The CSE – Communications Security Establishment – is Canada’s own surveillance agency. So far, little has been known about it and anyway, in the wake of the Snowden-disclosures, greater attention has been paid to the NSA and the GCHQ. This might now change. Latest revelations reported jointly by Canada’s CBC and The Intercept reveal that CBS
has developed a vast arsenal of cyberwarfare tools alongside its U.S. and British counterparts to hack into computers and phones in many parts of the world.
According to CBC,
The CSE toolbox includes the ability to redirect someone to a fake website, create unrest by pretending to be another government or hacker, and siphon classified information out of computer networks.
This will of course sound familiar to anyone who has been following the reporting based on the documents provided by Edward Snowden. For example, it was revealed a while ago that the NSA has the ability to redirect someone to fake websites which appear to be social media like Facebook.
Previous revelations about the CBS have included the information that it
maintains a network of infected private computers — what’s called a botnet — that it uses to disguise itself when hacking targets.
CBC further reports that CBS and NSA cooperate closely. No surprises there. What is new are revelations about CBS’s “cyber-spy capabilities that go beyond hacking for intelligence, including:
– destroying infrastructure, which could include electricity, transportation or banking systems;
– creating unrest by using false-flags — ie. making a target think another country conducted the operation;
– disrupting online traffic by such techniques as deleting emails, freezing internet connections, blocking websites and redirecting wire money transfers.
These are highly offensive and disruptive capabilities.
According to National Security Expert Christian Leuprecht, Canada has no intention “– for now – to become embroiled in a dangerous cyberwar by using its most destructive tools to attack other countries.”
Well, that’s a relief! Or not. The “for now” hints that starting a cyberwar at some point isn’t something everyone in Canada categorically rejects.
In any case, the most recent revelations have prompted Ronald Deibert, director of the Citizen Lab, an internet research group at University of Toronto’s Munk School of Global Affairs to say:
These are awesome powers that should only be granted to the government with enormous trepidation and only with a correspondingly massive investment in equally powerful systems of oversight, review and public accountability.
Christopher Parsons, a surveillance expert at Citizen Lab, pointed out that Canada’s computer networks had already been “turned into a battlefield without any Canadian being asked: Should it be done? How should it be done?”
The CSE itself has issued a statement saying, among other things that “the leaked materials are dated documents…As a result, the information in these documents does not necessarily reflect current CSE practices or programs” while also complaining that “the publication of these documents renders our methods less effective when addressing threats to Canada and Canadians” – the latter being the much-used damage to national security argument that has already been called into question in relation to the US and the UK.
Naturally, there have been calls for debate in Canada, which is especially important at a time when “the Anti-Terrorism Act, Bill C-51, currently being debated, could legalize use of some of the capabilities outlined in these classified documents.” For example, while the bill in question provides increased powers to CSIS, Canada’s domestic surveillance agency, it would allow CSIS “to more readily use or exploit the latent domestic capabilities that CSE [its sister-agency] has built up.” Currently, CSE – according to its own statement – already “provides technical assistance to federal law enforcement and security agencies…at their specific request and only under the requesting agency’s legal authority, such as a warrant”.
In light of this, recent and past revelations should indeed serve as a “major wake-up call for all Canadians” to debate whether or not their surveillance agencies should have powers that would allow them, for example to “[rig] the outcome of online polls, [send] out fake messages on Facebook across entire countries, and [post] negative information about targets online to damage their reputations.”
That debate is long overdue – and not just in Canada either. Whether Canadians will heed this wake-up call and begin the debate is an entirely different matter, of course. Opposition to Bill C-51 suggests that at least some of them are.