Since the revelations last week that the U.S. culls the phone records of millions of Americans every day and accesses the network of tech giants like Apple, Facebook and Google to trace citizens, questions have been popping up about whether Canadians are subject to similar surveillance.
So far, experts could only say that Canada has the legal loopholes and the capability to do so if it wishes.
But documents obtained by the Globe and Mail and The Canadian Press suggest that Canada is, indeed, engaged in mass warrantless surveillance.
According to the Globe, Defence Minister Peter MacKay signed a ministerial directive in November, 2011, authorizing the re-start of “a secret electronic eavesdropping program that scours global telephone records and Internet data trails – including those of Canadians – for patterns of suspicious activity.”
The program evidently had been launched in 2005 by then-Defence Minister Bill Graham, in the Liberal government of Paul Martin. But the Communications and Security Establishment Canada (CSEC) — the Canadian equivalent of the NSA — suspended the surveillance program in 2008 over concerns from the agency's watchdog that it could lead to warrantless surveillance of Canadians, the Globe reported.
The program was restarted under new rules by MacKay, but it’s not clear what those rules are.
Story continues below slideshow
9 Gadgets To Help You Avoid Surveillance
The surveillance program evidently scours the web for “meta-data” — not the actual content of communications such as emails, but rather information about an email or telephone call, such as the participants, their locations and time of contact.
According to a document obtained by The Canadian Press, in December 2011, the CSEC advised its watchdog, Robert Decary, that MacKay had approved seven new directives to the spy service, including one on the use of metadata gleaned through foreign intelligence gathering.
The document says the CSEC's use of metadata "will be subject to strict conditions to protect the privacy of Canadians, consistent with these standards governing CSEC's other programs."
It lists five steps the CSEC must take to protect Canadian privacy, though the steps themselves were deleted from the version released under the access law.
CSEC spokesman Ryan Foreman said last Friday the agency could not comment on its methods, operations or capabilities, but added the agency functions within all Canadian laws.
While both the U.S. and Canadian security establishments argue looking at metadata offers a measure of privacy protection (and allows the monitoring to fall within the law), many privacy experts argue that metadata is actually more revealing than the content of communications, because it can be used to build detailed profiles of a person’s movements, as well as who they know and how well they know them.
“If you can track that, you know exactly what is happening — you don’t need the content,” Susan Landau, author of “Surveillance or Security?”, recently told the New Yorker.
“[Are] phone companies such as Bell and Telus ... subject to warrants similar to those faced by Verizon? [Do] Internet companies co-operate with Canadian authorities? [Do] Canadian and U.S. authorities share information obtained through programs such as the Verizon meta-data program or PRISM? [Are] Canadians are targeted by the U.S. programs?” Geist asked.
The answer to the last question -- are Canadians targeted by the U.S. programs -- is likely yes.
A number of tech and civil liberties experts say that Canadians using U.S.-based services like Google’s Gmail or Facebook are inevitably being caught up in the NSA’s surveillance dragnet.
"I think Canadians really need to look at whether it's safe to be trusting foreign companies, in this case a U.S. company, with as much of their private data, given what the American government has been doing," Christopher Soghoian of the American Civil Liberties Union told CTV News.
"When you give your information, whether it's your personal emails or private photographs or social networking information, when you give that to a company not in your country you really give up control of that and you allow a foreign government to access that, in addition to your own."