Canada's electronic spy agency, the Communications Security Establishment (CSE), collects millions of emails and other information from its citizens and stores them for "days to months," according to a document leaked by NSA whistleblower Edward Snowden and revealed by CBC News in collaboration with The Intercept on Wednesday.
According to the top-secret CSE document, analysts "watched visits to government websites and collected about 400,000 emails to the government every day, storing some of the data for years," CBC reports.
Such online activity includes Canadians filing taxes, writing to members of Parliament and applying for passports. The sweeping data collection is being carried out in an alleged effort to protect government computers.
Using a tool called PonyExpress, the surveillance agency scans the documents for "suspicious links or attachments." The 2010 document reveals that the system detects about 400 potentially suspect emails each day, or roughly 146,000 each year, though only about four emails a day warrant CSE analysts contacting government departments directly.
The document indicates that the scale of the data collection has likely increased since that time. Under a heading marked "future," the document notes: "metadata continues to increase linearly with new access points."
"It's pretty clear that's there's a very wide catchment of information coming into [CSE]," Micheal Vonn, policy director at the British Columbia Civil Liberties Association, told the CBC.
The document reveals that CSE is storing large amounts of "passively tapped network traffic" for "days to months," including email content, attachments and other online activity, The Intercept reports, while some forms of metadata is kept for "months to years."
"When we collect huge volumes, it’s not just used to track bad guys," Chris Parsons, an internet security expert with internet think tank Citizen Lab, who viewed the document, told the CBC. "It goes into data stores for years or months at a time and then it can be used at any point in the future."
A previously leaked document revealed in 2013 that CSE intercepts citizens’ private messages without judicial warrants. After that, CSE acknowledged it collected some private communications but did not divulge the amount being stored or say for how long. Now, The Intercept reports, "the Snowden documents shine a light for the first time on the huge scope of the operation—exposing the controversial details the government withheld from the public."
The Intercept report continues: "Under Canada’s criminal code, CSE is not allowed to eavesdrop on Canadians’ communications. But the agency can be granted special ministerial exemptions if its efforts are linked to protecting government infrastructure—a loophole that the Snowden documents show is being used to monitor the emails."
