Anatomy of a Spy Scandal
Carl Meyer
A timeline of how the 2013 surveillance leaks unfolded, and the evolution of Canada’s electronic eavesdropping agency. Part of the Embassy and OpenCanada series The End of Privacy?
THE BACKSTORY
1974
CSE is born
A CBC program titled “The Fifth Estate: The Espionage Establishment” exposed Canadian signals intelligence efforts, then being run out of the communications branch of the National Research Council. It led to questions in the House of Commons, and soon after the government renamed the unit the Communications Security Establishment and moved it into the portfolio of the Department of National Defence.
Credit: Bill Robinson
1982
Larry Clark
A former agent in a Canadian Forces eavesdropping outfit from 1962 to 1974, Clark revealed much of his efforts in electronic warfare with the Soviets in a 1982 four-part series in the Edmonton Journal. Clark said the NSA, even back then, could break the codes of the Canadian military and other government departments “because they supply the encoding equipment.” He referred to the outfit as “a branch plant” of the NSA, and declared “there is no privacy in this country. Basically, if they want to monitor you they will.”
Credit: Bill Robinson
1993
Library of Parliament study
The study wonders “how can a government institution that functions most effectively in the shadows be held publicly accountable without compromising its efficacy?”
Credit: Mark Collins
1994
Spyworld
Former agent Mike Frost’s tell-all, co-written with Michel Gratton, “Spyworld: How CSE Spies on Canadians and the World.
Credit: Mark Collins
1995
The original CSEC whistleblower
Former employee Jane Shorten, who worked for the agency from 1986 to 1994, accuses it of breaking the law by intercepting Canadian communications in Canada. Then, as now, the agency claimed it does not do so.
1996
Commissioner established
The government creates the office of the CSE commissioner to oversee the agency’s activities.
Fred Stock
In an article in Kitchener, Ont.’s The Record, an ex-CSE employee ties the organization to the 1993 military scandal involving Canadian peacemakers in Somalia. Stock said CSE was “keeping an eye on everything that was going on,” and called on agency officials to testify at the Somalia inquiry.
Credit: Bill Robinson
1998
Economic espionage
Bruce Livesey’s Financial Post piece on CSE: “Trolling for Secrets: Economic Espionage is the New Niche for Government Spies”
Credit: Bill Robinson
2001
CSEC’s mandate changes
After 9/11, the government orders the agency to follow three priorities:
- “To acquire and use information from the global information infrastructure for the purpose of providing foreign intelligence, in accordance with government of Canada intelligence priorities.”
- “To provide advice, guidance and services to help ensure the protection of electronic information and of information infrastructures of importance to the government of Canada.”
- “To provide technical and operational assistance to federal law enforcement and security agencies in the performance of their lawful duties.”
2005
Parliamentary oversight proposed
Bill C-81, An Act to establish the National Security Committee of Parliamentarians, receives first reading in the House of Commons on Nov. 24, 2005. A federal election two months later would replace the governing Liberals with the Conservatives under Stephen Harper.
2009
Committee recommends bill
A public safety committee report on the two federal inquires recommends introducing an act similar to Bill C-81.
2010
Adams dismisses contractor concerns
CSEC chief John Adams, in the midst of planning the agency’s new 72,000 square-metre, $880-million headquarters in Ottawa, tells The Globe and Mail that he doesn’t think private sector contractors represented a risk to national security, suggesting they would be vetted appropriately.
2011
CSEC becomes standalone agency
The organization changes its name from the Communications Security Establishment to Communications Security Establishment Canada, and its reporting requirements change.
2012
CSEC gets darker
The agency stops reporting its annual priorities, the Canadian Press reports.
THE SNOWDEN LEAKS
June 6, 2013
Verizon phone records
The United States National Security Agency, the Five Eyes intelligence partner of CSEC, is revealed to be collecting the phone records of millions of Verizon customers daily, Glenn Greenwald reports in The Guardian.
June 7, 2013
PRISM
The NSA’s program is able to tap in to user data from Apple, Google, Facebook, and other tech giants used by Canadians, Mr. Greenwald reports with Ewen MacAskill.
U.S. has overseas cyber target list
A top secret U.S. directive orders offensive cyber capabilities around the world, Mr. Greenwald and Mr. MacAskill report.
Privacy czar concerned
A spokesperson for Privacy Commissioner Jennifer Stoddart says “the scope of information reportedly being collected raises significant concerns,” Anna Mehler Paperny and Nicole Bogart report for Global News.
June 10, 2013
Snowden unmasked
Former NSA contractor Edward Snowden is the man behind the explosive electronic eavesdropping leaks, Mr. Greenwald, Mr. MacAskill, and Laura Poitras report. Mr. Snowden boarded a flight for Hong Kong on May 20 and went into hiding. He says he became a whistleblower because “The NSA has built an infrastructure that allows it to intercept almost everything. With this capability, the vast majority of human communications are automatically ingested without targeting.”
CSEC has similar metadata program
Then-defence minister Peter MacKay signed a ministerial directive in 2011 to a similar eavesdropping program, Colin Freeze reports in The Globe and Mail. The story is picked up internationally.
MacKay defends program
CSEC’s program “is specifically prohibited from looking at the information of Canadians,” MacKay says in response to a query from NDP Leader Tom Mulcair in Question Period.
June 11, 2013
Boundless Informant
This NSA tool maps, catalogs and analyzes the data it gets from foreign countries, giving an ability to agents to quickly examine intelligence gaps, Mr. Greenwald and Mr. MacAskill report.
June 12, 2013
Privacy concerns abound
Surveillance programs in the U.S. and Canada have sparked considerable privacy concerns, Embassy reports.
June 13, 2013
MacKay issued new directives
Mr. MacKay issued seven new instructions to CSEC to guide it on how it can help Canada’s other spy agency, the Canadian Security Intelligence Service, and the RCMP, Jim Bronskill reports for CP.
Décary weighs in
“Public discussion would benefit from additional information,” CSE commissioner Robert Décary says in a statement.
June 15, 2013
Firms swap data for access
Thousands of firms trade sensitive information for access to classified intelligence with U.S. national security agencies, Michael Riley reports for Bloomberg News.
June 17, 2013
U.S. envoy dismisses privacy concerns
Then-U.S. ambassador David Jacobson tells CTV News that Americans and Canadians value individual liberties.
U.K. spied on G20
The United Kingdom’s Government Communications Headquarters, a Canadian intelligence partner, intercepted foreign politicians’ chatter at the 2009 London G20, Mr. MacAskill reports with Nick Davies, Nick Hopkins, Julian Borger, and James Ball. The leaked documents bear the logo of CSEC.
June 20, 2013
Info banks unlisted
The defence department did not publish CSEC’s personal information listings, Mr. Bronskill reports.
June 21, 2013
TEMPORA
This program allows Five Eyes partner GCHQ to intercept “email messages, Facebook posts, internet histories and calls” at key choke points, which it then shares with the NSA, reports Mr. MacAskill, Mr. Borger, Mr. Hopkins, Mr. Davies and Mr. Ball.
Snowden charged
The U.S. charges Mr. Snowden with “theft of government property, unauthorized communication of national defence information and willful communication of classified communications intelligence information to an unauthorized person.”
June 23, 2013
Snowden heads for Moscow
Mr. Snowden leaves Hong Kong for Moscow.
June 30, 2013
DROPMIRE
The U.S. bugs foreign embassies and diplomatic staff, including those of allies, Mr. MacAskill and Mr. Borger report.
July 7, 2013
FAIRVIEW
The U.S. partners with telecommunications agencies, which partner with foreign telecoms, permitting access to foreign data, Mr. Greenwald reports.
July 31, 2013
XKEYSCORE
The widest-reaching program disclosed so far allows NSA agents to search through emails, online chats, and browsing histories of millions of people, Mr. Greenwald reports.
August 1, 2013
Snowden gets asylum
Mr. Snowden leaves the Moscow airport, where he had been trapped for a month, after being granted temporary asylum for one year in Russia.
August 8, 2013
U.S. spies on content of emails, texts
The NSA searches the contents of large amounts of emails and texts transiting the U.S., Charlie Savage reports in the New York Times.
August 15, 2013
NSA broke privacy rules
An internal audit says the NSA broke privacy rules “thousands of times each year” since 2008, Barton Gellman reports in the Washington Post.
August 20, 2013
BLARNEY, OAKSTAR, LITHIUM, STORMBREW
These NSA programs, together with FAIRVIEW, have the ability to reach roughly three quarters of all U.S. internet traffic, Siobhan Gorman and Jennifer Valentino-DeVries report in the Wall Street Journal.
August 21, 2013
Décary: Canadians may be victims
CSEC may have illegally targeted Canadians over the past year, Mr. Décary indicates in his report to Parliament.
August 22, 2013
CSEC denies report
Responding to the Décary report, the agency says it did not break the law.
August 29, 2013
Australia taps undersea cables
Five Eyes partner Australia taps undersea cables for data, Philip Dorling reports for the Sydney Morning Herald.
August 30, 2013
GENIE
U.S. spy agencies mounted hundreds of offensive cyber operations in 2011, Mr. Gellman and Ellen Nakashima report.
September 5, 2013
BULLRUN
The NSA can circumvent most encryption, using “supercomputers, technical trickery, court orders and behind-the-scenes persuasion,” report Nicole Perlroth, Jeff Larson, and Scott Shane for the New York Times. The report says CSEC handed over control of encryption standards to the NSA.
September 7, 2013
Smartphone spying
The NSA has a program to spy on smartphone data including that of BlackBerry, Ms. Poitras reports with Marcel Rosenbach and Holger Stark in Der Spiegel.
September 8, 2013
Brazil’s Petrobras
Brazilian Globo TV show Fantastico says the U.S. spied on the state-run Petrobras oil firm in Brazil.
September 25, 2013
Indians and the UN
The NSA may have accessed Indian Embassy and UN computers in Washington and New York, Jason Burke reports in The Guardian.
October 6, 2013
Brazil’s mining and energy ministry
Fantastico reports that the agency spied on computers and smartphones associated with the ministry in order to gain economic intelligence.
OLYMPIA
The “network knowledge engine” used by CSEC to target the Brazilian Ministry of Mines and Enegery.
October 7, 2013
Greenwald says more to come for Canada
“There’s a lot of other documents about Canadians spying on ordinary citizens, on allied governments, on the world, and their co-operation with the United States government,” Greenwald tells CBC News.
October 9, 2013
Energy meetings
The agency held private meetings with Canadian energy firms, The Guardian reports.
New CSEC commissioner appointed
The Honourable Jean-Pierre Plouffe is named the new Commissioner of the Communications Security Establishment.
CSEC boss defends agency
In a speech to a government technology conference, CSEC Chief John Forster said that although the “classified nature of our work” meant he couldn’t comment on intelligence efforts, he asserted that “everything that CSE does in terms of its foreign intelligence mandate, follows Canadian law.” He also said “we do not target Canadians at home or abroad, in our foreign intelligence activities, nor anyone in Canada.”
October 14, 2013
Address books
The NSA is gathering contact lists in large numbers that amount to “a sizable fraction of the world’s e-mail and instant messaging accounts,” Mr. Gellman and Ashkan Soltani report.
October 21, 2013
France
The U.S. spies on “terrorist suspects…politicians, businesspeople…[and] members of the administration” in France, Mr. Greenwald and Jacques Follorou report in Le Monde. The program “US-985D” was used to track 70 million French phone calls in a month.
October 27, 2013
STATEROOM
Canada hosts U.S. spy equipment in embassies.
October 29, 2013
NDP wants Parliamentary oversight
NDP Defence critic Jack Harris calls for greater Parliamentary oversight of CSEC.
Europeans provide U.S. with phone records
So testifies NSA Director Keith Alexander at the U.S. House Intelligence Committee
October 30, 2013
MUSCULAR
NSA breaks into communications links that connect Google and Yahoo data centres.
Spain
The NSA tracks 60 million Spanish phone calls in a month.
October 31, 2013
SIRC report
The Security Intelligence Review Committee, the watchdog for Canada’s main spy agency, raises concerns about “potential erosion of control” of information when collaborating with CSEC.
November 1, 2013
European partnerships
The U.K.’s Five Eyes unit, GCHQ, partners with the intelligence services of Germany, France, Spain, and Sweden to carry out bulk monitoring. A Guardian article refers to a “loose but growing eavesdropping alliance” allowing agencies to form relationships with foreign corporations to aid spying.
November 7, 2013
New national security committee bill
Liberal MP Wayne Easter introduces Bill C-551, which would create a national security committee of Parliamentarians with top-secret access. The following day, Ontario’s information and privacy commissioner says she’s “heartened” by the bill.
November 9, 2013
Construction fire
CSEC’s new headquarters, still under construction, is damaged by a fire started on the building’s roof.
Canadian clout
Greenwald tells the CBC that CSEC is “one of the most active surveillance agencies in the world.” He promises many more documents revealing as much.
November 12, 2013
Budget growth
CSEC’s budget for 2013-14 is now estimated to be $460,887,980, which is three and a half times its size in 2000-1.
November 17, 2013
Royal Concierge
GCHQ monitors the travel of diplomats around the world through an automated hotel booking system, Ms. Poitras, Mr. Rosenbach and Mr. Stark report in Der Spiegel. After the hotel is booked, a “technical operations community” makes preparations for the visit, state the documents, which are marked as releasable to the Five Eyes.
November 20, 2013
U.K. data access
A 2007 deal gave Canada and other Five Eyes countries access to a database of U.K. citizens’ phone, email, and internet records, the Guardian reports. This is described as “the first explicit confirmation that U.K. citizens have been caught up in U.S. mass surveillance programs.”
Segal weighs in
Conservative Senator Hugh Segal says Canada’s spy oversight regime is a “non-system of zero legislative accountability.”
November 27, 2013
NSA Spied on the Toronto G20
The NSA conducted widespread surveillance of the 2010 G20 summit in Toronto from the U.S. embassy in Ottawa, an operation that was “closely co-ordinated” with CSEC, reports Greg Weston, Glenn Greenwald, and Ryan Gallagher.
November 28, 2013
Nicholson, Forster stay mum
At an appearance at the House defence committee, Defence Minister Rob Nicholson and Mr. Forster both refused to give details on spying allegations. Mr. Forster again declined to comment on intelligence efforts, but repeated his assertion that “CSEC, under its legislation, cannot target Canadians anywhere in the world or anyone in Canada, including visitors to Canada.” He added “we cannot ask our allies to do any kind of operations that we ourselves are not permitted to do under law.” Mr. Nicholson echoed these comments.
December 2, 2013
Australian sharing
At a 2008 Five Eyes meeting in Britain, Australia declared it could share certain information on its citizens with international partners. The report, however, notes that “the Canadians insisted that bulk collection could only be shared if information about its citizens was first ‘minimised’, meaning deleted or removed.” Mr. MacAskill, Mr. Ball and Katharine Murphy report for the Guardian Australia.
December 4, 2013
The NSA collects around five billion records a day on the location data of cell phones, creating a database of trillions of records, Mr. Gellman and Mr. Soltani report in the Washington Post. The system allows agents to track phones anywhere in the world and retrace their steps. The report states that “in scale, scope and potential impact on privacy, the efforts to collect and analyze location data may be unsurpassed among the NSA surveillance programs that have been disclosed since June.”
December 16, 2013
U.S. judge gives stop order
The NSA’s collection and querying efforts “likely violate the Fourth Amendment,” US District Court Judge Richard Leon said in a judgment. He indicated he was not convinced that the NSA database “has ever truly served the purpose of rapidly identifying terrorists in time-sensitive investigations.”
December 18, 2013
Panel Recommends major changes
A presidential panel submitted 46 recommendations on NSA surveillance tactics. The panel recommended, in part, yanking metadata from government hands and securing it against mass government queries; subjecting spying on foreign leaders to presidential approval; splitting control of the NSA and the US military’s Cyber Command; stopping efforts to undermine encryption; and changing the way employees like Snowden are evaluated.
December 20, 2013
Further heads of state spying
GCHQ and NSA spied on African heads of state, international aid organization heads, European Union officials, UN directors, and oil and finance officials, say new documents dating from 2008 to 2011. James Glanz and Andrew W. Lehren report for the New York Times.
Federal Judge takes CSIS to task
Richard Mosley, a federal court judge, said CSIS misled him when he granted warrants in 2009 to eavesdrop on certain Canadians abroad. CSIS told the court it would use CSEC to carry out the surveillance from within Canada, but CSEC passed on the jobs to one or more of its Five Eyes partners, Mr. Mosley said.
December 29, 2013
NSA intercepts computer shipments
In a sweeping report on the TAO team inside the NSA, Der Spiegel reports that TAO can divert the shipment of new computers or related accessories to its own workshops.
January 2, 2014
Penetrating hard targets
The NSA is attempting to build a quantum computer for the purpose of breaking most encryption. The $79.7 million program is called Penetrating Hard Targets, Mr. Gellman and Steven Rich report for the Washington Post.
January 3, 2014
CSEC changes website to admit to ‘incidental’ spying on Canadians
An addition to the CSEC website adds the explanation that the surveillance agency can “incidentally” intercept private communications of Canadians, Mr. Robinson noted. The statement reads that “if a private communication is incidentally intercepted (e.g. a foreign individual we are targeting overseas is communicating with someone in Canada), CSE takes steps to protect the privacy of that information.” The news is picked up by several outlets.
January 14, 2014
NSA can use covert radio waves
Since 2008, the NSA has been using new technology to access computers not connected to the internet through covert radio waves, David E. Sanger and Thom Shankerjan report for the New York Times. The radio waves can be transmitted from certain circuit boards and USB cards.
January 17, 2014
Snowden leaks prompt CSEC review
CSEC is examining its privacy practices and the potential damage to its capabilities, according to a three-page note obtained under the Access to Information Act by the Canadian Press. The note was sent from Mr. Forster to national security adviser Stephen Rigby, CP writes.
Obama speech calls for NSA reform
In a widely-anticipated speech, U.S. President Barack Obama announced restrictions on the bulk collection of phone records, accepting the presidential panel’s recommendation that each search of metadata should need court permission. He also announced restrictions on how many people’s records can be searched. But the president did not address other recommendations that the metadata should be housed in private hands, that the number of years the data is held should be limited, or that the selection of judges on the Foreign Service Intelligence Court should be changed. He also only partially addressed other recommendations.
2013
2014