Most fundamentally, is it in Canada’s interest to further normalize the growing use of CNA (Computer Network Attack) activities by states? Should CNA be classified as just another tool of statecraft? Should such capabilities be restricted to a deterrent role? Is cyber deterrence, whether through CNA capabilities or more conventional responses, even a practical goal, given difficulties of attribution and the inevitable overlap between CNE (Computer Network Exploitation) and CNA? Would improved defence and resilience be a preferable, or at least sufficient, response or are all three required?


As effective encryption spreads, it may well be that the future of SIGINT lies increasingly in “end point” operations and other activities designed to cripple or bypass that encryption, and some of those activities could certainly benefit from HUMINT assistance. But there are also pitfalls to that approach. Using on-the-scene people in foreign jurisdictions can mean putting individuals at extreme risk, and such operations also have increased potential to go wrong in ways that could expose Canada to extreme embarrassment and even retaliation. If the government is contemplating going down that road, it should probably be open with parliament and the public about its intentions.

Informed consent. Because it’s 2017.


Marking 70 years of eavesdropping in Canada

Bill Robinson at Open Canada:

Another new factor is the presence of Canadians in CSE’s hunting grounds. CSE was unable to assist during the FLQ crisis in 1970—it had no capability to monitor Canadians. In the post-2001 era, that is no longer true: the Internet traffic of Canadians mixes with that of everybody else, and CSE encounters it even when it is trying not to. When operating under judicial warrants obtained by CSIS or the RCMP, it deliberately goes after Canadian communications. CSE also passes on information about Canadians collected by its Five Eyes partners.

A special watchdog—the CSE Commissioner—was established in 1996 to monitor the legality of CSE’s activities. Over the years, Commissioners have often reported weaknesses in the measures the agency takes to protect Canadian privacy, but only once, last year, has a Commissioner declared CSE in non-compliance with the law.

Whether CSE’s watchdog is an adequate safeguard for the privacy of Canadians is a matter of continuing debate. One thing, however, is clear: As CSE enters its 71st year, the days when its gaze faced exclusively outward are gone for good.

Bill Robinson has done a terrific job providing a historical overview of Canada’s equivalent of the National Security Agency (NSA). His knowledge of the Communications Security Establishment (CSE) is immense.

Canadians now live in a country wherein this secretive institution, the CSE, is capable of massively monitoring our domestic as well as foreign communications. And, in fact, a constitutional challenge is before the courts that is intended to restrain CSE’s domestic surveillance. But before that case is decided CSE will analyze, share, and act on our domestic communications infrastructure without genuine public accountability. As an intelligence, as opposed to policing, organization its methods, techniques, and activities are almost entirely hidden from the public and its political representatives, as well as from most of Canada’s legal profession. A democracy can easily wilt when basic freedoms of speech and association are infringed upon and, in the case of CSE, such freedoms might be impacted without the speakers or those engaging with one another online ever realizing that their basic rights were being inhibited. Such possibilities raise existential threats to democratic governance and need to be alleviated as much as possible if our democracy is to be maintained, fostered, and enhanced.


Secret Documents Reveal Canada’s Spy Agencies Got Extremely Cozy With Each Other | VICE News

Secret Documents Reveal Canada’s Spy Agencies Got Extremely Cozy With Each Other:

Highly classified documents obtained by VICE News offer new insights into how Canada’s two-headed spy apparatus works to blend its intelligence, skirt court oversight of its spying powers, and intercept communications inside the country’s borders.

Christopher Parsons, postdoctoral fellow at the Munk School, says there is long-standing ambiguity over when CSE can and cannot spy on its own citizens. And it’s worrying.

“Generally, we have questions about how meaningful, or not meaningful, Mandate C actually is,” he told VICE News.

Craig Forcese, law professor at the University of Ottawa and one of Canada’s foremost experts on security policy, says Mandate C is a tunnel through the barrier stopping CSE’s from snooping on Canadians.

“If CSE is providing assistance to CSIS under Mandate C, then CSE is clothed with the same legal authority CSIS has,” Forcese says. “So it can act as CSIS’s technological appendix, including in conducting domestic surveillance.”

University of Ottawa Professor Wesley Wark, a specialist in intelligence and national security, says there is need for a review body that can actually investigate how Mandate C is used, “in a way typically that the current CSE Commissioner has not, I don’t think, very fully.”

“The Ministry returned the letter requesting further details to address concerns raised by the Minister’s Office in relation to CSIS authority to enter into subsequent arrangements without further approval from the Minister each time,” reads a summary of changes requested to the documents.

It’s unclear if the minister’s change was actually made.

“If the minister put a stop to that, he should be congratulated,” says Parsons. The simple fact that the agencies were trying to bestow themselves that power is “more than a little bit concerning,” he says.

It’s long been speculated that signals intelligence has been the basis for many warrants and criminal charges, but that the fingerprints of CSE’s involvement were scrubbed before the application to the court was made.

“There’s a real question whether it’s CSE or CSIS in the driver’s seat,” says Parsons.



Christopher Parsons: Canada has a spy problem

I published a comment piece with the National Post today that quickly summarizes the importance and harms of Canada’s signals intelligence activities, especially as it pertains to persons living in Canada.

The key takeaway is:

Canadians are routinely accused of having sleepwalked into a surveillance nation. We haven’t. Instead, the federal government of Canada has secretly deployed mass-surveillance technologies focused on domestic and foreign communications alike and, even when caught red-handed, the government refuses to have a reasonable conversation about the appropriateness or legality of such technologies. Canadians deserve better from their government. More oversight and accountability is needed at a minimum, and cannot be dismissed as “red tape” given the magnitude of the surveillance operations conducted upon the population of Canada by its own government.

You can read the whole piece over at the National Post.


Documents Reveal Canada’€™s Secret Hacking Tactics – The Intercept

Documents Reveal Canada’€™s Secret Hacking Tactics – The Intercept:

Canada’s electronic surveillance agency has secretly developed an arsenal of cyberweapons capable of stealing data and destroying adversaries’ infrastructure, according to newly revealed classified documents.

Christopher Parsons, a surveillance expert at the University of Toronto’s Citizen Lab, told CBC News that the new revelations showed that Canada’s computer networks had already been “turned into a battlefield without any Canadian being asked: Should it be done? How should it be done?”



Communication Security Establishment’s cyberwarfare toolbox revealed

Communication Security Establishment’s cyberwarfare toolbox revealed :

Top-secret documents obtained by the CBC show Canada’s electronic spy agency has developed a vast arsenal of cyberwarfare tools alongside its U.S. and British counterparts to hack into computers and phones in many parts of the world, including in friendly trade countries like Mexico and hotspots like the Middle East.

Some of the capabilities mirror what CSE’s U.S. counterpart, the NSA, can do under a powerful hacking program called QUANTUM, which was created by the NSA’s elite cyberwarfare unit, Tailored Access Operations, says Christopher Parsons, a post-doctoral fellow at the Citizen Lab, one of the groups CBC News asked to help decipher the CSE documents. QUANTUM is mentioned in the list of CSE cyber capabilities.

Publicizing details of QUANTUM’s attack techniques fuelled debate south of the border about the project’s constitutionality, says Parsons, who feels a debate is needed here in Canada as well.

“Our network has been turned into a battlefield without any Canadian being asked: Should it be done? How should it be done?” says Parsons.

“With Bill C-51, we’re seeing increased powers being provided to CSIS, and that could mean that they would be able to more readily use or exploit the latent domestic capabilities that CSE has built up,” says Parsons.


Leaked documents reveal Canada’s cyber warfare tools

Leaked documents reveal Canada’s cyber warfare tools :

Implanting malware on computer networks, disabling enemy computer systems, disrupting and grabbing control of an adversary’s infrastructure.

It all sounds so un-Canadian, but these are among the cyber warfare tools developed by the country’s Communications Security Establishment (CSE), according to documents obtained by the Canadian Broadcasting Communications. The CSE is Canada’s electronic spy agency.

The documents indicate that Canada’s computer networks have “been turned into a battlefield without any Canadian being asked: Should it be done? How should it be done?” said Christopher Parsons, surveillance expert with Citizen Lab, an international research group at the University of Toronto’s Munk School of Global Affairs.


CSE monitors your emails to the government: What you need to know

CSE monitors your emails to the government: What you need to know:

CSE declined to give CBC more specific information about the amount of email and metadata collected and when it is deleted. The agency told CBC such information “could assist those who want to conduct malicious cyberactivity against government networks.”

“The key issue is understanding how CSE retains data. Is it the case that when I email my MP they store it for one to four months? Or if it passes the buffer it’s deleted in days,” Chris Parsons, a cyber security expert at Citizen Lab who viewed the document for CBC, told Global News.

Another concern Parsons raised is what happens to law abiding citizens who happen to have malware on their computers. If they email their MP – with no malicious intent – and unintentionally pass along a virus, what happens to their information?

“How is that information treated? Are you treated like someone with a random virus, or are you classified as something?” Parsons asked.