Last June, bombshell revelations about the NSA’s surveillance operations leaked. And they keep coming. Seemingly every week we are privy to more information about the electronic eavesdropping capabilities of our governments.
Yes, our governments.
Although the bulk of the revelations focus on the NSA, they also involve the Canadian government’s surveillance operations and the other three members of the Five Eyes, “the most exclusive intelligence sharing club in the world”: Britain, Australia, and New Zealand.
Here’s a look at what the ex-NSA contractor Edward Snowden’s leaks reveal about the Canadian corollary to the NSA, the Communications Security Establishment Canada (CSEC), which is getting set to move into one of the most expensive government buildings Canada has ever built, a $1-billion, 72,000 square-foot headquarters in Ottawa that will use the energy equivalent of a “small town.”
July 11: XKeyscore
“You need the haystack to find the needle,” said Gen. Keith Alexander, director of the NSA, in defending the NSA’s “collect-it-all” approach to surveillance. And once you’ve gathered the haystack – via demands to companies like Google and Facebook and by plugging directly into the internet’s backbone of undersea cables which cover 75 per cent of the internet traffic in the country – you need to figure out how to find the needle. That’s where the program XKEYSCORE comes in.
Leaked documents reveal XKeyscore is the NSA’s “widest-reaching” system for developing intelligence and covers “nearly everything a typical user does on the Internet.” Basically, it’s a Google search for NSA analysts allowing them dig around in the haystack by searching through various fields of information such as email, name, browser history, telephone number, IP address, keywords used and even the type of browser used.
The XKeyscore revelation gave credence to the claim by Edward Snowden that US officials roundly denied: "I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email."
CSEC’s connection to XKeyscore is evident at the top and bottom of each of the XKeyscore presentation slides released by the Guardian which read, “TOPSECRET/COMINT [Communications Intelligence]/REL [Relay] to USA, AUS, CAN, GBR, NZL.”
With these slides it’s clear that CSEC knew about XKeyscore, but the question still remains: are they using it as well? And more importantly, considering an estimated 90 per cent of our internet traffic routes through American servers, is CSEC using it to spy on Canadians?
September 5: Encryption Standards Weakened
On September 5, The New York Times, The Guardian, and Pro Publica released documents that revealed the NSA had cracked or managed to circumvent encryption that guards communications of Americans and others around the globe -- including commerce and banking systems, medical records, trade secrets, e-mails, web searches, internet chats, and telephone calls.
“For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” reads a 2010 NSA memo.
These efforts include developing custom-built computers to break codes or going directly to the source by requesting or legally forcing technology companies to hand over their master encryption keys or to build-in backdoors to their products.
In addition to targeting specific developers, the NSA has also been weakening the encryption standards that are adopted internationally by developers, which they were able to do with the help of CSEC.
In 2006 the NSA was successful in inserting a back-door into a standard adopted by the National Institute of Standards and Technology. They were then able to push this standard onto the International Organization for Standardization, which CSEC, at the time, was in charge of running.
“After some behind-the-scenes finessing with the head of the Canadian national delegation and with C.S.E., the stage was set for N.S.A. to submit a rewrite of the draft,” a leaked NSA memo notes. “Eventually, N.S.A. became the sole editor.”
What exactly this “finessing” entails, we do not know, but the leaked documents make it clear that CSEC was involved in the deliberate weakening of international encryption standards.
October 6: Corporate Espionage
Using documents leaked by Edward Snowden, a Brazilian television program reported that CSEC had targeted Brazil’s Mines and Energy Ministry in an effort to gain economic intelligence. Under the program code-named Olympia, CSEC targeted the metadata of emails and phone calls going to and from the Brazilian ministry.
As reported by Colin Freeze from The Globe and Mail,
"This [revelation] suggests CSEC has access to vast databases of previously logged global telecommunications traffic - giving the agency a very far reach in determining which telephones and computer servers in the world might yield the most intelligence for Canada."
In response to the revelations, Harper’s communications director Jason MacDonald said that “CSEC does not comment on its specific foreign intelligence activities or capabilities.”
October 27: “Stateroom”
Leaks published by Germany’s Der Spiegel magazine in late October revealed surveillance operations were set up and hidden in embassies and consulates around the world "in false architectural features or roof maintenance sheds" in a program code-named “Stateroom”.
“STATEROOM sites are covert SIGINT [Signals Intelligence] collection sites located in diplomatic facilities abroad,” the leaked document notes. “SIGINT agencies hosting such sites include … Communication Security Establishments or CSE (at Canadian diplomatic facilities).” In other words, CSEC had set up secret "listening posts" in Canada's embassies around the world.
In addition to Canada, the Stateroom document also reveals the United States, Britain, and Australia all run similar and interrelated operations from their respective embassies. New Zealand, the “fifth-eye,” is curiously absent from the documents.
November 27: G20 Spying in Toronto
Documents leaked by Edward Snowden to the CBC – by way of journalist Glenn Greenwald - revealed the Harper government allowed the NSA to conduct surveillance in Canada during the G8 and G20 summits in 2010.
According to the documents, the NSA turned the US embassy in Ottawa into a command post for a 6-day operation during the summits. The NSA’s plans were aimed at “providing support for policy makers” and were “closely coordinated with the Canadian partner.” The “Canadian partner,” of course, being CSEC.
The documents, however, do not reveal what role – if any – CSEC played in the actual act of spying during the G20 or G8 summits.
Nevertheless, the spying at the 2010 summits, as the CBC reported, “fits a pattern of economic and political espionage by the powerful US intelligence agency and its partners such as Canada.” This pattern was also apparent 10 days earlier when documents obtained under the Access to Information Act revealed a coordinated effort by CSIS, the RCMP, and private oil companies to spy on anti-oil sands groups including Idle No More, ForestEthics, Sierra Club, EcoSociety, LeadNow, Dogwood Initiative, Council of Canadians and the People's Summit.
December 9: Canada set up spy posts for the NSA
A top secret document retrieved by Edward Snowden and reported on by the CBC revealed CSEC, at the request of the NSA, set up secret spy posts abroad working alongside the NSA in surveillance activities in “approximately 20 high-priority countries."
"CSEC offers resources for advanced collection, processing and analysis, and has opened covert sites at the request of NSA," said the four page document which is dated April 3, 2013, a mere two months before Edward Snowden went public in June. Canada's spy agency is able to share "with the NSA their unique geographic access to areas unavailable to the US."
The document also touches on the relationship between the NSA and CSEC, which is described as a “close cooperative” one "both sides would like to see expanded and strengthened.” And reveals that they are not only sharing intelligence, but employees: "Co-operative efforts include the exchange of liaison officers and integrees.”
The NSA also supplies CSEC with much of the hardware and software they use for encryption and code-breaking, as well as other spy tools required for "collection, processing and analytic efforts." These tools may well include the XKeyscore search software noted above.
January 30: CSEC used airport Wi-Fi to track Canadian travelers
The latest revelation, that CSEC had tracked the devices of thousands of passengers at a major Canadian airport for days after they left the terminal, prompted a three-hour Senate hearing with top national security officials.
CSEC was able to capture information through the airport’s free Wi-Fi service, which allowed them to track unsuspecting traveler’s wireless devices for a week or more as they connected to other Wi-Fi “hotspots” in cities across Canada. This likely included the wireless devices of Canadians who passed through the terminal.
Stephen Rigby, Harper’s national security advisor, defended the agency’s collection arguing they did not directly target Canadians and only intercepted metadata, not the actual content of conversations or written exchanges: “It does not represent a compromise of private communications by Canadians. It’s data about data and so is well within the parameters of CSEC’s operations.”
However, as Ron Deibert, director of the Citizen Lab at the University of Toronto's Munk School of Global Affairs, writes in The Globe and Mail:
We leave a vast digital trail of intimately revealing metadata around us wherever we go. Allowing the state to have access to all of it is incompatible with a free and democratic society. The question now for Canadians to collectively address is what are we going to do about it?
What is privacy?
These revelations offer us a glimpse into CSEC's operations, which have been shrouded in secrecy since the agency's creation in 1946. Although the bulk of the disclosures have focused on the NSA, given the "close cooperative" relationship they share with CSEC, the more we learn about the NSA, the more we can infer about CSEC's potential operations and capabilities.
However, as much as we need to ask questions of our government’s surveillance operations – and we do need to ask questions, as well as expect answers – we also need to ask some pressing questions of ourselves. Throughout the revelations, reactions, Orwell references, denunciations of Snowden as traitorous scum, calls for greater transparency, and meh-I’ve-got-nothing-to-hides, the question of just what privacy is and what value it has buzzes underneath.
How we define privacy will decide whether it has been lost and – most importantly – what value it has. After all, what you stand to lose defines the value of what you had.
In era of unprecedented publicity and social media (over?) sharing, what does privacy mean? Is it the power to decide what to reveal and what to hide? Is privacy merely a form of secrecy? Or is it also about controlling the trove of personal data that is fed into institutions that make important decision about our lives? Is it as much about the Orwellian metaphor of the chilling effects of surveillance as it is about information-processing? Should we also consider -- as Daniel Solove, Professor of Law at George Washington University, featured in the video below argues – the metaphor of Franz Kafka’s The Trial, which “depicts a bureaucracy with inscrutable purposes that uses people’s information to make important decisions about them, yet denies the people the ability to participate in how their information is used?”
Point being: If we can’t agree on what privacy is, we’ll never reach a consensus on what the harms of surveillance are. This turns the “liberty lost” consideration in the project to balance liberty and security into a matter of assumption.
Just what privacy is in the digital age is a tough question to answer, but one – as we drive further into the deluge of Snowden leaks and a deeper understanding of the implications of Big Data – we need to start asking.
May we have a moment of your time?
Our public funding only covers some of the cost of producing high-quality, balanced content. We depend on the generosity of people who believe we all should have access to accurate, fair journalism. Caring people just like you!