The CSEC is Communications Security Establishment Canada. It is the country's electronic spy agency.
After reviewing the document (redacted PDF), one of Canada's foremost authorities on cyber-security, Ronald Deibert told CBC News that the operation was almost certainly illegal.
I can't see any circumstance in which this would not be unlawful, under current Canadian law, under our Charter, under CSEC's mandates.The CSEC was reportedly provided with data captured over a two-week period by the "major airport's" free WiFi network. The data was then correlated with data from other free WiFi hotspots,
used to track travelers "for a week or more" as their wireless devices showed up at free Wi-Fi hot spots, including coffee shops, restaurants, libraries, other airports, and more -- in both Canada and the U.S. The data allowed the CSEC to effectively track traveler's activities for "a week or more."
The document does not explain just how the CSEC obtained the two-weeks worth of data from the airport's WiFi system. However, CBC News said there are indications that a "special source" provided the information to CSEC voluntarily. That being said, the two largest Canadian airports, at Toronto and Vancouver, claim they have never given passenger WiFi use data to the CSEC.
As if the current program isn't worrisome enough for privacy advocates, the leaked document indicates the passenger tracking program was actually a trial run for a new software program that the spy agency was developing with the assistance of its U.S. counterpart, the NSA. CARE, as the program is labeled, stands for Collaborative Analytics Research Environment.
In the document, CSEC said the program offered "terrific value." It could, the document continued, "be used for any target that makes occasional forays into other cities/regions."