OTTAWA–An employee at the Communications Security Establishment was suspended after unauthorized and potentially unlawful research that created a security risk for the spy agency.

The 2014 incident was included in more than 100 pages of heavily-censored labour relations documents — detailing everything from CSE staff snooping on each other, to employees watching pornography at work, to pranks that went too far.

The documents, stamped “Top Secret” and obtained under access to information law, give context to the relatively few formal reprimands issued by CSE, the agency responsible for electronic espionage and defending government networks from attack or infiltration.

While serious allegations of workplace wrongdoing have surfaced at the Canadian Security Intelligence Service (CSIS) and have long plagued the RCMP, CSE said there have only been 53 incidents resulting in formal discipline between 2005 and 2015.

Those incidents range from mundane, mostly harmless infractions like parking violations to much more serious — and potentially unlawful — activities.

Unauthorized access

The CSE analyst involved in the 2014 incident gave an ominous warning to labour relations investigators.

“(If) this ‘story’ was to come out in the newspapers, he would not be the one with his face on the front page,” the report reads.

“It would be the chief.”

The documents are too heavily censored to know precisely what “this story” is. But two details are clear — the analyst was using tools he wasn’t authorized to use, and his actions risked exposing the agency’s operations to “outsiders.”

Investigators likened the analyst’s infraction to cases where employees were “involved (in) the gathering, selling and accessing of personal information through departmental assets,” but said those cases were “not fully relevant” to his specific actions.

But investigators did worry the analyst may have left behind “a trail potentially leading back to CSE,” and “the suspicious activities could be uncovered by outsiders and this would have been extremely problematic for CSE in respect to its mandate.”

“CSE’s own existence is based on lawfulness and the understanding of the restrictions and limitations imposed on the organization,” the report reads.

“This misconduct is, with respect to the environment we are in, more serious than parking fraud, light pornography, insubordination or even some cases of harassment.”

For his part, the analyst said his actions were motivated by curiosity rather than malice. The agency told the Star the incident did not involve CSE’s powerful cyber espionage capabilities, but the employee was still suspended without pay.

“The employee in question did not follow the appropriate approval process for this kind of research and engaged in activities which exceeded the scope of what CSE considered acceptable,” wrote Christopher Williams, an agency spokesperson, in an emailed statement.

“These activities did not involve any of CSE’s classified technology or capabilities, nor were they put at risk.”

Williams said the case was not referred to external investigators.

Pornography at work

The reference to “light pornography” in the 2014 report initially seems jarring, but other documents suggest there’s a reason adult content popped into investigators’ minds.

CSE has dealt with at least five instances of employees watching pornography at work, according to one 2016 document.

One employee watched pornography at his workstation in an open concept office over a period of six to eight months, the report reads. Labour investigators wrote that the employee also left a digital trail suggesting the spy agency was accessing pornographic content.

Loading... Loading... Loading... Loading... Loading... Loading...

Punishments in these cases ranged from three-day suspensions to the “termination” of one employee.

Spy vs. spy

Perhaps unsurprisingly for an espionage agency, CSE also dealt with employees snooping around where they shouldn’t be — namely, the private personnel files of their colleagues.

Several incidents in the documents detail CSE employees accessing corporate records about their colleagues, including security screening documents. In one 2015 case, an employee searched classified personnel records on herself and five colleagues. Three had consented to the search, while two had no knowledge of her actions.

And even CSE is not immune to the office prankster.

In a 2015 incident, a CSE employee accessed his colleague’s computer and fired off a quick chat message.

“That (censored) guy is so awesome and I am so lame,” the analyst inventively quipped.

The employee seemed surprised by the severity of CSE’s response to this “unauthorized access” to his colleague’s computer, calling management’s response to the incident “out of control” — including separate security and labour relations investigations and interviews with witnesses and his supervisor.

Investigators recommended a 10-day suspension.

Previous ethical concerns

In 2014, the Canadian Press reported a whistleblower had raised concerns about “serious breaches” of CSE’s ethics code.

CSE refused to disclose many details about an internal report into the allegations, except that it led to recommended changes to how the agency purchases and manages assets, as well as financial controls and accountability. The agency said that it had also increased the training and oversight of employees in the wake of the incident.

The agency was thrust into the spotlight a year earlier, through the disclosures of U.S. whistleblower Edward Snowden about the so-called “Five Eyes” — a group of allied countries and spy agencies in Canada, the U.S., the U.K., Australia and New Zealand.

Since then, the agency has increased security and training about so-called “insider threats” to prevent more secrets from slipping out.