HALIFAX — An alleged security breach at one of the Royal Canadian Navy’s most sensitive security operations was the result of imprudence, not malice, says the navy’s commander on the Atlantic coast.
Rear Admiral John Newton said Tuesday the so-called data spill involving more than 1,000 secret documents was the result of mishandling of files by a civilian employee, a mistake that did not pose a threat to military intelligence.
“We do not fear that there was a threat to the material that was uploaded to a unclassified network,” Newton said after taking part in a dockside ceremony that saw the frigate HMCS Fredericton depart Halifax for a six-month, NATO-led mission in the Mediterranean.
“We’ve looked at … the work of the person involved and it’s an issue of imprudence in handling material, but it’s nothing more nefarious than that.”
Military police in Halifax allege that between 2004 and 2009 a web designer working at HMCS Trinity — the military’s principal East Coast intelligence centre — used Defence Department networks to improperly store secret files.
A search warrant filed in provincial court alleges the actions of a man identified only as “Mr. Zawidski” violated a section of the federal Security Information Act that deals with wrongful communication of information.
None of the allegations has been proven in court and Newton said he has received no indication that charges have been laid.
However, the warrant says Zawidski’s network accounts have been frozen and he has been barred from entering the building where he once worked at HMC Dockyard.
Maj. Martell Thompson, a military spokesman, declined to offer details about Zawidski, but he confirmed he has been transferred to a section that does not deal with confidential information.
The warrant, issued Sept. 15, 2015, says military police seized four hard drives, a laptop computer, some CDs and floppy disks from Zawidski’s Halifax office in September following a complaint about a possible security breach.
Zawidski’s personal network drive contained 1,086 secret documents and 11 confidential documents, dated between 2004 and 2009, the warrant says.
It’s the second time since 2012 that reports have emerged about security leaks at the intelligence centre.
In January 2012, Sub-Lt. Jeffrey Paul Delisle — a navy intelligence officer — was arrested and became the first person to be charged under the Security of Information Act. The law was passed following the Sept. 11 terrorist attacks in the United States.
In February 2013, he was sentenced to 20 years in prison for copying secret computer files at HMCS Trinity and selling them to Russia.
For almost five years, he used floppy disks and memory sticks to smuggle classified information to the Russians for monthly payments of about $3,000.
He pleaded guilty in October 2012 to breach of trust and communicating information that could harm Canada’s interests to a foreign entity.
Newton said security measures introduced after Delisle was caught helped the military detect the latest security snafu.
“The material was detected by us during routine scanning (using) processes put in place after the Delisle case,” he said.
HMCS Trinity is part of Canadian Forces Base Stadacona and has been home to the navy’s information gathering effort for years. It was the office that analysed eavesdropping on Soviet submarines during the Cold War and has since morphed into what the military calls an all-source fusion centre, where data from military and civilian agencies is pulled together.
The warrant in the Zawidski case says the Base Information Security Services division lodged a complaint with military police Sept. 15 after a routine scan of a military computer network.
Military police allege Zawidski took secret files from a network known as the Consolidated Secret Network Infrastructure (CSNI) and copied them to the military’s less-secure Defence Wide Area Network (DWAN).
“This is a security violation within the Security Information Act,” the warrant says, adding that Zawidski was a webmaster who sometimes worked from home and would have had access to secret files when he was at HMCS Trinity.
“Mr. Zawidski created the webpages on DWAN and was supposed to transfer (them) to the CSNI,” the warrant says. “Mr. Zawidski had secret files on the DWAN compromising the information and creating a breach in policy.”
At the time the warrant was executed, Zawidski had two CSNI hard drives signed out, which was described as “common practice.”