Friday, April 10, 2015

March 2015 CSE staff size

2168. Down slightly from last month's 2175.

This is the fourth drop in a row from CSE's peak staff size, 2254, which was recorded last November. Extended fluctuations in CSE's staffing sometimes occur, but this could be a sign that CSE's long growth period is finally over, at least for the time being, with its staff size stabilizing at roughly 2200—which appears to be around the size its new headquarters was designed for.

(Alternatively, we could be seeing a temporary slowdown in hiring as Ottawa struggles to make the books look good for the government's pre-election budget.)

(If you click through on the link and get a different figure, it's probably because the Canada Public Service Agency has updated its website; they update the numbers once a month.)

Thursday, April 09, 2015

Recent items of interest

Recent news and commentary items related to CSE, signals intelligence, and related issues:

- Ian MacLeod, "MP Rathgeber wants tougher oversight of electronic spy agency," Ottawa Citizen, 4 April 2015.

- Editorial, "Canada, the Five Eyes – and the hackers’ arms race," Globe and Mail, 30 March 2015.

- Jim Bronskill, "Conservative MP Michael Chong wants more parliamentary spy oversight," Canadian Press, 24 March 2015.

- Jillian Kestler-D’Amours, "Majority of Canadians oppose state surveillance, new report says," Toronto Star, 23 March 2015.

- Craig Forcese, "Bill C-44: Statement to Standing Senate Committee," National Security Law blog, 23 March 2015. (There is much more worth reading at Forcese's blog, particularly on the analysis he and Kent Roach have done on Bill C-51.)

- Colin Freeze & Christine Dobby, "Watchdog presses Ottawa for strong rules on sharing surveillance data," Globe and Mail, 18 March 2015.

- Ian MacLeod, "Spy versus spy: Australian security oversight holds lessons for Canada," Ottawa Citizen, 18 March 2015.

- Jordan Pearson, "NSA Targeted a Canadian Bank and Telecom Company Reveals New Snowden Doc," Motherboard, 17 March 2015. Follow-up to this Globe and Mail story.

- Mathew Ingram, "We can’t accept Internet surveillance as the new normal," Globe and Mail, 17 March 2015.

- Justin Ling, "Support Plummets For Harper’s Anti-Terror Bill, New Poll Shows," Vice, 17 March 2015.

- Jordan Press, "Cyber attack at NRC kept secret from other departments," Ottawa Citizen, 16 March 2015.

- Tony Burman, "Canadians should heed Edward Snowden’s warning: Burman," Toronto Star, 14 March 2015.

- Jordan Pearson, "Internet Providers are Keeping Canadians In the Dark About Their Privacy," Motherboard, 12 March 2015.

- Emily Chung, "Internet carriers may be breaching Canadian privacy laws," CBC News, 12 March 2015.

- Peter Jones, "Security review or oversight? The critical difference," Globe and Mail, 11 March 2015.

- Kent Roach & Craig Forcese, "Roach & Forcese: A parliamentary review is not redundant red tape," National Post, 9 March 2015.

Also worth checking out:

- "CSE Codewords and Abbreviations," Top Level Telecommunications blog, 5 April 2015.

- Christopher Parsons, "Five New Additions to the SIGINT Summaries," Technology, Thoughts & Trinkets blog, 27 March 2015.

SIGINT history

And for those interested in SIGINT history:

- Jerry Proc has put together some notes on the little-known radio operations at Prince Rupert, B.C., which served as one of Canada's intercept sites in the early post-war period.

- Second World War intercept operator Eileen Glavin is profiled here: Theresa McManus, "New West resident proud of her Top Secret work during the war," New West Record, 6 February 2015.

- And a visit to the U.K. National Archives by Jonjo Robb turned up a document that shows the Queen was receiving briefings classified Top Secret EIDER during the Suez Crisis in 1956. EIDER was the codeword for communications intelligence at the time. I wonder if the Queen still gets SIGINT-related briefings. Does she get stuff from the Canadian government too? Every now and then the Queen and other members of the family firm turn up for tours of GCHQ facilities.

Saturday, April 04, 2015

CSE Commissioner pleads for cash?

The 2015-2016 departmental reports on plans and priorities, otherwise known as Part III of the Estimates, were tabled in parliament on Tuesday, March 31st.

That annual event doesn't usually draw much attention at this blog, because CSE doesn't publish a Report on Plans and Priorities. (When CSE was part of the Department of National Defence, DND did include a roughly two-page section on CSE in the departmental RPP, but CSE chose not to maintain this reporting when it became a stand-alone agency in 2011. In true Orwellian fashion, the agency then described this entirely needless retreat from what was already a minimal level of transparency as "enhanced" reporting.)

Unlike CSE, however, the agency's watchdog the CSE Commissioner does publish a Report on Plans and Priorities, and this year's report managed most unusually to make the news:

- Alex Boutilier, "Review body for Canada’s electronic spy agency warns it can’t keep up," Toronto Star, 1 April 2015.

- Justin Ling, "The Guy Who Oversees Canada’s Cyberspy Agency Is Cash-Strapped and Worried," Vice, 2 April 2015.

- Ian MacLeod, "Watchdog worried about keeping up with Canada's electronic spying activities," Ottawa Citizen, 3 April 2015.

I'm not totally persuaded that this year's report was intended to be read as a warning that OCSEC is starved for cash and resources, but that's certainly the way it has been interpreted, and the Commissioner clearly did express concern about the effects of fiscal restraint on his ability to oversee CSE:
Cost sharing related to central agency initiatives and fiscal restraint measures are reducing the flexibility of the office's available funding. CSE, however, is growing and its activities are changing in response to its changing environment. The risk that the capacity of the office to conduct sufficient review to provide the necessary assurances to the Minister will be exceeded is a constant concern. An increase in funding, if required, would resolve the capacity issue and enable the Commissioner to continue to provide the necessary assurances to the Minister and to Canadians as to whether CSE is complying with the law and has due regard for the privacy of Canadians.
Over at Vice, this became "Financial reports released on Tuesday show the commissioner is going to have to cut back his review processes due to lack of funds." I think that probably overstates the message that the Commissioner intended to send.

Vice also commented that the Commissioner "doesn't have the power to compel information from CSE."

This is not correct.

As the National Defence Act makes clear, the CSE Commissioner "has all the powers of a commissioner under Part II of the Inquiries Act." Which means the Commissioner
(a) may enter into and remain within any public office or institution, and shall have access to every part thereof;
(b) may examine all papers, documents, vouchers, records and books of every kind belonging to the public office or institution;
(c) may summon before them any person and require the person to give evidence, orally or in writing, and on oath or, if the person is entitled to affirm in civil matters on solemn affirmation; and
(d) may administer the oath or affirmation under paragraph (c).
What the Commissioner says in the Report on Plans and Priorities is that "The office has no authority to enforce specific actions by CSE". In other words, the Commissioner can make recommendations for changes in CSE's policies and operations, but he does not have the power to compel the Minister or CSE to accept those recommendations.

Also relevant is this follow-up report:

- Laura Beaulne-Stuebing, "Canada’s security watchdog needs more power, says Liberal MP," Yahoo News, 3 April 2015.

Sunday, March 29, 2015

NSA mapped Canadian VPNs

I'm late to blogging about this one (no slight intended to the Globe and Mail):

Earlier this month the Globe and Mail reported on a leaked document showing that NSA's mapping of Virtual Private Networks (VPNs) includes the VPNs of major Canadian companies (Colin Freeze & Christine Dobby, "NSA trying to map Rogers, RBC communications traffic, leak shows," Globe and Mail, 17 March 2015):
The U.S. National Security Agency has been trying to map the communications traffic of corporations around the world, and a classified document reveals that at least two of Canada’s largest companies are included.

A 2012 presentation by a U.S. intelligence analyst, a copy of which was obtained by The Globe and Mail, includes a list of corporate networks that names Royal Bank of Canada and Rogers Communications Inc.

The presentation, titled “Private Networks: Analysis, Contextualization and Setting the Vision,” is among the NSA documents taken by former contractor Edward Snowden. It was obtained by The Globe from a confidential source.

Canada’s biggest bank and its largest wireless carrier are on a list of 15 entities that are visible in a drop-down menu on one of the presentation’s 40 pages. It shows part of an alphabetical list of entries beginning with the letter “R” that also includes two U.K.-headquartered companies – Rolls Royce Marine and Rio Tinto – and U.S.-based RigNet, among other global firms involved in telecom, finance, oil and manufacturing.

The document does not say what data the NSA has collected about these firms, or spell out the agency’s objective. A comparison of this document with previous Snowden leaks suggests it may be a preliminary step in broad efforts to identify, study and, if deemed necessary, “exploit” organizations’ internal communication networks.

Christopher Parsons, a researcher at the University of Toronto’s Citizen Lab, who reviewed the leaked document with The Globe, said the activity described could help determine useful access points in the future: “This is preparing the battlefield so it could later be used.

“This is … watching communications come in and out of a network and saying, ‘Okay, these are the places we need to go in.’”
The Globe and Mail has not published the presentation, and the newspaper is being mysterious about the provenance of the document, citing only a "confidential source". (Previous Canadian releases of documents from the Snowden archive have been co-ordinated with Glenn Greenwald or other journalists at The Intercept, but there is no evidence of that co-ordination in this instance.)

[Update: However, this single page, previously released by Greenwald, appears to come from the same document. H/T to]

Some background information on the NSA's efforts to map and monitor VPNs can be found in this separate document, published in December by Der Spiegel. Interesting tidbit: Page 26 appears to show collection of the communications of the United Nations Assistance Mission for Iraq (UNAMI).

As the Globe and Mail reported, the presence of Rogers and RBC on the NSA's list of VPNs raises questions about the extent to which NSA may be monitoring the communications of Canadian corporations and persons.

Freeze and Dobby note—with a link to this blog (thanks!)—that "Today, under the terms of a 66-year old reciprocal accord, Washington and Ottawa agree to refrain from spying on the communications of each other’s citizens and entities."

To the best of my knowledge, there is no explicit no-targeting accord within the CANUSA agreement itself. (The text has never been released.)

But there is certainly a common understanding among the members of the Five Eyes community that they will not target each other in their routine operations. This understanding is part of the overall amalgam of resolutions, common strategic directions, agreed procedures, and established practices that have grown out of the UKUSA agreement and subsidiary agreements such as CANUSA.

However, as I noted here, that understanding is "more what you'd call 'guidelines' than actual rules".

For one thing, the prohibition doesn't apply if the monitored party agrees to the targeting, which is not likely to occur on a blanket basis, but almost certainly does in more limited contexts. Second, it doesn't apply to "incidental" (i.e., non-targeted) collection, which under some programs can capture nearly everything transmitted. Third, it is well understood by all parties that all reserve the right to secretly target one another when "national interests" dictate that that's desirable.

As the CSE Commissioner stated in one of his classified reports (later released under ATIP), "The UKUSA and CANUSA Agreements do not refer to specific protections; for example, the agreements do not refer to the terms 'privacy' or 'personal information'." However, the "cooperative agreements and resolutions" among the parties "include a commitment by the Five-Eyes to respect the privacy of each others’ citizens, and to act in a manner consistent with each others’ policies relating to privacy. It is recognized, however, that each of the Five-Eyes is an agency of a sovereign nation that may derogate from the agreements, if it is judged necessary for their respective national interests."

The classification markings on the G&M's VPN document evidently indicated that it was releasable to Canada, which shows that NSA did not feel any need to hide the VPN mapping from Canada. So in this case we're not looking at the U.S. government going behind the back of the Canadian government to secretly target Canadians.

But that may be little consolation to Rogers, RBC, and the other Canadian corporations and individuals whose VPN communications may have been, or may in the future be, collected by NSA as a result of this mapping.

The Globe and Mail also published a follow-up article:

Colin Freeze & Christine Dobby, "Reports of NSA spying on Canadian companies fuel calls for more transparency," Globe and Mail, 17 March 2015.

See also:

Colin Freeze & Christine Dobby, "Watchdog presses Ottawa for strong rules on sharing surveillance data," Globe and Mail, 18 March 2015.

Friday, March 27, 2015

CSE and Bill C-51

Must-read from Citizen Lab Director Ron Deibert ("Who Knows What Evils Lurk in the Shadows?" Canadian International Council, 27 March 2015):
Many stakeholders and experts have weighed in on various aspects of C-51 as the proposed legislation has touched off a vigorous public debate. I am going to focus on issues around the role of Canada’s Communications Security Establishment (CSE), our country’s main signals intelligence (SIGINT) agency and the subject of significant media coverage since June 2013 and the disclosures of former National Security Agency (NSA) contractor Edward Snowden.

As one of Canada’s principal security and intelligence agencies, CSE would factor into C-51 in a substantial way. One of the most contentious parts of C-51, the Information Sharing Act, would relax rules on information sharing among at least 17 government agencies, CSE included. As the lead agency charged with gathering intelligence from the global information infrastructure (i.e. the Internet and all Internet-connected systems), protecting Canadian networks from threats abroad, and providing “technical assistance” to Canada’s other security agencies, CSE will be front and centre around the “big data” analysis opened up by C-51 and would take on an even more prominent role than it has today around our security, foreign intelligence, and law enforcement. In order to make an informed opinion, it is imperative that Canadians understand how this highly classified agency operates, what are the statutory limits to its authority, and how it will change should C-51 pass into law.
Go read the whole piece.

Wednesday, March 25, 2015

A very Canadian Glomar

Back in the 1970s, the United States pioneered the "Glomar response"—neither confirming nor denying a fact or the existence of certain information—in response to enquiries about this very interesting operation. Canadian authorities also routinely use the Glomar response on intelligence-related and other sensitive matters.

But the CBC's recent reporting on CSE plans and capabilities has elicited a uniquely Canadian variation on the Glomar response: "Not necessarily".

As in this statement:
The leaked materials are dated documents, and some explored possible ideas to better protect the Government of Canada’s information systems while also seeking cost efficiencies. As a result, information in these documents does not necessarily reflect current CSE practices or programs, or the degree to which CSE has visibility into global or Canadian infrastructures.
Maybe it does reflect current CSE practices and maybe it doesn't. Who can say?

I like this approach. It has a very Canadian ring to it, redolent of a former prime minister's historic pledge: "Not necessarily conscription, but conscription if necessary."

It works a lot better, in my opinion, than then-National Security Advisor Stephen Rigby's attempt last year to establish the "I [Stephen Rigby] am not persuaded" response, which was put on full display here:
I would say in responding to some of the media reports that I am not totally persuaded that CSEC has tapped into airport Wi-Fi. ...

The controls, checks and accountabilities that are currently present for both CSIS and CSEC are reasonably robust. To a certain extent, there's been a lot of public debate about some of the actions of our security agencies as a result of Mr. Snowden's disclosures. I'm not persuaded at the end of the day that all of them are 100 per cent accurate.
Lest readers think that Mr. Rigby is entirely unpersuadable, it should be noted that during the same hearing he did declare himself "persuaded" by the government's reasons for appealing Justice Richard Mosley's damning 2013 ruling on CSIS 30-08 warrants—which was eventually upheld.

Monday, March 23, 2015

CBC on CSE cyberwarfare plans and capabilities

The CBC has a major new release on CSE's cyberwarfare plans and capabilities today (Amber Hildebrandt, Michael Pereira & Dave Seglins, "Communication Security Establishment's cyberwarfare toolbox revealed: Mexico, North Africa, Middle East among targets of cyber-spy hacking," CBC News, 23 March 2015):
Top-secret documents obtained by the CBC show Canada's electronic spy agency has developed a vast arsenal of cyberwarfare tools alongside its U.S. and British counterparts to hack into computers and phones in many parts of the world, including in friendly trade countries like Mexico and hotspots like the Middle East.

The little known Communications Security Establishment wanted to become more aggressive by 2015, the documents also said.

Revelations about the agency's prowess should serve as a "major wakeup call for all Canadians," particularly in the context of the current parliamentary debate over whether to give intelligence officials the power to disrupt national security threats, says Ronald Deibert, director of the Citizen Lab, the respected internet research group at University of Toronto's Munk School of Global Affairs.

"These are awesome powers that should only be granted to the government with enormous trepidation and only with a correspondingly massive investment in equally powerful systems of oversight, review and public accountability," says Deibert.

Details of the CSE’s capabilities are revealed in several top-secret documents analyzed by CBC News in collaboration with The Intercept, a U.S. news website co-founded by Glenn Greenwald, the journalist who obtained the documents from U.S. whistleblower Edward Snowden.
There's a lot in the CBC report that I won't try to summarize here. Go read it.

See also this sidebar: Amber Hildebrandt, Michael Pereira & Dave Seglins, "From hacking to attacking, a look at Canada's cyberwarfare tools: The secret techniques developed by the Communications Security Establishment," CBC News, 23 March 2015.

A couple of short videos are also part of the package:

- Cyberwarfare toolbox revealed

- Disruption possibilities

There is a great deal of additional information on EONBLUE and many other topics in the documents that the CBC based its reporting on, which it released with mostly minor redactions:

- CASCADE: Joint Cyber Sensor Architecture

- NSA memo on intelligence relationship with CSE

- CSEC Cyber Threat Capabilities

- Cyber Threat Detection

- CSEC SIGINT Cyber Discovery

CSE's response to CBC's questions, a much less informative document, was also published.

The NSA memo on the intelligence relationship with CSE was also released in redacted form by the CBC in December 2013 as part of these two stories. The redactions in the current version are nearly identical, but this time it is clearer that the document is actually four pages long.

The current version also briefly left unredacted the fact that the "unique geographic access to areas unavailable to the U.S." that CSE provides to its U.S. partner is our "sites in the PRC", the People's Republic of China.

Update 6:00 pm 23 March 2015:


- Christopher Parsons, "Canada has a spy problem," National Post, 23 March 2015.

- Nick Taylor-Vaisey, "QP Live: The CSE is no longer a secret," Maclean's, 23 March 2015.

- Martin Anderson, "‘Create unrest’: Canada’s CSE agency includes ‘false flag’ operations as part of newly-revealed cyberwarfare scope," The Stack, 23 March 2015.

- Nestor E. Arellano, "Leaked documents reveal Canada’s cyber warfare tools," IT World Canada, 23 March 2015.

Update 10 pm:

Further CBC coverage:

- Dave Seglins, "Canada's cyberwarfare capabilities revealed," segment on The National, 23 March 2015.

- The Intercept reporter Ryan Gallagher interviewed on As It Happens, 23 March 2015 (interview begins at 9:00 minutes). The Intercept's own coverage of the story is here.

Update 24 March 2015:

Added link to copy of the slightly less redacted version of the NSA-CSE relationship document originally released by CBC yesterday.

Update 25 March 2015:

- Amber Hildebrandt, "CSE spying in Mexico: Espionage aimed at friends 'never looks good'," CBC News, 25 March 2015.

- Iain Thomson, "Snowden dump details Canadian spies running false flag ops online," The Register, 24 March 2015.

Update 28 March 2015:

Christopher Parsons analyzes the newly released documents here: "Five New Additions to the SIGINT Summaries," Technology, Thoughts & Trickets blog, 27 March 2015.