Saturday, February 25, 2017

CSE 2017-18 budget to be $596 million

The 2017-18 Main Estimates, tabled in parliament on February 23rd, show a projected 2017-18 CSE budget of $595,983,723.

As the document shows, the budget projected for 2017-18 is slightly higher than the $583.6 million that was originally projected for the current fiscal year (2016-17) and slightly lower than the $599.8 million 2016-17 "to date" figure, which reflects additions made to CSE's budget authorities during the fiscal year. It is $23.6 million lower than the $619.5 million that was actually spent in 2015-16.

After accounting for inflation, this would suggest that CSE's 2017-18 budget will be roughly 7% smaller than it was in 2015-16.

CSE's actual spending in 2017-18 could well turn out to be greater than its 2015-16 spending, however. The agency has received large in-year budget top-ups every year for the last seven years.

Thus, it may be safer to say that CSE's budget appears to have stabilized for the moment at the roughly $600 million level, but with significant year-to-year fluctuations.

That level is about 4.4 times as high, after adjusting for inflation, as CSE's pre-9/11 budget.

According to the Main Estimates, 72% of the money will go to CSE's SIGINT program, while the IT Security program will account for the remaining 28%.

Saturday, February 18, 2017

Kevin O'Neill in 1945

I was recently reading The Emperor's Codes, Michael Smith's 2011 book about the Allied effort to break Japanese codes during the Second World War, and to my surprise I ran across a 1945 photo that shows Kevin O'Neill, the Bletchley Park veteran who later became the Director of CBNRC/Chief of CSE.

O'Neill, who finished the war with the rank of Major in the British Army, worked on the Tunny problem, among other systems, during his time at Bletchley. But by 1945 he was part of the British liaison team at the U.S. Army's Signal Security Agency at Arlington Hall in Washington.

For reasons not clear to me, he appears in this photo (second from the right) with members of the British liaison office at the U.S. Navy's code-breaking agency, OP-20-G, which was located at the Naval Communications Annex. Note how, aside from civilian Wilfred (not William) Bodsworth, everyone in the photo other than O'Neill is in naval uniform.

O'Neill and John Manson, another British Army Major serving at the Signal Security Agency, were recruited by Ed Drake in 1946, becoming part of CBNRC's initial staff. Manson died in 1952, but O'Neill remained with the agency for his entire career, becoming the Director of CBNRC in 1971 and retiring as Chief of CSE in 1980.

Friday, February 17, 2017

List of Senior U.S. Liaison Officers at CSE

I've finally managed to get a reasonably complete list of the Senior United States Liaison Officers, or SUSLOs, assigned to CSE over the years.

SUSLOs are assigned by NSA to all of the Five Eyes SIGINT agencies, with the various SUSLOs distinguished from one another by suffixes. The SUSLO assigned to Canada is known as the SUSLO/O, for Ottawa.

The photo above shows Velva Klaessy, who served as SUSLO/O from 1970 to 1971. Klaessy was the first woman to serve as SUSLO at any location.

SUSLO/O list (with years of arrival and departure)
Lt. Robert Carl, USN (Acting)19501950
Maj. Oval Jones, USAF19501952
LCdr. Arthur Conant, USN19521953
Maj. Robert Morin, USAF19531955
Maj. Ralph Barch, USA19551958
LCol. Robert Maurer, USA19581960
Fred Sims19601963
William Kaczmar19631966
Maurice Edens19661970
Velva Klaessy19701971
Francis Irons19711974
Martin Sullivan19741977
Melville Boucher19771981
William Gerdes19811984
George Abbott19841990
Gary Kirkey19901992
Robert Arndt19921995
John Dirks19951999
Maria O'Connor19992002
Cindy Farkus20022005
Donna Marie Barbano20082011
Cynthia Daniels20112014

The SUSLO identities from 1950 to 1974 are from a recently released version of History of CBNRC (Access release A-2015-00045). The more recent identities were assembled by me from public domain materials, with invaluable assistance from U.S. intelligence historian Matthew Aid, and may still contain some errors. I haven't included the current SUSLO/O on the list.

For earlier compilations of CSE's own liaison officers, the CANSLOs, see here and here.

Monday, February 06, 2017

ATIpper #10: CSE might have moved to Kingston

More from the Access to Information files:

According to access release A-2013-00055, CSE considered 17 properties in the National Capital Region, Arnprior, and Kingston when it was choosing the location for its new headquarters complex.

As is well known, the site ultimately chosen was in Ottawa's east end, adjacent to CSIS's headquarters.

But the agency's number two choice was Kingston.

It's a bit hard to believe that Kingston was ever seriously considered, however.

The fact that CSE personnel would have to drive two hours each way every time they needed to attend a meeting in Ottawa would surely have weighed heavily against selecting the site.

And convincing the agency's more than 2000 employees to move to Kingston would also likely have proved difficult and disruptive to morale.

Update 8 February 2017:

David Pugliese, "Kingston was the number two choice for CSE’s new headquarters," Ottawa Citizen, 7 February 2017

Monday, January 30, 2017

Releases of Canadian identities to Five Eyes partners

How often does CSE hand over information about Canadians to the United States and other Five Eyes allies? A partial answer is obtainable by examining a recent Access to Information release.

CSE's end-product reports must relate to its foreign intelligence or cyber defence responsibilities. (Information collected by CSE for Canadian law enforcement or security agencies is a separate matter.)

But sometimes these end-product reports do contain information about Canadians. When that happens, the name and other identifying information of that Canadian — known as Canadian Identity Information (CII) — is "suppressed", i.e., replaced by a generic reference such as "a named Canadian" or "a Canadian businessman". (There are certain exceptions to this rule, but they seem to be relatively limited, probably amounting to fewer than 100 cases per year.)

The information that is suppressed in those reports is not deleted, however. It is retained in CSE's data banks and is available to clients who request it if they can demonstrate both the authority and an operational justification for obtaining it. This applies to CSE clients located in Canada's Five Eyes allies, also known as Second Parties, as well as to domestic Canadian agencies.

Given the potential for the misuse of such information, particularly in light of the accession of the Trump administration, it would be helpful to know how often Canadian Identity Information is released to Canada's Five Eyes allies.

CSE has always refused to declassify this information. However, it is possible to get a sense of the scale of the releases by examining the gaps left in the agency's annual reports released under the Access to Information Act (release A-2015-00086).

Here are the relevant sections of the released versions of those reports for the five years from 2010-2011 to 2014-2015 inclusive.

2010-2011 Annual Report:

"In addition, CSEC released [redacted 3-digit number] identities to its Five-Eyes partners."

The width of this redaction indicates that it originally contained a 3-digit number, which means that somewhere between 100 and 999 pieces of Canadian Identity Information were released to Five Eyes partners in 2010-2011.

2011-2012 Annual Report:

"In addition, CSEC released [redacted] Canadian identities to its Five Eyes partners."

In this case, because the redaction occurs at the end of a line it is not possible to determine how many digits the redacted number had. However, the following year's report (see below) indicates that the 2011-2012 figure was also a 3-digit number.

2012-2013 Annual Report:

"In addition, CSEC released [redacted 4-digit number] Canadian identities to its Five Eyes partners. This represents a significant increase in the number of identities released in 2011-2012 ([redacted 3-digit number + close-parentheses] and is attributable to a [redacted] released to the US allies to enable them to efficiently assess the [redacted]"

The cause of this one-time jump was revealed in the following year's report to be "a single cyber defence report" that presumably contained a very large number (at least one thousand, possibly multiple thousands) of Canadian identities.

2013-2014 Annual Report:

"In 2013-14, Second Parties requested [redacted 3-digit number] Canadian identities, of which [redacted 3-digit number] were released. This is a [redacted] from the previous year, when [redacted 4-digit number] were released; however, during the previous year, [redacted 4-digit number] of those releases were from a single cyber defence report."

Here the number of released identities falls back to the more normal hundreds range.

Also worth noting is the fact, evident from the way the sentence is constructed, that not all requested identities are released.

This is also confirmed by various comments that the CSE Commissioner has made over the years. The Commissioner's 2014-2015 report even provided some data on this question, noting that a sample of recent Five Eyes requests examined by his office included "roughly an equal number of denials and disclosures of Canadian identity information." No information on the long-term average CII disclosure rate has been released, however. In some years, such as the year when a thousand or more identities were released from a single report, the disclosure rate has probably been much, much higher than 50%.

2014-2015 Annual Report:

"In FY 2014-15, Second Parties [redacted; probably "requested" + 3-digit number] Canadian identities, of [redacted; probably "which" + 3-digit number] were released. [Redacted] of these releases were to [redacted]"

In this release, CSE redacted larger portions of the text, possibly to make this kind of analysis more difficult. It's fairly easy to guess what the redacted words actually were, but the extra redactions do make the overall conclusions less certain.

(Thanks for that, CSE redactors. I'm sure the nation's security hangs on preventing the bad guys — or maybe the Canadian public? — from knowing with certainty whether the number of Canadian identities revealed to Five Eyes partners in a given past year was a 3-digit number or a 4-digit number.)

The most recent annual report of the CSE Commissioner provides another data point related to this question: Between 1 July 2014 and 30 June 2015, Five Eyes partners made 111 requests for Canadian Identity Information.

However, request numbers do not translate directly to release numbers for several reasons: requests are sometimes denied; requests may be made for the same identity by multiple clients; and finally and most importantly, a single request can pertain to multiple identities — in the case of the cyber defence report mentioned above, perhaps thousands of identities were released as a result of a single request. The fact that more than 100 requests were made suggests, however, that most requests involve only a small number of identities.

Taken together, these documents demonstrate with reasonable certainty that CSE releases at least one hundred and sometimes more than one thousand pieces of Canadian Identity Information to Canada's Five Eyes allies every year. Something like one or two items a day might be a reasonable guess.

And that's not the only way such information is shared. CSE also intercepts foreign communications on behalf of its partner agencies using selectors that they provide. It then forwards those intercepts, some of which are likely to contain incidentally collected Canadian communications or other information about Canadians, directly to them.

(CSE's recent metadata minimization failure also led to CII being provided to Five Eyes allies, but in that case the information would not have been provided if the systems had been working as required.)

It is likely that most of the information released through these processes goes to CSE's largest and closest collaborator, the U.S. National Security Agency, but some would also go to the other partner agencies.

In the vast majority of these cases, I would guess, the provision of this information makes a valuable contribution to Canadian and Allied security — in some cases it probably even contributes to the security of the named Canadians themselves. But as the Commissioner's classified 17 July 2013 report to the Minister of National Defence (A Review of CSEC Information Sharing with the Second Parties, Access release A-2014-00062) noted, the results of such sharing are not necessarily always benign:
While the case of Mr. Maher Arar did not relate specifically to CSEC or to SIGINT information sharing with the Second Parties, it is an example of how Canada's closest international partners may make their own decisions in relation to a Canadian.... The case of Mr. Arar demonstrates how [Government of Canada] information sharing with the U.S. or other partners may affect a Canadian and possibly put a Canadian in personal jeopardy.
This possibility is especially relevant now, with the Trump administration openly discussing a return to the use of torture, secret prisons, and other violations of civil liberties and international law. But even under the Obama administration some of these risks, including for example the possibility of targeted killings, were present.

The Canadian government has policies in place to govern international information-sharing when there is a substantial risk that the information shared could lead to the torture or other mistreatment of an individual, but many people question whether they are sufficiently restrictive.

In CSE's case, a Ministerial Directive signed in 2011 obliges the agency to conduct a mistreatment risk assessment whenever it considers releasing CII to a non-Five Eyes country.

But my reading of the limited information that has been released on that directive suggests that the Five Eyes countries are exempt from this requirement, except when those countries seek to forward Canadian information to a non-Five Eyes country. It would be very useful to know if that is in fact the case.

Saturday, January 28, 2017

Citizen Lab fellowship

I am very pleased to report that I have accepted a fellowship at the Citizen Lab for 2017.

Citizen Lab is based at the Munk School of Global Affairs at the University of Toronto. It focuses on "advanced research and development at the intersection of Information and Communication Technologies (ICTs), human rights, and global security."

The book Black Code, written by Citizen Lab's director, Ron Deibert, gives a good sense of the kinds of issues the Lab addresses. You should also check out their many publications.

I've been a big fan of the Citizen Lab's work for years and the thought of being associated with such an amazing place is frankly a bit daunting. They may be expecting results!

I'll do my best.

I should stress at this point that the opinions I express on this blog and elsewhere will continue to be mine alone: I will in no way be speaking for the Citizen Lab.

We're still working out the details of the project(s) I'll be involved in during the fellowship so I can't say much about that right now, other than the obvious fact that the signals intelligence activities of Canada and its Five Eyes allies will be central to it.

Monday, January 16, 2017

ATIpper #9: CSE releases its definition of data

More from the Access to Information files:

Behold the CSE definition of data:

Access release A-2014-00013

Ouf, a bit heavily redacted, don't you think?

Let's try again.

Access release A-2015-00005

Oh, sure, much better. Thanksabunch.

Another try.

Released in 2016 Federal Court filing

All right, now we're starting to make some progress.

And finally...

Access release A-2011-00566

This. This is the kind of access to information response I like!

Which is great until you realize that this final response was in fact the first of the four releases.