OTTAWA — To learn that our digital surveillance agency broke privacy laws by revealing information about Canadian citizens to our allies is one thing.
To learn that the Conservative government of the day, when apprised of this security breach, withheld the information from Canadians, is quite another.
But that is where we are today, after learning of a major invasion of Canadian privacy more than two years after the fact.
If our spy agencies, aided and abetted by the government of the day, wanted to fuel suspicion of internal surveillance in this country, they succeeded. If they wanted to ratchet up distrust, they scored.
This despite an effort Thursday to get ahead of this story with the first-ever background briefing for journalists from an official with the Canadian Security Establishment — only 26 months after a software glitch was discovered that was sending metadata on Canadians to our Five Eyes allies without the proper scrubbing to hide identities.
How many Canadians? We don’t know. What did the allies do with the information? We are only left with the assurances of Defence Minister Harjit Sajjan that our relationship with those allies, including the U.S. National Security Agency, was “solid” and they wouldn’t take advantage of a honest mistake.
Of course, this didn’t happen on Sajjan’s watch, so he could arrange a briefing and stand before the cameras.
It happened on the watch of former Conservative defence minister Rob Nicholson who, when he was told of the late 2013 breach, retreated into the well-thumbed Conservative playbook and kept the information secret.
He even assured a parliamentary committee that our privacy was being properly safeguarded by the CSE, even after the spy agency had suspended a program of sharing metadata with our allies because of the severity of the security snafu. The program remains suspended today and that should be another concern for Canadians.
There can only be one of two conclusions drawn about the veteran Nicholson and neither casts him in a positive light. He either hadn’t been informed, or he knew and he was misleading the committee.
The annual report by the agency’s watchdog, CSE commissioner Jean-Pierre Plouffe, released Thursday, revealed the security breach. It said the minister had been informed when it was discovered. Nicholson appeared before the House of Commons defence committee in April 2014.
“With respect to metadata and other issues, the commissioner has indicated that the organizations are in complete compliance with Canadian law,’’ Nicholson assured MPs that day.
“Were the commissioner ever to conclude that the agency is acting outside the law, he would be required to report this immediately to the attorney general and to me as the minister responsible for CSE,’’ Nicholson continued, assuring he takes the findings of the commissioner “very seriously.”
Again — at that time the sharing program had been suspended.
The report was not released earlier because of the archaic practice that requires the House of Commons to be sitting so it can be tabled.
Regardless, it would have been ready and sitting in someone’s office since last summer.
The CSE can throw jargon at the wall all day long, as an official from the spy agency did at the briefing, but insufficient metadata minimization is just a fancy way of saying that four of our allies were provided information on individual Canadians.
It could have been an IP or email address, a phone number, a GPS locator, or any type of unique identifier and it would be a very easy matter for any of these allies to take the metadata and build a profile of an individual Canadian.
“It’s the job of the government to uphold the law. If it breaks it, it is up to them to tell us they broke the law,’’ Josh Paterson, the executive director of the B.C. Civil Liberties Association, told me Thursday.
BCCLA filed a lawsuit against CSE in 2013, claiming its surveillance program was illegal and unconstitutional. Thursday’s revelations only confirm some of the association’s worst fears about spying, he said.
Ray Boisvert, a former assistant director of intelligence at CSIS, says Nicholson and his staff had to make a decision between privacy and security and came down on the side of protecting national security, perhaps just kicking this down the road with the knowledge that the breach would one day become public.
Canadians were kept in the dark. Our obligations to our English-speaking allies have not been fulfilled.
All this points to one thing — a promised overhaul of anti-terrorism and security legislation in this country, including a parliamentary oversight committee, promised by the Liberal government, is needed more urgently than ever.