{"id":2977,"date":"2022-04-02T23:23:03","date_gmt":"2022-04-03T05:23:03","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/?p=2977"},"modified":"2022-04-02T23:23:06","modified_gmt":"2022-04-03T05:23:06","slug":"paper-blog-the-cse-act-and-canadian-cyber-security-practices","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/2022\/04\/02\/paper-blog-the-cse-act-and-canadian-cyber-security-practices\/","title":{"rendered":"Paper Blog: The CSE Act and Canadian Cyber Security Practices"},"content":{"rendered":"\n
\"\"
https:\/\/www.gg.ca\/en\/heraldry\/public-register\/project\/1744 <\/figcaption><\/figure>\n\n\n\n

In 2019, the Communications Security Establishment (CSE) had its mandates expanded under the CSE Act from three to five, with the two newest additions authorizing the agency to conduct \u201cactive\u201d (offensive) and \u201cdefensive\u201d cyber operations. My paper asked the following question: What significance does the CSE Act’s new mandates entail for the CSE’s role in enforcing Canadian cyber security? Based on findings, the CSE Act highlights the expanding capabilities that the organization has honed since gaining statutory legitimacy in 2001 to defend Canada from new and emerging threats in the cyber realm. However, the agency\u2019s practice of secrecy does little to improve transparency on what the CSE will do with its new powers and may liberally interpret the Act.<\/p>\n\n\n\n

CSE\u2019s Addiction to Secrecy. Why? That\u2019s Because it\u2019s<\/em><\/strong> [ <\/em>Statement Redacted] <\/em><\/strong><\/p>\n\n\n\n

Much of what we do know about the agency is due to the Edward Snowden revelations (less than 40 files!) (Clement, 2021). Much of what I have been able to assess regarding the agency\u2019s capabilities was reliant on these files. This reveals an interesting observation: Compared to the CSE\u2019s cousin, the National Security Agency (NSA), much less is known about the CSE. This is by design. Legislation and compartmentalization inside the agency ensure that its secrets remain unknown to the public (Walby, and Ana\u00efs, 2012). The next paragraph goes further into this:<\/p>\n\n\n\n

This highlighted sentence does not hold any secrets and neither do the other ones. This highlighted sentence does not hold any secrets and neither do the other ones.<\/p>\n\n\n\n

Moving on… there are two more important reasons for this secrecy: First, statutory law provides the agency a \u201clegal shield\u201d to legitimately conduct its practices with less legal interference and oversight (Walby, and Ana\u00efs, 2012, 377). Second, the CSE\u2019s strict adherence to secrecy has been influenced by the Cold War\u2014a period of the CSE\u2019s history where it honed much of its skills\u2014which pre-dates the arrival of the Canadian Charter of Rights and Freedoms and other legislation protecting individual rights (Prince, 2021).<\/p>\n\n\n\n

\"Communication
\u201cTactically\u201d acquired from, https:\/\/www.cbc.ca\/news\/canada\/communication-security-establishment-s-cyberwarfare-toolbox-revealed-1.300297<\/figcaption><\/figure>\n\n\n\n

What is Inside CSE\u2019s Toolbox?<\/strong><\/p>\n\n\n\n

Before the Act\u2019s ascension into law, the CSE still developed its cyber capabilities. The Snowden Files reveal that the CSE\u2019s capabilities in offensive and defensive cyber operations were established by the early 2010s. For example, in 2015, the CSE added the NSA\u2019s hacking software (QUANTUM) to its toolbox for conducting its cyber targeting missions across the globe (Seglins, 2015). The Who may be its targets is not well known. The CSE\u2019s \u201cnormal global collection\u201d of data is also unspecific and likely intercepts Canadian information abroad and has the infrastructure to do so inside Canada, as shown by the controversial Airport Wi-Fi Data-Tracking story (Clement, 2021, 131). This begs the question of how far the CSE may intrude on Canadians\u2019 privacy regarding the CSE Act, which The Canadian Civil Liberties Association claims will harm the public\u2019s freedom of expression (CCLA, 2017).<\/p>\n\n\n\n

\"\"
Image \u201cransomed\u201d off the following site: https:\/\/cyber.gc.ca\/en\/guidance\/national-cyber-threat-assessment-2020<\/a><\/figcaption><\/figure>\n\n\n\n

What Does This Mean for Ottawa and Canadians?<\/strong><\/p>\n\n\n\n

Secrecy will be met with distrust and suspicion. This has been the case for Canada because oversight and transparency remain challenges to properly institutionalizing (Prince, 2021). Despite calls for greater accountability, Canada\u2019s national security concerns since the early 2000s and has made Ottawa willing to expand the CSE and its intelligence contemporaries\u2019 powers to conduct practices that are intrusive (Prince, 2021, 48). Since 2020, the COVID-19 pandemic has pushed the CSE to the forefront of Canadian national security to address the rising number of cyberattacks (Robinson, 2021). Undoubtedly, however, Canada\u2019s cyber capabilities are strengthening, which is good for Canada\u2019s internet infrastructure. But the question remains about how intrusive the CSE\u2019s operations may be toward Canadians.<\/p>\n\n\n\n

(While this concludes my blog, I recommend the following articles\/books to read if this subject found to be interesting)<\/strong><\/p>\n\n\n\n