Canada’s spy review bodies struggling to keep tabs on agencies

The review bodies for both Canada’s intelligence agencies are raising concerns about their ability to keep track of the country’s spies.

OTTAWA—The review bodies for both of Canada’s intelligence agencies are raising concerns about their ability to keep track of the country’s spies.
The warnings come as the Conservatives continue to insist that Canada does not require increased oversight into the Canadian Security Intelligence Service or the Communications Security Establishment.
The Security Intelligence Review Committee (SIRC), which reviews CSIS actions, said continued vacancies on the five-person board, the inability to investigate CSIS operations with other agencies, and delays in CSIS providing required information are “key risks” to the committee’s mandate.
Meanwhile, the Office of the Communications Security Establishment Commissioner warned that the growth of the massive electronic spying agency, coupled with fiscal restraint at the commissioner’s office, is a “constant concern.”
The two review bodies combined boast about 30 full-time employees and an annual budget of roughly $5 million, according to government documents. The agencies they review are expected to spend more than $1 billion this year, and CSE alone has more than 2,000 employees.
The concerns were raised in both agencies’ plans and priorities reports, which outline the expected actions and spending of government departments and agencies for the year.
They come as Parliament continues to debate Bill C-51, which would give CSIS a much wider mandate to investigate and “disrupt” threats to Canada’s national security.
Many critics who testified about the bill, and a good number of witnesses who support it, have argued there should be some measure of parliamentary oversight into the actions intelligence services take on Canadians’ behalf.
But Public Safety Minister Steven Blaney, responding to questions in the House of Commons Wednesday, said Canada’s review system is the “envy of the world.”
“We will continue to support them,” Blaney said of the review bodies.
Blaney has argued that SIRC provides adequate review of CSIS activities, and that additional oversight would simply be “needless red tape.”
In its report, however, the SIRC admitted it can review only a “small number” of the spy agency’s actions each year.
“Currently, SIRC reviews still lack the ability to ‘follow the thread’ of a CSIS investigation if it involves another government department or agency,” the SIRC wrote.
“SIRC’s effectiveness is dependent on (CSIS’s) timely provision of information. In those cases where there are delays in receiving information, SIRC is at risk of being unable to complete its reviews and investigations in a timely manner.”
Both SIRC and the CSE commissioner reported their review capacity depends on co-operation with the agencies they look into — while both are separate and independent from the agencies, both say they require a close working relationship. The CSE commissioner’s report went so far as to say the success of their reviews is “fundamentally reliant on the relationship between the office and CSE.”
Both review bodies also say they need to work together. SIRC’s mandate is to review CSIS operations, but not CSIS’s co-operation with CSE. Without seeing how the different agencies interact — including with the RCMP, which has civilian review, and Military Intelligence, which has no civilian review — the CSE commissioner said it’s difficult to see the whole picture.
“Information sharing among intelligence agencies at the national and international level requires at minimum some co-operation among the various review and oversight bodies,” the report notes.
CSIS’s operations have been well known since the intelligence branch of the RCMP was separated from the law enforcement mandate. The operations of CSE, on the other hand, have attracted widespread attention only through the leaks of whistleblower Edward Snowden.
Working from those disclosures, The Intercept and CBC revealed CSE has developed a suite of cyberwarfare tools, and had a goal to become more aggressive in their use by 2015.
Other documents leaked by Snowden suggest CSE has engaged in mass Internet surveillance of file-sharing sites, and collects massive amounts of Internet traffic through 200 “Internet backbone” sites worldwide through a program called EONBLUE.
Bill Galbraith, the executive director of the CSE commissioner’s office, said he could not discuss whether the office is looking into those disclosures.
“The reviews that we are conducting cover a range of signals intelligence activities, IT security activities, and there is a major review of metadata underway,” Galbraith said in an interview.
Deborah Grey, the former Conservative MP and current acting chair of the SIRC, could not be reached for comment on Wednesday.
How the review bodies measure up
18 – The number of full-time equivalent positions at the SIRC
11.5 – The number of full-time equivalent position at the CSE commissioner’s office
$5 million – Roughly how much both offices have to spend this year
$537 million – Amount CSIS expects to spend in 2015-2016 alone.
2,175 – Number of employees at CSE

By: Alex Boutilier Staff Reporter, Published on Wed Apr 01 2015

Find this story at 1 April 2015

© Copyright Toronto Star Newspapers Ltd. 1996-2015

Tories secretly gave Canadian military OK to share info despite torture risk

Harper facing criticism from human rights groups

The four-page, 2010 framework document, sent to then-Defence Minister Peter MacKay, says when there is a “substantial risk” that sending information to – or soliciting information from – a foreign agency would result in torture, the matter should be referred to the responsible deputy minister or agency head.
The four-page, 2010 framework document, sent to then-Defence Minister Peter MacKay, says when there is a “substantial risk” that sending information to – or soliciting information from – a foreign agency would result in torture, the matter should be referred to the responsible deputy minister or agency head. Pawel Dwulit/Canadian Press

The Conservative government has secretly ordered the Canadian military to share information with allies even when there’s a serious risk it could lead to torture.

The Defence Department was making good progress on developing a directive from the minister to put the policy into effect, a newly declassified memo shows.

The memo reveals Defence was slated to be the fifth and final federal agency to apply the Harper government’s instruction to exchange information with a foreign agency when doing so may give rise to a “substantial risk” of torture.

TIMELINE: Spies and Canada’s secrets
Security gaps found in destruction of top-secret military data
The others are the Canadian Security Intelligence Service, the RCMP, the Canada Border Services Agency and Communications Security Establishment Canada, the electronic eavesdropping agency known as CSE.

The Canadian Press obtained a copy of the November 2011 memo under the Access to Information Act.

National Defence cannot release a copy of the resulting directive on information sharing — nor say when it was completed and issued — because it’s a classified document, said department spokeswoman Tina Crouse.

“We don’t have any comment right now,” she said.

Effectively condones torture
The federal policy has drawn sharp criticism from human rights advocates and opposition MPs, who say it effectively condones torture, contrary to international law and Canada’s United Nations commitments.

The war in Afghanistan is a stark illustration of the fact Canadian military forces can and do develop close relationships with foreign security forces that are unquestionably responsible for torture, said Alex Neve, secretary general for Amnesty Canada.

”Analyze the situation. If you think that sharing this information is likely to contribute to torture abroad, don’t do it.’- Justice Dennis O’Connor
A policy that leaves the door open for the possibility of collaboration even if torture may result “is particularly troubling,” Neve said in an interview.

The memo says the Defence directive was to flow from a federal framework that “establishes a consistent process of decision making” across departments and agencies when the exchange of national-security related information puts someone at serious risk of being tortured.

The four-page, 2010 framework document, previously released under the access law, says when there is a “substantial risk” that sending information to — or soliciting information from — a foreign agency would result in torture, the matter should be referred to the responsible deputy minister or agency head.

Certain factors considered
In deciding what to do, the agency head will consider various factors, including the threat to Canada’s national security and the nature and imminence of the threat; the status of Canada’s relationship with — and the human rights record of — the foreign agency; and the rationale for believing that sharing the information would lead to torture.

arar_maher040122
Maher Arar, a Syrian-born Canadian, was detained in New York in September 2002 and deported soon after by U.S. authorities. A federal commission of inquiry concluded that faulty information the RCMP passed to the Americans likely led to the Ottawa engineer’s traumatic detention. ((CBC))

The framework says it applies primarily to sharing with foreign government agencies and militaries, but also with military coalitions, alliances and international organizations.

In 2011, then-public safety minister Vic Toews issued directives to CSIS, the RCMP and the federal border agency that closely followed the wording of the government-wide framework.

That same year, MacKay issued a similar directive to CSE, which reports to the defence minister.The newly released memo, prepared for Peter MacKay — defence minister at the time — says the directive for his department was being “tailored to recognize the unique operational needs of a military organization.”

Maher Arar, a Syrian-born Canadian, was detained in New York in September 2002 and deported soon after by U.S. authorities — ending up in a vile Damascus prison cell. Under torture, he gave false confessions to Syrian military intelligence officers about involvement with al-Qaeda.

IN DEPTH: Maher Arar
A federal commission of inquiry, led by Justice Dennis O’Connor, concluded that faulty information the RCMP passed to the Americans very likely led to the Ottawa telecommunications engineer’s traumatic detention.

O’Connor recommended that information never be provided to a foreign country where there is a credible risk it will cause or contribute to the use of torture.

Critics say the recent federal directives on information sharing are squarely at odds with that recommendation.

It would have been easy to write a policy that conforms with it, Neve said.

“Analyze the situation. If you think that sharing this information is likely to contribute to torture abroad, don’t do it.”

The Canadian Press
Posted:Apr 13, 2014 1:29 PM ET
Last Updated:Apr 13, 2014 1:29 PM ET

Find this story at 13 April 2014

© The Canadian Press, 2014

CSEC and Brazil: “Whose interests are being served”? (2013)

Amusing to see both NaPo and the G&M hosting remarks from former CSIS deputy director Ray Boisvert dismissing the recent Snowden/Greenwald docs which revealed CSEC spied on Brazil’s Mines and Energy Ministry.

Snowden was present at the Five Eyes conference where the CSEC presentation on their Olympia spying program on Brazil took place.

Boisvert in both papers:

“We were all too busy chasing bad guys who can actually kill people. The idea that we spend a lot of time, or any time at all, on a country like Brazil is pretty low margin stuff, not likely to happen.”

The docs probably only represent “a war gaming exercise,” says Boisvert:

“They have to do paper exercises and say, ‘OK, let’s say our target in counter-terrorism lives in Mali and we have to go up against the Malian telecommunications system.’ They’ll go look at another country and say, ‘OK, well they have a similar network so let’s do a paper exercise and say ‘what do we need?’” he said. ‘I think that’s all this was.’”

Because when you’re “busy chasing bad guys who can actually kill people” and stuff, naturally your anti-terrorism war games will entail a cyber-espionage program searching for corporate secrets in a country where 40 of your own country’s mining corporations are operating.

Wouldn’t have anything to do with looking for info on Brazil wanting to block a Canadian mining company from opening the largest open pit gold mine in Brazil, would it? Brazilian prosecutors say the company has failed to study the impact on local Indian communities and has advertised on its own website “plans to build a mine twice the size of the project first described in an environmental assessment it gave state officials.”

Ok, foreign media. The Guardian, today:

Canadian spies met with energy firms, documents reveal

“The Canadian government agency that allegedly hacked into the Brazilian mining and energy ministry has participated in secret meetings in Ottawa where Canadian security agencies briefed energy corporations.

According to freedom of information documents obtained by the Guardian, the meetings – conducted twice a year since 2005 – involved federal ministries, spy and police agencies, and representatives from scores of companies who obtained high-level security clearance.

Meetings were officially billed to discuss ‘threats’ to energy infrastructure but also covered ‘challenges to energy projects from environmental groups,’ ‘cyber security initiatives’ and ‘economic and corporate espionage.’

The documents – heavily redacted agendas – do not indicate that any international espionage was shared by CSEC officials, but the meetings were an opportunity for government agencies and companies to develop ‘ongoing trusting relations’ that would help them exchange information ‘off the record,’ wrote an official from the Natural Resources ministry in 2010.”

Thank you, Enbridge, for providing the snacks for the one in May 2013.

“Keith Stewart, an energy policy analyst with Greenpeace Canada, said: ‘There seems to be no limit to what the Harper government will do to help their friends in the oil and mining industries. They’ve muzzled scientists, gutted environmental laws, reneged on our international climate commitments, labelled environmental critics as criminals and traitors, and have now been caught engaging in economic espionage in a friendly country. Canadians, and our allies, have a right to ask who exactly is receiving the gathered intelligence and whose interests are being served.’”

Good question. And did no Canadian media request these same FOIs?

You know, I think I blogged about government security briefings to energy companies a few years ago — I’ll see if I can find it.

Meanwhile, would be interesting to hear Boisvert’s explanation as to why the CSEC logo appeared on another NSA doc about intercepting phone calls and emails of ministers and diplomats at the 2009 G20 summit in London.

More “paper exercises”? Filling in an empty spot on the page while chasing bad guys?

And re the recent NSA spying on Brazil PM Dilma Rousseff and the state oil company Petrobras: Did CSEC help out its Five Eyes partner there too?

Back in 1983, CSEC spied on two of Margaret Thatcher’s cabinet ministers on behalf of Thatcher and Britain’s spy agency GCHQ, so this wouldn’t exactly be new territory for CSEC.

Fun fact : The annual report on CSEC produced by its independent watchdog commissioner must first be vetted by CSEC “for national security reasons” before it can be released.

P.S. I pillaged the CSEC slide at top from Lux ex Umbra, where you can view the rest of them.

Posted by admin on October 10, 2013 · Leave a Comment
By Alison@Creekside

Find this story at 10 October 2013

Copyright © 2013

Stateroom

STATEROOM sites are covert SIGINT collection sites located in diplomatic facilities abroad. SIGINT agencies hosting such sites include SCS (at U.S> diplomatic facilities), Government Communications headquarters or GCHQ (at British diplomatic facilities), Communication Security Establishments or CSE (at Canadian diplomatic facilities), and Defense Signals Directorate (at Australian diplomatic facilities). These sites are small in size and in the number of personnel staffing them. They are covert, and their true mission is not known by the majority of the diplomatic staff at the facility where they are assigned.”

Find this story at 27 October 2013

Canada’s electronic watchers enjoy secrecy second to none

Unlike in Britain and the United States, Parliament is not involved in holding Canada’s intelligence gathering agency to account.

Creepy truth: American spies with access to everyone’s data do occasionally succumb to the urge to snoop illegally through their love lives, peering into the private communications of former paramours.
Creepier truth: if you’re Canadian, you have no way of knowing whether one of your own spies does it to you.
Hypothetically, they don’t. Legally, they can’t. But that’s the problem, say critics of the fast-growing Communications Security Establishment Canada (CSEC), the Ottawa agency that scours global telephone logs, email and Internet trails for worrisome patterns — with CSEC it’s all hypothetical because Canada’s electronic watchers enjoy a secrecy second to none.
Nearly six months after former computer specialist Edward Snowden began tearing back the curtain on America’s National Security Agency with a series of stunning disclosures about the true extent of U.S. mass surveillance, Canada’s CSEC remains a silent bystander.
Apart from a single report by journalist Glenn Greenwald accusing CSEC of eavesdropping on Brazil’s mining and energy ministry, Canada’s electronic spies have thus far escaped the brunt of Snowden’s cascading disclosures.
That’s good, right? Sure it is. But it also leaves Canadians, including Parliament, almost completely in the dark on what the underscrutinized CSEC actually does, even as outraged Americans and Britons shine a bright light on — and mobilize to change — the ways their own governments consume private data.
“Canadians who think they are in the clear on these ongoing scandals need to grasp that we are the ones who need the debate the most,” said Ron Deibert, director of the University of Toronto’s Citizen Lab.
“The Canadian checks and balances just aren’t there. We have no parliamentary oversight of CSEC, no adequate independent entity to watch the watchers and act as a constraint on misbehaviour. It just doesn’t exist now.
“It’s not a question of people shrugging and saying, ‘Well, I’ve got nothing to hide.’ The real problem is oversight — and the potential for abuse if left unchecked.”
It’s an idea that even CSEC’s former chief, John Adams, concedes would be helpful.
Adams doesn’t think “oversight” is realistic, but supports the robust “review” of CSEC’s activities and sees the value in having a committee of security-cleared parliamentarians “fully briefed on what CSEC is doing.
“It would be an opportunity for them to provide feedback and observations and raise concerns perhaps about what CSEC is doing and CSEC could also use that forum as an opportunity to talk about what they might be doing or consider doing or to bounce off of them some thoughts,” said Adams.
“It would be an opportunity for (Parliament) to have some public debate but it would be a limited public debate because they’d have to be sworn to secrecy.”
This review does exist in the United States, though many argue the checks and balances have been abused and subverted in light of Snowden’s NSA disclosures.
Yet in the U.S., as the scandal grew, so too did Congressional scrutiny, with American politicians like Sen. Ron Wyden of Oregon leading the pushback against secrecy.
A case in point came in August, when the leak of a top-secret document revealed the NSA broke privacy rules and overstepped its legal authority thousands of times a year after 2008, when the agency was granted broad new powers by Congress.
Most of the violations were “unintentional,” but that sparked congressional queries for details on cases involving wilful misconduct by NSA spies. As pressure mounted, the NSA took the extraordinary measure of a public statement, acknowledging that a handful of its officers had used the agency’s enormous eavesdropping power to spy on romantic interests.
Those instances, though rare, were common enough to warrant their own spycraft label — LOVEINT, or “love intelligence.” Most of the officials involved resigned, were dismissed or were demoted to a lower pay grade with limited security clearance, the agency said.
But that’s only one piece of a much broader debate taking place in Washington, as two competing pieces of legislation emerge with the intent to rein back NSA powers and place congressional checks and balances on a stronger footing. An important element of that debate is whether America’s massive metadata effort — the gathering up of the entire haystack of phone and Internet communications — is worth the cost.
These questions are hardly ever asked north of the border, even though Canada is a partner in the so-called Five Eyes, sharing intelligence-gathering chores alongside the U.S., Britain, Australia and New Zealand.
Little is known of what that entails, precisely, although the Globe and Mail penetrated one layer of the CSEC bubble in June. The newspaper disclosed that a secret Canadian metadata surveillance program first launched in 2005 under then-prime minister Paul Martin was frozen amid privacy concerns, only to be reinstated in 2011 under new rules.
Hundreds of pages of records on the program, obtained through Access to Information requests, came back with large passages blacked out on grounds of national security, the Globe reported.
The lone watchdog agency overseeing CSEC, the Office of the CSE Commissioner, has given its blessing to the metadata program. But critics say the office and its staff of eight, which until recently received its funding directly from the Department of National Defence, as does CSEC, remains too close to Canada’s security establishment to effectively safeguard privacy concerns.
Once a year CSEC’s watchdog reports to Canadians. But far more often, it reports secretly to the defence minister with recommendations for adjustments in how CSEC conducts its business. In his most recent public report, released in August, outgoing commissioner Robert Decary ended his three-year term proclaiming that all activities complied with Canadian law with the exception of “a small number of records (which) suggested the possibility that some activities may have been directed at Canadians, contrary to the law . . . I was unable to reach a definitive conclusion.”
Decary, in a final assessment of his time as CSEC watchdog, wrote that he saw little value in a confrontational relationship. “With my years of experience, I see the office more CSEC’s conscience than as a sword of Damocles,” he wrote.
But even Decary nudged Canada’s spymasters toward greater openness, writing that “I believe that the ice has been broken and that the security and intelligence agencies understand they can speak more openly about their work without betraying state secrets or compromising national security.
“The greater the transparency, the less skeptical and cynical the public will be.”
University of Ottawa scholar Wesley Wark, who specializes in national security and the history of intelligence agencies, says the CSEC watchdog is simply not enough.
Unlike Britain and the United States, Canadian oversight leaves a “gaping hole . . . a big gap” because Parliament is not involved in holding intelligence agencies to account as Adams suggested, Wark told The Star.
The issue has simmered for years, said Wark, with failed attempts, most recently in 2005, to create a British-style Committee of Parliamentarians on National Security.
But oversight actually grew worse in 2011, said Wark, when CSEC was deemed an independent agency within the Department of National Defence, effectively eliminating a requirement to report to the national security adviser and Privy Council office. “It took that away entirely,” said Wark, “and put it all within (DND), where it’s very easy for CSEC to disappear down its secret hole.
“There’s a question about who is really in charge and who’s deciding to apportion CSEC resources in terms of current operations,” he said.
Among the key questions Wark says remain unanswered is how much bang CSEC gets for its buck. And whether, in Canada’s haste to satisfy the obligations of its Five Eyes commitments, we sell Canadian interests short.
Deibert, who this year published Black Code: Inside the Battle for Cyberspace, argues that while parliamentary oversight remains an admirable goal, the evolving issue of privacy-versus-surveillance warrants something more ambitious.
“I would go further: There needs to be somebody who is not part of Ottawa culture, who is adversarial, something with the authority and credibility of the Privacy Commission’s office,” said Deibert.
“Parliamentary oversight is necessary. But you also need oversight that doesn’t depend on favours or look through the lens of partisan politics.
“I just don’t think, as a society, Canada has caught up with the epochal scope of what has changed in the last 10 years. We’ve gone through the most profound transformation in how we communicate. Mobile and broadband technologies have turned us inside out — and at the same time these Cold War agencies are now turning their gaze inwards on us.
“It’s no longer spy-versus-spy and concern over foreign states with nuclear weapons. Now it’s about somebody blowing themselves up in a shopping mall. And so the threat model has turned toward all of society.”
Canada’s security agencies cannot do their jobs in total transparency, of course. Some degree of secrecy is crucial. But that is no hindrance, if a committee of Parliament were to be vetted and cleared — a commonplace practice in other jurisdictions — and thus able to absorb firsthand the full heft of CSEC activities.
But if CSEC’s critics and former bosses agree on at least some increased scrutiny, Adams doesn’t buy into all the Snowden hype. He shrugs, for example, at the furor that followed October’s disclosure of U.S. eavesdropping on German Chancellor Angela Merkel’s cellphone.
“Every leader in the world knows that people would love to know what they’re thinking, where they’re heading . . . anyone who doesn’t think that is happening is in never-never land,” Adams said.
“It’s not illegal but it’s embarrassing. There are 12 rules and 11 of them are, ‘Don’t get caught.’ ”

By: Mitch Potter Washington Bureau, Michelle Shephard National Security
Reporter, Published on Sat Nov 09 2013

Find this story at 9 November 2013

© Copyright Toronto Star Newspapers Ltd. 1996-2013

Canadian embassies eavesdrop, leak says

A new leak suggests that Canada is using some of its embassies abroad for electronic-eavesdropping operations that work in concert with similar U.S. programs.

A U.S. National Security Agency document about a signals intelligence (SigInt) program codenamed “Stateroom” was published this week by Germany’s Der Spiegel magazine. The document, a guide to the program, was among material obtained by former NSA contractor Edward Snowden.

“STATEROOM sites are covert SIGINT collection sites located in diplomatic facilities abroad,” the leaked document says. “SIGINT agencies hosting such sites include … Communication Security Establishments [sic] or CSE (at Canadian diplomatic facilities).”

The leaked document does not give the locations of the alleged listening posts. It says that, in general, such surveillance equipment is often concealed “in false architectural features or roof maintenance sheds” atop embassies. “Their true mission is not known by the majority of diplomatic staff at the facility,” it adds

A Parliamentarian who on Tuesday introduced a motion to increase scrutiny of federal intelligence agencies said the document shows Canadians do not know enough about the Communications Security Establishment Canada (CSEC).

“We really don’t know what they’re up to,” said Jack Harris, the NDP’s long-serving defence critic. “… We’re dealing with the secret work of spies and intelligence and whether what is being done is what ought to be done.”

Government representatives at CSEC and Foreign Affairs declined to comment directly on the leak. A spokeswoman for Defence Minister Rob Nicholson, who gives CSEC its direction, also declined to comment.

In 1995, former CSEC employee Mike Frost wrote in his memoir, Spyworld, that he set up “listening posts” at Canadian embassies. His book says CSEC signals intelligence technicians during the Cold War were funded and mentored by NSA counterparts who taught them how to conceal a piece of spy machinery inside what appeared to be an office safe.

One 1972 caper recounted in the book involved agents cutting a five-foot satellite dish into 12 wedges and smuggling the equipment into Moscow before reassembling it in the attic of the Canadian embassy there. Reports were then passed back to Canada in diplomatic bags, according to the book. It was a standard courtesy for CSEC to turn off its listening gear in Moscow when important British or U.S. allies visited, according to Spyworld.

Newly leaked material indicates that close partnerships still exist among the so-called “Five Eyes” – the alliance of intelligence agencies from English-speaking countries that agree not to spy on each other while collecting intelligence on just about everybody else.

The Five Eyes agencies may have teamed up to spy on BlackBerrys belonging to foreign diplomats at a 2009 meeting of the G20 in London, according to a previously published leak from Mr. Snowden, who now lives in Moscow as the United States seeks to arrest him on espionage charges.

According to the Stateroom document, Britain, Canada, the United States and Australia still run interrelated surveillance operations from their embassies. (New Zealand, the fifth “eye,” is not mentioned.)

“It’s not surprising, but it is certainly significant that it is disclosed,” said Wesley Wark, a Canadian professor who specializes in intelligence matters. “… There is still great value in having close access to telecommunications around the world, particularly if you are interested in cellphone communications.”

Mr. Wark’s point about “close” spying contrasts with a more far-reaching 21st century surveillance methodology highlighted earlier this month.

A leaked 2012 presentation showed that CSEC officers analyzed communications flow around Brazil’s energy ministry. This suggests CSEC has access to vast databases of previously logged global telecommunications traffic – giving the agency a very far reach in determining which telephones and computer servers in the world might yield the most intelligence for Canada.

COLIN FREEZE
The Globe and Mail
Published Tuesday, Oct. 29 2013, 11:59 AM EDT
Last updated Tuesday, Oct. 29 2013, 9:54 PM EDT

Find this story at 29 October 2013

© Copyright 2013 The Globe and Mail Inc.

Five reasons our international eavesdropping isn’t worth the cost

Few things can get a government leader into hot water with important international partners faster than getting caught intercepting their mail, literally or electronically, as both President Barack Obama and Prime Minister Stephen Harper can attest. Similarly, few things can be as seductive to government officials as intelligence, and few things more politically risky. What governments can do technologically should not dictate what they will do politically; capacity unbounded by a well-managed overarching political strategy can lead to errors in judgment with serious and far-reaching consequences.

The reality is that the value of intelligence can be, and frequently is, over-rated.

The revelations by Edward Snowden keep coming, undermining trust in the United States among its allies. The U.S. National Security Administration, one of reportedly 15 American intelligence agencies with an estimated cumulative budget of $75-billion, has been outed for gathering data from friend and foe alike. In France, the NSA apparently vacuumed up 70 million digital communications in a single month. In Spain, the number was reportedly 60 million electronic communications. The United Nations Secretary General has been a target as have Mexico’s current and former presidents and the German Chancellor. The Germans, who long endured the espionage predations of the old East German Stasi, and who considered themselves a steadfast ally of Washington, are particularly distressed that Chancellor Angela Merkel has been an NSA target.

What kind of ally would bug the German Chancellor’s mobile phone for a decade? In what respect exactly was Chancellor Merkel a security risk to the Americans? If Presidents Bush and Obama wanted to know what she thought, why did they not just pick up the phone and ask her, or meet with her at any of the numerous summits they attended together? The alleged bugging of the communications of 34 other leaders around the world that Mr. Snowden claims happened will doubtless produce more unhappy surprises. In Brazil the United States was revealed to be spying both on the communications of President Dilma Rouseff and on the Brazilian national oil company Petrobras. Meanwhile, Canada’s Communications Security Establishment was revealed to be spying on the Brazilian Ministry of Mining and Energy.

The repercussions are potentially very serious. The sheer scale of electronic eavesdropping and the impudence with which it is undertaken have hit nerves worldwide. Consumers in this digital age, who paradoxically are more ready to tolerate the pervasive incursions of foreign corporations into their lives than the snooping of foreign governments, are up in arms. Allied governments, whose outrage appears partly but not wholly tactical, are threatening a range of retaliations. The European Parliament has sent a delegation to Washington seeking explanations. The Germans, who want to be removed from the NSA targets list, as do others, have dispatched their intelligence chiefs to Washington this week to seek cooperation.

Meanwhile, the European Union parliament is threatening to delay U.S.-EU free trade negotiations and contemplating privacy legislation that would force American internet companies like Google and Yahoo on the pain of heavy fines to get EU approval before complying with U.S. warrants seeking e-mails and search histories of EU citizens. Germany and Brazil are promoting a resolution at the UN that would call on states to respect privacy rights under the 1976 International Covenant on Civil and Political Rights particularly as regards the extraterritorial surveillance of private communications of citizens in foreign jurisdictions. Perhaps the most significant cost of the Snowden revelations is that American (and Canadian) policy to promote multi-stakeholder governance of the Internet and to limit its regulation by governments is in serious jeopardy. NSA meta-data dragnets around the world have made the case for greater national control of the Internet more persuasively than the Chinese, Russians and Iranians ever could. Meanwhile, Deutsche Telekom among others is launching a new encrypted service using only data centres located on German soil. The Balkanization of the Internet looms.

The gap between American words and American deeds has grown too wide for foreign governments and their publics to ignore. This week’s protestations by American leaders that American spying saves lives, including European lives, are seen as self-serving piffle. No lives were at stake in the German Chancellor’s office, nor were there any terrorists, as one Brazilian legislator observed, at the bottom of any Brazilian oil well. The excuse that ”they all do it” is equally unpersuasive. Although the French Direction Générale de la Sécurité Extérieure, the German Nachtrichtendienst and the Brazilian Agência Brasileira de Inteligência do do it, the point is not who else is dissembling but how effective intelligence is and at what political, financial and moral costs it is purchased. In Washington, after initially blowing off others’ concerns, the Obama administration and Congress are having second thoughts about the wisdom of spying on allies.

Here are five lessons we can draw from all this for Canada.

First, secrets are hard to keep in the digital world. The intelligence leadership and their political masters should presume that they will see their decisions on The front page of the Globe and Mail one day.

Second, intelligence is a means not an end, and not all its purposes – national security, counter-terrorism, communications security, commercial secrets and economic advantage – are equally compelling. Mature judgment is a must if sound decisions are to be made about the risks that are worth running – or not. For example, at a time when our Governor-General, Prime Minister, Foreign Minister, Trade Minster and other ministers had visited Brazil to court the government, was it really worth spying on the Brazilian Ministry of Energy and Mines, as we are alleged to have done?

Third, membership in the Five Eyes intelligence-sharing group (the US, UK, Canada, Australia and New Zealand), which dates from the end of the Second World War, entails costs as well as benefits and needs to be kept under sober review. Rubbing shoulders with the American intelligence community can be intoxicating, a poor condition in which to make important judgments.

Fourth, intelligence can be and frequently is over-rated. Spending on intelligence and diplomacy needs to be re-balanced. While intelligence operates beyond the pale of international law, diplomacy is both legally sanctioned and uncontroversial, and effective, in its creation of trusting relationships, effective. It does not make sense at a time when intelligence expenditures have grown dramatically, and CSEC is erecting a billion-dollar building in Ottawa, that the Foreign Affairs department is selling off assets abroad to cover a shrinking budget.

Fifth, leadership matters. The key challenge is not so much to do things right as it is to do the right things. Oversight to ensure that Canadian laws are not being broken is important and needs reinforcement, but coherent, strategic policy leadership that ensures that the intelligence tail never wags the foreign policy dog is crucial. Technological capacity should never trump political judgment.

The Globe and Mail
Paul Heinbecker
Wednesday, October 30, 2013

Find this story at 30 October 2013

© Copyright 2013 The Globe and Mail Inc.

Canadian embassies in U.S.-led spying efforts: Der Spiegel documents; Documents leaked by Snowden say CSEC took part in spying

Canadian Prime Minster Stephen Harper responds to questions as German Chancellor Angela Merkel looks on during a joint news conference on Parliament Hill, in Ottawa, Thursday August 16, 2012.
Photo: THE CANADIAN PRESS/Fred Chartrand
comment

Canadian embassies have been used to house equipment that collected signals intelligence as part of a U.S.-led spying effort, according to documents reportedly leaked by whisteblower Edward Snowden.

German news magazine Der Spiegel published a series of documents provided by Snowden, a former contractor of the National Security Agency (NSA), that detail a surveillance program codenamed “Stateroom.” According to Der Spiegel, the NSA together with the CIA placed secretive eavesdropping stations at diplomatic outposts to collect signals intelligence, also known as SigInt, on the host countries.

At U.S.-owned facilities, this was known as the “Special Collection Service,” according to the documents. However, one leaked page also indicates that Canadian diplomatic facilities were used and suggests that Communications Security Establishment Canada (CSEC) took part in the project.

The document also mentions the use of British and Australian diplomatic facilities. These monitoring stations, according to Der Spiegel, are concealed and typically placed on the upper floors or rooftops of embassies or consulates. The equipment is used to intercept communications, Der Spiegel reported.

“These sites are small in size and in number of personnel staffing them,” the document says. “They are covert, and their true mission is not know by the majority of the diplomatic staff at the facility where they are assigned.”

Der Spiegel notes: “The presence of these spying units ranks among the agency’s best-guarded secrets. After all, they are politically precarious: There are very few cases in which their use has been authorized by the local host countries.”

The documents were published along with stories looking at how the U.S. spies on European countries and specifically Germany. Last week, Der Spiegel reported they had documents showing the U.S. was monitoring German Chancellor Angela Merkel’s mobile phone.

The report caused a diplomatic rift and Merkel’s government summoned the U.S. ambassador seeking answers. U.S. President Barack Obama has said he didn’t know the NSA was monitoring the communications of allied world leaders.

The document mentioning Canadian facilities is a glossary accompanying a Stateroom guide. Canada and CSEC are listed in the definition for “Stateroom sites,” which are “covert SIGINT collection sites located in diplomatic facilities abroad.”

Canada is part of Five Eyes, the name of a sort of allied club of Western countries that has pledged not to spy on one another. Australia and the U.K. — the two other countries named in the document — are also members along with the U.S. and New Zealand. There’s speculation that in the wake of Snowden’s leaks, some countries — like Germany — are going to want to join the club.

As Canadian intelligence blog Lux Ex Umbra points out, a book written by former CSEC employee Mike Frost in 1994 alleged that surveys were done in the 1980s by CSEC to find Canadian embassies suitable for monitoring stations. CSEC has never confirmed that allegation and according to the Canadian Press, will not comment on the latest report in Der Spiegel.

Lauren Strapagiel
Published: October 29, 2013, 4:16 pm
Updated: 2 weeks ago

Find this story at 29 October 2013

© 2013 Postmedia Network Inc.

CSEC aided in U.S.-led spying efforts on diplomats

New revelations indicate that Canada’s ultra-secretive spy agency CSEC may have taken part in U.S.-led efforts to spy on diplomats.

Canada has used diplomatic facilities abroad to house electronic eavesdropping operations allied with American global surveillance programs, according to a recently leaked U.S. document.

A slide presentation leaked to Germany’s Der Spiegel magazine suggests that Communications Security Establishment Canada (CSEC) took part in a broader U.S.-led effort known as “Stateroom” that collect “SigInt” (signals intelligence) from secret installations inside embassies and consulates. Such spying often takes place without the knowledge of the diplomats posted to these missions, the document says.

CSEC could not immediately respond to questions about the leaked document, but generally says it does not break Canadian laws and that it cannot comment on the methods that it uses to collect foreign intelligence.

The document recording Canada’s participation in “Stateroom” was published this week by Der Spiegel magazine in a broader piece about U.S. spying in Germany. The report focused on evidence that Chancellor Angela Merkel’s mobile phone was targeted for surveillance. The disclosure has prompted German officials to openly mull expelling U.S. diplomats.

Relying “mostly” on leaked NSA documents from former U.S. contractor Edward Snowden, Der Spiegel published a leaked “Stateroom Guide” glossary that directly referenced CSEC. On Monday, Canadian blogger Bill Robinson drew attention to the passage on his “Lux Ex Umbra” intelligence blog.

“STATEROOM sites are covert SIGINT collection sites located in diplomatic facilities abroad,” the leaked document says. “SIGINT agencies hosting such sites include … Communication Security Establishments or CSE (at Canadian diplomatic facilities).”

No locations are given for the alleged CSEC outposts in embassies abroad.

The leaked U.S. document goes on to says that such surveillance equipment is concealed – “in false architectural features or roof maintenance sheds” –– and that such operations are highly compartmentalized. “They are covert, and their true mission is not known by the majority of diplomatic staff at the facility where they are assigned.”

Article by Colin Freeze for The Globe and Mail

Find this article at 29 October 2013

© Copyright 2013 The Globe and Mail Inc.

Spy agency won’t say if it uses Canadian embassies; The national eavesdropping agency is refusing to comment on allegations that it mounts foreign operations through Canada’s embassies abroad.

The German magazine Der Spiegel this week cites presentation slides leaked by Edward Snowden, a former contractor with the National Security Agency, CSEC’s American counterpart.
OTTAWA—The national eavesdropping agency is refusing to comment on allegations that it mounts foreign operations through Canada’s embassies abroad.

Lauri Sullivan, a spokeswoman for Communications Security Establishment Canada, says the agency does not comment “on our foreign intelligence collection activities or capabilities.”

German magazine Der Spiegel says Canada is using diplomatic facilities to support surveillance operations in league with key allies the United States, Britain and Australia.

Word of the Canadian reference — first reported by blogger Bill Robinson, who closely tracks CSEC — came as the NDP unsuccessfully sought support in the House of Commons to create a parliamentary committee that would look into stronger oversight for the intelligence community.

The magazine report published this week cites presentation slides leaked by Edward Snowden, a former contractor with the National Security Agency, CSEC’s American counterpart.

One slide indicates the Canadian spy agency hosts “Stateroom” sites — a term for covert signals-intelligence gathering bases hidden in consulates and embassies.

“These sites are small in size and in number of personnel staffing them,” says the slide. “They are covert, and their true mission is not known by the majority of the diplomatic staff at the facility where they are assigned.”

Der Spiegel alleges that the U.S. NSA, Britain’s Government Communications Headquarters and Australia’s Defense Signals Directorate also host such covert stations, with equipment installed on rooftops or upper floors of embassy buildings — protected from view by screens or false structures.

It’s just the latest of several references to the Ottawa-based spy service in Snowden’s cache of leaked materials.

Earlier documents suggest Canada helped the U.S. and Britain spy on participants at the London G20 summit four years ago. Britain’s Guardian newspaper published slides describing the operation, including one featuring the CSEC emblem.

More recently, Brazil demanded answers following accusations CSEC initiated a sophisticated spy operation against the South American country’s ministry of mines and energy.

CSEC, tasked with gathering foreign intelligence of interest to Canada, has a staff of more than 2,000 — including skilled mathematicians, linguists and computer analysts — and a budget of about $350 million.

The recent revelations — including concerns that CSEC gathers information about Canadians in the course of its foreign spying — have sparked criticism from civil libertarians and opposition politicians.

An NDP motion put forward Tuesday by defence critic Jack Harris called for a special committee to study the intelligence oversight systems of other countries and make recommendations “appropriate to Canada’s unique circumstances.” The committee would have reported its findings by May 30 next year.

The motion quickly went down to defeat. The Conservative government maintains CSEC is already subject to scrutiny by an independent commissioner who has never found an instance of the spy service straying outside the law.

By: Jim Bronskill The Canadian Press, Published on Tue Oct 29 2013

Find this story at 29 October 2013

© Copyright Toronto Star Newspapers Ltd. 1996-2013

Slides reveal Canada’s powerful espionage tool

Security experts say that Canadian intelligence has developed a powerful spying tool to scope out and target specific phones and computers so as to better set up hacking and bugging operations.

The outlines of the technology are contained in the slides of a PowerPoint presentation made to allied security agencies in June, 2012. Communications Security Establishment Canada (CSEC) called the tool “Olympia,” showing how its analysts sifted through an immense amount of communications data and zeroed in on the phones and computer servers they determined merited attention – in the demonstration case, inside the Brazilian Ministry of Energy and Mines.

Within weeks, CSEC figured out who was talking to whom by plugging phone numbers and Internet protocol addresses into an array of intelligence databases. In this way it “developed a detailed map of the institution’s communications,” Paulo Pagliusi, a Brazilian security expert who examined the slides, told The Globe.

The slides are part of a large trove of documents that have been leaked by Edward Snowden, the former contractor with the U.S. National Security Agency (NSA) whose disclosures have set off a debate over whether the agency has improperly intruded on the privacy of Americans. Other disclosures have raised questions about its spying on foreign governments, sometimes with the assistance of allied intelligence agencies.

The Globe and Mail has collaborated with the Brazil-based American journalist Glenn Greenwald, based on information obtained from the Snowden documents. Mr. Snowden, who went into hiding in Hong Kong before the first cache of NSA documents was leaked, has been charged by the United States with espionage and theft of government property. Russia has granted him temporary sanctuary.

Canadian officials declined to comment on the slides. Responding to an e-mail requesting comment on whether Canada co-operated with its U.S. counterpart in tapping into Brazilian communications, CSEC spokesman Andy McLaughlin said the agency “cannot comment on its foreign intelligence activities or capabilities.” Prime Minister Stephen Harper said earlier this month that he is “very concerned” about reports CSEC focused on the Brazil ministry.

Any ability to sift through telecommunications data for specific leads can be valuable for electronic-eavesdropping agencies, especially the capacity to map out – without necessarily listening into – an organization’s Internet or voice communications. This, in turn, can help isolate specific devices for potential hacking operations. By developing “Olympia” as a method for doing just this, Canada added to its spymasters’ toolkit.

The PowerPoint presentation by CSEC was first reported by Brazil’s Fantastico TV program, which earlier reported the NSA spying, in conjunction with Mr. Greenwald. Brazilian officials expressed outrage at the United States, but their criticism of Canada was more fleeting. They say they now intend to put public employees on an encrypted e-mail system.

The CSEC presentation – titled Advanced Network Tradecraft – described a technological reconnaissance mission aimed at the Brazilian energy ministry in April and May of 2012. According to the presentation, the agency knew very little about the ministry going in, apart from its Internet domain name and a few associated phone numbers. The presentation never makes clear CSEC’s intentions for targeting the Brazilian ministry.

The leaked slides also suggest Canada sought to partner with the NSA, with one slide saying CSEC was “working with TAO to further examine the possibility” of a more aggressive operation to intercept Internet communications.

“TAO” refers to “tailored access operations,” said Bruce Schneier, a privacy specialist for the Berkman Center for the Internet and Society at Harvard. “It’s the NSA ‘blackbag’ people.” (A “blackbag job” refers to a government-sanctioned break-and-enter operation – hacking in this case – to acquire intelligence.)

It is not clear whether CSEC or the NSA followed up with other actions involving the Brazilian ministry.

COLIN FREEZE AND STEPHANIE NOLEN
WASHINGTON and RIO DE JANEIRO — The Globe and Mail
Published Saturday, Oct. 19 2013, 8:00 AM EDT

Find this story at 19 October 2013

© Copyright 2013 The Globe and Mail Inc.

Brazil spying allegations part of a ‘war game scenario,’ former official says

A former high-ranking member of Canada’s spy service says he suspects the leaked documents that purport to show Ottawa was spying on Brazil are in fact part of a pretend “wargame scenario.”

“There’s no smoking gun here. It’s again more little snippets and snapshots from the Snowden revelations; they actually mislead more than they inform,” says Ray Boisvert, until last year a deputy director of the Canadian Security Intelligence Service.

“I don’t believe it’s likely Brazil was targeted.”

A Brazilian television report on Sunday said Canada’s electronic eavesdropping agency, the Communication Security Establishment Canada (CSEC) targeted the ministry that manages the South American nation’s vast mineral and oil resources. The report was based on documents leaked by former U.S. National Security Agency contractor Edward Snowden.

Mr. Boisvert, who left the Canadian Security Intelligence Service in 2012, said the top priority for CSIS and CSEC is counter-terrorism. The directive from on high was national security, not infiltrating a Brazilian government department of mining.

“When I worked there, very closely with CSEC and I was a top-line operational leader, we were all too busy chasing bad guys who want to kill people,” the former CSIS official said.

“At the end of the day CSIS and CSEC have a mandate to go after foreign powers if those are acting in a way that’s inimical to our interests, so the poster child for that would be Iran. Everything from nuclear proliferation to state-sponsored terror,” he said.

“Brazil seems highly unlikely to me,” Mr. Boisvert said.

He said one regular practice of security organizations, however, is war-gaming.

“I’m more inclined to think that this is probably a case of a hypothetical scenario,” Mr. Boisvert said.

“CSEC does war gaming just like the military and in their case they look at [computer] networks. Before they go after a target, they will play a game on paper,” he said.

“I have got a funny feeling that is all Snowden has: is just that exploratory war game piece saying ‘OK, what would we do, boys and girls, if we had to do this?’ ”

When pressed Monday for comment on allegations that CSEC spied on Brazilians, the Harper government gave repeated indirect answers to the question, saying the CSE does not conduct surveillance on Canadians.

“This organization cannot and does not target Canadians under Canadian law,” Defence Minister Rob Nicholson said.

Canadians and Brazilians are both working on a United Nations peacekeeping mission in Haiti and Mr. Nicholson rejected the suggestion the revelations might hurt relations between Canada and Brazil.‎ “I believe our collaboration and friendship will continue,” Mr. Nicholson said.

“It’s wise not to get involved with commenting on foreign intelligence gathering activities and so I don’t do that.”

Mr. Boisvert said he assumes the Canadian government is reaching out to Brazil to explain what really happened.

STEVEN CHASE
OTTAWA — The Globe and Mail
Published Monday, Oct. 07 2013, 1:12 PM EDT

Find this story at 7 October 2013

© Copyright 2013 The Globe and Mail Inc.

Charges that Canada spied on Brazil unveil CSEC’s inner workings

Leaked documents showing that Canada’s electronic intelligence-gathering agency targeted the Brazilian government threaten to disrupt relations between the countries – and thrust the secretive CSEC into the public spotlight.

On Sunday night, Brazil’s flagship Fantastico investigative program on the Globo television network revealed leaked documents suggesting that Communications Security Establishment Canada (CSEC) has spied on computers and smartphones affiliated with Brazil’s mining and energy ministry in a bid to gain economic intelligence.

The report, attributed to documents first obtained by the former U.S. government contractor Edward Snowden, includes frames of a CSEC-earmarked presentation that was apparently shared with the United States and other allies in June, 2012.

“Brazilian Ministry of Mines and Energy (MME),” a title page of the leaked case study reads. “New target to develop.”

The presentation then rhetorically asks “How can I use the information available in SIGINT [signals-intelligence] data sources to learn about the target?” before delving into specific hacking techniques.

The documents were part of a collaboration with Globo by Glenn Greenwald. The Rio de Janeiro-based journalist and confidante of Mr. Snowden has spent the past four months steadily disclosing a treasure trove of leaked materials recording the electronic eavesdropping practices of the United States and its allies.

Washington has been reeling from the disclosures. In Brazil, they have caused the most serious rift between the two nations in years – after the first revelations about NSA espionage were made last month, Brazilian president Dilma Rousseff canceled an official state visit to Washington; it was to be the first in 18 years and was intended to showcase the growing economic and political ties between the two countries. Instead Ms. Rousseff went to the UN General Assembly where she complained of “totally unacceptable” U.S. spying in her country. She gained a considerable bump in personal approval ratings after lashing out at the U.S. over the NSA activity, which has elicited a reaction of deep offense from many Brazilians.

***

http://www.theglobeandmail.com/news/world/five-highlights-from-the-canada-brazil-spying-revelations/article14721506/

Five highlights from the Canada-Brazil spying revelations Add to

GLOBE STAFF

The Globe and Mail
Published Monday, Oct. 07 2013, 11:02 AM EDT

Canada’s signals-intelligence agency has been spying on Brazil’s Mines and Energy Ministry, according to documents the former U.S. government contractor Edward Snowden leaked to Brazil’s Globo television network.

Globo obtained a copy of a slide presentation made by someone at the Communications Security Establishment Canada (CSEC). The document was shown at a June 2012 gathering of members of the “Five Eyes,” the signals-intelligence alliance of Canada, the United States, Britain, Australia and New Zealand.

Here are some highlights that can be gleaned from the slides:

1. Using a program called Olympia, CSEC took aim at Brazil’s Ministry of Mines and Energy, describing it as a “new target to develop” despite “limited access/target knowledge.”

2. One of the slide shows that CSEC focused on ministry portable devices and was able to identify their carriers (such as Brasil Telecom S.A. or Global Village Telecom), the kind of hardware being used (for example a Nokia 3120 or an Android-based Motorola MRUQ7) and metadata about where calls were placed, in countries such as Peru, Venezuela, Poland, Singapore, Great Britain.

Another slide in the presentation explains how analysts cross-referenced a handset’s SIM card with the network telephone number assigned to it and the handset’s unique number (IMEI).

3. CSEC metadata collection included calls made from the Ministry of Mines and Energy to the Brazilian embassy in Peru and the head office of OLADE, the Latin American Energy Organization, in Quito, Ecuador.

One slide titled showed how the Canadians connected an IP addresses assigned to the ministry to e-mail communications with Canada, Eritrea, Saudi Arabia, Thailand, Afghanistan, Jordan and South Africa.

4. Another phone monitored by CSEC belonged to Paulo Cordeiro de Andrade Pinto, a career diplomat who was ambassador to Canada from 2008 to 2011, and is now Brazil’s Under Secretary for Middle East and Africa.

5. CSEC’s next step was going to be the collection of e-mails and cooperation with a hacking specialists working for a secret unit of the U.S. National Security Agency.

“I have identified MX [email] servers which have been targeted to passive collection by the Intel analysts,” says a slide titled “Moving Forward.”

The slide mentions TAO (Tailored Access Operations), an NSA unit specializes in installing spyware and tracking devices and has been reported to have played a role in the hunt for Osama Bin Laden.

“I am working with TAO to further examine the possibility for a Man on the Side operation,” the CSEC slide says, alluding to a form of online eavesdropping.

The impact for Canada of these revelations could be equally grave: they come at a time when Brazil has become a top destination for Canadian exports, when a stream of delegations from the oil and gas industries are making pilgrimages to Rio de Janeiro to try to get a piece of the booming offshore oil industry, and when the Canadian government is eager to burnish ties with Brasilia. Foreign Affairs Minister John Baird visited Brazil in August, and spoke repeatedly about the country as a critical partner for Canadian business.

American lawmakers have introduced several bills that aim to rein in the U.S. National Security Agency’s domestic surveillance programs.

Throughout all this, Canada’s electronic eavesdropping agency has kept a relatively low profile, never before emerging as the central figure in any Snowden-leaked spying program. Although it has existed since the Second World War, CSEC has rarely discussed any of its operations in public.

CSEC has a $350-million budget and 2,000 employees. By law, it has three mandates – to safeguard Canadian government communications and computers from foreign hackers, to help other federal security agencies where legally possible, and to gather “foreign intelligence.”

The federal government is building a new $1-billion headquarters for CSEC on the outskirts of Ottawa.

Given wide latitude by its political and bureaucratic masters to collect what “foreign intelligence” it can, CSEC is exceedingly discreet. The spy agency’s leaders rarely make any public remarks. When they do, they tend only to speak vaguely of the agency’s role in fighting terrorism.

But economic espionage appears to be a business line for CSEC. Former Carleton University Professor Martin Rudner has pointed out that the spy agency started recruiting economists and business analysts in the mid-1990s.

“CSE[C] operations in economic intelligence have gone rather beyond the strictly defensive to also help promote Canadian economic competitiveness,” Mr. Rudner wrote in an essay published in 2000. He added that the spy agency is rumoured to have given the Canadian government a leg up during NAFTA negotiations with Mexico, and also eavesdropped on the 1997 APEC summit.

Mr. Rudner added that Ottawa officials don’t necessarily share with Canadian businesses what CSEC surveillance turns up. Instead, he writes, they “sometimes provide advice and counsel by way of helping to promote Canadian trade, without necessarily revealing their sources in economic intelligence.”

While CSEC’s role in conducting economic espionage has been alluded to before, how it does this job has not. The significance of the documents obtained by Globo in Brazil is that they speak to how “metadata” analysis by CSEC can be used to exploit a rival country’s computer systems.

The CSEC-labeled slides about the “Olympia” program describe the “Brazilian Ministry of Mines and Energy” as a “new target to develop” despite “limited access/target knowledge.”

The presentation goes on to map out how an individual’s smartphone – “target’s handset” – can be discerned by analysis, including by cross-referencing the smartphone’s Sim card with the network telephone number assigned to it and also to the handset’s unique number (IMEI).

The “top secret” presentation also refers to attacks on email servers.

“I have identified MX [email] servers which have been targeted to passive collection by the Intel analysts,” one slide says, without explaining who the speaker is.

The slide suggests the presenter hoped to reach out to American superhackers – the NSA’s “Tailored Access Operations” group – for a more specialized operation: “I am working with TAO to further examine the possibility for a Man on the Side operation.”

A “Man on the Side” operation is a form of interception. According to a recent Guardian column, the NSA has installed secret servers on the Internet that can be used “impersonate a visited Web site” that a target plans to visit. The rerouting of the target’s traffic opens his or her computer or mobile device to invasion by the impersonating website.

The “Top Secret” presentation obtained by Globo is an exceedingly rare disclosure. In Ottawa, CSEC’s employees are sworn to secrecy and visitors to its complex have to check their smartphones, iPads, laptops and memory sticks at the door.

The CSEC-labeled presentation appears to have been shared with the NSA, the agency Mr. Snowden once worked for. He had retained access to the NSA’s data repositories as a security-cleared private contractor, prior to copying reams of material early this year and then flying with it to Hong Kong this summer.

Mr. Snowden leaked the materials to Mr. Greenwald in Hong Kong, prior to flying to Russia to seek asylum. The U.S. government wants to try him on espionage charges.

The leaked “CSEC – Advanced Network Tradecraft” presentation about the Olympia spying program kicks off with an allusion to Greek mythology.

It alludes to how Zeus and his sibling deities waged a 10-year battle to overthrow an older order of gods, known as the Titans. “And they said to the Titans ‘Watch Out OLYMPIAns in the house!” reads a slide in the presentation.

COLIN FREEZE AND STEPHANIE NOLEN
TORONTO AND RIO DE JANEIRO — The Globe and Mail
Published Monday, Oct. 07 2013, 7:14 AM EDT

Find this story at 7 October 2013

© Copyright 2013 The Globe and Mail Inc.

American and Canadian Spies target Brazilian Energy and Mining Ministry

TV Globo’s Fantastico obtains exclusive access to another document leaked by former NSA analyst Edward Snowden

The Plaza of Ministries. The heart of power in Brazil. One of these buildings houses the Ministry of Mines and Energy. On the ground floor, one room is special. Its doors open only to a select few, identified by their thumbprints.
The huge noise in the small room comes from the air conditioning, used to preserve the machines. All of the ministry’s communications go through them – phone calls, e-mail, internet.

They store files with all data on the country’s energy and mineral resources. The room, called The Safe, has steel walls and is disaster-proof. According to the IT specialist, not even a fire or a collapse of the building would harm The Safe. And the protection is not just physical. This is the most secure network on the Plaza of Ministries. It has the same kind of security used by banks, for example. And yet it has been mapped by spies in surprising detail.

The Ministry of Mines and Energy has been targeted by American and Canadian spies.

Fantastico obtained exclusive access to another document leaked by former NSA intelligence analyst Edward Snowden, now exiled in Russia. This document was only identified last week. It was among thousands delivered by Snowden in Hong Kong last June to American journalist Glenn Greenwald, co-author of this story with TV Globo Reporter Sonia Bridi.

Greenwald explains that there are thousands of documents, and it takes time to read, to understand and to make the connections between them.

Over the last ten days, Bridi and Greenwald analyzed and checked the documents with help from specialists in data protection. One presentation showcases the tools employed by the Communications Security Establishment Canada – CSEC.

The target is the Ministry of Mines and Energy of Brazil. This presentation was shown last June at a yearly meeting of analysts from intelligence agencies from five countries. The group is called Five Eyes – the United States, United Kingdom, Canada, Australia and New Zealand. Edward Snowden was present at the conference.

According to Greenwald, the documents are shared so that all are aware of what the others are doing. A computer program called Olympia shows step-b-step how all the ministry’s telephone and computer communications – including e-mails – were mapped.
The caption on one of the slides reveals the aim of the Canadian agency:
“Discover contacts of my target” – the Ministry of Mines and Energy of Brazil.
The result of this monitoring is a detailed map of the Ministry’s communications during a period not specified in the document.

Phone calls made from the Ministry to other countries were used as examples. In Ecuador, the numbers called more often are those of OLADE, the Latin American Energy Organization.
In Peru, the number belongs to the Brazilian Embassy.

Via the internet, the Canadian agency accessed communications between the Ministry’s computers and computers in countries from the Middle East, in South Africa, and in Canada itself.
Information security expert Paulo Pagliusi says He was astonished by the power of these tools. He was specially surprised by the detailed and straightforward way in which the process is explained to intelligence agents, and how thoroughly the Brazilian Ministry’s communications were dissected.

The tool identified cell phone numbers, chip registry and even make and model of the cell phones.
We found out one of them is used by the International Department of the Ministry.
Also by phone, we found another user: Paulo Cordeiro, the former Ambassador of Brazil in Canada, currently posted in the Middle East Department of the Ministry of Foreign Affairs.
Contacted by Fantastico, He declined to comment.

On Friday in Brasilia, the Minister of Mines and Energy, Edison Lobão, considered the issue a very serious one. “This is a grave fact which needs to be condemned. President Dilma Rousseff already has done so strongly at the United Nations,” said Lobão.
In her speech last month at the U.N. General Assembly, President Rousseff declared, “Telecommunication and information technologies cannot become a new battlefield between States.”

President Rousseff herself and Petrobras, the oil company associated with the Ministry, have also been targeted by American spies, as Fantastico has shown exclusively. And both may have been monitored indirectly by accessing the Ministry’s servers.

These servers use private encryption, which means they are protected by a series of codes. One of the servers, for instance, is used to contact the National Oil Agency, Patrobras, Eletrobras, the National Department of Mineral Production and even the President of the Republic. These are State conversations, government strategies which no one should be able to eavesdrop.

Minister Lobão explains that the ministry often contacts different authorities, including the President, by videoconference. “It’s regrettable that all of this is being exposed to espionage.”
Three of the world’s four largest mining companies are based in Canada.

Minister Lobão claims Canada has interests in Brazil, and particularly in the mining sector. “Several Canadian companies have shown interest in our country. Whether that means the aim of this espionage is to boost business for certain groups, I can’t say.”

The main data on Brazil’s mineral reserves is public, and spying is not required to access it.
But the Ministry’s system holds strategic information. Besides Petrobras, the Ministry of Mines and Energy’s network is connected to Eletrobras; the energy research company; the National Electric Energy Agency, which regulates bids for power plant contracts; and the National Oil Agency, in charge of auctions for exploration of the pre-salt layer.

Former Eletrobras President Pinguelli Rosa considers that this information can give a competitive advantage to companies bidding at these auctions. “Whoever knows what will happen beforehand can form partnerships, or estimate the values needed to win the auction and act accordingly. This is not a trifle, it’s a game of billions of dollars.”

Greenwald concludes that the aim of this espionage, which targets a specific ministry of one country, is clearly economic. “That’s what Snowden told me in the interview three months ago in Hong Kong.”

There is no indication in the documents that the content of these communications has been accessed – only who spoke to whom, when, where, and how.

But the author of the presentation makes the next steps very clear: among the actions suggested is a joint operation with a section of the American NSA, TAO, which is the special cyberspy taskforce, for an invasion known as “Man on the Side”.

All incoming and outgoing communications in the network can be copied, but not altered.
It’s like working on a computer with someone looking over your shoulder.
For Minister Lobão, Brazil is obviously the target of an international system of surveillance.
“What kind of damages are we risking, besides the attack on our sovereignty and individual rights? Business issues, for instance. This has not been evaluated yet, and may only surface in the long run.”

The Embassy of Canada in Brasilia declared it does not comment on intelligence and security issues.

The Communications Security Establishment issued a statement declaring that the CSE does not comment on foreign signals intelligence activities.
In another statement, the National Security Agency of the United States declared: “We are not going to comment publicly on every specific alleged intelligence activity, and as a matter of policy we have made clear that the United States gathers foreign intelligence of the type gathered by all nations. As the President said in his speech at the UN General Assembly, we’ve begun to review the way that we gather intelligence, so that we properly balance the legitimate security concerns of our citizens and allies with the privacy concerns that all people share.”

TV Globo – Fantástico
Edição do dia 06/10/2013
06/10/2013 22h39

Find this story at 6 October 2013

© Copyright 2013 Globo Comunicação e Participações S.A.

NSA Documents Show United States Spied Brazilian Oil Giant

One week after revealing USA surveillance of the presidents of Brazil and Mexico, Fantastico brings another exclusive.

One of the prime targets of American spies in Brazil is far away from the center of power – out at sea, deep beneath the waves. Brazilian oil. The internal computer network of Petrobras, the Brazilian oil giant partly owned by the state, has been under surveillance by the NSA, the National Security Agency of the United States.

The spying is confirmed by top secret documents leaked by Edward Snowden, and obtained exclusively by Fantastico. Snowden, an ex-intelligence analyst employed by the NSA, made these and thousands of other documents public last June. He has been given asylum by Russia.
These new disclosures contradict statements by the NSA denying espionage for economic purposes.
saiba mais

The information was found by journalist Glen Greenwald, co-author of this story along with TV Globo Reporter Sonia Bridi, amid the thousands of documents given to him by Edward Snowden in June.

This statement addressed to “The Washington Post” this week highlights that ‘The department does ***not*** engage in economic espionage in any domain, including cyber.'”

However, a top secret presentation dated May 2012 is used by the NSA to train new agents step-by-step how to access and spy upon private computer networks – the internal networks of companies, governments, financial institutions – networks designed precisely to protect information.

The name of Petrobras – Brazil’s largest company – appears right at the beginning, under the title: “MANY TARGETS USE PRIVATE NETWORKS.”

Besides Petrobras, e-mail and internet services provider Google’s infrastructure is also listed as a target. The company, often named as collaborating with the NSA, is shown here as a victim.

Other targets include French diplomats – with access to the private network of the Ministry of Foreign Affairs of France – and the SWIFT network, the cooperative that unites over ten thousand banks in 212 countries and provides communications that enable international financial transactions. All transfers of money between banks across national borders goes through SWIFT.

Names of other companies and institutions on the list were blacked out in order not to compromise operations involving targets linked to terrorism.

Greenwald defends the decision to omit the names. “It’s a question of responsible journalism”, says Greenwald. “These documents contain information regarding spying against terrorists, matters of national security which should not be published, because nobody doubts that the United States, just as any other country, has the right to spy in order to guarantee national security. But there is much more information on spying on innocents, against people who have nothing to do with terrorism, or on industrial issues, which need to be made public.”

The documents are classified as “top-secret”, to be seen only by those named by the Americans as “Five Eyes” – the five countries allied in spying: the United States, Australia, Canada, Great Britain and New Zealand.

The name of Petrobras appears on several slides, as the training goes deeper in explaining how date from the target companies is monitored.

Individual folders are created for each target – and contain all the intercepted communications and IP addresses – the identification of each computer on the network – which should be immune to these attacks.

Paulo Pagliusi has a PhD in information security and has written books on the subject. He analyzed the documents for Fantastico.

“The networks in the presentation all belong to real companies. These are not made-up situations”, says Pagliusi. “Some details stand out. For instance, some numbers were blacked out. Why would they be blacked out if they weren’t real? It’s as if the instructors didn’t want the trainees to see them.”

Pagliusi points to signs that this is part of systematic spying. “You don’t obtain all of this in a single run. From what I see, this is a very consistent system that yields powerful results; it’s a very efficient form of spying,” he says.

Pagliusi concludes that this has been going on for a while: “There’s no place for amateurs in this area.”

The yearly profits of Petrobras are over 280 billion reais – US$ 120 billion. More than the GDP of many countries. And there are plenty of motives for spies to want access to the company’s protected network.

Petrobras has two supercomputers, used mainly for seismic research – which evaluate oil reserves from samples collected at sea. This is how the company mapped the Pre-salt layer, the largest discovery of new oil reserves in the world in recent years.

There is no information on the extent of the spying, nor if it managed to access the data contained in the company’s computers. It’s clear Petrobras was a target, but no documents show exactly what information the NSA searched for. But at any rate, Petrobras has strategic knowledge of deals involving billions of dollars.

For example, the details of each lot in an auction set for next month: for exploration of the Libra Field, in the Bay of Santos, part of the Pre-salt. Whether the spies had access to this information is one of the questions the Brazilian government will have to put to the United States.

Former Petrobras Director Roberto Villa considers this the greatest action in the history of oil exploration. “It’s a very peculiar auction. The auction of an area where we already know there’s oil, there’s no risk”, he says. What no one else should know, Villa says, is which are the richest lots. “Petrobras knows. And I hope only they know.” He considers that such information, if stolen, could give someone an advantage. “Someone would have an edge. If this information was leaked and someone else has obtained it, he would be in a privileged position at the auction. He’ll know where to invest and where not to. It’s a handy little secret.”

Another former Petrobras Director considers this a serious matter. “Commercially, internationally, this means a game with marked cards for some places, some countries, some friends,” says Antonio Menezes.

The Pre-salt oil is found at high seas, at depths of two thousand meters – below a layer of rocky salt, four kilometers below the ocean floor. Reaching this oil requires a lot of technology, and Petrobras is a world leader in deep-sea oil extraction.

Adriano Pires, a specialist in infrastructure, considers that spies could be specially interested in ocean-floor exploration technology. “Petrobras is the world’s number one in drilling for oil at sea. Pre-salt layers exist all around the world – there’s a pre-salt in Africa, in the Gulf of Mexico, in the North Sea. If I have this technology, I can drill for oil anywhere I want,” says Pires.

The NSA presentation contains documents prepared by the GCHQ – the British Spy agency, from a country that appears as an ally of the United States in spying. The British agency shows how two spy programs operate. “Flying Pig” and “Hush Puppy” also monitor private networks which carry supposedly secure information. These networks are known as TLS/SSL.

The presentation explains how data is intercepted, through an attack known as “Man in the Middle”. In this case, data is rerouted to the NSA central, and then relayed to its destination, without either end noticing.

A few pages ahead, the document lists the results obtained. “Results – what do we find?” “Foreign government networks”, “airlines”, “energy companies” – like Petrobras – and “financial organisations.”

TLS/SSL networks are also the security system used in financial transactions, such as when someone accesses their bank account through an ATM. The connection between a remote terminal and the bank’s central goes through a sort of secure tunnel through the internet. No one is supposed to see what travels through it.

Later, the NSA presentation shows in detail how the data of a chosen target is rerouted through spy filters beginning at the very source, until they reach the NSA’s supercomputers.

In this document the NSA names Latin America as a key target of the “SILVERZEPHYR” program, which collects the contents of voice recordings, faxes, as well as metadata, which is the overall information being transmitted in the network.

Last Sunday, Fantastico showed exclusively how the President of Brazil is a direct target of espionage.

On Thursday, President Dilma Rousseff met American counterpart Barack Obama at the G20 Summit in Russia, and she demanded explanations.

“This is what I asked: It’s very complicated for me to learn about these things through the press. I read something one day, then two days later I learn something else, and this goes on piece by piece. I’d like to know what exists (about spying). I want to know what’s going on. If there is something or not, I want to know. Is it real or not? Besides what’s been published by the press, I want to know everything they have regarding Brazil. The word ‘everything’ is very comprehensive. It means all. Every bit. In English, ‘everything’.” – the President told a press conference on Friday.

On the day Rousseff and Obama met, a story published simultaneously by British newspaper The Guardian and the American New York Times revealed that the NSA and the British GCHQ broke the protected communication codes of several internet providers – enabling them to spy on the communications of millions of people, and also on banking transactions.

The story shows that cryptography, the system of codes provided by some internet operators, comes with a built-in vulnerability, inserted on purpose by the NSA, which allows the spies to enter the system, copy, snoop, even make alterations, without leaving footprints. There is also evidence that some equipment put together in the United States comes with factory-installed spying devices.

The “New York Times” says this was done with at least one foreign government that bought American computers. But it does not reveal which government payed to be spied upon.

Lastly, another document obtained by Fantastico shows who are the spies’ clients – who gets the information obtained: American diplomats, the intelligence agencies, and the White House. It proves that spying doesn’t have as its sole purpose the fight against terrorism. On this list of objectives are also diplomatic, political and economic information.

Petrobras declined to comment. President Dilma Rousseff awaits clarifications by the U.S. government later this week.

The NSA has sent a statement attributed to James Clapper, director of National Intelligence, declaring that the agency collects information in order to give the United States and their allies early warning of international financial crises which could negatively impact the global economy and also to provide insight into other countries’ economic policy or behavior which could affect global markets.

The statement also stresses that the collected intelligence is not used “to steal the trade secrets of foreign companies on behalf of – or give intelligence we collect to – US companies to enhance their international competitiveness or increase their bottom line.”

The UK Foreign Office in London and the British Embassy in Brasilia declared they do not comment on intelligence-related issues.

Globo TV – Fantástico
Edição do dia 08/09/2013
08/09/2013 22h52 – Atualizado em 09/09/2013 00h07

Find this story at 9 September 2013

© Copyright 2013 Globo Comunicação e Participações S.A. Política de Privacidade

NSA Spied On Brazil, Mexico Leaders, Glenn Greenwald Says

RIO DE JANEIRO — The Brazilian government condemned a U.S. spy program that reportedly targeted the nation’s leader, labeled it an “unacceptable invasion” of sovereignty and called Monday for international regulations to protect citizens and governments alike from cyber espionage.

In a sign that fallout over the spy program is spreading, the newspaper Folha de S.Paulo reported that President Dilma Rousseff is considering canceling her October trip to the U.S., where she has been scheduled to be honored with a state dinner. Folha cited unidentified Rousseff aides. The president’s office declined to comment.

The Foreign Ministry called in U.S. Ambassador Thomas Shannon and told him Brazil expects the White House to provide a prompt written explanation over the espionage allegations.

The action came after a report aired Sunday night on Globo TV citing 2012 documents from NSA leaker Edward Snowden that indicated the U.S. intercepted Rousseff’s emails and telephone calls, along with those of Mexican President Enrique Pena Nieto, whose communications were being monitored even before he was elected as president in July 2012.

Mexico’s government said it had expressed its concerns to the U.S. ambassador and directly to the U.S. administration.

Brazilian Foreign Minister Luiz Alberto Figueiredo said, “We’re going to talk with our partners, including developed and developing nations, to evaluate how they protect themselves and to see what joint measures could be taken in the face of this grave situation.”

He added that “there has to be international regulations that prohibit citizens and governments alike from being exposed to interceptions, violations of privacy and cyberattacks.”

Justice Minister Eduardo Cardozo said at a joint news conference with Figueiredo that “from our point of view, this represents an unacceptable violation of Brazilian sovereignty.”

“This type of practice is incompatible with the confidence necessary for a strategic partnership between two nations,” Cardozo said.

Earlier, Sen. Ricardo Ferraco, head of the Brazilian Senate’s foreign relations committee, said lawmakers already had decided to formally investigate the U.S. program’s focus on Brazil because of earlier revelations that the country was a top target of the NSA spying in the region. He said the probe would likely start this week.

“I feel a mixture of amazement and indignation. It seems like there are no limits. When the phone of the president of the republic is monitored, it’s hard to imagine what else might be happening,” Ferraco told reporters in Brasilia. “It’s unacceptable that in a country like ours, where there is absolutely no climate of terrorism, that there is this type of spying.”

During the Sunday night TV program, U.S. journalist Glenn Greenwald, who lives in Rio de Janeiro and first broke the story about the NSA program in Britain’s Guardian newspaper after receiving tens of thousands of documents from Snowden, told the news program “Fantastico” that a document dated June 2012 shows that Pena Nieto’s emails were being read. The document’s date is the month before Pena Nieto was elected.

The document indicated who Pena Nieto would like to name to some government posts, among other information.

It’s not clear if the spying continues.

As for Brazil’s leader, the NSA document “doesn’t include any of Dilma’s specific intercepted messages, the way it does for Nieto,” Greenwald told The Associated Press in an email. “But it is clear in several ways that her communications were intercepted, including the use of DNI Presenter, which is a program used by NSA to open and read emails and online chats.”

The U.S. targeting mapped out the aides with whom Rousseff communicated and tracked patterns of how those aides communicated with one another and also with third parties, according to the document.

In July, Greenwald co-wrote articles in the O Globo newspaper that said documents leaked by Snowden indicate Brazil was the largest target in Latin America for the NSA program, which collected data on billions of emails and calls flowing through Brazil.

The spokesman for the U.S. Embassy in Brazil’s capital, Dean Chaves, said in an emailed response that U.S. officials wouldn’t comment “on every specific alleged intelligence activity.” But he said, “We value our relationship with Brazil, understand that they have valid concerns about these disclosures, and we will continue to engage with the Brazilian government in an effort to address those concerns.”

In Mexico City, the Mexican foreign ministry said it sent a diplomatic note to the U.S. asking for a thorough investigation of the report’s claims. It said officials also summoned the U.S. ambassador to express Mexico’s concerns.

“Without assuming the information that came out in the media is accurate, Mexico’s government rejects and condemns any espionage activity on Mexican citizens that violate international law,” the Foreign Relations Department said. “This type of practice is contrary to the Charter of the United Nations and the International Court of Justice.”

The U.S. Embassy in Mexico highlighted the “close cooperation” of Mexico and the U.S. in many areas, but said it wouldn’t comment on the NSA program or its alleged targeting of the Mexican leader.

Associated Press writer Bradley Brooks reported this story in Rio de Janeiro and Marco Sibaja reported in Brasilia. Associated Press writer Michael Weissenstein in Mexico City contributed to this report.

By BRADLEY BROOKS and MARCO SIBAJA 09/02/13 07:38 PM ET EDT

Find this story at 2 September 2013

Copyright © 2013 TheHuffingtonPost.com, Inc.

NSA ‘spied on Brazil and Mexico’ – Brazilian TV report

Brazil says it will demand an explanation from the US after allegations that the National Security Agency (NSA) spied on Brazilian government communications.

The allegations were made by Rio-based journalist Glenn Greenwald in a programme on TV Globo on Sunday.

Mr Greenwald obtained secret files from US whistle-blower Edward Snowden.

Communications from the Mexican president were also accessed by the NSA, Mr Greenwald said.

The US ambassador to Brazil, Thomas Shannon, was briefly summoned to the Brazilian foreign ministry, “to explain” the claims made by the American journalist.

He did not speak to reporters when he left, and there have been no comments from the foreign ministry either.
‘Attack on sovereignty’

Mr Greenwald, a columnist for the British Guardian newspaper, told TV Globo’s news programme Fantastico that secret documents leaked by Edward Snowden showed how US agents had spied on communications between aides of Brazil’s President Dilma Rousseff.

Brazil’s Justice Minister Jose Eduardo Cardozo said that “if these facts prove to be true, it would be unacceptable and could be called an attack on our country’s sovereignty”.

According to the report, the NSA also used a programme to access all internet content that Ms Rousseff visited online.

Her office said the president was meeting top ministers to discuss the case.

The BBC’s Julia Carneiro in Sao Paulo says that the suspicion in Brazil as to why the United States is allegedly spying Brazilian government communications is because Brazil is a big player and there are lots of commercial interests involved.
Mexican connection

The report also alleges that the NSA monitored the communications of Mexican President Enrique Pena Nieto, even before he was elected in July last year.

Mr Greenwald said that a document dating from June 2012 showed that Mr Pena Nieto’s emails were being read.

A spokesman for the Mexican foreign ministry told the Agence France Presse news agency that he had seen the report but had no comment.

The documents were provided to Mr Greenwald by ex-US intelligence analyst Edward Snowden, who was granted temporary asylum in Russia after leaking secret information to media in the US and Britain.

Mr Greenwald was the first journalist to reveal the secret documents leaked by Mr Snowden on 6 June. Since then, he has written a series of stories about surveillance by US and UK authorities.

The detention last month for nine hours at London’s Heathrow airport of Mr Greenwald’s partner, David Miranda, caused widespread controversy in the UK and abroad.

Mr Greenwald said the detention of his partner amounted to “bullying” and was “clearly intended to send a message of intimidation” to those working on the NSA revelations.

2 September 2013 Last updated at 12:20 ET

Find this story at 2 September 2013

BBC © 2013 The BBC

Is CSE metadata-mining Canadian call records?

The recent confirmation that NSA is performing data mining on the telephone records of Americans raises an important question for Canadians, is CSE likewise mining the call records of people in Canada?

The short answer is I don’t know. But there are some telling indications that CSE is interested in undertaking such monitoring and that it may well be doing it to one degree or another.

First, let’s look at the program in the U.S. From the original Guardian report and subsequent revelations (see, for example, Shane Harris, “What We Know About the NSA Metadata Program,” Dead Drop blog, 6 June 2013) we now know quite a lot about the NSA’s domestic phone records monitoring program, including the following features about it:
Current procedures date from 2006, but the program began shortly after 9/11
Entails data mining of nationwide telephone call records
Focus on metadata, not content
Network analysis involved
Undertaken as part of counter-terrorism effort
Now consider this description of data mining research conducted in 2006 by CSE and the Mathematics of Information Technology and Complex Systems (MITACS) project, a Canadian network of academia, industry, and the public sector (originally posted here but subsequently removed; archived version here; first blogged by me here):
As part of ongoing collaborations with the Communications Security Establishment (CSE), we are applying unsupervised and semi-supervised learning methods to understand transactions on large dynamic networks, such as telephone and email networks. When viewed as a graph, the nodes correspond to individuals that send or receive messages, and edges correspond to the messages themselves. The graphs we address can be observed in real-time, include from hundreds to hundreds of thousands of nodes, and feature thousands to millions of transactions. There are two goals associated with this project: firstly, there is the semi-supervised learning task, and rare-target problem, in which we wish to identify certain types of nodes; secondly, there is the unsupervised learning task of detecting anomalous messages. For reasons of efficiency, we have restricted our attention to meta-data of message transactions, such as the time, sender, and recipient, and ignored the contents of messages themselves. In collaboration with CSE, we are studying the problem of counter-terrorism, a semi-supervised problem in which some terrorists in a large network are labeled, but most are not…. Another common feature of counter-terrorism problems is the fact that large volumes of data are often “streamed” through various collection sites, in order to provide maximal information in a timely fashion. A consequence of efficient collection of transactions on very large graphs is that the data itself can only be stored for a short time. This leads to a nonstandard learning problem, since most learning algorithms assume that the full dataset can be accessed for training purposes. Working in conjunction with CSE, we will devise on-line learning algorithms that scale efficiently with increasing volume, and need only use each example once. [Emphasis added.]
Note these features:
Applicable to telephone and email networks
Thousands to millions of transactions
Metadata, not content, examined
Counter-terrorism related

Familiar looking?

Consider also this comment made by then-CSE Chief John Adams to the Standing Senate Committee on National Security and Defence on 30 April 2007:
What is your interpretation of intercept, if I were to ask? If you asked me, it would be if I heard someone talking to someone else or if I read someone’s writing. An intercept would not be to look on the outside of the envelope. That is not an intercept to me. Unfortunately, that is not everyone’s interpretation of intercept, so the suggestion is that we should define that in the legislation…. Intercept is defined in another piece of legislation, and that is where people would probably look if they were searching for a definition of intercept. They are saying that could be troublesome for us, so we had better define it in our act to avoid that problem. That sort of thing has not come up as an issue, but it could.

As I noted in an earlier post, that sounds an awful lot like something you would say if you wanted to collect phone call metadata (number called, duration of call, etc.) and similar addressing information for e-mails and other communications — and felt you already had the legal basis to do so.

Would such monitoring be legal in Canada? I don’t know. (Usual disclaimer about not being a lawyer applies.)

Michael Geist suggests that s. 21 of the CSIS Act might be used to authorize the activity; CSE’s participation would then be based on CSIS’s authority.

Another possibility is that CSE might consider its foreign intelligence mandate (processing the records as part of the hunt for foreign terrorists) sufficient to authorize such monitoring. It is possible that this somewhat cryptic passage in the CSE oversight commissioner’s 2010-11 Annual Report is referring in whole or in part to such activities:

CSEC conducts a number of activities for the purposes of locating new sources of foreign intelligence. When other means have been exhausted, CSEC may use information about Canadians when it has reasonable grounds to believe that using this information may assist in identifying and obtaining foreign intelligence. CSEC conducts these activities infrequently, but they can be a valuable tool in meeting Government of Canada intelligence priorities. CSEC does not require a ministerial authorization to conduct these activities because they do not involve interception of private communications. However, a ministerial directive provides guidance on the conduct of these activities.

In recent years, three reviews have involved some degree of examination of these activities: a Review of CSEC’s foreign intelligence collection in support of the Royal Canadian Mounted Police (RCMP) (Phase II) (2006); a Review of CSEC’s activities carried out under a (different) ministerial directive (2008); and a Review of CSEC’s support to the Canadian Security Intelligence Service (CSIS) (2008).

In his 2006–2007 Annual Report, the late Commissioner Gonthier questioned whether the foreign signals intelligence part of CSEC’s mandate (part (a) of its mandate) was the appropriate authority in all instances for CSEC to provide support to the RCMP in the pursuit of its domestic criminal investigations. In his 2007–2008 Annual Report, Commissioner Gonthier stated that pending a re-examination of the legal issues raised, no assessment would be made of the lawfulness of CSEC’s activities in support of the RCMP under the foreign signals intelligence part of CSEC’s mandate. He also noted that CSEC’s support to CSIS raised similar issues. Commissioner Gonthier emphasized that although he was in agreement with the advice that the Department of Justice had provided to CSEC, he questioned which part of CSEC’s mandate — part (a) or part (c), the assistance part of CSEC’s mandate — should be used as the proper authority for conducting the activities.

Subsequent to these reviews and statements in the annual reports, the Chief of CSEC suspended these activities. CSEC then made significant changes to related policies, procedures and practices.

Review rationale

These activities involve CSEC’s use and analysis of information about Canadians for foreign intelligence purposes. Specific controls are placed on these activities to ensure compliance with legal, ministerial and policy requirements. Major changes to certain policies, procedures and practices have recently occurred. This was the first review of these activities since the Chief of CSEC allowed their resumption under new policies and procedures.

None of the above proves that CSE has been analyzing Canadians’ call records. But with NSA examining U.S. records, you can bet that CSE at the very least has taken a good, hard look at the possibility of doing the same in Canada. And some of the above certainly suggests that they may have gone well beyond just considering the possibility.

When the question of whether CSE was data mining Canadian call records came up in 2006, CSE was quick to make a perhaps carefully worded denial. This time around, not so much (Mitch Potter & Michelle Shephard, “Canadians not safe from U.S. online surveillance, expert says,” Toronto Star, 7 June 2013):

the Toronto Star contacted CSEC for comment Friday about its own metadata collection program, but received a boilerplate statement stressing that the agency is “prohibited by law from directing its activities at Canadians anywhere in the world or at any person in Canada” and “operates within all Canadian laws.”

“The Communications Security Establishment Canada (CSEC) cannot comment on its methods, operations and capabilities. To do so would undermine CSEC’s ability to carry out its mandate. It would also be inappropriate to comment on the activities or capabilities of our allies,” the statement said.

Which doesn’t prove anything either.

[Update 10 June 2013: But it would appear that this article does prove that metadata monitoring is being done: Colin Freeze, “Data-collection program got green light from MacKay in 2011,” Globe and Mail, 10 June 2013.]

Sunday, June 09, 2013

Find this story at 9 June 2013