A 27-page-long PowerPoint presentation dated May 2012 and stamped with the Communications Security Establishment Canada (CSEC) logo details how the agency collected information (metadata identifying wireless devices, their location, calls made) from the free WiFi services offered on major Canadian airports, in order to track the devices' users for days after they left the airport and connected to free WiFi hot spots throughout Canada.
As the system has no way of knowing whether a device's owner is Canadian or not, it stands to reason that among the data collected by the agency is also data that can be used to identify Canadian citizens and discover their movements.
Ronald Deibert, head of the Citizen Lab at the University of Toronto which focuses its research on global security and human rights, said that he believes the practice is almost certainly illegal.
The CSEC stated that it is "mandated to collect foreign signals intelligence to protect Canada and Canadians" and has, therefore, legal authority to collect and analyze metadata.
"It is really unbelievable that CSEC would engage in that kind of surveillance of Canadians. Of us," commented Ann Cavoukian, Ontario's privacy commissioner. "This resembles the activities of a totalitarian state, not a free and open society."
It is unknown how the agency actually got the wireless data, reports the Canadian Broadcasting Corporation (CBC).
The document says that the data was provided voluntarily by a "special source", but the Toronto and Vancouver airport authorities, which operate their airports' WiFi service, denied providing the data to any Canadian intelligence agency, and so did Boingo, a US-based company that operates such services in other airports in Canada.
The document also indicates that the collected information is to be shared with the other members of the Five Eyes intelligence network: the US, the UK, Australia and New Zealand.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.