Saturday, May 31, 2014

CSEC roundup 31 May 2014

Recent news and commentary items related to CSEC:

- Michael Bolen, "Former Head Of 'NSA North' Says Canadians Are 'Stupid'," Huffington Post Canada, 30 May 2014
- Michael Geist, "Why has the Canadian government given up on protecting our privacy?" Toronto Star, 30 May 2014
- Michael Geist, "What if the Government Passed Lawful Access Without Hearing from Any Privacy Commissioners?" Michael Geist blog, 30 May 2014
- Colin Freeze, "Spy agencies try to curb watchdogs’ ties to each other," Globe and Mail, 29 May 2014. Minor correction to the statement that the CSE Commissioner position was "created in a 1996 law": the first CSE Commissioner was appointed in 1996, but by Order-in-Council under the Inquiries Act; the position didn't become entrenched in law until 2001 with the passage of the Anti-Terrorism Act.
- Michael Geist, "The Trouble With Bill C-13: My Appearance before the Standing Committee on Justice and Human Rights," Michael Geist blog, 29 May 2014
- Jim Bronskill, "Electronic spy agency gathers personal information in cyberdefence role," Canadian Press, 28 May 2014. See also my comments: "CSEC data banks on Canadians," Lux Ex Umbra, 28 May 2014
- Jim Bronskill, "Canadian Spy Agencies Need More Parliamentary Oversight: Senator," Canadian Press, 28 May 2014
- Josh Wingrove, "Canadians are lax on privacy, Senate committee hears," Globe and Mail, 28 May 2014
- Colin Freeze, "Overseeing Canada’s spies: Some sobering second thoughts for senators," Globe and Mail, 28 May 2014 (subscribers only)
- Jordan Press, "Senator urges parliamentary oversight of national security services," Ottawa Citizen, 28 May 2014. Text of Senator Segal's proposed Bill S-220.
- Victoria Paterson, "MP has privacy concerns about cyberbullying bill," St. Albert Gazette, 28 May 2014. The article also reports that independent MP Brent Rathgeber is "working on drafting a bill that would revamp and increase civilian oversight over Communications Security Establishment Canada".
- Josh Wingrove, "Law groups urge government to revamp cyberbullying bill," Globe and Mail, 27 May 2014. Statement by the Canadian Bar Association: Bill C-13, Protecting Canadians from Online Crime Act, May 2014
- Craig Forcese, "A Three Front Legal Campaign: CSEC, Metadata and Civil Liberties," National Security Law blog, 26 May 2014
- "MP Wayne Easter calls for national security oversight," Guardian (P.E.I.), 26 May 2014
- Laura Payton, "NDP wants privacy, security experts to probe warrantless data gathering," CBC News, 26 May 2014
- Susana Mas, "Cyberbullying bill won't be split in 2, Peter MacKay says," CBC News, 26 May 2014
- "Privacy pushback: 6 ways your rights could be threatened," CBC News, 26 May 2014
- Paul McLeod & Alex Boutilier, "Supreme Court to rule soon on telecom data privacy," Chronicle Herald, 26 May 2014
- Colin Freeze, "What a cyber attack looks like – from the target's point of view," Globe and Mail, 26 May 2014 (subscriber only)
- Jesse Kline, "A bigger surveillance state won’t stop ‘cyberbullying’," National Post, 26 May 2014
- Michael Geist, "In Defence of the Government Tracking Social Media Activity," Michael Geist blog, 26 May 2014
- Josh Wingrove, "Privacy watchdogs troubled by controversial bill extending police powers," Globe and Mail, 25 May 2014
- Jim Bronskill, "Declaration urges respect for privacy," Canadian Press, 22 May 2014. Text of Ottawa Statement on Mass Surveillance In Canada.
- Justin Ling, "Here's Proof Canada Is Snooping on People's Twitter Accounts," Motherboard, 22 May 2014
- Laura Payton, "Stockwell Day calls for changes to cybercrime bill," CBC News, 22 May 2014
- Paul McLeod & Alex Boutilier, "RCMP use of data may spark probe," Chronicle Herald, 22 May 2014
- Justin Ling, "Forget me, Google," National: Legal Insights & Practice Trends, 22 May 2014
- Michael Geist, "Who's Watching Whom: An Examination of Canadian Privacy and Surveillance," Michael Geist blog, 22 May 2014
- Steve Anderson, "Ottawa’s spying on Canadians has no place in free society," Toronto Star, 22 May 2014
- Colin Freeze, "Spy program was suspended for being too aggressive," Globe and Mail, 21 May 2014. In a subsequent interview on Kevin Newman Live (21 May 2014) former CSEC Chief John Adams stated that the suspension began shortly after he became Chief in the summer of 2005.
- Colin Freeze, "CSEC chief cautioned not to refer to China if asked about cyberattacks," Globe and Mail, 21 May 2014
- "CCLA Challenges Federal Privacy Legislation," Canadian Civil Liberties Association, 21 May 2014. Notice of Application, 13 May 2014
- Ben Makuch, "Canada Just Got Sued For Warrantless Data Collection," Motherboard, 21 May 2014
- Alex Boutilier, "Canadian civil liberties group launches court challenge on warrantless access," Toronto Star, 21 May 2014
- Susana Mas, "Cyberbullying bill surveillance powers alarm Ontario privacy watchdog," CBC News, 21 May 2014. Letter from Ontario Information and Privacy Commissioner Ann Cavoukian, 16 May 2014
- Alex Boutilier & Paul McLeod, "Telecom giants worried about ‘antagonizing’ feds on lawful access: documents," Toronto Star, 21 May 2014
- Editorial, "Canada needs a royal commission on spying and privacy of Canadians," Globe and Mail, 21 May 2014
- Ben Makuch, "Chinese Hackers Are Probably Stealing Canada's Trade Secrets, Too," Motherboard, 21 May 2014
- Michael Bolen, "Ottawa Is Spying On Us Without Warrants And It's Time To Get Mad," Huffington Post Canada, 21 May 2014
- Daniel Proussalidis, "Canada may be on China's cyber-espionage radar, experts warn," Toronto Sun, 20 May 2014
- Angelina Chapin, "Don't Care About Surveillance? You're Probably White and Middle Class," Huffington Post Canada, 20 May 2014
- Colin Freeze, "Canada targeted in 2011 hacks by accused PLA unit," Globe and Mail, 19 May 2014
- Jesse Brown, "A Federal Minister Explains why the Government Creeps your Facebook," Canadaland podcast, 18 May 2014
- Stephen Maher, "Feds slyly expand power to invade privacy," StarPhoenix, 17 May 2014
- Jason Fekete, "Travelling officials easy prey for foreign hackers: federal records," Ottawa Citizen, 15 May 2014

Also worth checking out: Matthew Braga's new weekly newsletter on security, privacy and surveillance: .digest

Also relevant: On May 28th, Prime Minister Harper nominated Department of Justice official Daniel Therrien to be the next Privacy Commissioner of Canada. Official announcement. Background info on Therrien. As many commentators subsequently noted, this looks an awful lot like the fox being put in charge of the hen house. How likely is it, for example, that the official more or less directly in charge of the lawyers responsible for CSEC's highly problematic interpretation of the legal status of metadata will suddenly become the active advocate for tighter controls that Canadians need? Reaction to the announcement:
- David T. S. Fraser, "Prime Minister names DOJ's top national security and law enforcement lawyer as next Privacy Commissioner of Canada," Canadian Privacy Law Blog, 28 May 2014
- Rosemary Barton, "PM’s pick of Daniel Therrien as privacy watchdog alarms NDP," CBC News, 28 May 2014
- Alex Boutilier, "Stephen Harper nominates top public safety lawyer for privacy watchdog," Toronto Star, 28 May 2014
- Josh Wingrove & Colin Freeze, "New privacy watchdog slammed by critics," Globe and Mail, 29 May 2014
- Craig Forcese, "Privacy Commissioner & Emerging Controversy over Appointment," The Laws of Government blog, 29 May 2014
- David Murakami Wood, "Harper’s nominee for Privacy Commissioner must be challenged," notes from the ubiquitous surveillance society blog, 29 May 2014
- David Christopher, "Privacy Coalition experts urge Prime Minister to heed serious concerns about Online Spying Bill C-13 and to rethink Privacy Commissioner nomination," OpenMmedia.ca, 30 May 2014
- Stephen Maher, "Prime Minister Stephen Harper, Liberal Leader Justin Trudeau agree on spooky pick for next privacy commissioner," Postmedia News, 30 May 2014

Thursday, May 29, 2014

CSEC goes back under "parliamentary oversight"

Conservative MP John Williamson asked a couple of questions about CSEC's budget and its new headquarters at a meeting of the Standing Committee on National Defence this morning.

Defence Minister Rob Nicholson was at the meeting, accompanied by CSEC Chief John Forster and various DND officials, to discuss the 2014-15 Main Estimates. As expected, most questions were about Department of National Defence programs, but Nicholson did receive a couple of softballs concerning CSEC, which he answered himself (Forster never spoke during the session).

The official transcript won't be available for some time, so here is my entirely unofficial transcript of what was said, based on the audio feed (available on this page; CSEC questions start around 43:30):
Williamson: This year the Main Estimates for CSEC: just under $800,000. The estimate to date for last year, for 2013-2014: $410,000.

Nicholson: I think that would be $800 million.

Williamson: Oh, I'm sorry, excuse me, yes, pardon me, pardon me. Thank you. $800 million. It had been $410 million. Could you explain this increase? What has caused this increase? What has caused this sharp rise? Is this a one-time increase or are we going to see this every year going forward?

Nicholson: To a certain extent it is one-time in the sense that this is the new facility that they're moving into and it's a major expenditure needless to say, but that being said the role that CSEC plays is vitally important to this country to protect this country against cyber attacks, cyber crime, international terrorism. But in terms, if you have a look at the breakdown—Mr. Forster might be able to give you some details on this—but, again, in answer directly to your question, it's one-off in the sense that this is a new building that they're moving into and considerable funds, amount of funds, have been allocated to that.

Williamson: Is that a lot of money for a building? Is this something that taxpayers should be concerned about? It seems like an awful lot to spend on a federal building.

Nicholson: You know, these buildings have to be constructed to the highest levels of security, and again we have to build them not just for the requirements of today, we've got them for next year's requirements and the future, and, you know, while I may say to you I hope cyber attacks are going to be decreasing in the next couple of years and I hope there's less of a threat of international terrorism, but I think that would be overly optimistic. And so I believe that it's important that we have the resources, and the facilities, to protect this country at every level.
So there you have it. Another of those rare episodes that the government likes to call parliamentary oversight.

Kudos to the minister for recognizing that the numbers were in the millions, not the thousands.

It is clear that he also knew that the one-time $300-million cash payment to Plenary Properties LTAP LP that will be due on completion of construction of the new headquarters is the primary reason for the huge bump in CSEC's budget this year.

But then he and Williamson both ought to have known that: page 132 of the Main Estimates—the very page that contains the budget numbers Williamson was asking about—clearly states that CSEC's 2014-15 budget includes a "one-time increase of $300.0 million for a contract payment related to delivery of CSE’s new facility in 2014".

So what, I would like to know, was the point of getting that on the record in committee?

As for the rest of Nicholson's answers, it's evident he has no real idea of what he's talking about.

For something more closely approximating real discussion of the issues raised by Williamson's questions, see here and here.

It's possible that other MPs might have asked other CSEC-related questions if the full two-hour meeting of the committee had taken place, but as seems to happen a lot these days the meeting was adjourned after less than a hour due to a parliamentary vote.

Canada has the "Dead Parrot" of parliamentary oversight systems.

Wednesday, May 28, 2014

CSEC data banks on Canadians

Jim Bronskill reports on a CSEC data bank that contains information about Canadians ("CSEC gathers personal info while defending against cyberattacks," Canadian Press, 28 May 2014):
Canada's electronic spy agency says it gathers and sometimes keeps personal information — including names and email addresses of Canadians — as part of efforts to protect vital networks from cyberattacks.

Communications Security Establishment Canada maintains an information bank containing the personal information of "potentially any individual" who communicates electronically with a key federal computer network while CSEC is assessing its vulnerability.

Information in the bank — known as CSEC PPU 007 — is held for up to 30 years before being transferred to Library and Archives Canada, says a description in the federal Info Source guide, which lists the various categories of personal information held by the government.

"Personal information may be used to assess potential threats to information technology systems subject to the assessment, and to help ensure the security of these electronic systems," the notice says.

The listing sheds light on a little-known aspect of CSEC's work — threat assessments and technical analyses aimed at strengthening federal defences against foreign cyberattacks on government computers.

...

The Info Source listing says personal information collected by CSEC during cyberdefence efforts may include a person's full name, email address, Internet Protocol (or IP) address and any incidental personal details contained in electronic routing codes, or metadata.

Information from the data bank may be shared with domestic police agencies "or foreign bodies" in keeping with formal agreements, the listing says.
CSEC also has a second data bank, CSEC PPU 040, that was not mentioned in the Bronskill article. PPU 040 contains "personal information [about Canadians] relating to sensitive aspects of Canada's international relations, security and defence" that CSEC has collected during the course of its foreign intelligence activities. Unlike the information in PPU 007, the information in PPU 040 is retained "indefinitely".

More information about the two data banks can be found here.

The 1988 version of the blurb concerning PPU 040 was marginally more descriptive, stating that the data bank "contains information concerning individuals identified as potential risks to national security", as well as containing "personal information relating to sensitive aspects of Canada's international relations and defence."

Tuesday, May 27, 2014

NSA funds CSEC big-data research?

We know that NSA provides funds to CSEC from time to time, but the purpose of that funding has not been revealed.

The amount of money provided by NSA is tiny in comparison to CSEC's overall budget, but it still adds up to a significant sum. As discussed here, in fiscal year 2012 NSA gave CSEC approximately $350,000. Since 2002, CSEC has apparently received more than $11 million from the “Five Eyes partnership”, most if not all of it almost certainly from the NSA.

According to one NSA document, NSA "at times pays R&D and technology costs on shared projects with CSEC". The Canadian government similarly describes the Five Eyes money it receives as "investments received from partners for cryptologic research and development".

However, these very general descriptions don’t tell us very much about what the two agencies are actually working on. The term "cryptologic" could refer to anything in the Canadian Cryptologic Program, which covers everything that CSEC does.

The CSEC “airport wi-fi” document revealed in January (IP Profiling Analytics & Mission Impacts), on the other hand, may provide an indication of what NSA has recently been funding.



As the image above shows, the "IP Profiling Analytics & Mission Impacts" document reported that NSA provided “launch assist” for the Collaborative Analytics Research Environment (CARE), “a big-data system being trialled at CSEC”.

Launch assistance could mean a number of different things, including shared research efforts or the contribution of hardware and/or software, but provision of funding for the project is certainly a possibility. The CSEC document was written in the middle of U.S. fiscal year 2012, so the timing of the $350,000 transfer seems to be about right.

The goal of the CARE project seems to be to develop improved methods of processing and analyzing huge sets of data without overwhelming the available computer resources. The "game-changing" results reported for the research suggest that methods for handling big data are rapidly improving, making it feasible to conduct kinds of analysis that were computationally infeasible in the past.

I would welcome comments from any readers who can help to interpret the description of the CARE system provided in this slide.

Sunday, May 18, 2014

CSEC roundup 18 May 2014

Recent news and commentary items related to CSEC (mostly concerning Bill C-13, Bill S-4, and/or Canadian government access to data from telecom companies):

- Jonathan Kay, "Jonathan Kay on Glenn Greenwald: There’s ‘no place to hide’ from Big Brother. But few seem to care," National Post, 17 May 2014
- Stephen Maher, "Maher: Government making it easier to spy on Canadians without warrants or oversight," Postmedia News, 16 May 2014
- Justin Ling, "Opposition Is Mounting Against the Conservatives’ Surveillance-Friendly Cyberbullying Bill," Vice, 16 May 2014
- Justin Ling, "For Canada's Spies, Your Data Is Just a Phone Call Away," Motherboard, 15 May 2014
- Daniel Tencer, "12 Things Harper Doesn't Want You To Know About Spying On Canadians," Huffington Post Canada, 15 May 2014
- Editorial, "Your cellphone is not your castle. But it should be," Globe and Mail, 15 May 2014
- Thomas Walkom, "Supreme Court ruling on Mohamed Harkat boosts the surveillance state: Walkom," Toronto Star, 14 May 2014
- Craig Forcese, "Parliamentary Review of Intelligence Service Activity: Assessing the Different Models," National Security Law blog, 13 May 2014
- Criag Forcese, "Security Surveillance, Lawful Access and Boiling Frogs," National Security Law blog, 9 May 2014
- Alex Boutilier, "Privacy watchdog calls for reforms but ministers stay silent," Toronto Star, 8 May 2014
- Alex Boutilier, "Federal government is ‘creeping’ your Facebook page," Toronto Star, 8 May 2014
- Josn Wingrove, "Ottawa launches data collection review," Globe and Mail, 8 May 2014
- Michael Geist, "Why Public Safety Minister Blaney Gets It Wrong on Privacy and Warrantless Disclosures," michaelgeist.ca, 7 May 2014
- Michael Geist, "Five Measures to Help Counter the Tidal Wave of Secret Telecom Disclosures," michaelgeist.ca, 6 May 2014
- Ben Makuch, "Is Canada Stalking Me? A New Software Platform Aims To Find Out," Motherboard, 5 May 2014
- Lisa Austin & Andrea Slane, "We can’t let phone companies determine our privacy rights," Globe and Mail, 5 May 2014
- Paul McLeod, "Data issue took 3 years to surface," Chronicle Herald, 2 May 2014
- Gerald Caplan, "Fighting for your right to privacy is a lot older than computers," Globe and Mail, 2 May 2014

Those looking for more information about government access to telecom data should listen to the excellent Canadaland podcast on the topic, which featured Citizen Lab's Christopher Parsons: "Your Telecom Provider is Selling your Information to the Government," Canadaland podcast, 6 May 2014.

Recent interviews with Citizen Lab's director, Ron Deibert, are also well worth a listen:
- "Privacy Concerns" (TV interview), Lang & O'Leary Exchange, 30 April 2014.
- "VICE Canada Conversations: Ronald Deibert," Vice, 7 May 2014

New web forum about surveillance in Canada: Transparent Lives: Surveillance in Canada. The web forum and a book with the same name are the work of a collaborative research project involving several Canadian researchers (more information here). The book is available as a free download. The issues addressed in the book were discussed at a conference at the University of Ottawa from the 8th to the 10th of May. The conference produced an "Ottawa Statement on Mass Surveillance in Canada" for which the organizers have been collecting signatories. News coverage of the book/conference: Jim Bronskill, "Public-private blurring risks privacy: book," Canadian Press, 6 May 2014

For an NSA-focused (but certainly CSEC-relevant) discussion of SIGINT and public surveillance, the debate that took place in Toronto on May 2nd can be watched here. Journalist Glenn Greenwald and Reddit co-founder Alexis Ohanian argued against the proposition that "state surveillance is a legitimate defence of our freedoms," while former NSA director Michael Hayden and Harvard law professor Alan Dershowitz argued in favour of it. Related news coverage:
- "Edward Snowden appears via video at Toronto debate," Associated Press, 2 May 2014
- "State surveillance under microscope," CBC News, 2 May 2014

Friday, May 16, 2014

April 2014 CSEC staff size

2137.

(If you click through on the link and get a different figure, it's probably because the Canada Public Service Agency has updated its website; they update the numbers once a month.)

Wednesday, May 14, 2014

Must read: Forcese on legality of metadata monitoring

Law professor Craig Forcese examines the legality of CSEC's metadata monitoring and concludes that "the privacy standards that CSEC must meet in relation to metadata are much more robust than the government seems to have accepted to date":

Law, Logarithms and Liberties: Legal Issues Arising from CSEC's Metadata Program, 1 March 2014

NSA gave CSEC $350K during FY 2012



An NSA document published by Glenn Greenwald in conjunction with his new book No Place to Hide (see page 39 here) indicates that the National Security Agency provided approximately $350 thousand U.S. in funding to CSEC during U.S. fiscal year 2012.

We already knew from the Public Accounts of Canada that CSEC has received a substantial amount of money from "foreign partners" since 2002-03 (see discussion here and here), and last year CSEC acknowledged to Globe and Mail reporter Colin Freeze that the money reported in the Public Accounts comes from "the Five Eyes partnership" (which almost certainly means it comes from the NSA) and "reflects investments received from partners for cryptologic research and development".

We also knew from this document, first revealed in December, that NSA "at times pays R&D and technology costs on shared projects with CSEC".

The new document is the first that specifies an amount definitely received from NSA, however.

Interestingly, it is not the same as the Public Accounts figure for Canada's FY 2012-13, which is $636 thousand Canadian.

Aside from the difference in currency values, I can think of three possible explanations for the discrepancy:

1) Some of the money CSEC received came from other Five Eyes partners. This is not very likely in my opinion.

2) Additional NSA money was received, but from a different program—not through the NSA Foreign Affairs Directorate. Maybe. I don't know enough about how NSA disburses funds to its partners to judge how plausible a possibility this is.

3) The discrepancy is due to the mismatch between the U.S. and Canadian fiscal years (the former ran from 1 October 2011 to 30 September 2012; the latter ran from 1 April 2012 to 31 March 2013). My guess is that this third possibility is probably the correct explanation. NSA money received in the second half of the Canadian fiscal year would fall under FY 2013 in the U.S. and would thus not appear on the U.S. chart.

The next edition of the Public Accounts may clarify the picture somewhat.

News coverage:

- Colin Freeze & Daniel Leblanc, "NSA gave Canada at least $300,000 to develop spy program," Globe and Mail, 13 May 2014
- Ian MacLeod, "Canadian spies receive U.S. money for research and surveillance, book says," Ottawa Citizen, 13 May 2014
- Peter Edwards, "Canada actively spies for NSA, Glenn Greenwald claims in new book," Toronto Star, 13 May 2014
- Michael Bolen, "NSA Gave Canada Money For Surveillance Program," Huffington Post Canada, 13 May 2014


Tuesday, May 13, 2014

New CSEC HQ: Taj Mahal or billion-dollar brain?

Many people have commented on the enormous cost of CSEC's soon to be completed new headquarters complex, pointing to its sky-high price tag as possible evidence of an agency out of control.

CSEC's Long-Term Accommodation (LTA) Project is without a doubt an extraordinarily expensive undertaking.

The total cost to construct the agency's new headquarters complex is currently projected to be $1.17 billion (see page 297). This total would be even higher—over $1.2 billion—if you included the cost of the high-performance computing centre built at the same site under the earlier Mid-Term Accommodation (MTA) Project. The MTA is now considered to be Pod 1 of the LTA.

[Update 22 May 2014: According to CSEC, the actual cost of design and construction of the building, however, is only $880 million, the remaining $290 million being accounted for primarily by the financing costs of the project. (Such costs are not normally counted as part of the cost of building projects, but they appear in the total shown in the Public Accounts because financing for the LTA was included in the public-private partnership arrangement through which the building was constructed.)

To ensure that the LTA costs are directly comparable to the costs reported for the other buildings discussed below, I have modified this post to use the $880 million figure.]

A comparison of the cost per square metre of the LTA with those of other construction projects demonstrates just how expensive CSEC's complex will be.

CSEC describes the size of the LTA as 72,000 "rentable" square metres (rentable refers to the space usable for CSEC personnel and equipment and does not include space used for utilities and building services), which means that its expected construction cost works out to be about $12,222 per square metre. Using the overall, gross size of the complex, which could be as much as 84,000 square metres, produces a slightly smaller figure of about $10,500 per square metre, which is the figure I propose to use here.

Let's have a look at how that price compares to other intelligence-related construction projects.

- In the early 1990s, CSEC added a 12,000-square-metre high-security extension to its current headquarters building, the Sir Leonard Tilley Building. The "annex", now known as C Wing of the Tilley Building, was built at a cost of $35.1 million, or about $2925 per square metre. In today's money, that would be about $4500 per square metre.

- In October 2011, the Canadian Security Intelligence Service (CSIS) completed a 16,350-square-metre expansion to its headquarters building, located adjacent to the new CSEC complex, that was budgeted at $69.5 million, or $4250 per square metre.

- The Bundesnachrichtendienst (BND), Germany's foreign intelligence agency, is currently building a huge new 260,000-square-metre headquarters complex expected to cost about 1 billion Euros ($1.5 billion Canadian), or about $5770 per square metre. The complex was originally budgeted at 720 million Euros ($1.08 billion), or $4150 per square metre.

- In 2003, the UK signals intelligence agency, GCHQ, built a new 140,000-square-metre headquarters building (known as the "Doughnut") for £330 million ($790 million Canadian), or about $5600 per square metre. In today's money, that would be about $7000 per square metre.

These comparisons suggest that CSEC's new complex will be about one-and-a-half to two-and-a-half times as expensive as other intelligence agency headquarters projects.

But does this mean that CSEC is building an intelligence "Taj Mahal", some sort of showcase of government waste?

Maybe CSEC's supposed parliamentary overseers—or, better yet, the Auditor General—might want to examine that question.

But I suspect the real explanation lies in information technology.

The LTA is not just a headquarters building; it will also serve as a massive data warehouse and processing facility, a smaller version of the NSA's Utah Data Center.

It costs a lot more to fill a building with computers and power distribution, cooling, and backup systems than it does to build a simple office building, even a high-security one.

The 93,000-square-metre Utah Data Center cost US$1.74 billion, or about US$18,700 per square metre.

Similarly, the NSA's new 65,000-square-metre high-performance computing centre at Fort Meade is expected to cost US$860 million, or about US$13,230 per square metre. (CSEC's new high-performance computing centre, the 6000-square-metre MTA, cost about $70 million, or about $11,700 per square metre.)

It seems likely to me that the higher cost per metre associated with computer-intensive facilities such as these provides most if not all of the explanation for the surprisingly large price tag for CSEC's new headquarters.

Thursday, May 01, 2014

CSEC roundup 1 May 2014

Recent news and commentary items related to CSEC:

- Jordan Press, "Retiring Sen. Hugh Segal takes last crack creating security oversight committee," Montreal Gazette, 1 May 2014

- Colin Freeze, "Former U.S. spymaster praises American intelligence oversight, but envies Canadian system’s ‘agility’," Globe and Mail, 1 May 2014

- Richard Chirgwin, "Canucks' ISPs routing data through snoop heaven USA," The Register, 1 May 2014

- Justin Ling, "The Canadian Government's 'Secure' Phones Come Straight from the NSA," Motherboard, 25 April 2014. The secure phones purchase is part of the omnibus Canadian Cryptographic Modernization Program, which was originally estimated at $840 million in total. Earlier report on the purchase: Elizabeth Thompson, "No bidding war for U.S. spy agency: Big buyers won't say what they're paying for," Montreal Gazette, 21 June 2006. My comments at that time.

- Michael Geist, "Canadian Telcos Asked to Disclose Subscriber Data Every 27 Seconds," michaelgeist.ca, 30 April 2014. Here is the response provided to the Privacy Commissioner by the Canadian Wireless Telecommunications Association concerning telco provision of data to Canadian government agencies. All documents received by Geist through Access to Information request. Related coverage:
- Steve Rennie, "Telecoms refuse to release information on private data given to feds," Canadian Press, 29 April 2014.
- Alex Boutilier, "Government agencies seek telecom user data at ‘jaw-dropping’ rates," Toronto Star, 29 April 2014
- Paul McLeod, "Government makes over a million requests a year for data from telecoms," Chronicle Herald, 29 April 2014
- Colin Freeze, "Feds tap telecoms for customer data at ‘staggering’ rate," Globe and Mail, 30 April 2014
- Laura Payton, "Private data given to feds limited to 'basic' information, Bell says," CBC News, 30 April 2014
- Patrick McGuire, "Why Is the Canadian Government Issuing Over 1 Million Annual Requests to Telecom Companies for Our Data?" Vice, 30 April 2014
- Laura Payton, "Privacy concerns raised about new cyberbullying legislation," CBC News, 1 May 2014
- Christopher Parsons, "Responding to the Crisis in Canadian Telecommunications," Technology, Thoughts & Trinkets blog, 1 May 2014
- Editorial, "Change the law. Make it harder for government to snoop," Globe and Mail, 30 April 2014
- Jesse Kline, "Want to snoop? Get a warrant," National Post, 1 May 2014
- David Fraser, "We seriously need transparency about law enforcement demands," Canadian Privacy Law Blog, 1 May 2014
- Jesse Brown, "Where is Canada's rage over digital surveillance?" Toronto Star, 1 May 2014. See also the latest report by Canadian Journalists for Free Expression, Fifth Annual Review of Free Expression in Canada, 2013-14.

This little-noticed angle on the data issue is also worth paying attention to:
- Michael Geist, "Is a Canadian Telco Allowing the Government To Mirror Its Subscriber Communications?" michaelgeist.ca, 1 May 2014. Geist picks up on a comment in the telcos' response to the Privacy Commissioner's questions, in which an unnamed company states that "Interception of communications over data networks is accomplished by sending what is essentially a mirror image of the packet data as it transmits the network of data nodes. This packet data is then sent directly to the agency who has obtained lawful access to the information. Deep packet inspection is then performed by the law enforcement agency for their purposes." Does this mean that this unidentified agency is routinely being given access to all of the traffic on that company's networks and that the agency is then allowed to process all of that data in order to select what communications it will "intercept"? That could easily make the total of 1.2 million data requests per year discussed in the articles above look like small potatoes. Might this have something to do with the "Canadian Special Source" data (see p. 7) that CSEC accesses? If the agency in question is indeed a "law enforcement" agency, then it is not CSEC, which has no law enforcement powers. But if, as is presumably the case, the law enforcement agency is obtaining and using the data it receives lawfully, then it would be legal for CSEC to assist that agency in processing the data. Is this one of the ways CSEC gets access to domestic metadata?

Also of interest:
- Tom Leinster, "Maths spying: The quandary of working for the spooks," New Scientist, 23 April 2014. Mathematician Tom Leinster calls on his fellow mathematicians to consider the ethical dilemmas of working for intelligence agencies.