Government responds to BCCLA lawsuit
The Canadian government has filed its statement of defence in the B.C. Civil Liberties Association lawsuit against CSEC (previous discussion here and here).
James Keller of the Canadian Press has written a good report on the government's response to the lawsuit ("Ottawa says CSEC's collection of Canadians' data 'incidental'," Canadian Press, 24 January 2014).
I do have a quibble, however.
Keller reports that
CSEC is prohibited from targeting Canadians anywhere or persons inside Canada (except when it is operating under part (c) of its mandate), but it is not prohibited from intentionally collecting communications between Canadians (or others) who are outside of Canada as long as such collection is not "directed at Canadians or any person in Canada" and it is not prohibited from collecting "private communications" (communications with at least one end in Canada) as long as it is operating under a ministerial authorization and the interception is "directed at foreign entities located outside Canada". There is also no prohibition against CSEC collecting "private communications" to or from a computer system or network of a Canadian federal government institution as long as CSEC is operating under a ministerial authorization and the collection is "directed at the acquisition of data, irrespective of its origin, that would potentially risk harm to the network being protected."
Nothing in these rules says that such forms of Canadian-related collection can only be "unintentional".
As I noted here, in 2005 then-CSEC Chief Keith Coulter stated explicitly that one of the reasons CSEC sought legal authorization to conduct such intercepts was to ensure that it could collect communications between foreign intelligence targets outside of Canada and persons inside Canada:
But even the term "incidental" is misleading. Within CSEC it may be well understood that it refers to collection of a communication that was initially selected for monitoring for reasons not specifically related to its Canadian connection, but to the general public "incidental" suggests that collection of such communications was not one of the goals of the operation.
Let's think about this a bit. If CSE were capable of identifying the Canadian connection in such a communication before it made the actual interception (as, for example, it would be in the case of a telephone call made by a terrorist suspect in Yemen to a landline number in Canada), would it choose not to collect that communication? No. It would not make that choice.
What we are talking about here is the deliberate, intentional collection of the communications of Canadians or persons in Canada when they are making suspicious contact with Canadian government computer systems or communicating with terrorist suspects or other foreign intelligence targets located outside of Canada.
The number of such communications that are used and retained by CSEC is said to be small (no one will say if the number intercepted is small), and the case for collecting them is strong -- subject to suitable limits and controls.
But how can we have a reasoned public debate about the sorts of collection activities that are acceptable, and the kinds of limits and controls that are suitable, without a basic commitment to linguistic candour on the part of the government?
More comments in a future post.
James Keller of the Canadian Press has written a good report on the government's response to the lawsuit ("Ottawa says CSEC's collection of Canadians' data 'incidental'," Canadian Press, 24 January 2014).
I do have a quibble, however.
Keller reports that
CSEC is forbidden from intentionally collecting or analyzing information from Canadian citizens, whether they are in Canada or abroad.The government's statement does not actually use the terms "intentional/unintentional", and for good reason.
However, the National Defence Act allows the defence minister to give CSEC written authorization to unintentionally intercept private communications while collecting foreign intelligence.
CSEC is prohibited from targeting Canadians anywhere or persons inside Canada (except when it is operating under part (c) of its mandate), but it is not prohibited from intentionally collecting communications between Canadians (or others) who are outside of Canada as long as such collection is not "directed at Canadians or any person in Canada" and it is not prohibited from collecting "private communications" (communications with at least one end in Canada) as long as it is operating under a ministerial authorization and the interception is "directed at foreign entities located outside Canada". There is also no prohibition against CSEC collecting "private communications" to or from a computer system or network of a Canadian federal government institution as long as CSEC is operating under a ministerial authorization and the collection is "directed at the acquisition of data, irrespective of its origin, that would potentially risk harm to the network being protected."
Nothing in these rules says that such forms of Canadian-related collection can only be "unintentional".
As I noted here, in 2005 then-CSEC Chief Keith Coulter stated explicitly that one of the reasons CSEC sought legal authorization to conduct such intercepts was to ensure that it could collect communications between foreign intelligence targets outside of Canada and persons inside Canada:
if we had a terrorist target abroad and it had a communication into Canada, we wanted to be able to acquire that. If there was an al-Qaeda target in a faraway place and they were communicating into a city in Canada, that was a communication we sought the authority, from Parliament, to acquire, use, and retain, and that's what it gave us [when it passed the Anti-Terrorism Act in 2001].CSEC describes the collection of Canadian communications in such cases as "incidental", not "unintentional". (The CSE Commissioner does use the term "unintentional", however.)
But even the term "incidental" is misleading. Within CSEC it may be well understood that it refers to collection of a communication that was initially selected for monitoring for reasons not specifically related to its Canadian connection, but to the general public "incidental" suggests that collection of such communications was not one of the goals of the operation.
Let's think about this a bit. If CSE were capable of identifying the Canadian connection in such a communication before it made the actual interception (as, for example, it would be in the case of a telephone call made by a terrorist suspect in Yemen to a landline number in Canada), would it choose not to collect that communication? No. It would not make that choice.
What we are talking about here is the deliberate, intentional collection of the communications of Canadians or persons in Canada when they are making suspicious contact with Canadian government computer systems or communicating with terrorist suspects or other foreign intelligence targets located outside of Canada.
The number of such communications that are used and retained by CSEC is said to be small (no one will say if the number intercepted is small), and the case for collecting them is strong -- subject to suitable limits and controls.
But how can we have a reasoned public debate about the sorts of collection activities that are acceptable, and the kinds of limits and controls that are suitable, without a basic commitment to linguistic candour on the part of the government?
More comments in a future post.
0 Comments:
Post a Comment
<< Home