CSIS forced to regulate its bulk data collection

At SIRC’s request, CSIS finalized and implemented guidelines for acquiring bulk data

OTTAWA – Canada’s spy agency sifted through large troves of data for information of value until a federal watchdog raised questions about a lack of guidelines for such searches, a new report reveals.

The Canadian Security Intelligence Service agreed to halt its acquisition of bulk datasets until it had a framework in place to govern the process of mining so-called “big data.”

In its annual report tabled Thursday, the Security Intelligence Review Committee said CSIS used datasets to identify previously unknown individuals of interest by linking together types of information that have indicated “threat behaviour.”

“They can be used to conduct indices checks by taking information already connected to a potential threat – such as an address, phone number or citizen identification number – and using it to search for ‘hits’ in the data,” the review committee report says.

Overall, the review committee was satisfied that CSIS acted in accordance with the law in 2015-16. But it issued several recommendations to make the spy service more accountable when examining data, tracking Canadian foreign fighters in Iraq and Syria, exchanging information with other agencies and using new powers to disrupt suspected terrorist plots.

CSIS argued that openly sourced and publicly available datasets were akin to the phone book, and therefore restrictions in the CSIS Act limiting collection to “strictly necessary” information did not apply.

However, the review committee looked at the full list of datasets held by CSIS and, in come cases, disagreed with the spy service’s assessment that they were publicly available and therefore beyond the legal restriction.

As a result of the committee’s intervention, CSIS finalized and implemented guidelines for acquiring bulk data and agreed to ensure it abides by the CSIS Act in collecting such information.

Pierre Blais, the review committee chairman, said in an interview that for many years CSIS essentially gathered information “piece by piece,” making it easier to meet the threshold of “strictly necessary.”

The advent of electronic databases containing hundreds of thousands of pieces of information has made things “more complicated,” he said.

The committee also found CSIS failed to tell the public safety minister about a notable overseas incident during a probe into jihadi-inspired fighters.

The committee says CSIS should have informed the minister about the development – one of several problems with the spy service’s investigations of Canadian foreign fighters.

Neither Blais nor Public Safety Minister Ralph Goodale’s office would disclose details of the incident. However, a spokesman for Goodale said the minister was eventually briefed on the matter.

CSIS needs to deal with lingering challenges associated with overseas operations, the review committee report says. The spy service can expect these challenges to increase as government demand for intelligence on threats to the security of Canada from conflict zones grows.

The committee found CSIS needed to emphasize strategic planning for foreign operations – for instance, ensuring employees fully understand the legal risks of certain activities.

It also called on CSIS headquarters to take a more decisive leading role in some foreign activities.

In addition, the committee said CSIS should develop formal means of consulting with other government agencies about its efforts to derail threats using new powers introduced in the legislation known as Bill C-51.

Looking for more?

Get the Best of Maclean's sent straight to your inbox. Sign up for news, commentary and analysis.