Stop defense counterintelligence searches on workplace computers, spy watchdog urges


The national spy watchdog is asking the military’s counterintelligence unit to suspend investigative searches of a workplace computer system over concerns about employee privacy.

TO National Security and Intelligence Review Agency Report published Thursday says Defense employees and members of the Armed Forces have a reasonable expectation of privacy when making personal use of work computers.

Acceptable personal use may include communicating with family and friends, making online purchases, and accessing news or other information.

The review agency found that a checklist used by the Canadian Forces National Counterintelligence Unit for electronic investigative searches had the potential to capture intimate and personal information protected by the Bill of Rights.

The unit investigates and counters threats from foreign intelligence services, individuals and groups involved in terrorism, espionage, sabotage, subversion or organized criminal activities that affect the security of the Department of Defense or the Armed Forces.

The review agency says the unit’s electronic search practices lacked sufficient legal oversight to ensure they were as least intrusive as possible.

As a result, the watchdog recommends that Defense and the Armed Forces suspend such counterintelligence searches until reasonable legal authority exists.

Once legal authority is established, authorities should create a new policy framework that reflects the review agency’s findings, including the principle that searches be minimally intrusive, the report added.

The Defense Department had no immediate comment on the recommendations.

The report says Defense policy recognizes that there is only a limited expectation of privacy when working computing systems are used because they are subject to monitoring for the purposes of system administration, maintenance and security, and to ensure compliance with directives. and federal standards.

Still, the review agency says, it is a reasonable expectation of privacy protected by the Charter’s guarantee against unreasonable searches or seizures.

The review agency recognizes that Defense has “a legitimate interest” in safeguarding its resources.

“However, the Supreme Court has left for another day the ‘finer points’ of an employer’s right to control the computers issued to its employees,” the report says.

“While the law regarding employee computer searches continues to evolve, a reasonable expectation of privacy is subject to state intrusion only under the authority of a reasonable law.”

A search carried out without a warrant is allegedly unreasonable and contrary to the Charter, the report says.

Notes that, in the absence of a court order, the Crown must establish, on a balance of probabilities, that the search was authorized by law, that the law authorizing it was itself reasonable, and that the authority to carry out The registration was exercised in a reasonable manner.

The review agency says it is concerned that the counterintelligence unit “has not adequately considered its legal authorities to determine whether it has reasonable legal authority to conduct warrantless searches” for investigative purposes.

The report also raises concerns about metadata: information associated with a communication, but not the message itself.

The counterintelligence unit receives metadata such as the sender and recipient names, as well as the subject line and attachment names.

The review agency notes that metadata can be revealing or intrusive when combined with other information.

When viewing the information collected through the checklist in its entirety, it is possible that intimate personal information related to the subject under investigation could be revealed beyond what was initially contemplated or authorized, the report says.

Additionally, an email subject line can reveal the content of the communication it describes and may be as confidential as anything contained in an email, the report adds.

“Therefore, it is incorrect to consider email subject lines as metadata, rather than content.”

This report by The Canadian Press was first published March 21, 2024.

Leave a Comment