Menu

Topics

TV Programs

Connect

Local

your local region

National

Share

Share this item via WhatsApp whatsapp Share this item on Flipboard flipboard Share this item on Reddit reddit

Calendar

Calendar

Search

Quick Search

  •  
  •  
  •  
  •  
  •  
  •  

Trending Now

  •  
     
  •  
     
  •  
     
  •  
     
  •  
     
  •  
     

Add Global News to Home Screen

Instructions:

  1. Press the share icon on your browser
  2. Select Add to Home Screen
  3. Press Add

Comments

Want to discuss? Please read our Commenting Policy first.

Video link
Headline link
Advertisement
Canada

Canada’s cyber intelligence agency logged 137 ‘privacy incidents’ in 2022

By Alex Boutilier Global News
Posted June 29, 2023 10:40 am
4 min read
Click to play video: 'The West Block: June 25, 2023 | How Russian cyber criminals are targeting Canadians, oil and gas sector'
The West Block: June 25, 2023 | How Russian cyber criminals are targeting Canadians, oil and gas sector
A Canadian intelligence agency is sounding the alarm that Russia may be stepping up its cyberattacks against Canada for supporting Ukraine amid Russia’s invasion. A new threat assessment says Russia-aligned hackers’ next goal could be compromising Canada’s oil and gas sector, increasing national security concerns as critical infrastructure runs on oil and gas. Critics warn that the federal government hasn’t followed through on its cybersecurity promises, leaving businesses and Canadians vulnerable to growing threats. ‘The West Block’ host Mercedes Stephenson sat down with Sami Khoury, head of the Communications Security Establishment’s Centre for Cyber Security, to discuss how cyberattacks affect Canadians. Plus, Stephenson speaks with Lisa Raitt, former Conservative cabinet minister and vice-chair of global investment banking at CIBC, and Naheed Nenshi, former Calgary mayor, about the highs and lows of the parliamentary session and what political leaders will be prioritizing during the summer break – Jun 25, 2023
Share this item via WhatsApp

Share

Share this item via WhatsApp whatsapp Share this item on Flipboard flipboard Share this item on Reddit reddit

EDITOR’S NOTE: This article has been updated to reflect a change in the number of privacy incidents reported by the CSE. Following publication, the CSE corrected their own numbers to report a total of 137 privacy incidents in 2022-23. This article has been updated to reflect the change.

Canada’s electronic intelligence agency logged 137 privacy “incidents” over the last fiscal year, including 23 that were attributed to a Five Eyes partner agency.

The disclosure comes as the Communications Security Establishment (CSE), Canada’s cyber defence and espionage agency, resumes sharing “metadata” with close security partners after the program was halted due to privacy concerns.

“Privacy incidents” can include everything from minor procedural mistakes, for instance mislabeling data, to more significant disclosures of sensitive information. The CSE’s report does not include detail on how severe any of the 137 breaches in 2022-23 were.

Story continues below advertisement

“Metadata” refers to information related to electronic communications — for instance, IP addresses, the date and time messages were sent, phone numbers and email addresses — not the content of messages themselves. However, the information can still be extremely sensitive, and the CSE noted it’s an “essential” part of their foreign intelligence mission.

In its 2022-23 annual report, the CSE noted that it has “detailed” internal policies on “how to handle information related to Canadians.” By law, the CSE is prohibited from turning its surveillance capabilities on Canadians or people in Canada. But Canadians’ information can still be scooped up “incidentally” through the CSE’s surveillance of global internet infrastructure.

More on Canada

Even minor privacy breaches are logged as “operational privacy incidents,” the agency reported.

The email you need for the day's top news stories from Canada and around the world.

“CSE takes steps to correct the error, for instance by deleting data. CSE logs and tracks privacy incidents so we can take steps to prevent future incidents,” the report, released Thursday, read.

The CSE has only recently begun publicly admitting the number of privacy “incidents” it logs each year. In 2021-22 – the only other year where operational privacy incidents were publicly reported – the agency logged 114 incidents internally, and another 33 attributed to a foreign “second party” agency.

Separate reports on the agency’s compliance with privacy laws indicate a handful of breaches that were serious enough to notify Canada’s privacy watchdog over the last five years – although none of the incidents in 2022 met that threshold, the agency says.

Story continues below advertisement

“Over the decades we have developed a suite of policies and procedures designed to protect Canadian privacy. These measures are layered, so that a single error is unlikely to result in a privacy breach,” Robyn Hawco, a spokesperson for the agency, said in a statement to Global News.

“Any occurrence, however minor, that runs counter to our policies, or is not covered by them, is considered an ‘operational privacy incident.’”

The CSE has sophisticated electronic surveillance capabilities, and has been under increased scrutiny over the last decade after Edward Snowden leaked classified information about Five Eyes spying operations. While the agency is prohibited against directly targeting Canadians, it hoovers up massive amounts of information from the global internet, and has faced criticism over its privacy policies.

A 2020 report from the National Security and Intelligence Review Agency, an independent review body, stated that privacy breaches were “unavoidable” due to the nature of the CSE’s work – although noted some deficiencies in how the agency addressed the incidents.

Trending Now

The CSE’s report also disclosed that the agency has resumed sharing “metadata” with Five Eyes security partners — agencies in the U.S., U.K., Australia and New Zealand — almost a decade after the program was halted due to privacy concerns.

The agency suspended sharing metadata with close allies in 2014, after it discovered that some information that could identify Canadians was being shared — inadvertently, according to the CSE.

Story continues below advertisement

“CSE gathers metadata under the foreign intelligence aspect of our mandate, which prohibits us from targeting the communications of Canadians or anyone in Canada. However, the global information infrastructure (GII) is just that — global,” the report read.

“Therefore, when acquiring information from the GII, CSE may incidentally acquire information that can be used to identify a Canadian person or person in Canada.”

The agency said it has put in place a new system that gives CSE control over what metadata is shared, and minimizes the risk of sharing identifiable information about Canadians with security partners.

“In this heightened global environment where we see threats emerging from China and Russia, it is very important for us to be able to share intelligence with our Five Eyes allies and have them share intelligence with us,” Defence Minister Anita Anand said in an interview with Global News in London, U.K. Thursday.

“And we do that within the bounds of the law.”

Asked how Canadians can trust the metadata sharing program will not jeopardize Canadians’ privacy again, Anand said there are a number of “accountability measures” in place.

“CSE and Caroline Xavier, the chief of the CSE, take those accountability measures very seriously,” Anand said.

“Certainly we will make sure that any sharing of data occurs within the bounds of the law.”

Advertisement
© 2023 Global News, a division of Corus Entertainment Inc.

Sponsored content

AdChoices