Saturday, January 24, 2015

Has anybody seen the bridge?

I was looking at this artist's impression of the new CSE headquarters and it reminded me that according to the original plan there was supposed to be a pedestrian bridge between the CSE complex and the neighbouring CSIS headquarters.

What ever happened to that idea?

The construction crews have all packed up and gone home, and there is no sign of any bridge.

I'm just trying to find the bridge.

Has anybody seen the bridge?

Have you seen the bridge?

I ain't seen the bridge.

Where's that confounded bridge?

Wednesday, January 21, 2015

Recent news items

A brief round-up of recent CSE-related news items:

- Bruce Campion-Smith, "Ottawa firefighters cut lock to enter top-secret installation," Toronto Star, 20 January 2015. (The Star gets the unredacted version of what happened during the minor fire at the new CSE complex in November 2013.)

- Ian MacLeod, "Spy agency fire triggered security concerns," Ottawa Citizen, 20 January 2015. (The Citizen gets the redacted version, but also reports some interesting information. They should drop the term ECHELON, however. It didn't mean the whole Five Eyes SIGINT community back in the 1990s, and it certainly doesn't now.)

- Matthew Braga, "A Pair of Bolt Cutters Was All It Took to Break Into Canada's Cyberspy Agency," Motherboard, 20 January 2015. (Motherboard's take on the story.)

All three stories note that CSE's new headquarters was still under construction at the time of the fire, which is true, but the complex was not entirely unoccupied. Pod 1 of the complex, CSE's high-performance computing centre, which was built under the earlier Mid-Term Accommodation Project (MTAP), was occupied by CSE's codebreakers and data-miners in November 2011. A brief discussion of the MTAP, including an artist's rendering of the interior of the building, can be found here.

- Normand Lester, "CSEC, Canada's Electronic Spy Agency, Recruiting Students," Huffington Post Canada, 20 January 2015.

- Matthew Green, "Hopefully the last post I'll ever write on Dual EC DRBG," A Few Thoughts on Cryptographic Engineering blog, 14 January 2015. (Cryptographer Matthew Green on the Dual EC DRBG encryption scandal, the Canadian aspect of which was discussed here and here. The particular Canadians involved in approving the standard can be found on this list published with Green's commentary.)

- Craig Forcese, "The Judicialization of Extraterritorial Spying: Gaps and Gap-Fillers in the World of CSIS Foreign Operations," Criminal Law Quarterly, 6 January 2015.

Tuesday, January 13, 2015

December 2014 CSE staff size

2236, down slightly from last month's record high.

(If you click through on the link and get a different figure, it's probably because the Canada Public Service Agency has updated its website; they update the numbers once a month.)

Friday, January 09, 2015

New CSE headquarters update

Chuck Clark's latest air photo, taken on 29 December 2014, shows a number of interesting developments at CSE's new headquarters complex. (Click image for larger view.)

The temporary trailers in place for the construction of the complex, located to the east of the main building (top of the image), are now gone, which is unsurprising as construction of the project should now be finished.

Also gone are the two large containerized backup generators that formerly accompanied Pod 1, CSE's high-performance computing centre (visible at the top of the image in this post). Presumably the power plant in CSE's data warehouse, the large windowless building to the left in the image above, now supplies backup power to Pod 1 as well.

Also worth noting is the small, white box on the main roof (left-hand edge), which first appeared in September 2014. This looks like the kind of shelter used to hide intercept antennas on the roofs of diplomatic facilities. Canada maintains intercept sites at several Canadian embassies around the world, including (perhaps) our embassy in Beijing.

I would guess that the installation at CSE's headquarters is used more to test new antennas and equipment configurations than to conduct ongoing surveillance, but they probably do pull in live communications in the course of routine testing and training activities, so govern yourselves accordingly!

Canadian Architect recently published an explanation of the design philosophy and interior layout of the new complex that actually provides some interesting new information if you can plow through all the PR puffery and general verbiage.

Monday, January 05, 2015

Fantino now minister for CSE?

On January 5th Julian Fantino was appointed Associate Minister of National Defence. The announcement of his appointment lists three specific areas that he is supposed to focus on, two of which (foreign intelligence and information technology security) constitute the two main mandates of the Communications Security Establishment.

It's potentially a very positive development that CSE may now have a minister who has enough time to actually pay serious attention to the agency.

But I remain to be convinced that Minister Fantino is the best choice for the job.

Update 6 January 2015:

Justin Ling, "2015 Is Canada’s Year of the Spy," Vice, 6 January 2015

Tuesday, December 30, 2014

Canadian SIGINT Summaries

Christopher Parsons, a post-doctoral fellow at Citizen Lab, has just started a website called Canadian SIGINT Summaries, where he has begun to provide summaries of leaked or otherwise released government documents about CSE. The site also provides links to the actual documents.

The major topic of the site at the moment is the CSE documents that have been published to date as part of the Snowden revelations. But other Snowden documents that contain significant information about CSE are also discussed.

Parsons intends to add documents released under the Access to Information Act to the site as well.

The site is going to be a tremendously useful resource for anyone interested in Canadian SIGINT.

Bravo zulu!

Monday, December 29, 2014

Another CSE slide deck published

Der Spiegel published a new CSE slide deck on Sunday (part of a large dump of Snowden documents) in conjunction with a story discussing Five Eyes efforts to defeat common encryption methods used on the Internet (Jacob Appelbaum, Aaron Gibson, Christian Grothoff, Andy Müller-Maguhn, Laura Poitras, Michael Sontheimer & Christian Stöcker, "Prying Eyes: Inside the NSA's War on Internet Security," Der Spiegel, 28 December 2014).

The CSE deck, undated but probably from 2012, is titled "TLS Trends: A roundtable discussion on current usage and future directions".

The TLS in question is Transport Layer Security, the latest version of the Secure Sockets Layer protocol that provides encryption for many "secure" web transactions.

Der Spiegel (and other commentators) drew special attention to page 13 of the slides, which purports to list target activity at
Canada's Communications Security Establishment (CSEC) even monitors sites devoted to the country's national pastime: "We have noticed a large increase in chat activity on the hockeytalk sites. This is likely due to the beginning of playoff season," it says in one presentation.

If on-line game chat rooms are sometimes monitored, then I suppose it's not impossible that Hockeytalk is also considered a possible location for communications that may have nothing to do with hockey.

But, really, this sounds more like a made-up example to me, along the lines of Pte. Bloggs and the Fantasians, than a real case.

Of greater interest to me is the frequent use of the word "warranted" in the presentation. As CSE does not obtain warrants for its foreign intelligence and cyber defence operations, this sounds like a reference to "Mandate C" operations, which CSE conducts in support of CSIS and the RCMP (and a few other agencies) and which entail the deliberate (but targeted) surveillance of Canadians or other persons in Canada.

[Update 7 January 2015: An additional possibility is that some of this material is foreign intelligence collected in Canada under warrants that CSIS obtains through section 16 of the CSIS Act.]

[Update 29 December 2014, 7:30 pm: A report in VICE (Patrick McGuire, "We Learned Very Little about Canada’s Cybersurveillance Agency, CSEC, in 2014," VICE, 29 December 2014) also concludes that the Hockeytalk reference was intended to be humourous. An update to the article reports that CSE spokesperson Ryan Foreman assured VICE that the Hockeytalk slide was "obviously fictitious content", adding that "CSE is prohibited by law from directing its foreign intelligence or cyber defence activities at Canadians anywhere in the world or at anyone in Canada."

If there's one thing that we didn't need to learn about CSE in 2014, because we already ought to have known it, it's that they always neglect to mention Mandate C.]

Canada also comes in for a mention in another document released by Der Spiegel, this one describing a German operation against a Taliban commander/narcotics trafficker in Afghanistan that was supported by SIGINT analysts at NSA Georgia (NSAG):
Near-real-time locational data on [redacted] was passed from NSAG to the Germans via the Coalition’s CENTER ICE system.... The use of CENTER ICE was critical to the success of this operation. At NSAG CENTER ICE was manned by a Canadian integree within the Coalition Support Cell. Of note, this was the first time that CENTER ICE has been used at NSAG to support a live operation, in addition to the first time the Germans have used CENTER ICE for coordination such as this.
"CENTER ICE was manned by a Canadian integree..."

There's that hockey thing again!

The Canadian Forces Information Operations Group, the military arm of the Canadian SIGINT community, has a detachment of around 10 personnel working at NSA Georgia.