RCMP Investigation & Surveillance of a Journalist

Maher Arar is a Canadian citizen who was deported from the U.S., while in transit at NYC’s JKF airport, to Syria. He was deported based on information passed from the RCMP to U.S. authorities which claimed that Arar had ties with terrorism. The U.S. does not deny this, rather the U.S. simply claims that it did not seek Canada’s “approval or consent” before deporting the Canadian citizen to Syria. Arar was deported to Syria where he was interrogated and tortured, in an apparent case of “extraordinary rendition“, a system in which suspects are “out sourced” to countries that use torture in an effort to circumvent domestic laws against the use of torture. Canadian officials supplied Arar’s torturers with questions and personal information about him used during Arar’s interrogation and torture. Moreover, as Arar’s wife Monia Mazigh and the public pressed the Canadian government to have Arar released from prison in Syria, documents that contained information extracted from Arar while under torture in Syria were leaked to the public. Arar is now free and living in Canada, a Public Commission has been set-up to investigate the case.

On November 8, 2003, Juliet O’neill wrote an article that appeared in the Ottawa Citizen concerning the case of Maher Arar. Believing that Juliet O’neill’s story was based on classified information the RCMP began to investigate the Ottawa Citizen reporter. The following is an account of the investigative techniques used by the RCMP based on an
used to obtain a search warrant authorizing a raid on O’neill’s home.

After O’neill’s article was published, the RCMP used internet searches to find out information about O’neill. They found three email addresses associated with her name and phoned her employer to find out her work phone number. They then conducted a search of the “log files of the RCMP internet mail gateway” looking for inbound emails from email addressees associated with O’neill.

The search was carried over a period of three months for all the e-mail messages generated by the employees of the RCMP which would amount to approximately 1.8 million messages. As a result of the search, an e-mail address joneill@thecitizen.canwest.com was found in the internal log inbound being sent to an RCMP employee. The following information is what was retrieved from the internal log; I,11/07/03,18:30:17,3FABE4B9.E64:2:40548,Unknown, [Redacted]
Arar question, PROTB_GWIA_l,GWIA,,MIME, joneull@thecitizen.canwest.com, 1,0,1509,0,. Mrs. FORTIN further stated that [Redacted] is associated to the e-mail address of [Redacted] Also the “Arar question” would be the title of the inbound message. It should be noted that [Redacted] is a member of the Royal Canadian Mounted Police, attached to project [Redacted]

[Reason for redacted text: Information that could be detrimental to ongoing Investigations]

The search is targeted at email messages “generated by the employees of the RCMP”, which would be OUTBOUND email, but they found INBOUND email from O’neill. The email in question was generated by O’neill, not by an employee of the RCMP, which is what this paragraph claims they were looking for. They were in fact looking through 1.8 million emails RECEIVED, perhaps in addition to those GENERATED, by RCMP employees. (Perhaps, the RCMP just didnt start it clearly enough: we looked through all our employees email messages that passed through, in any direction, the mail gateway server. ) The affidavit does not indicate how the search was conducted.

However, after retrieving information about an email message sent by an email address associated with O’neill to an RCMP employee from the mail gateway, the RCMP obtained a search warrant for a room located “located at the Royal Canadian Mounted Police Headquarters, Canadian Police Information Centre (CPIC), at 1200 Vanier Parkway, Ottawa, Ontario, in order to search the server and obtain the narrative text along with information relative to the transmission of the e-mail message mentioned�”.

The RCMP did not obtain a search warrant to search the “log files of the RCMP internet mail gateway” but did obtain a search warrant in order to “search room [Redacted]” in order to search “the server” to obtain the email message identified through a search of the “mail gateway”. What is “the server”?

Is not the “Subject” legally considered part of the email message? Why was a search warrant necessary for one search but not the other? Were any portions of other employees’ emails viewed/retrieved, perhaps accidentally, during these searchers? Were there other messages from O’neill to RCMP employees that were not relevant not this case that were retrieved?

The results of the second search allowed them to retrieve the body of the email:

As a result of searching an e-mail [Redacted], the content of the message dated, November 7th, 2003, 13:30 hrs. (-0500) was retrieved as well as supporting system logs. Examination of the e-mail [Redacted] revealed that the e-mail in question was opened and deleted shortly after its reception. The narrative portion of the e-mail entitled; “Arar question” contained the following; [Redacted] I need confirmation of one point for a story I am writing; that you went to talk to Mr. Arar a week or so after he agreed to talk with his lawyer present, but he & his family had packed up and moved away. Confirmation would be on background”. The message was signed by Julie – Juliet O’NEILL, the Ottawa Citizen, joneill@thecitizen.canwest.com – 613-239-3870

The RCMP then “discovered” (they do not indicate the method, could be simple analysis of the email headers to logs of connections to the email server) the originating IP address for the email from O’neill, which they then looked up in ARIN’s WHOIS and found that the IP address is in the range assigned to Rogers Cable Inc., which is, among other things, an Internet Service provider (ISP). An interesting reason for a redaction in this paragraph is “Investigative Technique”. I wonder what “Examination of the e-mail [Redacted]” is. Is it an email back-up of some kind (server, tape, etc..) ?

The RCMP also determined that the message was deleted. Perhaps the user “deleted” the message but the message was not expunged (leaving the email marked as deleted but still in the mail file). Or the user could have deleted message “permanently” and the RCMP retrieved it perhaps from a backup or analysis of unallocated clusters on the hard drive etc�

Then the RCMP proceeds to claim that the IP address ( they identified as the originator of the email in question was “assigned on Friday, November 7th, 2003, approximately 13:30 hrs. (-0500) to Juliet O’NEILL’s MacIntosh computer to submit this same e-mail message”. This is a rather interesting claim as they have not yet gone to Rogers to confirm, which is detailed later in the affidavit. What they have is the originating IP address, O’neill’s email address as the “from” address and perhaps an email header from the originating email client (X-Mailer) indicating what client was used to send the email. Perhaps, the email client is one normally associated with a Mac, but how do they know that it is in fact O’neill’s computer and that it is a Mac? Did they port scan the IP to determine the Operating system (nmap �sS �O How do they know, at this point, that the IP was assigned to O’neill’s computer other than by correlating the fact that the “from” address is an email address used by O’neill (easily spoofed by the way) and that the text of the email purports to be from her. They intimate that there is some technological proof that was “discovered” indicating a relationship between the IP address and O’neill’s “Mac” computer, when there is none.

After obtaining a search warrant, the RCMP conducted a search at Rogers Cable Inc., which “resulted in the seizure of four printed sheets” from which the RCMP “discovered” that:

the message sent to [Redacted] mentioned in paragraph 20 of this affidavit, was delivered through the Ottawa Citizen located on the second floor of 110 Laurier Street, Ottawa, Ontario. The message originated from one of five MacIntosh’s computers which was part of an internal network belonging to the Ottawa Citizen. This is attached to a router which is attached directly to the Rogers cable modem.

It’s completely practical to assume that the ISP maintained records indicating the customer to which the IP address (what was possibly a dynamic IP) was assigned to, in this case the Ottawa Citizen. It MAY, be possible that the “second floor” has a separate, or somehow segregated, account which was indicated in the ISP records. The next claim is about the Mac’s again. How do they know this? How do they know how many computers, and what OS’s they are running, are behind the Ottawa Citizen’s router (which most likely has the assigned IP address) ? If the originating IP is assigned to a router and the “5 Macs” have internal addresses (from behind the router) how do they know which Mac is O’neill’s? How do they which Mac is O’neill’s before the search warrant was executed at Rogers?

Next an RCMP officer from the “drug section” was investigated O’neill and found her drivers license number, address, date of birth. Then an officer from the “Criminal Analytic Unit” reports that O’neill’s phone service is provided by Bell Canada “where telephone records can be obtained if required.” The RCMP then conducted surveillance on O’neill, tracking her from her home to her office. They observe red her “talking a photographer” (sic) and “walking with two unknown males”. Then Corporal Daniel Quirion “proceeded to the residence of Juliet O’NEILL” apparently simply to note that her “residence is a two storey dwelling house, white in colour with dark colour trims.” Then the RCMP found out her cell phone number by inquiring from the Ottawa Citizen.

The RCMP then “retrieved garbage bags [Redacted] on three different dates”, from in front of O’neill’s residence. In total 7 bags of garbage were collected, from which documents were examined removed.

The documents included five pieces of paper relative to two newspaper articles along with a document relating to the printing instructions for a Hewlett Packard (HP) printer. One document
consists of a piece of paper identified as page 2 of 8 and is dated October 7th, 2003, 09:37 hrs. It contains information on Maher ARAR’s apprehension by the US Immigration authorities along with other information. Other documents by Juliet O’NEILL but not related to this investigation were also found including a document relating to the health services provided at the Children’s Hospital of Eastern Ontario.

These documents were compared to articles by O’neill leading the RCMP to conclude that she works from home and keeps copies of work eventually used in published articles. A search warrant was issues to raid O’neill’s home for the following items:

Newspaper articles, files and records, note books and agendas, telephone records, address books, and any other similar records, or photocopies thereof, any secret official code word, password, sketch, plan, model, article, note, document or information, all computing equipment, peripheral devices, communication devices for such computing equipment, data storage devices, including data storage devices and media, removable media, and any manual or software programs associated to any computing equipment, as well as any hard copy printouts, personal papers, diaries, passwords and access codes, in relation to the secret classified document and information along with newspaper article written by Juliet O’NEILL and published on November 8th, 2003.

“Canada’s Dossier on Maher Arar”
Juliet O’Neill
Ottawa Citizen
November 8, 2003

There is said to be a sign in an office at the RCMP that reads like this: “Beware rogue elephants — The Easter Bunny.”

It’s a half-joking reference to “rogue elements” of the RCMP that Solicitor General Wayne Easter has said may have passed information about Maher Arar to authorities in the United States, from which he was deported to Syria last year.

The other half of the joke is no joke at all. The RCMP — not rogue elements, but workaday investigators — had caught Mr. Arar in their sights while investigating the activities of members of an alleged al-Qaeda logistical support group in Ottawa. RCMP watchers were suspicious when they saw Mr. Arar and their main target, Abdullah Almalki, talking outside in the pouring rain away from eavesdroppers.

It is the existence of that now-disbanded alleged group, most if not all of whose members, including Mr. Almalki, are now in prison abroad, that a security source cites as the root of why the Canadian government is so fiercely opposed to a public inquiry into the case of Mr. Arar.

And it was in defence of their investigative work — against suggestions that the RCMP and the Canadian Security Intelligence Service, had either bungled Mr. Arar’s case or, worse, purposefully sent an innocent man to be tortured in Syria –that security officials leaked allegations against him in the weeks leading to his return to Canada.

One of the leaked documents is about what Mr. Arar allegedly told Syrian military intelligence officials during the first few weeks of his incarceration.

It contains minute details of seven months of supposed training at the Khalden camp in Afghanistan by the Mujahadeen in 1993. It alleges he was trained in small arms use and military tactics and names specific instructors. It even contains a code name he is said to have confessed to: Abu Dujan, after a legendary Muslim fighter who was recognized by a red headband that signalled a determination to fight to the death for the prophet Muhammad.

Mr. Arar says he confessed to training in Afghanistan when he was tortured, agreeing to an Afghan camp name at random. He had never been in or near Afghanistan.

The document also tells of a purported trip by Mr. Arar to neighbouring Pakistan while en route to the Mujahadeen camp. It says he went at the behest of Montreal members of a group named the Pakistani Jamaat Tabligh, described as an Islamic missionary organization not know to be involved in acts of violence or terrorism. It said he had been assigned in the early 1990s, while studying at McGill University, to recruit followers for the Jihad.

There was nothing in the document about any terrorist activities in Ottawa or anywhere else. It gave an account of his work record, including his salary at one company, and said his lawyer had told the RCMP he would speak with them when he returned from a trip to Tunisia in January, 2002, but there had been no further contact from the RCMP.

The document said Mr. Arar had told U.S. interrogators in New York City that he had travelled to Pakistan with the Tabligh group, but he denied going to Afghanistan and that he first met Mr. Almalki at a family gathering. He allegedly told the American interrogators that Mr. Almalki approached him and one of his brothers in 1994 or 1995 with a proposition for a joint business venture in the communications/computing field in Ottawa. But the brothers decided against it because conditions in Ottawa were too competitive.

One of Mr. Almalki’s brother’s had told Mr. Arar in 1998 that Mr. Almaki had worked for an aid organization in Afghanistan. The last time the brother had seen Mr. Almalki was in October, 2001. Mr. Arar later heard from the brother that Mr. Almalki had moved to Malaysia. (Mr. Almalki’s family says he was arrested in Syria during a visit from Malaysia. Mr. Arar saw him in prison in Syria and said he had been tortured.)

Mr. Arar is demanding a public inquiry into the role of the RCMP and the Canadian Security Intelligence Service (CSIS) into his deportation. He also wants to know if Canadian officials devised the questions he was asked in the United States and during torture sessions in Syria, says Mr. Arar’s spokeswoman, Kerry Pither. She said the questions focused on Afghanistan and his knowledge of Mr. Almalki.

When the RCMP called on Mr. Arar in January, 2002 — the same month that RCMP executed a search warrant against Mr. Almalki, seizing computers and files and interrogating two of his brothers — Mr. Arar was out of the country.

He telephoned the RCMP from Tunisia and later agreed to meet them, accompanied by his lawyer. The RCMP never followed up, Mr. Arar says. Mr. Arar had disappeared, says a security source — a notion Ms. Pither says is outlandish. Mr. Arar was in Canada for the next six months and could have been contacted with a phone call.

When an RCMP investigator knocked on his door a couple of weeks later, he found Mr. Arar and his family were gone. Neighbours said he and his family had held a garage sale, packed and moved. However, Ms. Pither says the RCMP could have contacted Mr. Arar through his lawyer. She did not know whether they had moved at that time.

Eight months later, while returning to Canada from Tunisia, where Mr. Arar’s family was on an extended family visit that had begun in June, Mr. Arar was pulled aside at New York’s JFK airport, detained and then, under a deportation order citing him as a member of a prohibited terrorist group — al-Qaeda — was spirited to Syria, from where he had emigrated when he was 17 years old.

It is the existence of a suspected Ottawa-based al-Qaeda “cell” and what its members were believed to be up to, that a security source cites as the root of why the Canadian government is so fiercely opposed to a public inquiry into the case of Mr. Arar.

Such an inquiry could open a can of worms involving Syrian, American and Canadian investigations into alleged terror plots in Ottawa and alleged shipments of electronic and computer equipment to al-Qaeda terrorists in Pakistan and Afghanistan.

Perhaps most difficult for the government, an inquiry would present a dilemma over what to do about suspects who have wound up in prison in their native countries, including Mr. Almalki. If Mr. Arar has caused such an uproar, others may do likewise.

An inquiry might also put the spotlight on allegations of a plot to bomb the U.S. Embassy and on allegations that the plot had been abandoned in favour of apparently easier targets — on Parliament Hill and elsewhere in the nation’s capital.

Right suspect, wrong target was how one source put it when the CanWest News reported last summer on Mr. Almalki’s suspected involvement in an alleged U.S. Embassy bombing plot. The RCMP officially denied knowledge of the plot last July, effectively shutting down the story that stemmed from a report in the New Yorker magazine by investigative journalist Seymour Hersh.

The story told of how after the Sept. 11, 2001 terrorist attacks in New York City, the Syrians had emerged as one of the Central Intelligence Agency’s most effective intelligence allies in the fight against al-Qaeda, sharing hundreds of dossiers on al-Qaeda cells throughout the Middle East and in Arab exile communities in Europe. Syria had accumulated much of its information, Mr. Hersh wrote, because of al- Qaeda’s ties to the Syrian Muslim Brotherhood, Islamic terrorists who have been at war with the secular Syrian government for more than two decades.

The contents of seven search warrants issued to the RCMP by an Ontario Court of Justice judge the day before Mr. Almalki’s apartment was searched, remain sealed. And most, if not all the targets of the RCMP investigation into the alleged cell are said to be in prison abroad. Only Ahmed Said Khadr, an Egyptian-Canadian, is said to be at large, possibly in Afghanistan.

The Foreign Affairs Department has for months had a list of seven Canadian men with alleged links to terrorism in prison abroad. Until a few weeks ago, that list included Mr. Arar. The seven are among the more than 3,000 Canadians in prison in foreign countries, most of them in the U.S. and most of them on more common criminal charges, such as possession of drugs.

Gar Pardy, the recently retired consular affairs chief from Foreign Affairs, says the RCMP and CSIS persistently opposed Foreign Affairs’ efforts to bring Mr. Arar’s case to the prime minister for intervention.

“The RCMP and the security people, that’s where the division came down,” Mr. Pardy said in an interview. “They were saying we have our responsibilities and we don’t agree. I think it delayed our efforts to get him out of there to some extent, although I don’t think by a heck of a lot quite frankly.

Secondary Source

Original link no longer valid

Post a comment.