There is an ongoing conversation between the Communications Security Establishment (CSE) and Canada's banks about allowing Bay Street to get access to classified material about potential cyber threats to Canadian institutions, new documents show.
At a series of meetings between bankers and corporate executives, an unnamed CSE employee explained the inner workings of the CSE and took requests to open up the flow of information from the top-secret spy agency to Canada's moneylenders.
This unnamed employee is a CSE employee tasked with working as a liaison with the private sector. His or her name is withheld under the Access to Information Act, which allows the government to redact information it feels could be "injurious" to Canada's national defence.
But, whoever this person is, one of their jobs is to streamline the relationship between Canada's big banks and the spies who are tasked with both collecting and analyzing signals intelligence as well as predicting and defending against possible cyber attacks.
The three meetings occurred in the fall of 2013, and acted as a summit between the big banks, telecommunications companies and Public Safety Canada. The reunions were scheduled after the CEOs of Canada's "big six" banks—Bank of Montreal, Royal Bank, Scotiabank, TD Bank, CIBC and National Bank—requested more information about cyber attacks that were threatening their infrastructure.
The government was looking to, among other things, "improve the cyber security posture of Canada's business community by enhancing information sharing and collaboration between the Government and private sector companies."
As part of those meetings, CSE was called in to give perspective on its role in combating cyber attacks. As Canada's primary agency tasked with tracking and addressing cyber threats, CSE has a set of directives that deal with how it cooperates with the private sector.
In those meetings, representatives from CSE—including the unnamed employee—ran workshops on matters such as "collaboration between the Government and the Private Sector," which provided "technical advice and assistance provided by the Government to the Private Sector."
The agency's role of mass digital surveillance, which sometimes occurs while it's supposed to be investigating cyber threats, has put the agency under the microscope.
In the course of the conclave between the cyber-spies and the corporate bigwigs, the banks said they would be supportive of "bigger things" on the national level, to bring private industry into the fold of cyber defence.
"Participants expressed a desire to better understand [CSE's] capabilities. An example was given of how the U.S. Government shares classified material with the private sector in certain circumstances," the documents read.
"Recommendation that Canada should look at existing models if we wanted to head down a similar path."
A spokesperson for the Canadian Bankers Association who was present at two of the meetings told VICE that "these were both low-level meetings as part of our ongoing sharing of views and ideas, nothing more."
The conversations were not insignificant, though. Under a "potential issues" subhead in a memo to the Minister of Public Safety, it is noted that "while this inaugural meeting will launch discussions in these areas, we anticipate that CEOs will see value in continued exchange on these topics. As the government begins to consider some of the recommendations coming out of this group, an ongoing dialog with CEOs would be beneficial to seek their advice on how best to implement the initiatives being proposed."
The government has yet to clarify whether CSE went ahead with engaging in US-style information-sharing with Canada's banks.
In 2011, Reuters broke the news that the National Security Agency was opening up a flow of communication with the banks to help prevent and mitigate cyber attacks. Of course, news also broke in September of 2013—two weeks before the meeting between these meetings—that the NSA was engaging in widespread surveillance of Wall Street's banking activities.
As part of the sessions coordinated by Public Safety Canada, there was a debrief from a meeting of the "Cyber Protection Working Group."
While there is no mention of that group on any Government of Canada website or report, the Canadian Bankers Association says it was merely an "ad hoc group" of representatives from the banking and telecommunications sector.
Details on that 20-minute debriefing were redacted.
Cooperation between industry and Canada's intelligence regime is already quite expansive. The Conference Board of Canada, an economic think tank, organizes an organization called the Council of Chief Information Officers. Its membership includes representatives from the oil and gas industry, pipeline companies, the telecommunications industry, universities, power companies, and several government departments. The documents include an information note on one of the meetings of that group, held at CSIS headquarters, in February 2014.
With files from Ben Makuch.