

How Canada’s shadowy metadata-gathering program went awry  - WestCoastJustin
http://www.theglobeandmail.com/news/national/how-canadas-shadowy-metadata-gathering-program-went-awry/article12580225/?page=all

======
WestCoastJustin
Turns out we are collecting metadata too! You might be wondering what all
these acronyms mean. Rough approximation:

    
    
      CSEC (see-sec) = NSA
      CSIS (see-sis) = CIA
      RCMP (R-C-M-P) = FBI/DEA/ATF/Secret Service/Regular Police
    
      (RCMP are federal semi-paramilitary force that 
       can move across provinces, they also serve as
       a police force in remote regions.)

~~~
canistr
CSIS isn't really like the CIA at all. It's a civilian agency responsible for
intelligence gathering and sharing that information with the RCMP to make
arrests. Their officers do not carry weapons (only police and RCMP have that
right) and their oversight is done by the SIRC (Security Intelligence Review
Committee). This model is quite different from the CIA. So while it may sound
cool to compare them to the CIA, they're not like them at all.

~~~
count
That sounds just like CIA actually. Civilian agency, responsible for
intelligence gathering and sharing that information with <others> to <do
things>. They're not law-enforcement focused, which might be the key
difference you're focusing on?

~~~
canistr
Yes. Additionally, the CIA has historically been able to perform their own
para-military operations which is clearly outside of the scope (and budget) of
CSIS.

------
mindcrime
I have to admit, I did _not_ expect this surveillance scandal story to have
the legs it's shown, and I didn't expect it to "go international". This makes
me very happy, to see that people in other countries are starting to get
involved and ask questions about their own governments as well. This needs to
stay in the public eye and it needs to stay there until changes are made.

~~~
ironic_ali
The "Five Eyes" agreement has had a big impact in the other countries (United
Kingdom, Canada, Australia, and New Zealand.)

In NZ the PM has kept quiet basically and it's blowing up in his face. And may
it get worse.

~~~
count
Didn't the PRISM stuff all have NOFORN though, rather than REL FVEY?

------
tamersalama
If Canada, hypothetically, has the capability to collect all US Citizen's
data, then exchange the analysis with NSA, does this make NSA 'spying on
Americans' legal or constitutional?

~~~
lostlogin
Meh, just gather it directly then say oopy when caught. See Dotcom, New
Zealand.

------
sudosudosudo
Thank you for your email regarding the Communications Security Establishment
Canada (CSEC).

CSEC operates within all Canadian laws, including the Privacy Act, the
Canadian Charter of Rights and Freedoms, and the Criminal Code. CSEC is
prohibited by law from directing its foreign intelligence activities at
Canadians anywhere in the world or at any person in Canada. In addition, there
are rigorous procedures in place to ensure that it adheres to this
prohibition.

The Ministerial Directive on Metadata clearly defines metadata and specifies
that CSEC may only collect and use metadata in support of its foreign
intelligence and cyber-protection mandate. For intelligence purposes, CSEC
uses metadata to isolate and identify foreign communications and foreign
targets. The Ministerial Directive also outlines strict conditions to protect
the privacy of Canadians. Under the National Defence Act, CSEC is mandated to
provide technical and operational assistance to law enforcement and security
agencies in the performance of their lawful duties.

All CSEC and law enforcement and security agencies’ activities are strictly
bound by the limits of their lawful duties, including court warrants. Under
such circumstances, CSEC activities are subject to review by an independent
CSE Commissioner who is responsible for reviewing CSEC activities to ensure
that all CSEC activities comply with the law and protect the privacy of
Canadians. All information acquired under the warrant belongs to the assisted
agency.

CSEC does not target the communications of Canadians anywhere and has
legislative measures in place to protect the privacy of Canadians. As the CSE
Commissioner noted in his 2011-2012 report, the focus of CSEC activity is
foreign intelligence. In this report, the CSE Commissioner highlights that all
reviewed CSEC activities were authorized and carried out in accordance with
the law. The Commissioner also highlights CSEC’s culture of lawful compliance
and for protecting the privacy of Canadians.

------
cclogg
Darn, I'd always kind of hoped we in Canada weren't so surveillance crazy too.

If so, then the other problem is bringing attention to it. If something like
Edward Snowden happens in the US, it gets a lot of attention and world-wide
recognition. If it happens in Canada, only we know about it and it's likely to
slip from our news rather quickly (or so it would seem).

~~~
canistr
Given the financial resources of CSEC, DND, and Canada vs. the NSA, I very
much doubt we are so "surveillance crazy" as you may suggest. While I agree
that we definitely should be worried about the potential for abuse by CSEC and
the potential lack of oversight by the Canadian government, I'm personally
more worried about the fact that the Americans have access to our data and
that we, as Canadians, have no right to privacy to our own data as non-
Americans.

For instance, if you look at www.ixmaps.ca, you can see that traceroutes of
URLs destined for Canadian addresses from within Canada are still routed
through the United States. Which potentially means that our own traffic is
being monitored by the NSA since they are routed and bounced through the US
before returning back into the country. I find this notion rather appalling
that visiting a Canadian government website would require a request to an
American server instead of going directly to the Canadian destination.

This level of intrusion into the Canadian system is more shocking and should
be looked as opposed to trying to think our own government system is somehow a
parallel of what the Americans are doing.

TLDR; I'm more worried about Americans (i.e. the NSA) invading our privacy
where we have no rights, as opposed to a Canadian agency violating them when
we have courts to fight for our rights. Yes, it would be horrible if the
government/justice system was in bed with CSEC, but if the Americans are
ultimately in control of our system, I'm very much more afraid of that than
our own government.

~~~
a-priori
Indeed, you can get a general idea of the relative budgets of the CSEC vs. the
NSA by comparing their headquarter buildings:

CSEC:
[http://upload.wikimedia.org/wikipedia/commons/e/e4/Tilley_Bu...](http://upload.wikimedia.org/wikipedia/commons/e/e4/Tilley_Building.JPG)
NSA:
[http://upload.wikimedia.org/wikipedia/commons/8/84/National_...](http://upload.wikimedia.org/wikipedia/commons/8/84/National_Security_Agency_headquarters%2C_Fort_Meade%2C_Maryland.jpg)

Indeed, the CSEC building actually looks much better in that picture than in
real life. I see it every day because it's on my commute, and it's actually
quite run-down. Mind you, as you said, you can do a lot of damage even with a
small amount of money. I also completely agree that Canadians should be deeply
concerned about how much of our communications fall under American
jurisdiction simply because of the architecture and governance of the
Internet.

The NSA is well within its rights, without warrants of any kind and without
consulting any Canadian authorities, to intercept virtually all Internet
traffic that Canadians produce. Most of it either goes to the States (because
most major sites are hosted there), or goes through the States on its way to
somewhere else in the world (even elsewhere in Canada).

