The Canadian agency responsible for electronic surveillance played a substantial role in the NSA's efforts to crack encrypted data on the internet, according to documents obtained by the New York Times.
Communications Security Establishment Canada — which is responsible for foreign electronic surveillance but is speculated to be spying on Canadians as well — handed over control of an international encryption standard to the NSA, allowing the agency build a “backdoor” to decrypt data, the Times reports.
The information is part of the massive trove of previously secret NSA data leaked to the press earlier this year by Edward Snowden.
The Times and the Guardian reported last week that the NSA has managed to crack most of the encryptions used to transfer information securely over the internet, and has worked to keep that fact a secret, presumably so that web users continue to use the compromised encryptions.
Internet encryptions are used to secure sensitive data on the internet, such as emails and bank transactions, and are used in consumer products such as Bluetooth devices and the BlackBerry Messenger network, to name a few examples.
Encryptions work in part by using random number generators to insert unpredictable numbers into the encrypted data. That way, spies tapping in won’t be able to decipher the code used to encrypt the data.
But according to the Times report, the NSA created one of those random number generators, known as the Dual EC DRBG standard, in order to create a "backdoor" for the NSA to decrypt data.
Half a decade ago, Canada’s CSEC was in charge of the standards process for the International Organization for Standardization. In order to get its preferred encryption code made a worldwide standard, the NSA "finessed" CSEC into handing over control of the standards process, the Times reports.
“After some behind-the-scenes finessing with the head of the Canadian national delegation and with [CSEC], the stage was set for NSA to submit a rewrite of the draft,” an NSA memo obtained by the Times stated. “Eventually, NSA became the sole editor.”
Once that hurdle was overcome, "the road to developing this standard was smooth," the NSA memo states.
Evidence is building that CSEC itself is involved in mass, warrantless surveillance of Canadians.
According to news reports earlier this year, then-Defence Minister Peter MacKay signed a ministerial directive in 2011 allowing the re-start of a CSEC program that scours phone and internet data trails, including those of Canadians.
Even if the CSEC is not spying on Canadians, its partner organizations are capable of doing that for them.
The CSEC is part of a network of electronic spying organizations that has existed since the 1940s, known as ECHELON or the “Five Eyes.” Besides Canada, it includes the U.S, Britain, Australia and New Zealand.
Many analysts believe the network acts as a way of getting around laws that prevent countries from spying on its own citizens, by having partner countries do the spying.
For instance, it has been alleged that the CSEC spied on participants at the G20 meeting in London in 2009 on behalf of the U.S. and Britain.