Skip to main content

Canada's cyberspy agency may have broken privacy law, intelligence watchdog says

A sign for the Government of Canada's Communications Security Establishment (CSE) is seen outside their headquarters in the east end of Ottawa on July 23, 2015. (Sean Kilpatrick/THE CANADIAN PRESS) A sign for the Government of Canada's Communications Security Establishment (CSE) is seen outside their headquarters in the east end of Ottawa on July 23, 2015. (Sean Kilpatrick/THE CANADIAN PRESS)
Share
OTTAWA -

The national intelligence watchdog says Canada's cyberspy agency may have broken the law in disclosing personal information about Canadians.

The Ottawa-based Communications Security Establishment, given its foreign-intelligence mandate, suppresses details that identify Canadians, or even people in Canada, in its reports.

Such identifying information ranges from names of people to email addresses and computer IP addresses.

However, other federal agencies and foreign partners who receive these reports can ask for details of the information if they have legal authority and proper justification.

The National Security and Intelligence Review Agency looked at 2,351 disclosures of information about Canadians over a five-year period and found that more than one-quarter of them were not sufficiently justified.

During the review period, the CSE approved 99 per cent of such requests from domestic clients, says an unclassified version of the findings made public Friday.

The CSE also released additional personal information to clients beyond what was requested and explained this to be a standard practice, says the review agency report.

"For example, NSIRA observed cases where CSE disclosed Canadians' names and other personal information even when the recipient only asked CSE for a company's identity," the report says.

"NSIRA observed other types of scenarios where CSE disclosed more identifiers than requested."

Given this and other findings related to the cyberspy agency's internal practices, the review agency found that the CSE's implementation of its disclosure regime may not be in compliance with the Privacy Act.

As a result, the review agency issued what is known as a compliance report to Defence Minister Harjit Sajjan, the minister responsible for the CSE.

The review agency found the Canadian Security Intelligence Service, RCMP and Canada Border Services Agency generally demonstrated a clear link between the information in question and their mandates.

It recommended the CSE stop disclosing identifying information about Canadians to clients other than these three agencies until it addresses the review's findings and recommendations.

The review agency says the CSE has accepted all recommendations flowing from the probe.

Still, in a response attached to the report, the CSE said the Privacy Act does not require the documentation of legal authorities before information can be collected and disclosed.

This report by The Canadian Press was first published June 18, 2021.

IN DEPTH

Former prime minister Brian Mulroney dies at 84

Former Canadian prime minister and Conservative stalwart Brian Mulroney has died at age 84. Over his impressive career, the passionate and ambitious politician, businessman, husband, father, and grandfather left an unmistakable mark on the country.

Who is supporting, opposing new online harms bill?

Now that Prime Minister Justin Trudeau's sweeping online harms legislation is before Parliament, allowing key stakeholders, major platforms, and Canadians with direct personal experience with abuse to dig in and see what's being proposed, reaction is streaming in. CTVNews.ca has rounded up reaction, and here's how Bill C-63 is going over.

Opinion

opinion

opinion Don Martin: How a beer break may have doomed the carbon tax hike

When the Liberal government chopped a planned beer excise tax hike to two per cent from 4.5 per cent and froze future increases until after the next election, says political columnist Don Martin, it almost guaranteed a similar carbon tax move in the offing.

opinion

opinion Don Martin: ArriveCan debacle may be even worse than we know from auditor's report

It's been 22 years since a former auditor general blasted the Chretien government after it 'broke just about every rule in the book' in handing out private sector contracts in the sponsorship scandal. In his column for CTVNews.ca, Don Martin says the book has been broken anew with everything that went on behind the scenes of the 'dreaded' ArriveCan app.

CTVNews.ca Top Stories

Hertz CEO out following electric car 'horror show'

The company, which announced in January it was selling 20,000 of the electric vehicles in its fleet, or about a third of the EVs it owned, is now replacing the CEO who helped build up that fleet, giving it the company’s fifth boss in just four years.

Stay Connected