CSIS

‘Defending the Core’ of the Network: Canadian vs. American Approaches

/ Christopher Parsons

U.S. Cyber Command recently conducted on Fort Meade its first exercise in collaboration with cyber subject-matter experts from across the National Security Agency, National Guard, Department of Homeland Security and FBI.In our recent report, “The Governance of Telecommunications Surveillance: How Opaque and Unaccountable Practices and Policies Threaten Canadians,” we discussed how the Communications Security Establishment (CSE) developed and deployed a sensor network within domestic and foreign telecommunications networks. While our report highlighted some of the concerns linked to this EONBLUE sensor network, including the dangers of secretly extending government surveillance capacity without any public debate about the extensions, as well as how EONBLUE or other CSE programs programs collect information about Canadians’ communications, we did not engage in a comparison of how Canada and its closest allies monitor domestic network traffic. This post briefly describes the EONBLUE sensor program, what may be equivalent domestic programs in the United States, and the questions that emerge from contrasting what we know about the Canadian and American sensor networks.

What is EONBLUE?

EONBLUE was developed and deployed by the CSE. The CSE is Canada’s premier signals intelligence agency. The EONBLUE sensor network “is a passive SIGINT system that was used to collect ‘full-take’ data, as well as conduct signature and anomaly based detections on network traffic.” Prior Snowden documents showcased plans to integrate EONBLUE into government networks; the network has already been integrated into private companies’  networks. Figure one outlines the different ‘shades of blue’, or variations of the EONBLUE sensors:

EONBLUE Sensors

Continue reading

The Governance of Telecommunications Surveillance

/ Christopher Parsons

Last week I released a new report, The Governance of Telecommunications Surveillance: How Opaque and Unaccountable Practices and Policies Threaten Canadians, through the Telecommunications Transparency Project. The Project is associated with the Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, and the report was funded through the Canadian Internet Registration Authorities’s .CA Community Investment Program.

The report examines how contemporary telecommunications surveillance is governed in Canada. In it, we ask how much telecommunications surveillance is occurring in Canada, what actors are enabling the surveillance, to what degree those actors disclose their involvement in (and the magnitude of) surveillance, and what degree of oversight is given to the federal governments’ surveillance practices. We conclude that serious failures in transparency and accountability indicate that corporations are failing to manage Canadians’ personal information responsibly and that government irresponsibility surrounding accountability strains its credibility and aggravates citizens’ cynicism about the political process. In aggregate, these failings endanger both the development of Canada’s digital economy and aggravate the democratic deficit between citizens and their governments.

Continue reading

CSIS’s New Powers Demand New Accountability Mechanisms

/ Christopher Parsons

6165458242_97e0572d03_oThe Government of Canada recently tabled Bill C-44, the Protection of Canada from Terrorists Act, in response to a series of court defeats concerning how the Canadian Intelligence and Security Service (CSIS) collects intelligence about Canadian residents. The federal courts took CSIS to task after Justice Richard Mosley realized that warrants issued to CSIS, which enabled CSIS to collaborate with Canada’s foreign signal intelligence agency to monitor Canadians abroad, were also being used to enlist the assistance of other nations’ signals intelligence agencies. In addition to the warrants not being issued with such foreign collaboration in mind there was — and remains — a judicial belief that CSIS’ lawyers deliberately misled the court when requesting the warrants.

The tabled legislation would not alleviate the ruling that CSIS lawyers misled the court. It would, however, authorize CSIS to apply for warrants which authorize the service to monitor Canadians abroad even if doing so would violate the laws of foreign nations. Moreover, CSIS would be empowered to request the assistance of foreign organizations in monitoring the aforementioned Canadians. The Act would also provide the government the power to prevent courts from publicly examining informants as well as to revoke citizenship under certain situations. Finally, the legislation further clarifies (and arguably extends) prohibitions on revealing the identity of CSIS officers. Continue reading

A Crisis of Accountability — The Canadian Situation

/ Christopher Parsons

CanadaThe significance of Edward Snowden’s disclosures is an oft-debated point; how important is the information that he released? And, equally important, what have been the implications of his revelations? Simon Davies, in association with the Institute of Information Law of the University of Amsterdam and Law, Science, Technology & Social Studies at the Vrie Universiteit of Brussels, has collaborated with international experts to respond to the second question in a report titled A Crisis of Accountability: A global analysis of the impact of the Snowden revelations.

In what follows, I first provide a narrative version of the report’s executive summary. The findings are sobering: while there has been a great deal of international activity following Snowden’s revelations, the tangible outcomes of that activity has been globally negligible. I then provide the text of the Canadian section of the report, which was drafted by Tamir Israel, myself, and Micheal Vonn. I conclude by providing both an embedded and downloadable version of the report.

Continue reading

Accountability and Government Surveillance

/ Christopher Parsons / 3 Comments

Charmaine Borg, MPThe issue of lawful access has repeatedly arisen on the Canadian federal agenda. Every time that the legislation has been introduced Canadians have opposed the notion of authorities gaining warrantless access to subscriber data, to the point where the most recent version of the lawful access legislation dropped this provision. It would seem, however, that the real motivation for dropping the provision may follow from the facts on the ground: Canadian authorities already routinely and massively collect subscriber data without significant pushback by Canada’s service providers. And whereas the prior iteration of the lawful access legislation (i.e. C–30) would have required authorities to report on their access to this data the current iteration of the legislation (i.e. C–13) lacks this accountability safeguard.

In March 2014, MP Charmaine Borg received responses from federal agencies (.pdf) concerning the agencies’ requests for subscriber-related information from telecommunications service providers (TSPs). Those responses demonstrate extensive and unaccountable federal government surveillance of Canadians. I begin this post by discussing the political significance of MP Borg’s questions and then proceed to granularly identify major findings from the federal agencies’ respective responses. After providing these empirical details and discussing their significance, I conclude by arguing that the ‘subscriber information loophole’ urgently needs to be closed and that federal agencies must be made accountable to their masters, the Canadian public.

Continue reading

The Issues Surrounding Subscriber Information in Bill C-30

/ Christopher Parsons / 12 Comments

SIMThe most recent version of the Canadian Government’s lawful access legislation is upon us. The legislation expands the powers available to the police, imposes equipment- and training-related costs on Telecommunications Service Providers (TSPs), enables TSPs to voluntarily provide consumer information to authorities without a warrant, forces TSPs to provide subscriber data without warrant, and imposes gag orders on TSPs who comply with lawful access powers. Economic and civil rights costs are, as of yet, murky. Despite being an extremely lengthy piece of legislation, Bill C-30 lacks the specificity that should accompany serious expansions to Canadian policing and intelligence gathering powers.

In this post, I first outline a ‘subscriber data regime’ to discuss what does – and may – be entailed in accessing Canadians’ subscriber data. Second, I explain how subscriber data can be used for open-sourced intelligence gathering. Third, I argue that an administrative process of expanding subscriber identifiers is inappropriate. Finally, I articulate why warrants are so important, and why court approval should precede access to subscriber data. In aggregate, this post explicates the concerns that many civil advocates, academics, and technical experts have with access to subscriber information, why Canadians should be mindful of these concerns, and why Canadians should rebuff current efforts to expand warrantless access to subscriber information.

Continue reading