Advertisement

CSIS may be illegally holding information about innocent people: spy watchdog

A sign for the Canadian Security Intelligence Service building is shown in Ottawa on May 14, 2013. THE CANADIAN PRESS/Sean Kilpatrick

The Canadian Security Intelligence Service has failed to ensure it doesn’t illegally hold on to sensitive information about innocent people, a federal spy watchdog says.

In a report made public Wednesday, the Security Intelligence Review Committee also expresses concern that CSIS lacks the ability to make the necessary changes, two years after a scathing court ruling about its practices.

An October 2016 Federal Court decision said CSIS broke the law by keeping and analyzing electronic data about people who were not actually under investigation.

WATCH: Google, Goodale react to possible CSIS breach

Click to play video: 'Google, Goodale react to possible CSIS breach'
Google, Goodale react to possible CSIS breach

The pointed ruling said the spy service shouldn’t have retained the data trails because they were not directly related to threats to the security of Canada.

Story continues below advertisement

CSIS processed the metadata beginning in 2006 through its Operational Data Analysis Centre to produce intelligence that can disclose intimate details about individuals.

Metadata is information associated with a communication, such as a telephone number or email address, but not the message itself.

For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.

Get breaking National news

For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.
By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy.

The intelligence review committee report, tabled in Parliament, found the spy service was “still dealing with the implications” of the court decision when it comes to handling information about third parties.

WATCH: Exclusive: Did Google Street View breach security at CSIS?

Click to play video: 'Exclusive: Did Google Street View breach security at CSIS?'
Exclusive: Did Google Street View breach security at CSIS?

The committee found that CSIS’s definitions, guidelines and training related to assessment and reporting of third-party data were “clearly insufficient.”

“In addition, (the review committee) is concerned with respect to CSIS’s capacity to deliver policy development commitments.”

Story continues below advertisement

The committee also looked at how the spy service was handling bulk datasets – electronic information collected in bulk that may include information about security threats.

The committee “saw no evidence” that CSIS had changed its policies and procedures concerning the collection of bulk datasets following the 2016 court decision, creating a risk the spy service could again stray beyond the law.

The findings come as a Liberal national security bill, currently before Parliament, proposes new authorities for CSIS to crunch and analyze data.

The committee report says the powers would “require rigorous governance, procedures and training to be in place from the beginning,” given its findings on how CSIS handles data.

It recommends the spy service come up with a “robust process” for assessing the privacy and legal risks to Canadians associated with datasets.

In a response included in the report, CSIS says the dataset framework in the Liberal legislation effectively addresses those concerns. “New processes, systems and policies are being developed to ensure CSIS is prepared to implement the bill.”

Story continues below advertisement

A modern intelligence agency requires the lawful authority to collect and analyse a broad range of data to detect threats and identify previously unknown trends and patterns, CSIS director David Vigneault said in a statement.

“Datasets are important building blocks that could lead not only to initiating an investigation, but to unfolding investigations.”

However, Vigneault acknowledged CSIS must do a better job of demonstrating the usefulness of data analysis.

Sponsored content

AdChoices