Monday, December 29, 2014

Another CSE slide deck published

Der Spiegel published a new CSE slide deck on Sunday (part of a large dump of Snowden documents) in conjunction with a story discussing Five Eyes efforts to defeat common encryption methods used on the Internet (Jacob Appelbaum, Aaron Gibson, Christian Grothoff, Andy Müller-Maguhn, Laura Poitras, Michael Sontheimer & Christian Stöcker, "Prying Eyes: Inside the NSA's War on Internet Security," Der Spiegel, 28 December 2014).

The CSE deck, undated but probably from 2012, is titled "TLS Trends: A roundtable discussion on current usage and future directions".

The TLS in question is Transport Layer Security, the latest version of the Secure Sockets Layer protocol that provides encryption for many "secure" web transactions.

Der Spiegel (and other commentators) drew special attention to page 13 of the slides, which purports to list target activity at hockeytalk.com:
Canada's Communications Security Establishment (CSEC) even monitors sites devoted to the country's national pastime: "We have noticed a large increase in chat activity on the hockeytalk sites. This is likely due to the beginning of playoff season," it says in one presentation.

If on-line game chat rooms are sometimes monitored, then I suppose it's not impossible that Hockeytalk is also considered a possible location for communications that may have nothing to do with hockey.

But, really, this sounds more like a made-up example to me, along the lines of Pte. Bloggs and the Fantasians, than a real case.

Of greater interest to me is the frequent use of the word "warranted" in the presentation. As CSE does not obtain warrants for its foreign intelligence and cyber defence operations, this sounds like a reference to "Mandate C" operations, which CSE conducts in support of CSIS and the RCMP (and a few other agencies) and which entail the deliberate (but targeted) surveillance of Canadians or other persons in Canada.

[Update 7 January 2015: An additional possibility is that some of this material is foreign intelligence collected in Canada under warrants that CSIS obtains through section 16 of the CSIS Act.]

[Update 29 December 2014, 7:30 pm: A report in VICE (Patrick McGuire, "We Learned Very Little about Canada’s Cybersurveillance Agency, CSEC, in 2014," VICE, 29 December 2014) also concludes that the Hockeytalk reference was intended to be humourous. An update to the article reports that CSE spokesperson Ryan Foreman assured VICE that the Hockeytalk slide was "obviously fictitious content", adding that "CSE is prohibited by law from directing its foreign intelligence or cyber defence activities at Canadians anywhere in the world or at anyone in Canada."

If there's one thing that we didn't need to learn about CSE in 2014, because we already ought to have known it, it's that they always neglect to mention Mandate C.]

Canada also comes in for a mention in another document released by Der Spiegel, this one describing a German operation against a Taliban commander/narcotics trafficker in Afghanistan that was supported by SIGINT analysts at NSA Georgia (NSAG):
Near-real-time locational data on [redacted] was passed from NSAG to the Germans via the Coalition’s CENTER ICE system.... The use of CENTER ICE was critical to the success of this operation. At NSAG CENTER ICE was manned by a Canadian integree within the Coalition Support Cell. Of note, this was the first time that CENTER ICE has been used at NSAG to support a live operation, in addition to the first time the Germans have used CENTER ICE for coordination such as this.
"CENTER ICE was manned by a Canadian integree..."

There's that hockey thing again!

The Canadian Forces Information Operations Group, the military arm of the Canadian SIGINT community, has a detachment of around 10 personnel working at NSA Georgia.

0 Comments:

Post a Comment

<< Home