Friday, September 12, 2014

August 2014 CSEC staff size


(If you click through on the link and get a different figure, it's probably because the Canada Public Service Agency has updated its website; they update the numbers once a month.)

Sunday, August 31, 2014

CSEC flunks history

CSEC has a seven-sentence section of its website that purports to tell the story of CSEC's origins as the CBNRC (The Beginning: The Communications Branch of the National Research Council).

Among the few actual details provided in the section is the following statement: "On September 3, 1946, the 179 former employees of the XU and JDU came back to work together at their new jobs in the CBNRC under the direction of retired Lt. Col. Edward Drake."

That's not really quite right.

The CBNRC's initial approved establishment was 179 positions, but the agency was nowhere near that size when it commenced operations. In fact, it was only a little over one third of that size.

At least that's what it says on page 2 of Chapter 3 of Volume I of CSEC's classified History of CBNRC:
The number of people actually available at the start as opposed to the establishment figure was very small and only grew gradually. Mr. Drake's original recommendations of August 1946 were approved by NRC and formed the starting team of 62 civilians. One year appointments were given to 12 ex-Service people (all NCOs) and 7 civilians (including several ex-WRCNS (Women's Royal Canadian Naval Service) who had been released from the Navy earlier). Three year appointments, which were curiously called "permanent", were given to 20 ex-Service people and 23 civilians. To illustrate the modest speed of growth from the original staff of 62 toward the approved establishment of 179, some figures in 1947 were: March - 73, May - 80, and October - 95.
[Update 14 September 2014: Kurt Jensen's book Cautious Beginnings: Canadian Foreign Intelligence, 1939-51 reports that "it was not until 1949 that the CBNRC... reached the original staffing level of 179 positions." (p. 160)]

Also, it was just the Joint Discrimination Unit (JDU) that "was transferred to the NRC, first in a transitional way as the Communications Research Centre (CRC) on 1 July 1946, then finally with its name changed to CBNRC and all staff transferred to NRC on 1 September 1946" (History of CBNRC, Volume I, Chapter 1, page 3). The Examination Unit (XU) had not existed for over a year by the time CBNRC began operations. (That said, a significant proportion of the XU staff had been transferred to the JDU at the latter's creation on 1 August 1945, and thus a large number of the personnel who ended up comprising CBNRC's initial staff did come originally from the XU.)

The account on CSEC's Before the Beginning; the Examination Unit and the Joint Discrimination Unit page is similarly garbled.

The apparent contradiction in start dates, on the other hand, is not a problem. As page 1 of Chapter 1 of the History reports, "In 1946, the 1st of September fell on a Sunday, and Monday was of course Labour Day; so in fact it was on Tuesday 3 September that the staff of CBNRC arrived at work, all in civilian clothes for the first time, and all occupying positions on the establishment of the National Research Council."

Thursday, August 28, 2014

Comments on CSE commissioner's report III

Some final comments on aspects of the CSE commissioner's 2013-14 report, which was released by the Office of the CSE Commissioner (OCSEC) on August 20th (initial comments here and here):

More important than ever?

The signals intelligence efforts of the western allies during the Second World War made a very important contribution to the conduct of the war, and the post-war continuation of those efforts played a vitally important role during the Cold War. We can be pretty sure that the Canadian government considered its participation in those efforts and its access to their output during those times to be extremely valuable to Canada.

That dramatic history notwithstanding, last year's annual report by the CSE commissioner told us that the Five Eyes "alliance may be more valuable now than at any other time, in the context of increasingly complex technological challenges."

The declassified version of one of the commissioner's recent reports to the minister of national defence indicated that this assessment came from CSEC itself: "According to CSEC, the Five-Eyes alliance is more valuable now than at any other time in history, given the increasingly complex technological challenges faced by the partners."

In this year's annual report, the commissioner elaborated on that statement, explaining that "This cooperative alliance may be more valuable to Canada now than at any other time, in the context of increasingly complex technological challenges added to dynamic international affairs and threat environments."

Some of us may tend to doubt that the SIGINT alliance is more important now than at any time in the past. But if budgets can be taken as a measure of the importance ascribed to an activity by the government, then it is pretty clear that this government agrees with the CSEC/OCSEC assessment.

Bright new idea: Let the guy in charge know what's going on

One of the key issues with respect to the possible misuse of Five Eyes agency powers has always been the degree to which the various agencies might be used to spy on each other's domestic communications, thus evading their own laws against domestic spying. Such deliberate evasion, we are always assured, does not take place. But it is certainly true that the Five Eyes agencies do end up sometimes collecting communications involving or concerning persons in other Five Eyes countries and that they do sometimes share that information with the agency of the country concerned. The question of how often and how systematically this occurs is thus of rather considerable importance. (See Wayne Easter's acknowledgement of the practice here.)

You might think, therefore, that the minister responsible to parliament for the agency—the guy who is always assuring us that the privacy of Canadians is entirely safe in his hands—might have some idea of the extent to which this Second Party end-run occurs. You might even expect him to insist on knowing.

But no.

This year's report discusses the question of information about Canadians received from CSEC's Second Party partners (and also the question of information shared by CSEC with those partners), and one of the things it reveals is that, as of the date the commissioner's review was conducted, the minister had never received any reporting from CSEC on the number of Canadian communications or the amount of information about Canadians that CSEC received from the Second Parties: "CSEC has not reported to the Minister of National Defence details, for example, regarding communications involving Canadians or information about Canadians that have been shared by its second party partners."

Fortunately, that lapse is set to change.

The commissioner's report notes that, "to support the Minister of National Defence in his accountability for CSEC and as an additional measure to protect the privacy of Canadians, [previous] Commissioner Décary recommended that CSEC report such details to the Minister on an annual basis." According to the commissioner, the minister has accepted that recommendation, and another one calling for a ministerial directive to lay out the parameters of information sharing with the Second Parties and related privacy protections.

So score one for OCSEC.

Sharing, sharing, sharing

Also on the topic of sharing, the report notes that
Commissioner Décary was unable to assess the extent to which CSEC’s second party partners follow [existing] agreements and protect the private communications and information about Canadians in what CSEC shares with the partners. CSEC does not as a matter of general practice seek evidence to demonstrate that these principles are in fact being followed.

While CSEC uses indicators that it believes provide sufficient assurance that the Second Parties are honouring their arrangements, it did not initially demonstrate knowledge or provide evidence of how its second party partners treat information relating to Canadians. During the conduct of this review, CSEC declined to provide the Commissioner’s office with a description of or a copy of relevant extracts of second party policies on the handling of this information. CSEC also declined at that time to identify for the Commissioner’s office any specific differences — large or small — between respective partners’ laws, policies and practices and how this may affect the partners’ protection of the privacy of Canadians. CSEC suggested at that time that review of second party authorities and activities pertain to the Second Parties and not to the lawfulness of CSEC activities and these questions were therefore outside of the Commissioner’s mandate.
This is not the first time that CSEC has told OCSEC what it can and cannot look at, which I find highly disturbing. I also find it a little strange that OCSEC didn't simply order CSEC to hand the information over. (We are constantly assured, and indeed the National Defence Act affirms, that the CSE commissioner has "all the powers of a commissioner under Part II of the Inquiries Act.")

Be that as it may, CSEC Chief John Forster did eventually relent on the question:
Subsequent to Commissioner Décary sending his classified report to the Minister of National Defence, the new Chief of CSEC, Mr. John Forster, re-examined CSEC’s initial position, sought permission from second party partners, and provided the Commissioner’s office with detailed documentation relating to respective second party policies and procedures on the treatment of information about Canadians. This is one example of Chief Forster’s positive leadership to promote increased transparency of CSEC activities and to support review by my office.
Is it churlish to note that it only took Mr. Forster a year and a half or so after becoming the new Chief to get around to demonstrating that "positive leadership"?

Give the man a gold star.

Still, score another one for OCSEC.

The system works!

Reading this year's report, it is clear that OCSEC is proceeding from triumph to triumph. Fair enough.

I think the commissioner is straining a bit, however, when he declares that the Mosley mess is an example of the system working:
Some have suggested that this matter points to a failure of the review bodies to help control the intelligence agencies. On the contrary, these events demonstrate how review works, as Justice Mosley was alerted to this following Commissioner Décary’s recommendations. It also demonstrates how review bodies — in this case the Commissioner’s office and SIRC — can cooperate and share information within existing legislative mandates.
OK. OCSEC recommends that CSEC advise CSIS to inform Justice Mosley that CSIS and CSEC have been eliciting the assistance of Second Parties to help monitor Canadians abroad, something they deliberately chose not to tell Mosley when CSIS applied for the warrants to do the monitoring in the first place. CSEC does as the commissioner recommends, and CSIS (as far as we can tell) then ignores the commissioner's suggestion entirely. Later on, Justice Mosley happens to read OCSEC's public report and decides to investigate on his own. Hilarity ensues.

That's the system working?

I dunno. Maybe OCSEC sent Mosley a copy of the 2012-13 annual report and said you might want to read pages 21 to 25. In fact, you definitely want to read pages 21 to 25.

But it still seems like a pretty ad hoc way to get results.

For all that CSE commissioners have been gradually increasing the proportion of intelligible information in their traditionally obscurantist annual reports (and to that I say BZ!), it seems to me that if the privacy of Canadians depends on key people extracting actionable intelligence from the Delphic pronouncements typically found in those documents, we're all in deep trouble.

Cooperation with review agencies in 2nd parties

The commissioner reports that he plans to look into the possibility of working cooperatively with the review mechanisms that exist in other Five Eyes countries:
In the coming months, I will explore options to cooperate with review bodies of second party countries to examine information sharing activities among respective intelligence agencies and to verify the application of respective policies. A number of Canadian and international academics have referred to an accountability gap concerning an absence of international cooperation among review bodies. These researchers suggest that growing international intelligence cooperation should be matched by growing international cooperation between review bodies. I will examine opportunities for cooperation.
Sounds like a worthwhile Canadian initiative to me.

A 2009 paper by University of Ottawa law professor Craig Forcese, The Collateral Casualties of Collaboration, got a shout-out in this regard in the commissioner's classified report on second party cooperation.

Wi-fi ho hum

CSEC's infamous "Airport wi-fi" project gets some discussion, but precious little explanation, in the commissioner's report (more here and here):
When the media suggested that CSEC had illegally tracked the movements and on-line activities of persons at a Canadian airport, we were briefed by CSEC. We questioned the CSEC employees involved and examined results of the activity. Based on our investigation and on our accumulated knowledge, I concluded that this CSEC activity did not involve “mass surveillance” or tracking of Canadians or persons in Canada; no CSEC activity was directed at Canadians or persons in Canada.
And that's about as detailed as his explanation gets.

Here are the comments made by some obscure law professor by the name of Craig Forcese (who happens to specialize in national security law) back in January.

We did eventually learn the basis of CSEC's position that no "tracking" took place. Perhaps unsurprisingly, it all comes down to the definition of tracking (see mid-way through this post). Apparently you can't be "tracked", even if they follow you around, if they haven't bothered to find out exactly who you are.

As for "directed at", it appears that this term refers only to activities designed to collect information about specific individuals. Thus, according to CSEC and the commissioner, CSEC can acquire and analyze metadata that pertains almost exclusively to Canadians or persons in Canada (as demonstrated here) without that activity being considered "directed at" Canadians or persons in Canada.

Thus, we are told, the kind of thing CSEC did in the "airport wi-fi" experiment isn't a problem.

Others are less sanguine about the legalities of CSEC metadata collection and use (including that Forcese guy again).

The Supreme Court's R. v. Spencer judgment in June makes CSEC's, and the commissioner's, position on metadata even more questionable (yup, Forcese again), but to be fair to the commissioner, that ruling came out too late to be considered in this report.

Will it be discussed in next year's report? I can't say I'm confident it will be, but the commissioner did promise to keep an eye on the topic:
My review has identified some important questions, which I will continue to examine in the coming year, including: what are the vulnerabilities and risks to the privacy of Canadians imposed by new technologies that CSEC uses to collect and analyze metadata? How and to what extent can privacy protections be built directly into the technologies and processes used by CSEC for metadata collection and analysis? I will report on the results in my next public annual report.

What about the gazebo?

The question of NSA (and CSEC) spying on the G8/G20 summits, and the legality of such activities, also came up during the last year.

My own view is that spying did take place, that CSIS and CSEC took the lead, and that it was entirely legal.

But others had different views. The commissioner's report says nothing on the topic.

Friday, August 22, 2014

Comments on CSE commissioner's report II

Some additional comments on aspects of the CSE commissioner's 2013-14 report, which was released by the Office of the CSE Commissioner (OCSEC) on August 20th (initial comments here):

I'm vigorous, dammit!

One of the things that leaps out about this year's report is how defensive CSE commissioners are getting about all the criticisms that have been leveled in recent years concerning their effectiveness as watchdogs.
In this, my first annual report, I want to set the record straight on what the Office of the CSE Commissioner does, how we do it and the way we develop reports.... I want to reassure Canadians, especially those who are skeptical about the effectiveness of review of intelligence agencies, that I am scrupulously investigating those CSEC activities that present the greatest risks to compliance with the law and to privacy. Rest assured that I will do so with the requisite vigour and all the powers of the Inquiries Act necessary to arrive at comprehensive conclusions. I will make public as much information as possible about these investigations, their resulting conclusions and any recommendations. Transparency is important to maintain public trust.
Let's give the commissioners and OCSEC their due. A lot of the criticisms that have been made in recent years have been off-base or exaggerated. It is clear that successive CSE commissioners and their staff have worked hard to inculcate a culture of legal compliance at CSEC and to develop and implement systems to monitor and measure that compliance—and that those efforts have brought significant improvements to the way CSEC does business. Canadians are much better off, I think, for having had OCSEC watching over CSEC.

But that is not to say that there haven't been any problems or weaknesses in the way OCSEC operates, including, for example, an apparent unwillingness to pull the trigger on compliance judgements, an inability to say almost anything comprehensible in annual reports (although this is gradually improving), a mandate excessively focused on compliance with the law, and an unwillingness or inability to use the insider knowledge that only commissioners and OCSEC have to advocate for changes to those laws to ensure that privacy protections keep up with the rapidly changing world of technology.

Read Wesley Wark's excellent commentary here for a reasoned critique of the performance of the office.

Where's the hammer?

For all of the useful work that OCSEC does, the minister responsible for CSEC cares about only one thing when he stands up in the House of Commons to respond to some concern about CSEC. And that is whether or not he can say that for the xth year in a row, the CSE commissioner has declared that all of CSEC's activities were in compliance with the law.

This year the commissioner has once again graciously provided the money quote:
Each year, I provide an overall statement on my findings about the lawfulness of CSEC activities. All of the activities of CSEC reviewed in 2013–2014 complied with the law.
With that on the record, the government can happily go back to ignoring the commissioner on things like the amendments to the National Defence Act that commissioners have been calling for since shortly after 2001 and which were actually promised by the government as long ago as 2007. (More here and here.)

It's about time commissioners stopped making that statement.

I'm not saying they should declare something in breach of the law if they don't believe there has been a breach. And there's probably some wisdom in talking things through behind the scenes in order get problems solved, as OCSEC clearly prefers to do, rather than pulling out the hammer and turning everything into a no-holds-barred confrontation at the first opportunity.

But let's be clear here. Every single CSE commissioner who has ever held the office (with the possible exception of Peter Cory, who held the job for such a short time he may not have formed an opinion on the question) has concluded that the Ministerial Authorization (MA) procedure that CSEC uses in order to enable it to legally intercept private communications is not supported by the law as it is written. No one is accusing CSEC of intentional law-breaking in this respect; it is the position of the Department of Justice, CSEC's legal advisor, that the current MAs do comply with the law, and there is every reason to believe that the government intended for the law passed in 2001 to make the current procedures legal.

But you're supposed to obey the laws you have, not the laws you wanted to have, so what the law actually says matters.

The government has had plenty of time to respond to the commissioners' warnings, either by passing amendments or by referring the question to the courts for a definitive interpretation.

It is time for the commissioner to pick up the hammer.

Imagine the reaction in Ottawa if this year's report, instead of providing the minister's money quote, declared that CSEC did not comply with the law in 2013-14, and that in the view of successive commissioners it had not been in compliance since 2001.

I think pandemonium wouldn't be too strong a word.

I can see why commissioners would be reluctant to bring the hammer down quite that hard, as it would amount to a call to shut down a large part of CSEC's operations—at least until amendments could be passed.

But even a statement that the commissioner is unable to affirm that CSEC's activities comply with the law would make the government sit up and take notice.

If Mr. Plouffe wants the government, and the public, to take OCSEC seriously, he should at least pick up the hammer.

The tepid statement in the current report is unlikely to do the trick:
Since the enactment of Part V.1 of the National Defence Act in December 2001, all CSE Commissioners have voiced concerns that certain fundamental provisions in the legislation lack clarity. In 2007, the government committed to amending the legislation to clarify these ambiguities. It is hoped that this can be resolved in the near future.

Supernumerary no more

The original CSE commissioner, Claude Bisson, did not believe that supernumerary judges should serve as commissioner, although the law establishing the job does permit it. (Background explanation here.)

The current commissioner was the only supernumerary ever appointed to the job. But this year's report confirms that he has now retired as a judge, so the question is for the moment again moot.

The Mosley imbroglio

The commissioner's report has disappointingly little to say about the CSIS 30-08 warrants blowout.

No discussion of the legality of CSEC asking Five Eyes partners to monitor Canadians on the basis of warrants that, it turns out, did not authorize Five Eyes involvement.

No discussion of the legality of the actions of senior CSEC official James D. Abbott, who admitted to Justice Mosley that his 2009 testimony was "crafted" to avoid mentioning to the court that Five Eyes assistance would be sought.

Why no comment on these issues?

It's ba-a-a-ack!

Earlier this year I noted that back in 2009 and 2010 the CSE commissioner had promised to conduct a review on the very interesting topic of CSEC assistance to CSIS with respect to s.16 of the CSIS Act, but that the review had never appeared.

Well, it's back (at least, the promise is):
The results of several reviews currently under way are expected to be reported to the Minister of National Defence in the coming year and included in my 2014–2015 annual report. The subjects of these reviews include:... a review of CSEC assistance to CSIS under part (c) of CSEC’s mandate and sections 16 and 21 of the CSIS Act.
I expect [redacted] will be [redacted] and [redacted] on that [redacted]. [Redacted]. But it could still be [redacted].

Looking forward to it.

More comments to come on other elements of the report, but that's it for now...

Wednesday, August 20, 2014

CSE commissioner's annual report released

The CSE commissioner's annual report was released today (PDF; HTML).

There is a lot of interesting information in the report, but the big news is that the commissioner was permitted to put a number on the use or retention of private communications (communications with at least one end in Canada) in the foreign intelligence part of CSEC's activities during 2012-13.

And that number is 66:
Overall, in 2012–2013, the volume of communications collected through CSEC’s foreign signals intelligence activities increased. However, the number of recognized private communications unintentionally intercepted and retained by CSEC was small enough that I could review each of them individually. At the end of the 2012–2013 ministerial authorization period, CSEC retained 66 of the recognized private communications that it collected. Of these, 41 private communications were used in CSEC reports (with any Canadian identities suppressed in the reports) and 25 were retained by CSEC for future use. All other recognized private communications unintentionally intercepted by CSEC were destroyed.
Sixty-six is a reassuringly small number, and the number of Canadians or other persons in Canada (hereafter "Canadian persons") involved in those communications could be even smaller, as some may have participated in more than one communication. (On the other hand, in theory a single communication involving a foreign target could go to a mailing list with dozens of Canadian persons on it, so the total number of Canadian persons implicated could be much larger.)

There are several other facts worth noting about this number.

First, it does not include any reporting, retention, or provision of private communications collected by CSEC under the cyber protection (Mandate B) or support to domestic law enforcement and security agencies (Mandate C) parts of its mandate.

Second, it does not include any reporting or retention of private communications obtained by CSEC through its SIGINT partners. The report does acknowledge CSEC's "receipt from the Second Parties of intercepted communications and other foreign signals intelligence information, particularly private communications and information about Canadians." However, according to the commissioner, "The unintentional interception of a private communication by CSEC is a different situation than the unintentional acquisition by CSEC from a second party source of a one-end Canadian communication."

I have some difficulty understanding this point, as the Criminal Code definition of intercept includes to "listen to, record or acquire a communication or acquire the substance, meaning or purport thereof", which would seem to me to include acquiring it from Second Parties. But I'm no lawyer. Past commissioners have suggested that a definition of "intercept" ought to be included in those National Defence Act amendments that the government never bothers to get around to, and maybe that's why that suggestion was made. Does CSEC have its own definition of intercept that differs from the one in the Criminal Code?

Third, it does not include any reporting or retention of communications that are not considered private communications even though they do involve one or more Canadian citizens. An example would be a communication by a Canadian in which both ends of the communication are outside Canada (e.g., you're visiting France and you phone a business associate in Germany). CSEC is still not permitted to target Canadians under its Mandate A under such circumstances, but any such communication collected incidentally that met the relevant criteria could be reported or retained and would not appear in the 66 figure quoted by the commissioner.

Fourth, the figure includes only those private communications that were reported or retained. As the commissioner himself notes, "CSEC deletes almost all of the small number of recognized foreign signals intelligence private communications unintentionally intercepted by its collection programs" (emphasis added). Logically, this means that the 66 that were used or retained (i.e., not deleted) represent almost none of the total that were actually intercepted. How large is the latter number? The commissioner does say that the number intercepted is itself a "small number". But in comparison to the billions of private communications that Canadians participate in every year, some pretty large numbers might be characterizable as small.

None of this is to suggest that a massive program designed to monitor all Canadians lurks beneath that innocuous-sounding 66 number. But it's worth recognizing that 66 is far from the whole picture.

Another point: I really have a hard time with this term "unintentional" that the commissioners use. There are cases when CSEC is trying to collect a foreign communication and by mistake it pulls in a Canadian communication. Those could fairly be described as "unintentional" or, as CSEC seems to prefer, "inadvertent".

The cases that CSEC describes as "incidental" are a separate type. If CSEC collects a bunch of communications to or from one of its foreign targets, let's call him Osama, and one of those communications turns out to involve a Canadian, the collection of that Canadian's communication is termed "incidental" by CSEC. It wasn't collected by mistake. And it wasn't collected unintentionally either. It was done on purpose. The Canadian wasn't specifically targeted for collection, but CSEC certainly did want to know the identity of the people Osama was talking to and the content of those communications, and, as you might expect, they were especially interested in the Canadian angle. In fact, the law was changed in 2001 specifically to ensure that it is legal for CSEC to collect, use, and retain those targeted foreign communications that turn out to have one end in Canada.

I get that the commissioners are trying to distinguish between targeting specific Canadians and not targeting specific Canadians. But there is nothing "unintentional" about the fact that CSEC collects—and pays particular attention to—the communications of Canadians and persons in Canada when those communications are with one of CSEC's foreign targets. Even the term "incidental" is somewhat misleading, in my view, as it carries the implication that CSEC isn't really interested in the Canadian end.

They're interested.

Criticisms and comments notwithstanding, it' s nice to see the increase in transparency in this year's report by the commissioner.

There is a lot more of interest in this year's report, but that's all for now...

Media coverage:

- Colin Freeze, "Spy agency intercepted, kept communications of 66 Canadians," Globe and Mail, 20 August 2014
- Jim Bronskill, "Spy agency improperly kept Canadian info," Canadian Press, 20 August 2014
- David Pugliese, "Communications Security Establishment kept private communications of Canadians in violation of internal policies," Defence Watch blog, 20 August 2014
- Tonda MacCharles, "Canada’s electronic spy agency gets passing grade from watchdog," Toronto Star, 20 August 2014
- Kady O'Malley, "CSEC kept 66 'unintentionally' obtained private communications," CBC News, 20 August 2014

Update 21 August 2014:

- Editorial, "A glimpse into the iceberg that is CSEC," Globe and Mail, 21 August 2014
- Wesley Wark, "Canadian spy agency watchdog strikes a new pose," Ottawa Citizen, 21 August 2014. Excellent commentary by Canada's leading academic expert on intelligence issues.

Update 22 August 2014:

- Justin Ling, "Canada's Spy Agency Recorded Citizens' Calls, Internal Audit Reveals," Motherboard, 22 August 2014

Update 25 August 2014:

- Dan Leger, "Spies, guard dogs duck oversight," Chronicle Herald, 25 August 2014

Sunday, August 17, 2014

CSEC's LANDMARK tool for CNE operations

The recent c't Magazin article about Five Eyes methods of detecting computer devices vulnerable to exploitation (Julian Kirsch, Christian Grothoff, Monika Ermert, Jacob Appelbaum, Laura Poitras & Henrik Moltke, "NSA/GCHQ: The HACIENDA Program for Internet Colonization," c't Magazin, 15 August 2014) contains several slides from a CSEC presentation, apparently from 2010 or perhaps 2011, concerning a tool or program called LANDMARK:

As the first two slides indicate, LANDMARK is a tradecraft method or program used to identify "Operational Relay Boxes" (ORBs), computers that can be commandeered for use as "covert infrastructure" in Computer Network Exploitation (CNE) operations. ORBs are used to "provide an additional layer of non-attribution" (i.e., to make it more difficult to identify the perpetrator) for hacking operations to penetrate ("exploit") other computer networks, probably normally in a third country, and steal ("exfiltrate") data.

ORBs are sought in "as many non 5-Eyes countries as possible".

Other slides indicate that LANDMARK operations are at least partially automated and incorporated into CSEC's OLYMPIA "network knowledge engine" (further discussed here).

The slides also indicate that LANDMARK operations draw, at least sometimes, on information collected by GCHQ's HACIENDA tool, which searches for and compiles data on the vulnerabilities of computer devices, covering in many cases the computer infrastructure of entire countries. (See more on HACIENDA in the c't article.)

The description on the slide above notes that a February 2010 LANDMARK operation "encompasse[d] the whole of LONGRUN", possibly meaning that an entire country's infrastructure was examined. Twenty-four CSEC "network exploitation analysts" managed to identify more than 3000 potential ORBs in just a few hours.

This slide appears to show some of the HACIENDA data used in the February 2010 operation (the data is mainly from 2009, but it includes some items as recent as February 2010). You will probably need to go to this PDF version of the documents if you want to read the fine print for yourself. Interestingly, the computer screen capture, from CSEC's OLYMPIA tool, indicates that all the data shown pertained to Kenya. Is Kenya LONGRUN?

The slide notes that "network analysis" was "still manual" at this time.

By contrast, this slide suggests that, by the date of the presentation, "network analysis tradecraft to identify vulnerable devices" had become more automated within the OLYMPIA tool.

The final slide, which appears to refer to a more recent case involving a GSM provider that NSA's Tailored Access Operations directorate wanted to access, reports that an automated search for vulnerable devices using OLYMPIA took less than five minutes to perform.

The full set of slides that were published by c't Magazin, including excerpts from NSA and GCHQ documents as well as those from the CSEC document, is available here.

Update 25 August 2014:

Colin Freeze, "The Landmark file: Inside Canadian cyber-security agency’s 'target the world' strategy," Globe and Mail, 25 August 2014. Note the very interesting and previously unpublished comments by former CSEC Chief John Adams:
“We’ve got some bright young kids,” retired spymaster John Adams once told The Globe in an interview. “Virtually everything – 90 per cent of what they do – is CNO [Computer Network Operations] now. It opens it up to where they can literally go out and target the world.”

Update 27 August 2014

Patrick McGuire, "Canada’s Cyberspy Agency, CSEC, Hijacks Computers Worldwide to Build Their Spynet," Vice, 26 August 2014

Friday, August 15, 2014

CSEC amendments on permanent hold?

Colin Freeze has written a very interesting article on the government's failure to enact its long-promised amendments to the National Defence Act provisions concerning CSEC (Colin Freeze, "Harper government backtracked on bill to curb surveillance," Globe and Mail, 14 August 2014):
Legal fixes for Communications Security Establishment Canada, Ottawa’s electronic intelligence agency, had been considered “a legislative priority” by the Tories five years ago, to the point that then-defence minister Peter MacKay was successfully pushing for a package of amendments at the cabinet table.

These fixes were regarded as necessary because two former Supreme Court justices had highlighted the spy agency’s laws as flawed. So had other retired judges who had also left their courtrooms to serve as CSEC’s watchdog “commissioner.”


Yet the Conservatives’ years-earlier proposals for reform – which never materialized in Parliament – appear to have been moved back indefinitely.

“We are aware of recommendations to amend the National Defence Act but will not speculate on possible future legislative amendments,” wrote Julie Di Mambro, a spokeswoman for Mr. Nicholson, in reply to Globe questions. (The office of Mr. MacKay, now Justice Minister, declined comment.)

The bid to reform CSEC’s laws had been quietly building momentum within government, until an unrelated police-surveillance bill, C-30, was tabled and proved deeply unpopular. (Former public safety minister Vic Toews leached support away from that act with his polarizing remark that the Opposition “can either stand with us or with the child pornographers.”)
So apparently Vic Toews killed the amendments.

Presumably the government was afraid that the increased attention to surveillance and privacy issues precipated by C-30 would lead to too much interest in CSEC's intelligence-gathering powers and techniques when the NDA amendments came before parliament.

Here's what I wrote on the subject back when it looked like the government might actually do something.