Revelations about the extent of surveillance by the National Security Agency (NSA) in the U.S. have sparked interest in the activities of Canada's own, highly secretive agency.
Last week, media reports revealed that the NSA collected hundreds of millions of U.S. phone records while searching for possible links to terrorist targets abroad.
Earlier this week, the Globe and Mail newspaper published a story saying that in 2011, Canadian Defence Minister Peter Mackay had okayed a similar type of clandestine eavesdropping program by the Communications Security Establishment Canada (CSEC) to monitor the metadata of electronic communications.
- Should Canadians worry about data snooping?
This program was previously approved in 2005 by Bill Graham, the defence minister at the time.
Here’s a closer look at CSEC and what it does.
What is it?
CSEC, which reports to the minister of defence, describes itself as “Canada’s national cryptologic agency.”
CSEC supplies two main services: foreign signals intelligence (SIGINT), which means monitoring electronic communications emanating from abroad; and protecting domestic electronic information and communication.
When was it established?
Born during the cold war, CSEC began in 1941 as the Examination Unit, which fell under the National Research Council. In 1946, the unit was renamed the Communications Branch.
It became the Communications Security Establishment in 1975, when it came under the umbrella of National Defence.
After the U.S. attacks of Sept. 11, 2001, CSEC doubled its personnel and was given a broader mandate. Canada’s Anti-Terrorism Act, which was passed in late 2001, gave CSEC the ability to intercept communications of which one half was either sent from or received in Canada.
How big is its staff and budget?
The organization employs approximately 2,000 people and has an annual budget of about $422 million, according to CSEC spokesperson Ryan Foreman.
What is cryptology?
The Oxford English Dictionary defines cryptology as “the study of codes, or the art of writing and solving them.” According to CSEC, cryptology combines “the science that creates those cryptosystems, while cryptanalysis is the art of unraveling or breaking such systems, that is, reading them even if one is not the intended recipient.”
What is CSEC monitoring exactly?
The full extent of CSEC’s monitoring activities is not known, but the agency has confirmed that it is collecting metadata.
Metadata is data that describes other data – or, put another way, it’s information about the digital envelope that carries specific correspondences.
This can include phone numbers, length and time of calls, email addresses and internet routing information. The metadata is the information about a specific communication, but it doesn’t reveal the substance of the communication itself.
Does CSEC share information with other countries?
CSEC shares information with intelligence agencies in the so-called “Five Eyes” group of countries — namely the U.S., UK, Australia and New Zealand.
Is CSEC spying on Canadians?
CSEC says it is not. The agency is constrained by the National Defence Act, which states that CSEC’s monitoring “shall not be directed at Canadians or any person in Canada.”
CSEC "can only direct its activities at foreign entities located outside of Canada,” CSEC spokesman Ryan Foreman said in an email interview.
However, CSEC is also part of the “Five Eyes” group of countries, with whom they have shared intelligence “for decades,” said Andrew Clement, a professor in the Faculty of Information at the University of Toronto.
While each of these intelligence agencies assures its citizens that it is only focused on foreign communications, Clement says that it stands to reason that in sharing information with its intelligence partners, CSEC could be gaining intelligence on Canadians.
CSEC “will never confirm or deny this,” Clement says, “but there’s a very strong suggestion [that they do], and in the face of these revelations, it’s a reasonable question to ask on what basis we can be confident they are keeping in the law when there’s such technical capability of them sharing information.”
David Skillicorn, a professor in the School of Computing at Queen’s University, says this is one piece of the data-sharing relationship “that has always been carefully constructed.”
“The Americans will not use Canadians to collect data on U.S. persons, nor will any of the other Five Eyes countries,” Skillicorn says.
“In fact, in practice, it’s as if the five countries’ citizens were one large, collective group, and their mutual communications are not intercepted by any in the Five Eyes community.”
Still, Clement says he believes there are extenuating circumstances when CSEC actually eavesdrops on the content of specific communications, says Clement.
“My guess is that they do listen in on phone conversations when the person is of interest,” says Clement.
What kind of oversight is there for CSEC?
CSEC spokesperson Ryan Foreman said that an independent commissioner, who is a retired judge, reviews CSEC activities “to ensure that all CSEC activities comply with the law.” The commissioner submits regular reports to the defence minister and an annual report to Parliament.
“Certainly there is a governance and a structure in place above CSEC and the other bits of the intelligence organizations,” says Skillicorn.
“But I think every Western country has had the experience of some quote-unquote scandal, which has resulted in [the forming of] a commission of some sort and the imposition of new regulatory framework. And that suggests that things are never quite as clean as people would like them to be.”