Sunday, June 02, 2013

The Young and the truthless

CSE's official word-carrier has responded to Huguette Young's recent article on the LTAP (blogged here) with a letter to the editor of the Ottawa Sun, the text of which is posted on CSE's webpage.

In his response, CSE's Director of Public Affairs and Communications Services, Jean Plamondon, states that CSE's existence has been publicly acknowledged by the government since 1983, not the 2002 reported in Young's article. This is approximately correct, but only if by "publicly acknowledged the existence of" he really means "publicly acknowledged the fact that CSE collects signals intelligence". That's what happened for the first time in 1983. (At least, that was the first intentional public acknowledgement. In 1977, Deputy Minister of National Defence C.R. "Buzz" Nixon informed the Standing Committee on External Affairs and National Defence that CSE collects "communications intelligence", but that admission appears to have been inadvertent.) As far as the simple fact of the existence of the agency goes, official references to CBNRC (as CSE was known before 1975) can be found as early as the 1950s, and possibly earlier.

Plamondon also repeats CSE's mantra (in boldface for greater emphasis!) that "CSEC is prohibited by law from directing its activities at Canadians anywhere or anyone in Canada."

This statement might charitably be described as a two-thirds truth. Here is CSE's three-part mandate as spelled out in the National Defence Act. As anyone can see, CSE is prohibited from directing its activities related to the first two parts of its mandate "at Canadians or any person in Canada". But that prohibition does not apply to activities carried out in support of the third part of CSE's mandate, "to provide technical and operational assistance to federal law enforcement and security agencies in the performance of their lawful duties."

As noted here, such activities do take place. CSE refers to them as "Support to Lawful Access". But the agency isn't very keen on the public knowing much about how often such activities take place, or if they have been increasing in recent years. Basically the good folks at CSE tell us somewhere between diddly and squat about this kind of thing.

Instead, we are asked to trust CSE when it gives us its word that its massive and growing surveillance capabilities are not being used to invade our privacy. Yes, there is a CSE Commissioner who is supposed to help reassure Canadians that CSE's powers are not being misused. But in the end, even the Commissioner has to trust that CSE is being truthful with him when it gives him the data he uses to perform his checks.

My default assumption is that the Canadians who work at CSE are indeed worthy of our trust. Almost always. In almost all ways. For the time being.

(I also assume, by the way, that Canadian Senators are mostly honest and honourable.)

But I cannot trust the demonstrably incorrect statement that "CSEC is prohibited by law from directing its activities at Canadians anywhere or anyone in Canada" when that statement is presented to us without qualification as if it were the whole truth and nothing but the truth.

It. Is. Not. True.

Why can the flacks and spin meisters and mouthpieces and porte-paroles in Ottawa not understand that you do not build trust by telling us demonstrable lies concerning the very issues we are supposed to trust you on?


Blogger CWC said...

I wonder how many reciprocal agreements are in place? I can't spy on X but you can, I can spy on Z but you can't - let's talk.

June 03, 2013 11:34 pm  
Blogger Bill Robinson said...

That is one of the most interesting questions in this business. There have certainly been rumours of such arrangements for decades, but the UKUSA agencies have always maintained that by convention they do not target each other's countries.

How true is that? I think there are several ways to approach that question. Nobody--neither CSE nor NSA--is doing mass surveillance of everything Canadians communicate electronically. (At least for now.) The facilities aren't in place to collect and backhaul all that traffic to storage and processing sites, they don't yet have the capacity to store all that stuff, and they don't have the people to process that much stuff. And even if you did have enough people, you couldn't keep a program that intrusive, that huge, and involving that many people secret for all these years. There would be more evidence than a rumour or two floating around. In any case, these agencies have always had much higher priorities for their SIGINT resources than domestic monitoring of either their own populations or allied populations.

That picture may be changing, of course. Domestic security has been an increasingly high priority since 9/11. And technology has also been advancing. Backhauling of communications traffic to the other side of the planet for processing is increasingly common, storage capacity is growing even faster than the volume of traffic is growing (see Utah Data Center), computers can do a lot of the preliminary processing, and although the volume collected would still be far too great for humans to look at everything, mass collection of communications might still be considered useful, as it would enable analysts to go back and see what people later identified as suspects had said and done years before they ever became suspect. Computer-based social network analysis of the "externals" of those communications (who is talking to whom, and who talks to those people, etc.) might also enable analysts to identify people worth subjecting to a closer look.

(See next comment...)

June 04, 2013 5:54 pm  
Blogger Bill Robinson said...

(Continued from previous comment...)

My sense is that the UKUSA agencies are headed in the general direction of bulk collection. (Indeed, it wouldn't greatly surprise me if the LTAP's new data warehouse had a role to play in that regard.) But it is not clear how far down that road they will want or be able to go, and to the degree that they do go down it I suspect they will want to do it through their own facilities rather than farm it out to allied agencies.

We may be friends, but we also recognize that we sometimes have differing interests, and we do have secrets that we try to keep from one another. You can bet, for example, that Canada's free-trade negotiators took pains to ensure that their bottom-line negotiating positions weren't exposed to U.S. SIGINT collection.

And it would be quite a leap to go from recognizing that NSA (or CIA, etc.) does sometimes collect SIGINT on Canadians to actually encouraging it to do so on a large scale and at least partly on our behalf. It would also be a big leap for NSA to encourage large-scale collection against Americans in return. Personally, I find it inconceivable that all of the Canadians and Americans working in CSE and NSA who would have to be aware of such arrangements would actually support and keep quiet about them.

Rather than do that, I suspect that both the Canadian and the American government would prefer to write and/or interpret their own laws relating to interception of communications in such a way as to enable them to do their own monitoring of anyone in their own country that they seriously considered worth monitoring.

That still leaves the question of much smaller scale exchanges of information. I'm sure that neither agency is adverse to receiving a tip from one of its allies concerning information that the latter inadvertently or otherwise collects involving one of its citizens. In fact, CSE has more or less acknowledged that it would be willing to accept such information, although it insists that it does not "pursue" intelligence about Canadians from its UKUSA allies and has made its "expectations" in that regard clear. See here:

One of our allies might be able to warn us that one of our politicians is being bribed by a foreign company, for example. CSE could then pass that information to the RCMP, who could begin an investigation, and CSE could undertake its own monitoring based on RCMP warrants.

There also may be rare occasions when one of the agencies does something a little dodgy as a favour for the other. Mike Frost suggested that CSE helped Margaret Thatcher monitor a couple of her own ministers, for example. Monitoring someone for partisan political purposes might seem like a possibility for this kind of activity, but if such favours are ever done, I think it would be far too dangerous to try to conduct them through formal agency-to-agency channels. Much more likely that an embassy officer would drop a little tidbit in someone's ear in return for a favourable decision on some cross-border issue than that a bunch of public servants of unknown political allegiance get dragged into it.

June 04, 2013 6:06 pm  
Blogger CWC said...

You wrote enough to make it a blog post! Thanks.

I suppose what prompted me to comment was an offhand comment by an ITV instructor at least 18 years ago along the lines of "No, we can't spy on ourselves. We just get the Australians to do it." That was back in the Don Westwood days and she was overtime, Legas Studies or something and I don't know the entire context but is stuck with me.

June 04, 2013 9:29 pm  
Blogger Bill Robinson said...

I would have written a lot less if I knew the answer to your question. :)

June 04, 2013 11:41 pm  
Blogger CWC said...

I think I can safely say 'Told you so". Not that I knew anything 3 weeks ago but I'm not surprised at all.

Not that you need more links but here are some anyway

Searls publishes a lot of aerial photos so is worth watching :-)

June 12, 2013 5:03 pm  
Blogger Bill Robinson said...

Thanks for the link!

Yeah, I guess in retrospect I do come off sounding just a little too trusting in the above comments. :-)

The actual extent to which NSA may be handing material on Canadians to CSE or other Canadian agencies remains very much in question, however. And my suggestion that somebody would leak things if the agencies started getting too intrusive stands up pretty well...

June 12, 2013 5:40 pm  

Post a Comment

<< Home