Communications Security Establishment
National Research Council | |
Type | government agency responsible for
|
---|---|
Headquarters | Tutte Institute for Mathematics and Computing |
Key document |
|
Website | www |
The Communications Security Establishment (CSE;
Formally administered under the Department of National Defence (DND), the CSE is now a separate agency under the National Defence portfolio. The CSE is accountable to the Minister of National Defence through its deputy head, the Chief of CSE. The National Defence Minister is in turn accountable to the Cabinet and Parliament. The current Chief of the CSE is Caroline Xavier, who assumed the office on 31 August 2022.[6][7]
In 2015, the agency built a new headquarters and campus encompassing 340,000 m2 (84 acres). The facility totals a little over 110,000 m2 (1,200,000 sq ft) and is adjacent to CSIS.
History
CSE originates from Canada's joint military and civilian
Examination Unit
The Examination Unit (XU) was established during the
In March 1942, XU moved next door to
The original mandate of the Examination Unit was to intercept the
By 1945, the disparate SIGINT collection units of the Canadian Navy, Army, and Air Force, were consolidated into the Joint Discrimination Unit (JDU), which was headquartered in Ottawa in the same building as the XU. By the end of the War, the military JDU and the civilian XU were able to coordinate SIGINT collection, analysis, and dissemination so efficiently that it led officials to consider the establishment of peacetime SIGINT operations.[9] In September 1945, U.S. President Harry Truman declared it would be vital to carry out such operations, and Canadian authorities came to the same conclusion in December later that year.[9][12]
On 13 April 1946, a secret Order in Council allowed for postwar continuation of wartime cryptologic efforts and thus the Communications Branch of the National Research Council of Canada (CBNRC) was founded. This agency would be the predecessor to today's Communications Security Establishment (CSE).[9][10][12]
Communications Branch of the National Research Council
Beginning operations on 3 September 1946, the Communications Branch of the National Research Council (CBNRC) was the first
With Edward Drake as its first director, the agency worked with intercepted foreign
CBNRC finally began domestic COMSEC efforts on 1 January 1947.[10] During the Cold War, the CBNRC was primarily responsible for providing SIGINT data to the Department of National Defence regarding the military operations of the Soviet Union.[14]
In February 1950, R. S. McLaren was appointed the first CBNRC Senior Liaison Officer (CBSLO) to
CBNRC and the information it gathered and shared was kept secret for 34 years until 9 January 1974, when CBC Television aired a documentary titled The Fifth Estate: The Espionage Establishment.[15] This was the first time that the organization had ever been mentioned in public.[9] This resulted in an outcry in the House of Common and an admission by the Canadian government that the organization existed.[16]
Communications Security Establishment
In 1975, the CBNRC was transferred to the Department of National Defence (DND) by an Order in Council, and became the Communications Security Establishment.[8] CSE was now publicly known, and had diversified since the Cold War becoming the primary SIGINT resource in Canada.
In 1988, CSE created the Canadian System Security Centre to establish a Canadian computer security standard among other goals.[17] This led to the publication of the Canadian Trusted Computer Product Evaluation Criteria.[17]
Following the September 11 attacks in 2001, Canada's Anti-terrorism Act (ATA) was ratified, receiving royal assent on 18 December 2001. It amended the National Defence Act to formally acknowledge and mandate the activities of CSE. It also made amendments to the Canadian Security Intelligence Service Act, the Criminal Code, and the Official Secrets Act (later the Security of Information Act).[9]
In early 2008, in line with the Federal Identity Program (FIP) of the Government of Canada, which requires all federal agencies to have the word Canada in their name,[18] CSE adopted the applied title Communications Security Establishment Canada (CSEC; French: Centre de la sécurité des télécommunications Canada, CSTC). Since mid-2014, the organization has used its legal name (Communications Security Establishment) and initials (CSE) on its website and in public statements.
In November 2011, CSE was made an independent agency, though still operating under the National Defence portfolio and constrained by the National Defence Act.[9]
In June 2019, the Communications Security Establishment Act was passed as part of an omnibus national security bill called the National Security Act 2017. Coming into force two months later, in August, the act set out the mandate and powers of CSE.[19] As part of the omnibus bill, oversight of CSE activities was assumed by the newly created National Security and Intelligence Review Agency (NSIRA).[20]
On October 11, 2023, CSE Chief Caroline Xavier said in an interview with CBC News that CSE offices in various cities may be opened to alleviate staffing shortages.[21]
Insignia
CSE uses generic identifiers imposed by the Federal Identity Program. However, CSE is one of several federal departments and agencies (primarily those having law enforcement, security or regulatory functions) that have been granted a badge by the Canadian Heraldic Authority. The badge was granted in 1994, while CSE's pennant was first raised in 1996 to mark the organization's 50th anniversary.
From the 1990s to the mid 2000s, CSE's Information Technology Security program used a logo to identify its products and publications. The triangle represented threats, while the arc symbolized protection.[22]
Operations
Unique within Canada's security and intelligence community, the Communications Security Establishment employs code-makers and code-breakers (cryptanalysis) to provide the Government of Canada with information technology security (IT Security) and foreign signals intelligence services. CSE also provides technical and operational assistance to the Royal Canadian Mounted Police and federal law enforcement and security agencies, including the Canada Border Services Agency and the Canadian Air Transport Security Authority.
Signal intelligence
CSE relies on its closest foreign intelligence allies, the US, UK, Australia and New Zealand to share the collection burden and the resulting intelligence yield. Canada is a substantial beneficiary and participant of the collaborative effort within the partnership to collect and report on foreign communications.[14]
During the
While these continue to be key intelligence priorities for Government of Canada decision-makers, increasing focus on protecting the safety of Canadians is prompting greater interest in intelligence on transnational issues, including terrorism.
Code breaking equipment
CSE code breaking capabilities degraded substantially in the 1960s and 1970s but were upgraded with the acquisition of a Cray X-MP/11 (modified) supercomputer delivered to the Sir Leonard Tilley building in March 1985 and the hiring of code breaking analysts. It was, at the time, the most powerful computer in Canada. In the early 1990s, the Establishment purchased a Floating Point Systems FPS 522-EA supercomputer at a cost of $1,620,371. This machine was upgraded to a Cray S-MP superserver after Cray acquired Floating Point Systems in December 1991 and used the Folklore Operating System supplied by the NSA in the US.[23] These machines are now retired.
Little information is available on the types of computers used by the CSE since then. However, Cray in the US has produced a number of improved supercomputers since then. These include the Cray SX-6, early 2000s, the Cray X1, 2003 (development funded in part by the NSA), Cray XD1, 2004, Cray XT3, Cray XT4, 2006, Cray XMt, 2006 and Cray CX1, 2008. It is possible that some of these models have been used by the CSE and are in use today.
Canadian Centre for Cyber Security
Centre Canadien pour la Cyber Sécurité | |
Agency overview | |
---|---|
Agency executive |
|
Parent department | Communications Security Establishment |
Website | cyber.gc.ca |
The Canadian Centre for Cyber Security (CCCS or Cyber Centre;
As a unit under the Communications Security Establishment (CSE), the agency is Canada's computer emergency response team (CSIRT) and the Canadian government's computer Incident response team (CIRT).[9]
Officially created on 1 October 2018, CCCS consolidated the existing operational cyber-security units of several federal government organizations, including Public Safety Canada's Canadian Cyber Incident Response Centre, Shared Services Canada's Security Operations Centre, and the CSE's Information Technology Security branch.[24][25]
History
Formerly known as
The Cyber Centre was developed in response to CSE's consultations with Canadians in 2016 which identified various issues pertaining to cyber security in relation to the federal government, including accountability, departmental coordination, and leadership. In February 2018, the federal budget allocated funds for CSE, in collaboration with Public Safety Canada and Shared Services Canada, to launch the Cyber Centre.[27]
Officially created on 1 October 2018, CCCS consolidated the existing operational cyber-security units of several federal government organizations, including the Canadian Cyber Incident Response Centre of Public Safety Canada; the Security Operations Centre of Shared Services Canada; and the Information Technology Security branch of CSE.[24][25]
Prior to opening, in June 2018, Minister Ralph Goodale appointed Scott Jones the head of the new Centre.[28][26]
Tutte Institute for Mathematics and Computing
knowledge discovery to support the Canadian Cryptologic Program and its Five-Eyes international partners.[30]
Though officially founded in 2009, TIMC officially opened and formally named in September 2011. Sponsored and funded by the Communications Security Establishment, the institute is partnered with Institutes for Defence Analyses, CCR Princeton, CCR La Jolla, CCS Bowie, the Heilbronn Institute for Mathematical Research, Carleton University, and the University of Calgary and is working to create partnerships with other research institutes, government agencies and universities.[31] Researchers Leland McInnes and John Healy at the Tutte Institute developed a technique called FacilitiesCSE occupies several buildings in Ottawa, including the Edward Drake Building and the neighbouring Sir Leonard Tilley Building. CSE moved to the Tilley Building in June 1961. With the rapid expansion in the number of CSE personnel since the 9/11 attack in the US, the CSE has built new facilities. A new CA$1.2 billion[33] facility, encompassing 72,000 square metres (18 acres), has been built in the eastern part of Ottawa, immediately west of the headquarters building for the Canadian Security Intelligence Service. Construction began in early 2011 and was completed in 2015.[34] Governance and mandateLegislationIn addition to those mentioned below, CSE is bound by all other Canadian laws, including the Criminal Code, the Canadian Charter of Rights and Freedoms, the Privacy Act, Security of Information Act, and the Avoiding Complicity in Mistreatment by Foreign Entities Act.[19] In December 2001, the Canadian government passed omnibus bill C-36 into law as the Anti-Terrorism Act. The Act amended portions of the National Defence Act and officially recognized CSE's three-part mandate:
The Anti-Terrorism Act also strengthened CSE's capacity to engage in the war on terrorism by providing needed authorities to fulfill its mandate. In the 2007 Proceedings of the Canadian Senate Standing Committee on National Security and Defence, then-CSE Chief John Adams indicated that the CSE is collecting communications data when he suggested that the legislation was not perfect in regard to interception of information relating to the "envelope."[35]
Communications Security Establishment ActIn June 2019, the Communications Security Establishment Act (CSE Act) was passed, as part of the
The CSE Act requires that CSE activities do not target Canadians anywhere in the world, or any person in Canada, "unless there are reasons to believe that there is an imminent danger of death or serious bodily harm. The Act also requires the CSE protect the privacy of Canadians and persons in Canada. As such, CSE is forbidden, by law, to intercept domestic communications. When intercepting communications between a domestic and foreign source, the domestic communications are destroyed or otherwise ignored. (After the September 11 attacks on the United States in 2001, however, CSE's powers expanded to allow the interception of foreign communications that begin or end in Canada, as long as the other party is outside the border and ministerial authorization is issued specifically for this case and purpose.)[36] Governance and oversightThe Minister of National Defence guides and authorizes the activities of CSE using ministerial directives, ministerial authorizations, and ministerial orders, all of which are based on the "government’s intelligence priorities as set out by Cabinet through discussion and consultations with the security and intelligence community." The Defence Minister cannot authorize any activities that are not included in the CSE mandate or grant CSE any powers that do not exist in Canadian law.[19] Ministerial directives are how the Minister of National Defence instructs the Chief of CSE.[19] CSE operates under a system of independent oversight:[37]
CSE activities are also subject to several external oversight and review bodies.[37] As with any other federal department or agency of Canada, the activities of CSE are also subject to review by various federal bodies, including:[37]
Heads of the CSE
Communications Security Establishment CommissionerOversight over CSE was formerly provided by the Office of the Communications Security Establishment Commissioner (OCSEC; French: Bureau du commissaire du Centre de la sécurité des télécommunications, BCCST), which was created on 19 June 1996 to review CSE's activities for compliance with the applicable legislation, accept and investigate complaints regarding the lawfulness of the agency's activities, and to perform special duties under the 'Public Interest Defence' clause of the Security of Information Act.[40] The Commissioner provided an annual public report on his activities and findings to Parliament, through the Minister of National Defence.[41] Between 1996 and 2019, there were six Commissioners:[10]
As part of an omnibus national security bill (the National Security Act 2017) passed by Parliament in 2019, the OCSEC was abolished and its responsibilities divided between two newly created entities: employees of the OCSEC were transferred to the Office of the Intelligence Commissioner; and the review functions of the former OCSEC were assumed by the National Security and Intelligence Review Agency (NSIRA).[20][38] The previous Commissioner of CSE, Jean-Pierre Plouffe, was appointed to the role of Intelligence Commissioner on 18 July 2019.[20][38] ECHELON
Under the 1948 Government Communications Headquarters (GCHQ), the Australian Signals Directorate (ASD), and New Zealand's Government Communications Security Bureau (GCSB).[8][43]
Along with these services from the United States, the UK, New Zealand, and Australia, CSE is believed to form the ECHELON system. Its capabilities are suspected to include the ability to monitor a large proportion of the world's transmitted civilian telephone, fax and data traffic. The intercepted data, or "dictionaries" are "reported linked together through a high-powered array of computers known as 'Platform'."[43] ControversiesCBNRC and the information it gathered and shared was kept secret for 34 years until 9 January 1974, when the CBC Television documentary show, The Fifth Estate, aired an episode focused on the organization, with research by James Dubro.[15] This was the first time that the organization had ever been mentioned in public.[9] This resulted in an outcry in the House of Commons and an admission by the Canadian government that the organization existed.[16] A former employee of the organization, Mike Frost, claimed in a 1994 book, Spyworld, that the agency eavesdropped on Margaret Trudeau to find out if she smoked marijuana and that CSE had monitored two of former British prime minister Margaret Thatcher's dissenting cabinet ministers in London on behalf of the UK's secret service.[44] In 1996, it was suggested that CSE had monitored all communications between Somalia Inquiry into the killing of two unarmed Somalis by Canadian soldiers.[45]
In 2006, CTV Montreal's program On Your Side conducted a three-part documentary on CSE naming it "Canada's most secretive spy agency" and that "this ultra-secret agency has now become very powerful," conducting surveillance by monitoring phone calls, e-mails, chat groups, radio, microwave, and satellite.[46]
In 2007, former Ontario lieutenant-governor, Air India Inquiry on May 3 that he saw a CSE communications intercept warning of the June 22, 1985 bombing of Air India Flight 182 before it occurred. Two former CSE employees have since testified that no CSE report was ever produced.[47]
In 2013, a coalition of civil liberties associations launched a campaign directed against the government's perceived lack of transparency on issues related to the agency, demanding more information on its purported domestic surveillance activities.[48] Further criticism has arisen surrounding the construction costs of the agency's new headquarters in Ottawa. The project is slated to cost over CA$1.1 billion, making it the most expensive government building in Canadian history.[49] In 2014, a leaked, top-secret presentation entitled “IP Profiling Analytics & Mission Impacts” summarized experiments tracking the cellphones of travellers passing through Toronto Pearson International Airport.[50] Critics argued that the experiment was invasive and indiscriminate, while CSE countered that it was consistent with all relevant laws and mandates. In 2016, the CSE Commissioner found that one of the agency's metadata activities did not comply with the law. Specifically, CSE had failed to properly minimize certain Canadian identity information before sending it to foreign governments, contravening parts of the National Defence Act and the Privacy Act.[51] Media portrayalIn See also
References
External linksWikimedia Commons has media related to Communications Security Establishment. |