OTTAWA – The controversial data-crunching centre run by Canada’s spy agency has long been using personal details gleaned from security clearance forms to help with national security probes – a practice that worries the federal privacy watchdog, newly disclosed letters show.
The correspondence reveals that for at least five years the Canadian Security Intelligence Service‘s Operational Data Analysis Centre has drawn upon private information – provided during security assessments for employment and immigration purposes – to assist with CSIS terrorism and espionage investigations.
The Canadian Press used the Access to Information Act to obtain heavily censored copies of the letters between CSIS and the federal privacy commissioner.
The exchange paints a fuller picture of how CSIS’s secretive analysis centre exploits information collected by the spy service to detect patterns and corroborate leads.
READ MORE: CSIS saw ‘no high privacy risks’ with keeping personal data on Canadians
The virtually unknown analysis centre became a focus of public concern last November when Federal Court Justice Simon Noel said CSIS violated the law by keeping electronic data trails about people who were not actually under investigation.
CSIS set up the centre in 2006 to more rigorously exploit and analyze data.
The spy service cited only low risks to personal information in an August 2010 assessment of the centre it submitted to the privacy commissioner.
In a newly released November 2011 reply to CSIS, the privacy commissioner’s office expressed concern about possible use of security assessment information for purposes other than immigration or job clearances.
CSIS’s security screening program helps the government prevent newcomers who pose a threat from entering Canada and acquiring legal status. It is also intended to ensure people of security concern do not gain access to classified information, sensitive sites or major events.
READ MORE: Canada contemplating allowing CSIS to use metadata from innocent people
The privacy commissioner’s letter recommended that people be told the information they provide to CSIS may be used “for purposes beyond the provision of security assessment services, such as general law enforcement, national security, or within the context of an investigation.”
CSIS took almost a year to respond, but in November 2012 the spy service told the commissioner’s office that while the data analysis centre was indeed using assessment information to help with security probes, existing measures addressed the privacy watchdog’s concerns.
The intelligence service noted that people who need a federal security clearance must complete a screening, consent and authorization form that advises applicants their personal information will be stored in a CSIS personal information bank.
A publicly available description of that bank says the information may be used for data-matching or for the purpose of conducting lawful investigations, the CSIS letter added.
READ MORE: CSIS director says data not collected illegally, but welcomes court ruling
CSIS spokeswoman Tahera Mufti said the data analysis centre continues to use security assessment information in support of national security investigations – for instance, to corroborate a name or address.
“CSIS takes very seriously all potential privacy considerations related to its work and is committed to ensuring that its activities are transparent, accountable and in compliance with privacy legislation, guidelines and best practices,” Mufti said.
Tobi Cohen, a spokeswoman for the privacy commissioner, said she could provide few additional details given the classified nature of the file.
However, Cohen said, the spy service has been talking with the commissioner’s office about the data analysis centre as a result of the November court ruling.
In addition, CSIS is working on a new privacy impact assessment concerning use of security assessment information in national security probes, she said. It will help the commissioner’s office gauge whether use of the information “is appropriate and complies with privacy law.”
Comments