CSIS's ask for telecom subscriber info of possible future targets denied
CSIS wanted warrants for the names and street addresses of telecom subscribers
A federal judge has rejected the Canadian Security Intelligence Service's request to obtain basic information about unknown phone and internet subscribers who may come to the spy agency's attention in future.
Federal Court Chief Justice Paul Crampton said CSIS failed to show a sufficient connection between its investigation and the people whose privacy rights would be compromised.
A public version of his top secret September ruling — with several redacted passages — was issued Tuesday.
As part of a terrorism investigation, CSIS was seeking judicial warrants for the names and street addresses of telecom subscribers and, in some cases, information relating to computer IP addresses.
The subscriber information related to telephone numbers or electronic identifiers that might one day come to the spy service's attention in the course of its probe.
In the ruling, Crampton said CSIS had not provided the court with "any understanding whatsoever" of the specific link between the service's "very broadly defined" investigations and the yet-to-be-discovered phone numbers and identifiers.
"The loosely defined 'nexus' is simply too broad and nebulous," he wrote.
Crampton acknowledged his ruling may impose a potentially significant additional burden on the spy service, as well as additional costs and delays associated with obtaining court permissions.
Given this, he said the court is "open to considering alternate approaches" that are compliant with the Charter of Rights and Freedoms.
In addition, the court did grant CSIS warrants in connection with a related request in which Crampton was satisfied the "required nexus has been described and established by CSIS."
Judge says CSIS should 'limit its intrusion'
In a second ruling made public Tuesday, Crampton said CSIS's use of a cellular-site simulator to capture data from an unnamed target's mobile phones without a warrant did not run afoul of laws or the charter.
"This is in part because a number of measures that were taken to ensure that the activity was minimally intrusive," the judge said.
A simulator, sometimes known as an IMSI catcher, mimics a cellular tower, making all nearby mobile phones connect to it. Identifiers linked to individual phones can then be used to determine their location or owner.
In general, when carrying out a cellular-site operation, CSIS should "strictly limit its intrusion" on the privacy rights of investigation subjects, the judge wrote. The spy agency should:
- Not capture the contents of actual messages or calls stored on a mobile device;
- Ensure that incidentally captured information relating to the mobile phones of third parties is quickly destroyed;
- Not use the technology to pinpoint someone's physical location without a court warrant.
An investigation by the federal privacy watchdog revealed in September that the RCMP illegally scooped up mobile phone data half a dozen times using the controversial devices.
The privacy commissioner found that the Mounties now require a warrant for use of the technology, except in emergencies.
Crampton said the technology used by CSIS does not permit the spy agency to identify the individual whose mobile devices are targeted by an operation, or to gain access to billing or other intrusive information.
The identity of the targeted person, as well as their location and other information, typically is already known to the spy service, he wrote.
However, the information gathered in the case at hand potentially helped CSIS determine the person's contacts and communication patterns, Crampton added.