CSE Commissioner calls for privacy directive re sharing with Five Eyes

Jim Bronskill reports on the CSE Commissioner's recommendations concerning the sharing of information about Canadians with CSEC's Five Eyes partners (Jim Bronskill, "Canadian spy watchdog calls for safeguards on Five Eyes info sharing," Canadian Press, 14 July 2014):

The watchdog that keeps an eye on Canada's electronic spy agency says it cannot be sure the intelligence service's Five Eyes partners abide by promises to properly protect information about Canadians.

A newly declassified report shows the federally appointed watchdog has recommended that Defence Minister Rob Nicholson issue a directive to Communications Security Establishment Canada that sets out expectations for safeguarding Canadians' privacy when CSEC shares information with its key allies.

The watchdog, known as the CSEC commissioner, has also urged the spy agency to regularly report detailed statistical data to the minister about the international information sharing.

...

Initial inquiries by the CSEC commissioner found the spy service did take measures to uphold the privacy of Canadians in what it shares with the four chief allies — for instance by suppressing Canadian identities in reports supplied to them.

However, the commissioner's office undertook further study to determine how much information about Canadians is being shared with the partners and whether they were fulfilling commitments to protect sensitive details.

"These activities may directly affect the security of a Canadian person," says the 34-page report, originally classified top secret, for Canadian eyes only.

"Precision and accuracy of language in exchanges of information can be critical and affect outcomes, including how individuals are treated."

Or whether they end up at the wrong end of a Hellfire missile.

The report says that beyond "certain general statements and assurances" between CSEC and its foreign sister agencies, the commissioner's office was "unable to assess the extent" to which the four partners "follow the agreements with CSEC and protect private communications and information about Canadians in what CSEC shares with the partners."

It recommended a new ministerial directive based on a risk assessment — an in-depth analysis of how legal and policy regimes in the different countries could affect CSEC's compliance with the law and protection of Canadian privacy.

"The commissioner's office understands that such a risk assessment would not be a trivial undertaking," the report says.

"However, in light of recent events, we believe it is essential."

The newly obtained report was completed in July 2013 by then-CSEC watchdog Robert Decary just after Nicholson took over the defence portfolio. Decary has since been succeeded as CSEC commissioner by former Quebec judge Jean-Pierre Plouffe.

Neither CSEC nor Nicholson's office had immediate comment.

However, an official with the CSEC watchdog's office said the defence minister had accepted the report's recommendations and was working to implement them. The commissioner continues to actively monitor CSEC's dealings with its Five Eyes partners, added the official, who asked not to be named because he is not a designated spokesman.

In underscoring the potential dangers of losing control of information about Canadians, the report points to the case of Ottawa engineer Maher Arar, who was tortured in a Syrian prison over false terrorism allegations. An inquiry concluded information the RCMP passed to the United States likely led to his ordeal.

But the report also stresses that CSEC's ability to fulfil its foreign intelligence collection mandate rests in large part on building and maintaining productive relationships with foreign counterparts.

"According to CSEC, the Five Eyes alliance is more valuable now than at any other time in history, given the increasingly complex technological challenges faced by the partners."

Excerpts from the Commissioner's report can be read here.

Meanwhile, elsewhere in Ottawa-land... (Colin Freeze & Josh Wingrove, "Ottawa prepares to share personal data with foreign governments," Globe and Mail, 14 July 2014):

The Conservative government has given itself broad new powers to share Canadian immigration files and other information with foreign governments – a practice that could have far-reaching implications for individuals who cross borders.

The powers are included in Bill C-24, an overhaul of citizenship law passed last month, though have drawn little attention. The changes amend the Citizenship Act to allow Stephen Harper’s cabinet to draft regulations “providing for the disclosure of information for the purposes of national security, the defence of Canada or the conduct of international affairs,” including under international deals struck by Citizenship and Immigration Minister Chris Alexander.

Cabinet will also now be permitted to allow the “disclosure of information to verify the citizenship status or identity of any person” to enforce any Canadian law “or law of another country.”

Ottawa contends the final regulations are still being developed and will comply with Canadian law. However, critics warn the changes could lead to Canada sharing citizenship and immigration details with foreign countries, whether verified or not, without oversight.

...

In the aftermath of the Arar affair, strict rules were imposed on how Canada’s police and intelligence agencies share information with their foreign counterparts.

However, critics fear the rules are being relaxed – especially as other federal agencies expand their own, less-regulated information sharing practices. Canada’s new perimeter-security agreement with the United States, for example, envisions a greater flow of information in government databases across borders.