CSIS use of geolocation data could be unlawful, says watchdog

CSIS says it 'sequestered' the data after getting advice from the Department of Justice

Image | State Surveillance For Sale

Caption: Geolocation data is a particular type of digital information that can be used to identify an electronic device's physical location. (Martin Mejia/The Associated Press)

The Canadian Security and Intelligence Service's use of publicly available geolocation data without a warrant may have broken the law, according to the country's intelligence watchdog.
The finding was included in the first annual report(external link) from the new National Security and Intelligence Review Agency, tabled in the House of Commons today. Geolocation data is digital information that can be used to determine the physical location of an electronic device.
The review found that there's a risk that CSIS breached Section 8 of the Charter — which protects against unreasonable search and seizure — during the trial period when the intelligence agency used the data without a warrant.
"This review raised pressing questions regarding the use of data that is publicly available, but that nevertheless engages a person's reasonable expectation of privacy," the report reads.
"NSIRA's review examined the decision making process that led CSIS to use this data without a warrant, and found that CSIS lacked the policies or procedures to ensure that before the data was used, CSIS sought legal advice to avoid unlawful use of the data."
The agency, which merged several intelligence-related watchdogs into one body as part of the Liberal government's national security overhaul, said that it has submitted a report to Public Safety Minister Bill Blair about the matter.
The minister then asked the attorney general to review the findings to offer legal guidance.
In a statement, a spokesperson for CSIS said that since the trial run, the agency has sought legal advice from the Department of Justice.
"As a result of advice from the Department of Justice, CSIS sequestered information collected by the tool so that an in-depth assessment could be undertaken to ensure that any collected information was lawfully obtained. Ensuring timely legal advice in this challenging area of novel technology and respecting privacy is critical for CSIS to carry out its critical mandate," said John Townsend.
"CSIS recognizes the importance independent review plays in maintaining and strengthening Canadians' trust in their national security institutions. Review, accountability and transparency are fundamental principles of any open, democratic society. CSIS employees dedicate their careers to protecting our democracy and the safety and security of Canadians."

Hundreds of targets last year

The NSIRA review follows a 2017 Federal Court ruling that concluded that, while CSIS's authority allows it to obtain some geolocation information, geolocating an individual would require a warrant.
The spy agency was using a device it calls a Cell Site Simulator (CSS) to collect information about cellphones, laptops and tablets during its national security investigations. The devices, also known as IMSI Catchers or Stingrays, pretend to be legitimate cellphone towers in order to collect information.

Image | Public Safety Minister Bill Blair

Caption: Federal Public Safety Minister Bill Blair said security agencies will protect Canadians' privacy rights. (Toni Choueiri/CBC)

Privacy advocates have long criticized the technology for how it indiscriminately gathers data.
"Canadians expect our government agencies to keep pace with evolving threats and global trends. It is critical that this important work not be done at the expense of Canadians' right to privacy," Blair said in a statement.
"Canadians can be confident that our security agencies have the skills and resources necessary to detect, investigate and respond to both criminal and national security threats. We will always take the necessary action to protect Canadians and their privacy rights."
The wide-ranging NSIRA report lifts the lid on CSIS's general practices, including new information about how many people are under investigation.
Last year, CSIS had 467 targets, up from 430 in 2018.