I have posted (and made immediately available while SSRN does its review process) a "working paper" draft of an anticipated, forthcoming article on the legal issues surrounding CSEC metadata collection. The paper was completed in March, with a few updates reflecting recent Access to Information releases. The abstract of the article is as follows:
Two thousand and thirteen was the year of the spy. Edward Snowden – “leaker” or “whistleblower” depending on one’s perspective – ignited a mainstream (and social) media frenzy in mid-2013 by sharing details of classified US National Security Agency (NSA) surveillance programs with the U.K. Guardian and Washington Post newspapers.
For related reasons, 2013 was also the year in which the expression “metadata” migrated from the lexicon of the technologically literate to the parlance of everyday commentary. The NSA revelations fuelled media, academic and other speculation about whether similar surveillance programs exist in Canada. That attention focused on Canada’s NSA equivalent (and close alliance partner), the Communications Security Establishment Canada (CSEC). CSEC does have a metadata collection program, prompting questions about its legal basis, and the extent to which CSEC is governed by robust accountability mechanisms. This article focuses on a single aspect of this debate: By reason of technological change and capacity, have the state’s surveillance activities now escaped governance by law?A broad question with a number of facets, this article examines the specific sub-issue of metadata and its relationship with conventional rules on searches and seizures. The article concludes that the privacy standards that CSEC must meet in relation to metadata are much more robust than the government seems to have accepted to date.