'Difficult to determine' scope of privacy breach in Five Eyes data sharing - Action News
Home WebMail Monday, November 11, 2024, 06:05 AM | Calgary | -1.6°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Politics

'Difficult to determine' scope of privacy breach in Five Eyes data sharing

It's impossible to know how many Canadians had their personal data shared by the country's electronic spy agency in a metadata glitch, according to its watchdog.

Lack of information about metadata sharing 'unconscionable' and 'irresponsible,' privacy advocate says

CSE commissioner Jean-Pierre Plouffe told senators Monday that because the data's now erased, it may be impossible to determine the scope of a privacy breach that saw Canadians' information shared with intelligence partners abroad. (Adrian Wyld/Canadian Press)

It's impossible to know how many Canadians had their personal data shared by the country's electronic spy agency in a metadata glitch, according to its watchdog.

Jean-Pierre Plouffe, commissioner of theCommunications Security Establishment (CSE),told a Senate committee Monday thatdata wereerased from the agency's system, making it difficult to find out the number of people impacted.

"It is impossible to know the exact figure.After a certain amount of time, data disappears. They have a deadline after which system data is deleted."

A month ago, Plouffe tabled his annual report in the House of Commons, revealingfor the first time that CSE illegally and unintentionally shared metadata with Canada's Five Eyes intelligence allies: the United States, United Kingdom, Australia and New Zealand.

That data may include Canadians' personal information, including phone numbers or email addresses, but not the content of emails or recordings of phone calls.

"It's not accidental," Plouffe said in an interview about the CSE breaking the law. "It's because of a lack of due diligence."

Metadata is information associated with communication that is used to identify, describe or route information. CSE is supposed to monitor only foreign communications for intelligence that may be of interest to Canada.

If the spy agency comes across Canadians' information, the law requiresit todelete the data from its systems.

No idea how longproblem lasted

The commissioner said CSE disclosedthe metadata glitch as it prepared its 2014 annual report.

"When they discovered it, they didn't know for how long the problem existed," said Plouffe, who still doesn't know if the glitch lasted months or years.

When Conservative Senator Claude Carignan asked "How many Canadians were affected by this error?" the commissioner could not answer.

Plouffe explained that the spy agency intercepts millions of pieces of metadata each year. But it erases data after a certain deadline to make room in the system.

"It is very difficult to determine the number of Canadians affected," said Plouffe.

'First CSE non-compliance'

This is the first time the commissioner has saidhis office has ever discovered a non-compliance issue with CSE.

Plouffe says even if Canada's intelligence allies did receive some Canadianinformation, theoretically they should not act upon it, according to the policy.

All of the Five Eyes partners' data is stored in Washington. Plouffe checked with the U.S. National Security Agency inJanuary 2015and was told it wasn't aware of any Canadian's personal information being compromised.

However, Canada has stopped sharing certain metadata with international partners. Defence Minister Harjit Sajjan said last month that sharing won't resume until he's satisfied that the proper protections are in place.

Unacceptable 'from A to Z'

Ontario's former privacy commissioner,Ann Cavoukian, says CSE never should havecollected the metadata in the first place and wants the practice to end.

"It has been illegally collected," said Cavoukian. "It's unscrupulous they're doing this...The whole thing from A to Z is unacceptable."

Cavoukian questions how it's possible that the metadata isn't tracked.

"I just think it's unconscionable that they have no idea how much metadata has been collected, where it is and they're saying now it's all deleted.That's irresponsible."

In an email, a communications adviser said the federal privacy commissioner's officeis in discussions with CSE and can't comment further at this time.

"We wanted to follow up to seek further clarity on the issues raised in the report, including how much personal information of Canadians was involved and what ultimately happened to the information, and whether appropriate protective measures were taken," wrote spokeswomanTobi Cohen.