Friday, October 28, 2016

Canadian participants at Second JAC Conference, 13 March 1944

As I mentioned in this earlier post, this 13 March 1944 photograph showing the attendees at the "Second JAC Conference" provides an interesting glimpse into the extent of Canadian participation in Allied signals intelligence planning during the Second World War (click photo for larger version).



According to GCHQ, JAC stands for Japanese Army Cypher (or possibly Japanese Army Communications). The conference was held at Arlington Hall Station, the home of the U.S. Army COMINT organization, the Signal Security Agency (SSA), and ran from 13 to 24 March 1944.

Of the 42 attendees at the conference (35 of whom are shown in the photo), six were Canadian. One other participant, British cryptanalyst F.A. (Tony) Kendrick, attended in his capacity as head of Canada's cryptanalytic agency, the Examination Unit. By my estimate, 13 other Britons, including GC&CS Director Edward Travis, and one Australian were also in attendance. The remaining 21 attendees were Americans. The head of OP-20-G, the U.S. Navy's COMINT organization, and two other U.S. Navy officers were present for the photo, but the great majority of the attendees were army officers, along with six civilians.



This version of the photo identifies the Canadian-related participants by number, as follows:

1) Lieutenant Colonel Edward M. Drake. Drake was the officer in charge of Canadian Army SIGINT activities. He later became the first director of CSE (or CBNRC as it was then called), serving in that role from 1946 to 1971.

2) Squadron Leader Chester A. Ronning. Ronning was the commander of the RCAF Discrimination Unit, a small traffic analysis unit that worked closely with the Army Discrimination Unit. The son of missionaries, Ronning was fluent in Chinese. After the war he became a prominent Canadian diplomat. This National Film Board documentary about his life briefly mentions his wartime activities (at roughly the 41:30 mark).

3) Major Douglas D. Cameron. Dr Cameron was one of the original members of the Examination Unit (XU), joining as a civilian in June 1941. In 1942, he left the XU to join the Canadian Intelligence Corps and subsequently worked in the Army Discrimination Unit.

4) Captain J. Ross Mackay. Mackay, another child of missionaries, learned Japanese while going to school in Japan. Like Cameron, he was in the Canadian Intelligence Corps. In 1945, he was sent to Australia as commander of the intelligence section of 1 Canadian Special Wireless Group. After the war, he became a well-known Canadian geographer.

5) Major Ralph H. Pick. Pick was an engineer in the Royal Canadian Corps of Signals and probably attended as a technical advisor. He later became second-in-command of 1 Canadian Special Wireless Group.

6) Lieutenant Colonel Benjamin deForest (Pat) Bayly. Bayly was also an engineer, overseeing communications and encryption systems for British Security Coordination (BSC). He probably also attended the conference as a technical advisor. Like BSC director William Stephenson, Bayly was a Canadian, but he spent the war years working for British intelligence and thus was not representing Canada at this conference.

7) A. F. (Tony) Kendrick. Kendrick was a British cryptanalyst who joined GC&CS before the war. In August 1942 he was lent to Canada to serve as director of the Examination Unit, replacing the first British cryptanalyst lent for this purpose, Oliver Strachey.

The presence of so many Canadian-related personnel at the conference was undoubtedly due in part to the proximity of Ottawa to Washington, which made it quick and safe for Canadian personnel to travel to Arlington Hall. But it also is evidence of the degree to which Canada had been integrated into the wider Allied SIGINT system and its personnel permitted to participate in Allied SIGINT planning.

Canada's role in Allied SIGINT decision-making would certainly have been small, in keeping with the minor contribution that Canadian SIGINT activities made to the overall Allied effort, and it would appear that not all of the decisions made were to the Canadians' liking. (The plan to shift some of the work on Japanese weather codes to Canada was kiboshed at the conference.) But according to Kendrick, Drake, at least, found the results "quite satisfactory".

He and the others undoubtedly considered it an important achievement just to be at the table.

The full list of attendees in the photo is as follows (front to back, left to right): Colonel John H. Tiltman, GC&CS; Colonel W. Preston Corderman, SSA; Commander Edward W. Travis, GC&CS; Major General Harry C. Ingles, OCSigO; Brigadier General Frank E. Stoner, OCSigO; Colonel Carter W. Clarke, G-2; Mr. William F. Friedman, SSA; Commander Joseph N. Wenger, USN; Lieutenant Colonel Edward M. Drake, DU; Lieutenant Colonel Earle F. Cook, SSA; Lieutenant Colonel Benjamin DeForest (Pat) Bayly, BSC; Major Philip Lewis, GC&CS; Lieutenant Colonel Solomon Kullback, SSA; Mr. Leonard James (Joe) Hooper, GC&CS; Captain J. Ross Mackay, DU; Colonel Frank W. Bullock, CBI; Lieutenant Colonel Telford Taylor, G-2; Lieutenant Colonel Abraham Sinkov, CBB; Lieutenant Colonel Patrick Marr-Johnson, WEC; Major Geoffrey G. Stevens, GC&CS; Captain Stan R.I. Clark, CBB; Major Joseph J. Martan, CBI; Lieutenant Colonel W. Edward Crankshaw, GC&CS; Squadron Leader Chester A. Ronning, RCAF DU; Major Douglas D. Cameron, DU; Major Ralph H. Pick, DU; Colonel H.M. O’Connor, GC&CS; Major W.M. Allen, GC&CS; Major William Perdue, G-2; Colonel Samuel P. Collins, SSA; Commander C.A. Ford, USN; Commander Wesley A. Wright, USN; Mr. F.A. (Tony) Kendrick, XU; Lieutenant F.E. Maloney, SSA; Lieutenant Colonel Harold McDonald Brown, SSA.

GCHQ lists the other attendees at the conference as "LtCol S Clark (CBB); Maj K J Maidment (GCCS rep in BSC NY), LtCol W M Allen (WEC), LtCol H Sayer (GCCS); US Army - LtCol J E Slack, C H Judson, J J Morton". Two of these names look like they might be duplicates of people depicted in the photo, but I'm going to assume GCHQ knew what they were doing in listing them here.


Update 16 March 2017: The information above was updated based on this article ("The Second Japanese Army Cipher Conference 1944"), posted by GCHQ on 16 March 2017. The GCHQ article also contains some interesting details of the banquet that was held at the conference.

Thursday, October 13, 2016

RIP Des Ball

My friend and colleague Desmond Ball passed away on October 12th.

Des was a prolific and engaged scholar, incredibly knowledgeable, and a towering figure in his field. I will always feel privileged to have been able to work with him on a few of our shared interests over the past decade. You can read more about him here.

A list of our recent publications (written with co-author Richard Tanter) on the signals intelligence base at Pine Gap, Australia, is here.

Sunday, October 09, 2016

CSE: What do we know? What do we need to know?

Here's a summary of the presentation I made at the Sécurité internationale, sécurité intérieure: connexions et fractures colloquium at Laval University on October 6th.

[See also the updated and extended version I delivered at the University of Ottawa on November 23rd.]

The Communications Security Establishment: What do we know? What do we need to know?



Some of the people here today will know a great deal about the Communications Security Establishment, but it is likely that most do not know a lot about it, so I'd like to begin with some background information about the agency.


(The photo shows the Edward Drake Building, CSE's new headquarters. Source.)

CSE has a three-part mandate laid out in the National Defence Act.



The SIGINT program addresses all three elements of CSE's mandate and accounts for $421 million of the agency's $584 million budget for FY 2016-17, while the ITSEC program is focused on Mandate B and accounts for $163 million.



The agency recently celebrated its 70th birthday, but its origins lie in the signals intelligence co-operation initiated between the Western allies during the Second World War.


(CSE's first headquarters was located on the third floor of the La Salle Academy, a Catholic boys school in downtown Ottawa, shown on the left. The facility had previously been occupied by one of CSE's wartime predecessor organizations, the Joint Discrimination Unit.)

Although Canada was a very small player in Second World War SIGINT, it participated in the planning that allocated intercept and processing tasks among the allies and shared in the intelligence output. This deep integration of SIGINT activities laid the foundations for the very close co-operation that has persisted to the present.



Lt-Col Ed Drake is circled in red in this photo from a 1944 planning conference. (Source.) Five other Canadians and the British cryptanalyst supplied to Canada to run the Examination Unit (the civilian in the back row) are also in the photo.



The U.S. and U.K. agreed to continue SIGINT cooperation into the post-war era even before the war ended, with the new primary target to be the Soviet Union. The BRUSA (later renamed UKUSA) agreement, the founding document of the post-war partnership, was negotiated in the fall of 1945 and signed on 5 March 1946.



Canada and the other Dominions of the British Empire were not signatories of the agreement, but provision for their participation was written into it, and they agreed to abide by its terms at a conference held in London the month before it was signed. The U.S., represented by STANCIB (the State Department, Army, Navy Communications Intelligence Board), reserved the right to deal directly with Canada, but it agreed to deal with the other dominions through the U.K.



By the time CSE, known originally as the Communications Branch of the NRC, was formally established on 1 September 1946, its position as junior member of a multinational SIGINT conglomerate had thus already been determined.

The CBNRC was transferred to the Department of National Defence and renamed the Communications Security Establishment on 1 April 1975. In November 2011 it became a stand-alone agency, still under the Minister of National Defence but no longer a part of the department.

The radio intercept stations that supplied CBNRC/CSE are operated by the military, currently the Canadian Forces Information Operations Group.

Oh, and there's Ed Drake again.



We turn now to an extremely abbreviated history of the organization:


There was a Cold War, during most of which CSE focused almost exclusively on the Soviet Union.



Then the Cold War ended, and CSE found new targets, principally diplomatic and economic.



And then this happened, and CSE's focus shifted once again.



Which brings us up to the present.

Since 9/11, counter-terrorism has been CSE's top priority, with Support to Military Operations also of increased importance.

The advent of the Internet also had a dramatic effect on the agency's operations, opening whole new avenues for SIGINT operations, including Computer Network Exploitation activities to access "data at rest" on target computer systems.



The Internet soon became the primary hunting ground of the SIGINT partners, and they undertook to Master the Internet.



The post-9/11 era saw the greatest period of growth in CSE's history. Now apparently stabilized at a staff of about 2100–2200, CSE has 2.3 times as many employees as it had prior to 9/11 and 3.5 times as many as it had through most of the Cold War.



Its budget has also grown dramatically in recent years. At $584 million in FY 2016-17, CSE's current budget is 4.3 times as high in inflation-adjusted dollars as its pre-9/11 budget. (The spike to nearly $900 million in 2014-15 was the result of a one-time $300 million payment made when the agency's new headquarters was completed.)



Canada's legacy radio intercept stations—Alert, Gander, Masset, and Leitrim— are still in operation, the first three now operated remotely from Leitrim...



...but the real SIGINT action now takes place in cyberspace. (Source.)



And, inevitably, mixed in among the Internet traffic that CSE monitors is the Internet traffic of Canadians. (This graphic depicts the amount of worldwide Internet traffic that passes through Canada or the United States. Source.)



The intermingling of Canadian Internet traffic with that of the rest of the world means that CSE encounters Canadian communications even when it is trying not to do so. And this raises an important question:



I have three answers to that question.



The first answer is the one you usually get from CSE or government ministers and members of parliament—often these exact words. This prohibition is indeed written into the National Defence Act, not this precise formulation, but words to the same effect.



However, there are several important exceptions to this absolute-sounding rule:



First, the rule prohibits only activities "directed at" specific Canadians or persons in Canada. Thus, for example, bulk collection of metadata, because it is not collected with any specific target in mind, is permitted—even if, as in the "Airport wi-fi" case, all of the metadata in question relates to persons in Canada.

"Incidental" collection of Canadian communications (collected when one of CSE's foreign targets communicates with a Canadian) is also permitted.

Targeted collection of Canadian communications is permitted under Mandate C (i.e., when a federal law enforcement or security agency requests such collection and has lawful authority for the request).

Finally, CSE is permitted to receive Canadian communications collected and forwarded by its SIGINT allies, although it is not permitted to request the targeting of Canadians. CSE recently formalized procedures for providing such intercepts to CSIS.

None of these exceptions opens the door to unlimited mass surveillance of all Canadians, and such information as we have suggests that the amount of Canadian-related information collected by CSE is, with the exception of metadata, mostly very limited.

But the information we have is itself very incomplete, and a surprisingly large amount of legal surveillance could be hidden behind the details that remain redacted.



This leads to my third answer: We don't know.

We don't know the full meaning of "directed at" as the government understands the term. CSE modified its activities following a 2012 court case that rejected an attempt by CSIS to broaden the meaning of the term, which suggests that, at that time at least, CSE was operating with an excessively permissive understanding of its meaning.

Furthermore, the question of "directed at" could become less and less meaningful as CSE and its SIGINT allies move towards a "collect it all" posture. "Collect it all" is more an aspiration than a reality at the moment, but growth in monitoring and storage capabilities could make it more feasible as time goes on.

An unknown amount of activity could also be underway to analyze metadata or other non-content data on behalf of CSIS or the RCMP. Such processing might fall beneath the threshold considered to require a judicial warrant, and thus would be subject to much less stringent limits. Canadian communications that are not considered "private communications" under the Criminal Code might also be subject to looser rules.

The potential for larger-than-realized access to Canadian-related information through allied collection and sharing also needs to be recognized.

Finally, it might also be questioned whether CSE actually obeys the various rules that limit the extent to which it is legally permitted to monitor Canadians.



This leads to my next question:



I have four answers to this question.



The notable exception occurred in 2015 when the CSE Commissioner declared CSE in violation of the law. (The decision was reported to the public in 2016).



The complications arise because not every instance in which CSE fails or may have failed to follow legal requirements is assessed by the Commissioner as formal non-compliance (see my somewhat tongue in cheek discussion here).



Here's the short explanation of that.



It's worth noting that these are mostly fairly minor incidents. There's no systematic program of monitoring Canadians hiding among these items, although some of the disagreements over legal interpretations do touch on CSE's core activities.

Over the years, CSE Commissioners have recommended a long list of amendments that would clear up these interpretation issues and place CSE on a sounder legal footing. The government promised action on a number of amendments as long ago as 2007, but nine years later we're still waiting.

A broader question relates to uncertainties in the proper interpretation of the laws that pertain to CSE's activities. In this respect, not even CSE really knows if it obeys the law. In many cases, the courts have simply not addressed these questions.

This could change as a result of the BCCLA and CCLA court challenges currently underway.



My final thought with respect to CSE and the law is, why wouldn't we expect it obey the law (at least, as the agency understands it)?

There is every reason to believe that compliance with the law is a fundamental part of CSE's ethos, and if the government wanted the agency to do something not currently legal, it could probably manage to make it legal. It's the government that writes the laws after all, although that power is somewhat checked by the courts.

The question of whether the government will grant itself additional "lawful access" powers is currently back on the parliamentary agenda.



The question of compliance with the law is certainly important.

But, for me, the greater concern is what's being done, or could be done, entirely within the law.

It may be that CSE's activities related to Canadians are comparatively minor and tightly constrained. But they might also be quite a lot larger than the information that is currently public suggests. We just don't know.

And the potential for excessive, intrusive surveillance will only grow in the future.



Which leads to my final question:



I don't have a lot of answers to this question.

Maybe we can rely on "sunny ways"?


(The photo shows Prime Minister Trudeau addressing CSE employees at the Edward Drake Building in June 2016. To the best of my knowledge, this was the first time a prime minister visited CSE.)

More seriously, a number of proposals have been made to improve the oversight/review mechanisms and reform the legal regime pertaining to CSE and other members of the Canadian intelligence community.

I will now punt this question to people who know what they are talking about, such as Kent Roach and Craig Forcese.



Thank you.