One of Canada's foremost privacy experts is challenging the government's assessment that the impact of a privacy breach involving the Communications Security Establishment, Canada's electronic spy agency, "was low."
"The privacy impact is not low," Anne Covoukian, the executive director of the privacy and big data Institute at Ryerson told The House.
"Metadata can be far more revealing than the actual contents of communication," she said.
According to the annual report of CSE commissioner Jean-Pierre Plouffe tabled this week: "CSE discovered on its own that certain metadata was not being minimized properly" and subsequently shared with key international intelligence allies.
In a statement, Defence Minister Harjit Sajjan said the "metadata in question … did not contain names or enough information on its own to identify individuals" and that "taken together with CSE's suite of privacy protection measures, the privacy impact was low."
"This is not some unimportant piece of information that was released," Cavoukian pushed back.
"I was distressed that additional measures weren't taken to ensure that before information is shared with our external partners that there's no information on Canadians, metadata or otherwise," she said.
"That was the height of irony that this report was tabled on International Data Privacy Day."
Other spy agency, other problems
On the same day the CSE report was made public, another spy agency ended up in the spotlight for the wrong reasons.
According to the annual report of the Security Intelligence Review Committee (SIRC), the independent office that oversees the activities of Canada's spy agency, CSIS improperly obtained taxpayer information from the Canada Revenue Agency without a warrant. And it happened more than once.
"Who's in charge here?" Cavoukian wondered.
Her biggest concern revolves around accountability in light of such breaches.
"This is what concerns me: there has to be consequences to these actions," she said.