Saturday, March 01, 2014

CSEC talks to the Globe and Mail

Colin Freeze has a fascinating article in today's Globe and Mail based on a two-hour meeting he had with seven CSEC officials at the new headquarters building on January 31st (Colin Freeze, "The Globe goes inside Canada’s top-secret spy agency," Globe and Mail, 1 March 2014).

The article starts with a classic example of CSEC's idea of openness:
The seven officials at the boardroom table insist that their identities cannot be published – the risk, one explains, is that they would become targets of a “hostile foreign intelligence service.”

Given the top-secret nature of their work, that request is understandable. That this conversation is taking place at all is unprecedented – and, to use one official’s word, “uncomfortable.”
CSEC does have secrets it needs to keep, and it is probably sensible to restrict some information about who does what at the agency.

But part of the problem Canadians have in trying to debate the issues surrounding surveillance is that CSEC and the government as a whole often try to withhold information that doesn't need to be secret, that is not actually considered to be secret by the government, and that may indeed already be in the public domain.

As the article later notes, the meeting's attendees included "a cyberdefence director-general" and "a very senior female boss". Many of the names of CSEC officials at the director-general level and above have already been officially divulged by the government, including the identity of the Director-General of Cyber Defence, who is Scott Jones. And the "very senior female boss" at the meeting was very likely the Deputy Chief SIGINT, who is Shelly Bruce. Three of the other staffers at the meeting were in corporate communications, so the chances are most or all of those names are also in the public domain.

The odds are good, in other words, that in the case of well over half the CSEC personnel at the meeting with Freeze, the only thing not mentioning their names keeps from "hostile intelligence services" is the fact that they recently met with a reporter from the Globe and Mail.

Still, it was a step towards greater openness that CSEC met with the Globe and Mail at all.

The primary purpose of the meeting was to discuss CSEC's use of metadata.
[W]e are here to discuss how “metadata” emanating from computers and smartphones – presumptively, Internet protocol addresses, phone logs and smartphone geolocation data – give CSEC a view of a world’s worth of communications.

The problem is that, in a broad sweep of metadata, capturing a Canadian conversation – private chat that is protected by law and accessible only with a warrant – is always a possibility.

To simplify how CSEC works, the signals-intelligence director outlines a cloud on a white board: This is the Internet. He then draws five boxes inside and labels them “covert collection sites.”

He stops short of elaborating. ...

“They are positioned where they need to be,” he says.

The collection process at these covert sites begins when CSEC machinery logs global telecommunications traffic in bulk. During this first pass, the raw data arrive as an undifferentiated mess, and no one knows – or could know, if they wanted – whether any Canadian metadata are in the mix.

It’s only during the next step, “processing and analysis” that identifying information starts to be revealed – and those pesky privacy concerns begin to kick in.

CSEC computers sift out the metadata, then analysts boil them down some more. This is where telling patterns emerge, including whether Canadian data are part of the sweep. CSEC says it treats Canadian material differently, but won’t say how.

The final step is “targeting.” Now knowing rough patterns worth watching, and how to avoid Canadians, the analysts task the covert collection sites to be on the lookout for communications from identifiable groups of foreigners.
Worth reading the whole article.


Blogger CWC said...

I suppose the "can't tell you who it is but it's a woman and this is what she does" shows the value of metadata!


March 02, 2014 3:50 pm  
Blogger Bill Robinson said...

Good point!

It also could serve as a demonstration of the limitations of efforts to "minimize" "Canadian identity" information in CSEC reporting.

Cheers, Bill.

March 02, 2014 11:18 pm  

Post a Comment

Links to this post:

Create a Link

<< Home