Friday, June 28, 2013

Metadata also used in mandates B and C

Documents released under the Access to Information Act to Globe and Mail reporter Colin Freeze confirm that CSE has used metadata not only in support of its "Mandate A" operations, as has already been reported, but also in support of its "Mandate B" and "Mandate C" operations.

CSE has a three-part mandate laid out in the National Defence Act, and within the agency these parts are referred to by the letter of the sub-paragraph that spells them out (A: provision of foreign intelligence; B: protection of electronic information and of information infrastructures of importance to the Government of Canada; C: provision of operational and technical support to federal law enforcement and security agencies). The fact that CSE has collected and/or used metadata in support of all three parts of its mandate suggests that its exploitation of Canadian metadata may be much more extensive than has been supposed to date.

The documents (which unfortunately are not yet available online) confirm that the Ministerial Directive on Collection and Use of Metadata signed in 2005 authorized metadata collection and use for both Mandate A and Mandate B operations:
On March 9, 2005 the Minister of National Defence signed a Ministerial Directive (MD) to the Chief CSE describing how the Minister expects CSE to collect, use [redacted] metadata acquired in support of its foreign intelligence acquisition programs (mandate (a)), as well as for its computer systems and networks protection programs (mandate (b)) as they relate to malicious cyber activity. [OCSEC Review of the Ministerial Directive, Communications Security Establishment, Collection and Use of Metadata, March 9, 2005, January 2008]
That 2005 directive was subsequently replaced by an updated version signed by Defence Minister Peter MacKay on 21 November 2011. The documents that have been released do not confirm that the new version also authorizes both Mandate A and Mandate B activities. A highly redacted version of the new directive itself has been released, but the non-redacted portions of the text refer only to Mandate A.

It seems pretty clear, however, that Mandate B metadata activities are still being conducted by CSE. The CSE oversight commissioner stated on 13 June 2013 that "In the case of metadata, I verify that it is collected and used by CSEC only for purposes of providing intelligence on foreign entities located outside Canada and to protect information infrastructures of importance to the government." The second part of that statement is a direct reference to Mandate B. This suggests either that the 2011 Ministerial Directive, like its predecessor, does authorize Mandate B activities or that a separate Ministerial Directive or other instruction now does that.

The Commissioner's 2008 review looked only at the Mandate A activities. It did state, however, that
Any future OCSEC review will likely examine and assess CSE’s metadata activities in relation to mandate (b). While not a focus of this review, we did learn that all telecommunications data [redacted], is also subject to processes designed to identify malicious cyber activity [redacted].
As the phrase "all telecommunications data" may suggest, the amount of communications metadata collected and analyzed in support of Mandate B could be quite large. Threats to Canadian government electronic information and information infrastructures do not emanate solely from outside Canada or solely from non-Canadians, and subsection 273.65(3) of the NDA gives the Minister the power to authorize the interception of private (i.e., Canadian) communications for the "purpose of protecting the computer systems or networks of the Government of Canada." It seems nearly certain, therefore, that extensive use is made of Canadian metadata in CSE's Mandate B operations.

Less information is available about Mandate C activities. However, a draft version of a CSE policy document (OPS-1-10, Procedures for Metadata Analysis, June 2006 draft) indicates that such activities do take place:
Metadata analysis conducted in support of Federal Law Enforcement or Security Agencies (LESAs) to obtain Security or Criminal Intelligence (mandated under paragraph 273.64(1)(c) of the NDA, known as ‘Mandate C’) is handled only in accordance with OPS-4-1, Procedures for CSE Assistance to Canadian Federal Law Enforcement or Security Agencies, and OPS-4-2, Procedures for CSE Assistance Under Section 12 of the CSIS Act.
The primary focus of Canada's law enforcement and security agencies is on activities inside Canada, conducted mainly by Canadians. It is therefore safe to conclude that any metadata analysis conducted for these agencies is going to focus primarily on Canadians.

The existence of multiple metadata mandates raises the possibility that one set of activities may feed into the others. Is it possible, for example, for CSE to collect an extensive database of Canadian domestic metadata in support of its Mandate B activities and then mine that data for CSIS and the RCMP under the umbrella of Mandate C?

Safeguards may exist that prevent such cross-overs. But if so, what are they? And who guarantees that they will stay in place?

The main assurance we've heard from Defence Minister MacKay so far is that "this program is specifically prohibited from looking at the information of Canadians." (See also "we use metadata to identify and collect international, not domestic, communications.")

Those statements don't seem very convincing.

As the CSE Commissioner has reported, even Mandate A activities "involve CSEC's use and analysis of information about Canadians for foreign intelligence purposes". Mandate B must certainly involve extensive metadata about Canadians assuming CSE is doing its job properly. And Mandate C is almost entirely about Canadians and other people in Canada.

Sunday, June 23, 2013

DC SIGINT speech describes life inside CSE

Jim Bronskill gets a fascinating glimpse into the life of an analyst at CSE via a 2010 speech by Deputy Chief SIGINT Shelly Bruce (Jim Bronskill, "Nerd farm no more: Speech offers rare glimpse into eavesdropping agency," Canadian Press, 23 June 2013).

Apparently they are no longer just boffins and nerds. Today's SIGINT analysts are social creatures:
"The stereotype of the SIGINTer as an introvert incapable of looking you in the eye was never altogether inaccurate, but increasingly we have a cadre of well-spoken, well-rounded and outgoing young people," Bruce said.

"They overcome their introversion because the subject matter so enthralls them that they have to share it."
But what is it that they're sharing? And with whom?

Interesting piece. Well worth reading the entire article.

Saturday, June 22, 2013

Boundless Informant comes to Canada

NSA's Boundless Informant tool enables analysts to quickly assess where NSA's SIGINT is being collected.

Among other displays, the tool can produce "heatmaps" showing the relative intensity of collection in countries around the world, based on metadata records, with intensity ranging from red (most intense) to dark green (least intense). The map shown above is a detail from a Boundless Informant heatmap published by the Guardian showing the intensity of NSA collection of "digital network information" during March 2013.

What does this map say about NSA collection in Canada?

No numbers are provided for the intensity of collection in Canada, but the colour assigned to the country tells us a little. As you would expect, collection in Canada is much less intense than it is of major SIGINT targets such as Iran, Pakistan, India, and China. It is also much lower than collection in the United States itself. (NSA's collection of U.S. domestic metadata records may explain most of the collection shown in the United States.)

Collection in Russia, once by far the NSA's largest target, is surprisingly low, roughly on par with that in Brazil. Not all sources of collection are reported through Boundless Informant, however, so it is possible that the rankings would shift if all types of collection were reflected.

Mexico is the second most important SIGINT target in Latin America. (Sorry, Cuba, it looks like they're just not that into you anymore.)

And Canada is only very slightly below Mexico in the worldwide collection intensity rankings.

Although no numbers are attached to most countries, it seems reasonable to guess that Mexico is a fairly important SIGINT target for the NSA. The country has a population three times as large as Canada's; it borders the United States, and the two countries share an important economic relationship; it maintains an active diplomatic profile in the world, often working with the "non-aligned" countries, whose activities are of special intelligence interest; and the cross-border drug trade and illegal immigration issues make intelligence about Mexico especially interesting to the U.S. intelligence and law enforcement communities. Also, unlike Canada, Mexico has no agreement with the U.S. that is supposed to prevent the NSA from monitoring Mexican citizens.

So why does collection in Canada appear to be nearly as intense as it is in Mexico?

This is not a map showing the output of the Canadian and other allied SIGINT sites that feed the combined UKUSA intelligence effort (although the program can reportedly produce such maps). If it were based on collection sites, Britain, which plays a key role in monitoring international fiber optic traffic, would be much, much brighter than its current, only slightly brighter than Canada colour.

So why is Canada the colour that it is? A large part of the explanation, I'm guessing, lies in the collection by NSA of communications that cross back and forth between Canada and the United States. Because those communications pass into the United States, the U.S. may consider them to be both of special interest from a security and law enforcement perspective and fair game for collection. (It could also include material collected by Canadian agencies and made available to U.S. analysts.)

Several questions arise if this is the primary explanation for Canada's colour.
  • Does the Canadian government approve of this exception to the agreement against collection? Does the agreement explicitly provide for this exception? (Does the agreement actually exist in any practical manifestation at all? Is it just a convenient agreed fiction?)
  • Is the vast amount of internet traffic between Canadians and U.S.-based providers of internet services such as e-mail, social media, and data storage subject to collection and, at least potentially, analysis?
  • How much access to such intercepts does the Canadian government get? The prohibition against asking the U.S. to monitor Canadians in ways that it would not be legal for the Canadian government itself to do is not a prohibition against receiving information volunteered by the U.S., and former Solicitor General Wayne Easter has suggested that Canada routinely receives such data.

Friday, June 21, 2013

Mastering the Internet

The Guardian reports on GCHQ's program to monitor the vast quantities of Internet data pouring through fibre optic cables that Britain has access to, as part of a broader effort called "Mastering the Internet" (Ewen MacAskill, Julian Borger, Nick Hopkins, Nick Davies & James Ball, "Mastering the internet: how GCHQ set out to spy on the world wide web," Guardian, 21 June 2013):
Though the documents are not explicit, it seems the Mastering the Internet programme began life in early 2007 and, a year later, work began on an experimental research project, run out of GCHQ's outpost at Bude in Cornwall.

Its aim was to establish the practical uses of an "internet buffer", the first of which was referred to as CPC, or Cheltenham Processing Centre.

By March 2010, analysts from the NSA had been allowed some preliminary access to the project, which, at the time, appears to have been codenamed TINT, and was being referred to in official documents as a "joint GCHQ/NSA research initiative".

TINT, the documents explain, "uniquely allows retrospective analysis for attribution" – a storage system of sorts, which allowed analysts to capture traffic on the internet and then review it.

The papers seen by the Guardian make clear that at some point – it is not clear when – GCHQ began to plug into the cables that carry internet traffic into and out of the country, and garner material in a process repeatedly referred to as SSE. This is thought to mean special source exploitation.

The capability, which was authorised by legal warrants, gave GCHQ access to a vast amount of raw information, and the TINT programme a potential way of being able to store it.

A year after the plaintive [2009] email asking for new ideas, GCHQ reported significant progress on a number of fronts.

One document described how there were 2 billion users of the internet worldwide, how Facebook had more than 400 million regular users and how there had been a 600% growth in mobile internet traffic the year before. "But we are starting to 'master' the internet," the author claimed. "And our current capability is quite impressive."

The report said the UK now had the "biggest internet access in Five Eyes" – the group of intelligence organisations from the US, UK, Canada, New Zealand and Australia. "We are in the golden age," the report added. ...

GCHQ's mid-year 2010-11 review revealed another startling fact about Mastering the Internet.

"MTI delivered the next big step in the access, processing and storage journey, hitting a new high of more than 39bn events in a 24-hour period, dramatically increasing our capability to produce unique intelligence from our targets' use of the internet and made major contributions to recent operations."

This appears to suggest GCHQ had managed to record 39bn separate pieces of information during a single day. The report noted there had been "encouraging innovation across all of GCHQ".
Canada appears only tangentially in the Guardian coverage, leaving Canadians to wonder if CSE is involved in the UKUSA effort to "Master the Internet".

Let's turn to then-CSE Chief John Adams for the answer to that (Proceedings of the Standing Senate Committee on
National Security and Defence
, 30 April 2007):
The volume and type of communications is literally endless. That combination is the challenge for us. Our vision is security through information superiority. We want to master the Internet. That is a challenge that no one institution — be it ours or the National Security Agency, NSA, for that matter — can manage on their own. We try to do that in conjunction with our allies.

At the same time, we have a threat that is very diverse, very distributed around the world — similar to needles in haystacks. We have the combination of the technology and the threat that, together, make it virtually impossible for any one organization to manage it on its own. That is what we mean by working together. If we are to master that Internet, we will have to do it together; and we are focusing on that.
He used the same terminology in an interview in 2006 (Paul Crookall, "Gathering Intelligence: The challenges of the Communications Security Establishment," Canadian Government Executive, December 2006):
The internet is now a major theatre of operations. Terrorists use it as a principal tool, to research, recruit, plan, communicate and coordinate. We use it to gather intelligence. We have to master the internet or pay the price.

I think not.

Thursday, June 20, 2013

Wark on the metadata question

Wesley Wark explains why Canadians should care about metadata ("Yes, metadata spying is a big deal," Ottawa Citizen, 18 June 2013):
Metadata snooping, as the CSEC Commissioner’s June 13 letter suggests, may be directed at foreign targets, may be lawful and may respect the privacy of Canadians. Is this the end of the story? Not even for the CSEC Commissioner. The problem is that the metadata program was signed off on by a secret Ministerial Directive, was kept secret even by the watchdog agency, was kept out of the reach of parliamentary review. The revelations about a program that has existed in Canada since 2004 are too recent, and we know too little about it, to be reassured so easily. In documents obtained by the Globe and Mail through Access to Information, even the operational definition of metadata is heavily redacted. Moreover, it is now clear that the watchdog agency had serious reservations about the program when it competed its first study (classified Top Secret) in January 2008. Five years have since elapsed and five years is a very long time in the fast-paced world of intelligence gathering and communications advances.

Metadata may be described as “data about data” or as the envelope, not the contents, of messages. But we also know two things: that intelligence agencies are investing in metadata collection very heavily and, we have to assume, with an intention of gaining real intelligence payoffs. We also know that metadata collection, in its aggregate, can tell security and intelligence services a great deal about the people sending such messages.

It was a technique used, in a famous recent case, to unlock the nature of the communications between Paula Broadbent and General David Petraeus, that led to the resignation of Petraeus as head of the CIA and the tarnishing of his military career. That metadata collection can help catch terrorists and foil terrorist plots, as senior U.S. officials have stated, is not in doubt. What is in doubt is the broad reach of metadata and its implications for democratic society.

Canadians have the same right to a “national debate” as President Obama promised the American public. And we have the same kinds of questions, not to be turned aside by suggestions that we are all being hysterical about Big Brother. The questions are these: What is metadata in the hands of intelligence services? How exactly is the privacy of Canadian communications, guaranteed under the law, to be protected? How adequate is the current law given fast-paced changes in communications technologies and practices? How can we make our watchdog agencies more useful and less secretive in speaking to Parliament and the Canadian public? How can we know that metadata collection is proportionally worth the potential intrusions it brings to the lives of Canadians? This is not a “manufactured” story as Ray Boisvert, the former deputy director of CSIS, has tried to suggest. It’s a real story and deserves a mature and substantial response — from government, from the agencies doing the collection, such as CSEC, from the watchdog agency, from Parliament, from the media and from Canadians.

Transparency fail IV

CSE has failed to meet its obligation under Canada's privacy laws to publicly list its personal information data banks, Jim Bronskill reports ("Eavesdropping agency's personal info banks go unlisted despite legal obligation," Canadian Press, 20 June 2013):
The Defence Department appears to have broken the law by failing to publish the latest personal information listings of Canada's electronic eavesdropping agency.

Under federal privacy law, ministers are obliged to list the personal data banks — which hold information about individuals — compiled by agencies in their portfolios.

However, there is no public listing this year for Communications Security Establishment Canada, known as CSEC, which reports to the defence minister.

The omission has prompted University of Ottawa professor Amir Attaran to lodge a complaint with the federal privacy commissioner, who polices the federal law governing personal information. ...

CSEC spokesman Ryan Foreman said the spy service's personal information banks used to be listed along with other Defence Department holdings in a federal publication called InfoSource, but in future will be cited separately, as CSEC is now a standalone agency.

"CSEC is not exempted from the reporting requirements to publish an InfoSource submission. CSEC will be preparing its first independent InfoSource submission for the 2013-2014 reporting period," Foreman said.

"Previously published versions of InfoSource can be accessed through the Treasury Board Secretariat."

Attaran points out that CSEC became a separate agency in November 2011, and the Privacy Act clearly states that the responsible minister — in this case Defence Minister Peter MacKay — must list a body's personal information banks at least once annually.

In addition, the listing must include a description of the sort of information in the banks, how long the data will be kept, and where a member of the public can send a request under the Privacy Act for any files about themselves in the banks.
Previous transparency fails here and here.

Former CSE Commissioner Gonthier worried about metadata sharing with CSIS

The latest from Colin Freeze ("Watchdog warned of CSIS data access; Commissioner cautioned against electronic eavesdropping agency sharing intelligence with domestic spy agency," Globe and Mail, 19 June 2013):
The watchdog agency that sounded the alarm on Canada’s metadata surveillance program has also raised red flags about how that intelligence is exchanged with CSIS.

Newly obtained correspondence shows that retired Supreme Court judge Charles Gonthier worried that mass-collection surveillance methods could blur lines between domestic- and foreign-intelligence gathering in Canada, by muddying the mandates of the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment Canada (CSEC or CSE).

For almost a decade, the CSEC, an electronic eavesdropping agency, has been explicitly authorized to collect metadata – phone logs, Internet protocol addresses and similar information – in hopes these data trails will map out groups of terrorists. The practice was revealed in The Globe and Mail last week.

Mr. Gonthier was concerned about whether domestic spy agencies seeking suspicious citizens could tap into foreign-surveillance metadata motherlodes, without warrants.

To this end, he sent a flurry of letters to top Ottawa security officials five years ago. Mr. Gonthier, who then worked as the watchdog for the CSEC, urged continued walls between agencies – especially when it came to sharing the fruits of surveillance programs.

“I recommend that CSE ensure that the CSIS-CSE Memorandum of Understanding is revised to reflect current practises,” Mr. Gonthier wrote to Defence Minister Peter MacKay in a memo in January 2008.

That September, he followed up, telling Mr. MacKay that intelligence exchanges involving the CSEC metadata program were a specific area of concern. “This is important because it determines the legal requirement (e.g. ministerial authorization v. a court warrant) in cases where activities may be ‘directed at’ a Canadian,” Mr. Gonthier wrote. “It also determines which agency is responsible for the information, and how that information collected should be handled.”

Mr. Gonthier also asked questions about whether the CSEC metadata program would sufficiently protect the privacy of Canadian communications as information was shared. ...

Mr. Gonthier also suggested CSEC needed reassurances – in writing – thats its partnerships with CSIS were legal.

He specifically said CSEC should better vet CSIS requests for information “to ensure all information required under CSE policy is contained … including the written assurance that the (CSIS) information was required lawfully, in accordance with an investigation or warrant.”

In the United States, such practices have already emerged as controversial. “Metadata, in essence, replaced probable cause. The so-called wall between intelligence and law enforcement simply didn’t exist,” said Thomas Drake, a 56-year-old who was a U.S. National Security Agency executive in the early 2000s.

“In many cases NSA became the hunter – they would find information and pass it on,” he told The Globe in an interview.

Today Mr. Drake is celebrated as a whistle-blower, after the U.S. government failed to prosecute him on charges that he had illegally leaked information about the NSA. He urges the public to be wary of government surveillance. The NSA “wanted their hands on every single piece of metadata they could find,” he said.

Wednesday, June 19, 2013

The land beyond the land beyond

Artist Charles Stankievech has produced a marvellous 35-mm film installation focused on the Canadian signals intelligence station at CFS Alert called The Soniferous Æther of the Land Beyond the Land Beyond.

Wired magazine has a nice explanation of the project here. I can't agree with Brook's description of the station as "declassified" -- Stankievech was almost certainly told not to photograph the station's antenna arrays, and the security folks certainly didn't let him inside the station's (now largely remotely operated) operations spaces -- but it was quite an accomplishment on Stankievech's part to get permission to document the station at all.

Discussions of the project in Art-speak can be found here and here. (I wonder if CSE has anyone who can translate those texts into English.)

All kidding aside, as an avid explorer of the sub rosa world of intelligence outposts and a Visual Arts graduate from the University of Western Ontario, I really like this work. I wish I'd had the chance to see the piece in person.

Tuesday, June 18, 2013

All your human-generated data are belong to us

Presented for your consideration, the Chief Technology Officer of the Central Intelligence Agency's view of the future of Big Data:

(Source: slide 63 in this presentation; view the talk here, discussion of the slide at 26:35)

I, for one, find this statement more than slightly hair-raising.

Monday, June 17, 2013

Monitoring the G20

GCHQ conducted extensive monitoring of diplomatic communications at the G20 summit in London in 2009, the Guardian reports (Ewen MacAskill, Nick Davies, Nick Hopkins, Julian Borger & James Ball, "GCHQ intercepted foreign politicians' communications at G20 summits," Guardian, 17 June 2013).

No particular surprise there, but the Guardian story has some interesting details of the mechanics of the operation, including "Penetrating the security on delegates' BlackBerrys to monitor their email messages and phone calls".

The Guardian reproduces a censored version of a GCHQ briefing slide concerning BlackBerry monitoring (see image at right). Interestingly, the slide displays the logos not only of GCHQ, but also of NSA, CSE, and something called JOINT APPS, suggesting that CSE and other organizations also had some sort of role in the operation.

CSE has warned in the past about the vulnerability of BlackBerries to monitoring (see, for example, Stephanie Levitz, "Bureaucrats sent sensitive information on BlackBerrys despite warnings," Canadian Press, 18 February 2011).

The released documents focus on the role of GCHQ and the support that it provided to the UK government, but it is clear that the monitoring drew on the broader capabilities of the UKUSA community (including the US base at Menwith Hill). And the fact the GCHQ documents were shared with NSA -- thus enabling Edward Snowden to leak them -- indicates that its results were also shared.

It seems extremely unlikely, therefore, that this was a one-off.

Did CSE lead similar operations in Toronto during the 2010 G20 summit?

Was the gazebo bugged?

Update 18 June 2013: Jim Bronskill covers the Canadian angle: "Canada's eavesdropping agency helped spy on G20, documents suggest," Canadian Press, 18 June 2013.

Update 20 June 2013: Craig Forcese explains the legal questions surrounding spying on diplomatic summits: "Spying at the G20: A Captain Renault Moment," National Security Law blog, 20 June 2013.

More shocking moments here.

Update 27 November 2013: Yes, the gazebo was bugged: Greg Weston, Glenn Greenwald & Ryan Gallagher, "New Snowden docs show U.S. spied during G20 in Toronto: Surveillance during 2010 summit 'closely co-ordinated with Canadian partner' CSEC," CBC News, 27 November 2013.

Update 23 March 2015: Judging from this document (page 2) and this document (page 19), I'm going to have to make a COVENANT to stop referring to s.16 foreign intelligence-gathering within Canada as GAZEBO. That name is taken.

Sunday, June 16, 2013

NSA's domestic programs

Fascinating piece by Barton Gellman in today's Washington Post looking at NSA's domestic monitoring programs and how they have evolved since 2001 ("U.S. surveillance architecture includes collection of revealing Internet, phone metadata," Washington Post, 16 June 2013).

The article identifies four major programs related to domestic monitoring in the United States:
  • MAINWAY, which collects the telephone metadata of people in the United States. The collected data reportedly include "phone numbers dialed and length of call but not call content, caller identity or location information". According to the U.S. government the data may be "queried" only when there is "reasonable suspicion" that "an identifier is associated with specific foreign terrorist organizations". The government statement does not specify whether the data are also subjected to computerized network analysis in order to help determine "identifiers" that may be associated with those organizations.
  • MARINA, which collects internet metadata. According to the Washington Post, "MARINA and the collection tools that feed it are probably the least known of the NSA’s domestic operations, even among experts who follow the subject closely. Yet they probably capture information about more American citizens than any other, because the volume of e-mail, chats and other Internet communications far exceeds the volume of standard telephone calls. The NSA calls Internet metadata 'digital network information.' Sophisticated analysis of those records can reveal unknown associates of known terrorism suspects."
  • NUCLEON, which intercepts the content of telephone calls. This program reportedly works on a much smaller scale than the first two. It probably only captures the telephone calls of specific individuals who have already been identified as suspects in on-going investigations.
  • PRISM, which accesses internet content (e-mail, chat texts, search histories, Skype data, data stored in "the cloud", etc.) contained in the data stored by major internet services such as Google and Facebook. These data are reportedly also accessed only with respect to specific individuals or perhaps groups of individuals or organizations.
Other programs, such as those that monitor the data streams at various communications choke points, also likely collect data that sometimes include U.S. domestic communications.

As with CSE, extensive privacy rules are in place to govern NSA's operations, but the details of these rules and the exceptions they may contain are secret.

It is interesting to speculate about how closely CSE's operations may parallel those of the NSA. CSE works extremely closely with the NSA, is interested in much the same kinds of information, and shares technology and techniques. At the same time, however, it does operate under a different legal regime. And the policy authorities in Canada may not always share the views of our southern neighbours as to what kinds of activities are either necessary or appropriate.

Still, it would probably be helpful to look closely at the NSA programs when trying to figure out what kinds of activities CSE may be conducting with respect to Canadian communications.

Those looking for an excellent background introduction to the NSA and its current activities should check out Matthew Aid's recent article ("Inside the NSA: Peeling back the curtain on America's intelligence agency," The Independent, 13 June 2013).

[Update 5:20 pm 16 June 2013: More on NSA domestic surveillance and the privacy rules that may or may not be in place (Declan McCullagh, "NSA spying flap extends to contents of U.S. phone calls," CNET, 15 June 2013).]

Saturday, June 15, 2013

More on metadata

Colin Freeze has an article in today's Globe and Mail explaining what is known so far about CSE collection and use of metadata and describing some of the concerns expressed a few years ago by CSE's oversight commissioner at the time, Charles Gonthier ("How Canada's shadowy metadata-gathering program went awry," Globe and Mail, 15 June 2013):
"Some of CSEC's metadata activities raise issues that make us question whether CSEC is always in compliance with the limits," reads [a 2008] report from the office of then-CSEC watchdog Charles Gonthier, a former Supreme Court justice. It flags questionable activities and the possibility that Canadians' private information had been compromised. ...

Released only in part under access-to-information legislation, the judge's report is so heavily redacted that reading it is a real exercise in interpretation. He had concerns about overbroad metadata definitions and lax record keeping. But his real gripe was how the program contemplated handing over "foreign" intelligence to domestic agencies: Could this CSEC program really be said to be not "directed at" Canadians?

To Mr. Gonthier, it appeared that CSIS and the RCMP might get to hear things about Canadians without obtaining the usual warrants. He asked whether the fruits of a "foreign-intelligence collection" program ought to be used "in the context of a criminal or national security investigation of a Canadian in Canada."
This raises some very interesting questions.

At a guess, Gonthier's concern was that CSE was using metadata to analyze the contacts of some of its foreign intelligence targets outside Canada, determining the identities of the people they were communicating with and whom in turn those individuals were communicating with, hoping to uncover patterns of suspicious activity. Some of the resulting communications maps would ultimately extend back into Canada, and in those cases CSE may have been passing data about those contacts to CSIS and/or the RCMP to follow up, thus providing information about Canadians in Canada that normally these agencies would be able to obtain only with a warrant.

Such analyses might end up pointing the finger of suspicion at a large number of completely innocent people, but they might also provide clues vital to unraveling a terrorist plot in Canada.

Such a program might also face serious questions about its lawfulness, however. If it were consistently producing as one of its outputs lists of suspect individuals in Canada, could it really be said to be a "foreign intelligence" program not "directed at" Canadians? Would the program be lawful if one of its purposes (and not just occasional byproducts) was to provide a steady stream of information about Canadians to domestic security or law enforcement agencies that otherwise would need a warrant to obtain such information? Would it not be better to recast that part of the program as support to those domestic agencies and ground its legality in the laws governing the operations of those agencies (i.e., make the program part of CSE's "Mandate C" support to law enforcement and security agencies)?

There may be good reasons to doubt that such a program would in fact be legal under those laws. But if that's the case, does branding it as something different make it legal? If it is clear that the security benefits of the program really do outweigh its privacy costs, why not amend the relevant laws to ensure that it is on a firm legal footing?

Whatever the actual basis of Gonthier's concerns was, no changes have been made to the relevant legislation. As Freeze's article reports, it appears instead that some activities may have been halted in 2007 and then restarted under new rules in October 2008. In November 2011 a somewhat rewritten Ministerial Directive concerning the collection and use of metadata was signed.

The nature of the changes made on those occasions has not been revealed, but it appears that the current CSE Commissioner is somewhat less concerned about CSE's metadata use. In his recent public statement, Robert Décary commented that "I have reviewed CSEC metadata activities and have found them to be in compliance with the law and to be subject to comprehensive and satisfactory measures to protect the privacy of Canadians. However, given that these activities may impact the privacy of Canadians, I had already approved, prior to recent events, the start of a specific review relating to these activities."

Décary's statement also raised a new issue about metadata, however, that so far none of the media seem to have picked up on. The Commissioner reported that CSE uses metadata "only for purposes of providing intelligence on foreign entities located outside Canada and to protect information infrastructures of importance to the government [emphasis added]." The latter purpose must surely require domestic as well as foreign metadata. Is CSE therefore collecting and using domestic metadata as part of its "Mandate B" activities? What else could the CSE Commissioner have meant?

Friday, June 14, 2013

CSE's privacy rules revealed (sort of)

Want to know what rules CSE uses to protect the privacy of Canadians during its operations? You can read them here (148-page PDF document), courtesy of the Paroxysms blog.

Unfortunately, like most of the CSE records released under the Access to Information Act, the documents in this package are very heavily redacted.

Thus, although it is clear that CSE has extensive and detailed policies relating to the protection of Canadians' privacy, it is not possible to assess the detailed exceptions, qualifications, omissions, provisions for override, special circumstances, and so on that are almost certainly spelled out to one degree or another within the large sections of the documents (80% or more?) that are blanked out.

There is a lot of interesting stuff in there (if you're into that kind of thing), but I'm not sure that these documents move us much closer to understanding the degree to which CSE does or doesn't threaten the privacy of Canadians.

Thursday, June 13, 2013

May 2013 CSE staff size

2121, a new record!

(If you click through on the link and get a different figure, it's probably because the Canada Public Service Agency has updated its website; they update the numbers once a month.)

Décary speaks

CSE's oversight commissioner, Robert Décary, has issued a highly unusual (possibly unprecedented) public statement that seeks to assuage some of the concerns swirling around CSE and the privacy of Canadians:
The Honourable Robert Décary, Q.C., Communications Security Establishment Commissioner, believes that public discussion would benefit from additional information about how he verifies whether CSEC complies with the law and protects the privacy of Canadians in the conduct of its activities.

As Communications Security Establishment Commissioner, a position established under the National Defence Act, I strive to strike a balance between — on the one hand — the government's need for foreign signals intelligence and IT security services, and — on the other hand — the need to ensure compliance with the law and the protection of the privacy of Canadians. Through the public annual reports, I also strive to provide assurance to Canadians with respect to their privacy.

Since my appointment, I have sought to clarify and explain more fully what my office and I do and how we do it, to help ensure that public discussion is based on fact. While it is not for me to disclose operational information of the Communications Security Establishment Canada (CSEC), I do encourage the government to be as transparent as possible. Every reasonable person recognizes, however, there are very real constraints imposed by national security and the Security of Information Act.

I am completely independent and operate at arms-length from the government. I have all the powers of a Commissioner under Part II of the Inquiries Act, including the power of subpoena, to access and review any information held by CSEC. We have secure offices on-site at CSEC. My employees have unobstructed access to CSEC systems, observe CSEC analysts first hand to verify how they conduct their work, interview them, and test information obtained against the contents of CSEC's databases.

Under the National Defence Act, CSEC is specifically required to protect the privacy of Canadians in the execution of its duties. Similarly, it is required to protect the privacy of Canadians in accordance with other laws, including the Canadian Charter of Rights and Freedoms, the Privacy Act, and the Criminal Code. The Minister of National Defence has provided further specific direction to the Chief of CSEC, regarding how he expects the agency will protect the privacy of Canadians in fulfilling its duties. The Chief has further elaborated and provided guidance to staff, through various internal policies, regarding the procedures and practices that must be followed.

When reviewing CSEC's activities — including any CSEC use or retention of metadata — for compliance, I assess them against all three factors: legal requirements; ministerial expectations; and internal policy controls. If I believe a law, ministerial direction or policy is not adequate, I make a recommendation to the Minister to address the deficiency.

I verify that CSEC does not direct its foreign signals intelligence collection and IT security activities at Canadians — wherever they might be in the world — or at any person in Canada. CSEC is prohibited from requesting an international partner to undertake activities that CSEC itself is legally prohibited from conducting.

It is well understood that Canadian federal law enforcement and security agencies may lawfully investigate Canadians. When these organizations request the assistance of CSEC, I verify that CSEC complies with any limitations imposed by law on the agency to which CSEC is providing assistance, for example, any conditions imposed by a judge in a warrant.

Given the structure of the international telecommunications environment, it is possible that CSEC may, while targeting a foreign entity located outside Canada, with a ministerial authorization, unintentionally intercept a communication that originates or terminates in Canada, which is a "private communication" as defined by the Criminal Code. I monitor and examine the small number of private communications unintentionally intercepted by CSEC and verify how CSEC treats these communications.

In the case of metadata, I verify that it is collected and used by CSEC only for purposes of providing intelligence on foreign entities located outside Canada and to protect information infrastructures of importance to the government. I have reviewed CSEC metadata activities and have found them to be in compliance with the law and to be subject to comprehensive and satisfactory measures to protect the privacy of Canadians. However, given that these activities may impact the privacy of Canadians, I had already approved, prior to recent events, the start of a specific review relating to these activities.

Additionally, in its reports, and in other information CSEC shares with its domestic and international partners, CSEC must render impossible the identification of Canadians, and I verify that this is done. As noted in my report last year, I have found that CSEC does take measures to protect the privacy of Canadians in what it shares with its domestic and international partners. For example, CSEC suppresses Canadian identity information in what is shared with its international partners. CSEC applies the same privacy rules to information acquired from domestic and international partners, and I verify that these rules are followed. In addition, open and ongoing discussion between the partners helps to limit the potential to affect the privacy of Canadians.

Furthermore, I examine any operational incidents that did or could have an impact on the privacy of Canadians to ensure that CSEC has addressed them and to identify any systemic issues about compliance with the law or the protection of the privacy of Canadians that should be the subject of follow-up review.

I provide the results of my reviews, in classified reports, to the Minister of National Defence, who is accountable to Parliament for CSEC. I am also required to submit an unclassified report to the Minister on my activities each year, which the Minister must then table in Parliament. My latest report is completed and I submitted it to the Minister.

A necessary element of my mandate also includes informing the Minister of any activities that I believe might present, or have the potential to present, a risk of non-compliance. If I find that CSEC did not comply with the law, I have the authority and the duty to report it to the Minister and to the Attorney General of Canada.

A number of my reports have included recommendations aimed at strengthening CSEC practices that contribute to compliance and incorporate measures that protect the privacy of Canadians. Some Commissioners' recommendations have resulted in CSEC suspending certain activities to re-examine how the activities are conducted. I closely monitor CSEC's implementation of my recommendations.

CSEC has accepted and implemented or is working to address the vast majority of recommendations made by my predecessors and me. Recommendations are made to proactively prevent possible privacy risks. In the context of ongoing and future reviews, my office will continue to seek ways in which CSEC compliance, and the privacy protections afforded to Canadians, can be further strengthened.
I think this is a helpful contribution.

The Commissioner's statement is much more detailed and comprehensible than the contents of his annual reports (and those of his predecessors), which are normally the only information the Commissioner provides to Canadians.

Those reports contain only one explicit mention of metadata, for example, and that instance, dating from 2007, only mentions that the Commissioner intended to review CSE's use of it. Today's statement is by far the most informative comment that we have ever had from a Commissioner on that topic.

Can we look forward to this greater degree of detail and clarity in future reports? It would certainly be a significant improvement.

Still, even this statement remains maddeningly vague and obtuse.

We are told, to return to the metadata question, that CSE collects and uses metadata "only for purposes of providing intelligence on foreign entities located outside Canada and to protect information infrastructures of importance to the government". But this second element -- which no one has mentioned until now, and which it would seem must certainly involve domestic communications within Canada -- is introduced and then dropped with no explanation whatsoever. Has he just told us that domestic metadata is indeed being collected and used? If so, he might have been a little clearer about it.

And even with respect to the first element, we are left to wonder why neither the Defence Minister nor the Commissioner is willing to clarify whether metadata concerning communications that cross the border (i.e. that have one end in Canada) fall within the category of data that might be collected "for purposes of providing intelligence on foreign entities located outside Canada". Why not just give us straight answers on the metadata question?

The Commissioner's statement also leaves the impression that the only time the actual content of such cross-border communications is intercepted is when such interceptions occur "unintentionally". Are we supposed therefore to understand that CSE never intentionally intercepts the phone calls that a known foreign intelligence target in Kandahar makes to persons unknown in Toronto?

That's certainly not how then-CSE Chief Keith Coulter described the new rules in 2001:
Under the current legal framework [prior to the passage of Bill C-36], if a terrorist in Afghanistan is communicating with someone in Pakistan, CSE could intercept that communication. If, however, the same terrorists are communicating with someone in Toronto, CSE is prohibited under the current regime from intercepting that communication. Let me be clear. Under the new regime CSE would still not target the individual in Canada. CSE cannot do that now, and it would not be authorized to do that under the new legislation. However, if this terrorist located in Afghanistan communicated with somebody in Canada, this legislation would give CSE the authority to follow that communication into Canada.
At the time the new legislation was passed, CSE told us all in no uncertain terms that the ability to follow a foreign-intelligence-related communication into Canada was vital to the agency's ability to function effectively in the modern world. For some reason the Commissioner seems to want to leave the impression that this only happens "unintentionally".

Similarly, the Commissioner's statement affirms that "CSEC is prohibited from requesting an international partner to undertake activities that CSEC itself is legally prohibited from conducting", but it skips past the vital question of how often those partners may nonetheless supply information that CSE would not itself be permitted to collect.

This is one of the key questions in this whole business. The former %^&*ing Solicitor General has just told us that the practice was common only a few years ago, and yet this statement pretends that the issue doesn't even exist.

Despite all of the disconcerting news of the past week or so, I still hold the view that CSE really is pretty careful when it comes to the privacy of Canadians.

And I'm glad that we have the CSE Commissioner to help hold the agency's feet to the fire in that regard.

But this statement is not good enough. You don't reassure people very much when you leave the distinct impression that your words have been carefully chosen to avoid giving straight answers.

Wednesday, June 12, 2013

More on CSE and the monitoring (or not) of Canadians

More coverage of the questions surrounding CSE and the degree to which Canadians get pulled into its dragnet.

Tonda MacCharles gets a rather stunning admission out of Liberal MP Wayne Easter ("Tories deny Canadian spy agencies are targeting Canadians," Toronto Star, 10 June 2013):
Liberal MP Wayne Easter, who was minister responsible for the spy agency CSIS in 2002-03, told the Star that in the post-9/11 era a decade ago it was common for Canada’s allies to pass on information about Canadians that they were authorized to gather but Ottawa wasn’t.

The practice was, in effect, a back-door way for sensitive national security information to be shared, not with the government, but Communications Security Establishment Canada (CSEC) and, if necessary, the Canadian Security Intelligence Service (CSIS). ...

Easter said that Canada’s foreign allies and their security agencies would scan global intelligence signals and would be “looking for key words on Canadians as well . . . and they’d give it to the Canadian agencies, yeah,” said Easter.

“That’s exactly what happens.”

Easter said the international arrangements did not allow for a broad targeting of, for example, a media reporter speaking to a confidential source, but would focus on specific activity of global concern such as “terrorism, crime or sex offenders.”

He has no doubt “things have changed” in both the spy business and the more sophisticated terrorist networks in the decade since 9/11, but Easter now thinks that, given the magnitude of security issues, it is more critical than ever to have “some kind of political oversight, beyond just the ministers.” He thinks the idea of a parliamentary oversight committee should be revisited.
CSE has more or less admitted in the past that it would accept information about Canadians from the NSA or its other SIGINT allies, although it insists that it "does not pursue the receipt of such intelligence." CSE's oversight commissioner recently reported that "CSEC and its closest international partners... respect each other's laws by pledging not to target one another's citizens' communications. CSEC is prohibited from requesting an international partner to undertake activities that CSEC itself is legally prohibited from conducting." Later in the same report, however, the Commissioner noted that "Although these cooperative arrangements include a commitment by the partners to respect the privacy of each others' citizens, it is recognized each partner is an agency of a sovereign nation that may derogate from the agreements, if it is judged necessary for their respective national interests." If, for example, the U.S. were to decide that its national interests required it to check into the possibility that would-be terrorists are plotting against the U.S. from inside Canada, we might very well expect them to go ahead and do exactly that. (But of course what are the chances that they would decide that?)

With the PRISM revelations indicating that NSA now has at least potential access to virtually the whole range of Canadians' internet-related activities, including e-mail contents, web browsing activities, online purchases, internet-based telephone calls, and data stored in "the cloud", the question of how much information about Canadians is passed to the Canadian government through this relationship, on what topics, and under what controls is of vital importance.

(One might also ask, where is the Canadian government agency that is taking action to protect the privacy of Canadians against snooping by the U.S. and other foreign governments? Does no one in the government, other than the powerless Privacy Commissioner, care about protecting Canadians' privacy? Is it possible that the Canadian government secretly prefers to have Canadians spied upon?)

Meanwhile, on the metadata front (which, to remind readers, is not about the content but rather about the source, destination, duration, volume, etc. of messages), Minister of National Defence Peter MacKay is continuing his efforts to clarify/muddify the situation, and not just by his frequent references to it as "mega-data". In Question Period on June 11th the Minister stated that "we use metadata to identify and collect international, not domestic, communications." That seems clear enough, but we should probably assume that "international" communications include those with one end in Canada, as even the content of such communications can be collected by CSE as part of its foreign intelligence activities when authorized by the Minister (with various privacy rules in place). The question of whether certain domestic metadata is also processed in some way for some of our domestic security agencies -- which seemed to be left somewhat open by his responses on June 10th -- was not addressed at all.

Michelle Shephard has more on the metadata question here: "Canada has tracked phone and Internet data for years," Toronto Star, 11 June 2013. A good piece, but I don't know where she got the idea I live in Toronto. [Since corrected to "Canadian blogger" -- thanks!]

The possibility of greater parliamentary oversight of CSE has now been raised by the Opposition (Lee Berthiaume, "Opposition seeks parliamentary oversight of Canada’s spy agencies," Postmedia News, 11 June 2013):
NDP defence critic Jack Harris said parliamentary oversight is necessary to ensure a proper balance between privacy and national security, and he called for some type of mechanism by which members of all parties could be approved to review secret information.

Such an initiative has been proposed in the past, most recently by Liberal Sen. Romeo Dallaire after the federal auditor general’s report found $3.1 billion in anti-terrorism spending was unaccounted for.

“The fact of the matter is the whole purpose of parliamentary oversight is that citizens should not be expected to trust one person,” he said. “There has to be that kind of oversight.”

Harris said despite MacKay’s assertions that Canadians are not being targeted by this country’s spy agencies, there remain significant questions about what happens when it comes across such information while looking overseas — or is given such information by an ally.

He applauded federal Privacy Commissioner Jennifer Stoddart’s decision to dig into whether Canadians’ privacy may have been unduly affected by the Canadian and U.S. “metadata” surveillance programs.

But he said CSEC’s separation from the Department of National Defence last year to become a stand-alone entity also reduced the Commons’ defence committee’s ability to look into CSEC’s activities.
Some excellent points there. CSE also significantly reduced its public reporting after it became a stand-alone agency. (See also this post.)

Andrew Mitrovica does a good job of laying out the big picture here: "Big Brother really is watching — and listening," Toronto Star, 11 June 2013. See also Thomas Walkom's commentary: "You’re not paranoid, the government might be watching you: Walkom," Toronto Star, 12 June 2013.

And law profesor Craig Forcese does an excellent review of the institutional and legal questions here: "10 questions about Canada’s Internet spying," Globe and Mail, 11 June 2013.

Forcese's article ends with the following "take away lesson":
Watchdogs matter. The technology of intercept means that what is technologically possible now far exceeds what is legally permissible and socially desirable. It must be tempting to push the legal envelope to serve a higher purpose of protecting Canadian security interests. We are, therefore, immensely dependent on measured and prudent use of the technologies at the government’s disposal and very thorough and careful review and oversight by the bodies that examine government conduct. This is a system of “trust, but verify”. And therefore, those review bodies should never be an afterthought and should always be well-staffed and well-funded. On balance, the staffing and funding of these bodies has not kept pace with the growth of the intelligence agencies they review. Indeed, in the case of CSIS, one tier of review (the inspector general) was recently eliminated, possibly resulting in a net reduction in the degree of close scrutiny of CSIS.

Carefully enhancing review body capacity should be a priority.
Forcese's call echoes that in Ron Deibert's excellent commentary: "Spy agencies have turned our digital lives inside out. We need to watch them," Globe and Mail, 10 June 2013.

Monday, June 10, 2013

CSE metadata monitoring began in 2005 or earlier

Government documents obtained by the Globe and Mail under the Access to Information Act indicate that CSE has been collecting and analyzing the communications metadata of Canadians since at least 2005 (Colin Freeze, "Data-collection program got green light from MacKay in 2011," Globe and Mail, 10 June 2013; documents here; see also my earlier post concerning indications of CSE interest in monitoring metadata).

[Update 3 December 2013: Make that CSE has been analyzing metadata since at least 15 March 2004 (see Communications Security Establishment Canada 2004 ministerial directive/authorization).]

The documents show that an updated version of a 2005 Ministerial Directive on the Collection and Use of Metadata was approved by Defence Minister Peter MacKay in November 2011.

The documents note that the data is "acquired in the execution of CSE foreign intelligence acquisition programs", but the details of the activities have all been redacted.

What is the nature of the metadata being collected? Telephone records? E-mail transactions? More? And does the data concern only cross-border activities, such as international telephone calls? Or is it nationwide as in the U.S. program? How is the data being processed? And, most importantly, to what uses are the data being put?

One possible use of the metadata is to assist CSE in its efforts to distinguish between the communications of Canadians and those of foreigners. CSE is not permitted to "target" Canadians while it is pursuing the foreign intelligence part of its mandate and is required to take measures to minimize the inadvertent collection of Canadian communications. Thus, metadata concerning Canadians might be used in part to protect some communications from collection.

If that were its only use, however, you wouldn't expect there to be so many blanked out sections in the documents justifying the program.

In fact, such data are undoubtedly also collected to help determine the identities (or at least the communications addresses) of the people in Canada that CSE's foreign intelligence targets are communicating with. The person at the Canadian end of the conversation would not be the "target" in such cases, but CSE would still want to monitor both ends of the communication in order to find out what the foreign target at the other end of the conversation was up to.

If the Canadian participant turned out to also be of intelligence interest, CSE would then pass that information to CSIS, the RCMP, or another relevant agency, which if it agreed would then obtain authorization to monitor the Canadian under its own legal procedures. That authorization, in turn, would clear the way for CSE to conduct further monitoring of the Canadian in fulfillment of Part C of its mandate.

Another possibility is that CSE is performing more elaborate social network analysis of the metadata it collects -- "datamining" it to try to identify other individuals separated by two or more degrees of separation from known intelligence targets. These could be people who are part of a broader group of conspirators or providing support services or information, or perhaps who just happen to have contact with people who might eventually try to involve them in something the government wouldn't like.

This last sort of analysis -- which NSA has been doing -- is much more problematic than the others. Such analysis is not only vastly more intrusive, enabling security agencies to in effect search your online life without a warrant, but it also raises the spectre of huge numbers of "false positives", instances in which completely innocent people become secret suspects, with possible consequences for their jobs, travel, etc. that they may never even know about.

Is CSE also engaged in this kind of metadata-mining? Not surprisingly, we can't tell from the documents released to date. But we do know that the agency has conducted research on exactly this kind of data mining (see my discussion here). We also know that it continues to hire data miners, and that data mining research is one of the two research priorities of the Tutte Institute, CSE's cryptologic research institute.

[Update 11 June 2013: Defence Minister Peter MacKay has bravely stepped forward to reassure us all by garbling some talking points in Question Period. Mostly he gave the usual boilerplate answers, but I think he messed up a bit when he declared in response to a question about metadata that "this program is specifically prohibited from looking at the information of Canadians." As MacKay also noted during Monday's Question Period, CSE's oversight commissioner found in his 2010-11 Annual Report that the metadata program incorporates "satisfactory measures to protect the privacy of Canadians" (the Commissioner didn't actually identify the program in his report, but MacKay's response helpfully confirmed that it was indeed referring to the metadata program). Unmentioned by MacKay was the fact that the Commissioner's report also definitively states that "these activities involve CSEC's use and analysis of information about Canadians for foreign intelligence purposes". What was that first thing the Minister said again? Oh, yeah, "this program is specifically prohibited from looking at the information of Canadians." So let's just put those two statements together: evidently we are to understand that this program involving the use and analysis of information about Canadians is specifically prohibited from looking at the information of Canadians.

One of these people, either the CSE Commissioner or the Minister of National Defence, is using words that do not mean what he thinks they mean. Perhaps MacKay was trying to voice the usual bland assurances that CSE is itself prohibited from directing its activities at Canadians. He certainly did say that quite a bit, although at another point in the proceedings he broke rather dramatically with tradition by accurately declaring that CSE only targets foreign threats -- "unless, of course, there is a request from an accompanying department under warrant." Of course. In that case, as MacKay knows but CSE public affairs folks almost never acknowledge, they can target us. So everybody just chillax. The scandal-plagued CSIS, which has eliminated its Inspector General but does still have a part-time oversight committee whose former chairman is currently facing extradition to Canada to face a variety of charges, is going to look after the privacy thing for us.

All in all, the Minister didn't do much to improve the signal-to-noise ratio on the question of metadata monitoring. Is the collection and use of Canadian metadata restricted to that associated with cross-border communications? He did declare that "Metadata is collected only on international, not domestic communications." But then he followed that up immediately with the line about a request from an accompanying department. So is CSE helping to collect and/or analyze metadata related to Canadian domestic communications on behalf of one or more of our domestic security agencies? He didn't say that. But then again he didn't rule it out very clearly either.

As my partner often says, there's a reason they don't call it Answer Period.]

Sunday, June 09, 2013

Is CSE metadata-mining Canadian call records?

The recent confirmation that NSA is performing data mining on the telephone records of Americans raises an important question for Canadians, is CSE likewise mining the call records of people in Canada?

The short answer is I don't know. But there are some telling indications that CSE is interested in undertaking such monitoring and that it may well be doing it to one degree or another.

First, let's look at the program in the U.S. From the original Guardian report and subsequent revelations (see, for example, Shane Harris, "What We Know About the NSA Metadata Program," Dead Drop blog, 6 June 2013) we now know quite a lot about the NSA's domestic phone records monitoring program, including the following features about it:
  • Current procedures date from 2006, but the program began in 2001
  • Entails data mining of nationwide telephone call records
  • Focus on metadata, not content
  • Network analysis involved
  • Undertaken as part of counter-terrorism effort
Now consider this description of data mining research conducted in 2006 by CSE and the Mathematics of Information Technology and Complex Systems (MITACS) project, a Canadian network of academia, industry, and the public sector (originally posted here but subsequently removed; archived version here; first blogged by me here):
As part of ongoing collaborations with the Communications Security Establishment (CSE), we are applying unsupervised and semi-supervised learning methods to understand transactions on large dynamic networks, such as telephone and email networks. When viewed as a graph, the nodes correspond to individuals that send or receive messages, and edges correspond to the messages themselves. The graphs we address can be observed in real-time, include from hundreds to hundreds of thousands of nodes, and feature thousands to millions of transactions. There are two goals associated with this project: firstly, there is the semi-supervised learning task, and rare-target problem, in which we wish to identify certain types of nodes; secondly, there is the unsupervised learning task of detecting anomalous messages. For reasons of efficiency, we have restricted our attention to meta-data of message transactions, such as the time, sender, and recipient, and ignored the contents of messages themselves. In collaboration with CSE, we are studying the problem of counter-terrorism, a semi-supervised problem in which some terrorists in a large network are labeled, but most are not.... Another common feature of counter-terrorism problems is the fact that large volumes of data are often "streamed" through various collection sites, in order to provide maximal information in a timely fashion. A consequence of efficient collection of transactions on very large graphs is that the data itself can only be stored for a short time. This leads to a nonstandard learning problem, since most learning algorithms assume that the full dataset can be accessed for training purposes. Working in conjunction with CSE, we will devise on-line learning algorithms that scale efficiently with increasing volume, and need only use each example once. [Emphasis added.]
Note these features:
  • Applicable to telephone and email networks
  • Thousands to millions of transactions
  • Metadata, not content, examined
  • Counter-terrorism related

Familiar looking?

Consider also this comment made by then-CSE Chief John Adams to the Standing Senate Committee on National Security and Defence on 30 April 2007:

What is your interpretation of intercept, if I were to ask? If you asked me, it would be if I heard someone talking to someone else or if I read someone's writing. An intercept would not be to look on the outside of the envelope. That is not an intercept to me. Unfortunately, that is not everyone's interpretation of intercept, so the suggestion is that we should define that in the legislation.... Intercept is defined in another piece of legislation, and that is where people would probably look if they were searching for a definition of intercept. They are saying that could be troublesome for us, so we had better define it in our act to avoid that problem. That sort of thing has not come up as an issue, but it could.

As I noted in an earlier post, that sounds an awful lot like something you would say if you wanted to collect phone call metadata (number called, duration of call, etc.) and similar addressing information for e-mails and other communications -- and felt you already had the legal basis to do so.

Would such monitoring be legal in Canada? I don't know. (Usual disclaimer about not being a lawyer applies.)

Michael Geist suggests that s. 21 of the CSIS Act might be used to authorize the activity; CSE's participation would then be based on CSIS's authority.

Another possibility is that CSE might consider its foreign intelligence mandate (processing the records as part of the hunt for foreign terrorists) sufficient to authorize such monitoring. It is possible that this somewhat cryptic passage in the CSE oversight commissioner's 2010-11 Annual Report is referring in whole or in part to such activities:

CSEC conducts a number of activities for the purposes of locating new sources of foreign intelligence. When other means have been exhausted, CSEC may use information about Canadians when it has reasonable grounds to believe that using this information may assist in identifying and obtaining foreign intelligence. CSEC conducts these activities infrequently, but they can be a valuable tool in meeting Government of Canada intelligence priorities. CSEC does not require a ministerial authorization to conduct these activities because they do not involve interception of private communications. However, a ministerial directive provides guidance on the conduct of these activities.

In recent years, three reviews have involved some degree of examination of these activities: a Review of CSEC's foreign intelligence collection in support of the Royal Canadian Mounted Police (RCMP) (Phase II) (2006); a Review of CSEC's activities carried out under a (different) ministerial directive (2008); and a Review of CSEC's support to the Canadian Security Intelligence Service (CSIS) (2008).

In his 2006–2007 Annual Report, the late Commissioner Gonthier questioned whether the foreign signals intelligence part of CSEC's mandate (part (a) of its mandate) was the appropriate authority in all instances for CSEC to provide support to the RCMP in the pursuit of its domestic criminal investigations. In his 2007–2008 Annual Report, Commissioner Gonthier stated that pending a re-examination of the legal issues raised, no assessment would be made of the lawfulness of CSEC's activities in support of the RCMP under the foreign signals intelligence part of CSEC's mandate. He also noted that CSEC's support to CSIS raised similar issues. Commissioner Gonthier emphasized that although he was in agreement with the advice that the Department of Justice had provided to CSEC, he questioned which part of CSEC's mandate — part (a) or part (c), the assistance part of CSEC's mandate — should be used as the proper authority for conducting the activities.

Subsequent to these reviews and statements in the annual reports, the Chief of CSEC suspended these activities. CSEC then made significant changes to related policies, procedures and practices.

Review rationale

These activities involve CSEC's use and analysis of information about Canadians for foreign intelligence purposes. Specific controls are placed on these activities to ensure compliance with legal, ministerial and policy requirements. Major changes to certain policies, procedures and practices have recently occurred. This was the first review of these activities since the Chief of CSEC allowed their resumption under new policies and procedures.

None of the above proves that CSE has been analyzing Canadians' call records. But with NSA examining U.S. records, you can bet that CSE at the very least has taken a good, hard look at the possibility of doing the same in Canada. And some of the above certainly suggests that they may have gone well beyond just considering the possibility.

When the question of whether CSE was data mining Canadian call records came up in 2006, CSE was quick to make a perhaps carefully worded denial. This time around, not so much (Mitch Potter & Michelle Shephard, "Canadians not safe from U.S. online surveillance, expert says," Toronto Star, 7 June 2013):

the Toronto Star contacted CSEC for comment Friday about its own metadata collection program, but received a boilerplate statement stressing that the agency is “prohibited by law from directing its activities at Canadians anywhere in the world or at any person in Canada” and “operates within all Canadian laws.”

“The Communications Security Establishment Canada (CSEC) cannot comment on its methods, operations and capabilities. To do so would undermine CSEC’s ability to carry out its mandate. It would also be inappropriate to comment on the activities or capabilities of our allies,” the statement said.

Which doesn't prove anything either.

[Update 10 June 2013: But it would appear that this article does prove that metadata monitoring is being done: Colin Freeze, "Data-collection program got green light from MacKay in 2011," Globe and Mail, 10 June 2013.]

Saturday, June 08, 2013

Canada and the NSA revelations

Some coverage of the NSA monitoring revelations from a Canadian angle:

Friday, June 07, 2013

Mitrovica on NSA, CSE, and LEU

Investigative reporter Andrew Mitrovica, who has often reported on Canadian intelligence topics (especially CSIS-related issues), has published a comment on NSA's newly confirmed domestic eavesdropping activities and the possibility that similar activities may be conducted in Canada ("Canada is part of the eavesdropping network," Ottawa Citizen, 7 June 2013).

Included in the article is a big plug for Lux Ex Umbra and yours truly! Thanks, Andrew! (Disclosure: Andrew and I have been in touch on these issues many times over the past 20 years or so.)

Just to make one point clear: When Mitrovica writes, "Robinson has long warned that the CSEC has long enjoyed the legal authority to do what the NSA is now being excoriated for doing", what he means -- and I meant -- is that CSE has the legal authority to assist CSIS, the RCMP, etc. in their domestic monitoring operations.

Whether that includes NSA-like activities such as data mining the call records of everybody in Canada is a very interesting question, and while I hope to write more about that in the near future, it is not a question that I would claim to have a definitive answer to, either in terms of the legality of such activities in Canada or the degree to which, if legal, they may already be underway.

For now I'm struggling just to keep up with the revelations (or in some cases confirmations) that seem to be growing by the hour south of the border.

Sunday, June 02, 2013

The Young and the truthless

CSE's official word-carrier has responded to Huguette Young's recent article on the LTAP (blogged here) with a letter to the editor of the Ottawa Sun, the text of which is posted on CSE's webpage.

In his response, CSE's Director of Public Affairs and Communications Services, Jean Plamondon, states that CSE's existence has been publicly acknowledged by the government since 1983, not the 2002 reported in Young's article. This is approximately correct, but only if by "publicly acknowledged the existence of" he really means "publicly acknowledged the fact that CSE collects signals intelligence". That's what happened for the first time in 1983. (At least, that was the first intentional public acknowledgement. In 1977, Deputy Minister of National Defence C.R. "Buzz" Nixon informed the Standing Committee on External Affairs and National Defence that CSE collects "communications intelligence", but that admission appears to have been inadvertent.) As far as the simple fact of the existence of the agency goes, official references to CBNRC (as CSE was known before 1975) can be found as early as the 1950s, and possibly earlier.

Plamondon also repeats CSE's mantra (in boldface for greater emphasis!) that "CSEC is prohibited by law from directing its activities at Canadians anywhere or anyone in Canada."

This statement might charitably be described as a two-thirds truth. Here is CSE's three-part mandate as spelled out in the National Defence Act. As anyone can see, CSE is prohibited from directing its activities related to the first two parts of its mandate "at Canadians or any person in Canada". But that prohibition does not apply to activities carried out in support of the third part of CSE's mandate, "to provide technical and operational assistance to federal law enforcement and security agencies in the performance of their lawful duties."

As noted here, such activities do take place. CSE refers to them as "Support to Lawful Access". But the agency isn't very keen on the public knowing much about how often such activities take place, or if they have been increasing in recent years. Basically the good folks at CSE tell us somewhere between diddly and squat about this kind of thing.

Instead, we are asked to trust CSE when it gives us its word that its massive and growing surveillance capabilities are not being used to invade our privacy. Yes, there is a CSE Commissioner who is supposed to help reassure Canadians that CSE's powers are not being misused. But in the end, even the Commissioner has to trust that CSE is being truthful with him when it gives him the data he uses to perform his checks.

My default assumption is that the Canadians who work at CSE are indeed worthy of our trust. Almost always. In almost all ways. For the time being.

(I also assume, by the way, that Canadian Senators are mostly honest and honourable.)

But I cannot trust the demonstrably incorrect statement that "CSEC is prohibited by law from directing its activities at Canadians anywhere or anyone in Canada" when that statement is presented to us without qualification as if it were the whole truth and nothing but the truth.

It. Is. Not. True.

Why can the flacks and spin meisters and mouthpieces and porte-paroles in Ottawa not understand that you do not build trust by telling us demonstrable lies concerning the very issues we are supposed to trust you on?