Sunday, June 09, 2024

NSICOP's mystery review

 

Thanks to the recent Special Report of the National Security and Intelligence Committee of Parliamentarians (NSICOP), the stakes are high on Parliament Hill right now, the main question being how many MPs will ultimately be burned at one. 

We haven't had excitement like this since Fred Rose tried to turn the Green Chamber Red. But — as anyone who reads this blog knows — excitement is not what we do here. What I want to talk about is NSICOP's other report, its 2023 Annual Report, which was released on June 5th. 

Tucked away in that report was a brief two-paragraph description of a review that NSICOP completed in November 2023:

The committee was not permitted to provide any information about the nature of the "intelligence collection activity" it examined, or even which department or agency conducted it. 

What it did tell us was that it issued a Special Report to the Prime Minister that "highlighted concerns about the authority of the federal department or agency to participate in this collection activity, particularly with regard to its Canadian partners in the security and intelligence community, including the lack of appropriate governance; and the role that the Department of Justice plays in providing advice in areas of national security and intelligence that will likely not receive judicial scrutiny."

The committee also stated that it made five recommendations, of which the government rejected one, accepted three, and "commented on" another. The report did not indicate the degree to which these responses allayed the committee's concerns, if at all, nor were any details of the committee's recommendations or the government's responses provided.


So what is actually going on?

We may not do excitement here, but we do do guesses. 

The thing that immediately caught my eye was the committee's reference to areas of national security and intelligence that will likely not receive judicial scrutiny. 

CSIS and the RCMP go to the courts to get warrants to conduct their most intrusive activities, but CSE does not. Since 2019, CSE has been subject to the "quasi-judicial" oversight of the Intelligence Commissioner, a retired judge, but the Commissioner does not operate a court, cannot issue legal rulings, and does not have the order-making powers of a judge. Most of what CSE does is unlikely ever to fall under the scrutiny of a court.

Also notable is that NSICOP expressed its concern about the authority of the entity in question to participate in the collection activity "particularly with regard to its Canadian partners in the security and intelligence community". 

Through what is known as its assistance mandate, CSE provides technological and operational assistance to federal law enforcement and security agencies, mostly to CSIS and the RCMP, during which it operates under the authorities of those agencies rather than its own. Unlike the other elements of its mandate, CSE is able to direct its activities at Canadians and persons in Canada when operating under the assistance mandate.

Those assistance activities are thus potentially some of CSE's most sensitive from a Canadian privacy and civil rights point of view. The subject is also one that CSE is extraordinarily secretive about, even by the agency's own Consistently Silent about Everything standards. I've been waiting seven years for the results of an access to information request seeking more information about the policies that govern CSE's assistance activities.

My very tentative guess is that some aspect of the assistance that CSE provides to CSIS and/or the RCMP may have been the activity that NSICOP found troubling.

That assistance might involve, for example, searching or otherwise processing on behalf of domestic investigations the vast metadata stores acquired by CSE and its Five Eyes partners during their foreign intelligence and cybersecurity operations. 

Or it might involve exploitation of the content of communications pulled into CSE and its partners' foreign intelligence/cybersecurity dragnet. (Although not normally permitted to "target" the communications of Canadians or other Five Eyes nationals, they are permitted to collect communications that include Five Eyes participants, or contain information about Five Eyes nationals, as long as those communications were collected because they involved a non-Five Eyes target. This is called "incidental" collection, and the number of communications involved can be surprisingly large.)

The warrantless exploitation by the FBI of American communications incidentally collected by the NSA has long been controversial in the United States, particularly with respect to communications collected inside the United States under Section 702 of the Foreign Intelligence Surveillance Act (FISA). A special court called the Foreign Intelligence Surveillance Court sets conditions on how NSA can conduct its collection under s.702, but critics point to extensive FBI exploitation of the American-related results, describing the program as a backdoor way to conduct warrantless surveillance of Americans.  

(Incidentally, has anyone noticed how many national security investigations here in Canada seem to start with a tip from the FBI? Hmm.)

Maybe American concerns about s.702 recently caught NSICOP's eye and the committee asked itself whether Canada had something similar to FISA collection going on here too.

We do, as this NSA document confirms.

Similar does not mean identical, of course. We don't have a Foreign Intelligence Surveillance Court — or any court — overseeing our program, just the Intelligence Commissioner, whose role is limited to approving or not approving Ministerial Authorizations (MAs). Also, it is possible that the rules governing domestic exploitation of our incidental collection, whatever they may be, are less permissive than those that apply to the FBI. 

I'd like to tell you more about those rules, but for me to do that, CSE would have to expedite that access to information request I have been waiting and waiting and waiting and waiting and waiting and waiting and waiting for (where one "waiting" = one year). Did I mention it has been SEVEN YEARS?

Back to the subject at hand.

We don't know if the collection activity that concerned NSICOP involves the exploitation of incidentally collected communications, or the exploitation of bulk metadata, or even that it has anything to do with CSE at all. But something involving CSE's assistance mandate does seem to me like a plausible possibility.


Are there any other clues?

Well, NSICOP did launch one review in 2022 that might have had something to do with the committee's secret report.

In August 2022, the committee announced plans to review "the legislative, regulatory, policy and financial framework for the lawful interception of communications for security and intelligence activities, the challenges resulting from the impact of rapidly changing and emerging technology, including the use of end-to-end encryption, and the limitations of the current framework faced with these challenges." The committee also promised to "examine potential risks to the privacy rights of Canadians associated with modernizing authorities in this area." 

That's clearly a much broader topic than something that could be characterized as concerns about a single intelligence collection activity, but it's possible that something the committee saw as it was starting that study led them to first produce a special report on a specific collection activity that they found especially concerning. Maybe we'll learn more if the overall review ever makes an appearance.

 

Other watchdogs

One potentially reassuring thought is that if anything too dire were going on, particularly if it involved CSE, we would likely already have heard rumblings about it from the National Security and Intelligence Review Agency (NSIRA) and/or the Intelligence Commissioner.

I'm not entirely persuaded that I should be reassured, however, because, as I noted in this blog post, there has indeed been a certain amount of rumbling going on in recent years.

In a report released to the public in April 2023, NSIRA expressed concern about an unspecified collection activity that CSE was planning to conduct in 2019, noting that “Similar activities conducted by other security and intelligence departments have been found to require an explicit statutory justification regime…. The CSE Act contains no such justification regime.” The review agency went on to state that “Although these activities have not yet occurred, there is no indication that CSE has fully assessed the ramifications – legal or otherwise – of the activities authorized in [redacted] Authorization.” It recommended that CSE “seek a fulsome legal assessment on activities authorized by [redacted] MA prior to undertaking any collection activities under [redacted] MA. The legal advice should address whether there is an implicit justification regime created in [redacted] MA.”

Also in 2023, the Intelligence Commissioner balked at approving one element of one of CSE's foreign intelligence MAs, concluding that it entailed a “much broader class of activities” than could “reasonably fit into the more limited class found in [CSE's] statute.” It's not clear in that case, however, whether any specific, actual activity was considered problematic by the Commissioner.

In both cases, the concerns expressed related to activities that were to be performed (or might potentially be performed) under CSE's foreign intelligence mandate, not its assistance mandate. It is possible, however, that data collected in the course of a foreign intelligence activity could end up also being used under the agency's assistance mandate, so if NSICOP's concerns are indeed related to assistance activities — which of course we don't know — the issues could still be related.

That said, we don't know whether NSIRA's concerns and those of the Intelligence Commissioner are related to each other in any way, or whether there is any connection between either of those concerns and NSICOP's. Maybe there's just a lot of different stuff out there to be concerned about. 

But it is possible that some specific activity or set of activities has been causing disquiet in more than one part of the oversight and review structure in recent years.

In that other blog post, I offered some different suggestions as to what specifically might lie behind NSIRA's and the Intelligence Commissioner's concerns. But I have no way of knowing whether any of my suggestions is anywhere close to the mark. (Somewhere around half my readers may know, but they don't tell me.)


Bottom-line-down-at-the-bottom-where-it-belongs:  

NSICOP was clearly concerned about the intelligence collection activity it examined last year. I get the impression that the committee was not especially satisfied with the government's response to its recommendations, but it didn't formally declare itself either way on that issue.

My suspicion is that the activity in question may have something to do with CSE and the assistance CSE provides to CSIS and the RCMP. However, that may say more about my particular interests than the actual evidence available.

It's possible that other oversight and review bodies are also concerned about whatever is taking place, but we don't know that: it is entirely possible that the specific cases I cited above relate to completely separate matters. If NSIRA hasn't already looked at the issue that NSICOP addressed, it probably should.

Everyone's attention is focused on foreign interference right now, and understandably so. But it would be a shame if the questions around this unidentified intelligence collection activity are left unresolved.

If one of the key purposes of bodies like NSICOP, NSIRA, and the Intelligence Commissioner is to ring a bell when something less than wonderful is going on in the secret spaces of the state, we can certainly say that this year has been one of the system's most successful. 

But the ultimate purpose of those bodies is to spur action both to protect the rights of Canadians and to improve the security and intelligence programs they examine — and for that action to be seen to have taken place by the Canadian public. 

In this case, it very much remains to be seen whether sufficient action has taken or will take place.


("Hush Most Secret" photo credit: Dr. Helen Fry)

Wednesday, June 05, 2024

Intelligence Commissioner addendum

One more issue I meant to raise in my recent blog post concerning the Intelligence Commissioner's 2023 annual report

In that report, Intelligence Commissioner Noël wrote that “in the past year I did not approve a [CSIS-related] ministerial authorization and only partially approved others [relating to CSIS and CSE] because the scope of proposed activities was too broad. After considering the rationale for my decisions, the agencies involved submitted revised requests for authorization to undertake certain activities. New ministerial authorizations — setting out a more limited scope of activities and more detailed reasons to justify the activities — were provided for my review and ultimately, approval.” 

It is unclear, at least to me, what this means for the three CSE foreign intelligence ministerial authorizations that were only partially approved in 2023. The chart on page 32 shows those three partially approved authorizations (along with the three fully approved cybersecurity authorizations), but it doesn't show that three new foreign intelligence authorizations subsequently replaced the partially approved ones.

Were there actually six foreign intelligence authorizations approved during 2023 (albeit with just three in force at any time)?

If so, will the Commissioner's decisions with respect to the later three also be declassified and eventually posted on the IC website?

Also, is there a way to be clearer about reporting the actual number of authorizations approved while still indicating the number in force at any time?


Sunday, May 26, 2024

The Intelligence Commissioner and Ministerial Authorizations

The Intelligence Commissioner’s 2023 Annual Report was released on 6 May 2024. This was the fifth annual report issued by the Intelligence Commissioner since the position was created in 2019, and we are now starting to get a clearer picture of how this system works in practice.

What I plan to focus on in this blog post is the part of the Intelligence Commissioner’s job that involves overseeing the Ministerial Authorizations (MAs) that enable CSE to do things that might otherwise be illegal, such as intercepting communications or hacking computers. MAs are issued by the Minister of National Defence to cover CSE’s foreign intelligence program, its cybersecurity activities on federal government infrastructures, and its cybersecurity activities on non-federal infrastructures designated to be of importance to the government of Canada. The role of the Intelligence Commissioner is to assess the “reasonableness” of the minister’s decisions and either approve or not approve each MA in whole or in part. Only those MAs or parts of MAs approved in a written decision by the Commissioner enter into force.

(The Defence Minister also issues MAs for CSE’s active and defensive cyber operations, but those authorizations are not overseen by the Commissioner. For a description of the full mandate of the Intelligence Commissioner, which also entails oversight of datasets held by the Canadian Security Intelligence Service (CSIS) and certain classes of acts or omissions by CSIS, see pages 7-10 of the annual report.)

The current Intelligence Commissioner, retired Federal Court judge Simon Noël, took over from the first commissioner, Jean-Pierre Plouffe, on 1 October 2022. Plouffe’s work established the parameters for how the MA system created in 2019 would function in practice – the bases on which reasonableness would be judged, the types of information needed by the minister and the commissioner, the prescriptive role of the deliberations and other remarks recorded in the commissioner’s written decisions, and the fact that partial approval was possible. Plouffe also made a commitment to declassify and publish the Intelligence Commissioner’s written MA decisions, which has now begun to happen.

The 2023 Annual Report, which covers Noël’s first full year in office, shows that Noël has picked up where his predecessor left off and is actively building on Plouffe’s legacy.

So where are we today?



As can be seen in this chart reproduced from the report, the Intelligence Commissioner and his predecessor have rendered decisions on 26 MAs issued to CSE since the system began in 2019, including six in the last year. None have been rejected outright, but in five cases, including three in the last year, the MAs were only partially approved, with one or more elements rejected.

There is a clear pattern that three foreign intelligence authorizations are issued each year. One cybersecurity authorization for federal infrastructures is also issued each year. Cybersecurity authorizations for non-federal infrastructures are much less predictable, with one or two in most years and none in one year.

 

FOREIGN INTELLIGENCE MAs

The practice of issuing three foreign intelligence MAs per year extends back into the previous statutory regime, before the office of the Intelligence Commissioner was created, when MAs were issued by the Minister of National Defence to make it lawful for CSE to intercept communications with one end in Canada. As today, CSE was not permitted to target the communications of people in Canada or Canadians anywhere except when operating under its assistance mandate, but the MAs made it legal for CSE to intercept the communications of foreign targets located abroad if they happened to communicate with someone in Canada. Without the MAs this was a problem for CSE, because the wilful interception of a communication with at least one end in Canada – a “private communication” under the Criminal Code – is normally a criminal offense.

Under the statutory regime established in 2019, the MAs also serve this purpose, but they encompass a broader range of information gathering, including metadata, that might also implicate other laws and/or the privacy rights of people in Canada and Canadians everywhere.

In both cases, however, the collective role of the three foreign intelligence MAs issued each year has been to provide authorization for the full range of CSE’s foreign intelligence programs.

CSE has never formally acknowledged how these three MAs divide up the various programs, but I think the breakdown probably goes something like this: one MA, call it “radio frequency activities,” covers everything CSE collects that requires sticking up an antenna of some kind: high-frequency radio communications, satellite transmissions, cell phone and local microwave traffic in a foreign capital, etc; a second MA, call it “cable access,” covers CSE’s collection from land-based telecommunications infrastructure (primarily switching centres connected by fibre optic lines), with or without the cooperation of the companies involved; and the third MA covers computer network exploitation (CNE) activities, i.e., computer hacking.

Whether this breakdown is correct or not, it is clear that three broad classes of activities are consistently being renewed year after year, probably usually with only minor modifications, and that all of the activities listed above are among those contained in the MAs somewhere.

On the whole, the MA process seems to be running pretty smoothly. During the first four years of the new regime, only one of the twelve foreign intelligence MAs issued was less than fully approved. Last year, however, that pattern broke, as all three of the 2023 MAs had elements rejected by Commissioner Noël.

As is usually the case when dealing with CSE, redactions prevent us from knowing all the details of what Noël objected to. But we do know there was a lot of overlap in the three decisions: in all three cases, Noël objected to the inclusion of catch-all provisions permitting CSE to carry out “any other activity that is reasonable in the circumstances and reasonably necessary in aid of any other activity, or class of activity, authorized by this Authorization.” This provision was based directly on the language in paragraph 26(2)(e) of the CSE Act, the statute that gives CSE its powers, but as Noël argued, that act requires that the minister be the judge of the reasonableness of such activities and that the reasonableness of the minister’s decision then be assessed by the Intelligence Commissioner: it does not empower the minister to delegate that determination to officials at CSE by pre-approving whatever CSE later judges to be reasonable.

In one of the MAs, the 21 April 2023 authorization, CSE also sought permission for activities that, in the Intelligence Commissioner’s view, fell outside the scope of the foreign intelligence section of the CSE Act, encompassing a “much broader class of activities” than could “reasonably fit into the more limited class found in the statute.”

We are left to speculate as to what kinds of things those activities might entail.


Is there human intelligence at CSE?

One possibility might be that they concern computer network exploitation operations conducted jointly with foreign partners such as NSA or GCHQ, where the goals or methods of the operations might extend beyond those delimited in CSE’s statute. Some of the intelligence sought might concern topics not represented in Canadian intelligence priorities, for example. Or the overall goals of the operation might consist of a blend of outcomes that in Canada fall under the separate categories of foreign intelligence operations and foreign cyber operations.

Another possibility is that the broader class of activities cited by the Commissioner might encroach on more traditional spying, i.e., human intelligence (HUMINT), territory.

The CSE Act permits CSE to “acquire, covertly or otherwise, information from or through the global information infrastructure, including by engaging or interacting with foreign entities located outside Canada or by using any other method of acquiring information” (emphasis added). One covert way to acquire SIGINT is to use contacts with foreign individuals to obtain login credentials or other information about target IT systems or even to install hardware or software implants on those systems. This sort of activity could range from entirely online, legal business arrangements conducted from CSE’s facilities in Ottawa all the way to, depending on how generously you interpret CSE’s statute, the use of undercover officers to run agents and conduct close-access operations in foreign countries.

I don’t think CSE has any desire to operate way down on the far end of that HUMINT spectrum, but in seeking to leave its options open for actions on the more innocuous end, it may have proposed some sort of catch-all language that was too inclusive for the Commissioner’s liking.

Whatever the actual issue that was at stake, the Commissioner made it clear that, in his view, rejection of this particular provision of the authorization did not restrict the activities that CSE had specific plans to carry out under the MA, presumably because the specific things CSE already knew it wanted to do were covered by the more specific, approved elements of the authorization.

The Commissioner also noted that an MA that included an identical list of activities had been approved by his predecessor, Commissioner Plouffe, just a year before on 29 June 2022, explaining that this was not an impediment to his own conclusions because “that decision was based on its own, different record.” This probably means that the application submitted to the minister in that case spelled out a more limited and specific set of measures that CSE could undertake to perform the activity listed in the authorization and/or specifically ruled out some types of measures.

Interestingly, the one foreign intelligence MA that Plouffe did not fully approve (the 20 July 2021 MA) was from the same family of authorizations and was in fact the MA that was replaced a year later by the 29 June 2022 MA. It may be that Plouffe had the same or similar reservations back in 2021. In his 2022 decision, he wrote, “In my 2021 decision, I made remarks with respect to the record received. I note that this year’s record responds to those remarks.”

Whatever specifically concerned Plouffe in the 2021 MA was not revealed to us, of course, but we were given a few clues. Part of Plouffe’s concern was that “the application does not contain supporting information explaining how, and through which specific activities the acquisition of [redacted] would take place. The application does describe that CSE would be acquiring this information from the GII” – the Global Information Infrastructure – “by [redacted.] That being said, the application offers no additional explanation as to how CSE plans to approach this method of acquiring information, including what activities are contemplated.”

A report published by the National Security and Intelligence Review Agency (NSIRA) in 2023 may indicate that NSIRA had similar concerns about an even earlier foreign intelligence MA.

That report looked at the 2019 MAs, the first ones issued under the CSE Act. One set of activities provided for in one of the foreign intelligence MAs was of particular concern to NSIRA, which noted that “Similar activities conducted by other security and intelligence departments have been found to require an explicit statutory justification regime…. The CSE Act contains no such justification regime.” According to NSIRA, “Although these activities have not yet occurred, there is no indication that CSE has fully assessed the ramifications – legal or otherwise – of the activities authorized in [redacted] Authorization.” The agency recommended that CSE “seek a fulsome legal assessment on activities authorized by [redacted] MA prior to undertaking any collection activities under [redacted] MA. The legal advice should address whether there is an implicit justification regime created in [redacted] MA.”

More specific details were, you guessed it, redacted. But a version released to me under ATIP request A-2021-011 was slightly more forthcoming.



In the graphic above, the publicly released version of the report is on top and the ATIP version is below.

As can be seen, at least part of NSIRA’s concern seems to have been related to the nature of CSE’s interactions with individuals in the course of its efforts to access information on the Global Information Infrastructure. So, maybe there really is a HUMINT or HUMINT-adjacent nexus here.

NSIRA’s report wasn’t released to the public in its declassified form until 2023, but the classified version was completed in late 2020 or early 2021 and thus was very likely seen by Intelligence Commissioner Plouffe before he considered the 20 July 2021 MA. Did it contribute to his decision to only partially approve that MA? It certainly seems possible.

CSE more or less shrugged off NSIRA’s recommendation that it seek a fulsome legal assessment of the proposals that concerned the review agency, accepting it “in principle” but asserting that it already knew everything was properly authorized. Maybe the Intelligence Commissioners have been taking the issue – whatever it may be – significantly more seriously. 


Internal thresholds

Another of the Intelligence Commissioner’s 2023 decisions provided some valuable information about the limits that CSE and the Minister impose on the agency’s foreign intelligence activities.

Under the CSE Act, ministerial authorizations can make it legal for CSE to conduct activities "despite any other Act of Parliament or of any foreign state." The agency’s active and defensive cyber operations are forbidden from causing, intentionally or by criminal negligence, death or bodily harm to an individual or wilfully attempting in any manner to obstruct, pervert or defeat the course of justice or democracy, but the act places no such limits on the conduct carried out under CSE’s foreign intelligence or cybersecurity mandates.

Back in 2017, I joked that, for those mandates, the agency was about to be licensed to kill. But I added that CSE would not only have to want to do that, it would also have to convince the Minister that such an action would be reasonable and proportionate, and then the Intelligence Commissioner would need to conclude that the Minister’s decision was itself reasonable. So, they’d need to have a pretty darn good reason to kill you.

Happily, there’s still no reason to think that CSE is actually getting into the killing business.* (*Except in the context of providing intelligence and/or cyber operations support to certain military operations conducted by or in partnership with the Canadian Armed Forces under their authorities.)

But it’s reassuring to learn from Noël that in some or perhaps all foreign intelligence ministerial authorizations, the Minister also sets out “general internal limits on CSE activities undertaken pursuant to the Authorization, including that CSE will not cause, intentionally or by criminal negligence, death or bodily harm to an individual or willfully attempt in any manner to obstruct, pervert or defeat the course of justice or democracy” – i.e., the same prohibitions as those applied to CSE cyber operations.

Noël is strongly in favour of this approach, commenting, “I am of the view that explicitly including these limits is necessary, as the CSE Act does not provide for them [in the context of foreign intelligence authorizations] and they do not appear in policy documents in the record.”

If there’s one aspect of this that still leaves me slightly uneasy, it’s that bit where Noël writes that these limits do not appear in CSE’s policy documents. The CSE Mission Policy Suite is classified, and it can be amended at any time with no public notice, but at least if the limits were spelled out in formal policy, we – and CSE’s own employees – could be sure that the present intent is to apply them universally. Spelling them out in statute would be even better. Making them an add-on to annual ministerial authorizations restricts those limits to specific dates and circumstances and at least theoretically preserves the option of not adding them in some future instance.

I doubt very much that anyone at CSE is trying to preserve even the theoretical option of deliberate murder, but the limits cover much more than just that. Is CSE hedging its bets on other activities that might cross into territory that is, for cyber operations, forbidden? 


Defining essential

The Intelligence Commissioners also add formal remarks to many of their decisions to highlight issues that they feel deserve more attention, and one of Noël’s remarks in a recent decision raises an interesting issue.

In that decision, Noël noted that CSE may only retain information relating to a Canadian or a person in Canada if it is assessed to be “essential to international affairs, defence or security, including cybersecurity,” and that, in an earlier decision, he had suggested that a greater understanding of the operational definitions of what constitutes international affairs, defence, and security, including cybersecurity, would be beneficial. Noël reported that, in its response, CSE had tied its understanding of those terms to the Government of Canada’s foreign intelligence priorities: if information is essential to the provision of intelligence that responds to those priorities, then for CSE’s purposes it is essential to international affairs, defence, or security. “This approach avoids the difficult task of CSE having to independently define the subjective, regularly-evolving, and context-specific bounds of the terms international affairs, defence and security, and ensures its approach does not result in inconsistencies with how Cabinet views those terms.”

This does seem like an elegant solution to the problem, and Noël wrote that he found it reasonable: “Although the Minister does not include this definition in her conclusions, which would have been preferable, I am satisfied that it falls within a range of interpretations that could be reasonable given the purpose of paragraph 34(2)(c) of the CSE Act.”

I wonder, however, if it begs the question to some extent.

The Cabinet determines Canada’s overall intelligence priorities, the Minister of National Defence issues a directive to CSE detailing the priorities relevant to its foreign intelligence mandate, and CSE then responds to those directions. All that is true. But the priorities issued by the Cabinet and the minister are expressed in very general terms. By the time they are articulated for CSE’s purposes in the National SIGINT Priorities List (NSPL), CSE has had very extensive input into what intelligence it specifically will or will not seek. The NSPL cannot be inconsistent with the priorities set by Cabinet, but much of the work of operationalizing those priorities falls to CSE itself, working in cooperation with the Privy Council Office and major customer departments.

Furthermore, we know from the publicly released version of the November 2012 ministerial directive that CSE has at least sometimes been instructed to use its own initiative to collect intelligence on matters entirely outside the specific priorities identified by the government: “In the course of its mandated activities, CSE should also actively monitor and report on other issues to ensure Canada is aware of and can respond to other intelligence related to emerging events, opportunities, and crises.”

This is a sensible provision, as otherwise CSE would have to wait for new instructions before it could provide early warning of emerging issues or collect information on crises and other fast-moving topics that were unanticipated at the time the priorities were issued. The same provision or something much like it is probably in the current directive as well, and if it’s not, it should be.

But this means that – at least in these edge cases – it is up to CSE itself to determine what information is considered essential for Canada’s international affairs, defence, or security.

The notion that CSE doesn’t need to consider the question of essentiality because the answer mirrors Canadian intelligence priorities may be a little less satisfying once you consider that those priorities are articulated to an important degree by CSE itself.

 

CYBERSECURITY – FEDERAL INFRASTRUCTURE

Moving on to cybersecurity, it is now clear that one omnibus authorization is issued each year to cover all of CSE’s activities on the federal government information technology infrastructure that might otherwise breach the law or impinge on privacy rights. In practice, the authorization covers the deployment of, and analysis and reporting of the data collected by, sensor devices and software systems that monitor communications traffic and other activities on consenting federal government networks (network-based sensors, NBS), cloud infrastructure (cloud-based sensors, CBS), and endpoint devices, such as government-issued laptops and smartphones (host-based sensors, HBS). These systems are also used to implement mitigation measures to counter hostile activity.

The authorization process for these activities seems to be running pretty smoothly, with only one MA so far being less than fully approved. That partial rejection occurred in Intelligence Commissioner Plouffe’s 27 June 2022 decision.

In that case, the Intelligence Commissioner concluded that the proposed activity was “outside the scope” of the relevant part of the CSE Act, subsection 27(1), which provides for “accessing a federal institution’s information infrastructure, and acquiring any information originating from, directed to, stored on or being transmitted on or through that infrastructure.” In Plouffe’s view, the notion of infrastructure implied in CSE’s request covered “a much wider ambit than the notion of federal institution’s information infrastructures found in [subsection 27(1)].”

In keeping with CSE’s ongoing commitment to make this kind of analysis challenging, the details of the specific aspect of the MA that was rejected were of course redacted, but I do have a guess for you.

[Update 2 June 2024: I originally guessed that the issue might have something to do with the deployment of the MAPLETAP cloud-based sensor system, which began in January 2022. But I'm now doubtful that this is correct. According to the National Security and Intelligence Committee of Parliamentarians (NSICOP), the deployment of CBS systems began around 2019: "In 2019, [the Treasury Board Secretariat (TBS)] obligated departments to include cloud-based sensors as part of their cloud implementation, and CSE and [Shared Services Canada (SSC)] started onboarding departments for cloud-based sensor deployments. The deployment of cloud-based sensors was further accelerated as a result of the COVID-19 pandemic. In May 2020, TBS established service-specific guardrails for Microsoft Office 365 and SSC fast-tracked, in collaboration with TBS and CSE, the migration of departments to cloud-based email and collaboration services to respond to significant demands for remote work. CSE and SSC collaborated to rapidly add cloud-based sensors to *** organizations." This seems too early to be the issue raised in the June 2022 MA, unless the specific MAPLETAP CBS deployment somehow changed the equation.]

What happened next is even more interesting.

The following year’s MA left out the activity that Plouffe had rejected, but not because CSE no longer intended to do it. Instead, CSE had obtained a legal opinion that it didn’t need ministerial authorization for the activity after all and had just gone ahead and started to do it!

Commissioner Noël, who by that time had succeeded Plouffe, was distinctly unimpressed by this approach, commenting, “I am left uncertain and perplexed as to why the activity in question, which I understand is currently being carried out, no longer requires ministerial authorization. Indeed, when a decision maker denies an application to conduct an activity and is thereafter informed the activity is nevertheless being conducted, I would expect an explanation to be reflected in the record, beyond a simple statement that CSE obtained a legal opinion, particularly in an ex parte context. I would have expected the same if the former Intelligence Commissioner had authorized the activity and over the course of the year CSE had amended its position and concluded the activity no longer needed ministerial authorization.”

Bam.

The same issue then turned up a few months later in an MA proposal concerning non-federal infrastructure, in response to which Noël wrote that his concerns about CSE’s behavior had not yet been addressed and that he expected CSE to “provide a satisfactory response in the context of a future request for a cybersecurity authorization.”

It’s not clear whether the re-appearance of the issue in that MA meant that CSE had decided to acquire a non-federal authorization for the activity that had been rejected for a federal authorization in 2022 or just that some other matter that raised the same process concerns had arisen. Whatever the subject was, that MA did end up being fully approved.

 

CYBERSECURITY – NON-FEDERAL INFRASTRUCTURES

Which brings us, at last, to the topic of authorizations for cybersecurity activities on non-federal infrastructures, the final type of CSE-related MA overseen by the Intelligence Commissioner.

CSE’s Cyber Centre provides a wide range of cybersecurity advice, guidance, and services to institutions and even individuals outside the federal government, but for a non-federal client to receive direct support, it must first fall into a category of information and information infrastructures designated by the Minister of National Defence to be of importance to the Government of Canada.

According to NSICOP, an omnibus ministerial order issued on 25 August 2020 designates “10 critical infrastructure sectors: government (federal, provincial, territorial, municipal and Indigenous), energy and utilities, information and communications technology, finance, food, health, water, transportation, safety, and manufacturing; information related to the well-being of Canadians and the infrastructure lawfully containing it; entities that support the protection of electronic information and information infrastructures of importance to the government; multilateral organizations located in Canada in which the government is a member; registered Canadian federal, provincial, and territorial political parties and their electronic information and information infrastructures; and post-secondary educational institutions.”

More recently, on 17 March 2022, the Minister also designated the electronic information and networks of the governments of Latvia and Ukraine.

If an entity designated in a ministerial order requests cybersecurity support from CSE, the agency then considers how it might respond and whether it has the resources to do so. To provide services that entail the collection of data about Canadians or that might otherwise contravene Canadian laws or implicate the privacy of Canadians, CSE must also obtain an appropriate MA.

Like CSE’s activities on federal government infrastructure, those MA-based services probably normally involve deployment of network-, cloud-, and host-based sensors, analysis of the data collected, and recommendation or direct implementation of mitigation measures.  

When CSE received the power to undertake such activities on non-federal infrastructures in 2019, my initial expectation was that quite a large number of authorizations would be issued. 

But that has proven not to be the case.

One set of MAs appears to have been issued on a continuing basis since 2021, probably involving just a single company. This MA, doubtless with minor annual modifications, has now been issued three times, and it will likely continue to be issued in the future. 

Beyond that set, only three other non-federal MAs have been issued since 2019, two with the standard one-year validity and one that expired after just six months. At least one of these MAs seems to have been issued to deal with a short-term, comparatively urgent situation, after which the entity that received support was expected to revert to providing for its own cybersecurity, but some of them may also herald the beginning of a longer-term relationship.

Details are, as ever, lacking, but there are a few clues lying about that we can ponder.

According to NSICOP, when the CSE Act was drafted, “the [non-federal cybersecurity] authority was meant to enable longer-term, more proactive collaboration with non-federal organizations, particularly telecommunications companies.” The ongoing set of three MAs probably falls into this proactive category, which suggests that they may apply to a telecommunications company. If we had to pick just one such company (these MAs do seem to apply to just one), it would likely be Bell Canada. That said, if the issue that arose with the last of these three MAs really did have something to do with federal government use of cloud infrastructure, it’s possible that a different kind of company was involved.

Whatever the recipient’s actual industry and identity may be, CSE’s initial support involved the deployment of host-based sensors.

The other MAs have been more reactive. The first of these MAs, the six-month special, seems to have been issued to support a Canadian managed service provider (MSP) that had been compromised by China or some other state actor. As NSICOP explained it, “In 2019, CSE detected efforts by a state to compromise the network of a Canadian company. The state was well-known for its sophisticated attacks against western targets. CSE identified the company as an organization that provided services to a number of critical infrastructure clients and formally identified the company as a system of importance to the government, consistent with the Minister's ministerial order. … CSE informed the company of the compromise and, in response to its request for assistance, worked with the company to stop the attack.”

NSICOP also noted that “It took time from when CSE detected anomalous cyber activities to when it helped the company take protective measures and obtained ministerial approval to assist. This is not a criticism: the fact that CSE identified the attack at all is a testament to how closely it monitors threats to Canada. But such attacks must be addressed "at the speed of cyber." An advanced threat actor can compromise a system, steal data or undermine system functionality in a worryingly short period. The government must continue to consider practical means for CSE to respond to rapidly emerging cyber threats while ensuring adequate ministerial control and accountability.”

While this concern was surely valid, it seems likely that in this case the delay was mainly caused by the company itself: according to NSIRA, the MA was issued by the minister shortly after the company’s formal request for assistance was submitted.

This first non-federal MA appears to have been a success except for one minor glitch: it seems that someone may have forgotten to turn off the data feed when the MA expired. As NSIRA reported in its 2020 annual report, "In 2019-20, CSE had concerns that it may have received information outside of a valid MA period, in relation to cybersecurity activities on a certain type of infrastructure. CSE ultimately notified the infrastructure owner, purged the inadvertently received information from its systems in accordance with standard privacy safeguards, and launched a review of the incident for the purpose of identifying and implementing additional privacy protection measures. CSE also proactively engaged the Minister of National Defence and NSIRA for transparency and accountability purposes. NSIRA appreciates that CSE brought this incident to its attention. NSIRA did not consider the incident to be of major concern, but view CSE’s proactive and voluntary notification of the incident as a key success in the NSIRA-CSE relationship."

The next reactive MA didn’t appear until 8 December 2022, when a one-year authorization for support to an unnamed client was approved. CSE’s 2022-23 annual report made a brief mention of this instance: “This year, the Cyber Centre also deployed over 5100 host-based sensors to protect a non-federal institution that was experiencing a serious cyber incident. This emergency rollout was authorized by the Minister of National Defence.”

In this case, there seems to have been considerable delay between the discovery of the compromise and its reporting to CSE. The subsequent response may have been an “emergency rollout” in CSE’s eyes, but Intelligence Commissioner Noël commented that “The record does not explain this lapse of time, which raises some questions regarding the urgency for CSE to provide [redacted].”

When the government of Nunavut suffered a major ransomware attack in November 2019, it was forced to disconnect and sanitize or replace its entire IT infrastructure, comprising more than 5,000 devices. That number is strikingly similar to the 5,100 host-based sensors deployed by CSE to its unnamed client three years later, which makes me wonder if Nunavut may have been the client for the 8 December 2022 MA. However, three years would certainly be a significant “lapse of time.” If the client was indeed Nunavut, maybe some later incident was the ultimate catalyst for the deployment.

The most recent of the reactive MAs was approved just under one year later, on 30 November 2023. Unusually, this MA seems to involve more than one recipient of CSE’s services. The file contains multiple letters of request, and the MA provides for the deployment of CSE services at an undisclosed number of client “agencies”. The MA also allows for the onboarding of additional agencies from the same client (or clients) following notification of the Minister and the Intelligence Commissioner.

This doesn’t sound like a private company. My guess is that this MA also involves a provincial or territorial government, conceivably even more than one. In September 2023, several of those governments suffered a highly public series of apparently state-sponsored distributed denial of service (DDoS) attacks that knocked some of their services temporarily off-line. You don’t need intrusive CSE sensor systems to respond to a DDoS attack, but that event may have caused one or more of those governments to review their cybersecurity posture and decide that more comprehensive assistance from the federal government would be prudent.

It's possible that this MA also incorporates the client from the 8 December 2022 MA.

If the subject of the 30 November 2023 MA really is a provincial or territorial government (or more than one), then this MA may turn out to be one that is renewed year after year rather than a one-time activity.

 

Large volumes of information

Either way, the assistance provided was expected to involve the acquisition of large volumes of information. According to the Intelligence Commissioner, “although the Minister’s conclusions do not provide details about the volume of information related to a Canadian or a person in Canada that will be acquired, they reflect his understanding that there will be large amounts given that information is acquired from non-federal systems in Canada.”

This expectation, and a rather sweeping assertion by CSE about what it could do with such data, inspired the Commissioner to address the issue of information-sharing across the various aspects of CSE’s mandate: “The Authorization states that “[i]nformation acquired by CSE under one aspect of the mandate can then be used within CSE to serve other aspects of its mandate, so long as it is relevant to that aspect and meets any particular requirement of the CSE Act that may need to be followed, such as applying measures to protect the privacy of a Canadian or person in Canada.” This is CSE’s position in all cybersecurity and foreign intelligence ministerial authorizations.”

The Commissioner noted that CSE’s wider uses of such information could be a factor in determining whether a cybersecurity authorization is reasonable and proportional: “For example, incidentally acquiring a large quantity of information, knowing some of it benefits from a reasonable expectation of privacy and a lot of it will not be assessed as useful, may be reasonable and proportional on the basis that it is necessary for effective cybersecurity. However, this conclusion may change if the information is also to be used for other purposes or other aspects of CSE’s mandate. Canadians may accept that an email from a grade 12 student to a teacher could be acquired by a non-federal entity responsible for cybersecurity of the school’s system because of potential malware. At the same time, Canadians may think the CSE, on behalf of the federal government, is intruding if that legally acquired email containing no malware appears in foreign intelligence reporting.”

Somewhat reassuringly, Noël concluded that such sharing is much more limited in practice than the blanket statement in the authorization might imply.

In CSE’s internal policies, “any access to and use of unassessed information acquired pursuant to a cybersecurity authorization must be “consistent” with the cybersecurity aspect of the mandate.” (Unassessed information is data that has been collected but has not yet been assessed by a CSE employee for its essentiality to the cybersecurity purpose specified in the authorization.)

And even if access to unassessed information were to be granted for CSE’s other mandates, the CSE Act specifies that information related to Canadians or persons in Canada cannot be retained or used unless it is itself deemed essential for the original cybersecurity purpose.  

Some such information does get deemed essential, and some of it does get shared. (And here I would add that the volume of that sharing is something that CSE absolutely refuses to disclose to the public.) But such sharing is certainly much more limited than it would be if full access to unassessed information were provided.

Noël concluded, “The general blanket statement [in the authorization] purports that CSE has free rein to use all of the information it acquires for all aspects of its mandate as long as it is relevant to that aspect. However, the policy framework and CSE’s practices, at least my review and understanding of them, show that access and use of the unassessed information in this case is limited and must be consistent with cybersecurity purposes. In my view, the general statement requires that additional details explaining these limitations be clearly set out in the record. It is imperative for the Minister and I to understand how CSE is acting within limits imposed by the law. I expect that will be the case in future authorizations.” 


Where is everybody else?

With just six MAs issued for cybersecurity services on non-federal infrastructures since CSE obtained the power to offer such services in 2019, it is evident that only a handful of clients have accessed CSE’s more intrusive capabilities.

To an extent, this was to be expected: it was always CSE’s intent that non-federal entities should use their own IT staff, augmented by private sector cybersecurity services, to look after their own security as much as possible.

And the scarcity of MA-based activities does not mean that CSE has abandoned the non-federal sector. CSE provides many kinds of support to operators of infrastructures of importance that do not require MAs. These range from public alerts and advisories, to the provision of more targeted and restricted briefings and data feeds, to the analysis of non-privacy-related data shared by those infrastructure operators.

The IESO Lighthouse initiative is a good example of data sharing that does not require an MA.

However, another reason for the low number of MA clients may be that CSE can only provide those services to clients that have formally requested them. (This is true also for the specific federal government departments and agencies supported via CSE’s federal cybersecurity authorizations, but in that case there is a strong push within the government to ensure such requests do get made.)

As the extensive list in the 25 August 2020 ministerial order indicates, Canada depends on a lot of different kinds of critical infrastructure, and hostile or potentially hostile states are known to be poking around in that infrastructure to lay the groundwork for potentially disrupting or damaging parts of it in the event of conflict. That infrastructure is also vulnerable to attacks by non-state actors for criminal purposes, such as ransomware, or other causes.

To better protect against those threats, Bill C-26, which is currently before parliament, would enable the government to mandate the implementation of specific cybersecurity programs and practices across several of the most important critical infrastructure sectors.

Most of those measures presumably would not require the direct participation of CSE. But if the law is passed, it is possible that we will also see an increase in the number of non-federal cybersecurity MAs issued, with the current voluntary arrangements augmented in some cases by mandated, more proactive, deployments of CSE’s monitoring and mitigation systems. 

[Update 7 June 2024: It's worth adding that Citizen Lab and others have expressed serious concerns about some aspects of Bill C-26. See, for example, Kate Robertson and Ron Deibert, "Ottawa wants the power to create secret backdoors in our networks to allow for surveillance," Globe and Mail, 29 May 2024.]

 

CONCLUSIONS

Five years into CSE’s new foreign intelligence and cybersecurity ministerial authorization regime, some patterns are becoming clear.

The Intelligence Commissioners have done important work to establish the necessary documentary record, systematize the MA process, and clarify both the key issues that the Minister of National Defence must address when issuing authorizations and the bases on which the Intelligence Commissioners will assess the reasonableness of the Minister’s conclusions. That work is still in progress, but it is likely that all sides have an increasingly clear shared understanding of how this process works in practice.

For foreign intelligence MAs, the system seems to have picked up pretty much where the previous regime left off. The few occasions when Commissioners have declined to approve part of an MA have mostly been about dialing back CSE’s flexibility to go beyond the range of activities specified in the MA without further explicit approval from the minister.

However, there does appear to be at least one substantive issue that has been of continuing concern both to the Intelligence Commissioners and to NSIRA. Redactions prevent us from knowing the exact nature of the issue (or issues) of contention, but one area of concern may be how far CSE can go in its interactions with foreign individuals when pursuing its intelligence collection mission.

The annual cybersecurity MA for federal government infrastructure has also been running pretty smoothly, with only one MA having been less than fully approved. That hiccup may have concerned the status of federal cloud storage provided by private sector infrastructure. Whatever the subject was, it resulted in some testy comments from Commissioner Noël when CSE decided to go ahead and do it anyway.

We are also starting to get a clearer picture of how the new non-federal cybersecurity MAs work in practice. CSE provides cybersecurity advice, guidance, and services to non-federal entities in multiple ways, but the provision of services that require MAs has been low, with only six MAs issued since 2019. Some of the more recent MAs may reflect the extension of cybersecurity services to one or more provincial and/or territorial governments. Another set of MAs may pertain to a telecommunications company or an IT services provider. 

It will be interesting to see if there is an increase in the number of private sector clients for services requiring MAs if Bill C-26 is passed.

Analysis of the post-2019 MA regime is handicapped by the pervasive secrecy that CSE applies even to activities that, in general terms, the agency is well known to conduct. Like NSIRA and NSICOP, the Intelligence Commissioners have pushed back against CSE's reflexive refusal to make even basic information public, which undermines both understanding of the agency's mission and confidence that its actions are legal and appropriate. The Commissioners and their colleagues are making some progress in that regard, but if all the guessing and hedging and identifying of unanswered questions you've just read are any guide, there's still a long way left to go.

 

Update 5 June 2024: See also this addendum to my comments on the 2023 annual report.