The release of telecommunications metadata by Canada’s electronic spy agencies to four of it’s allies wasn’t an accident but was caused by “lack of due diligence,” the agency’s watchdog has told reporters.
According to the National Post, Jean-Pierre Plouffe, commissioner of the Communications Security Establishment, made the statement to reporters Monday after testifying before the Senate on the breach of rules that led to spy agencies in the United States, Britain, Australia and New Zealand getting the data.
Not only that, Plouffe told the Senate the release went on for years before being stopped 2014 and that he couldn’t even estimate how many people were affected. To protect citizens’ privacy CSE systems are supposed to strip out metadata before being shared with intelligence partners.
The problem is serious enough that CSE has stopped sharing metadata until a process can be found to meet privacy directives from the minister of defence.
According to the Post, CSE issued a statement after Plouffe spoke that “the metadata shared does not contain enough information or context to identify specific individuals. In light of this, and coupled with additional safeguards applied by CSE and its Five Eyes allies to protect the privacy of our nationals, the privacy impact is assessed as low.”
While metadata only describes a communication — IP address of the sender, for example — privacy experts say enough can be retrieved to be used as weapons to embarrass people.
The CSE monitors the communications of foreign governments and agents and helps federal agencies protect their networks.
Earlier this month Plouffe revealed the incident in his annual report on CSE, which said the agency’s system for minimizing metadata was decentralized and lacked appropriate control and prioritization. CSE also lacked a proper record-keeping process.”
Plouffe’s testimony before the Senate committee on national security and defence can be watched here. The discussion of metadata begins around the 15 minute mark.