Canadian Spy Agency Reportedly Linked to Angry Birds Data Snooping

Yesterday it was reported by The Guardian British and U.S. intelligence agencies had devised an apparent plan to spy on personal data from iOS and Android devices via apps, such as Rovio’s Angry Birds, based on leaked info from Edward Snowden.

Part of the report also details the involvement of the Communications Security Establishment Canada (CSE), the Canadian equivalent of America’s NSA, in assisting British and US intelligence agencies, reports The Canadian Press:

The latest disclosure by former American spy contractor Edward Snowden, published this week by the Guardian newspaper, suggests Ottawa-based Communications Security Establishment Canada helped its British and U.S. counterparts with the project.

[…]

Accompanying the article was a leaked 2010 presentation slide prepared by Britain’s Government Communications Headquarters, known as GCHQ, saying targeted exploitation of Android-type phones was carried out in “collaboration with CSEC.”

The allegations were neither denied nor confirmed by Lauri Sullivan, a CSE spokeswoman:

“As you might expect, CSE cannot comment on its operations, methods or capabilities, nor those of its allies.”

The CSE tracks and monitors communications of people, states and organizations and terrorist groups for intelligence relevant to Canada, via numerous electronic means.

Chantal Bernier, interim privacy commissioner says the CSE should publish an annual public report in Parliament to share its ongoing tracking activities; the agency employs 2,000 people and its annual budget exceeds $400 million.

Bernier released a report yesterday citing how the CSE should disclose its statistics on how it helps other federal agencies with information interception, which can also include the eavesdropping of information from Canadians:

“In our view, the current Canadian system of intelligence oversight would operate better if fine-tuned to new operational realities,”

Bernier’s report also stressed “National security claims do not reduce accountability obligations and security bodies must account to Canadians for what they do with personal information.”

Sullivan responded to the report by saying the “CSE is taking steps to better inform Canadians about our activities, including publishing new fact sheets on our website.”

Rovio yesterday was quick to declare it does not provide end user data to government agencies, rather the information leak could be coming from third party ad networks:

“Our fans’ trust is the most important thing for us and we take privacy extremely seriously. We do not collaborate, collude, or share data with spy agencies anywhere in the world.  As the alleged surveillance might be happening through third party advertising networks, the most important conversation to be had is how to ensure user privacy is protected while preventing the negative impact on the whole advertising industry and the countless mobile apps that rely on ad networks.”

Today, the CSE responded to a Globe and Mail editorial which accused the organization of being able to engage in surveillance on Canadians. The CSE clarified under law, their “foreign intelligence mandate specifically dictates that our activities be directed only at foreign entities, and not at Canadians or anyone in Canada. That is the law and we fully respect that.”