SCONSAD / SECD Opening Remarks by Chief, CSE - February 3, 2013

Read the full minutes of this meeting on the Parliament of Canada website

Monday, February 3, 2013

CHECK AGAINST DELIVERY

Introduction

Mr. Chair and Honourable Senators, thank you for your invitation to appear. As some of you may recall, I had the opportunity to appear in front of this Committee in the Fall of 2012 to discuss how the Communications Security Establishment (CSE) plays a major role in the defence of Canada from cyber threats.

Today, I am pleased to come back to answer any new questions this Committee may have, particularly in regard to our foreign intelligence mandate, which has been a subject of significant attention following recent unauthorized disclosures of classified materials and subsequent media coverage.

I hope to provide you with an accurate sense of: how our work protects Canadians and Canada’s interests; how we protect the privacy of Canadians as we go about our work; and, how we are held to account by our own policies and procedures and by independent parties, such as the CSE Commissioner.

What We Do

As my colleague has mentioned and as was outlined in the CSIS report tabled last week, the threat environment we face is constantly evolving. Now, more than ever, foreign intelligence is indispensable in discovering threats to our security and prosperity, such as terrorism or cyber attacks.

CSE plays a critical role in the Government’s efforts to address these threats. CSE’s mandate flows from the National Defence Act and requires CSE to provide the Government of Canada with three key services:

  • First, we collect foreign signals intelligence that supports government decision-making by providing information on the capabilities, activities or intentions of foreign entities, such as states or terrorist groups, as they relate to international affairs, defence or security.
    • The National Defence Act specifies that these CSE activities are bound by and must be in accordance with intelligence priorities that are set by the Government.
  • Second, we have a cyber-protection mandate whereby we provide information technology advice, guidance and services that help secure government systems and networks and the information they contain.
  • Finally, because we possess unique technical capabilities, we provide technical and operational assistance to federal law enforcement and security agencies under their respective mandates.
    • Under this part of our mandate, CSE acts under the legal authority of the requesting agency it is assisting and is subject to any limitations to that authority, such as any applicable court warrants.

The Value of Our Work

Over the years CSE, in partnership with our closest allies, has provided intelligence to protect Canada and Canadians. For example we have:

  • Supported Canadian military operations, such as the missions in Afghanistan, and protected our forces against threats;
  • Uncovered foreign-based extremists’ efforts to attract, radicalize, and train individuals to carry out attacks in Canada and abroad;
  • Identified and helped to defend the country against the actions of hostile foreign intelligence agencies;
  • Contributed to the integrity of Canada’s borders and infrastructure by providing early warning about the illicit transfer of people, money and goods; and
  • Furthered Canada’s national interests in the world by providing context about global events and crises, and informing the Government’s foreign policy.

When I last appeared before this committee, we discussed the growing challenges of cyberspace and how nation states, criminals, terrorists and hackers are exploiting the growth of the Internet. There are now more than 100 nations that possess the capability to conduct cyber operations on a persistent basis; our Government systems are probed millions of times a day; and there are thousands of attempts to compromise these systems every year.

To respond to these threats, under its cyber protection mandate, CSE monitors and defends against cyber threats to Government networks. In this role, CSE plays an important part in protecting the privacy of Canadians.

CSE also supports the efforts of the Government to protect the Canadian economy from cyber threats. For example, CSE shares cyber threat information and mitigation advice with Public Safety for further dissemination to the private sector in order to protect the intellectual property of Canadian businesses and Canada’s critical infrastructure. Foreign signals intelligence is critical to identifying foreign cyber threats, but let me be clear that while we support the protection of Canadian business from cyber threats, CSE does not share foreign intelligence with Canadian companies for their commercial advantage.

Privacy, Accountability and Review

Canadians count on the Government to keep them safe from threats. At the same time they also count on us to respect their privacy and to execute our responsibilities lawfully. We take both responsibilities very seriously. Under our foreign intelligence and cyber protection activities, CSE does not target Canadians, either at home or abroad, nor do we target anyone in Canada. However, in those instances where we are providing assistance to law enforcement and security agencies and where we are governed by their lawful authorities, we may be asked to collect the communications of Canadians. Under the National Defence Act, CSE is also specifically required to protect the privacy of Canadians in the execution of its duties. Lawfulness and privacy are our most important principles.

CSE adheres to Canadian law, including the Canadian Charter of Rights and Freedoms, the Privacy Act and the Criminal Code of Canada, as well as the direction we receive from the Government and the Minister of National Defence.

However, given the complex and global nature of cyberspace and telecommunications, CSE may risk the incidental interception of the private communications of Canadians when directing our activities at a foreign target. This risk occurs because we have no way of knowing in advance, let alone can we control, who our foreign targets will communicate with, including persons in Canada.

The National Defence Act recognizes this. Under the law, and solely for the purpose of fulfilling our mandate to obtain foreign intelligence or protect Government networks, CSE must obtain an authorization from the Minister for any activities that may risk the incidental interception of private communications. I want to underline that under no circumstance can the Minister of National Defence authorize CSE to direct its foreign intelligence activities towards Canadians. These authorizations are valid for up to one year and are subject to strict conditions, which include measures to protect the privacy of Canadians. There are multiple structures within CSE to ensure compliance with these conditions. This includes executive control and oversight; embedded policy compliance teams in our operational areas; an onsite legal team from the Department of Justice that provides advice to CSE staff; and active ongoing monitoring of internal processes.

I want to emphasize that everything we do is subject to external review by the Office of the CSE Commissioner. Since 1996, a fully independent CSE Commissioner—a series of retired or supernumerary judges, including a former Chief Justice of the Supreme Court and other notable federal court judges—has regularly reviewed CSE activities for compliance with the law and made helpful recommendations to improve CSE programs. The Commissioner and his staff of eleven employees and additional expert consultants have full access to all CSE personnel, systems and documents.

Successive reports issued by the Commissioner have consistently included positive findings related to CSE’s measures to protect the privacy of Canadians. The CSE Commissioner’s 2012-13 report specifically noted, and I quote: "the protection of the privacy of Canadians is, in the eyes of CSE and its employees, a genuine concern." CSE’s "culture of compliance" has also been noted.

Nonetheless, we continue to look for every possible avenue to improve our privacy protections. We have implemented every past recommendation of the Commissioner related to privacy and are in the process of implementing those from the most recent reviews.

Conclusion

To conclude, in my two years as Chief of CSE I have been impressed by the dedication to public service shown by the employees of CSE. They are among the best and brightest this country has to offer, including computer engineers, scientists, researchers, mathematicians, and linguists skilled in more than 60 languages. They choose to work at CSE because they understand the importance of our role and want to make a difference. They are also committed, day in and day out, to protecting Canada and Canadians from global threats while complying with the law and protecting the privacy of Canadians.

Thank you for this opportunity to speak to you and I look forward to your questions.