Thursday, February 04, 2016

Even GCHQ does it


Source: Globe and Mail

David Omand was the Director of GCHQ from July 1996 to December 1997.

See also Even NSA does it.

Wednesday, February 03, 2016

2014-15 Annual Report: The watchdog shows his teeth

As I noted here, there is a lot of interesting news in the CSE Commissioner's 2014-15 Annual Report, which was finally made public on 28 January 2016. (The Commissioner's reports are normally tabled in the June to August timeframe; the previous record for tardiness was the 2003-04 report, which was released on 8 October 2004. It is evident that the Harper government did not want the information that was in the report to be available to Canadians during an election campaign.)

The big news in the report was that, for the first time, the CSE Commissioner was holding out the possibility that CSE might be found in non-compliance with the law. The final answer to that question was left open in the report itself, which stated that the Commissioner was still examining the legal implications of the issue. By the time the report was finally tabled, however, Commissioner Plouffe had completed his review of the issue and concluded that CSE had failed to exercise due diligence and thus had violated the law. (For further details, see here.)

I see this decision as a very positive development. As I argued here, it was beginning to look as though CSE Commissioners would never find CSE in breach of the law for anything—or at least nothing short of admitted, unrepentant, and on-going illegality of the most brazen kind.

The danger of always letting CSE off the hook in the kinds of cases that actually do come up was two-fold: First, Canadians might come to see the Commissioner's annual assurances as largely meaningless, undermining one of the primary purposes of having the office. Second, CSE might come to see prevention of compliance lapses as relatively unimportant, since problems subsequently identified could always be fixed at some later time without consequences. By demonstrating that consequences are possible, at least in cases where CSE failed to exercise due diligence, the agency has been reminded that legal compliance has to be first on its priorities list at all times: it can never be left as an afterthought.

[Update 6 February 2016: I should probably add here that the only consequence that CSE has suffered to date (as far as we know) is public shaming, which is all that CSE Commissioners have the power to do. Whether the government will actually hold anyone in the agency to account in any more concrete way remains to be seen. Andrew Mitrovica discusses the parallel question of accountability at CSIS here: "Ex-spy watchdog asks: Why isn’t CSIS coming clean on tax data breach?" iPolitics, 5 February 2016.]

Another benefit of finally wielding the hammer of compliance judgement is that the level of attention paid to the Commissioner's recommendations at the political/ministerial level cannot fail to be dramatically elevated. Maybe now—finally—going on fifteen years after the mandate of the Communications Security Establishment was enacted into law, we will see action on the clarifying amendments that successive Commissioners have sought from the beginning. (More on potential amendments below.)

Last year I lamented the continuing failure of successive Commissioners to "pick up the hammer"; it's good to see a more Thor-like Commissioner in action.

There were also many other noteworthy items in this year's report.


Use and retention of private communications

The big news in the 2013-14 report was that the Commissioner had finally been permitted to specify the number of "private communications" (communications with at least one end in Canada) used in intelligence reports or retained by CSE for possible future use during the agency's Mandate A (foreign intelligence) operations. That year the number was 66; this year the number is a mere 16.

Sixteen is a very small number, and it is useful that the CSE Commissioner is able to report it.

But, as I noted last year, it does not represent anywhere near a complete accounting of the Canadian communications intercepted or otherwise acquired and examined by CSE during the course of the year. It does not include communications of Canadians that do not fall into the definition of private communications, such as calls involving Canadians in which neither communicant is physically in Canada at the time. It does not include private communications intercepted and forwarded to CSE by Canada's SIGINT allies. It does not include private communications obtained during CSE's Mandate B (cyber security) operations. (This year's report has some interesting comments on those intercepts, however.) It also does not include private communications obtained during CSE's Mandate C (support to federal law enforcement and security agencies) operations. Finally, most importantly, it does not include the much larger number of Canadian communications intercepted or otherwise acquired by CSE that ultimately are neither used nor retained by the agency, but are simply assessed and deleted. How much larger that number is (and the scale of the even larger number of communications that receive preliminary monitoring of some sort but are never sent to an analyst to be "recognized" as private communications because automatic filters decide that they are not likely to be of interest) has never been revealed.

This is not to say there's a secret program to monitor everything Canadians say and do hiding under that almost inconsequential-looking sixteen number. Just a reminder that it is far from the whole story.

A useful innovation discussed in this year's report is the series of "spot checks" that the Commissioner has begun conducting on the larger set of private communications intercepted during CSE's Mandate A operations. These reviews cover all private communications "intercepted and recognized", not just those used or retained—but only those intercepted by CSE itself under its Mandate A. This year's spot checks covered the periods of 1 April 2014 to 20 June 2014 and 1 September 2014 to 15 October 2014, which together comprise 126 days, or 34.5% of the year.

Unfortunately, the Commissioner doesn't tell us how many Canadian private communications were intercepted and recognized during these review periods. This limits the reassurance value of his report.

I suspect that he would have been quite happy to publish this number, which would provide at least some, albeit partial, basis for assessing the scale at which CSE examines Canadian communications. Most probably CSE refused to declassify the figure. Elsewhere in his report, the Commissioner works hard to emphasize that the Minister of National Defence and CSE itself are not allowed to censor his public reporting. This is true, and of very great importance. They can't, for example, prevent him from reporting that CSE failed to comply with the law. But by controlling the power of declassification, they can and do reduce much of the Commissioner's reporting to generalities and often incomprehensibility. This has been an on-going problem for CSE Commissioners.

To their credit, the Commissioners have been gradually increasing the amount of hard information they are able to report, and this year's report contains some valuable new numbers (see below)—which also serve as important evidence that 16 private communications is far from the whole truth of CSE's interactions with Canadians.


Disclosures of Canadian Identity Information

When CSE issues a report that refers to a Canadian individual/corporation/organization etc. in some way, it "suppresses" the information that identifies that Canadian, replacing it with an expression such as "a named Canadian". CSE's customers can request this Canadian Identity Information (CII), however, and CSE will provide it if it assesses that the request is appropriate. (The RCMP might wish to know the actual name or contact information of a Canadian planning to import large quantities of illegal drugs, for example.)

This year, the Commissioner was able, for the first time, to provide statistics on the number of requests for CII made by Government of Canada clients during a portion of the year under review.

According to the report, CSE received 710 requests from Canadian government clients over a six-month period, or about 3.9 requests per day, for CII related to its Mandate A and Mandate B reporting, with the number of actual identities requested being even greater (a single request can involve multiple identities). This suggests that probably something on the order of 1500 requests were made during the entire year.

Not reported, unfortunately, was the percentage of times suppressed CII was requested or the percentage of times CSE acceded to those requests and provided the information sought. The report does state that some requests were refused, however.

Thinking about this in a back-of-the-envelope kind of way, the "sweet spot" to shoot for, it seems to me, would be a low request rate (CII requests in no more than say 10% of cases and possibly much lower than that) in combination with a high (say 90-95%) approval rate. A high approval rate would be desirable (when combined with a low request rate) because it would suggest that CSE's clients understand the rules surrounding the information and request it only when it is reasonably clear that they need it. A less than 100% approval rate, on the other hand, would also be desirable as it would suggest that approval is not granted as a matter of routine but is actually considered on a case-by-case basis.

By contrast, a high request rate combined with a high approval rate would suggest that the suppression of Canadian Identity Information in the original reports is more pro forma than a real privacy protection measure. A low approval rate would suggest, on the other hand, that CSE's clients are consistently seeking information about Canadians for which they have no justifiable need and/or that CSE's rules for access are incomprehensible or arbitrary and that its clients have no clear idea what sorts of requests may be approved.

Perhaps the Commissioner can provide some data on request and approval rates in future reports to help Canadians judge these possibilities for themselves.

It would also be helpful to know a bit more about the approval system itself in order to draw firm conclusions about its usefulness. Is it little more than a series of check boxes on an electronic form asking the requester to affirm that the identity information sought is essential to a full understanding of the intelligence in question and that such intelligence falls within the mandate of the agency requesting it? Do refusals only happen when some clown can't be bothered to read the form carefully enough to check the right boxes? A high but not perfect approval rate under those circumstances would not be much to celebrate. It would be nice if we had some basis for judging between these possibilities.

Getting back to the data that the Commissioner did provide, an annual rate of 1500 or so requests for Canadian Identity Information—which could imply (and here I'm guessing wildly) a grand total of something like 15,000 reports containing CII—presents a considerably different picture than that evoked by the Commissioner's affirmation that only 16 private communications were featured in reports in the same general timeframe.

The two measures address different things, of course. As noted above, CSE has access to many more Canadian communications than just those that it intercepts itself during Mandate A operations. More importantly, many of the references to Canadian identities that appear in CSE's reports are likely to have originated in communications that did not themselves involve Canadians. A foreign diplomatic communication might report, for example, that "named Canadian corporation" produces a particular kind of widget that would be useful for that country's prohibited ballistic missile program and that it might be possible to acquire these items through a front company based in the Bahamas. Few people would object to CSE reporting on such a communication, or to CSIS or the RCMP requesting the actual name of the company in order to prevent illicit technology transfers.

Still, the possibility that many thousands of CSE reports refer to Canadians every year, and that in hundreds of those cases the identities and other related information concerning those Canadians is ultimately released to other government agencies, highlights the extent to which CSE's activities really do impinge on or overlap with the personal lives of Canadians.

The Commissioner also reported that an unspecified number of requests for Canadian Identity Information were made by Canada's SIGINT allies (U.S., U.K., Australia, and New Zealand) during the year—and that approximately half of those requests were denied.
Such a large percentage of denials would seem to indicate that CSE places a high priority on protecting Canadian privacy in such exchanges. However, as I suggested above, it might also indicate that the Second Parties have been seeking Canadian information for which they have no justifiable need and/or that they do not understand the rules that govern access to Canadian information. Either explanation is cause for some concern.

The Commissioner also recorded that "Six requests were made for disclosure of Canadian identity information to non-Five Eyes recipients. Five of these requests were made by a Government of Canada client and one was made by a Second Party partner. None were denied."

Since 2011, CSE has been obliged to conduct a "mistreatment risk assessment" before permitting the disclosure of Canadian identity information to non-Five Eyes recipients. I fervently hope but can't say I'm at all confident that this process is considerably more rigorous than the one that governs Canadian arms sales to countries such as Saudi Arabia. The Commissioner's report notes that he reviewed "some of the corresponding mistreatment risk assessments", but it doesn't say what he made of them.

One wonders why certain Five Eyes countries that have been known to conduct extra-judicial executions, cross-border kidnapping, detention without trial, and "enhanced interrogation" are not also subject to such assessments. One might even consider it a legal obligation to perform such due diligence under certain international conventions to which Canada is a party.


Another NDA amendment recommended

Another important bit of news in the 2014-15 report is that the Commissioner has added an additional item to his list of recommended amendments to the section of the National Defence Act that spells out CSE's mandate and powers.

Successive Commissioners have recommended that clarifying amendments be made to the NDA since shortly after the CSE-related sections were passed in 2001. The Commissioners have sought amendments related to the nature of the Ministerial Authorizations that govern the interception of private communications, the definition of the terms "intercept" and "interception", and other aspects of the law.

In 2007, the Harper government promised to proceed with amendments addressing these issues, but in fact it did nothing on any of them.

The Commissioner's new recommendation concerns the rules governing CSE's IT Security activities:
The National Defence Act was modified by the Anti-Terrorism Act in 2001 to, among other things, legislate CSE as well as its activities. Regarding IT security ministerial authorizations, it was established that the Minister of National Defence could authorize CSE to intercept private communications for the sole purpose of protecting Government of Canada computer systems or networks from mischief, unauthorized use or interference, in the circumstances specified in paragraph 184(2)(c) of the Criminal Code.

Subsection 184(1) of the Code establishes the offence of intercepting a private communication and subsection 184(2) sets out circumstances where the interception is not an offence. Paragraph 184(2)(c) applies to persons engaged in providing a telephone, telegraph or other communication service to the public who intercept private communications while providing the service.

I believe subsection 273.65(3) of the National Defence Act does not accurately reflect CSE’s activities because CSE undertakes activities beyond those considered in “the circumstances specified in paragraph 184(2)(c) of the Criminal Code.” I therefore recommended that subsection 273.65(3) of the National Defence Act be amended as soon as practicable to remove any ambiguities respecting CSE’s authority to conduct IT security activities that risk the interception of private communications.
According to the Commissioner's report, this new recommendation was also accepted by the Harper government, although we will never know how sincere that acceptance may have been.

More importantly, the current government's Minister of National Defence has announced his support for the recommendations in this year's report, including the recommendation to amend the NDA.

If the government lives up to that commitment—and takes the opportunity to enact the other recommended amendments as well—we may finally see the end of the legal interpretation issues concerning CSE's mandate that, in the words of one Commissioner, "have bedevilled this office since December 2001."

Because it's 2016, and about time.


Commissioner's mandate and privacy

And while we're on the subject of amendments to the NDA, let's talk about the CSE Commissioner's mandate to promote privacy.

Successive Commissioners have made privacy protection an important part of their activities, but as far as I can see the only basis for that in legislation is their mandate to assess compliance with the law, which enables them to assess compliance with, for example, the privacy protections provided to Canadians in the Charter of Rights and Freedoms.

The privacy protections that exist in law (to the extent that jurisprudence has made them clear) do provide a minimum level of protection—a floor—beneath which CSE must not be permitted to sink.

But it seems to me that Canadians could also benefit from having an active advocate for greater and continuously updated protections—a constant effort to raise the ceiling—so as to adapt to changing technology and circumstances.

Commissioners do seem to have tried to push the envelope on privacy questions. The current Commissioner describes his mandate as not only to assess compliance with the law, but also "to promote the development and effective application of satisfactory measures to protect the privacy of Canadians in all the operational activities CSE undertakes."

Wouldn't it be great if the government wrote this mission explicitly into the NDA when it proceeds with those other amendments?


CFIOG Cyber Support Detachments

On a totally different topic, one of the more interesting reviews conducted by the Commissioner during the past year was an examination of the SIGINT activities of the Canadian Forces Information Operations Group (CFIOG) Cyber Support Detachments.

These small military units, formerly known as SIGINT Support Elements, are located at major headquarters in Halifax, Victoria, Winnipeg, and presumably Ottawa.
CFIOG Cyber Support Detachments act as the go-between to provide CSE reports on foreign signals intelligence to clients within the [Canadian Armed Forces (CAF)]. The CFIOG Cyber Support Detachments provide foreign signals intelligence support to select CAF commanders for a spectrum of activities, ranging from planning to direct support to combat operations. The Detachments are not involved in either the collection of foreign signals intelligence or the production of related reports; they primarily provide situational awareness to their respective intelligence and operational staff.
The Commissioner's review "concluded that the Cyber Support Detachment activities conducted under the authority of Part V.1 of the National Defence Act were in compliance with the law, ministerial direction, and CSE policies and procedures." No recommendations were made for changes in any CSD activitities. Nothing too interesting there.

What was more interesting about the review was that it featured another challenge to the CSE Commissioner's authority to review what he sees fit:
At the outset, my authority under the National Defence Act to review the CFIOG-controlled Cyber Support Detachments was questioned. After a six-month delay and many discussions between my office, CSE and the CAF, I exercised my authority and was provided direct access to Detachment staff and premises to ensure that their foreign signals intelligence activities conducted under Part V.1 of the National Defence Act complied with the law, ministerial direction, and CSE policy and procedures.
Now this is what I like to see!

Last year, it was CSE arguing that the Commissioner had no authority to examine the protection of information shared with the Second Parties, other years it has been other things, and my question has always been, why doesn't the Commissioner just point to his powers under the National Defence Act and start kicking ass and taking names? It is written right into the NDA: he has the power to investigate anything he sees as relevant to his mandate.

This time, the report says, he "exercised [his] authority".

That may just be a dramatic way of saying he managed to negotiate permission to go in, but it sounds more like he swung the hammer around a little bit first.

More of this please!

Also of interest: the Commissioner's report notes that the SIGINT reports accessed by the CSDs
may contain Canadian identity information that has been suppressed, that is, replaced by a generic reference such as “a named Canadian.” In the event that there would be a request for the disclosure of suppressed information, the Detachments would follow an established process and pass the request to CSE for action. To date, however, there has never been a request for the disclosure of suppressed Canadian identity information [through the CSDs].
At least somebody's minding their own business!

But it does leave me wondering how the SIGINT system's support to search and rescue operations fits in. SIGINT radio direction-finding stations are often used to help pinpoint the location of aircraft and ships in distress and to relay information about the occupants to the Rescue Coordination Centre.

Does such information not pass through the CSDs?

Maybe it's just that identity information is not suppressed in the first place in emergency situations where it may be necessary to help save lives, so the question of requesting its disclosure under such circumstances doesn't arise.


There is more to discuss in the 2014-15 report, but that's all I'm going to write about for now. More to come in a later installment!

In the meantime, as a partial antidote to all the rosieness in the comments above, be sure to read Wesley Wark's commentary on the CSE Commissioner and SIRC: "Canada’s spy watchdogs: Good, but not good enough," Globe and Mail, 1 February 2016.

Thursday, January 28, 2016

CSE Commissioner: CSE violated law

The CSE Commissioner's 2014-15 Annual Report was finally tabled today, nearly 10 months after the end of the fiscal year covered by the document.

There is a lot that's interesting in the report, but the big news—which was actually in the press release from the Commissioner's office that accompanied the report rather than in the report itself—is that the Commissioner has declared that "CSE's failure to minimize certain Canadian identity information prior to it being shared with its partners did not comply with paragraph 273.64(2)(b) and section 273.66 of the [National Defence Act], and, as a consequence, did not comply with section 8 of the Privacy Act. The Commissioner therefore exercised his legal duty under paragraph 273.63(2)(c) of the NDA and informed the Minister of National Defence and the Attorney General of Canada of this non-compliance with the law."

In plain language, the Commissioner declared that CSE had failed to comply with the law.

In the 20 years since the office was first created, no CSE Commissioner has ever made such a declaration before.

The Canadian Identity Information in question was contained in "certain types of metadata" that "were not being minimized properly before being shared with CSE's partners in the United States, the United Kingdom, Australia and New Zealand", presumably through GLOBALREACH. The exact nature of the metadata involved has not been revealed.

According to the Commissioner and CSE, CSE identified the problem in late 2013, reported it to the Commissioner, and suspended the data transfers pending a solution to the problem, which Defence Minister Sajjan described today as being caused by "technical deficiencies in CSE systems". These deficiencies must be quite fundamental, however, as it is now 2016 and the problem remains unresolved.

The press release from the Commissioner's office also reports that, "while the Commissioner stated he believes the actions of CSE [in transferring the unminimized metadata] were not intentional, it did not, however, act with due diligence when it failed to ensure that the Canadian identity information was properly minimized." This seems to be the basis of the Commissioner's conclusion that, in this instance, CSE did not comply with the law, whereas in earlier cases unintentional violations of the law have not been characterized as non-compliance.

Perhaps the Commissioner was especially annoyed in this case because in 2013 his predecessor had assured Canadians that "in its reports, and in other information [e.g., metadata] CSE shares with its domestic and international partners, CSE must render impossible the identification of Canadians, and I verify that this is done. As noted in my report last year, I have found that CSE does take measures to protect the privacy of Canadians in what it shares with its domestic and international partners." [Quotation updated 29 January 2016 for reasons of terminological exactitude. HT to WG.]

The Commissioner's declaration that CSE did not comply with the law brings to an abrupt and welcome end the nearly 20-year-old Ottawa tradition of deflecting all questions about CSE activities with the refrain that "the independent CSE Commissioner has always found CSE to be in compliance with the law". (It looks like this blog post is going to need some revision.)

I'll comment on some of the other interesting and significant elements in the 2014-15 report in future posts.

[See Part I of those comments here.]


Related coverage and commentary:

- Jim Bronskill, "Canada’s electronic spy agency broke privacy law by sharing metadata, watchdog says," Canadian Press, 28 January 2016
- Robert Fife & Colin Freeze, "Canada's spy agencies broke surveillance laws, watchdogs reveal," Globe and Mail, 28 January 2016
- Justin Ling, "Canadian Spies Get Spanked Again For Sharing Citizens' Data With the NSA," Vice News, 28 January 2016
- "Canada's electronic spy agency stops sharing some metadata with partners," CBC News, 28 January 2016
- "Electronic spy agency stops sharing information with partners over privacy concerns," CTV News, 28 January 2016
- Monique Muise, "Watchdog says electronic spy agency shared info about Canadians," Global News, 28 January 2016
- "Canadian intelligence agency stops sharing metadata with foreign intelligence agencies following revelations that shared information was not being sufficiently protected," OpenMedia news release, 28 January 2016

Update 29 January 2016:

- Alex Boutilier, "Canada’s electronic spy agency broke privacy laws, watchdog says," Toronto Star, 28 January 2016. Note the discussion of CSE's accompanying "technical briefing": "A high-ranking CSE official, who Thursday gave a technical briefing on the condition they not be named, described the issue as a technical glitch discovered in late 2013.... While CSE downplayed the severity of the breach — saying the privacy impact was “low” — it was significant enough to prompt the first press briefing in the agency’s 70-year history." A good point.

As for CSE's insistence on no use of names, if I had to guess, I'd say the speaker was probably Shelly Bruce. After all, what "high-ranking" CSE official would be better for speaking to this issue than the Deputy Chief who is in charge of the SIGINT program at the agency? (It might also explain why the Toronto Star used "they" as the pronoun in this instance.) But if it was Bruce, why insist on non-attribution? As the link shows, Bruce's name and position are not in any way secret. Maybe it wasn't Bruce, in which case the non-attribution might make some minimal amount of sense.

Update 31 January 2016:

Here are the speaking notes for high-ranking CSE official They Who Must Not Be Named. Minor quibble: CSE will be celebrating its 70th birthday on 1 September 2016. It's a bit premature, therefore, to declare in January 2016 that "CSE has been at work, protecting Canada and Canadians, for over 70 years."

Update 1 February 2016:

- Wesley Wark, "Canada’s spy watchdogs: Good, but not good enough," Globe and Mail, 1 February 2016
- Tim Harper, "A privacy breach and a country left in the dark," Toronto Star, 29 January 2016

Update 4 February 2016:

- Tamir Israel & Christopher Parsons, "Why We Need to Reevaluate How We Share Intelligence Data With Allies," Just Security, 3 February 2016


Friday, January 08, 2016

December 2015 CSE staff size

2153.

(If you click through on the link and get a different figure, it's probably because the Treasury Board has updated its website; they update the numbers once a month.)

Thursday, January 07, 2016

"Spook Central" at night

Beautiful night photo of CSE headquarters (upper right) and CSIS headquarters (lower left)—the Yin and Yang of Canadian spookdom—by Ottawa photographer Chuck Clark:



(Photograph taken on January 5th, 2016.)

You can see an earlier night shot by Chuck here.

Friday, January 01, 2016

CANUSA Agreement, Appendix B

Among the 52,000 pages of material released by NSA as part of the Friedman collection is this document, which is the 27 March 1953 version of Appendix B of the CANUSA Agreement, the foundational agreement governing Canada-U.S. communications intelligence (COMINT) cooperation. The existence of the CANUSA Agreement has been well known for many years, but to the best of my knowledge no part of this Top Secret Codeword classified agreement has ever been released before.

The CANUSA Agreement was modeled very closely on the UKUSA Agreement, and the Appendix B's of the two agreements are virtually identical. You can see the 19 March 1953 version of Appendix B of the UKUSA (or BRUSA as it was then called) Agreement here (pages 4-31). Bonus: By cross-ruffing between the two documents you can fill in most of the redactions made in them.

The 1956 and earlier versions of the UKUSA/BRUSA Agreement were largely declassified in 2010. The CANUSA Agreement, by contrast, has not been released.

Which raises the question, what is Appendix B of the CANUSA Agreement doing on the NSA website?

My guess is that, because the two Appendix B's were so similar, NSA's redactors did not realize that the CANUSA document was actually part of that agreement rather than UKUSA.

What distinguishes the two most clearly is that the CANUSA appendix refers to the U.S. Communications Intelligence Board (USCIB) and the Communications Research Committee (CRC)—the interdepartmental committees that governed the NSA and Canada's CBNRC respectively—while the UKUSA appendix refers to USCIB and the London Signals Intelligence Board (LSIB), the latter being the equivalent body for GCHQ.

The fact that the redactors removed one of the few explicit references to Canada (see para. 37b on p. 9) in the CANUSA appendix would seem to confirm that they didn't realize the entire appendix related to Canada. They failed, however, to remove the references to Canada in Annexure B3 (see especially para. 1d on p. 20).

There is a lot of interesting detail in the appendix about the nitty-gritty of access to COMINT, COMINT dissemination and security rules, limitations on the travel and activities of indoctrinated personnel, and the categorization of various types of COMINT.

There is also an important paragraph on the subject of economic intelligence (para. 39, p. 9):
Category III and II COMINT shall never under any circumstances or in any form be disseminated to any Ministry, Department, Agency, Organization, Office, or individual from which or from whom it might reasonably be expected to find its way, officially or extra-officially, into the possession of any person or group who could use it for commercial competition or commercial gain or advantage.
The same paragraph is also in the UKUSA appendix.

It's worth noting, however, that the UKUSA Agreement itself required only that there be "no dissemination of information derived from COMINT sources to any individual or agency, governmental or otherwise, that will exploit it for commercial purposes" without the "prior notification and consent of the other party" (see para. 10 here); the same provision may well have also been in the CANUSA Agreement.

Whether these or similar provisions survive in the current CANUSA and UKUSA Agreements and their associated documents has not been made public, but it is notable that recent CSE statements do use similar language. I'm a little skeptical about how such principles get applied in practice (note that the UKUSA Agreement provision allows for cases of such use where both parties agree), but in my humble opinion the sentiment is a good one.

We do know that Appendix B of the UKUSA Agreement was modified slightly in 1956 as part of a wider process of updating and reorganizing the agreement's appendices (see pp. 3 and 12-13 here). For consistency's sake, the CANUSA Appendix B probably underwent the same changes. What may have happened since 1956, however, has not been made public.

And, until the Friedman release, no part of the CANUSA Agreement or its appendices, past or present, had ever been made public.

To my mind, the release of Appendix B is a positive step forward, even if (as is probably the case) it was done by mistake.

Is there any reason why the rest of the CANUSA Agreement can't be released?

Wednesday, December 30, 2015

Canada and Special Weather Intelligence

In the era before weather satellites, access to information about weather conditions in adversary-controlled areas could be highly valuable. Such information could be used to determine the likelihood of hostile military activities in those areas, to support friendly military activities in or near those areas, and to provide data for future weather forecasts in other parts of the region. Since weather data was often sent to adversary military forces as part of their routine encrypted communications, such information could also provide a "probable plain text" clue that might prove useful in breaking into certain of those encryption systems.

For these reasons, during the Second World War and the Cold War, reports from adversary weather stations were themselves often encrypted, and they were the target of SIGINT collection and codebreaking activities. Within the UKUSA community, intelligence derived from collection of weather station reports was known as Special Weather Intelligence.

The Friedman documents released by the NSA earlier this year contain some interesting insight into Canada's access to Special Weather Intelligence related to the Far East acquired by NSA and GCHQ.

This document reports that although Canada did not originally foresee a need for more than Summaries of such material,
On 23 December 1953, Hq, USAF, Directorate of Intelligence (a) informed [NSA] that the RCAF is ready to receive such [redacted] as is now available from the [redacted], and (b) suggested that the Director, NSA, make arrangements with the RCAF to furnish materials to RCAF Headquarters via the NSA/CBNRC communications link. Accordingly, arrangements have been completed for this channel to be used carrying information prepared by [redacted] from the products of the [redacted.] It would appear that the Canadian requirements for codeword [redacted] have expanded beyond [redacted] Summaries.
The parts of the document that confirm that the subject of this discussion was Special Weather Intelligence have all been redacted, unfortunately, but this other Friedman document helpfully fills in the most important blank, informing us that the title of the first document is "US/UK/CAN Tripartite Arrangements Concerning Far East Special Weather Intelligence" (see entry for USCIB 1.1/1 on page 62).

And these two documents confirm that
On 15 May 1954, LSIB, CRC and USCIB recognized that Canada's peacetime requirements for [redacted] Intelligence bearing codewords had increased subsequent to the Tripartite Conference of March 1953. LSIB, CRC and USCIB therefore agreed that such codeword materials as are required by any of the three parties should be requested under the regular procedures already established for requesting all other types of COMINT codeword material.
(LSIB, CRC, and USCIB were the London Signals Intelligence Board, the Communications Research Committee, and the United States Communications Intelligence Board, the U.K., Canadian, and U.S. interdepartmental committees respectively in charge of GCHQ, CBNRC, and NSA.)

It is interesting to speculate about what may have changed between March 1953 and December 1953 to cause Canada, and the RCAF in particular, to require greater access to Far East Special Weather Intelligence.

Canadian Army and Royal Canadian Navy units took part in the Korean War, and RCAF transport aircraft operated between North America and Korea during the war, but the fighting had been over for nearly five months by the time the RCAF reported it was "ready to receive" expanded access, and by nearly ten months by the time the expanded access actually began. Furthermore, the tripartite statement approving that expanded access described it explicitly as a "peacetime" requirement. It seems highly unlikely, therefore, that the RCAF's need was related to the Korean War.

One possibility is that the RCAF wanted access to the information to help it plan North American early warning and air defence operations with the USAF. (The Far East includes the eastern part of the Soviet Union, which would have been the source of many of the aircraft taking part in an attack on North America.)

Another possibility is that the RCAF wanted the data in support of its own planned operations in the Arctic. In September 1953, the RCAF decided to convert three photo reconnaissance/aerial mapping variants of the Lancaster bomber to an Arctic reconnaissance configuration. According to one source, some of the missions flown by the aircraft involved "ECM patrol in the ocean area well north of the Queen Elizabeth Archipelago, carrying out a listening watch for Soviet electronic emissions." The first mission with the newly converted aircraft was flown in September 1954.

Neither theory (air defence or Arctic reconnaissance) explains why the RCAF's request was limited specifically to Far East Special Weather Intelligence, however. Perhaps Canada already had access to weather intelligence for other regions in the North.

This webpage on the Soviet M-130 Koralle encryption machine discusses the use of encryption for Soviet and Soviet Bloc weather data. However, according to the authors, the M-130 was introduced in 1965, so evidently this machine was not used during the 1950s.


Update 1 January 2016: For more on weather intelligence, see Jeffrey T. Richelson, "Weather or Not," Air Force Magazine, October 2013.