ATIPs

This page includes links to various Access To Information and Privacy (ATIP) requests that I have received or obtained over the past several years. Each link, unless otherwise indicated, is to a locally hosted .pdf of the relevant ATIP. In some cases I indicate what is notable about a given ATIP or the language of the original request and, where possible, dates associated with the released records.

  1. Canadian Security Intelligence Service
  2. Communications Security Establishment (CSE)
  3. Department of Justice
  4. Department of National Defence
  5. Employment and Social Development Canada
  6. Global Affairs Canada
  7. Immigration, Refugees and Citizen Canada
  8. Innovation, Science and Economic Development Canada
  9. Office of the Communications Security Establishment Commissioner
  10. Office of the Privacy Commissioner of Canada
  11. Privy Counsel Office
  12. Public Safety Canada
  13. Royal Canadian Mounted Police
  14. Shared Services Canada
  15. Transport Canada
  16. Treasury Board of Canada

Canadian Security Intelligence Service

  • A-2021-364: All internal emails between senior CSIS officials from January 1, 2019 to January 1, 2020 regarding Russian foreign interference in Canada. This ATIP package only includes the 2018-2019 Annual Report to the Minister on Operational Activities, and is classified at the Top Secret/Canadian Eyes Only (CEO) level. It provides a highly-redacted discussion of the kinds of threats that CSIS identified and engaged with, as well as suggesting there are some kinds of issues associated with Canadian Extremist Travellers, s.16 challenges. The report documents the number of briefs or reports which were issued in alignment with various issue areas covered by CSIS and, also, denotes the number of security screening requests, and by type of request, during the period; it does not, however, provide information about the number of requests which were met. Page 57 reveals that CSIS had 311 s. 17(1)(b) agreements with 158 countries and territories, though redacted the number of active, dormant, restricted, restricted/dormant, or abeyance agreements. Finally, pages 58-63 provide a listing of many of CSIS’ domestic arrangements with federal agencies and provinces/provincial bodies. Of note, those agreements with the CSE include: Regarding s. 14 information (dated 2007-01-12), Regarding s. 16 information (1990-11-02), Regarding s. 12 information (1990-11-01), as well as Framework document; information sharing, intelligence collection and operational support (2011-12-14), Annex to the Framework MOU regarding certification & accreditation of facilities and systems processing SIGINT (2012-04-22), Annex 2 to the s. 12 MOU regarding s. 12.1 information (2016-06-13), and Addition of Annex B to the CSE Framework document: Integrated Internal Services initiative (2016-07-14).
  • A-2021-327: Copies of all CSIS and ITAC intelligence reports and briefs since June 1, 2020 to December 7, 2020 on security and the COVID-19 pandemic. This set of documents includes CSIS’s weekly newsletter as well as extensive discussions of the national security threat levels, and internal media bulletins, as well as specific analytic reports on ideologically motivated violent extremism. Documents also disclose the perceive threats to aviation security as a result of the COVID-19 pandemic. Of note, on page 15 under “Cyber” CSIS stated “there may be a heightened likelihood of a cyber attack impacting the Canadian electricity sector, given the connections between US and Canadian power grids. Moreover, Canadian allies in the United Kingdom and the United States have noted the presence of Russian state-sponsored actors on Internet infrastructure— including routers, switches and firewalls — which can be used to impact industrial control systems.”
  • A-2021-256: This is a re-release of an ATIP request from which the Globe and Mail article was written involving CSIS presentations to Universities in Canada, the association of CIO’s of Canadian Universities, and biopharma labs and agencies involved in the supply chain from April 2020 to June 2021, warning of international espionage. Page 3 makes it clear that CSIS is warning of ‘non-traditional intelligence collectors’ which include, “people without formal intelligence training but with a particular subject matter expertise such as businesspeople, scientists, researchers, and even students. These individuals know what is valuable and they are able to operate in business and research environments without raising suspicions.” Such individuals “can also be vulnerable to state demands if they return to an authoritarian country with a disregard for intellectual property rights and patents” and, moreover, there is a risk that universities “may unwittingly invite these non-traditional collectors into your front door, as you pursue business arrangements or R&D collaborations.”
  • A-2021-164: Please provide the following document: CSIS, Foreign Threats to Canadian Science and Technology. Aside from the title and classification (Secret//CEO) this document is entirely redacted.
  • A-2021-060: All records for the period between January 1, 2013 and April 29, 2021 related to the use (or potential use) of big data, big data analysis, algorithmic decision-making, algorithmic analytics, algorithmic analysis, predictive analytics, predictive analysis, and/or machine learning for the purpose of assessing or making determinations related to “risk of immigration and refugee applicants to Canada.”
  • Summaries of the US Senate Report on Examining the U.S. Capitol Attack and the US National Strategy for Countering Domestic Terrorism, and CSIS Considerations. This ATIP includes detailed discussion of sought-after powers for CSIS on page 4. Powers discussed include access to basic subscriber information, sharing classified information with law enforcement agencies, and possessing tools that enable the identification and disruption of IMVE-related threat actors operating online while simultaneously protecting Canadians’ privacy. Dated July 29, 2021.
  • A-2020-611: Speaking notes, briefing notes, communications and reports pertaining to CSIS monitoring of international students, student associations and universities with an emphasis on monitoring of Chinese, Russian, or Muslim students from January 1 2010 to March 22, 2020. This includes a 2019 memorandum entitled “Update on CSIS engagement with Muslim students” that followed from a CBC News story about Muslim university students being contacted by CSIS officers, and the issue within CSIS was heightened by an op-ed by two Toronto-based lawyers who wrote an op-ed that reinforced the CBC story’s narrative. In a subsequent meeting, where the lawyers explained to CSIS that students were discouraged from contacting lawyers, CSIS’ memorandum asserts the “CSIS assured the lawyers that the Service does not counsel individuals to avoid seeking legal advice.”
  • A-2020-462: All threat assessments/reports from July 1, 2020 to present that mention QAnon conspiracy, Proud Boys or other far-right groups and their presence in Canada or on social media. This has a number of internal threat reports associated with violence in the United States or Canada, though perhaps the most interesting element of this ATIP is in a report finishing the ATIP package entitled “White Supremacist/Neo-Nazi Women: Canadian Implications” that provides a detailed account of the role of women in supporting and promoting this ideology online. The only Canadian woman mentioned in the report is Laura Southern.
  • A-2020-390: Obtain a list of briefing notes received by the Director of CSIS or sent to the minister responsible for CSIS for the period from October 20, 2020 to December 13, 2020. This package release is 8 pages long and includes lists of all the briefings the Director was involved in. Notable ones include altering a s. 17(1)(b) foreign arrangements, Draft 2019-2020 Annual to the Minister on Operational Activities, Memorandum to Minister – Warrant Issues, and Min Memo – Renewal of Classes of Acts or Omissions.
  • A-2020-370: Intelligence studies/reports/briefs produced by CSIS in March 2020 and April 2020 on the coronavirus/COVID-19. This ATIP package includes regular CSIS reports which highlight issues or threats, broadly, around the world. These threats are not exclusively linked to the coronavirus and, in fact, generally address other threat-related activities.
  • A-2020-373: Copies of all CSIS and ITAC intelligence reports and briefs since June 1, 2020 on security and the COVID-19 pandemic.
  • A-2020-391: All documentation regarding geolocation and its illegal use by CSIS from the period from September 1, 2020 to December 11, 2020. This ATIP returned a copy of NSIRA’s classified (Secret) Annual report 2019-01. Of note, on page 4 is a report from NSIRA that recognizes that, “in SIRC’s review of CSIS’s use of Basic Identifying Information (BII) (SIRC Review 2018-09),3SIRC found that recent changes to the BII process brought about by Federal Court decisions have made the timely collection of BII challenging for CSIS.” Page 9 includes some mention of CSIS’ foreign station and their utility in understanding threats to Canada (though some reassurances from foreign entities hadn’t been sought or renewed since 2010). The same page makes reference to CSIS’ “practices for acquiring information from traditional and “non- traditional” Communication Service Providers (CSPs).” On page 10 we find that, “All Five-Eyes partners have faced challenges evaluating their disruption activities. SIRC found that CSIS is making efforts to improve its performance measurement, but that work remains to be done. Particular attention will have to be paid to assessing intermediate and strategic outcomes, leaving as little room as possible for subjectivity.” Notably, “SIRC found that incremental changes to Ministerial Direction and CSIS policies have collectively reduced the requirement to inform the Minister about foreign activities within Canada.”
  • A-2020-37: All CSIS and ITAC intelligence reports and briefs from January 1, 2020 to May 21, 2020 on security and the COVID-19 pandemic. This ATIP release contains dozens of weekly threat review reports from ITAC along with threat levels over the period. It is notable for identifying the issues which were surfaced through the reporting, though with a strong caveat that extensive redactions for news items tracked by ITAC were redacted across the release. The release also contains numerous CSIS Security Briefs, on topics such as conspiracy theorists, anarchists, alternative COVID-19 narratives, ideologically motivated violence and the pandemic, and more. Pages 81-90 include a high-redacted strategic briefing concerning COVID-19, labelled Top Secret, REDACTED, CSIS Eyes Only. Page 93-94 includes a high-level discussion/summary of the Nova Scotia shooter and the timeline of events reported at the time.
  • A-2019-1027: All documents related to COVID-19, PANDEMIC, VIRUS, EPIDEMIC and WUHAN for the period from December 1, 2019 to February 1, 2020. This large release contains reports and advisories concerning the COVID-19 pandemic. Of note, CSIS was updating its Pandemic Response Plan in November 2019 (Page 21), the plan itself which is dated December 2019 begins on page 35. The plan, itself, is principally concerned with a virulent flu and provides information on how the Service would respond in the face of a serious health event. The specific responsibilities of senior leadership (pages 42-47) are sometimes included and other times not (presumably due to redactions). On page 59 begins an updated April 2020 Pandemic Response Plan.
  • A-2019-675: Information pertaining to “Threat Reduction Measures” as defined in the CSIS Act, including historical examples of Threat Reduction Measures; documents relating to the approval process; examples of Threat Reduction Measures being used in combating disinformation (Especially during the recent 2019 Canadian federal election). This ATIP release includes the governing policy for conducting threat operations, and is dated June 21, 2019 and replaces s.12.1 Threat Reduction Measures (Version 2, dated 2017-11-20). While highly redacted it gives a sense of some of the processes involved in undertaking TRMs, including in exigent circumstances these operations being permissible based on verbal approval (page 8). In the accompanying FAQ, page 19 makes explicit that “the Communications Security Establishment (CSE) may assist the Service in undertaking a Threat Reduction Measure (TRM)”. Nothing in this ATIP release speaks specifically to using TRMs to address electoral interference, or mentions that such interference took place.
  • A-2018-997: Documents pertaining to Huawei and/or 5G technology. These documents include, from page 9-13, part of a slide deck that offers an introduction to 5G and its potential benefits; this may be used to understand how decision makers were informed of the capabilities of the technology as it interrelated with the Internet of Things and Artificial Intelligence. 5G was seen as an economic driver and, also, the document (Page 13) indicates that Canada was to begin planning for 6G technologies, with a recognition that Ericsson and Huawei–their Canadian divisions–were seen as leaders for domestic innovation. Dated 2018.
  • A-2018-524: A CSIS Developing Intelligence Issue document that provides brief and broad background on the positions held by opponents against the Trans Mountain Expansion project. Dated 2018.
  • A-2018-421: Documents completed from Jan. 1, 2018 to June 26, 2018 concerning potential threats to the energy industry/pipelines. Of note, on page 6 under ‘what does CSIS investigate?’: activities directed toward undermining the government of Canada by covert unlawful acts – but does not include lawful advocacy, protest or dissent, unless carried on in conjunction with espionage/sabotage/serious acts of politically, religiously or ideologically motivated violence. Dated 2018.
  • A-2018-122: Threats to the Montréal-Pierre Elliot Trudeau International Airport. This document contains a discussion of threats to Pierre-Elliot Trudeau airport. Page 4 notes that the two core threats to the airport include terrorism, as well as espionage/foreign interference. Other than noting a news report (CBC/Radio-Canada article) on detection of IMSI catchers are the airport, all espionage/foreign interference elements are redacted. Dated 2017.
  • A-2017-325. This document contains the entirety of CSIS’ advice for persons travelling outside of Canada, and generally provides security information when abroad.
  • A-2017-214: All documents created by the Forbearance Working Group, SGES working group, and forbearance program from Jan. 1 2016 to August 23, 2017. Page 3 notes that a party was making a forbearance request under the SGES on April 26, 2016 and that it was granted on July 25, 2016 (5-6). Page 20 reveals that the party that had previously requested forbearance, once again requested it in/around Feb 23, 2017. Dated 2016-2017.
  • A-2017-138: All documents produced or received by CSIS concerning what would happen to all of the data captured by devices used to intercept data and metadata from mobile devices, or any similar tool for the surveillance of cell phones or tracing tool. Per these documents, CSIS, under guidance from SIRC, was working to “further enhance feedback on the utility of IMSI operations, and based on these findings, that the 2012 internal assessments be updated to help guide the direction of this potentially promising program” (2). Per page 7, and in response to the Federal Court asserting that CSIS could not collect or retain certain technical identifiers indefinitely, the Service established new directions concerning the collection and retention of electronic identifiers. This mean that, as of Feb 13, 2017, CSIS could not use technical measures for the purpose of collecting identifiers under s.12 or s. 16 (though note: still could under s. 21), and that the retained identifiers had to be retroactively destroyed. At least some retained data which had previously been managed per DDO Directive on Long-Term Operational Data Retention, was to no longer be “considered as falling into the category of Potentially Exploitable.” Page 8-15 includes a memo pertaining to CSIS’s targeting procedures. Here, we find that there is a class of activities identified as “General Authority” which do not require a targeting authority, whereas Level 1 and Level 2 operational tools and techniques do require authorization. What is included in those levels is redacted as well as that where foreign states’ information is guiding a decision to potentially engage in targeting, CSIS is required to take into consideration the states’ or agency’s “human rights record … and the specific circumstances under which the information was obtained.” There are special rules for targeting underage individuals. Paged 16-19 includes a directive on long-term operational data retention. This is an updated directive, and adds a third kind of collected information to support the collection of non-warranted imagery and other non-warranted technical information. All data is classified as either Unpublished (that which doesn’t have intelligence value one year after collection and then destroyed, with all data defaulting ot this), Potentially Exploitable Information (which has not be Published but may be operationally relevant and thus kept per CSIS’ retention schedule) and Published (i.e. information which has been included in a report, or any data that is found relevant under s. 13, 15, or 16 of the Act; such data is subject to a formal data retention period). Page 18 explains that retention conditions do not apply to metadata or datasets that are received from a redacted source, save for that which contains solicitor-client privileged material and thus must be dealt with under CSIS’ protocols to determine if the information should be destroyed. Page 22 contains examples to explain retention and notes that if data is subject to two conditions (e.g., potentially exploitable vs published) that the longer of the two states prevails. Dated 2014-2017.
  • A-2017-90: Documents that were produced from March to June 2017 as a result of the CBC allegations on April 3, 2017 pertaining to devices known as Mobile Device Identifiers (MSI), Stingray, IMSI catcher, etc. and their use in Ottawa. On page 26 we learn that the CSIS legal department is looking to confirm/fact check CBC/Radio-Canada story, concerning IMSI Catchers. Otherwise, the released comments largely replicate CSIS ATIPs A-2017-18 and A-2017-19. Dated 2017.
  • A-2017-19: Documents from March 27, 2017 to April 6, 2017 concerning the CBC/Radio-Canada story on MDI devices (IMSI catchers) near Parliament Hill. This ATIP contains nothing of note given that the internal communications have largely been redacted. Dated 2017.
  • A-2017-18: Documents from January 1, 2016-July 20, 2017 concerning the use of MDI devices (IMSI Catchers) by Canadian security agencies. Of note, page 2 makes clear that CSIS is not always required to obtain warrants to use MDIs. On Page 14, CSIS recognises that in determining whether to use techniques like IMSI Catchers, they either rely on authority under S.12 of their Act or in a redacted situation apply for a warrant to the federal court under S.21 of their Act. Page 25 reveals that SIRC contacted CSIS for information following the release of the CBC/Radio-Canada story on IMSI Catchers near Parliament Hill and the Capital Region more generally. Dated 2017.
  • A-2016-331: All records pertaining to research and application in the field of quantum research. This is a pair of research reports, one from 2016 and the other from 2012. The 2016 report is actually written for CSE, and presumably the 2012 report for CSIS. Both are future looking forecasts, with big picture assessments of what technologies or trends might have national security implications in the future. On the whole, the reports are not particularly interesting save for how the agencies might have thought about, or planned for, future changes in society and technology. Dated 2012 and 2016.
  • A-2016-185: Threat Reduction Activities. This ATIP contains materials pursuant to “Any documents, including but not limited to, records of discussion on all strategic case management or four pillars discussions regarding threat reduction activities (TRA).”
  • Government Response to the ODAC Ruling. This 555 page ATIP includes communications following the ODAC federal court ruling. Highlights include the following. There is a transcript of for-background information provided to external CSIS stakeholders post-ODAC decision on pages 108-118. Page 159-172, in reference to the CSE Comissioner’s 2014-2015 report on the CSE, discusses how CSE cannot ascertain how much unredacted Canadian metadata was shared with 5-eyes partners, in contravention of the law (this was done unintentionally per the CSE Commissioner) (171), that FVEY partners were not asked to minimized the shared information b/c it was not believed to be sufficiently contextual to individual Canadians to raise a significant privacy concern (171), and that CSE does not clarify how long this was taking place (171-172). CSIS hold that, with regard to ODAC, “It is impossible to quantify the number of individuals linked to the associated data, much less identify personal data such as citizenship” (192) and that on page 194, “Neither metadata or associated data includes any information that could relate to content.” On page 378, when assessing the SIRC’s review of CSIS’ accessing taxpayer information without warrant, and with insufficient managerial controls, a proposed speaking point to the minister was that under SCISA no warrant would be required in the future. Between pages 398-400, CSIS outlined that ministers had received briefings, or mentions, of ODAC at least 7 times (including one verbal warning), and that while information about the legal basis of ODAC’s operations or associated data hadn’t been explicitly discussed, ODAC itself (insofar as it existed) had been raised. Page 400 includes each time CSIS could determine when a Minister or Deputy Minister had been advised. Page 445 has a sentence beginning “With these principles…”, indicates there are 2-3 major issues with how CSIS has handled the ODAC system, also suggesting that there are potential long-term consequences associated with CSIS’ handling of ODAC. Page 465 includes a discussion of CSIS’ collection of bulk datasets, and the fact that insufficient information existed to guide the lawful collection of ‘referential’ datasets, with the issue being that in at least one cases data was obtained that exceeded referentiality and thus constituted a collection (and would have required a warrant). At the time the assessment was conducted, there was “no evidence to indicate CSIS’s data acquisition program had appropriately considered the threshold of “strictly necessary” as required in the CSIS Act.” Page 467 suggests that CSIS used s.17 to establish a partnership with a foreign agency with which it lacked a formal s.17 arrangement. Broadly, much of the document includes CSIS doing the following: asserting that it needn’t notify the Federal Court regarding associated data and, upon being told that it violated its duty of candour, seeking to avoid blame by pointing to the number of times Ministers were notified, the PIA submitted to the OPC as sufficient to ‘explain’ the program to the Commissioner, etc. So it’s a document that outlines crisis communications and blame deferral. Dated 2016.
  • Project SITKA: Serious Criminality Associated to Large Public Order Events with National Implications. This document was principally created by the RCMP but was released by CSIS under provisions of the Privacy Act and/or Access to Information Act. The report summarizes RCMP intelligence gathering activities that were focused on aboriginal-rights issues, such as land claims, energy projects, and right advocacy. Dated March 16, 2015.
  • CSIS Policy: Conduct of Operations. This policy describes the Service’s stance regarding operations conducted pursuant to its national security mandate under Sections 12, 15, and 16 of the Canadian Security Intelligence Service Act (CSIS Act). It also provides additional principles and requirements that the Service and its employees will adhere to while working to achieve the commitments outlined in this policy. Notable details include a discussion that warrants are coordinated by the Warrant Acquisition Control and Requirements (WACR) unit of the DDO secretariat, which is responsible for reviewing paperwork before it is submitted to the courts. Further, under S. 15, collected data can be used for supporting S. 12 investigations, and where there is no pre-existing S.17 foreign partner agreement to share data, CSIS may share data in emergency situations without first consulting the Minister or Deputy Minister. The Deputy must be informed “as soon as possible”. Finally, “[t]he Service will weigh the need to use intrusive operational tools and techniques against potential damage to civil liberties or the activities of a Canadian Fundamental Institution (CFI). CFIs include, but are not limited to, post-secondary, political, religious and media organizations.” Dated January 10, 2014.
  • A-2012-238: All documents on terrorist and the use of cyberattacks to commit terrorist acts for the period from Nov 9 2010 to Nov 9 2012. On page 9 there is a discussion of Anonymous using SQL injections as part of their hacking tools, and page 11 discusses a proposal in an online jihadist forum to attack SCADA systems. Dated 2011-2012.
  • A-2012-088: Most recent reports concerning terrorism and extremism; foreign espionage and interference; proliferation of WMDs; cyber security and support to Canada’s Northern Strategy. On page 11 we learn that “small number of domestic extremists continue to be associated with issue-based causes such as environmentalism, anti-capitalism, anti-globalization, and far-right racism.” Further, ““Aboriginal communities across Canada remain focused on key issues such as sovereignty and outstanding land claims. At times more radical members of Aboriginal warrior societies advocate violence as a means of drawing attention to these issues.” On pages 12-24, there is a discussion of vulnerable computer systems and the availability of exploit kits, and as well as a note that companies are reticent to disclose intrusions to government authorities. Dated 2011-2012.
  • [Redacted] Data Management Governance Plan. This document outlines the data management and governance of the Operational Data Analysis Centre (ODAC) which is responsible for storing data collected by CSIS for analysis and analytics purposes. it contains broad-level discussions of how governance should function within CSIS that parallels equivalent discussions that would take place in any organization for data analytics purposes. Dated July 2012.
  • A-2011-150: All correspondence exchanged between the Director of CSIS and the Minister of Public Safety between January 1, 2011 and February 8, 2012. This release has a number of noteworthy elements. On page 10 we learn there is, “… a noticeable increase in economic espionage is posing risks to our control over strategic critical infrastructure, and refers to ongoing efforts by some countries to illegally acquire and transfer technology from Canada, especially as it relates to weapons proliferations.” Moreover, “As Canada is one of the most technologically advanced countries in the world, we remain especially vulnerable to cyber threats and attacks” (11). Pages 49-56 provide an update to the rules for CSIS sharing information with foreign partners. Page 52, in particular, notes that in some cases, CSIS may need to share or act on information derived from “mistreatment” (i.e. torture). Pages 97-102 includes an assessment by CSIS of the UK’s Green Paper at the time on the issue of intelligence to evidence. This is presented as a summary of the matters raised in the UK, with some small elements of lesson drawing (e.g., “the liberal democratic state is limited in how far it can reconcile the equally important imperatives of national security and procedural fairness in the administration of justice…the public communications benefit can also be limited, particularly when interlocutors choose to frame the debate in an adversarial manner.” Dated 2011-2012.
  • A-2011-114: All briefing notes to the Director and/or to the Minister concerning “Lawful Access” legislation for the period September 2011 to the present. Cabinet confidences should be excluded. (Includes references to CALEA, Interception standards, and regional interception standards bodies). This memo outlines why the CSIS does not believe that the arguments being made by industry stakeholders about the difficulty and costs of building in interception capabilities are accurate. It argues that the TSPs will not be required to meet any standards and that this is a good thing, because it will provide TSPs with the option of meeting requirements however they see fit. Moreover, there is an assertion that this isn’t all that different from CALEA, though there is no specific rationale as to why that’s the case–the Canadian proposal was in excess of just CALEA-based information. Dated 2011.
  • A-2011-082: All information regarding CSIS involvement with the WikiLeaks Task Force from November 2010 to August 2011. This ATIP release mostly involved internal DFAIT assessments of the documents which were released about cables from Wikileaks. In aggregate, it showcases the number of people who were stood up into a ‘war room’ to assess cables and their potential damage towards Canadian interests, as well as media monitoring for how the Canadian and international media were covering the cables, with specific focus on the Canadian angle. Dated 2010.
  • A-2011-07-04: For the period of 2008 to present. Threat assessments produced by the Integrated Threat Assessment Centre relating to cyber security, cyber threats and cyber incidents including but not limited to malware, bots and other cyber attacks. Page 3 includes an assessment that was created in response to request from Canadian Electricity Association Security and Infrastructure Protection Committee. We learn that, on page 4, insider threats to power generation systems, as opposed to external actors, were seen as the most significant threat. A definition of cyber-terrorism is provided on page 17: “…cyber terrorism is defined as a computer-generated attack against other computers or computer-controlled systems via a communications network … Examples of cyber terrorism include computer hacking introducing viruses to vulnerable networks, web site defacing, denial of service (DoS), and distributed denial of service (DDoS) attacks.” Page 30 includes the definition of a backdoor: “Backdoor: a means of access to a computer and or program that bypasses security mechanisms. A programmer may install a backdoor so that the program can be accessed for means of troubleshooting or other purposes, but an attacker may exploit or use a backdoor to gain unauthorized access to information or install spyware.” Dated 2008-2010.

Communications Security Establishment (CSE)

Department of Justice

Department of National Defence

Employment and Social Development Canada

Global Affairs Canada

Immigration, Refugees and Citizen Canada

  • A-2016-11288RP. ATIP focuses, principally, on the denial of visas to Huawei employees, with the South China Morning Post (SCMP) assering that it was due to espionage concerns. Documents indicate that a discussion took place within government, and entailed development of lines to respond to press. Of note, on page 396 a Risk Assessment Officer with IRCC stated that “…I would recommend not reading the report. It is easier to talk about these files if we are just speculating and don’t know the details.” Stated in response to a chain where another person suggested that there would be value in reading a previously-issued report, presumably pertaining to immigration and security. On pages 432-496 we see records showing that one of the two Huawei cases was identified, and that had been flagged during assessment, with dialoguing within IRCC to communicate what was flagged.
  • A-2016-06768. This ATIP focuses on Huawei employees, and (I believe) the refusal to grant visas to some employees. The documents presented revolve around a South China Morning Post (SCMP) article that suggested Huawei employees were denied visas on the basis of espionage; emails show that the Department was scrambling to determine why these persons were, in fact, denied as well as speaking with an analyst to determine how national security decisions are actually made and adjudicated. The ATIP does not reveal how analysts engage in such activities, nor the specific reasons for which the Huawei employees were denied visas.

Innovation, Science and Economic Development Canada

Office of the Communications Security Establishment Commissioner

Office of the Privacy Commissioner of Canada

Privy Counsel Office

  • A-2018-00418: This ATIP entirely concerns Huawei and the Meng detention, along with briefing material to inform relevant officials about the public commentary and positioning of former security officials and the management of Canada’s ambassador to China, John MaCallum. Page 1-2: recites Canada’s opposition to China sentencing Canadian to death and recognition that the bilateral relationship matters to Canada. Page 10-11: summary of the initial state of play concerning the detention of Huawei’s CFO, Meng Wanzhou. Page 30: mention that the CSE’s review program has been in operation since 2013, and exclusively mentioned Huawei as a party that has been subjected to it (though doesn’t explicitly say that the company is alone in the assessments). Page 36-37: summarizes recent commentary by Canadian security officials (i.e., Ward Elcock, John Adams, and Richard Fadden) warning the Canadian government to abandon using Huawei equipment.
  • A-2018-00295: This ATIP pertains to the federal government’s use of IMSI catchers, as well as the use of those devices by federal agencies such as the RCMP. Page 11: a reporter asked a question to PCO about how parliamentary staffers should mitigate risks associated with IMSI catchers. Page 16: summarizes the old RCMP call about IMSI Catchers, when the service admitted to using them. Includes a note that the RCMP was getting jammer exemptions for some time, until they ‘realized’ that the devices were in fact not jammers and thus it was the improper mode of exemption/request. Page 87-88: responses to reporter asking whether ISED had approved the use of IMSI catchers, by way of issuing appropriate licenses. PSC maintains that authorizations from ISED had been obtained, and that any surveillance was conducted per the law (note: this ignores that the RCMP conducted numerous IMSI catcher operations w/o first obtaining warrant, as disclosed in the Adam press conference with G&M and TorStar).
  • A-2017-00362: This ATIP concerns a Bell data breach which occurred in 2017. There is nothing of note in this ATIP; this is just a sitrep (with redactions) about the fact that Bell had a significant breach. It was sent to Michael Wernick from David Vigneault via Daniel Jean.
  • A-2017-00311: This ATIP pertains to the FVEY 2017 Ministerial Joint Communique. Of note, on page 1 it notes that there “was significant back and forth on the encryption issue” but that PS thinks that there may be agreement in the FVEY ministerial language, though authors are unclear of Min. Goodale has provided final agreement. Page 8 contains internal recognition that Australia is driving the discussion to be had on encryption, and how it may enable undesirable activities (e.g., “access to target/terrorist data held by industry/social media providers”).

Public Safety Canada

Royal Canadian Mounted Police

  • A-2018-RCMP-Technology: This ATIP broadly addresses issues of policing capabilities, new technologies, OSINT, as well as misclassification of criminal reports and border crossing information. Of note, on page 11 we find that “[p]olice powers in relation to other strategic priorities such as combatting organized crime, reducing youth involvement in crime, and economic integrity also continue to evolve. Police authority to use investigative techniques, such as access to social media accounts and phone records, while respecting privacy rights is still to be clarified. Technological advances present both opportunities and challenges to police. For example, police attempt to keep pace with technology available to cloak organizations and identifies both for their own use and to investigate crime and criminal organizations who make use of these technologies. These same technological advances also pose HR challenges for the organizations, as the RCMP must ensure that personnel have the skills sets necessary to adapt to working with rapidly changing technology.” Per page 11: “The RCMP is also being influenced by the Government’s focus on delivering results for Canadians, using evidence-based decision-making, and fostering accountability … This Policy requires departments to establish Departmental Results Frameworks (DRF), Program Inventories and Performance Information Profiles to foster resources expended in the process. These requirements are posing a particular challenge for the RCMP given the diversity of the organization’s programs and services, and the difficulty of developing meaningful performance indicators.” On page 19, we find that both reviews forthcoming for how the RCMP collects and handles open source intelligence (OSINT) as well as the Counter Technical Intrusion (CTI) Program. This latter program entails providing “technical security assistance to all federal departments, crown corporations and agencies.” Page 27 notes there will be a future audit of the RCMP’s use of unmanned aerial vehicles (UAVs) as well as an assessment intended to determine “whether the RCMP’s monitoring of closed national security investigations assesses as low-to-no risk is consistent with policy and process requirements.” Pages 77-78 report how severe the ‘misclassification’ of sexual assault reports are within the RCMP. “A total of 2,225 unfounded [sexual assault] files were reviewed and, as a result, it was concluded that 1,260 unfounded cases were misclassified and 284 files were identified for further investigation.” Per page 80, “[p]rior to 2017, RCMP information related to interceptions [capture of people irregularly crossing the border] was captured annually, and did no differentiate between interceptions related to asylum seekers and other forms of interceptions (e.g., human smuggling).” Pages 83-84 provide a set of tables which identify the precise numbers of irregular migrations that were intercepted by the RCMP at the border. Showcases that Quebec has a massive number of persons migrating irregularly (approx 18K in 2017, on similar track for 2018), followed by Manitoba (1K in 2017) and BC (700 in 2017).
  • A-2016-00215: This ATIP concerns the use of encryption as it pertains to law enforcement in Canada. This document summarizes to the Minister the difficulties that the RCMP has identified regarding its ability to capture information of suspected criminals. It is written with the intent of contrasting Canada with close allies, including the United States, UK, Australia, and New Zealand. The RCMP propose shifting the lawful access debate to one of ‘going dark’, with a focus on: interception capabilities, use of encryption by criminals, lack of ‘adequate’ data retention; and challenges of MLAT operating successfully. The RCMP make particular note of the encryption-related ‘going dark’ challenges; this stands in contrast to lobbying efforts it took in November 2016, where the head of the RCMP asserted that the agency was not seeking mandatory decryption capabilities, but that basic subscriber identification was a more prominent concern. Significantly, the RCMP notes that it and other agencies in Canada and abroad should speak with a common voice to develop ‘clout’ when facing off against technologists, academics, and civil society advocates. Such clout is needed to advance challenging legislation or regulatory solutions. Left unstated, such solutions might not require the government to first pass authorizing legislation, as was prior attempts to extend the SGES absent the Parliament first passing lawful access legislation. Dated February 2016.
  • A-2014-02766: Requests for Subscriber Information/TSP Production Order Costs (Annotated).
  • A-2012-01201: This is the CPIC reference manual.
  • A-2011-06549: All records relating to lawful access/electronic surveillance techniques from October 1, 2010 to present.

Shared Services Canada

  • A-2013-00020: Any and all reference to cyberhacker group Anonymous in reports and emails to and from CSEC dating from August 2011 to present (June 20, 2013). Page 202-203 reveals that the duty analyst doesn’t have PKI set up, and so SSC/CSE is asked to send relevant files to other person who will subsequently provide to the analyst. This showcases challenges in setting up encryption/PKI as a security measure. On page 220-223, SSC recommends to PSC that anonpast.me be taken down due to its being used to coordinate DDoS against GOC. PSC doesn’t immediately consent due to the high profile nature of the site; a call is to be set up to discuss equities.
  • A-2012-00049: Investment Canada Act and Foreign Takeover of Blackberry. This ATIP pertains to the Government of Canada’s Investment Canada Act, and the conditions under which Canada might reject a foreign takeover of RIM/Blackberry. Page 4 notes that ICA review takes place when a non-Canadian wishes to acquire control of an asset valued at $330 million (CAD) or more and page 34 includes the Minister’s briefing notes for discussion with new RIM CEO. These notes include a discussion concerning export controls/cryptography, though it’s not clear what, specifically, they spoke about beyond “administrative changes” by DFAIT. Dated December 2011 – March 2012.

Transport Canada

  • A-2012-00008: Issuance of UAV Licenses and Draft UAV Issue Paper. This ATIP contains answers to a reporter’s questions concerning the number of SFOCs that were issued (293 applicants and for approximately 1, 000 UAVs), media lines explaining relevant laws governing UAVs in Canadian airspace, training requirements, and recognition that LEAs can use drones “provided they comply with Transport Canada regulations and obtain the required SFOC” (13). Page 16 also details the number of SFOC applications that were rejected by region. The Issue Paper (pages 22-26) outline considerations for establishing restricted airspace for UAVs, as well as recommendations; many of these recommendations include ‘TBD’, which is indicative of the early stage of the government’s regulation of UAVs. Dated 2011-2012.

Treasury Board of Canada

  • Cabinet Committee on Priorities and Planning, June 8, 2010. This document outlines the business need and rationale for Treasure Board to approve funding enterprise communications and infrastructure upgrades for CSIS’ foreign stations communications. It is suggested that the Minister approves the dispensation of funds. Dated June 8, 2010.