Communications Security Establishment Canada (CSEC) chief John Forster holds a document marked top secret while waiting to testify before the Senate national security and defence committee in Ottawa February 3, 2014. Allied intelligence agencies have general agreements not to spy on each other, but the review body for CSEC has reminded Parliament that exceptions exist for every rule.Chris Wattie/Reuters
A federal watchdog is urging Ottawa to put strong rules around how it shares its surveillance data, warning that the U.S. National Security Agency and other close allies can put their own intelligence interests first.
Allied intelligence agencies have general agreements not to spy on each other, but the review body for Canada's Communications Security Establishment (CSE) has reminded Parliament that exceptions exist for every rule.
Every "sovereign nation, can derogate from agreements … as dictated by their own national interests," wrote Jean-Pierre Plouffe, a retired judge, in his annual report to Parliament last year. The report gives some context to modern surveillance partnerships and the risk of unpredictable uses of shared information.
The risks became clearer this week when The Globe and Mail reported that Rogers Communications Inc. and Royal Bank of Canada are named in a leaked NSA document. The 2012 U.S. intelligence presentation, stamped for sharing with Canada, was describing how intelligence analysts can apply surveillance methods to map out the "private networks" used by global corporations.
The full extent and nature of the NSA's interest in the Canadian entities, shown as two of 15 firms on a partial list, were not made clear. A Canadian government spokesman reacted to the document by saying that it showed no evidence that any spying activities were "directed" at Canadian entities.
Canada and the United States are part of a group of surveillance agencies that work together to analyze data they say is "bulk collected" from the Internet's infrastructure. The North American neighbours have worked together since the 1940s to analyze global telecommunications in the name of collective security.
For decades the NSA and CSE have spied in co-operation with agencies from Britain, Australia and New Zealand, and are together known as the "Five Eyes." The powerful alliance relies on near complete trust and sharing, as well as general agreements not to spy on each other.
Because of this, any revelations about member nations directly targeting their own or each other's citizens or corporations are explosive. A previously leaked U.S. guide for keeping intelligence documents under wraps suggests that the NSA would strive to keep any such spying quiet for decades.
Five Eyes partners "are among NSA/CSS's strongest," that document says. "Revealing the fact that the NSA/CSS targeted their communications at any time … could cause irreparable damage." (CSS refers to the NSA's military adjunct, the Central Security Service.)
The CSE's leaders say they take pains to avoid capturing and sharing telecommunications data involving Canadians. They also argue that the Five Eyes arrangement provides Canada with access to the intelligence of agencies that spend billions of dollars each year.
But the CSE watchdog, Mr. Plouffe, points out in his 2014 annual report, that "national interest" can override all else. And without spelling out specific concerns, he points out that information-sharing has "the potential to directly affect the privacy and security of a Canadian when private communications or identity information is shared."
The report says the watchdog office has fought for the CSE to provide "detailed documentation" on what it provides other Five Eyes nations, and for documents about how the allies treat that information.
His office is now seeking more reassurances, including a request that the cabinet member in charge of CSE, currently Defence Minister Jason Kenney, write clearer directives guiding the CSE on how to share with the Five Eyes while also protecting Canadian privacy.
"Indeed, the government is implementing these recommendations as CSE is currently conducting an assessment as recommended by the Commissioner, following which a ministerial directive will be prepared," said Ryan Foreman, a CSE spokesman.
The extent of Canada's surveillance sharing with the United States also has financial implications.
After former NSA contractor Edward Snowden started making disclosures about NSA spying in 2013, some industry experts predicted Canada could reap billions in investment as a relative safe haven for data.
Today, some observers say such predictions were too rosy.
"Anyone who thought that a purely domestic location of data was free from the prying eyes of foreign governments probably was deluding themselves a little bit," said Patrick Flaherty, a Toronto-based intellectual-property lawyer.
"It's a bit of a wake-up call – for anyone and everyone," he said of the NSA's apparent interest in Canadian companies. "Regardless of where data is stored, if it's in any way, shape or form accessible through the Internet or other connections, it's available for review by foreign agencies who have the technological wherewithal and funding to go and seek it out."