Imprudence, not malice led to alleged HMCS Trinity security breach: rear admiral
Michael MacDonald, The Canadian Press
Published Tuesday, January 5, 2016 9:03AM EST
Last Updated Tuesday, January 5, 2016 4:04PM EST
HALIFAX -- An alleged security breach at one of the Royal Canadian Navy's most sensitive security operations was the result of imprudence, not malice, says the navy's commander on the Atlantic coast.
Rear Admiral John Newton said Tuesday the so-called data spill involving more than 1,000 secret documents was the result of mishandling of files by a civilian employee, a mistake that did not pose a threat to military intelligence.
"We do not fear that there was a threat to the material that was uploaded to a unclassified network," Newton said after taking part in a dockside ceremony that saw the frigate HMCS Fredericton depart Halifax for a six-month, NATO-led mission in the Mediterranean.
"We've looked at ... the work of the person involved and it's an issue of imprudence in handling material, but it's nothing more nefarious than that."
Military police in Halifax allege that between 2004 and 2009 a web designer working at HMCS Trinity -- the military's principal East Coast intelligence centre -- used Defence Department networks to improperly store secret files.
A search warrant filed in provincial court alleges the actions of a man identified only as "Mr. Zawidski" violated a section of the federal Security Information Act that deals with wrongful communication of information.
None of the allegations has been proven in court and Newton said he has received no indication that charges have been laid.
However, the warrant says Zawidski's network accounts have been frozen and he has been barred from entering the building where he once worked at HMC Dockyard.
Maj. Martell Thompson, a military spokesman, declined to offer details about Zawidski, but he confirmed he has been transferred to a section that does not deal with confidential information.
Christian Leuprecht, a professor at the Royal Military College of Canada in Kingston, Ont., says documents labelled secret or confidential do not always contain sensitive information.
"I have long argued that we classify way too much documentation as secret, confidential, classified or for Canadian eyes only," said Leuprecht, an expert on security threats who also teaches at Queen's University.
This type of risk management process casts a wide net that can ensnare people who are just cutting corners to save time, he said.
"We should be careful not to infer intent," he said. "We should await any charges being laid."
The warrant, issued Sept. 15, 2015, says military police seized four hard drives, a laptop computer, some CDs and floppy disks from Zawidski's Halifax office in September following a complaint about a possible security breach.
Zawidski's personal network drive contained 1,086 secret documents and 11 confidential documents, dated between 2004 and 2009, the warrant says.
It's the second time since 2012 that reports have emerged about security leaks at the intelligence centre.
In January 2012, Sub-Lt. Jeffrey Paul Delisle -- a navy intelligence officer -- was arrested and became the first person to be charged under the Security of Information Act. The law was passed following the Sept. 11 terrorist attacks in the United States.
In February 2013, he was sentenced to 20 years in prison for copying secret computer files at HMCS Trinity and selling them to Russia.
For almost five years, he used floppy disks and memory sticks to smuggle classified information to the Russians for monthly payments of about $3,000.
He pleaded guilty in October 2012 to breach of trust and communicating information that could harm Canada's interests to a foreign entity.
Newton said security measures introduced after Delisle was caught helped the military detect the latest security snafu.
Military police allege Zawidski took secret files from a network known as the Consolidated Secret Network Infrastructure (CSNI) and copied them to the military's less-secure Defence Wide Area Network (DWAN).
"Mr. Zawidski created the webpages on DWAN and was supposed to transfer (them) to the CSNI," the warrant says. "Mr. Zawidski had secret files on the DWAN compromising the information and creating a breach in policy."
HMCS Trinity is part of Canadian Forces Base Stadacona and has been home to the navy's information gathering effort for years. It was the office that analysed eavesdropping on Soviet submarines during the Cold War and has since morphed into what the military calls an all-source fusion centre, where data from military and civilian agencies is pulled together.