Worth reading...

Some recent commentaries on CSE, surveillance, and privacy:

Michael Geist, "Canada complicit in undermining Internet privacy: Geist," Toronto Star, 13 September 2013

As the tidal wave of disclosures on widespread U.S. surveillance continues - there is now little doubt that the U.S. government has spent billions creating a surveillance infrastructure that covers virtually all Internet and wireless communications - the question of Canada’s role in these initiatives remains largely shrouded in secrecy.

The Canadian government has said little, but numerous reports suggest that agencies such as the Communications Security Establishment Canada (the CSE is the Canadian counterpart to the U.S. National Security Agency) are engaged in similar kinds of surveillance. This includes capturing metadata of Internet and wireless communications and working actively with foreign intelligence agencies to swap information obtained through the data mining of Internet-based surveillance.

The active connection between Canadian and U.S. officials moved to the forefront last week with reports that Canadian officials may have played a starring role in facilitating U.S. efforts to create a “backdoor” to widely used encryption standards. That initiative has been described as “undermining the very fabric of the Internet.”

Ron Deibert, "To protect Canadians' privacy, telcos must shut the 'back door'," Globe and Mail, 16 September 2013

Recently leaked Edward Snowden documents reveal the U.S. National Security Agency, in its quest to vacuum as much digital data as possible, has been compelling communications companies to build secret vulnerabilities into their systems, otherwise known as “back doors.” These special methods of bypassing normal authentication procedures to secretly access encrypted communications are known only to the companies that build them and the NSA agents that have access to them. Not surprisingly they prefer to keep such dalliances hidden in the dark.

Given Canada’s special relationship with our cousins south of the border, it should come as no surprise that our own security agencies also prefer the back door. According to The Globe and Mail, “for nearly two decades, Ottawa officials have told telecommunications companies that one of the conditions of obtaining a licence to use wireless spectrum is to provide government with the capability to bug the devices that use the spectrum.” Documents obtained by The Globe also reveal that as part of these requirements, Ottawa has demanded companies scramble encryption so that it can be accessed by Canada’s law enforcement agencies – encryption that protects our intimate conversations, banking transactions, transmission of health and financial records, and so on. Remarkably, Ottawa deems such requirements too sensitive to be shared with the public. ...

The back door approach is symptomatic of a larger trend, and a particular approach to securing cyberspace prominent today that privileges intelligence and security agencies over other stakeholders, designs security through obscurity, and undermines checks and balances around government.

Law enforcement and intelligence agencies are necessary and important to liberal democracy, but there is more than one way for them to go about their missions. In the world of Big Data, in which so much personal information is readily available, new methods of “connecting the dots” must be explored other than those that drill holes into our communications infrastructure from the inside out and leave users dependent on the digital equivalent of Swiss cheese. Government surveillance needs re-thinking today, beginning with a loud and clear call to “shut the back door!”

Ann Cavoukian, Ron Deibert, Andrew Clement & Nathalie Des Rosiers, "Real privacy means oversight," Globe and Mail, 16 September 2013

In democratic societies, governments must be accessible and transparent to their citizens. And individuals must be free to make informed choices about what personal details to reveal about their lives. Governments are permitted to access personal information only when authorized by law. When it comes to the state's power to conduct surveillance, critical privacy protections must include independent oversight.

While there is much criticism of the U.S. Foreign Intelligence Surveillance Court, at least it has oversight of NSA activities. There is no equivalent in Canada. CSEC's operations rely on ministerial approval, with little transparency or accountability. Canadians know startlingly little about what our government is doing - and, potentially, what foreign intelligence agencies are doing - with their personal information. It is disturbing that there's been so little debate on this important issue, even in Parliament.

CSEC's only meaningful accountability rests on a single annual review undertaken by a single individual - woefully inadequate. In his report this summer, CSEC Commissioner Robert Décary, a retired judge, issued a rare public critique, acknowledging that he'd been unable to reach a definitive conclusion about the agency's compliance or non-compliance with the law for various foreign signals intelligence activities. Some activities, he said, "may have been directed at Canadians, contrary to the law."

CSEC, and the government, must account for what's taken place. Canadians rightly deserve answers on the scope of domestic spying powers. How much will we allow in the name of security and public safety? There is no question that some measures are necessary to counter terrorism, but must they always be at the exclusion of privacy? We say no.

There can be little doubt that surveillance is a global issue, with personal information being shared across jurisdictions, sometimes in a manner that contravenes the most basic principles of privacy and freedom. We must engage citizens so the message of "respect our privacy, respect our freedoms," can be heard, loud and clear. In a free and open society, we deserve no less.

David Lyon, "Can citizens roll back silent army of watchers?" Toronto Star, 23 September 2013

...[A]sking questions is long overdue. Fears fanned by 9/11 “security” and the fun fostered by Facebook distracts us from what’s really going on: the surveillance playing field now tilts perilously in favour of large organizations and away from individuals and groups. Such surveillance undermines our relationship as citizens to the state — we may naively comply but we didn’t consent. ...

Who will ask these questions and more? It isn’t just a matter of “catching up” with new technology, although recognizing that Canadian law lags pathetically behind reality would be a start. It’s also about why technological potential is permitted to become political destiny, why everyone has become a suspect and why organizations are so resistant to calls for accountability for sensitive personal information.

Canada, blessed with much better personal data protection than many other countries and a long history of innovative thinking about communications, could still take the lead in reversing the trend toward unwarranted and disproportionate surveillance. The so-called digital era is not self-propelling, nor is it inevitably destructive of trust or care for vulnerable groups.

It’s up to us to keep up the pressure for answers and, more important, for public debate on surveillance today. There’s already a palpable groundswell. One key site for information is SecretSpying.ca.