Federal Court rules CSIS cannot get warrants to intercept data physically located outside of Canada
Canadian spies at CSIS cannot get warrants to intercept communications from foreign nationals in Canada if doing so would involve things like accessing data stored on servers outside the country.
In a ruling released late Wednesday afternoon, the Federal Court‘s Justice Simon Noël determined he did not have the authority to grant a request by the Canadian Security Intelligence Service for a warrant authorizing intelligence officers to intercept foreign intelligence if doing so has “extraterritorial effect.”
That’s because under existing laws, CSIS is only authorized to collect foreign intelligence from “within Canada.”
The case in question is heavily redacted and does not indicate clearly exactly what, who or why CSIS sought a warrant to conduct foreign intelligence operations that could stretch beyond Canadian borders.
What it appears to centre on, however, is the question of what exactly counts as “within Canada” when it comes to what spies can and cannot intercept.
WATCH BELOW: CSIS’s extremist probe ended months before shooting
In the past, for example, such a request might have taken the form of CSIS asking the court for a warrant to wiretap the phone conversations of two foreign diplomats having a conversation via phone in Ottawa.
These days, that same communication might take place instead via a foreign national sitting in their living room in Ottawa and communicating with another foreign national through draft messages created and saved on an email platform whose data is all stored in a server located overseas.
“The issue of that is, if you’re running down the communication outside of Canada, is that still within Canada?” said Craig Forcese, a law professor at the University of Ottawa focusing on national security.
“Reading between the lines — or skipping over the dark parts — the answer from the Federal Court is no.”
The CSIS Act, which governs what the domestic spy agency can and cannot do, was created in 1984.
Its requirement that activities aimed at finding out what foreigners are doing be based only “within Canada” has remained on the books ever since.
WATCH BELOW: Exclusive: Did Google Street View breach security at CSIS?
Meanwhile, rapid technological change and increasingly interconnected threats raise the question of how that requirement should be interpreted.
According to the court documents, Attorney General Jody Wilson-Raybould had made the argument that the Federal Court should grant leeway for the warrant to be granted even if some parts of the activities it might authorize could take place abroad.
“The Attorney General argues that the Court must adopt a purposive interpretation of section 16 that supports the presence of an extraterritorial dimension when providing assistance from ‘within Canada,'” she argued in the records.
“Accordingly, a strict and literal interpretation would lead to absurd results since it would prevent the collection of any information with a foreign dimension, such as in this case, where the Service seeks to [redacted].”
However, Justice Noel ruled that while he recognizes technological change poses a challenge for CSIS, the wording of the current rules mean he could not grant the warrant the spies had requested.
“The correct interpretation of the expression ‘within Canada’ is ‘only in Canada’; anything else would amount to the Court legislatively rewriting this section,” he wrote in his conclusion, and suggested officials ask the government to amend the law if it wants its powers changed.
Forcese said he can see both sides of the debate.
“I can see how the government would say, technically, the culminating data manipulation takes place overseas, but really, it commences in Canada and so really, can’t we say that geographically this takes place within Canada?” he said.
“I can also understand the Federal Court’s decision. The fact is, the data’s overseas — physically overseas on a foreign server — and the only way you get it is you sitting in Canada and reaching across the border. So the intercept itself takes place overseas if you’re hacking into that foreign server to get that message.”
While the ruling could cause problems for CSIS in the future by leaving it dependent on allied agencies to feed back that kind of information, he stressed lawmakers must weigh any potential request to change the rules very carefully.
The reason that domestic requirement was put in place is because officials — not just in Canada but also in the U.S. and U.K. — have been wary of blending the cultures that typically surround domestic security organizations like CSIS, the FBI and MI5 with those that are in place with the CIA and MI6.
“You don’t want a rule-of-law security intelligence organization [like CSIS, the FBI or MI5] to have James Bond,” he said.
“If we sort of eliminate any geographical restraint on its foreign intelligence, then we basically bundle MI5 and MI6 together and say, go to it.”