Canada stops sharing intelligence with Five Eyes partners over data breach

CSE CanadaCanada says it will stop sharing certain types of intelligence with some of its closest international allies until it ensures that Canadian citizens’ information is not included in the data given to foreign spy agencies. The announcement follows an official admission, made earlier this week, that a Canadian intelligence agency failed to remove Canadian citizens’ data from information it shared with member-agencies of the so-called Five Eyes Agreement. The pact, which is sometimes referred to as the UK-USA Security Agreement, has been in existence since World War II. It provides a multilateral framework for cooperation in signals intelligence (SIGINT) between the United Kingdom, the United States, Canada, Australia, and New Zealand.

On Thursday, the Commissioner of the Communications Security Establishment (CSE) of Canada, Jean-Pierre Plouffe, published a report on the activities of the CSE —the country’s primary SIGINT agency. The document, which is published annually by the Commissioner, states that the majority of the CSE’s SIGINT collection activities took place in accordance with Canadian law. However, the report found that some of the data shared by CSE with its Five Eyes partners contained data that could potentially be used to identify the identities of Canadian citizens. According to Canadian law, the CSE is not allowed to specifically target the communications of —or information about— Canadian citizens or Canadian companies. Moreover, information pertaining to those, which may be indirectly collected in the course of legitimate targeting of foreign citizens, is supposed to be immediately purged by CSE collection staff.

However, the Commissioner’s report found that some metadata —namely information pertaining to communications other than their content— that could be used to identify Canadian citizens had been shared by the CSE with Five Eyes spy agencies. Later on Thursday, Harjit Sajjan, Canada’s Minister of Defense, announced that SIGINT intelligence-sharing would be suspended until the metadata breach identified in the Commissioner’s report could be adequately addressed and corrected. Minister Sajjan said the roots of the breach had to do with “technical deficiencies” at the CSE, but added that it was crucial that the privacy of Canadians was protected. Therefore, he said, the spy agency would “not resume sharing this information with our partners” until he was “fully satisfied” that the proper control systems were in place.

Author: Joseph Fitsanakis | Date: 29 January 2016 | Permalink