Category Archives: SIRC

Documents reveal CSIS wary of Bill C-51 reforms - The Globe and Mail 20160203

Documents reveal CSIS wary of Bill C-51 reforms - The Globe and Mail 20160203

Prime Minister Justin Trudeau arrived in Ottawa promising to rein in Canada’s spies. But the bosses at the Canadian Security Intelligence Service want the Liberals to know that “robust” rules already govern their expanding operations – including their controversial, and newly legalized, disruption campaigns.

 
PDF: CSIS Director Michel Coulombe's letter of introduction to Public Safety Minister Ralph Goodale

Transition materials that CSIS provided to Public Safety Minister Ralph Goodale highlight some of the challenges from the Bill C-51 controversy last year, when Canadian spying became a political issue. The documents, which were released to The Globe and Mail, show polite CSIS pushback against some of the Liberals’ campaign pledges.

During the election, the governing Conservatives vowed to empower CSIS to fight terrorism, and cited Bill C-51, a new law that vastly increased the agency’s freedom to operate and share information, as proof that they could do it.

The NDP vowed to repeal the law, and the Liberals promised a middle course. On Nov. 4, Mr. Trudeau told Mr. Goodale in a mandate letter he should “work to repeal … the problematic elements of C-51 and introduce new legislation that strengthens accountability.”

A week later, CSIS director Michel Coulombe sent a letter of introduction, and arranged a briefing, telling Mr. Goodale his spy service operates on tight strictures, not arbitrary whims.

“Recent legislation, including an expansion of the Service’s mandate, has of course led to many changes of our policies,” Mr. Coulombe wrote. “Most recently, a robust new framework was established to govern the conduct of threat-reduction activities.”

letter and related briefing materials were released under the Access to Information Act. On Monday, Mr. Coulombe is to testify before a Parliamentary committee.

“Threat reduction” refers to the most controversial clauses of C-51, which give CSIS disruptive powers to “take measures, within or outside Canada, to reduce the threat” of any forces felt to be dangerous to national security. The law says CSIS intelligence officers cannot harm, kill or sexually assault anyone, but use of the power is otherwise open-ended.

The transition materials show CSIS officials view threat reduction as a large part of their jobs now. They assured Mr. Goodale they do not take their new responsibilities lightly. “Every effort has been made to ensure the responsible exercise … each time the Service exercises its authority.”

CSIS officials said the service lives up to its legal obligations to consult Federal Court judges, or the public-safety minister and his written directives guiding the use of disruptive powers. Internal policies, they added, require further consultation with Mounties, diplomats and the Communications Security Establishment.

“Though CSIS’s authority to investigate and respond is rooted in its own legislation, its actions are not taken in isolation and demand close collaboration with the national-security community,” the documents say. (They do not make clear if CSIS is apprising the federal partners of planned disruptions, or enlisting their help.)

The CSIS Act passed in 1984 reflected a relatively passive federal intelligence-collection agency. Agents had no powers to arrest anyone, or carry guns. Nothing explicitly enabled CSIS officers to interpose themselves in suspects’ lives beyond tapping phones or conducting interviews.

But that began to change, especially after the Sept. 11, 2001, attacks. CSIS operatives started going to places such as Afghanistan and carrying guns. Its leaders testified they started working more closely with police, and doing things that could help prevent terrorism. Some suspects began publicly complaining about CSIS officers aggressively following them or showing up to conduct interviews at workplaces.

C-51 allows CSIS officers to do all this and more. Mr. Coulombe last year told Parliament the bill could facilitate hacking operations – such as meddling with suspects’ smartphones, money movements or travel. The law does not contemplate CSIS ever disclosing such operations to suspects.

The Liberals have never spelled out how they plan to overhaul the C-51 powers. Scott Bardsley, a staffer for Mr. Goodale, said the minister is consulting with security experts for national-security reforms.

The federal government has also promised to create a Parliamentary committee where select MPs would be allowed insights into classified CSIS operations. Most Canadian lawmakers currently know nothing about the specifics of CSIS operations.

Mr. Coulombe says he is aware of a growing political appetite to shine some light on CSIS.

“The Service recognizes the current environment of heightened public interest in national security,” he said in his November letter to Mr. Goodale. He added that as “trust underpins the Service’s ability to be effective, the opportunity to contribute to this discussion is most welcome.”

Got a question about spying and driving? Canada's Security Intelligence Review Committee's got you covered

In its 2013-14 Annual Review of the Canadian Security Intelligence Service (CSIS), Canada's Security Intelligence Review Committee (SIRC) remarked that "physical surveillance is extremely difficult to carry out ... surveillance officers are required to observe their targets while managing an often complex and evolving environment ... they must develop extensive area knowledge ... they must execute their skills under pressure and, often, in less than ideal circumstances."

Happily, given the extreme difficulty of carrying out physical surveillance, CSIS's own review in 2011 had authorized "a dedicated manager with adequate staff to coordinate the centralization and standardization ... and modernization to advance overall performance."

In 2013-14, the SIRC was eager to learn "the extent to which CSIS has been successful in making proposed and, arguably, necessary changes to the surveillance program."

Unhappily, the SIRC discovered that "in the absence of a strong central authority to lead the transition within the surveillance programs, regions began implementing changes to their surveillance models according to their own needs and available resources."

While commending the initiative of regional offices, the SIRC was rightly concerned that "it will be much more difficult for CSIS to devise a truly 'national' set of surveillance standards ...  the absence of strong leadership to guide the surveillance program has meant that some of the issues that SIRC views as the most serious remain unaddressed."

Not only was the SIRC apparently concerned that the skills and techniques of physical surveillance might become increasingly uneven across the nation, but it raised an alarm that "the Service does not have legal advise on how provincial laws apply to its surveillance teams.".

For example, SIRC found that CSIS failed to provide "a set of national driving standards to guide employees on important daily operational matters, such as the use of communications equipment while driving. Therefore, SIRC recommended that CSIS prioritize the request for legal advice pertaining to its liability under distracted driving legislation across Canada. Furthermore, following receipt of legal advice, CSIS should develop clear and standardized operating procedures outlining the responsibilities of surveillance officers with respect to the performance of their duties and functions while driving."

Distractions-placement-626x382

While the CSIS and the SIRC do not always see eye-to-eye, the two agencies were in complete agreement on this priority. In its response to the SIRC's recommendation, the CSIS advised that "The Service has drafted a request for a legal opinion pertaining to its liability under distracted driving legislation across Canada."

Postscript

The SIRC's 2014-15 Annual Review of the CSIS makes no mention of steps taken to address a spy's liability under distracted driving legislation across Canada.

 

Commissioner Plouffe's report is tabled in Parliament - 20160128

Commissioner Plouffe's report is tabled in Parliament - 20160128

Today, the 2014-15 Annual Report of the Communications Security Establishment Commissioner, the Honourable Jean-Pierre Plouffe, CD, was tabled in Parliament.

The Commissioner provides independent external review of the Communications Security Establishment's (CSE) operational activities to determine whether they complied with the law and protected the privacy of Canadians. Mr. Plouffe is a retired judge of the Superior Court of Quebec and the Court Martial Appeal Court of Canada. As CSE Commissioner, he has all the powers of a Commissioner under Part II of the Inquiries Act.

The Commissioner stated: “Each year, I have made public more information about my investigations, to be as transparent as possible.” He added: “I have encouraged CSE to be more forthcoming in what it communicates to the public.”

Report Highlights

With the exception of one review related to metadata, all of the activities of CSE reviewed in 2014–2015 complied with the law.

The Commissioner made eight recommendations, including:

  • that the Minister of National Defence update the directive for metadata activities to address the evolution of practices in this field as well as to clarify terminology that has changed over time;
  • that the National Defence Act (NDA) be amended to remove an ambiguity regarding CSE information technology security activities carried out under ministerial authorization;
  • that interdepartmental arrangements related to section 16 of the Canadian Security Intelligence Service Act be updated or created in a timely manner. Given this implicates the Canadian Security Intelligence Service (CSIS), the Commissioner informed the former acting Chair of the Security Intelligence Review Committee (SIRC), which is one of the ways he is encouraging co-operation between review bodies; and
  • that CSE highlight to the Minister of National Defence important differences between private communications intercepted under information technology security ministerial authorizations versus those intercepted under foreign signals intelligence ministerial authorizations; these differences relate to the lower expectation of privacy attached to an email containing malicious code.

CSE metadata activities

In his annual report, the Commissioner stated that certain CSE metadata activities raised legal questions that he continues to examine and assess. The Commissioner has since completed that legal assessment.

The annual report provides a detailed unclassified summary of the first part of the Commissioner's review on CSE foreign signals intelligence metadata activities. These activities must be carried out in accordance with the NDA, which requires CSE to take measures to protect the privacy of Canadians, and in accordance with the 2011 ministerial directive on CSE's collection and use of metadata.

At the start of the review, CSE discovered on its own that certain types of metadata containing Canadian identity information were not being minimized properly before being shared with CSE's partners in the United States, the United Kingdom, Australia and New Zealand. The former Chief of CSE informed the Commissioner, as well as the Minister of National Defence, about this matter.

After making this discovery, CSE proactively suspended the sharing of this metadata with its partners. The Chief of CSE assured the Commissioner that the suspension will remain in effect until systems are in place to properly minimize all Canadian identity information.

In his annual report, the Commissioner stated that he would carefully weigh the legal implications of the incidents. The Commissioner directed his staff to investigate this issue as part of the metadata review that was already under way. This included: an examination of relevant documentation and technical detail of systems involved; interviews with CSE operational, policy and technical staff and managers, and with senior CSE officials; and meetings with Justice Canada's legal counsel at CSE. In addition, the Commissioner received advice from both in-house legal counsel and external independent legal counsel.

The Commissioner stated: "CSE co-operated fully with this investigation, was forthcoming, provided in-depth written accounts of the metadata minimization deficiencies and has been providing updates on the status of corrective efforts."

After careful examination of all the information before him, the Commissioner concluded that CSE's failure to minimize certain Canadian identity information prior to it being shared with its partners did not comply with paragraph 273.64(2)(b) and section 273.66 of the NDA, and, as a consequence, did not comply with section 8 of the Privacy Act. The Commissioner therefore exercised his legal duty under paragraph 273.63(2)(c) of the NDA and informed the Minister of National Defence and the Attorney General of Canada of this non-compliance with the law. In this instance, while the Commissioner stated he believes the actions of CSE were not intentional, it did not, however, act with due diligence when it failed to ensure that the Canadian identity information was properly minimized.

The Commissioner stated: "During my mandate, I have echoed past Commissioners' longstanding calls to amend Part V.1 of the NDA because certain important provisions are ambiguous. I recently recommended to the Minister of National Defence that the NDA be amended to provide a clear framework for CSE's metadata activities." While paragraph 273.64(1)(a) of the NDA provides authority to CSE to conduct metadata activities, an explicit authority for these activities would strengthen overall accountability.

The Commissioner received a reply to his letter to the Minister of National Defence and the Attorney General of Canada and is pleased that they have accepted his recommendations related to metadata. He will continue to monitor developments.

Background on Metadata

  • Paragraph 273.64(1)(a) of the NDA authorizes CSE to acquire and use information from the global information infrastructure for foreign intelligence purposes, including metadata. Metadata is information associated with a communication that is used to identify, describe, manage or route that communication. It includes, but is not limited to, a telephone number, an email or an Internet Protocol (IP) address, and network location information; metadata excludes the content of the communication.
  • Paragraph 273.64(2)(b) of the NDA requires CSE to take measures to protect the privacy of Canadians, one measure of which is minimization. Minimization is the process by which Canadian identity information contained in metadata is rendered unidentifiable prior to being shared.
  • Section 273.66 of the NDA requires CSE to follow ministerial direction while undertaking its activities. A ministerial directive is a written document that provides additional requirements, conditions or limitations from the Minister of National Defence that CSE is to adhere to while conducting an activity already authorized by law.
  • Section 8 of the Privacy Act relates to the disclosure of personal information.

Related Products

Associated Links

Contacts

J. William Galbraith
Executive Director, Office of the CSE Commissioner
(613) 992-3044

CSE Commissioner: CSE violated law - Lux Ex Umbra 20160128

CSE Commissioner: CSE violated law - Lux Ex Umbra 20160128

The CSE Commissioner's 2014-15 Annual Report was finally tabled today, nearly 10 months after the end of the fiscal year covered by the document.

There is a lot that's interesting in the report, but the big news—which was actually in the press release from the Commissioner's office that accompanied the report rather than in the report itself—is that the Commissioner has declared that "CSE's failure to minimize certain Canadian identity information prior to it being shared with its partners did not comply with paragraph 273.64(2)(b) and section 273.66 of the [National Defence Act], and, as a consequence, did not comply with section 8 of the Privacy Act. The Commissioner therefore exercised his legal duty under paragraph 273.63(2)(c) of the NDA and informed the Minister of National Defence and the Attorney General of Canada of this non-compliance with the law."

In plain language, the Commissioner declared that CSE had failed to comply with the law.

In the 20 years since the office was first created, no CSE Commissioner has ever made such a declaration before.

The Canadian Identity Information in question was contained in "certain types of metadata" that "were not being minimized properly before being shared with CSE's partners in the United States, the United Kingdom, Australia and New Zealand", presumably throughGLOBALREACH. The exact nature of the metadata involved has not been revealed.

According to the Commissioner and CSE, CSE identified the problem in late 2013, reported it to the Commissioner, and suspended the data transfers pending a solution to the problem, which Defence Minister Sajjan described today as being caused by "technical deficiencies in CSE systems". These deficiencies must be quite fundamental, however, as it is now 2016 and the problem remains unresolved.

The press release from the Commissioner's office also reports that, "while the Commissioner stated he believes the actions of CSE [in transferring the unminimized metadata] were not intentional, it did not, however, act with due diligence when it failed to ensure that the Canadian identity information was properly minimized." This seems to be the basis of the Commissioner's conclusion that, in this instance, CSE did not comply with the law, whereas in earlier casesunintentional violations of the law have not been characterized as non-compliance.

Perhaps the Commissioner was especially annoyed in this case because in 2013 his predecessor had assured Canadians that "in its reports, and in other information [e.g., metadata] CSE shares with its domestic and international partners, CSE must render impossible the identification of Canadians, and I verify that this is done. As noted in my report last year, I have found that CSE does take measures to protect the privacy of Canadians in what it shares with its domestic and international partners." [Quotation updated 29 January 2016 for reasons of terminological exactitude. HT to WG.]

The Commissioner's declaration that CSE did not comply with the law brings to an abrupt and welcome end the nearly 20-year-old Ottawa tradition of deflecting all questions about CSE activities with the refrain that "the independent CSE Commissioner has always found CSE to be in compliance with the law". (It looks like this blog post is going to need some revision.)

I'll comment on some of the other interesting and significant elements in the 2014-15 report in future posts.

Related coverage and commentary:

- Jim Bronskill, "Canada’s electronic spy agency broke privacy law by sharing metadata, watchdog says," Canadian Press, 28 January 2016
- Robert Fife & Colin Freeze, "Canada's spy agencies broke surveillance laws, watchdogs reveal," Globe and Mail, 28 January 2016
- Justin Ling, "Canadian Spies Get Spanked Again For Sharing Citizens' Data With the NSA," Vice News, 28 January 2016
- "Canada's electronic spy agency stops sharing some metadata with partners," CBC News, 28 January 2016
- "Electronic spy agency stops sharing information with partners over privacy concerns," CTV News, 28 January 2016
- Monique Muise, "Watchdog says electronic spy agency shared info about Canadians," Global News, 28 January 2016
- "Canadian intelligence agency stops sharing metadata with foreign intelligence agencies following revelations that shared information was not being sufficiently protected," OpenMedia news release, 28 January 2016

Update 29 January 2016:

- Alex Boutilier, "Canada’s electronic spy agency broke privacy laws, watchdog says," Toronto Star, 28 January 2016. Note the discussion of CSE's accompanying "technical briefing": "A high-ranking CSE official, who Thursday gave a technical briefing on the condition they not be named, described the issue as a technical glitch discovered in late 2013.... While CSE downplayed the severity of the breach — saying the privacy impact was “low” — it was significant enough to prompt the first press briefing in the agency’s 70-year history." A good point.

As for CSE's insistence on no use of names, if I had to guess, I'd say the speaker was probably Shelly Bruce. After all, what "high-ranking" CSE official would be better for speaking to this issue than the Deputy Chief who is in charge of the SIGINT program at the agency? (It might also explain why the Toronto Star used "they" as the pronoun in this instance.) But if it was Bruce, why insist on non-attribution? As the link shows, Bruce's name and position are not in any way secret. Maybe it wasn't Bruce, in which case the non-attribution might make some minimal amount of sense.

Update 31 January 2016:

Here are the speaking notes for high-ranking CSE official They Who Must Not Be Named. Minor quibble: CSE will be celebrating its 70th birthday on 1 September 2016. It's a bit premature, therefore, to declare in January 2016 that "CSE has been at work, protecting Canada and Canadians, for over 70 years."

Update 1 February 2016:

- Wesley Wark, "Canada’s spy watchdogs: Good, but not good enough," Globe and Mail, 1 February 2016
- Tim Harper, "A privacy breach and a country left in the dark,"Toronto Star, 29 January 2016

Update 4 February 2016:

- Tamir Israel & Christopher Parsons, "Why We Need to Reevaluate How We Share Intelligence Data With Allies," Just Security, 3 February 2016

CSE commissioner's annual report released - Lux Ex Umbra 20140820

CSE commissioner's annual report released - Lux Ex Umbra 20140820

The CSE commissioner's annual report was released today (PDF;HTML).

There is a lot of interesting information in the report, but the big news is that the commissioner was permitted to put a number on the use or retention of private communications (communications with at least one end in Canada) in the foreign intelligence part of CSEC's activities during 2012-13.

And that number is 66:

Overall, in 2012–2013, the volume of communications collected through CSEC’s foreign signals intelligence activities increased. However, the number of recognized private communications unintentionally intercepted and retained by CSEC was small enough that I could review each of them individually. At the end of the 2012–2013 ministerial authorization period, CSEC retained 66 of the recognized private communications that it collected. Of these, 41 private communications were used in CSEC reports (with any Canadian identities suppressed in the reports) and 25 were retained by CSEC for future use. All other recognized private communications unintentionally intercepted by CSEC were destroyed.

Sixty-six is a reassuringly small number, and the number of Canadians or other persons in Canada (hereafter "Canadian persons") involved in those communications could be even smaller, as some may have participated in more than one communication. (On the other hand, in theory a single communication involving a foreign target could go to a mailing list with dozens of Canadian persons on it, so the total number of Canadian persons implicated could be much larger.)

There are several other facts worth noting about this number.

First, it does not include any reporting, retention, or provision of private communications collected by CSEC under the cyber protection (Mandate B) or support to domestic law enforcement and security agencies (Mandate C) parts of its mandate.

[Update 19 November 2014: As shown here, the number of private communications used or retained by the cyber defence program (Mandate B) during the 1 December 2012 to 30 November 2013 reporting year was almost certainly in the low thousands, 15 to 60 times greater than the number reported for the foreign intelligence program by the CSE Commissioner.]

Second, it does not include any reporting or retention of private communications obtained by CSEC through its SIGINT partners. The report does acknowledge CSEC's "receipt from the Second Parties of intercepted communications and other foreign signals intelligence information, particularly private communications and information about Canadians." However, according to the commissioner, "The unintentional interception of a private communication by CSEC is a different situation than the unintentional acquisition by CSEC from a second party source of a one-end Canadian communication."

I have some difficulty understanding this point, as the Criminal Codedefinition of intercept includes to "listen to, record or acquire a communication or acquire the substance, meaning or purport thereof", which would seem to me to include acquiring it from Second Parties. But I'm no lawyer. Past commissioners have suggested that a definition of "intercept" ought to be included in those National Defence Act amendments that the government never bothers to get around to, and maybe that's why that suggestion was made. Does CSEC have its own definition of intercept that differs from the one in the Criminal Code?

Third, it does not include any reporting or retention of communications that are not considered private communications even though they do involve one or more Canadian citizens. An example would be a communication by a Canadian in which both ends of the communication are outside Canada (e.g., you're visiting France and you phone a business associate in Germany). CSEC is still not permitted to target Canadians under its Mandate A under such circumstances, but any such communication collected incidentally that met the relevant criteria could be reported or retained and would not appear in the 66 figure quoted by the commissioner.

Fourth, the figure includes only those private communications that were reported or retained. As the commissioner himself notes, "CSEC deletes almost all of the small number of recognized foreign signals intelligence private communications unintentionally intercepted by its collection programs" (emphasis added). Logically, this means that the 66 that were used or retained (i.e., not deleted) represent almost none of the total that were actually intercepted. How large is the latter number? The commissioner does say that the number intercepted is itself a "small number". But in comparison to the billions of private communications that Canadians participate in every year, some pretty large numbers might be characterizable as small.

None of this is to suggest that a massive program designed to monitor all Canadians lurks beneath that innocuous-sounding 66 number. But it's worth recognizing that 66 is far from the whole picture.

Another point: I really have a hard time with this term "unintentional" that the commissioners use. There are cases when CSEC is trying to collect a foreign communication and by mistake it pulls in a Canadian communication. Those could fairly be described as "unintentional" or, as CSEC seems to prefer, "inadvertent".

The cases that CSEC describes as "incidental" are a separate type. If CSEC collects a bunch of communications to or from one of its foreign targets, let's call him Osama, and one of those communications turns out to involve a Canadian, the collection of that Canadian's communication is termed "incidental" by CSEC. It wasn't collected by mistake. And it wasn't collected unintentionally either. It was done on purpose. The Canadian wasn't specifically targeted for collection, but CSEC certainly did want to know the identity of the people Osama was talking to and the content of those communications, and, as you might expect, they were especially interested in the Canadian angle. In fact, the law was changed in 2001 specifically to ensure that it is legal for CSEC to collect, use, and retain those targeted foreign communications that turn out to have one end in Canada.

I get that the commissioners are trying to distinguish between targeting specific Canadians and not targeting specific Canadians. But there is nothing "unintentional" about the fact that CSEC collects—and pays particular attention to—the communications of Canadians and persons in Canada when those communications are with one of CSEC's foreign targets. Even the term "incidental" is somewhat misleading, in my view, as it carries the implication that CSEC isn't really interested in the Canadian end.

They're interested.

Criticisms and comments notwithstanding, it' s nice to see the increase in transparency in this year's report by the commissioner.

There is a lot more of interest in this year's report, but that's all for now...

Media coverage:

- Colin Freeze, "Spy agency intercepted, kept communications of 66 Canadians," Globe and Mail, 20 August 2014
- Jim Bronskill, "Spy agency improperly kept Canadian info," Canadian Press, 20 August 2014
- David Pugliese, "Communications Security Establishment kept private communications of Canadians in violation of internal policies," Defence Watch blog, 20 August 2014
- Tonda MacCharles, "Canada’s electronic spy agency gets passing grade from watchdog," Toronto Star, 20 August 2014
- Kady O'Malley, "CSEC kept 66 'unintentionally' obtained private communications," CBC News, 20 August 2014

Update 21 August 2014:

- Editorial, "A glimpse into the iceberg that is CSEC," Globe and Mail, 21 August 2014
- Wesley Wark, "Canadian spy agency watchdog strikes a new pose,"Ottawa Citizen, 21 August 2014. Excellent commentary by Canada's leading academic expert on intelligence issues.

Update 22 August 2014:

- Justin Ling, "Canada's Spy Agency Recorded Citizens' Calls, Internal Audit Reveals," Motherboard, 22 August 2014

Update 25 August 2014:

- Dan Leger, "Spies, guard dogs duck oversight," Chronicle Herald, 25 August 2014

Statement from the Minister of National Defence on the CSE Commissioner’s Annual Report for 2014-2015 - 20160128

Statement from the Minister of National Defence on the CSE Commissioner’s Annual Report for 2014-2015 - 20160128

Today, the Annual Report for 2014-2015 of the Communications Security Establishment Commissioner, the Honourable Jean-Pierre Plouffe was tabled in the House of Commons. The Commissioner’s Annual Report is a valuable means by which CSE remains accountable to me, to Parliament, and to the Canadian people.

In this year’s report, the Commissioner provided eight recommendations to improve the way CSE operates. I have met with Mr. Plouffe, and advised him that I support his recommendations.

One of the reviews in the report makes reference to certain legal questions around CSE metadata activities. CSE discovered, on its own, that certain types of metadata were not being properly protected prior to sharing with allies, due to technical deficiencies in CSE systems. CSE proactively informed the Commissioner about these matters, and suspended the sharing of this metadata to Canada’s partners. The Commissioner has since concluded the legal assessment associated with this review and reported his finding to me and the Attorney General of Canada.

The metadata in question that was shared with Canada’s partners did not contain names or enough information on its own to identify individuals. Taken together with CSE’s suite of privacy protection measures, the privacy impact was low. I am reassured that the Commissioner’s findings confirm the metadata errors that CSE identified were unintentional, and am satisfied with CSE’s proactive measures, including suspending the sharing of this information with its partners and informing the Minister of Defence. I have consulted with the Attorney General who also supports my decision to accept the Commissioner’s recommendations. CSE will not resume sharing this information with our partners until I am fully satisfied the effective systems and measures are in place.

Metadata is the information about communications used by computer systems to identify, manage or route communications over networks. It does not include the content of a communication. For example, it does not include the content of emails, phone calls or text messages. Metadata is used to understand complex and changing networks, discover and analyse foreign intelligence targets and their social networks and identify cyber threats. It helps us understand how foreign actors, such as terrorist groups, cyber actors or hostile intelligence agencies use networks and systems. When we understand how they communicate, we can discover motivations, intentions, capabilities and activities of these actors, and work with other Government of Canada agencies to stop threats before they materialize.

CSE helps protect Canada and Canadians by collecting foreign signals intelligence based on Government of Canada intelligence priorities, helps protect electronic systems and networks against cyber-attacks and assists federal law enforcement and security agencies. CSE cyber defence analysts use metadata to discover cyber threats from foreign states, criminals and other threat actors who are trying to extract information from Canada’s systems, or are attempting to disrupt service on Canada’s critical electronic networks by using malicious software or malware.

The protection of the privacy of Canadians is a fundamental principle for CSE, guiding its mission to contribute to the security of our nation and of our citizens while maintaining the public interest.

This demonstrates why the proposed statutory committee of Parliamentarians to review security-related issues is so essential. The committee will be instrumental in helping the government meet its stated goal of strengthening national security oversight.

The government will introduce legislation to create a statutory committee of Parliamentarians with special access to classified information to review departments and agencies with national security responsibilities. We are committed to ensuring the safety of Canadians while protecting our collective rights and freedoms.

Finally, I have directed CSE to find new opportunities to communicate with the public more openly about their activities, while still protecting sensitive information as appropriate.

The Honourable Harjit Sajjan,
Minister of National Defence

Canada’s spy watchdogs: Good, but not good enough - The Globe and Mail 20160201

Canada’s spy watchdogs: Good, but not good enough - The Globe and Mail 20160201

The tabling in Parliament this past week of the annual reports of Canada’s two spy watchdog agencies conveys a hidden message. The message is that the existing system to hold intrusive intelligence gathering agencies to account is working, in fact, it is working better than ever.

This message will please the Conservative party and may take some wind out of the sails of the Liberal government’s planned reforms. The former Harper government consistently argued that the existing review bodies, the Security Intelligence Review Committee, which keeps a watch on the Canadian Security Intelligence Service (CSIS), and the Commissioner of the Communications Security Establishment (CSE), which holds our electronic spy service to account, were all that Parliament and the Canadian public needed by way of scrutiny of our much expanded post-Sept. 11 intelligence system. The Conservatives turned a deaf ear to calls for an expanded review of intelligence during the acrimonious debate over Bill C-51, the flagship revision of the anti-terrorism laws, and derided the notion that Parliament should play a greater role.

The Liberal government has promised to create a new Parliamentary review body that will focus on security and intelligence matters and whose members will, for the first time in Canadian history, have access to classified briefings and documents. Public Safety Minister Ralph Goodale has gone further than this by indicating that the government is examining additional reforms to broaden the scope of review of Canadian intelligence activities – reforms that might involve abolishing the existing review bodies.

What do the recent annual reports tell us about the credibility of the polarized arguments about the adequacy of Canadian watchdog agencies? To be fair, both the Security Intelligence Review Committee (SIRC) and the CSE Commissioner’s Office (OCSEC) have delivered strong reports and both are emerging from earlier periods of darkness.

But the fact that the spy watchdogs have demonstrated they can do their job, does not mean, as the Conservatives would have it, that the job they do is adequate. The spy watchdogs are pre-9/11 creations, built for an era when Canadian intelligence was relatively modest in size and capabilities, when the focus was on controlling potential law breaking and scandal, and when public expectations around being informed about spy activities were even more modest. Much has changed.

The existing watchdog agencies are shackled in their ability to respond to the new realities of expanded, more complex intelligence operations, and of higher levels of public expectations around transparency. They cannot follow the “threads” that connect the interconnected world of multiple Canadian intelligence agencies beyond their remit. They remain siloed and unstrategic in their review capacity. The existing spy watchdogs are constrained by a focus on issues of legality and government authority and not able to stretch their mandates to answer key questions about effectiveness. They are shackled to secrecy laws, which limit their ability to tell the full story of what they uncover, except to those within the “ring of secrecy.” That ring of secrecy does not, at the moment, include Parliament and its standing committees. So Parliament receives reports from the review agencies that it cannot fully understand or probe. The same goes for the media.

In contemplating a reform agenda for intelligence review, the Liberals need to hold fast to their promises and their current thinking. They need to create a Parliamentary committee with access to secrets and they need to reshape an outdated independent review system. The challenge will be not to throw out babies with the bathwater. If the existing watchdog agencies are abolished in favour of a new body, a super-SIRC or Inspector General (on the Australian model), then care will have to be taken to retain the expertise of SIRC and the CSE Commissioner’s Office. If a new review body emerges with a greater emphasis on measuring performance, the questions of lawful authority must not be relegated to a distant second place. If a new Parliamentary body is to perform well, it will have to do so in concert with a new and expanded external watchdog agency, without creating a review system that overburdens spy agencies themselves. While we pursue new forms of reassurance about intelligence operations, we will still want those agencies to spy, and spy well.

SIRC 2014-15 Annual Report: The watchdog shows his teeth - Lux Ex Umbra 20160203

SIRC 2014-15 Annual Report: The watchdog shows his teeth - Lux Ex Umbra 20160203

As I noted here, there is a lot of interesting news in the CSE Commissioner's 2014-15 Annual Report, which was finally made public on 28 January 2016. (The Commissioner's reports are normally tabled in the June to August timeframe; the previous record for tardiness was the 2003-04 report, which was released on 8 October 2004. It is evident that the Harper government did not want the information that was in the report to be available to Canadians during an election campaign.)

The big news in the report was that, for the first time, the CSE Commissioner was holding out the possibility that CSE might be found in non-compliance with the law. The final answer to that question was left open in the report itself, which stated that the Commissioner was still examining the legal implications of the issue. By the time the report was finally tabled, however, Commissioner Plouffe had completed his review of the issue and concluded that CSE had failed to exercise due diligence and thus had violated the law. (For further details, see here.)

I see this decision as a very positive development. As I argued here, it was beginning to look as though CSE Commissioners would never find CSE in breach of the law for anything—or at least nothing short of admitted, unrepentant, and on-going illegality of the most brazen kind.

The danger of always letting CSE off the hook in the kinds of cases that actually do come up was two-fold: First, Canadians might come to see the Commissioner's annual assurances as largely meaningless, undermining one of the primary purposes of having the office. Second, CSE might come to see prevention of compliance lapses as relatively unimportant, since problems subsequently identified could always be fixed at some later time without consequences. By demonstrating that consequences are possible, at least in cases where CSE failed to exercise due diligence, the agency has been reminded that legal compliance has to be first on its priorities list at all times: it can never be left as an afterthought.

Another benefit of finally wielding the hammer of compliance judgement is that the level of attention paid to the Commissioner's recommendations at the political/ministerial level cannot fail to be dramatically elevated. Maybe now—finally—going on fifteen years after the mandate of the Communications Security Establishment was enacted into law, we will see action on the clarifying amendments that successive Commissioners have sought from the beginning. (More on potential amendments below.)

Last year I lamented the continuing failure of successive Commissioners to "pick up the hammer"; it's good to see a more Thor-like Commissioner in action.

There were also many other noteworthy items in this year's report.

Use and retention of private communications

The big news in the2013-14 report was that the Commissioner had finally been permitted to specify the number of "private communications" (communications with at least one end in Canada) used in intelligence reports or retained by CSE for possible future use during the agency's Mandate A (foreign intelligence) operations. That year the number was 66; this year the number is a mere 16.

Sixteen is a very small number, and it is useful that the CSE Commissioner is able to report it.

But, as I noted last year, it does not represent anywhere near a complete accounting of the Canadian communications intercepted or otherwise acquired and examined by CSE during the course of the year. It does not include communications of Canadians that do not fall into the definition of private communications, such as calls involving Canadians in which neither communicant is physically in Canada at the time. It does not include private communications intercepted and forwarded to CSE by Canada's SIGINT allies. It does not include private communications obtained during CSE's Mandate B (cyber security) operations. (This year's report has some interesting comments on those intercepts, however.) It also does not include private communications obtained during CSE's Mandate C (support to federal law enforcement and security agencies) operations. Finally, most importantly, it does not include the much larger number of Canadian communications intercepted or otherwise acquired by CSE that ultimately are neither used nor retained by the agency, but are simply assessed and deleted. How much larger that number is (and the scale of the even larger number of communications that receive preliminary monitoring of some sort but are never sent to an analyst to be "recognized" as private communications because automatic filters decide that they are not likely to be of interest) has never been revealed.

This is not to say there's a secret program to monitor everything Canadians say and do hiding under that almost inconsequential-looking sixteen number. Just a reminder that it is far from the whole story.

A useful innovation discussed in this year's report is the series of "spot checks" that the Commissioner has begun conducting on the larger set of private communications intercepted during CSE's Mandate A operations. These reviews cover all private communications "intercepted and recognized", not just those used or retained—but only those intercepted by CSE itself under its Mandate A. This year's spot checks covered the periods of 1 April 2014 to 20 June 2014 and 1 September 2014 to 15 October 2014", which together comprise 126 days, or 34.5% of the year.

Unfortunately, the Commissioner doesn't tell us how many Canadian private communications were intercepted and recognized during these review periods. This limits the reassurance value of his report.

I suspect that he would have been quite happy to publish this number, which would provide at least some, albeit partial, basis for assessing the scale at which CSE examines Canadian communications. Most probably CSE refused to declassify the figure. Elsewhere in his report, the Commissioner works hard to emphasize that the Minister of National Defence and CSE itself are not allowed to censor his public reporting. This is true, and of very great importance. They can't, for example, prevent him from reporting that CSE failed to comply with the law. But by controlling the power of declassification, they can and do reduce much of the Commissioner's reporting to generalities and often incomprehensibility. This has been an on-going problem for CSE Commissioners.

To their credit, the Commissioners have been gradually increasing the amount of hard information they are able to report, and this year's report contains some valuable new numbers (see below)—which also serve as important evidence that 16 private communications is far from the whole truth of CSE's interactions with Canadians.

Disclosures of Canadian Identity Information

When CSE issues a report that refers to a Canadian individual/corporation/organization etc. in some way, it "suppresses" the information that identifies that Canadian, replacing it with an expression such as "a named Canadian". CSE's customers can request this Canadian Identity Information (CII), however, and CSE will provide it if it assesses that the request is appropriate. (The RCMP might wish to know the actual name or contact information of a Canadian planning to import large quantities of illegal drugs, for example.)

This year, the Commissioner was able, for the first time, to provide statistics on the number of requests for CII made by Government of Canada clients during a portion of the year under review.

According to the report, CSE received 710 requests from Canadian government clients over a six-month period, or about 3.9 requests per day, for CII related to its Mandate A and Mandate B reporting, with the number of actual identities requested being even greater (a single request can involve multiple identities). This suggests that probably something on the order of 1500 requests were made during the entire year.

Not reported, however, was the percentage of times suppressed CII was requested or the percentage of times CSE acceded to those requests and provided the information sought. The report does state that some requests were refused, however.

Thinking about this in a back-of-the-envelope kind of way, the "sweet spot" to shoot for, it seems to me, would be a low request rate (CII requests in no more than say 10% of cases and possibly much lower than that) in combination with a high (say 90-95%) approval rate. A high approval rate would be desirable (when combined with a low request rate) because it would suggest that CSE's clients understand the rules surrounding the information and request it only when it is reasonably clear that they need it. A less than 100% approval rate, on the other hand, would also be desirable as it would suggest that approval is not granted as a matter of routine but is actually considered on a case-by-case basis.

By contrast, a high request rate combined with a high approval rate would suggest that the suppression of Canadian Identity Information in the original reports is more pro forma than a real privacy protection measure. A low approval rate would suggest, on the other hand, that CSE's clients are consistently seeking information about Canadians for which they have no justifiable need and/or that CSE's rules for access are incomprehensible or arbitrary and that its clients have no clear idea what sorts of requests may be approved.

Perhaps the Commissioner can provide some data on request and approval rates in future reports to help Canadians judge these possibilities for themselves.

It would also be helpful to know a bit more about the approval system itself in order to draw firm conclusions about its usefulness. Is it little more than a series of check boxes on an electronic form asking the requester to affirm that the identity information sought is essential to a full understanding of the intelligence in question and that such intelligence falls within the mandate of the agency requesting it? Do refusals only happen when some clown can't be bothered to read the form carefully enough to check the right boxes? A high but not perfect approval rate under those circumstances would not be much to celebrate. It would be nice if we had some basis for judging between these possibilities.

Getting back to the data that the Commissioner did provide, an annual rate of 1500 or so requests for Canadian Identity Information—which could imply (and here I'm guessing wildly) a grand total of something like 15,000 reports containing CII—presents a considerably different picture than that evoked by the Commissioner's affirmation that only 16 private communications were featured in reports in the same general timeframe.

The two measures address different things, of course. As noted above, CSE has access to many more Canadian communications than just those that it intercepts itself during Mandate A operations. More importantly, many of the references to Canadian identities that appear in CSE's reports are likely to have originated in communications that did not themselves involve Canadians. A foreign diplomatic communication might report, for example, that "named Canadian corporation" produces a particular kind of widget that would be useful for that country's prohibited ballistic missile program and that it might be possible to acquire these items through a front company based in the Bahamas. Few people would object to CSE reporting on such a communication, or to CSIS or the RCMP requesting the actual name of the company in order to prevent illicit technology transfers.

Still, the possibility that many thousands of CSE reports refer to Canadians every year, and that in hundreds of those cases the identities and other related information concerning those Canadians is ultimately released to other government agencies, highlights the extent to which CSE's activities really do impinge on or overlap with the personal lives of Canadians.

The Commissioner also reported that an unspecified number of requests for Canadian Identity Information were made by Canada's SIGINT allies (U.S., U.K., Australia, and New Zealand) during the year—and that approximately half of those requests were denied.
Such a large percentage of denials would seem to indicate that CSE places a high priority on protecting Canadian privacy in such exchanges. However, as I suggested above, it might also indicate that the Second Parties have been seeking Canadian information for which they have no justifiable need and/or that they do not understand the rules that govern access to Canadian information. Either explanation is cause for some concern.

The Commissioner also recorded that "Six requests were made for disclosure of Canadian identity information to non-Five Eyes recipients. Five of these requests were made by a Government of Canada client and one was made by a Second Party partner. None were denied."

Since 2011, CSE has been obliged to conduct a "mistreatment risk assessment" before permitting the disclosure of Canadian identity information to non-Five Eyes recipients. I fervently hope but can't say I'm at all confident that this process is considerably more rigorous than the one that governs Canadian arms sales to countries such as Saudi Arabia. The Commissioner's report notes that he reviewed "some of the corresponding mistreatment risk assessments", but it doesn't say what he made of them.

One wonders why certain Five Eyes countries that have been known to conduct extra-judicial executions, cross-border kidnapping, detention without trial, and "enhanced interrogation" are not also subject to such assessments. One might even consider it a legal obligation to perform such due diligence under certain international conventions to which Canada is a party.

Another NDA amendment recommended

Another important bit of news in the 2014-15 report is that the Commissioner has added an additional item to his list of recommended amendments to the section of the National Defence Actthat spells out CSE's mandate and powers.

Successive Commissioners have recommended that clarifying amendments be made to the NDA since shortly after the CSE-related sections were passed in 2001. The Commissioners have sought amendments related to the nature of the Ministerial Authorizations that govern the interception of private communications, the definition of the terms "intercept" and "interception", and other aspects of the law.

In 2007, the Harper government promised to proceed with amendments addressing these issues, but in fact it did nothing on any of them.

The Commissioner's new recommendation concerns the rules governing CSE's IT Security activities:

The National Defence Act was modified by the Anti-Terrorism Act in 2001 to, among other things, legislate CSE as well as its activities. Regarding IT security ministerial authorizations, it was established that the Minister of National Defence could authorize CSE to intercept private communications for the sole purpose of protecting Government of Canada computer systems or networks from mischief, unauthorized use or interference, in the circumstances specified in paragraph 184(2)(c) of theCriminal Code.

Subsection 184(1) of the Code establishes the offence of intercepting a private communication and subsection 184(2) sets out circumstances where the interception is not an offence. Paragraph 184(2)(c) applies to persons engaged in providing a telephone, telegraph or other communication service to the public who intercept private communications while providing the service.

I believe subsection 273.65(3) of the National Defence Actdoes not accurately reflect CSE’s activities because CSE undertakes activities beyond those considered in “the circumstances specified in paragraph 184(2)(c) of the Criminal Code.” I therefore recommended that subsection 273.65(3) of the National Defence Act be amended as soon as practicable to remove any ambiguities respecting CSE’s authority to conduct IT security activities that risk the interception of private communications.

According to the Commissioner's report, this new recommendation was also accepted by Harper government, although we will never know how sincere that acceptance may have been.

More importantly, the current government's Minister of National Defence has announced his support for the recommendations in this year's report, including the recommendation to amend the NDA.

If the government lives up to that commitment—and takes the opportunity to enact the other recommended amendments as well—we may finally see the end of the legal interpretation issues concerning CSE's mandate that, in the words of one Commissioner, "have bedevilled this office since December 2001."

Because it's 2016, and about time.

Commissioner's mandate and privacy

And while we're on the subject of amendments to the NDA, let's talk about the CSE Commissioner's mandate to promote privacy.

Successive Commissioners have made privacy protection an important part of their activities, but as far as I can see the only basis for that in legislation is their mandate to assess compliance with the law, which enables them to assess compliance with, for example, the privacy protections provided to Canadians in the Charter of Rights and Freedoms.

The privacy protections that exist in law (to the extent that jurisprudence has made them clear) do provide a minimum level of protection—a floor—beneath which CSE must not be permitted to sink.

But it seems to me that Canadians could also benefit from having an active advocate for greater and continuously updated protections—a constant effort to raise the ceiling—so as to adapt to changing technology and circumstances.

Commissioners do seem to have tried to push the envelope on privacy questions. The current Commissioner describes his mandate as not only to assess compliance with the law, but also "to promote the development and effective application of satisfactory measures to protect the privacy of Canadians in all the operational activities CSE undertakes."

Wouldn't it be great if the government wrote this mission explicitly into the NDA when it proceeds with those other amendments?

CFIOG Cyber Support Detachments

On a totally different topic, one of the more interesting reviews conducted by the Commissioner during the past year was an examination of the SIGINT activities of the Canadian Forces Information Operations Group (CFIOG) Cyber Support Detachments.

These small military units, formerly known as SIGINT Support Elements, are located at major headquarters in Halifax, Victoria, Winnipeg, and presumably Ottawa.

CFIOG Cyber Support Detachments act as the go-between to provide CSE reports on foreign signals intelligence to clients within the [Canadian Armed Forces (CAF)]. The CFIOG Cyber Support Detachments provide foreign signals intelligence support to select CAF commanders for a spectrum of activities, ranging from planning to direct support to combat operations. The Detachments are not involved in either the collection of foreign signals intelligence or the production of related reports; they primarily provide situational awareness to their respective intelligence and operational staff.

The Commissioner's review "concluded that the Cyber Support Detachment activities conducted under the authority of Part V.1 of the National Defence Act were in compliance with the law, ministerial direction, and CSE policies and procedures." No recommendations were made for changes in any CSD activitities. Nothing too interesting there.

What was more interesting about the review was that it featured another challenge to the CSE Commissioner's authority to review what he sees fit:

At the outset, my authority under the National Defence Act to review the CFIOG-controlled Cyber Support Detachments was questioned. After a six-month delay and many discussions between my office, CSE and the CAF, I exercised my authority and was provided direct access to Detachment staff and premises to ensure that their foreign signals intelligence activities conducted under Part V.1 of the National Defence Act complied with the law, ministerial direction, and CSE policy and procedures.

Now this is what I like to see!

Last year, it was CSE arguing that the Commissioner had no authority to examine the protection of information shared with the Second Parties, other years it has been other things, and my question has always been, why doesn't the Commissioner just point to his powers under the National Defence Act and start kicking ass and taking names? It is written right into the NDA: he has the power to investigate anything he sees as relevant to his mandate.

This time, the report says, he "exercised [his] authority".

That may just be a dramatic way of saying he managed to negotiate permission to go in, but it sounds more like he swung the hammer around a little bit first.

More of this please!

Also of interest: the Commissioner's report notes that the SIGINT reports accessed by the CSDs

may contain Canadian identity information that has been suppressed, that is, replaced by a generic reference such as “a named Canadian.” In the event that there would be a request for the disclosure of suppressed information, the Detachments would follow an established process and pass the request to CSE for action. To date, however, there has never been a request for the disclosure of suppressed Canadian identity information [through the CSDs].

At least somebody's minding their own business!

But it does leave me wondering how the SIGINT system's support to search and rescue operations fits in. SIGINT radio direction-finding stations are often used to help pinpoint the location of aircraft and ships in distress and to relay information about the occupants to the Rescue Coordination Centre.

Does such information not pass through the CSDs?

Maybe it's just that identity information is not suppressed in the first place in emergency situations where it may be necessary to help save lives, so the question of requesting its disclosure under such circumstances doesn't arise.

There is more to discuss in the 2014-15 report, but that's all I'm going to write about for now. More to come in a later installment!

In the meantime, as a partial antidote to all the rosieness in the comments above, be sure to read Wesley Wark's commentary on the CSE Commissioner and SIRC: "Canada’s spy watchdogs: Good, but not good enough," Globe and Mail, 1 February 2016.