Advertisement
Entertainment

We Learned Very Little about Canada’s Cybersurveillance Agency, CSEC, in 2014

Except for a new report, which shows they joke about monitoring hockey fans.

by Patrick McGuire
Dec 29 2014, 6:19pm

Except For a New Report, Which Shows They Joke About Monitoring Hockey Fans.

CSEC HQ, photo via CSEC's media relations.

Since the Edward Snowden disclosures of 2013, much of the world has awoken to the issue of cybersurveillance, particularly as it pertains to the practices of the NSA. But as anyone who has followed these issues knows, the NSA is part of an information-sharing collective called the Five Eyes, which encompasses the surveillance agencies of the UK (GCHQ), Australia (ASD), New Zealand (GCSB), and Canada (CSEC, or CSE if you want to get technical).

The avalanche of NSA disclosures, along with a pile of reports about GCHQ, have taught us quite a bit about the intensely complicated spy tools that have been developed by the US and UK to suck up billions of communications from around the world, break encryption software, and manipulate targets of surveillance by hijacking their computers. But a comparably miniscule amount of information has been disclosed about Canada's own agency, CSEC.

That said, here's what we learned this year.

2014 began with a disclosure about CSEC that seemingly indicated they were spying on Canadians through free airport WiFi. That is how the CBC reported it, anyway. After further technical analysis by a couple of notable experts, who were able to view the source material that led the CBC to their conclusion (i.e. an internal, leaked presentation), it appeared as if the CBC's initial summation of the materials was overly facile.

A deconstruction of the CBC's "free airport WiFi" report was conducted thoroughly by a cybersurveillance blogger named Peter Koop, who runs a site called Electrospaces geared to a more expert-level audience concerned with online spying. Ronald Deibert, one of Canada's foremost experts on cybersurveillance in Canada, who I sat down with for a video interview earlier this year, said he "agree[s] entirely" with Koop's analysis that CSEC's program goes far beyond simply spying through free WiFi.

What these slides really revealed, was that CSEC had developed a target-tracking system that harnessed WiFi access points from around the world to track an individual as they traveled from place to place. In testing this program, CSEC used real Canadian data collected from an airport to experiment with their new toy—hence the free airport WiFi headline.

So, if you were a notorious car thief and CSEC was trying to track you down, they would identify your phone's unique MAC address and set up a system of alerts that would ring at their HQ if and when you passed through certain WiFi hotspots. Meaning if you visit an airport, and signed into the WiFi network, CSEC would know you were probably trying to leave the country.

Another notable cybersurveillance researcher, Bill Robinson, who blogs at Lux Ex Umbra, determined that the airport most likely to be involved in this operation is Toronto's Pearson airport. Robinson also determined that the program was able to track targets around the world, which indicates either a level of cooperation with international service providers, or they were simply catching the targets' locations when they beamed back home to a Canadian provider.

This information disconnect between highly savvy bloggers and the journalists at our public broadcaster illuminates one of the key reasons why very little is known about our own cybesurveillance agency. While there is first and foremost an issue of information simply not reaching the public, there is also a major learning curve when it comes to interpreting the documents that do find their way into the light. Curiously, Deibert provided his services to the CBC to interpret the documents before publication, and yet they still ended up with a more digestible (and less correct) headline. While the CBC can be commended for bringing these issues to light, it's crucial that these documents are reported on properly.

This leads into another issue pertaining to information about CSEC getting into the hands of the public: media bureaucracy. As Canadaland reported this year, on the eve of a talk Glenn Greenwald gave in Ottawa just after the Parliament shooting, the CBC "stonewalled" the Snowden document-holding journalist from getting a new story about CSEC published. It's unclear if this all happened because of government pressure or because of an ideological dispute between Greenwald and Terry Milewski, the reporter on the CSEC file.

While Milewski insists he is not at all opposed to reporting on surveillance, and while it seems as if negotiations between Greenwald and our public broadcaster reopened after the Canadaland post ran, the documents have still not been reported on; even though Greenwald insists the story is of paramount national relevance, telling Canadaland: "This must be exposed for public debate in Canada."

Beyond the squabbling that surrounded technical misinterpretations and stonewalled news reports, there was some hard information that came out about CSEC this year. On the legal framework side, the Harper government came out in support of metadata collection. John Forster, the big boss of CSEC, also admitted that Canadian metadata is collected, because "there are foreign and Canadian information mixed together in the internet." Plus, as Colin Freeze reported in the Globe and Mail, nothing is known about how long Canadian data is stored by CSEC as they refuse to disclose that information though its clear that private Canadian data is collected often.

Forster's casual explanation of Canadian data collection would be fine if it were believable that CSEC was only interested in high-value foreign targets, aka terrorists, but what we've seen of the vast domestic collection of data in the United States by the NSA, along with the Canadian government's own interest in targeting First Nations and environmental activists, transforms this official dismissal of Canadian metadata collection into a troubling admission. If CSEC admits to catching Canadian data in their spyweb, and the Canadian government has a track record of monitoring political dissidents, the agency shouldn't be able to simply dismiss their ongoing ability to capture confidential domestic data.

2014 also taught us, as originally reported by c't magazine, that CSEC hijacks computers around the world to build botnets of zombified computers that they can then use to attack targets—as part of a strategy they plainly refer to as a "target the world" tactic. This botnet method provides ample distance between Ottawa and the subject of surveillance so that their operations can't be easily traced back to the government. CSEC calls this "an additional level of non-attribution."

This is problematic in two major ways. For one, it could easily mean that civilian computers from unknown nations are being hijacked in order to carry out the bidding of the Canadian government. As another of Canada's top cybersurveillance experts, Chris Parsons, told me in August: "We don't know whether there is some effort to ascertain civilian versus non-civilian intermediary computers to take over, but the slides suggest that civilians and their equipment can be targeted."

Secondly, this intentional distance between CSEC and its target creates even less accountability for the actions and motivations of the agency's already top secret missions. It's another layer of opaqueness on top of what is already a completely mysterious organization.

We also learned this year that CSEC is involved in spying on the enemies of Israel. While Israel's conflict with Hamas this year would technically fall into the purview of CSEC operations—as Hamas is a terrorist organization in the eyes of the Canadian government—this kind of targeting opens up the hallmark issue of cybersurveillance itself: Are the targets being selected responsibly? While this is a major concern, a "pervasive surveillance operation" (in the words of Chris Parsons) in a case like this could lead to a more precise military operation.

The most peculiar detail about CSEC was released yesterday by the German publication Der Spiegel in the midst of a longer report about what we know about the NSA's "war on internet security." In the article, a subheading that reads, "Hockey sites monitored," includes a reference to a leaked CSEC document, which refers to the monitoring of hockey communities online:

"Canada's Communications Security Establishment (CSEC) even monitors sites devoted to the country's national pastime: 'We have noticed a large increase in chat activity on the hockeytalk sites. This is likely due to the beginning of playoff season,' it says in one presentation."

This bizarre note would indicate that information gathering, pertaining to Canadians' domestic habits, is more of a CSEC mandate than the agency would have us believe. Even though Forster's explanation of Canadian data collection makes it seem like an accident, given how our communications are all mixed up with foreign communications out there in cyberspace, if CSEC really is monitoring hockey websites they're probably not looking for foreign terrorists.

VICE reached out to CSEC for comment about Der Spiegel's claims about hockey monitoring, and will update this story as it develops.

[Update: A security researcher has pointed out the hockey example was used in a CSEC presentation as a weird kind of joke, referring to a country called "Canuckistan" as a target and using hockey sites as an example of potentially real targets in the future. This nuance was not noted by Der Spiegel.

In a written statement to VICE, Ryan Foreman of CSEC's media relations team described the hockey surveillance example as "obviously fictitious content" while adding that "CSE is prohibited by law from directing its foreign intelligence or cyber defence activities at Canadians anywhere in the world or at anyone in Canada."]

Ultimately, while we did gather bits and bites of information about CSEC this year, the stopgap of top secret information, along with Snowden documents pertaining to CSEC being held up in CBC purgatory, has led to a very limited amount of conversation about what CSEC does and why we need it. Given the age of the Snowden documents (he doesn't have any documentation that was written later than 2012), and the persecution of a second NSA source who may have leaked information about the American government's ginormous watchlist, the well from which national security information has been springing could be running dry. While we know there are more Snowden documents to report on, they may be out of date, and even if we do get more information about CSEC, it's possible they have since changed their ways.

Reporting on CSEC requires you to walk a thin line between understanding there are certain operations that require secrecy in order to maintain national security endeavours, while also exercising a healthy amount of concern and criticism for a gigantic agency with little accountability. As the Harper government pushed through Bill C-13 this year, which ostensibly is aimed to protect kids from cyberbullying (though it really is pushing through more powers for warrantless surveillance), it does not appear as if limiting this agency is a priority whatsoever. Especially after the two attacks on Canadian soldiers, at home, in October.

So with C-13 in play, and Canada's role in the global war on terror increasing, there isn't a whole lot the public can do about CSEC's power, barring some kind of game-changing revelation from a whistleblowing source that people can sink their teeth into.

Follow Patrick on Twitter.