agencies cannot do their jobs in total transparency, of course. Some degree of secrecy is crucial. But that is no hindrance, if a committee of Parliament were to be vetted and cleared — a commonplace practice in other jurisdictions — and thus able to absorb firsthand the full heft of CSEC activities.
But if CSEC’s critics and former bosses agree on at least some increased scrutiny, Adams doesn’t buy into all the Snowden hype. He shrugs, for example, at the furor that followed October’s disclosure of U.S. eavesdropping on German Chancellor Angela Merkel’s cellphone.
“Every leader in the world knows that people would love to know what they’re thinking, where they’re heading . . . anyone who doesn’t think that is happening is in never-never land,” Adams said.
“It’s not illegal but it’s embarrassing. There are 12 rules and 11 of them are, ‘Don’t get caught.’ ”