Tuesday, July 29, 2014

What is WB Quad?

This document reporting NSA travel paid for by outside organizations shows that CSEC sponsored a visit by an NSA "Project Director" from 19 to 21 August 2013 for a "Site Survey for WB Quad System" (see page 9).

I have no idea what the WB Quad System is, but the same document shows that GCHQ hosted NSA personnel to install the same system at Cheltenham in May 2013 and that the Norwegian Intelligence Service had it installed at Honefoss in September 2013.

Honefoss (Google Maps image here), also known as Eggemoen, is clearly a satellite monitoring site, although it also hosts a NATO satcom antenna, so the WB Quad System may have something to do with satellite monitoring.

No satellite collection is conducted at Cheltenham, however, so if the system was indeed installed there and not at one of GCHQ's actual monitoring sites, then it may be related to the processing of material rather than its collection.

The Ottawa visit was much shorter than the installation visits to the U.K. and Norway, and it was by a "Project Director" rather than technical personnel, so it may have been intended to assess the possibility of installing the WB Quad system at CSEC, or perhaps to plan for its installation.

Tuesday, July 15, 2014

Girard now DG Military SIGINT?

Earlier this year it was announced that Col J.J.M. (Martin) Girard would be promoted Brigadier-General and appointed Director General Military Signal Intelligence, replacing Brigadier-General Robert S. Williams, who is retiring.

BGen Girard's promotion came through on the 29th of May, but there is still no official word out here in the public world as to whether he has taken over from BGen Williams yet. Presumably if he is not yet in the job, he will be soon.

BGen Girard was previously the commander of the CF Shared Services Group. At an earlier point in his career, he commanded CFS Leitrim.

Monday, July 14, 2014

CSE Commissioner calls for privacy directive re sharing with Five Eyes

Jim Bronskill reports on the CSE Commissioner's recommendations concerning the sharing of information about Canadians with CSEC's Five Eyes partners (Jim Bronskill, "Canadian spy watchdog calls for safeguards on Five Eyes info sharing," Canadian Press, 14 July 2014):
The watchdog that keeps an eye on Canada's electronic spy agency says it cannot be sure the intelligence service's Five Eyes partners abide by promises to properly protect information about Canadians.

A newly declassified report shows the federally appointed watchdog has recommended that Defence Minister Rob Nicholson issue a directive to Communications Security Establishment Canada that sets out expectations for safeguarding Canadians' privacy when CSEC shares information with its key allies.

The watchdog, known as the CSEC commissioner, has also urged the spy agency to regularly report detailed statistical data to the minister about the international information sharing.

...

Initial inquiries by the CSEC commissioner found the spy service did take measures to uphold the privacy of Canadians in what it shares with the four chief allies — for instance by suppressing Canadian identities in reports supplied to them.

However, the commissioner's office undertook further study to determine how much information about Canadians is being shared with the partners and whether they were fulfilling commitments to protect sensitive details.

"These activities may directly affect the security of a Canadian person," says the 34-page report, originally classified top secret, for Canadian eyes only.

"Precision and accuracy of language in exchanges of information can be critical and affect outcomes, including how individuals are treated."
Or whether they end up at the wrong end of a Hellfire missile.
The report says that beyond "certain general statements and assurances" between CSEC and its foreign sister agencies, the commissioner's office was "unable to assess the extent" to which the four partners "follow the agreements with CSEC and protect private communications and information about Canadians in what CSEC shares with the partners."

It recommended a new ministerial directive based on a risk assessment — an in-depth analysis of how legal and policy regimes in the different countries could affect CSEC's compliance with the law and protection of Canadian privacy.

"The commissioner's office understands that such a risk assessment would not be a trivial undertaking," the report says.

"However, in light of recent events, we believe it is essential."

The newly obtained report was completed in July 2013 by then-CSEC watchdog Robert Decary just after Nicholson took over the defence portfolio. Decary has since been succeeded as CSEC commissioner by former Quebec judge Jean-Pierre Plouffe.

Neither CSEC nor Nicholson's office had immediate comment.

However, an official with the CSEC watchdog's office said the defence minister had accepted the report's recommendations and was working to implement them. The commissioner continues to actively monitor CSEC's dealings with its Five Eyes partners, added the official, who asked not to be named because he is not a designated spokesman.

In underscoring the potential dangers of losing control of information about Canadians, the report points to the case of Ottawa engineer Maher Arar, who was tortured in a Syrian prison over false terrorism allegations. An inquiry concluded information the RCMP passed to the United States likely led to his ordeal.

But the report also stresses that CSEC's ability to fulfil its foreign intelligence collection mandate rests in large part on building and maintaining productive relationships with foreign counterparts.

"According to CSEC, the Five Eyes alliance is more valuable now than at any other time in history, given the increasingly complex technological challenges faced by the partners."
Excerpts from the Commissioner's report can be read here.

Meanwhile, elsewhere in Ottawa-land... (Colin Freeze & Josh Wingrove, "Ottawa prepares to share personal data with foreign governments," Globe and Mail, 14 July 2014):
The Conservative government has given itself broad new powers to share Canadian immigration files and other information with foreign governments – a practice that could have far-reaching implications for individuals who cross borders.

The powers are included in Bill C-24, an overhaul of citizenship law passed last month, though have drawn little attention. The changes amend the Citizenship Act to allow Stephen Harper’s cabinet to draft regulations “providing for the disclosure of information for the purposes of national security, the defence of Canada or the conduct of international affairs,” including under international deals struck by Citizenship and Immigration Minister Chris Alexander.

Cabinet will also now be permitted to allow the “disclosure of information to verify the citizenship status or identity of any person” to enforce any Canadian law “or law of another country.”

Ottawa contends the final regulations are still being developed and will comply with Canadian law. However, critics warn the changes could lead to Canada sharing citizenship and immigration details with foreign countries, whether verified or not, without oversight.

...

In the aftermath of the Arar affair, strict rules were imposed on how Canada’s police and intelligence agencies share information with their foreign counterparts.

However, critics fear the rules are being relaxed – especially as other federal agencies expand their own, less-regulated information sharing practices. Canada’s new perimeter-security agreement with the United States, for example, envisions a greater flow of information in government databases across borders.

Sunday, July 13, 2014

CSEC temporary accommodations

CSEC's continuing growth has made it very difficult for the organization to provide office space to all of its employees in recent years.

As previously described here, CSEC's accommodations have expanded over the years from just the Sir Leonard Tilley Building, its home since 1961, to a collection of facilities including not only a significantly enlarged Tilley Building, but also the Insurance Building, the Edward Drake Building, two temporary buildings (Annexes E and F), rental space in Canada Post Place, and Pod 1 of the new headquarters complex (occupied in 2011). CSEC is expected to begin occupying the main section of its new complex later this summer.

In the meantime, however, a recent Request for Standing Offer shows that CSEC is also now occupying the PBX Building (790 Heron Road) in Confederation Heights and an unspecified amount of space in the Federal Study Centre (1495 Heron Road).

Judging from its name, the PBX Building once provided telephone services to the various government departments in the Confederation Heights complex. This small (163-square-metre) building adjacent to the Insurance Building now appears to be used for storage.

The Federal Study Centre is a much larger complex, totalling 14,800 square metres. It recently hosted the Federal Emergency Management College, but not, it would seem, much else. The contracting document does not specify how much space has now been occupied by CSEC.

What it does make clear is that the occupation will be only temporary.

The Standing Offer arrangement that Public Works is seeking will cover general electrical services at the Sir Leonard Tilley Building (including Annex E), the Insurance Building, the Edward Drake Building (including Annex F), the PBX Building, and the Federal Studies Centre for a period of just one year, with the possibility of up to two one-year extensions. By the end of that period, CSEC's move to its new headquarters complex should be complete, and it will no longer occupy any of these buildings.

The document does not address electrical services at Canada Post Place, presumably because CSEC's accommodations there are rented rather than government-owned.

CSEC contract talks at an impasse

The Public Service Alliance of Canada (PSAC) is accusing CSEC and the Treasury Board of ignoring the recommendations of the Public Interest Commission established to help resolve the differences between CSEC and its employees in the currently stalled contract negotiations. (Previous report here.)

Approximately 1900 of CSEC's 2200 employees are unionized (all employees "excluding directors, persons above the rank of director, employees involved in the planning, development, delivery or management of human resources, and such other persons employed in a managerial or confidential capacity").

A new contract between CSEC and its employees is long overdue. The last contract expired on February 9th, 2012, and even the contract currently under negotiation is scheduled to expire in February 2015, about seven months from now.

The Public Interest Commission presented its recommendations for resolving the impasse, which are non-binding, to CSEC and PSAC on June 2nd, 2014.

However, according to PSAC, CSEC has since refused to accept any of the commission's recommendations:
Unfortunately, even though the union made changes to our demands as per the PIC report, the employer did not move off their original offer imposed on them by Treasury Board back in September of last year. They've effectively ignored the PIC Report.
Interestingly, the union blames the impasse on Treasury Board rather than CSEC, asserting that "this round of negotiations would have been successfully concluded by now, [were] it not for the undue interference of Treasury Board."

A final round of discussions is scheduled for September, after which it is possible that the talks will break off entirely.

At that point, a strike would be a theoretical possibility. I think there is little or no chance that CSEC employees would ever agree to take that step, but they might decide to undertake more limited actions, such as assorted work-to-rule measures.

The previous collective agreement between CSEC and its employees, and earlier versions, can be found here.


Update 27 January 2015:

The September talks produced an interim agreement to extend the previous contract, with minor adjustments, to cover the period from the previous contract's expiry to 9 February 2015 (details here). So it looks like CSE's new chief will take over just as the contract once again expires.

Friday, July 11, 2014

Ethics concerns within CSEC

From the Globe and Mail (Colin Freeze, "Ethical concerns raised by workers at Canadian spy agency," Globe and Mail, 11 July 2014):
Employees at Canada’s fast-growing electronic spy service are sounding alarms about possible misuse of funds, conflicts of interest and financial mismanagement.

Some have also tried to blow the whistle about “improper contractor security screening,” “questionable contractor invoicing,” “unauthorized disclosure of sensitive information,” and “non-compliance with CSEC’s values,” according to recent “internal disclosure of wrongdoing” reports obtained by The Globe and Mail.

The number of intelligence-agency employees at Communications Security Establishment Canada (CSEC) seeking “ethical advice” from a senior official is also at a record high, according to the documents. Employees at CSEC, which is entrusted to spy on foreign communications for the federal government, sought advice 18 times in 2012 – 16 times over unspecified “conflict of interest” issues. The previous year, 12 ethics-related questions arose.

The records highlight the thorny issue of raising concerns in the secret world of intelligence gathering. In 2007, the Conservative government passed the Public Servants Disclosure Protection Act in the name of protecting whistle-blowers within the federal bureaucracy. But while that law empowers a federal integrity commissioner to investigate employee complaints arising in dozens of departments, CSEC was given an exemption in favour of a parallel system that keeps such matters within the agency.

In CSEC, a “senior officer for disclosure of wrongdoing and reprisal protection” acts as a sounding board for employees who wish to air their own ethical quandaries, or to speak about alleged lapses in judgment by their colleagues or bosses.

These complaints are logged in annual reports, but specific details are withheld.

Findings of ethical wrongdoing are rare within CSEC. During the three years of released records, the senior official in charge of ethics made just one formal finding of wrongdoing.

The Canadian Press reported this spring that whistle-blower complaints of unspecified “asset misuse” at CSEC resulted in stepped-up financial training and monitoring.
You can read the Canadian Press report here: Jim Bronskill, "Canada's electronic spy agency uncovers wrongdoing, ethics breaches," Canadian Press, 15 March 2014.

Thursday, July 10, 2014

UMBRA history

The recent and unexplained reappearance of the retired SIGINT codeword UMBRA has led to some interesting speculation about what may be going on (see here and here).

UMBRA was for many years the overall codeword for Top Secret information in the communications intelligence Sensitive Compartmented Information (SCI) compartment, used for that purpose throughout the Five Eyes community. (Its presence in the name of this blog is no coincidence.)

Other codewords, such as SPOKE and MORAY, were used for Secret and less-sensitive Secret COMINT-related information.

UMBRA was retired in 1999, along with SPOKE and MORAY. All three were replaced by the term COMINT, and more recently by Special Intelligence (SI).

There seems to be considerable confusion about how long UMBRA was used, with recent commentary suggesting that the codeword had been in use "at least since [the] middle of the 1950s".

UMBRA was by far the longest-lived of the codewords for the most sensitive level of COMINT, but its service did not extend as far back as the 1950s.

Unlike the terms COMINT and Special Intelligence, UMBRA and its predecessors were themselves classified and, in the early post-war period, were frequently changed. Later codewords were retained for several years but were still replaced whenever they were publicly compromised.

UMBRA was the last of the classified codewords. It too was compromised within a few years of its introduction, but unlike the others, it was not replaced but remained in service until its retirement in 1999.

Intelligence historian Matthew Aid has kindly provided the following list of the codewords for the Top Secret COMINT compartment and their dates of service:

ULTRA (194? - Mar 1946)
CREAM (Mar 15 1946 - Sep 1947)
GLINT (Sep 1 1947 - Jun 1949)
COPSE (Jul 1 1949 - Aug 1950)
ACORN (Aug 1 1950 - Jun 1951)
SUEDE (Jul 1 1951 - Jun 1952)
CANOE (Jul 1 1952 - Sep 1953)
FROTH (Oct 1 1953 - Dec 1954)
EIDER (Jan 1 1955 - Jun 1959)
DAUNT (Jul 1 1959 - Dec 1960)
DINAR (Jan 1 1961 - Sep 1965)
TRINE (Sep 1 1965 - Dec 1968)
UMBRA (Dec 1 1968 - Oct 1999)


Update 1 August 2024:

See also this list of the codewords for Top Secret and Secret SIGINT that was posted on Twitter by NSA in 2017. 



Tuesday, July 08, 2014

June 2014 CSEC staff size

2220. The highest total yet.

(If you click through on the link and get a different figure, it's probably because the Canada Public Service Agency has updated its website; they update the numbers once a month.)

Update 10 July 2014: Daniel Tencer, "CSEC Staff Levels Hit Record High, As Other Agencies Suffer Through Austerity," Huffington Post Canada, 10 July 2014.

Sunday, July 06, 2014

Canadian communications caught in NSA collection

A Washington Post analysis of roughly 160,000 intercepted communications taken from NSA files by Edward Snowden indicates that nearly 90% of the communications originated from account holders who "were not the intended surveillance targets but were caught in a net the agency had cast for somebody else" (Barton Gellman, Julie Tate & Ashkan Soltani, "In NSA-intercepted data, those not targeted far outnumber the foreigners who are," Washington Post, 5 July 2014).

The analysis also found that a large proportion of the collected communications contained the names, IP addresses, e-mail addresses, or other information about U.S. and other Five Eyes persons and companies.
Many of them were Americans. Nearly half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents.
The following graphic, which accompanied the Washington Post story, shows that a large number of Canadian and British "identifiers" were also to be found within the communications.



No numbers accompany the non-U.S. portions of the chart, unfortunately, but it is possible to estimate them by measuring the relative sizes of the portions.

The Canadian portion of the chart is about 16% of the size of the U.S. portion, which indicates that it contains about 19,100 identifiers in total, including about 15,600 Canadian IP addresses and about 1350 Canadian company names. It also suggests, although this is less certain, that Canadian identifiers may have appeared in as many as 8% of the intercepts examined (some intercepts would contain multiple identifiers).

The other boxes in the Canadian portion of the chart are unlabeled, so the number of Canadian persons that were identified in the traffic is not evident.

As noted in the Washington Post story, identifiers associated with the U.S. or other Five Eyes countries were mostly "minimized" in the intercepts (for example, U.S. names were replaced by the phrase "MIN U.S. PERSON"). However, the original identity information in such cases is retained in the NSA's files and can be restored if the client utilizing the intercept can justify a request for the information.

It would be interesting to know if the Canadian government is consulted when U.S. clients seek to unmask Canadian information (and, if so, how often it approves such requests).

The article does not indicate whether the intercepts that contained Canadian identifiers were all collected by the NSA (or other non-Canadian agencies) or may have been supplied in part by Canada. We also do not know how fully the Canadian government itself is able to access NSA intercepts containing Canadian information and the nature of the limitations that may or may not be in place on its access to unminimized data.

Update 11 July 2014:

News coverage: Patrick McGuire, "Now We Know Even More about How the NSA Invades Canada’s Privacy," Vice, 11 July 2014.

Tuesday, July 01, 2014

CSEC and targeting rules

One of the Snowden documents released yesterday by the Washington Post (Ellen Nakashima & Barton Gellman, "Court gave NSA broad leeway in surveillance, documents show," Washington Post, 30 June 2014) contains this interesting comparison of the rules that control spying by the Five Eyes countries on their own nationals and/or within their own territory:



(Original document here.)

At first glance, CSEC looks pretty good from a privacy point of view, operating under what appear to be much more restrictive rules than its Five Eyes partners.

But the distinction is without a difference.

CSEC does not have the power to target Canadians, but other agencies of the Canadian government do. CSIS and the RCMP (and potentially other law enforcement or security agencies) have the ability to obtain judicial warrants to target the communications of specific persons of any nationality within Canada or of Canadians, whether within Canada or abroad, and these agencies can then proceed to enlist the assistance of CSEC in performing that targeting.

This was made very clear in the original Mosley decision in January 2009, which authorized CSEC to monitor specific targeted Canadians outside Canada on behalf of CSIS, based on CSIS warrants. (The subsequent imbroglio concerning the use of these warrants was related to the participation of other Five Eyes partners in the monitoring, not to CSEC's participation.)

"Cannot target Canadians", which is the comment in the "National overseas" column, doesn't really capture the reality of this situation.

And the same applies to the "National in ..." and "Foreign national in ..." columns. The former case is documented here, and the latter is discussed here.

In short, the actual situation is very different from the happy picture depicted on the chart.

Each of the Five Eyes countries has its own unique legal and policy regime, but broadly speaking the rules under which CSEC operates are very similar to those under which its partners operate.