Court Finds Canadian Spy Agency Illegally Collected Data In Bulk For More Than A Decade

The streak of losses for spy agencies continues. All this "lawful" bulk collection of domestic data? Not all that "lawful," actually.

The Federal Court of Canada faulted Canada's domestic spy agency Thursday for unlawfully amassing data, for misusing its surveillance warrants and for not being forthright with judges who authorize its intelligence programs.

Sounds a whole lot like what happened recently in the UK, where the tribunal found British spy agencies illegally collected data in bulk. And the other part of it -- the "not being forthright with judges" -- sounds a whole lot like the NSA's multiple run-ins with PO'ed FISA judges who have to trudge through miles of misrepresentations with zero help to find the underlying malfeasance.

On the other hand, the court also came to the conclusion that no warrants are needed to seek tax records in bulk, thanks to recent legislation. So, there's that.

But the decision showed that Canada's spy agencies are subject to just as much oversight as those located in other countries: none.

The centre and the data within it are so secret that the Federal Court - which authorizes CSIS wiretapping bids - had no idea they existed.

"The Court had never before been fully informed of the existence of the program. The Court, during the hearings, learned that the program had been in existence since 2006 yet it had never heard nor seen any evidence on the matter," reads a partly redacted new ruling from Federal Court Judge Simon Noil.

It's pretty easy to run an illegal surveillance program when no one's looking, much less has any clue that such a thing even exists. And yet, when exposed by leaks or whistleblowers, the first thing agencies do is claim that everything is "lawful" and subject to tremendous amounts of rigorous oversight.

And every time they do that, a new leak or court decision proves these defensive statements to be a lie. The most dangerous thing about terrorism isn't the attacks. It's the actions governments take -- both overt and obscured -- in response.

In this particular case, the Canadian spy agency blew off its obligation to inform the court of the existence of the program and the data it was collecting. Rather than do that, it operated in secrecy under the presumption that all would be forgiven because it was fighting the new Good Fight.

This fall, the Security Intelligence Review Committee criticized CSIS for going beyond its "strictly necessary" collection mandate by "ingesting bulk data sets" in bids to predict patterns of terrorism.

These bulk sets included information the court wasn't aware the agency was collecting. In the tribunal's vernacular "associated data": phone and email metadata, gathered on top of data deemed "strictly necessary" and actually approved by the court.

The ruling may be a harsh assessment of CSIS's illegal activities but it's unclear what repercussions it will actually have for the agency. The only outcome so far is suggested legislative changes and a very belated call for actual oversight.

The problem is that more recent legislation has codified the illegal activity, granting CSIS access to the same data the Tribunal found was illegally collected -- without a warrant. Unless that law (Bill C-51) is rolled back, there will be no permanent consequences for the illegal activity. All that will be left will be a "scathing" ruling that will ultimately do little to deter the agency from engaging in further abuses.