How much data retention is reasonable in counter terrorism?

A new salvo has been fired in the continual contest that pits national security vs. privacy rights in Canada.  A federal court judge has ruled that the Canadian Security Intelligence Service (CSIS) illegally held on to data that was not threat-related for an unnecessary period of time.  The judicial decision was announced the same week that news broke of several Quebec journalists whose call logs had been monitored by police.  All in all a bad week for those we expect to protect us and our freedoms.

Not surprisingly, the CSIS story is getting  a lot of attention.  Also not surprisingly, some of the facts are being twisted and the story is being manipulated to fit various agendas.  This issue is an important one and needs a fuller explanation.  I would like to try to provide that explanation.

The material “illegally” stored by CSIS was obtained through 100 % compliance with Canadian law under court-granted intercept warrants as provided under section 21 of the CSIS Act.  CSIS has the ability to apply for the very intrusive power of communications collection when it can demonstrate that it needs to have that information for one of its national security investigations.  That power is not handed over easily – nor should it be.  A person’s right to privacy must only be ceded where there is a compelling reason to do so.  I would  like to think that a counter terrorism file would meet that criterion.

Where the controversy lies is in the retention of the data collected, more accurately the “metadata” (essentially data about data, i.e. phone numbers or email addresses but NOT content).  The law states that CSIS should only collect what is strictly necessary for its investigations and that information that does not meet this definition must be destroyed.  Judge Simon Noel ruled that CSIS acted illegally by retaining the metadata that was not threat-related in a section called ODAC – the Operational Data Analysis Centre.

Why would CSIS do this?  The answer is very simple.  Today’s threat, at least as far as terrorism goes, is constantly shifting and requires more tools and more resources to counter.  Terrorists use the panoply of social media and communications technology available to them and security services are having a hard time keeping up.  Most importantly, terrorists are social animals, much the opposite of the current mythological “lone wolves” paradigm that unfortunately now dominates the discourse.  This means that they communicate with other people and if we want out spies and cops to understand the networks out there we need to allow them to collect the metadata that sheds light on them.  Not only collect that metadata but retain it and analyse it.  Furthermore, data that is “strictly necessary” for one investigation could also prove useful for others.

The Director of CSIS has stated that valuable intelligence was gleaned from that metadata, intelligence that could very well have made a significant contribution to a terrorism investigation.  In other words, this data may have helped save lives.  I’d like to think that is a good thing and I am pretty sure most Canadians would agree.   I also believe that the furour over this issue has been a little exaggerated.  Metadata is not content and cries that retaining it opens up an unwarranted look into the intimate details of people’s lives are far-fetched.

There is a silver lining in all of this.  Judge Noel has noted that the CSIS Act is more than 30 years old and was written in a time where “metadata” was a foreign concept.  A lot has happened  in 30 years, especially on the threat front, and it is high time to revisit security intelligence to determine whether our agencies have the tools and resources to do the jobs we ask them to do.

It would be unfortunate if this controversy made it harder for CSIS to carry out its critical functions.  While it is crucial to continually ensure that the agency is complying with the law and not going beyond what is “strictly necessary” it is just as important to make sure that the men and women of CSIS have the confidence of the Canadian government and its citizens.  We need to let the rhetoric calm down and get back to that “adult conversation” about national security I have been advocating for the last 18 months.

By Phil Gurski

Phil Gurski is the President and CEO of Borealis Threat and Risk Consulting Ltd. Phil is a 32-year veteran of CSE and CSIS and the author of six books on terrorism.

Leave a Reply