That’s a question being asked today as The Globe And Mail is reporting that CSEC or the Communications Security Establishment which is the Canadian version of the NSA won’t say how long it keeps the private data of Canadians:
The federal government’s secretive electronic intelligence agency is not disclosing how long it can hold onto Canadians’ communications – even though its leaders have said that “firm” time limits are in place to protect privacy.
The strictures surrounding Communications Security Establishment Canada’s data-retention periods – including those affecting recognized “private communications” and also “metadata” – are blacked out from an operational document obtained by The Globe and Mail.
The redactions of this document are so extensive that little is revealed, beyond the latest indication that CSEC is drawing from unspecified sources within Canada.
“The retention schedules outlined in these procedures deal with SIGINT [signals intelligence] data acquired from Canadian [word redacted] sources,” it says.
Basically, CSEC is saying “trust us.” The problem is that without out complete (or as complete as you’re going to get in the spy game) disclosure of what they do with this data, it’s hard to trust them. Even the NSA has limits for this sort of thing:
No specific time periods were mentioned. And the Canadian agency’s closest ally is less secretive on such matters. “Inadvertently acquired communications of or concerning a United States person may be retained no longer than five years,” reads a declassified National Security Agency document.
So, one has to wonder why CSEC hasn’t got something similar. It’s too bad that someone can’t ask them and expect a fulsome response.