law and technology and rock and roll

recent | past | about | rss

BCCLA sues CSEC over domestic spying

Posted by Matt on October 22, 2013         Tagged with: surveillance, csec

The BC Civil Liberties Association has launched a lawsuit in the Supreme Court of BC against the Communications Security Establishment over their interception of Canadians' private communications. They allege that the manner in which these interceptions are authorized is a breach of Canadians' fundamental rights under the Charter of Rights and Freedoms.

The web site the BCCLA has set up to document this lawsuit is quite good. It contains useful background information and even a copy of the Statement of Claim. I'll just summarize the situation quickly here.

Section 184 of the Criminal Code makes it a criminal offense to wilfully intercept private communications by means of "any electro-magnetic, acoustic, mechanical or other device". The starting point for this prohibition is that it applies to everyone, including law enforcement and intelligence agencies. Of course, the Code then goes on to say that law enforcement can get special authorization to violate this prohibition: basically, that they can get warrants to perform wiretapping operations. The fact that the cops can get authorization to listen to eavesdrop on suspect's phone calls is pretty much common knowledge, even if not everyone knows or cares to know the details of how the law is framed.

The Communications Security Establishment is a product of Part V.1 of the National Defence Act. The Act also governs how they are allowed to operate. For instance, section 273.64 of the Act lays out their mandate:

273.64 (1) The mandate of the Communications Security Establishment is
(a) to acquire and use information from the global information infrastructure for the purpose of providing foreign intelligence, in accordance with Government of Canada intelligence priorities;
(b) to provide advice, guidance and services to help ensure the protection of electronic information and of information infrastructures of importance to the Government of Canada; and
(c) to provide technical and operational assistance to federal law enforcement and security agencies in the performance of their lawful duties.

(2) Activities carried out under paragraphs (1)(a) and (b)
(a) shall not be directed at Canadians or any person in Canada; and
(b) shall be subject to measures to protect the privacy of Canadians in the use and retention of intercepted information.

(3) Activities carried out under paragraph (1)(c) are subject to any limitations imposed by law on federal law enforcement and security agencies in the performance of their duties.

Pay attention to subsection 2. The CSEC is, as a general rule, not supposed to be "directing" their surveillance activities at Canadians. Where Canadians will be inadvertently caught up in surveillance activities, appropriate safeguards are supposed to be put in place to protect their privacy. This mandate doesn't grant CSEC any special rights or privileges. Quite the opposite in fact; it sets the limits on what they're allowed to do. So in order to intercept private communications, at least within Canada, they still need authorization to violate section 184 of the Code. The next section of the Act, section 273.65, gives it to them. It provides that the Minister of National Defence can authorize CSEC to intercept private communications for the purposes of obtaining foreign intelligence or to protect the computer systems or networks of the Government of Canada. This is similar to when law enforcement gets a warrant, except that instead of asking the courts for authorization, CSEC asks the Minister.

That's the part that the BCCLA (and myself and many other people who care about this sort of thing) have a problem with. The Charter of Rights and Freedoms gives Canadians a number of fundamental legal rights. All Canadian laws are expected to comply with the Charter. Laws which might violate these rights can be challenged as being unconstitutional. If a court finds that a law really does violate the Charter, they'll consider whether the law can be "demonstrably justified in a free and democratic society". To over-simplify things, this is a consideration of whether the harm done by infringing upon Canadians' Charter rights is worse than the harm that the law prevents. If the law can't be justified, the court can strike down all or part of the law. In this context, "laws" don't necessarily have to be laws enacted by Parliament or provincial legislatures. In the context of the Charter, the term "law" includes decisions made by government agencies which affect the rights of Canadians. Decisions like authorizations for the interception of private communications issued by the Minister to the CSEC.

In their Statement of Claim, BCCLA states that the Minister issued 59 of these authorizations between 2002 and 2012, as well as two Metadata Directives relating to how communications metadata ought to be collected. BCCLA alleges that section 273.65, as well as the specific authorizations and directives, infringe upon two different Charter rights: the right to freedom of expression, and the right to be free from unreasonable search and seizure. They allege that these laws do not contain appropriate safeguards and that consequently, they can't be demonstrably justified in a free and democratic society.

They allege this surveillance framework fails the Charter test for a number of reasons: the authorizations last for too long, they don't restrict the breadth of communications that can be collected, they don't prohibit the distribution of the collected information to entities outside of Canada etc. For me, the biggest problem with the framework is the first one the BCCLA identifies: the Minister of National Defence is not a "neutral and impartial arbiter capable of acting judicially". When law enforcement needs a warrant, they go to a judge and we presume (we hope) that judges are neutral parties who have no vested interests in whether the warrant gets issued. They'll weight the merits of granting the application against the impact on Canadians' privacy rights and make an unbiased decision on whether to issue the warrant. Do we really think the Minister of National Defence goes through that same balancing act?

Update: For a great recent blog post which talks about the Metadata Directives, check out Craig Forcese.