Tag Archives: The Globe and Mail

Freeze, Colin and Braga, Matthew - Surveillance device used in prison sets off police probe - The Globe and Mail 20160314

Freeze, Colin and Braga, Matthew - Surveillance device used in prison sets off police probe - The Globe and Mail 20160314

Surveillance device used in prison sets off police probe

Federal prison authorities are under criminal investigation for possible illegal surveillance, The Globe and Mail has learned. The probe centres on Correctional Service Canada’s use of a dragnet surveillance device inside a penitentiary.

Fallout from the 2015 surveillance incident, involving a device that CSC officials called a “cellular grabber,” has led to a lawsuit from jail guards and a criminal inquiry by the Ontario Provincial Police.

Under the Criminal Code, indiscriminate surveillance campaigns can be deemed crimes that merit prison sentences. Federal security officials do not get blanket exemptions, even if they themselves work to manage prisons.

The case at hand started with a desire to locate prisoners’ contraband cellphones, but ended up with a warden apologizing to his own staff for inadvertently spying on them.

The make and model of the device in question are being withheld from the public, which generally is familiar with such machines by names such as “Stingrays,” “cell-site simulators” or “IMSI catchers.”

“IMSI catchers are not localized. It would get anything that’s in range and won’t discriminate,” explained Tamir Israel, a lawyer at the Canadian Internet Policy and Public Interest Clinic.

On Monday, The Globe and Mail reported on the RCMP’s courtroom bid to keep its use of a similar device secret.

In the winter of 2015, officials at Warkworth Institution, a medium-security prison in Ontario, grew alarmed by prisoner drug overdoses. On Jan. 20, one CSC official sent an internal e-mail, according to federal court documents related to the civil suit, saying “there are phones all over the institution and this is how they are organizing the introduction of contraband.”

Officials in Ottawa, records show, put out a request for an outsider who could perform “surveys of radio traffic” to “confirm the presence of cellular phones inside institutions.” The winning contractor, according to federal court documents, was a Quebec-based engineer named Peter Steeves, who said he could do the job for $7,500 in fees, plus $2,000 in travel expenses.

Contacted Monday by The Globe and Mail, Mr. Steeves said he is no expert in the legalities of interception. “I’m just a guy trying to make a living – I really don’t know the law,” he said. Asked about the police probe, he said, “I know I have to go for an interview. I have been told it’s a criminal investigation.”

Access to information records show that last April, a device was shipped to CSC from Florida. Details are mostly being withheld, but it weighed 38 kilograms and its manufacturer was a Britain-based surveillance-machinery firm, Smith Myers.

The “pilot program” at the Warkworth Institution started rolling out in the late spring. By August, CSC officials arranged an internal meeting to review the “cellular grabber to better understand its capacity,” according to an e-mail now filed in court. Officials wanted to know “how to force” a phone to communicate its specific location, or how to list phones on a map of the prison.

Before long, CSC officials began asking for even more specifics – such as how to figure out whether phones were sending texts or calls. On Sept. 3, one official asked for the “total activities of cellular devices from inmates, staff …”

Prison guards learned of the program, and pushed back. “How does this device bend a radio signal … to eliminate the inclusion of staff areas?” one guard asked in an e-mail to his bosses.

By the end of September, Warkworth’s warden, Scott Thompson, sent an apologetic e-mail to all staff, according to access to information records. “Unfortunately, I knew that by trying to intercept what the inmates were doing, I would also be provided information about cellular devices being used in non-inmate areas,” his e-mail said. The warden relayed that the device “provides make, phone numbers and sim-card numbers” and, also, “recorded all voice and text conversations.”

With that, he assured his jail guards that any of their inadvertently captured communications wouldn’t be used against them. “I am sorry if this information causes stress to any of you,” he said.

Some CSC e-mails contradict the warden, stating explicitly that the device did not capture any conversations beyond three text messages intercepted in a bid used to showcase its capabilities. (On Monday, the contractor, Mr. Steeves, told The Globe that the device “does not capture voice at all.”)

At the end of October, the Union of Canadian Correctional Officers took their bosses to court. In a lawsuit, they complained their their privacy rights had been violated – and that CSC had spied upon them.

“Look – we’re all about getting the contraband out. We’re in. If there’s technology to do that, we’re there,” explained Jason Godin, a union vice-president in an interview. “But, God damn it,” he said, “… you can’t spy on private conversations of staff members.”

Mr. Israel suggests that the correctional officials who acquired the device were likely operating in a legal vacuum.

“Because no agency to my mind has openly acknowledged to using these in court, no court has provided guidance as to what the [legal] authorities should be,” he said. Some federal officials, he added, “may be under the impression they can just deploy these IMSI catchers without any authorization at all.”

CSC officials have recently stopped giving statements to lawyers pursuing the civil suit. According to Federal Court filings, that’s because they have become worried to have learned there is now also a criminal probe.

“The Ontario Provincial Police is currently conducting a criminal investigation into the monitoring of cellphones at Warkworth Institution,” reads a motion filed earlier this month. Because OPP detectives are now interviewing CSC officials, the latter “have significant concerns about providing affidavits while an investigation is under way.”

Spokespersons for the OPP and CSC won’t comment on the specifics of the investigation.

Correctional officials originally defended their use of the device by saying they had “authority to monitor and intercept communications to ensure the security of institutions.” But they have stopped saying this now that they face civil and criminal investigations for alleged unlawful surveillance of jail guards.

Court filed e-mails show that, in the end, CSC seized only three contraband cellphones smuggled into Warkworth.

Documents reveal CSIS wary of Bill C-51 reforms - The Globe and Mail 20160203

Documents reveal CSIS wary of Bill C-51 reforms - The Globe and Mail 20160203

Prime Minister Justin Trudeau arrived in Ottawa promising to rein in Canada’s spies. But the bosses at the Canadian Security Intelligence Service want the Liberals to know that “robust” rules already govern their expanding operations – including their controversial, and newly legalized, disruption campaigns.

 
PDF: CSIS Director Michel Coulombe's letter of introduction to Public Safety Minister Ralph Goodale

Transition materials that CSIS provided to Public Safety Minister Ralph Goodale highlight some of the challenges from the Bill C-51 controversy last year, when Canadian spying became a political issue. The documents, which were released to The Globe and Mail, show polite CSIS pushback against some of the Liberals’ campaign pledges.

During the election, the governing Conservatives vowed to empower CSIS to fight terrorism, and cited Bill C-51, a new law that vastly increased the agency’s freedom to operate and share information, as proof that they could do it.

The NDP vowed to repeal the law, and the Liberals promised a middle course. On Nov. 4, Mr. Trudeau told Mr. Goodale in a mandate letter he should “work to repeal … the problematic elements of C-51 and introduce new legislation that strengthens accountability.”

A week later, CSIS director Michel Coulombe sent a letter of introduction, and arranged a briefing, telling Mr. Goodale his spy service operates on tight strictures, not arbitrary whims.

“Recent legislation, including an expansion of the Service’s mandate, has of course led to many changes of our policies,” Mr. Coulombe wrote. “Most recently, a robust new framework was established to govern the conduct of threat-reduction activities.”

letter and related briefing materials were released under the Access to Information Act. On Monday, Mr. Coulombe is to testify before a Parliamentary committee.

“Threat reduction” refers to the most controversial clauses of C-51, which give CSIS disruptive powers to “take measures, within or outside Canada, to reduce the threat” of any forces felt to be dangerous to national security. The law says CSIS intelligence officers cannot harm, kill or sexually assault anyone, but use of the power is otherwise open-ended.

The transition materials show CSIS officials view threat reduction as a large part of their jobs now. They assured Mr. Goodale they do not take their new responsibilities lightly. “Every effort has been made to ensure the responsible exercise … each time the Service exercises its authority.”

CSIS officials said the service lives up to its legal obligations to consult Federal Court judges, or the public-safety minister and his written directives guiding the use of disruptive powers. Internal policies, they added, require further consultation with Mounties, diplomats and the Communications Security Establishment.

“Though CSIS’s authority to investigate and respond is rooted in its own legislation, its actions are not taken in isolation and demand close collaboration with the national-security community,” the documents say. (They do not make clear if CSIS is apprising the federal partners of planned disruptions, or enlisting their help.)

The CSIS Act passed in 1984 reflected a relatively passive federal intelligence-collection agency. Agents had no powers to arrest anyone, or carry guns. Nothing explicitly enabled CSIS officers to interpose themselves in suspects’ lives beyond tapping phones or conducting interviews.

But that began to change, especially after the Sept. 11, 2001, attacks. CSIS operatives started going to places such as Afghanistan and carrying guns. Its leaders testified they started working more closely with police, and doing things that could help prevent terrorism. Some suspects began publicly complaining about CSIS officers aggressively following them or showing up to conduct interviews at workplaces.

C-51 allows CSIS officers to do all this and more. Mr. Coulombe last year told Parliament the bill could facilitate hacking operations – such as meddling with suspects’ smartphones, money movements or travel. The law does not contemplate CSIS ever disclosing such operations to suspects.

The Liberals have never spelled out how they plan to overhaul the C-51 powers. Scott Bardsley, a staffer for Mr. Goodale, said the minister is consulting with security experts for national-security reforms.

The federal government has also promised to create a Parliamentary committee where select MPs would be allowed insights into classified CSIS operations. Most Canadian lawmakers currently know nothing about the specifics of CSIS operations.

Mr. Coulombe says he is aware of a growing political appetite to shine some light on CSIS.

“The Service recognizes the current environment of heightened public interest in national security,” he said in his November letter to Mr. Goodale. He added that as “trust underpins the Service’s ability to be effective, the opportunity to contribute to this discussion is most welcome.”

Bragga, Matthew - Why Canada isn’t having a policy debate over encryption - The Globe and Mail 20160223

Bragga, Matthew - Why Canada isn’t having a policy debate over encryption - The Globe and Mail 20160223

The legal saga between Apple and the FBI has thrust encryption into the government’s policy spotlight again – but only if you live in the United States. In Canada, you could be excused for not knowing such a debate exists .

Ever since FBI director James Comey characterized the rising tide of encrypted data as “going dark” in an October, 2014 speech, American civil liberties groups, cryptographers, private companies and politicians have argued ceaselessly about encryption’s merits and the dangers of so-called backdoors.

While most acknowledge that encryption keeps vast swaths of Internet communication and services secure, there have nonetheless been calls for legislation, “golden keys” and the formation of encryption committees in response to increasingly vocal arguments that encryption is helping criminals and terrorists operate beyond the law’s reach.

Things culminated last week with the FBI’s order that Apple Inc. modify its software to make it easier for law enforcement to break the iPhone’s security protections – modifications that have been characterized as a backdoor for law enforcement, or criminals, to use again and again.

In Canada, however, policy discussions involving encryption and, more largely, police powers in the digital realm – such as cellphone tracking devices and the use of hacking tools – have been “functionally non-existent,” according to Citizen Lab researcher Christopher Parsons.

“We haven’t had the kind of debate and back and forth and public positions taken that you see in the United States, you see in the United Kingdom. We just don’t do it here,” Mr. Parsons said.

Some of the reasons are familiar. There is, for example, a comparatively smaller policy community in Canada that focuses on these issues than there is in the U.S., and a smaller amount of case law – not to mention the fact that previous governments have shown more interest in expanding police powers, rather than curtailing or even detailing them.

And if past U.S. cases are any indication, the government will just as easily benefit by staying out of the debate and piggybacking on the outcome of the FBI’s case.

“They can dodge the debate and benefit from it without having to engage in it,” said Tamir Israel, a staff lawyer with the Canadian Internet Policy and Public Interest Clinic. “And then the other side to that is they often will find quieter ways to get comparable results where they can’t directly piggyback.”

By way of example, Mr. Israel pointed to the Solicitor General’s Enforcement Standards (SGES), which outline 23 technical surveillance standards that must be followed as a condition of obtaining a wireless spectrum licence in Canada. After the U.S. passed lawful surveillance legislation called the Communications Assistance for Law Enforcement Act in the 1990s, Canada used the SGES to quietly introduce similar standards.

Although the standards were introduced in the mid-1990s and updated again in 2008, details were not made public until The Globe and Mail obtained past and current versions of the documents in 2013.

Mr. Israel pointed to a wider problem preventing a successful encryption debate in Canada: a lack of transparency surrounding the government’s position and policies. He raised cellphone tracking technology called Stingrays, or IMSI catchers, as an example. “I personally find it very hard to believe that no law enforcement agencies in Canada are using these. But we can’t even get the debate going, because we can’t get past that first step where any of them admit that they’re using them.”

The RCMP would not comment on Apple’s dispute with the FBI but said in a statement: “International police agencies are all in agreement that some ability to access evidence when judicial authorization is granted is required, recognizing that secure data and communications enables commerce and social interactions in today’s reality. These are complex challenges which the RCMP continues to study.”

The statement continued: “The RCMP encourages public discourse with Canadians as public policy continues to take shape on the issue of encryption.”

The Office of the Privacy Commissioner of Canada said in an e-mail that it was not aware of any government agencies that have proposed backdoors in Canadian companies or Internet service providers, and that it is following encryption discussions “with interest.”

When reached via e-mail, Liberal MP Robert Oliphant, who chairs the standing committee on public safety and national security, wrote that, “while encryption and backdoors are of great concern to a number of people, they have not yet surfaced as issues for our committee in its early days.”

However, he added, the committee is still “sifting through all the important issues of safety and security and will be setting our work plan shortly.”

Public Safety Canada said in a statement that it is “monitoring the ongoing debate in the U.S. and other countries on the issue of government access to encrypted data” and that “no special events related to encryption” are currently planned.

NDP MP and committee vice-chair Brian Masse, echoing Mr. Oliphant’s statement, added that any proposed legislative changes involving encryption or backdoors should be handled democratically and involve both the Privacy Commissioner and Parliament.

Meanwhile, neither the chair nor vice-chairs of the standing committee on industry, science and technology responded to a request for comment.

A small comfort, Citizen Lab’s Mr. Parsons argued, is that Canadian politicians have shown themselves to be more level-headed and avoided the sky-is-falling rhetoric of their counterparts in the U.S., where Senator Dianne Feinstein, who chairs the Senate select committee on intelligence, stated earlier this month that “an Internet connection and an encrypted message application” is all Islamic State militants need to carry out an attack.

If this issue is going to be given some weight, Mr. Parsons suggested, “committee meetings that very seriously look into this while there isn’t a terror moment, it’s the ideal way of going.”

Canada’s hacking power awes Brazilian security expert - The Globe and Mail 20131012

Canada’s hacking power awes Brazilian security expert - The Globe and Mail 20131012

Brazilian security expert Paulo Pagliusi says he is “astonished” by Canada’s hacking power.

He recently spent three hours reviewing the leaked Communications Security Establishment Canada (CSEC) slides on behalf of Brazil’s FantasticoTV program, which broadcast a report last week alleging CSEC spied on internal communications at the Brazilian Ministry of Mines and Energy (MME).

A retired navy officer-turned-chief executive for Procela IT Security Intelligence, a security-intelligence company, Mr. Pagliusi answered questions from The Globe and Mail via e-mail. The exchange has been edited.

You said that you were amazed by the “sheer power” of this attack. Can you expand on why you said this?

I was astonished by the power of these tools to infiltrate the ministry, such as the “Olympia” program from CSEC. I was especially surprised by the detailed and straightforward way in which the process is explained to intelligence agents, and how thoroughly the Brazilian ministry’s communications were dissected.

The leaked documents have also shown how the data gleaned through espionage was shared with an international spy network, named the “Five Eyes.” [An alliance of five English-speaking countries – Australia, Britain, Canada, New Zealand and the United States – to share intelligence and electronic eavesdropping is commonly known as “Five Eyes.”]

How would you describe the nature of the Olympia program?

As a result of using Olympia for infiltrating the ministry over an unspecified period, the CSEC has developed a detailed map of the institution’s communications. As well as monitoring e-mail and electronic communications, the Olympia program screens I have seen in that presentation have shown that CSEC could also have eavesdropped on telephone conversations.

The MME uses an encrypted server. What could CSEC see by getting inside it?

These MME servers use private encryption, for instance, to contact the National Oil Agency, Petrobras, Eletrobras, the National Department of Mineral Production and even the president of the Republic. CSEC could see state conversations, government strategies upon which no one should be able to eavesdrop.

What is the significance of the CSEC metadata maps showing MME communications to Saudi, Jordan, Eritrea, even Canada?

It means that CSEC has mapped a number of communications of the mentioned countries, being able to monitor e-mail and electronic communications and eavesdropping on telephone conversations.

What is the significance of the slide saying CSEC wanted to call in “TAO” for a “man on the side” operation?

Tailored Access Operations (TAO) is a cyber-warfare intelligence-gathering unit of the U.S. National Security Agency.

TAO identifies, monitors, infiltrates and gathers intelligence on computer systems. In my opinion, the author of the CSEC presentation makes the next steps very clear. Among the actions suggested, there is a joint operation with TAO for an invasion known as “Man on the Side.” All incoming and outgoing communications in the network can be copied, but not altered.

It would be like working on a computer with someone looking over your shoulder.

Do you have any theories about what precisely Canada wanted inside the MME servers?

Considering only the documents leaked by Edward Snowden, I have seen, it is not possible to conclude what precisely Canada wanted inside the MME servers.

However, the speculation it could be broad based economic trend information makes to me perfect sense. In my opinion, specific technology (i.e. “Does Brazil have tech to explore ocean fields that rest of world lacks?”) cannot be found in MME servers.

Slides reveal Canada’s powerful espionage tool - The Globe and Mail 20131019

Slides reveal Canada’s powerful espionage tool - The Globe and Mail 20131019

Security experts say that Canadian intelligence has developed a powerful spying tool to scope out and target specific phones and computers so as to better set up hacking and bugging operations.

The outlines of the technology are contained in the slides of a PowerPoint presentation made to allied security agencies in June, 2012. Communications Security Establishment Canada (CSEC) called the tool “Olympia,” showing how its analysts sifted through an immense amount of communications data and zeroed in on the phones and computer servers they determined merited attention – in the demonstration case, inside the Brazilian Ministry of Energy and Mines.

Within weeks, CSEC figured out who was talking to whom by plugging phone numbers and Internet protocol addresses into an array of intelligence databases. In this way it “developed a detailed map of the institution’s communications,” Paulo Pagliusi, a Brazilian security expert who examined the slides, told The Globe.

The slides are part of a large trove of documents that have been leaked by Edward Snowden, the former contractor with the U.S. National Security Agency (NSA) whose disclosures have set off a debate over whether the agency has improperly intruded on the privacy of Americans. Other disclosures have raised questions about its spying on foreign governments, sometimes with the assistance of allied intelligence agencies.

The Globe and Mail has collaborated with the Brazil-based American journalist Glenn Greenwald, based on information obtained from the Snowden documents. Mr. Snowden, who went into hiding in Hong Kong before the first cache of NSA documents was leaked, has been charged by the United States with espionage and theft of government property. Russia has granted him temporary sanctuary.

Canadian officials declined to comment on the slides. Responding to an e-mail requesting comment on whether Canada co-operated with its U.S. counterpart in tapping into Brazilian communications, CSEC spokesman Andy McLaughlin said the agency “cannot comment on its foreign intelligence activities or capabilities.” Prime Minister Stephen Harper said earlier this month that he is “very concerned” about reports CSEC focused on the Brazil ministry.

Any ability to sift through telecommunications data for specific leads can be valuable for electronic-eavesdropping agencies, especially the capacity to map out – without necessarily listening into – an organization’s Internet or voice communications. This, in turn, can help isolate specific devices for potential hacking operations. By developing “Olympia” as a method for doing just this, Canada added to its spymasters’ toolkit.

The PowerPoint presentation by CSEC was first reported by Brazil’sFantastico TV program, which earlier reported the NSA spying, in conjunction with Mr. Greenwald. Brazilian officials expressed outrage at the United States, but their criticism of Canada was more fleeting. They say they now intend to put public employees on an encrypted e-mail system.

The CSEC presentation – titled Advanced Network Tradecraft – described a technological reconnaissance mission aimed at the Brazilian energy ministry in April and May of 2012. According to the presentation, the agency knew very little about the ministry going in, apart from its Internet domain name and a few associated phone numbers. The presentation never makes clear CSEC’s intentions for targeting the Brazilian ministry.

The leaked slides also suggest Canada sought to partner with the NSA, with one slide saying CSEC was “working with TAO to further examine the possibility” of a more aggressive operation to intercept Internet communications.

“TAO” refers to “tailored access operations,” said Bruce Schneier, a privacy specialist for the Berkman Center for the Internet and Society at Harvard. “It’s the NSA ‘blackbag’ people.” (A “blackbag job” refers to a government-sanctioned break-and-enter operation – hacking in this case – to acquire intelligence.)

It is not clear whether CSEC or the NSA followed up with other actions involving the Brazilian ministry.

Canada’s spy watchdogs: Good, but not good enough - The Globe and Mail 20160201

Canada’s spy watchdogs: Good, but not good enough - The Globe and Mail 20160201

The tabling in Parliament this past week of the annual reports of Canada’s two spy watchdog agencies conveys a hidden message. The message is that the existing system to hold intrusive intelligence gathering agencies to account is working, in fact, it is working better than ever.

This message will please the Conservative party and may take some wind out of the sails of the Liberal government’s planned reforms. The former Harper government consistently argued that the existing review bodies, the Security Intelligence Review Committee, which keeps a watch on the Canadian Security Intelligence Service (CSIS), and the Commissioner of the Communications Security Establishment (CSE), which holds our electronic spy service to account, were all that Parliament and the Canadian public needed by way of scrutiny of our much expanded post-Sept. 11 intelligence system. The Conservatives turned a deaf ear to calls for an expanded review of intelligence during the acrimonious debate over Bill C-51, the flagship revision of the anti-terrorism laws, and derided the notion that Parliament should play a greater role.

The Liberal government has promised to create a new Parliamentary review body that will focus on security and intelligence matters and whose members will, for the first time in Canadian history, have access to classified briefings and documents. Public Safety Minister Ralph Goodale has gone further than this by indicating that the government is examining additional reforms to broaden the scope of review of Canadian intelligence activities – reforms that might involve abolishing the existing review bodies.

What do the recent annual reports tell us about the credibility of the polarized arguments about the adequacy of Canadian watchdog agencies? To be fair, both the Security Intelligence Review Committee (SIRC) and the CSE Commissioner’s Office (OCSEC) have delivered strong reports and both are emerging from earlier periods of darkness.

But the fact that the spy watchdogs have demonstrated they can do their job, does not mean, as the Conservatives would have it, that the job they do is adequate. The spy watchdogs are pre-9/11 creations, built for an era when Canadian intelligence was relatively modest in size and capabilities, when the focus was on controlling potential law breaking and scandal, and when public expectations around being informed about spy activities were even more modest. Much has changed.

The existing watchdog agencies are shackled in their ability to respond to the new realities of expanded, more complex intelligence operations, and of higher levels of public expectations around transparency. They cannot follow the “threads” that connect the interconnected world of multiple Canadian intelligence agencies beyond their remit. They remain siloed and unstrategic in their review capacity. The existing spy watchdogs are constrained by a focus on issues of legality and government authority and not able to stretch their mandates to answer key questions about effectiveness. They are shackled to secrecy laws, which limit their ability to tell the full story of what they uncover, except to those within the “ring of secrecy.” That ring of secrecy does not, at the moment, include Parliament and its standing committees. So Parliament receives reports from the review agencies that it cannot fully understand or probe. The same goes for the media.

In contemplating a reform agenda for intelligence review, the Liberals need to hold fast to their promises and their current thinking. They need to create a Parliamentary committee with access to secrets and they need to reshape an outdated independent review system. The challenge will be not to throw out babies with the bathwater. If the existing watchdog agencies are abolished in favour of a new body, a super-SIRC or Inspector General (on the Australian model), then care will have to be taken to retain the expertise of SIRC and the CSE Commissioner’s Office. If a new review body emerges with a greater emphasis on measuring performance, the questions of lawful authority must not be relegated to a distant second place. If a new Parliamentary body is to perform well, it will have to do so in concert with a new and expanded external watchdog agency, without creating a review system that overburdens spy agencies themselves. While we pursue new forms of reassurance about intelligence operations, we will still want those agencies to spy, and spy well.

Freeze, Colin - How CSEC became an electronic spying giant - The Globe and Mail 20131130

Freeze, Colin - How CSEC became an electronic spying giant - The Globe and Mail 20131130

It is known as “Camelot,” and it is believed to be among the most expensive government buildings Canada has ever built.

Next year, the analysts, hackers and linguists who form the heart of Communications Security Establishment Canada are expected to move from their crumbling old campus in Ottawa to a gleaming new, $1-billion headquarters.

It is the physical manifestation of just how far the agency has come since Sept. 11, 2001. Before those attacks, it was known as Canada’s other spy agency – an organization created to crack Communist codes more than seven decades ago, but rendered rudderless after the collapse of the Soviet Union. The agency’s biggest victory of the 1990s, insiders say, was its behind-the-scenes role in the seizure of a Spanish trawler during the Turbot Wars, a 1995 fishing dispute off the Grand Banks of Newfoundland.

But now, where it once focused on vacuuming up Russian radio signals from Arctic bases, its surveillance reach is global: Its leaders now speak of “mastering the Internet” from desktops in Ottawa. In 1999, it had a shrinking budget of $100-million a year and a staff of about 900. Today, CSEC (pronounced like “seasick” ever since “Canada” was appended to the CSE brand) has evolved into a different machine: a deeply complex, deep-pocketed spying juggernaut that has seen its budget balloon to almost half a billion dollars and its ranks rise to more than 2,100 staff.

Canadian taxpayers spent $300-million a year on the nation’s two intelligence agencies before the attacks of Sept. 11, but the bill for spying is now coming in at more than $1-billion. That’s because the Canadian Security Intelligence Service has also been bulked up into a $535-million-a-year agency, up from $180-million in 1999.

There are key differences between the agencies. CSIS’s “human intelligence” spies are like stay-at-home defencemen – they work largely in Canada to generate reports about security threats to Canada. CSEC’s “signals-intelligence” spies can go as far as their computers can take them and are afforded an open-ended curiosity to explore issues far beyond Canada’s borders.

An increase in intelligence investment was inevitable after 9/11 – no government wanted to risk a reprise of an al-Qaeda strike. Yet Canadian spending is continuing to rise, even as the terror threat arguably fades.

That kind of arithmetic is being thrown into sharp relief by the ongoing leaks from former U.S. intelligence contractor Edward Snowden, whose disclosures are spawning an unprecedented global referendum on spying. As Canada and its allies seek to bolster national security, they are raising eyebrows among defenders of personal freedom at home and risking long-term damage on the diplomatic stage.

The strains wrought by the Snowden slides are showing. This week it was reported that CSEC may have invited its closest ally, the U.S. National Security Agency, to come to Canada to spy on world leaders attending the 2010 G20 summit in Toronto.

In October, Brazil’s President accused Canada of “cyberwar” after CSEC was revealed to have spied on that country’s energy sector. That same month, a European Union summit was dominated by calls for U.S. President Barack Obama to explain why the NSA had been targeting the mobile phones of German Chancellor Angela Merkel and French Prime Minister François Hollande.

Canadian officials won’t answer questions about operations. But the opacity surrounding CSEC is high, even by the standards of Western spy agencies. Some of its key architects say the current level of secrecy is unsustainable.

‘It’s the public’s bloody money’

You don’t have to understand the technology of modern spying to grasp the motivations behind it.

“When our Prime Minister goes abroad, no matter where he goes, what would be a boon for him to know?” said John Adams, chief of CSEC from 2005 through early 2012. “Do you think that they aren’t doing this to us?”

The retired spymaster is among the agency’s biggest boosters. But in an interview with The Globe and Mail, he said even he is warming up to the idea of more outside scrutiny – or what’s called “review” in Ottawa parlance.

“What I’m saying is you either get some more review or you’re going to run out of money,” he said. “You’ve got to get the public engaged somehow. It’s the public’s bloody money. And it is getting to be not-insignificant amounts of money.”

CSEC is only going to continue to grow, said Mr. Adams, who doubled the budget from $200-million to $400-million during his seven-year run. When he headed the agency, he made a point of bringing important civil servants in for show and tells about CSEC capabilities.

“This is what we got. They said, ‘Holy … this is the best-kept secret in NATO,’ ” Mr. Adams said. “And I said, ‘Now, what you’ve given us is good – but it’s not enough. We need more.’ ”

Electronic spying is expensive. Keeping hackers out of Canadian government computer systems, running some of the world’s fastest supercomputers and storing data in bulk costs money. Mr. Adams even made a point of hiring top mathematicians, with salaries exceeding his own, so CSEC could better crack encryption.

“We wanted to play with the big boys,” said Mr. Adams, who tends to measure CSEC against the much larger NSA.

Despite the vast discrepancy in size, the relationship between the two agencies has always been very close. The partnership is so cozy that CSEC analysts in Ottawa can sift through massive databases of logged telecommunications traffic first assembled at the NSA headquarters in Fort George G. Meade, Md. – repositories with code names such as “Marina” and “EvilOlive,” according to materials seen by The Globe.

CSEC also has a hungry clientele strewn across the federal bureaucracy. An internal document obtained by The Globe names a few of the customers: “CSEC provides intelligence reporting to over 1,000 clients across government, including the Privy Council Office, DND, Foreign Affairs and International Trade, Treasury Board Secretariat, CSIS and the RCMP.”

Then there are Canada’s allies. While a relatively small collector compared to the NSA, CSEC has always tried to fill in blind spots for allies and to come up with better ways to sift through reams of raw intelligence.

“The NSA is intercepting the equivalent of four Library of Congresses every hour,” U.S. military historian Matthew Aid said. “One of the things Canada does very well is analysis.”

Since the 1940s, the two agencies have also worked closely with British, New Zealand and Australian counterparts. This is the spying collective known as “the Five Eyes.”

“Canada benefits tremendously” from this partnership, reads a CSEC PowerPoint presentation obtained by The Globe.

“It is precious,” a slide says. “Treat it with Care!”

‘I couldn’t possibly talk about it’

In Britain and the United States, committees of trusted, watchdog politicians are afforded a peek inside their surveillance machinery.

Canada has no mechanism for this.

“We’re the only country out of the Five Eyes that doesn’t have that kind of body,” said Liberal MP Wayne Easter, who this month introduced a private member’s bill for such a mechanism. (A 2005 piece of legislation for the same sort of body had broad approval, but then the Liberal government of the day fell.)

Parliament’s only insights into CSEC now come via a proxy. Since 1996, a retired judge with a small staff is cleared to look at CSEC. No laws have ever been found to have been broken, according to the annual reports submitted to Parliament.

A former top security official said the parameters may be too narrow. “All he’s asked to do is say, ‘Are they following the law?’ ” the official said. “And that’s an important question. But you have to ask yourself: Is that sufficient?”

In Britain, nine trusted parliamentarians are cleared to keep state surveillance in check. In the United States, the NSA faces scrutiny from House and Senate select committees on intelligence. Specialized judges who sit on foreign intelligence surveillance courts also vet NSA programs.

Yet the NSA is an incredibly aggressive agency. And its political masters have been known to do end runs around all the watchdogs.

For example, on March 12, 2004, U.S. President George W. Bush reined in a secret NSA Internet-metadata collection program that he had managed to keep secret for three years. He relented only after his top law enforcement officials learned of the program, deemed it illegal and threatened to resign en masse.

What many Canadians don’t know is that secretive surveillance authorizations can also happen north of the border, with the blessing of the Minister of National Defence.

Records obtained by The Globe show that on Monday, March 15, 2004 – three days after the U.S. program was peeled back – a “ministerial directive and a ministerial authorization” regarding a Canadian Internet-metadata collection program was signed in Ottawa.

Just what this program would do remains unclear. The Globe, which has previously reported on similar CSEC directives signed by later ministers, only knows about the 2004 program through a highly redacted document obtained under the Access to Information Act.

Nearly a decade later, no one will speak to the program. “Even if I remembered the full details, I couldn’t possibly talk about it,” said David Pratt, the former Liberal defence minister who signed the document.

Now a defence lobbyist with a picture of himself and former U.S. counterpart Donald Rumsfeld in his office, he won’t spill secrets.

“You swear an oath as a privy councillor on these things …”

‘CSEC had gone blind’

For several decades, the very existence of CSEC was considered classified. Canadians first learned of the spy agency in the 1970s through a TV newsmagazine exposé.

In 2001, Parliament passed the omnibus Anti-Terrorism Act that ensconced CSEC in law. The statute states that its surveillance “shall not be directed at Canadians,” but some wiggle room was quickly added – the spy agency was placed beyond criminal laws that ban the warrantless seizure of Canadian telecommunications.

So while police have to get a judge to sign off if they want to eavesdrop on a Canadian, CSEC doesn’t necessarily have to do so. Instead, the agency can get the defence minister to sign off on a spying dragnet, so long as the minister is convinced that it is being cast predominantly at foreigners. Any Canadian calls and messages that are sucked up in the process can be sorted out later.

This legal cover allowed CSEC to get into the business of “bulk” data collection. Within the agency, this was huge. In the 1990s, “CSEC had gone blind. They were deaf and dumb,” said Mr. Adams, the former chief.

The agency, he said, had risked becoming a relic because it hadn’t yet figured out how to spy on the Internet without breaking laws.

“They couldn’t monitor Osama bin Laden in 1999 … they didn’t know that they were not going to hit a Canadian,” he said. “And if they would have hit a Canadian, they would have gone to jail.”

The Anti-Terrorism Act also formalized an arrangement where other federal security agencies could enlist CSEC’s unique skills to advance domestic investigations. Records obtained by The Globe show that CSEC now gets 70 to 80 such requests each year, from the RCMP, CSIS and other agencies.

This week it was revealed that a Federal Court judge has ruled CSIS “breached its duty of candour” in enlisting CSEC for one such case. The issue appears to be that the court was not told that CSEC’s Five Eyes allies would be brought in on the case, an international terrorism investigation focusing on two Canadian suspects. The surveillance on them lasted for a year. It’s not clear what happened to the tandem.

The future

CSEC has never had a higher profile. If recent months are any indication, there will be more Snowden leaks coming and more news about questionable spying operations run in partnership with the NSA and other Five Eyes allies.

CSEC officials decline to say anything of substance about their operations. They say only that they have never been found to have done anything unlawful.

Meantime, parliamentarians are raising questions about CSEC. Out West, the British Columbia Civil Liberties Association is suing CSEC for alleged illegal search and seizure. The lawsuit – the first of its kind – threatens to crack open key details about CSEC’s activities.

For critics, this all adds up to a good thing. “It’s up to the government and up to courts and up to citizens to ensure there are adequate measures in place to ensure some degree of accountability and transparency,” said Steven Penney, a University of Alberta law professor. “If we are going to have a new paradigm … then we ought to have a debate about that – and that hasn’t occurred.”

For his part, Mr. Adams said there are places for proper debates – mostly behind closed doors. “You can’t have the debate in the public. The best you could hope for is if you have a [parliamentary] review committee – it’s been talked about for 10 years.”

Maybe it’s time to do more than talk, he said. “How do you get that debate? You get that, I hope, by clearing people, so you can actually tell them what the hell is going on.”

CSEC by the numbers

$96.3-million – CSEC’s budget in 1999

$460.9-million – CSEC’s budget in 2013

900 – Number of employees in 1999

2,124 – Number of employees in 2013

1,000+ – Number of “clients” in the civil service cleared to read CSEC material

59 – Minimum number of CSEC “ministerial authorizations” signed since 2001

69 to 80 – Requests for legal assistance received annually by CSEC from other federal agencies

$15-billion – Combined budget of the “Five Eyes” signals-intelligence agencies

Sources: Lux Ex Umbra blog, Globe and Mail Access to Information files, BCCLA lawsuit

Freeze, Colin - Canada’s spy agencies chastised for duping courts - The Globe and Mail 20131220

Freeze, Colin - Canada’s spy agencies chastised for duping courts - The Globe and Mail 20131220

Canada’s spy agencies have deliberately misled judges to expand their eavesdropping powers unlawfully, a newly released ruling says.

In a rebuke to Canadian counter-terrorism practices, the 51-page ruling says federal agencies are wrongly enlisting U.S and British allies in global surveillance dragnets that risk harming Canadian terrorism suspects and could expose government agents to criminal charges. On the advice of watchdog agencies, the judge was reconsidering a 2008 decision to expand the wiretapping reach of Canadian intelligence services.

At issue are the actions of the Canadian Security Intelligence Service and Communications Security Establishment Canada. The two agencies have shared information with allied agencies on their investigations of Canadian citizens done under the expanded powers – but never told the court they were going to do so.

Federal Court Judge Richard Mosley said he and other judges have fallen victim to “a deliberate decision to keep the court in the dark.” His written ruling, released on Friday, was summarized last month in a statement, but national-security experts say only the full version communicates the depths of his disgruntlement.

“A decision was made by CSIS officials … to strategically omit information in [warrant] applications … about their intention to seek the assistance of the foreign partners,” Judge Mosley writes.

He adds that the Federal Court never authorized any international intelligence exchanges, and likely would not have approved some warrant applications if it had known about the practice.

Judge Mosley said his court has no legal power to authorize CSIS “to request that foreign agencies intercept the communications of Canadian persons travelling abroad either directly or through the agency of CSEC.”

Without any legal cover, CSIS “incurs the risk that targets may be detained or otherwise harmed as a result of the use of the intercepted communications by the foreign agencies.”

The 2008 decision authorized an eavesdropping partnership allowing CSIS, the domestic-intelligence agency, to expand global wiretapping with the help of CSEC, the foreign-intelligence electronic-eavesdropping agency.

Craig Forcese, a University of Ottawa law professor called the ruling a “significant chastisement.”

He said the court is rightly worried investigations authorized after the 2008 ruling could have endangered people.

“Imagine a circumstance where CSIS says, ‘We’ve got concerns about these Canadians overseas and we’d like you to intercept their communications,’” Mr. Forcese said. “… And the [U.S. Central Intelligence Agency] decides it’s time for a Predator drone …”

The Federal court has allowed CSIS and CSEC – which have different powers and mandates – to team up more than 35 times. But this year, watchdog agencies told Judge Mosley Australia, Britain, New Zealand and the United States were briefed on the probes.

Deibert, Ronald - Now we know Ottawa can snoop on any Canadian. What are we going to do? - The Globe and Mail 20140130

Deibert, Ronald - Now we know Ottawa can snoop on any Canadian. What are we going to do? - The Globe and Mail 20140130

Since June, 2013, a steady stream of revelations from Edward Snowden has shed light on a vast U.S.-led surveillance system. While there have been several important Canadian-related revelations, none has raised clear issues of potential unlawfulness. That is, until now.

A “Top Secret” presentation obtained by the CBC from the Snowden cache, which I reviewed in detail, outlines the indiscriminate and bulk collection and analysis of Canadian communications data by the Communications Security Establishment of Canada (CSEC). Assuming the documents are legitimate, it is difficult not to reach the conclusion that these activities constitute a clear violation of CSEC’s mandates and almost certainly of the Charter of Rights and Freedoms.

The CSEC presentation describes ubiquitous surveillance programs clearly directed at Canadians, involving data associated with Canadian airports, hotels, wi-fi cafes, enterprises and other domestic locations. The presentation outlines the challenges of discerning specific internet addresses and IDs associated with users within the universe of bulk data, paying special attention to challenges involving the movement of people through airports. It outlines results of experiments undertaken at a medium-sized city airport, which could possibly mean Calgary or Halifax, and which includes observations at “other domestic airports,” “hotels in many cities” and “mobile gateways in many cities.” Observations are made with detailed graphs of specific patterns of communications, noting differences as to how individuals communicate upon arrival and during departure, how long they spend in transit lounges, wi-fi cafes, hotel visits and even places of work. The objectives, the presentation says, are to separate the “needle from the haystack” – the haystack being, of course, all of us.

The presentation specifies that at least some of the bulk data from these locations was obtained through the cooperation of what’s only described as a “Canadian Special Source,” which is likely a Canadian telecommunications provider. If so, such revelations would make a mockery of Canadian carriers advertising their services as a “safe haven” from the snooping U.S. National Security Agency. From an accountability and oversight point of view, moving data hosting from the United States to Canada is like moving from a dimly lit cave to a pitch-black tunnel at the back of the cave.

What’s this mean for Canadians? When you go to the airport and flip open your phone to get your flight status, the government could have a record. When you check into your hotel and log on to the Internet, there’s another data point that could be collected. When you surf the Web at the local cafe hotspot, the spies could be watching. Even if you’re just going about your usual routine at your place of work, they may be following your communications trail.

Ingenious? Yes. Audacious? Yes. Unlawful? Time for the courts to decide. With regard to recent revelations, Canadian government officials have strenuously denied doing what is clearly described in this presentation. On 19 September 2013, CSEC chief John Forster was quoted by the Globe and Mail saying “CSEC does not direct its activities at Canadians and is prohibited by law from doing so.” In response to a lawsuit launched by the British Columbia Civil Liberties Association against the Government of Canada, CSEC admitted that there “may be circumstances in which incidental interception of private communications or information about Canadians will occur.” Only in Orwell-speak would what is contained in these presentations be described as “incidental” or “not directed at Canadians.” Then again, an Orwellian society is what we are in danger of becoming.

The revelations require an immediate response. They throw into sharp relief the obvious inadequacy of the existing “oversight” mechanism, which operates entirely within the security tent. They cast into doubt all government statements made about the limits of such programs. They raise the alarming prospect that Canada’s intelligence agencies may be routinely obtaining data on Canadian citizens from private companies – which includes revealing personal data – on the basis of a unilateral and highly dubious definition of “metadata” (the information sent by cellphones and mobile devices describing their location, numbers called and so on) as somehow not being “communications.” Such operations go well beyond invasions of privacy; the potential for the abuse of unchecked power contained here is practically limitless.

We live in a world of Big Data and the Internet of Things, our lives turned inside out. We leave a vast digital trail of intimately revealing metadata around us wherever we go. Allowing the state to have access to all of it is incompatible with a free and democratic society. The question now for Canadians to collectively address is what are we going to do about it?