X (Re)

X (Re)
Court (s) Database
Federal Court Decisions
Date
2016-10-04
Neutral citation
2016 FC 1105
File numbers
DES-0-00
Notes
Reported Decision
Decision Content
Date: 20161004
Docket: XXXXX XX
Citation: 2016 FC 1105
Ottawa, Ontario, October 4, 2016
PRESENT: The Honourable Mr. Justice S. Noël
BETWEEN:
IN THE MATTER OF AN APPLICATION BY XXXXX XXXX FOR WARRANTS PURSUANT TO SECTIONS 12 AND 21 OF THE CANADIAN SECURITY INTELLIGENCE ACT, R.S.C. 1985, C. C-23 AND IN THE PRESENCE OF THE ATTORNEY GENERAL
AND AMICI
AND IN THE MATTER OF XXXX XXXXXXX XXXXX XXXXX XXX THREAT-RELATED ACTIVITIES
XXXXX XXJUDGMENT AND REASONS
TABLE OF CONTENTS
I. Introduction. 3
A. Overview.. 3
B. Factual Context 8
C. Terminology and Useful Concepts. 15
(1) Phases of an Intelligence Investigation. 16
(2) What Is Associated Data?. 18
(3) Operational Capacities of the CSIS in Relation to Data Exploitation. 20
D. Relevant Legislation. 24
E. Historical Overview.. 27
II. Arguments. 30
A. Arguments of the Attorney General and Counsel for the CSIS. 30
(1) Section 12(1) Does Not Apply to Section 21 of the CSIS Act 31
(2) Arguments on Privacy Interests. 33
(3) Suggested Amendments to the Conditions. 34
B. Arguments of the Amici Curiae. 35
(1) Section 12(1) Applies to Section 21. 36
(2) Arguments on Privacy Interests. 38
(3) Suggestions Regarding Amendments to the Warrant Conditions. 39
III. Issued raised. 41
IV. Analysis. 42
A. The Duty of Candour 42
B. Limited Mandate of the CSIS. 52
(1) Principles of Interpretation. 52
(2) Contextual Approach. 57
(a) McDonald Commission. 58
(b) Bill C-157 and the Pitfield Report 65
(c) Bill C-9. 68
(d) Standing Committee on Justice and Legal Affairs. 69
(e) 5-Year Review and the Government’s Response. 75
(3) The Scheme of the CSIS Act: Purposive and Textual Analysis. 78
(a) Ascertaining the Primary and Secondary Functions of the Service. 82
(b) Details on the Secondary Functions. 84
(c) Distinguishing the Effects of Section 21 on Sections 12(1) and 16. 86
(d) Judicial Control Emanating from Section 21. 87
(e) Distinction Between “Reasonable Grounds to Believe” and “Reasonable Grounds to Suspect” 88
(f) Comments on Part III – Review Processes (SIRC and Bill C-22) 89
(g) Section 12(1) Details. 91
(4) Additional Considerations. 95
(a) Differences and Similarities with Charkaoui II. 95
(5) Key Findings of this Chapter 98
C. Practical Effects. 100
(1) Changes Sought to the Warrant Templates. 100
(a) A New Condition for XXXXX X XXXX XXXXX XXXXX XXXXX XXXXXXXX for the XXXXX XXXXX XXXXX Warrant, and XXXXX Warrant 103
(b) A New Condition Authorizing the Retention of XXX for the XXXXX XXXXX XXXXX XX Warrant, XXX Warrant, and XXX Warrant 104
(c) A New Condition that Would Govern XXXXX XXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXX XXXXX XXXX XXXXX XXXXX XXXX for the XXXXX XXXXX XXXXX Warrant, and XXXXXXXX Warrant 106
(d) Destruction of Information. 107
(e) Proposition Concerning Delegation and Accountability (“Regional Director or his Designate” to be Replaced by “Service Employees”) 108
(i) General Comments. 108
(ii) XXXXX XXXXXX.. 109
(iii) XXXXX XXXXX XXXXX.. 111
(iv) Further Changes from “Regional Director General or his Designate” to “Designated Service Employees” for the Task of Assessing Warrant-collected Non-target Information. 112
(f) XXXXX XXXXX Warrant Amendment to Remove Condition 2. 114
(g) Amendments to the XXXXX XXXXX XXXXX Warrant and XXXXX XXXXX XXXXX Warrant Concerning Condition 3. 114
(h) XXXXX Warrant - New Condition 3. 115
(i) Solicitor-Client Clarifications and Other Changes, of Which Some Have Already Been Agreed Upon 115
(j) Further Changes Sought Following the En Banc Hearings (New Definition for “Associated Data”, Communication and Retention Period of XXXXX XXX Rather than Indefinitely) 117
(2) Further Comments–A Two Stage Process to Assess Warrant-Collected Information. 119
V. CONCLUSION.. 120
A. Conclusions Reached Regarding the Specific Issues Identified. 120
B. Closing Comments. 122
VI. APPENDICES. 127
A. Relevant Legislation. 127
B. Bibliography. 132
I. Introduction A. Overview [1] In this application for warrants presented by the Canadian Security Intelligence Service [the “CSIS”, also referred to as the “Service”] before a designated judge of the Federal Court pursuant to sections 12(1) and 21 of the Canadian Security Intelligence Service Act, RSC 1985, c C-23 [the “CSIS Act”] , the CSIS, aside from seeking specific warrants, also asks this Court to amend some of the conditions of the draft warrant templates [further referred to as “warrant templates”]. This request stems from three developments: the Federal Court of Appeal’s decision in X (Re), 2014 FCA 249, the coming into force of An Act to amend the Canadian Security Intelligence Service Act and other Acts, and an ongoing discussion between the CSIS and the Court regarding the need to protect third-party information collected through the operation of warrants notably in file XXXXX XX Following the publication of the Security Intelligence Review Committee’s 2014-2015 annual report [“the SIRC Report”] in late January 2016, new evidence was filed concerning a CSIS program of collection and retention of information. The Court had never before been fully informed of the existence of the program. The Court, during the hearings, learned that the program had been existence since 2006 yet it had never heard nor seen any evidence on the matter prior to the recent hearings. As I will detail later, suffice to note for now that for the CSIS, “associated data” is a specific type of metadata obtained from service providers. Although these reasons are based on the CSIS’s definition of associated data, I feel it necessary to further adapt the term to the specific legal and judicial context at play here (see paragraph 31 and following). (Canada, Security Intelligence Review Committee, SIRC Annual Report 2014-2015: Broader Horizons: Preparing the Groundwork for Change in Security Intelligence Review, (Ottawa: Public Works and Government Services Canada, 2015).) (Canada, Bill C-44, An Act to amend the Canadian Security Intelligence Service Act and other Acts, 2nd Sess, 41st Parl, 2015.)
[2] Following the SIRC’s Report, this Court convened an en banc hearing where proposed amendments to the warrant conditions templates and the collection and retention program were discussed. An en banc hearing is one where all available designated judges attend, may participate, and hear the evidence tendered. This format is helpful as it allows the presentation of evidence pertinent to future warrants applications and helps avoid repetition. Designated judges can also benefit from each other’s perspectives. In this en banc hearing, the Court heard evidence relevant to warrant applications over a four-day period.
[3] I have been mandated by the Chief Justice’s to deal with all matters related to the issues raised in this application, meaning that, although all designated judges attended the hearings, I am the sole decision maker in this application; I write these reasons with full judicial independence. I have attached, at “Appendices B” of these reasons, not only a bibliography of the documents submitted by the sets counsel involved, but also source documents that I consider essential readings for this file. The volume of the works consulted is substantial, but necessary to obtain a proper and broad understanding of the issues before the Court today. Sets of counsel referred to the McDonald Commission’s reports and to excerpts from Hansard and from a committee of the House of Commons; I will discuss, cite, and contextualize these documents later. After having carefully read the submissions and the books of authorities submitted, in order to properly fulfil my judicial role, I thought it necessary to consult the details of the primary sources referred to by counsel in order to ascertain the legislator’s intent (see, for example, paragraph 62 of these reasons). In addition, given that the CSIS Act contained a review clause, I took notice of the report on the statutory review and of the corresponding response.
[4] Due to the important issues raised by the proposed amendments to the warrant conditions and by the collection and retention program, I appointed two amici curiae (Mr. Gordon Cameron and Mr. François Dadour) [the“amici”] who participated at the en banc hearings, received all documentation, cross-examined witnesses, and filed submissions. I have benefited from written submissions from the Attorney General, counsel for the CSIS, and from the appointed amici. I ultimately issued the warrants but only accepted the conditions as they read prior to the proposed amendments. By doing so, I relied on conditions developed and reviewed over several years and took under reserve the proposed amendments to the warrant templates. Among other concerns, I also reserved accepting the amendments related to the issue of information collected and retained through the operation of a warrant along with the other proposed amendments.
[5] The text, context and purpose of the CSIS Act surrounding the enactment of section 12(1) of the CSIS Act, formerly section 12 prior to 2015, establishes that strictly limiting the CSIS’s mandate was inherent to the legislator’s intent. As such, the functions of both collection and retention of information must be performed only to the extent that is strictly necessary. On the other hand, the Court finds that strictly limiting the analysis function of the CSIS is unwarranted and runs counter to the legislative intent identified and to common sense. As long as the information analysed is collected and retained because it is threat related pursuant to section 2 of the Act, no limit must be imposed on the extent of the analysis that may be performed by the CSIS.
[6] The information collected and retained pursuant to sections 12(1) and 21 of the CSIS Act must be information related to a threat to the security of Canada, which focuses on information that relates to the target of the warrant. Section 21 is not a scheme operating independently from the primary mandate and functions established at section 12(1). Threats to the security of Canada are circumscribed at section 2 as activities involving the target as determined through investigation. Presently, in order to retain the information collected pursuant to the warrant conditions, the CSIS must assess this information within the one-year time period stipulated in paragraph 21(5)(b) to determine whether it is indeed linked to the identified threat or may be of some use to a prosecution, national defense, or international affairs. Specifically, due to the illegality identified, information unrelated to the threat and linked to third parties must not be retained as it does not fall within the ambit of the warrants issued by the Court.
[7] In addition, the CSIS has breached its duty of candour towards the Court by failing to inform it clearly and transparently of its retention program, more specifically in regard to associated data collected and retained through the operation of warrants. Each of these conclusions will be detailed over the course of these reasons, which also include findings as to the proposed amendments to the warrants templates.
[8] To approach this complex decision, I will now describe the general structure of the following reasons. First, I will provide an overview of the relevant facts, terminology, legislation, and legislative history. Second, I will expose the submissions presented by the Attorney General, counsel for the CSIS, and the amici. Third, I will identify the legal issues raised. Fourth, I will perform an analysis containing several chapters. The first chapter will discuss the duty of candour. The second chapter, the longest, will elaborate as to why the primary function of the CSIS to investigate threats is limited “to the extent that it is strictly necessary” (sections 12(1), 2 and 21). Having done so, the third chapter will explore the practical effects of my findings on the Service, notably in regard to the amendments sought to the warrants templates. Finally, I will conclude briefly and add closing comments. It will be suggested that the legislation of 1984 calls for a review in order to answer to the needs of the present and or unforeseen times ahead with an adaptation to new technologies at play. There is a need to rediscuss the benefits of insuring a better national security but with the least intrusion on privacy. A proper balance of these new technologies must be performed.
B. Factual Context [9] Designated judges have always kept a close eye on the wording of warrants. They continuously try to ensure that the powers granted by the warrants are clearly defined, that the information collected and the means taken are proportionate to the threat, and that such information relates only to the target of the warrant and not to innocent third parties unassociated to the threat factually described in each warrant application.
[10] Warrants are live documents that require continual review by designated judges with input from counsel for the CSIS and appointed amici (where thought to be necessary). Amendments are periodically brought to the warrant conditions templates in order to faithfully reflect the powers intended to be granted and their limits. The templates must be adapted to the evolution of technology, of investigative methods, of programs and means of communications, of case law, and of new laws or amendments to the CSIS Act. The present reasons are an example of such a periodic examination of the warrant conditions templates.
[11] In 2005, a CSIS task force recommended the Service retain all data collected from investigations and warrants in order to exploit that information in ongoing and future investigations through a technological program. As a result, the Operational Data Analysis Centre [the “ODAC”] was created and became operational in April 2006.
[12] The CSIS originally intended to present the ODAC program to the Court and to seek its comments, along with its new position on retention of data unrelated to identify threats collected through the operation of warrants (see paragraph 31). It presented the program to the responsible Minister but not to the Court. It was only in December 2011, at an en banc hearing called to deal with the proposed amendments to the warrants templates in response to Charkaoui v Canada (Citizenship and Immigration), [2008] 2 SCR 326, 2008 SCC 38, [further referred to as “Charkaoui II” given that Charkaoui v Canada (Citizenship and Immigration), [2007] 1 SCR 350, 2007 SCC 9, “Charkaoui I” was rendered prior] that an indirect allusion was made to the program. Counsel for the CSIS alluded to the program but did not mention its name or what it consisted of. The allusion came about as a result of my invitation to counsel for the CSIS to add anything as a final comment. Counsel for CSIS said: “[…] these are other minor changes to the conditions that we think go to clarity […] we also looked at trying to better the language […] not change to better the language.” More on this exchange later. (See transcript of file XXXXX XX dated XXXXX XXXXX at 83-85).
[13] These “minor changes” in fact distinguished “associated data” from “content”. Information deemed “content”, according to relevant warrant conditions, is to be destroyed. By inserting the word “content” into the condition, the CSIS effectively rendered it silent on “associated data”. This change was not performed in response to Charkaoui II, but rather for operational reasons, as the historical record of the ODAC and use of associated data shows.
[14] Following this seemingly innocuous “minor change”, the CSIS later adopted the position that it had explained “clearly and transparently” the retention of associated data to the Court. However, the SIRC, which studied CSIS’s use of metadata, concluded in its 2014-2015 annual report that the CSIS should have been more explicit with the Court.
[15] Following two (2) days of en banc hearings in March 2016, in a letter dated April 29, 2016 the Attorney General and the counsel for the CSIS acknowledged that the Court was not: “[…] fully advised of the Service’s practices with respect to retention of associated data” and that “[i]t was deeply regrettable that this was only done recently”.
[16] In mid-2015, in the application for warrants indexed as XXXX XX which I was assigned to, the CSIS proposed a series of amendments to the warrant conditions templates. The changes proposed in that application were presented as consequential to the decision X (Re), 2014 FCA 249, in turn giving effect to the decision X (Re), 2013 FC 1275, and as a result of the coming into force of Bill C-44, also known as An Act to amend the Canadian Security Intelligence Service Act and other Acts. Due to the importance of the changes sought, an amicus curiae, Mr. Gordon Cameron, was appointed.
[17] In application XXXXX XX the Court considered amendments proposed by the CSIS which aimed to ensure compliance with new legislation, mainly regarding the sharing of information with other international intelligence agencies. This issue was resolved with input from both counsel for the CSIS and the amicus: amendments to the warrants templates were accepted to impose on the CSIS an obligation to consider potential harm to the person concerned as a result of the shared information. I raised other issues in that same application, notably the CSIS’s undertaking XXXXX XXXXX XXXXX XXXXX and the issue of collecting and retaining non-threat and third-party related information. The overarching purpose of these discussions was to debate the possibility of an assessment period for retention shorter than XXXXX XXXXX XX On six occasions, a hearing was held to discuss all of these issues; I will comment further on this topic later. The application for warrants in file XXXXX XX was granted with some amendments concerning the sharing of information.
[18] As for the other matters, counsel for the CSIS requested time to review them in light of the Service’s relevant operational needs. At the request of counsel for the CSIS, the period granted to answer the Court’s concerns was extended twice from the initial deadline of September 2015: first to October, and ultimately to December 2015. It was only on December 8, 2015 that a letter from counsel for the CSIS to the Court broached the topic of the definition of the term “destroyed” and the topic of the assessment period required by the CSIS to decide what information may be retained in conformity with the warrant conditions. It contained numerous amendments to the warrant templates. At no time during the many hearings, or in any correspondence thereafter, was it mentioned that the CSIS was retaining data concerning third parties unrelated to threats as defined in the conditions required for a warrant to be issued although such retention was the crux of the Court’s concern about non-threat, third-party information. All of the further amendments sought in XXXX XX were to be dealt with in a later application for warrants.
[19] Some of those amendments were assessed with relative ease: in a direction issued January 11, 2016, the Court accepted the amendment concerning the word “obtention” and a second amendment suggesting a shorter retention period for certain types of warrants XXXXX XX rather than XXXX for XXXXX XXXXX XXXX warrants). That same direction scheduled another en banc hearing in order to address the other substantial changes sought which required viva voce evidence. This en banc hearing, which became file XXXX XX the present proceeding, was scheduled to be held from February 25 to February 26, 2016. Two further days of hearings were held on March 31 and April 1, 2016.
[20] In this application, the CSIS seeks amendments to the warrants templates as follows:
a) A provision allowing the Service to retain XXXXX XXXXXX XXXXXXX XXXXX XXXXX XXXXXX
b) A new condition allowing the Service to retain XXXXX XXX
c) A new condition specifically and explicitly governing any XX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXX
d) ) A new condition explicitly stating that information destroyed pursuant to a warrant condition XXXXX XXXXX XXXXX XX
e) New wording describing the persons responsible to determine whether information, communication, or oral communications collected should be retained, i.e. replacing all references to a “Regional Director General or his designate”; and
f) A series of stylistic or minor changes.”
(See Written Submissions of the Applicant at para 12.)
In regard to condition (e), as a result of the en banc hearing, the CSIS now proposes that the wording should read “Regional Director” for some decisions and “Service employees” for others.
[21] The public 2014-2015 SIRC Annual Report was tabled on January 28, 2016 in the House of Commons and made public the CSIS’s retention of collected information through the operation of warrants. This was the first time I understood that the Service was indefinitely retaining third party information as a result of the operation of warrants.
[22] The day following my reading of the SIRC Report, as part of the XXXXX application (this file), I issued a direction to the CSIS communicating that the upcoming en banc of late February 2016 would need to address this new matter and that an affidavit should be filed that would “[…] explain in chronological order the various interpretations adopted by CSIS with respect to metadata use and retention practices by referring to the applicable warrant language, the date of proposed language changes with the exact reference to the application for warrants where counsel brought to the attention to the Court the nature of the use of metadata, such use and retention being in the Service’s view in compliance with the exception to the warrant conditions”. I directed that the affiant be available for examination on the two (2) days already scheduled and that amici would be appointed to assist the Court; Mr. Gordon Cameron and Mr. François Dadour were appointed.
[23] On that same day, the Federal Court’s designated proceedings registry received a letter from the Assistant Deputy Attorney General (Litigation) addressed to the Chief Justice of the Federal Court. The letter stated that, at the en banc hearing of December 16, 2011 the CSIS had “clearly communicated […] the retention program of associated data […]”. The letter further indicated that “[…] to ensure that there can be no confusion on this issue going forward […]” counsel had already made changes in the affidavits in support of two warrant applications XXX XXX at paragraph 91 and XXXXXXX at paragraph 71) by adding the following information and bringing it to the attention of the presiding judge:
“When a communication is intercepted, the Service obtains the content of the communication but also its associated data. Data associated to any communication collected by the Service is retained except in the following two situations:
a) Data associated to solicitor-client communications is destroyed at the same time as the content of the communication in application of the solicitor-client communications condition found in the warrants; and
b) Data associated to certain voice communications intercepted under the authority of the XXXXX XXXXX XX warrant is destroyed at the same time as the content of the communication in applications of the conditions found in the warrant.”
Contrary to what was said in that letter, such information was not addressed by counsel for the CSIS at the 2015 hearings. Therefore, what the Assistant Deputy Attorney General (Litigation) wrote in his letter was not factual. Counsel for the CSIS, at the first day of the en banc hearings said the following:
“It’s unfortunate that at the hearing of August the addition of associated data in the affidavit was not mentioned. Looking back it’s definitely something that should have been brought to the attention of the Court to give a bit of context as to why it was added”
(See transcript of en banc hearing dated February 25, 2016 at 58.)
As mentioned above and as I will elaborate later, the Attorney General and the CSIS now concede that the retention program of the data collected through the operation of warrants was not clearly communicated.
[24] The Chief Justice, after receiving more information following an exchange of letters with the Assistant Deputy Attorney General (Litigation), called for another en banc hearing to address the systemic issues arising from the CSIS’s behaviour towards the Court in relation to the retention program of associated data and other related concerns. This en banc hearing, where both the Deputy Attorney General and the Director of the CSIS appeared, was held in the afternoon of June 10, 2016. The following reasons do not deal with the June 10, 2016 hearing but address the various matters raised in file XXXX XX (this file) which include issues related to the ODAC program and whether the Court was properly informed of its existence. As said, these reasons also address the amendments sought by the CSIS as a result of the hearings held in file XXXXX XX which led to the letter of December 8, 2015 referred to above at paragraph 18.
[25] The en banc hearings on these matters, which I presided over, were held over four (4) days in February, March and April 2016. Five affidavits were filed and three affiants were examined by counsel for the CSIS, by the amici, and by some of the designated judges, including myself. A large number of exhibits were produced. Both the oral and written evidence address the ODAC, the retention of associated data, and the operational explanations supporting the amendments sought to the warrant templates. Written submissions were filed by both sets of counsel and a reply authored by counsel for the Attorney General and the CSIS was received. Having reviewed the factual underpinnings of these reasons, I will now detail certain useful terms and concepts.
C. Terminology and Useful Concepts [26] Before I begin, I want to establish that the vocabulary and definitions I use are useful to establish the scope of these reasons but that they are not meant to be binding in any other circumstances. I am cognizant of the fact the CSIS and other parties use varying definitions and concepts to suit their own needs. First, I will describe the phases of an intelligence investigation. Second, I will delineate the term “associated data” and third, present an outline of the ODAC program as revealed by the evidence.
(1) Phases of an Intelligence Investigation [27] First, the CSIS, at the initial stage of an investigation, identifies persons of interest (persons, groups, or states) that may, for one reason or another, have come to its attention for possibly being related to a perceived threat. A person may draw the attention of the CSIS through different means, notably from tips, from certain behaviours, or as a by-product of other domestic or international investigations. At this initial step, the CSIS will consult its database and publicly available information in order to assess whether the facts reveal a nexus to a section 2 definition of threats to the security of Canada. At this initial assessment stage, the person investigated is referred to as a “person of interest”. The graph below summarizes the three phases and their associated vocabulary.
Step 1
“person of interest”
Step 2
“subject of investigation”
Step 3
“target of investigation”
[28] Second, pursuant to section 12(1), if the CSIS reasonably suspects that the facts involving or implicating the person of interest relate to activities that may constitute a threat to security in accordance with the definitions of threats found at section 2, then that person becomes a “subject of investigation”. Once the person is deemed a “subject of investigation”, the CSIS can deploy conventional tools of investigation such as the involvement of a human source, physical surveillance, and any other tool or method normally available to police forces or intelligence services. This stage of investigation does not permit the use of intrusive investigative methods for which a warrant is required.
[29] Third, if the CSIS believes, on reasonable grounds, that a warrant is required to investigate the threat, then the Service may approach the Minister of Public Safety and Emergency Preparedness to obtain his approval to proceed with an application for a warrant in accordance with sections 21(1) and 21(2) of the Act. If the CSIS proceeds with such an application and is successful, a warrant is issued and the person designated in the application becomes a “target of investigation”. The graph below summarizes my explanations; it is not meant to be exhaustive.
Step
Standard
Nomenclature
Scope of means of investigation
Step 1
The CSIS becomes aware that the person may be of interest.
“Person of interest”
Publicly available information and searches in databases
Step 2
The CSIS has reasonable grounds to suspect that the person may be a threat.
“Subject of investigation”
(sections 12(1) and 2)
Conventional investigative means
Step 3
The CSIS must reasonably believe that intrusive measures are necessary to investigate the threat, and the warrant is granted.
“Target of investigation”
(sections 12(1), (2) and 21)
All conventional and intrusive investigative means
[30] These descriptions of the phases of an investigation pursuant to the CSIS Act are my own; the CSIS may use different vocabulary or concepts for its own purposes. The purpose of explaining the phases is to show that the present reasons deal with the information collected by the operation of warrants issued by the Federal Court. Specifically, these reasons do not address other forms of collection as no evidence was presented to that effect. Still, the present reasons may establish general principles for future purposes. Having said that, associated data is an essential component of these reasons and I will frame the concept as the CSIS describes it and also as the evidence reveals.
(2) What Is Associated Data? [31] Although the concept of associated data is broad, in fact englobing third-party information and target-threat related information, I am specifically addressing the legality of retaining non-threat information and third-party information. Third-party information, meaning information unrelated to the threat, is frequently collected through the operation of warrants. The Court is concerned about the retention of such information because it is not target-threat related. Warrant conditions oblige the CSIS to review third-party information it has collected in order to assess whether or not it falls within the conditions’ parameters and thus whether or not it can be retained. The term used by the CSIS to describe this specific type of information when obtained from service providers is “associated data”. The CSIS described the term as follows in an affidavit, but I note that witnesses sometimes referred to the term more broadly in their testimonies:
“[I]nformation associated to a communication such as XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXX XXXXX XXXXX XXXXX XXXXX XXXX
See Supplementary Affidavit of XXXXX XXX filed February 22, 2016 at page 18, footnote 10.) (See transcript dated Thursday March 31, 2016 (Examination of XXXXX XXX at 41-42.) (See transcript dated Thursday March 31, 2016 (cross-examination of XXXXX XXXXby Mr. Dadour) at 77-80, 90, 100-103.)
[32] As per either the present conditions 2 or 3 of some of the warrant conditions templates, the CSIS must review the information collected through warrant operations XXXXX XX to ensure that information involving third parties is indeed threat related. If the information is deemed unrelated to the threat, it must be destroyed. When performing its assessment, the CSIS must believe on reasonable grounds that the information may be either related to the investigation of a threat, or of assistance to an intelligence investigation or to a prosecution, to national defense, or to international affairs. Such a test gives the CSIS a certain level of discretion. The condition defining these parameters reads as follows:
“Subject to condition 1, any record, document or thing obtained pursuant to this warrant that is not destined to or does not originate from [the target] […] shall be reviewed by a Regional Director General or his designate and, unless he has reasonable grounds to believe the record, document or thing may (a) assist in the investigation of a threat to the security of Canada; (b) be used in the investigation or prosecution of an alleged contravention of any law of Canada; or (c) relate to the international affairs or defence of Canada, any copy of the record, document or thing shall be destroyed within a period of XXXXX following its obtention.”
(See condition 2 or 3 of certain warrant templates. The above relates to a XXXXX XXX while the others are written in such a way as to adapt to the specifics of the particular warrant template. They all contain the same requirement for assessment purposes.)
[33] Over the course of these proceedings, it became clear, through submissions and witnesses, that the definition of associated data for the Court consists of data collected through the operation of the warrants from which the content was assessed as unrelated to threats and of no use to an investigation, prosecution, national defense, or international affairs. (See affidavit of XXXXX XXX received March 24, 2016 at paras 47, 56-67, 90-92.)
[34] The following graph illustrates where associated data fits within a more general framework of the CSIS’s operations; I am aware that I am slightly diverging from the CSIS’s definition:
Step 1: information (content + metadata) is collected
(go to step 2)
Step 2: information is assessed by the CSIS
- If the content is threat related, both content and metadata are retained;
OR
- If the content is not threat related, content is destroyed but metadata is retained (go to step 3).
Step 3: create and retain “associated data”
- Metadata originating from content unrelated to the threat, for which the content has been destroyed, is called “associated data”.
- The CSIS retains all associated data it has collected for an indefinite period of time.
[35] As the evidence before the Court now reveals, associated data is retained and inserted into the ODAC program for future investigative purposes. The CSIS has been retaining associated data indefinitely since 2006.
[36] Having established the phases of investigations and defined associated data for the purposes of these reasons, I now turn to describing the ODAC program itself.
(3) Operational Capacities of the CSIS in Relation to Data Exploitation [37] In the early 2000’s, the CSIS considered that the information it collected through investigations was underutilised as it was not processed through modern analytical techniques. In April 2006, the CSIS launched the ODAC. The ODAC was designed to be “a centre for excellence for the exploitation and analysis” of a number of databases. It took approximately XX XXXXX for the centre to become fully operational. The ODAC assumes numerous tasks: it exploits data banks in order to provide: XXXXX XXXXX XXXXX XXXXX XXXXX XXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XX See Executive Summary of the August 10, 2010 Operational Data Analysis Centre Privacy Impact Assessment, performed by XXXXX XXXX (consultant) and finalized by the ATIP branch of the Canadian Security Intelligence Service. Document located in the book “Documents for Amici” as a supplement to the Affidavit of XXXXX XXXX (affirmed April 21, 2016), in file XXXXX at Tab 8.)
[38] The ODAC, up to late 2010, was hosted within the XXXXX XXXXX XXXXX XXX XXXXX XXXXX XX which itself renders multi-faceted and specialized support to the CSIS’s operations. The ODAC XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX
[39] More specifically, the ODAC processes information held by the CSIS through:
“[…] the authority of a warrant or an approved investigation. As of January 2010 […], the ODAC data holdings consisted of XXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX
(See letter dated November 8, 2012 to the Office of the Privacy Commissioner, signed by XXXXX XXX Coordinator - Access to Information and Privacy, at p 4. Document located in the book “Documents for Amici” as a supplement to the Affidavit of XXXXX XX (affirmed April 21, 2016), in file XXXXX XXX at Tab 10.)
[40] The evidence presented during the hearings did not update this information to 2016 except for what follows. Aside from analysing and processing these datasets into investigative information, the ODAC:
“[…] provides operational support for these investigative activities by developing actionable intelligence XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX
(See letter dated November 8, 2012 to the Office of the Privacy Commissioner, signed by XXXXX XXX Coordinator - Access to Information and Privacy, at p 3 and 4. Document located in the book “Documents for Amici” as a supplement to the Affidavit of XXXXX XXXXX (affirmed April 21, 2016), in file XXXXX at Tab 10.)
[41] XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXX XXXXX The present reasons should not give the impression that the Court is well informed of the XXXXX program; only very limited evidence was provided. Given that the program was still called the ODAC at the time of the application, I will use that term and not XXXXX
[42] The ODAC is a powerful program which processes metadata resulting in a product imbued with a degree of insight otherwise impossible to glean from simply looking at granular numbers. The ODAC processes and analyses data such as (but not limited) to: XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXX XX XXXXX XXX The end product is intelligence which reveals specific, intimate details on the life and environment of the persons the CSIS investigates. The program is capable of drawing links between various sources and enormous amounts of data that no human being would be capable of XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXX XXXXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX
[43] The Data Exploitation Task Force provides more insight into the initial capacities of the ODAC; XXXXX XXXXX XXXXX XXXXX yet the evidence presented to the Court to this effect was very limited.
XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XX