Tag Archives: Harjit Sajjan

Statement from the Minister of National Defence on the CSE Commissioner’s Annual Report for 2014-2015 - 20160128

Statement from the Minister of National Defence on the CSE Commissioner’s Annual Report for 2014-2015 - 20160128

Today, the Annual Report for 2014-2015 of the Communications Security Establishment Commissioner, the Honourable Jean-Pierre Plouffe was tabled in the House of Commons. The Commissioner’s Annual Report is a valuable means by which CSE remains accountable to me, to Parliament, and to the Canadian people.

In this year’s report, the Commissioner provided eight recommendations to improve the way CSE operates. I have met with Mr. Plouffe, and advised him that I support his recommendations.

One of the reviews in the report makes reference to certain legal questions around CSE metadata activities. CSE discovered, on its own, that certain types of metadata were not being properly protected prior to sharing with allies, due to technical deficiencies in CSE systems. CSE proactively informed the Commissioner about these matters, and suspended the sharing of this metadata to Canada’s partners. The Commissioner has since concluded the legal assessment associated with this review and reported his finding to me and the Attorney General of Canada.

The metadata in question that was shared with Canada’s partners did not contain names or enough information on its own to identify individuals. Taken together with CSE’s suite of privacy protection measures, the privacy impact was low. I am reassured that the Commissioner’s findings confirm the metadata errors that CSE identified were unintentional, and am satisfied with CSE’s proactive measures, including suspending the sharing of this information with its partners and informing the Minister of Defence. I have consulted with the Attorney General who also supports my decision to accept the Commissioner’s recommendations. CSE will not resume sharing this information with our partners until I am fully satisfied the effective systems and measures are in place.

Metadata is the information about communications used by computer systems to identify, manage or route communications over networks. It does not include the content of a communication. For example, it does not include the content of emails, phone calls or text messages. Metadata is used to understand complex and changing networks, discover and analyse foreign intelligence targets and their social networks and identify cyber threats. It helps us understand how foreign actors, such as terrorist groups, cyber actors or hostile intelligence agencies use networks and systems. When we understand how they communicate, we can discover motivations, intentions, capabilities and activities of these actors, and work with other Government of Canada agencies to stop threats before they materialize.

CSE helps protect Canada and Canadians by collecting foreign signals intelligence based on Government of Canada intelligence priorities, helps protect electronic systems and networks against cyber-attacks and assists federal law enforcement and security agencies. CSE cyber defence analysts use metadata to discover cyber threats from foreign states, criminals and other threat actors who are trying to extract information from Canada’s systems, or are attempting to disrupt service on Canada’s critical electronic networks by using malicious software or malware.

The protection of the privacy of Canadians is a fundamental principle for CSE, guiding its mission to contribute to the security of our nation and of our citizens while maintaining the public interest.

This demonstrates why the proposed statutory committee of Parliamentarians to review security-related issues is so essential. The committee will be instrumental in helping the government meet its stated goal of strengthening national security oversight.

The government will introduce legislation to create a statutory committee of Parliamentarians with special access to classified information to review departments and agencies with national security responsibilities. We are committed to ensuring the safety of Canadians while protecting our collective rights and freedoms.

Finally, I have directed CSE to find new opportunities to communicate with the public more openly about their activities, while still protecting sensitive information as appropriate.

The Honourable Harjit Sajjan,
Minister of National Defence

CSIS repeatedly obtained confidential taxpayer data without warrants, watchdog says - CBC News 20160128

CSIS repeatedly obtained confidential taxpayer data without warrants, watchdog says - CBC News 20160128

Review agency finds case wasn't isolated incident of obtaining information improperly from CRA.

Media placeholder
Goodale: government undertaking complete review of security intelligence framework.

Canada's spy agency CSIS improperly obtained taxpayer information from the Canada Revenue Agency without a warrant. And it happened more than once.

That's according to the annual report of the Security Intelligence Review Committee (SIRC), the independent office that oversees the activities of CSIS.

The report, tabled Thursday morning in the House of Commons, outlines how, during an application for a warrant from the federal court, a judge raised questions about a regional CSIS intelligence officer's access to confidential taxpayer information.

In August 2014, Canadian Security Intelligence Service director Michel Coulombe asked SIRC to investigate, after determining that the officer accessed the information improperly. Coulombe asked SIRC to figure out what happened and make recommendations about how to stop employees from doing it again.

According to SIRC, its examination found "that this was not an isolated incident of a single intelligence officer obtaining information improperly from CRA. In fact, SIRC found there were multiple instances of a particular CSIS office obtaining information from CRA absent a warrant."

SIRC also determined that the overall management of the first incident was inadequate, because CSIS operated, "under the assumption that this was an isolated event until SIRC apprised them of its findings."

"Most of the information remained within the database until brought to SIRC."

As well, SIRC learned that CSIS told the federal Court and the minister of public safety that all of the taxpayer information obtained without a warrant had been deleted from its operational database.

That was not the case.

"In fact, most of the information remained within the database until brought to CSIS's attention by SIRC," the report states.

Substandard practices

The oversight body has told CSIS to address its "substandard" managerial and communication practices in the specific regional CSIS office, admit its error to the federal court and public safety minister, and disclose what happened to the privacy commissioner.

CSIS
A report by the office that oversees CSIS has found that officers within the spy agency on "multiple" occasions improperly accessed confidential taxpayer information from Canada Revenue Agency.

While it couldn't come up with specific suggestions on how to prevent this from happening again — other than more training — SIRC suggests the spy agency conduct an internal review of the flow of information from CRA every five years.

Public Safety Minister Ralph Goodale released a statement Thursday in response to the tabling of the SIRC report.

"We believe more can be done to strengthen scrutiny, and the government is currently developing legislation that will strengthen our system of accountability for national security."

For its part, CSIS said it will toughen up its compliance-reporting regime and that in "the interest of full transparency," it will tell the court and minister exactly what happened.

As for informing the privacy commissioner, the report states that CSIS has already done so.

Canada's electronic spy agency stops sharing some metadata with partners - CBC News 20160128

Canada's electronic spy agency stops sharing some metadata with partners - CBC News 20160128

Commissioner says certain information wasn't being properly protected in Canada before sharing took place.

Media placeholder
Goodale: government undertaking complete review of security intelligence framework.

The Communications Security Establishment, Canada's electronic spy agency, has stopped sharing certain metadata with international partners after discovering it had not been sufficiently protecting that information before passing it on.

Defence Minister Harjit Sajjan says the sharing won't resume until he is satisfied that the proper protections are in place. Metadata is information that describes other data, such as an email address or telephone number, but not the content of a given email or recording of a phone call.

The issue is disclosed in the annual report of CSE commissioner Jean Pierre Plouffe, which was tabled in the House of Commons Thursday morning.

"While I was conducting this current comprehensive review, CSE discovered on its own that certain metadata was not being minimized properly," Plouffe explained in the report.

"Minimization is the process by which Canadian identity information contained in metadata is rendered unidentifiable prior to being shared …."

Question Period 20160125
Defence Minister Harjit Sajjan answers a question during Question Period in the House of Commons on Parliament Hill in Ottawa.

"The fact that CSE did not properly minimize Canadian identity information contained in certain metadata prior to being shared was contrary to the ministerial directive, and to CSE's operational policy."

Canada's Five Eyes partners, with which data is sometimes shared, are the United States, Australia, New Zealand and the United Kingdom.

The report also noted that "the metadata ministerial directive lacks clarity regarding the sharing of certain types of metadata with Five Eyes partners, as well as other aspects of CSE's metadata activities."

Plouffe goes on to say that the ministerial directive is unclear about key aspects of how CSE collects,uses and discloses metadata, and does not provide clear guidance for how CSE's metadata activities are undertaken, recommending the agency ask for a new directive to provide better guidance.

In a statement, Sajjan says the "metadata in question … did not contain names or enough information on its own to identify individuals" and that "taken together with CSE's suite of privacy protection measures, the privacy impact was low."

He added: "I am reassured that the commissioner's findings confirm the metadata errors that CSE identified were unintentional, and am satisfied with CSE's proactive measures, including suspending the sharing of this information with its partners and informing the Minister of Defence."

Sajjan said CSE won't resume sharing this information with Canada's partners until he is fully satisfied the effective systems and measures are in place."

Speaking to reporters on Parliament Hill, Sajjan did not specify what sort of metadata had been shared and said officials could not review the data to determine how many people might have been impacted without violating privacy laws.

Appearing alongside Sajjan, Public Safety Minister Ralph Goodale noted that the federal government is in the process of reviewing its security intelligence operations and is committed to introducing new parliamentary oversight of intelligence agencies.