Did domestic snooping by Canadian spy agency increase 26-fold in a year?

CSE Canada - IAThe volume of domestic communications that were intercepted by Canada’s spy agency increased 26 times between 2014 and 2015, according to a recently released report by a government watchdog. The same report states that intercepted information about Canadian citizens, which is given to Canada’s spy agency by the intelligence organizations of other Western countries, has increased so much that it now requires an elaborate mechanism to analyze it. When asked to explain the reasons for these increases, Canadian government officials said they could not do so without divulging secrets of national importance.

Information about these increases is contained in the latest annual report by the Office of the Commissioner of the Communications Security Establishment. The body was set up in 1996 to review the operations of the Communications Security Establishment (CSE). Founded in 1946, CSE is Canada’s primary signals intelligence agency. It is responsible for interception foreign communications while at the same time securing the communications of the Canadian government. The Office of the Commissioner monitors CSE’s activities and ensures that they conform with Canadian law. It also investigates complaints against the CSE’s conduct of and its officers.

Canadian law forbids the CSE from intercepting communications in which at least one of the parties participating in the exchange is located in Canada. If that happens, the message exchange is termed “private communication” and CSE is not allowed to intercept it, unless it gets written permission from Canada’s National Defense minister. Such permission is usually given only if the interception is deemed essential to protect Canadian national security or national defense. If a “private communication” is inadvertently intercepted, CSE is required to take “satisfactory measures” to protect the personal privacy of the participant in the exchange that is located inside Canada.

According to the CSE commissioner’s report for 2015, which was released in July, but was only recently made available to the media, CSE intercepted 342 “private communications” in 2014-2015. The year before, the spy agency had intercepted just 13 such exchanges. The report states that all 342 instances of interception during 2014-2015 were either unintentional or critical for the protection of Canada’s security. It further states that the reason for the huge increase is to be found in “the technical characteristics of a particular communications technology and of the manner in which private communications are counted”.

Canadian newspaper The Ottawa Citizen asked the CSE commissioner, Jean-Pierre Plouffe, to explain what he meant by “technical characteristics of a particular communications technology” in his report. His office responded that the commissioner could not explain the subject in more detail, because doing so would “reveal CSE operational capabilities” and thus hurt Canada’s national security. The newspaper also contacted CSE, but was given a similar answer. Some telecommunications security experts speculate that the increase in intercepted “private communications” may be due to exchanges in social media, whereby each message is counted separately.

Author: Ian Allen | Date: 25 August 2016 | Permalink

Canada stops sharing intelligence with Five Eyes partners over data breach

CSE CanadaCanada says it will stop sharing certain types of intelligence with some of its closest international allies until it ensures that Canadian citizens’ information is not included in the data given to foreign spy agencies. The announcement follows an official admission, made earlier this week, that a Canadian intelligence agency failed to remove Canadian citizens’ data from information it shared with member-agencies of the so-called Five Eyes Agreement. The pact, which is sometimes referred to as the UK-USA Security Agreement, has been in existence since World War II. It provides a multilateral framework for cooperation in signals intelligence (SIGINT) between the United Kingdom, the United States, Canada, Australia, and New Zealand.

On Thursday, the Commissioner of the Communications Security Establishment (CSE) of Canada, Jean-Pierre Plouffe, published a report on the activities of the CSE —the country’s primary SIGINT agency. The document, which is published annually by the Commissioner, states that the majority of the CSE’s SIGINT collection activities took place in accordance with Canadian law. However, the report found that some of the data shared by CSE with its Five Eyes partners contained data that could potentially be used to identify the identities of Canadian citizens. According to Canadian law, the CSE is not allowed to specifically target the communications of —or information about— Canadian citizens or Canadian companies. Moreover, information pertaining to those, which may be indirectly collected in the course of legitimate targeting of foreign citizens, is supposed to be immediately purged by CSE collection staff.

However, the Commissioner’s report found that some metadata —namely information pertaining to communications other than their content— that could be used to identify Canadian citizens had been shared by the CSE with Five Eyes spy agencies. Later on Thursday, Harjit Sajjan, Canada’s Minister of Defense, announced that SIGINT intelligence-sharing would be suspended until the metadata breach identified in the Commissioner’s report could be adequately addressed and corrected. Minister Sajjan said the roots of the breach had to do with “technical deficiencies” at the CSE, but added that it was crucial that the privacy of Canadians was protected. Therefore, he said, the spy agency would “not resume sharing this information with our partners” until he was “fully satisfied” that the proper control systems were in place.

Author: Joseph Fitsanakis | Date: 29 January 2016 | Permalink

NSA gives Israel raw intercepts containing US citizens’ data

NSA headquartersBy JOSEPH FITSANAKIS | intelNews.org |
The United States National Security Agency (NSA) shares raw intercepted data with Israeli intelligence without first deleting information pertaining to American citizens, according to a leaked document. British newspaper The Guardian published on Wednesday an informal memorandum of understanding between the NSA and the Israel SIGINT National Unit (ISNU). The five-page document was supplied to the newspaper by Edward Snowden, a technical contractor for the NSA who defected to Russia this past summer. It outlines an agreement reached in 2009 between the NSA and the ISNU, under which the American side provides the Israelis with raw intercepts, which often contain telephone and email data belonging to American citizens. The memorandum describes this type intelligence sharing as a “routine” aspect of a broader “SIGINT relationship between the two organizations”. SIGINT refers to signals intelligence, a term used in the intelligence community to describe the interception of communications data or content. Additionally, the document specifically mentions that the data shared with the Israelis is “raw” or “unminimized”, meaning it has not been subjected to the process of extracting and deleting information that identifies US citizens or residents —known as “US persons”. By law, the NSA is not permitted to spy on US persons and is required to ‘minimize’ intercepted data so that the communications of US persons remain private, unless they are absolutely indispensible in understanding a piece of foreign intelligence. The memorandum describes a number of restrictions on the use of this information by Israeli intelligence, stating that the ISNU is forbidden from using it in order to target US persons. It also states that the ISNU must shield the identities of US persons when sharing the information with other Israeli government agencies. Read more of this post

NSA ‘broke, circumvented Internet encryption standards’

NSA headquartersBy IAN ALLEN | intelNews.org |
The United States National Security Agency (NSA) has been able to crack or get around basic encryption standards used daily by hundreds of millions of Internet users, according to newly leaked documents. The New York Times said on Friday that it was in possession of documents that prove that the NSA is not restrained by universal encryption standards used in the US and abroad. The NSA, which is America’s largest intelligence agency, and is tasked by the US government with intercepting electronic communications worldwide, is now able to routinely circumvent Secure Sockets Layer or virtual private networks, as well as encryption protection standards used on fourth-generation cell phones. It therefore has instant access to the content of billions of encrypted messages exchanged by users of some of the Internet’s most popular email companies, including Gmail, Hotmail, Yahoo and Facebook. The paper said it obtained the documents from Edward Snowden, a technical contractor for the NSA who defected to Russia this past summer. They include internal NSA memoranda that suggest the NSA deployed specially built supercomputers to break Internet encryption standards. In other cases, the Agency worked with selected companies and convinced them to “build entry points into their products”. The multi-billion effort was apparently launched by the NSA in the early 2000s, soon after the US government lost a lengthy battle with the communications industry centering on the so-called ‘clipper chip’. Read more of this post

News you may have missed #849 (analysis edition)

Edward SnowdenBy IAN ALLEN | intelNews.org |
►►Are American spies the next victims of the Internet age? The furor over the NSA’s data collection and surveillance programs has been fierce. But Daniel Prieto, of the Center for Strategic and International Studies, argues that the debate should be focusing on the US intelligence apparatus, transformed in the dozen years since 9/11, can meet the challenges and that the US faces today and into the future. He asks whether the “business model” of US intelligence –how intelligence is gathered, analyzed, and used– is sufficient and sustainable, or whether it needs to evolve to “something different or something more”.
►►What did Edward Snowden get wrong? Everything. Andrew Liepman, senior analyst at RAND Corporation, former career officer at the CIA, and former deputy director of the US National Counterterrorism Center, offers an insider’s view on the Edward Snowden case. He argues that those following the Snowden saga fail to understand that the US government “truly does make strenuous efforts not to violate privacy”. This is not simply because it respects privacy on principle, he says, but also because “it simply doesn’t have the time” to access irrelevant information that is not closely connected to possible espionage or terrorist plots against Americans.
►►Why US diplomatic missions became fortresses. Even during the Cold War, American diplomatic facilities were designed to be welcoming and to project the American values of openness and individual liberty. No more, argues John Campbell, former US Ambassador to Nigeria and Ralph Bunche Senior Fellow for Africa Policy Studies at the Council on Foreign Relations. Nowadays, US diplomatic facilities increasingly showcase “Fortress America”, he argues. And he concludes that, “the need to subordinate so much to security diminishes US soft power by undermining its traditional message of openness and welcome”.

Germany probes UK spy program revealed by CIA whistleblower

Sabine Leutheusser-SchnarrenbergerBy JOSEPH FITSANAKIS | intelNews.org |
Germany wants to know whether its citizens were spied on under a British government surveillance program revealed by American intelligence whistleblower Edward Snowden. The program, codenamed Project TEMPORA, was disclosed earlier this week by Snowden, a former technical assistant for the United States Central Intelligence Agency (CIA). Snowden remains holed up at Moscow’s Sheremetyevo International Airport, as Russian authorities have rejected repeated requests by Washington to extradite him to the US. According to British newspaper The Guardian, which first wrote about Project TEMPORA on June 21, Britain’s General Communications Headquarters (GCHQ) has been able to “plug into the cables that carry internet traffic into and out” of the United Kingdom. The agency, which is tasked with communications interception, has therefore collected and stored massive quantities of foreign telephone call data and email messages, and has shared much of it with its US counterpart, the National Security Agency. On June 25, Germany’s Federal Minister of Justice, Sabine Leutheusser-Schnarrenberger, wrote a letter to her British counterpart, Chris Grayling, asking for immediate clarification on the precise legal basis for Project TEMPORA. In her letter, which was copied to the British Home Secretary, Theresa May, the German cabinet minister also inquires whether TEMPORA has been authorized by the appropriate judicial authorities. She argues that “European institutions should shed light on this [issue] immediately” and warns her British colleagues that she plans to raise the subject during the July 2013 meeting of European  Union Justice and Home Affairs ministers, which will be held in Brussels, Belgium. Read more of this post

Analysis: PRISM revelations harm US political, financial interests

NSA headquartersBy JOSEPH FITSANAKIS | intelNews.org |
Ever since June 6, when Edward Snowden, a former United States Central Intelligence Agency (CIA) technician, exposed a vast communications spying system called PRISM, observers have focused on the ramifications of this controversy inside America. But in an excellent analysis written for ComputerWorld magazine’s New Zealand edition, Taylor Armerding points out that Snowden’s revelation could result in extensive international blowback for the United States, in both the political and economic realms. Armerding quotes Toronto University political science professor Ron Deibert, who argues that this latest revelation of massive communications interception activity by the National Security Agency (NSA) carries with it “unintended consequences […] that will undermine US foreign policy interests”. Deibert points out that the spy scandal has the potential to undercut America’s role and influence in global Internet governance. In the words of renowned security expert Bruce Schneier, many around the world are beginning to view the US as “simply too untrustworthy to manage the Internet”. Even policymakers and ordinary users friendly to Washington are worried about what they perceive as the “huge disadvantages” of their dependence on US-managed Internet networks that host the content of social media sites, cloud computing databases, or telecommunications exchanges, says Deibert. But the biggest potential damage to US interests, argues Armerding, is not political, but economic. “It is not just personal information that is being swept into the NSA’s massive databases”, he notes; “it is corporate data as well”. Indeed, the vast foreign and domestic spying represented by PRISM poses a direct threat to the global competitiveness of the American technology sector. Read more of this post