Touring the digital through type

Category: Intelligence (Page 1 of 5)

Review: Top Secret Canada-Understanding the Canadian Intelligence and National Security Community

Canadian students of national security have historically suffered in ways that their British and American colleagues have not. Whereas our Anglo-cousins enjoy a robust literature that, amongst other things, maps out what parts of their governments are involved in what elements of national security, Canadians have not had similar comprehensive maps. The result has been that scholars have been left to depend on personal connections, engagements with government insiders, leaked and redacted government documents, and a raft of supposition and logical inferences. Top Secret Canada: Understanding the Canadian Intelligence and National Security Community aspires to correct some of this asymmetry and is largely successful.

The book is divided into chapters about central agencies, core collection and advisory agencies, operations and enforcement and community engagement agencies, government departments with national security functions, and the evolving national security review landscape. Chapters generally adhere to a structure that describes an agency’s mandate, inter-agency cooperation, the resources possessed and needed by the organization, the challenges facing the agency, and its controversies. This framing gives both the book, and most chapters, a sense of continuity throughout.

The editors of the volume were successful in getting current, as well as former, government bureaucrats and policymakers, as well as academics, to contribute chapters. Part One, which discusses the central agencies, were amongst the most revealing. Fyffe’s discussion of the evolution of the National Security Intelligence Advisor’s role and the roles of the various intelligence secretariats, combined with Lilly’s explanation of the fast-paced and issue-driven focus of political staffers in the Prime Minister’s Office, pulls back the curtain of how Canada’s central agencies intersect with national security and intelligence issues. As useful as these chapters are, they also lay bare the difficulty in structuring the book: whereas Fyffe’s chapter faithfully outlines the Privy Council Office per the structure outlined in the volume’s introduction, Lilly’s adopts a structure that, significantly, outlines what government bureaucrats must do to be more effective in engaging with political staff as well as how political staffers’ skills and knowledge could be used by intelligence and security agencies. This bifurcation in the authors’ respective intents creates a tension in answering ‘who is this book for?’, which carries on in some subsequent chapters. Nonetheless, I found these chapters perhaps the most insightful for the national security-related challenges faced by those closest to the Prime Minister.

Continue reading

SIGINT Summaries Update: Covernames for CSE, GCHQ, and GCSB

Today I have published a series of pages that contain covernames associated with the Communications Security Establishment (CSE), Government Communications Headquarters (GCHQ), and Government Communications Security Bureau (GCSB). Each of the pages lists covernames which are publicly available as well as explanations for what the given covernames refers to, when such information is available. The majority of the covernames listed are from documents which were provided to journalists by Edward Snowden, and which have been published in the public domain. A similar listing concerning the NSA’s covernames is forthcoming.

You may also want to visit Electrospaces.net, which has also developed lists of covernames for some of the above mentioned agencies, as well as the National Security Agency (NSA).

All of the descriptions of what covernames mean or refer to are done on a best-effort basis; if you believe there is additional publicly referenced material derived from CSE, GCHQ, or GCSB documents which could supplement descriptions please let me know. Entries will be updated periodically as additional materials come available.

 

Citizen Lab and CIPPIC Release Analysis of the Communications Security Establishment Act

The Fifth Eye by Dustin Ginetz (CC BY-NC-SA 2.0) https://flic.kr/p/id9KHn

It’s with real pleasure that I can announce that the Citizen Lab and the Canadian Internet Policy & Public Interest Clinic (CIPPIC) have collaborated to produce a report which provides timely legal analysis, political context, and historical background on the Communications Security Establishment Act and related provisions in Bill C-59 (An Act respecting national security matters), First Reading (December 18, 2017).  We hope that this resource will help members of parliament, journalists, researchers, lawyers, and civil society advocates engage more effectively on the issues at stake. Our report represents an analysis of the legislation as it enters political debate in Canada, and should be understood in the context of a rapidly evolving legal and political landscape.

The Communications Security Establishment (“the CSE” or “the Establishment”) is Canada’s national signals intelligence and cybersecurity agency. In the course of our analysis, we summarize the CSE’s mandate, activities, operations, and powers, with an emphasis on their potential implications for human rights and global security. We also offer a series of recommendations which, if adopted, would ensure a more legally sound framework for the CSE, better protect global security interests in a rapidly changing technological environment, and more effectively account for Canada’s domestic and international human rights obligations.

In Section I, we provide a brief overview of the CSE’s current mandate and certain controversial activities undertaken as part of that mandate. We also provide a high-level overview of Bill C-59 and its primary implications for the CSE.

In Section II, we undertake a detailed analysis of key issues arising from Bill C-59 related to the CSE, focusing on aspects with the most critical implications for human rights, political transparency, and global security. In particular, some of the issues we highlight in the legislation relate to:

  • Longstanding problems with the CSE’s foreign intelligence operations, which are predicated on ambiguous and secretive legal interpretations that legitimize bulk collection and mass surveillance activities. These activities both attract Charter protections and engage Canada’s human rights obligations.
  • The complete lack of meaningful oversight and control of the CSE’s activities under the proposed active and defensive cyber operations aspects of its mandate.
  • The absence of meaningful safeguards or restrictions on the CSE’s active and defensive cyber operations activities, which have the potential to seriously threaten secure communications tools, public safety, and global security.
  • The absence of meaningful safeguards or restrictions on the CSE’s activities more generally. As drafted, the CSE Act appears to include a loophole which would allow the Establishment to cause death or bodily harm, and to interfere with the “course of justice or democracy,” if acting under its foreign intelligence or cybersecurity powers while prohibiting these outcomes under its new cyber operation powers.
  • The risk that the CSE’s cybersecurity and assurance operations for the federal government could threaten independence of the courts or the separation of powers.
  • Concerns regarding the framework for the CSE’s acquisition of malware, spyware and hacking tools, which may legitimize a market predicated on undermining and subverting, rather than strengthening, the security of the global information infrastructure.
  • Serious issues related to the CSE’s provision of technical and operational assistance to other entities—including Canadian law enforcement—which may lead the CSE to proffer capabilities that would otherwise be illegal or unconstitutional for domestic partners to develop, use or possess, or which would be inherently disproportionate if deployed in those contexts (e.g., in policing operations).
  • Potential issues with the National Security Intelligence Review Agency’s ability to access foreign-provided information, and the risk of regulatory capture through its hiring policies.
  • Serious shortcomings—both legal and practical—in the role of the Intelligence Commissioner, which does not resolve the constitutional challenges surrounding the current CSE Commissioner or the constitutionality of the CSE’s activities more generally.
  • The Intelligence Commissioner’s inability to exercise meaningful and comprehensive oversight and control over the CSE’s activities (including its most problematic activities) due to an under-inclusive mandate, issues of independence, and insufficient powers of a quasi-judicial nature.
  • Weak and vague protections for the privacy of Canadians and persons in Canada, alongside an abject disregard for privacy rights as an international human rights norm.
  • Extraordinary exceptions to the CSE’s general rule against “directing” activities at Canadians and persons in Canada significantly expand the CSE’s ability to use its expansive powers domestically.
  • A general failure to recognize that the highly interconnected and interdependent nature of the global information infrastructure means that protections or limits on the CSE’s powers that begin and end at national boundaries are insufficient to protect Canada’s security interests.
  • Deep tensions at the core of the CSE mandate, which requires the Establishment to both protect and defend against security threats while simultaneously exploiting, maintaining, and creating new vulnerabilities in order to further its foreign intelligence agenda. These tensions are exacerbated by the introduction of new offensive powers and the two new aspects of its mandate.
  • A lack of legal clarity regarding how, when, and whether vulnerabilities discovered by the CSE are disclosed to vendors or the public, and how the CSE accounts for the public interest in the process.
  • The lack of oversight or reporting requirements for “arrangements” with equivalent agencies to the CSE in foreign jurisdictions. There is a risk that these partnerships could involve receipt of information derived from torture or other activities that would be unlawful or unconstitutional if conducted by a Canadian agency.

In Section III, we summarize recommendations emerging from our analysis for committee members and other members of Parliament studying the proposed CSE Act. In particular, we make recommendations to improve systems of review, oversight, and control of the CSE and to constrain the CSE’s ability to engage in activities that are problematic, abusive, unconstitutional, or in violation of international human rights norms.

Download a copy of “Analysis of the Communications Security Establishment Act and Related Provisions in Bill C-59 ( An Act respecting national security matters ), First Reading (December 18, 2017)

Horizontal Accountability and Signals Intelligence: Lesson Drawing from Annual Electronic Surveillance Reports

‘Radome at Hartland Point’ by shirokazan (CC BY 2.0) at https://flic.kr/p/dfn9ei

Adam Molnar and I have a new paper on accountability and signals intelligence, which we will be presenting at the Security Intelligence & Surveillance in the Big Data Age workshop. The workshop will be held at the University of Ottawa later this month as part of the Big Data Surveillance partnership project that is funded by the Social Sciences and Humanities Research Council of Canada.

The paper focuses exclusively on the mechanisms which are needed for civil society actors to evaluate the propriety of actions undertaken by signals intelligence agencies. In it, we argue that Canada’s foreign signals intelligence agency’s public accountability reporting might be enhanced by drawing on lessons from existing statutory electronic surveillance reporting. Focusing exclusively on Canada’s signals intelligence agency, the Communications Security Establishment (CSE), we first outline the relationships between accountability of government agencies to their respective Ministers and Members of Parliament, the role of transparency in enabling governmental accountability to the public, and the link between robust accountability regimes and democratic legitimacy of government action. Next, we feature a contemporary bulk data surveillance practice undertaken by Canada’s signals intelligence agency and the deficiencies in how CSE’s existing review body makes the Establishment’s practices publicly accountable to Parliamentarians and the public alike. We then discuss how proposed changes to CSE oversight and review mechanisms will not clearly rectify the existing public accountability deficits. We conclude by proposing a principle-based framework towards a robust public accountability process that is linked to those underlying domestic and foreign statutory electronic surveillance reports.

A copy of our paper, titled, “Horizontal Accountability and Signals Intelligence: Lesson Drawing from Annual Electronic Surveillance Reports,” is available at the Social Sciences Research Network as well as for download from this website.

« Older posts