The sketch: Meta-answers about metadata

CSEC might not be doing anything to worry about, but more oversight might be in order anyway

On the morning after the CBC reported that the Communications Security Establishment was using airport wi-fi to track Canadian travellers, the Defence Minister was asked “why this agency was tracking and spying on Canadians in our airports.”

“Mr. Speaker,” Rob Nicholson said, “it is my understanding that CSEC made it clear to the CBC that nothing in the documents they had obtained showed that Canadian communications were targeted, collected or used, nor that travellers’ movements were tracked.”

You might notice that this is not actually a direct answer to the question asked. (He would come vaguely closer a little while later.)

CSEC’s own statement on the matter clarified that “no Canadian or foreign travellers were tracked” and “no Canadian communications were, or are, targeted, collected or used.” But the agency had also noted that “in order to fulfill this key foreign intelligence role for the country, CSE is legally authorized to collect and analyze metadata.”

Asked this afternoon about whether CSEC had collected information on Canadians in our airports, Mr. Nicholson appealed to this matter of metadata.

“What I did refer to on Friday, which I will refer to again,” Mr. Nicholson attempted to explain, “is the independent commissioner for CSEC who released a statement on Friday that said: ‘…past commissioners have reviewed CSEC metadata activities and found them to be in compliance with the law and be subject to comprehensive and satisfactory measures to protect the privacy of Canadians.’ That should have the support of everyone.”

Being in compliance with the law is indeed something to be supportive of. And yet the NDP’s Jack Harris was decidedly unimpressed.

“Mr. Speaker, Canadians deserve honest answers, but instead the minister is once again evading simple questions about the activities and oversight of Canada’s national security agency,” the NDP critic lamented, appearing rather agitated. “On Friday and again today, the minister refused to say whether CSEC had been conducting domestic operations. Canadians are worried their government is spying on them. Will the minister now tell us if Communications Security Establishment Canada has been collecting information on Canadians at our airports, yes or no?

Now it was Mr. Nicholson who was unimpressed.

“Mr. Speaker, the honourable member just does not get it,” he lamented. “That is why we have an independent commissioner to have a look at these activities. Again, I refer the member to the statement that was issued on Friday by the independent commissioner and what the commissioner has said. He praised CSEC’s chiefs who have spared no effort to install within CSEC a culture of respect for the law and for the privacy of Canadians. What is his problem with that?”

Brow furrowed, Mr. Nicholson returned to his seat and now Mr. Harris returned to his feet.

“Mr. Speaker, once again, that is evasion pure and simple,” Mr. Harris responded, proceeding to jab his finger in the air variously.

It was with some luck that the chief of CSEC was due to appear a few hours later before a Senate committee. And it was there that we learned that it this metadata is that we’re meta-talking about.

“The document that was released last week refers to a model we were trying to build of typical communications patterns around a public Internet access point, in this case an airport,” explained John Forster, seemingly attempting to sound reassuring. “The work relied on metadata.”

What is metadata?

“So metadata is data about a communication. It’s not the content of a communication.”

There was an analogy here about taking a photograph.

“What we rely on is what’s called metadata. It’s used by computers to route or manage communications over global networks. It doesn’t include any content of emails, phone message or text messages or photos. This was the data we were using in this excerise.”

This was apparently meant to help CSEC “understand global networks” and “to know how to find a legitimate foreign target in a sea of billions of billions of bits of communication.”  In fact, he said, the metadata is used to ensure CSEC is not targeting a Canadian phone number or IP address.

“This was not an operational surveillance program,” he explained. “The purpose of it was to build an analytical model or typical patterns of network activity around a public access node … The end result of this work was to build a mathematical, analytical model. So the end result was formulas, algorithms, software.”

There was an analogy here about finding hostage-takers. Indeed, Mr. Forster claimed to be aware of two cases in the past 12 months in which these models had been used to find “legitimate foreign targets.”

All, he testified, was done within the limits of ministerial directives and previous analyses have been reviewed by commissioners. No Canadians’ communications were targeting, collected or used and no Canadian was identified.

It is on something like this note that the House will take up a Liberal motion tomorrow that would have the House express “deep concern” over all of this and pursue the creation of a parliamentary committee charged with oversight of our national security institutions. We might wish that the Defence Minister had been as full in his explanation as Mr. Forster, but possibly there is both nothing worth worrying too much about here and still something to be said for such a committee anyway.