Reports that U.S. authorities have been trawling for data from the biggest companies on the internet have so rattled Canada’s Privacy Commissioner, she’s seeking clarity from the country’s cryptologic agency to find out what this means for Canadians.
Stories Thursday in the Guardian and the Washington Post detailed the U.S. National Security Agency‘s PRISM program – warrantless intelligence-gathering that ostensibly targeted foreigners and reportedly involved collecting personal information from the servers of willing companies. All the participating companies listed have vehemently denied any knowledge of the program, which a U.S. government spokesman has called “among the most important and valuable intelligence information we collect.”
“The scope of information reportedly being collected raises significant concerns,” Scott Hutchinson, a spokesperson for Privacy Commissioner Jennifer Stoddart, said in an email.
“Going forward, we plan to express our concerns to and seek information from the Commissioner of the Communication Security Establishment to determine how the personal information of Canadians may be affected.”
(in a subsequent email in response to a follow-up question, Hutchinson said approaching the Communications Security Establishment ” is not an indication of us thinking the CSE is involved in PRISM, whatsoever”)
The Communications Security Establishment, a federal agency responsible for collecting foreign intelligence and safeguarding the Canadian government’s data, won’t say whether it knew about PRISM or whether U.S. agencies shared any of the intelligence the program gathered: “To do so would undermine CSEC’s ability to carry out its mandate,” spokesman Ryan Foreman wrote in an email, adding that the organization’s mandate is “strictly related to foreign intelligence.”
“That’s really bad, particularly for Canadians”
The PRISM program was supposed to focus on foreign intelligence, too: The safeguard built into the legislation that permits this kind of blanket surveillance is that it should avoid U.S. citizens and residents.
And that should worry everyone north of the 49th parallel, says Tamir Israel, cyber security expert and staff lawyer at the Canadian Internet Policy and Public Interest Clinic.
“The Canadian angle is a very serious one,” Israel said. “With back door access, you could just set something up to mirror and record and take snapshots every five minutes and just record it all forever, to go back to it later and look at it,” he said.
“I think that’s really bad, particularly for Canadians.”
Global News contacted Canadian subsidiaries of Google, Yahoo!, Microsoft, Apple and Facebook. Each company stressed its commitment to user privacy: Apple and Facebook professed never to have heard of the PRISM program before Thursday; Google denied having a “back door” entry point for intelligence agencies.
None responded affirmatively when asked whether the company could guarantee none of its users’ personal information has been accessed, or can be accessed, by U.S. government representatives from its servers without a warrant.
And their denials haven’t allayed the fears of those charged with safeguarding Canadians’ secrets.
“It is just breathtaking,” Ontario Privacy Commissioner Ann Cavoukian said in an interview.
“We have to just assume that all of our information is accessible. It just doesn’t pass the smell test. … It’s inescapable, how inappropriate this is.”
“These are bombshell revelations”
So what now?
“These are bombshell revelations,” said Micheal Vonn, policy director at the B.C. Civil Liberties Association. “It’s too early to predict what the ramifications might be.”
That said, Vonn added, “we fully intend to get some pointed questions to the Canadian government about knowledge, complicity, alliance with this program. And whether, in fact, very, very quietly, the Canadian security establishment has been harvesting the fruits of this program for some time.”
Cavoukian’s a little more optimistic: She doesn’t think this is the end of privacy, period.
“I’m optimistic precisely because this story has erupted,” she said. “When you hear stories like this and the outrage on the part of the public … I think this is just starting. And it will make companies reticent to give this information out unless they have the strongest warrant possible.”