Canada’s Electronic Spies Unleashed

Uploaded on 2018-01-09 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

Canada’s electronic spies will be limited “only by their imagination” in coming up with new cyber attacks and espionage campaigns under proposed legislation, a new report warns.

The national spy agency  Communications Security Establishment will be able to select targets and launch cyber attacks with little “meaningful” oversight, according to an analysis of Bill C-59 by the University of Toronto’s CitizenLab.

Bill C-59 “affords the CSE the ability to engage in a vast range of un-enumerated and deeply problematic activities with the potential to seriously interfere with charter-protected rights and freedoms,” the report, made public last month, reads.

Bill C-59 proposes to give CSE, for the first time in the agency’s postwar history, the explicit power to conduct cyber-attacks and sabotage against foreign states and people. Until now, the secretive agency has been limited to intelligence gathering, defending government networks, and assisting law enforcement.

The proposed powers are broad. The bill explicitly prohibits CSE from causing death or bodily harm, and from obstructing or perverting “justice or democracy.”

That leaves a very long list of permitted activities, the researchers note: 

“From mass dissemination of false information, to impersonation, leaking foreign documents in order to influence political and legal outcomes, disabling account or network access, large-scale denial of service attacks, and interference with the electricity grid, the possibilities for the types of activities contemplated in (Bill C-59) are limited only by the imagination,” the report reads.

Under the legislation, the CSE would require sign-off from both the minister of national defence and the minister of foreign affairs to launch a cyber-attack. But the offensive cyber operations would not require judicial sign off or oversight, nor would they require approval by the proposed independent Intelligence Commissioner, the report reads.

In a statement, CSE spokesperson Ryan Foreman suggested a warrant system for cyber operations may not be the best fit for the agency’s mandate.

“CSE is a foreign intelligence and cyber security organization, not a domestic security or law enforcement agency. Warrants for law enforcement ... are generally for specific targets or operations ... whereas CSE’s ministerial authorisations authorize a class of activities,” Foreman wrote, noting that the CSE is prohibited from directly targeting Canadians or people in Canada.

“However, these, and all of CSE’s activities would be subject to review” by a new parliamentary committee.
The report was prepared by CitizenLab researchers Christopher Parsons, Lex Gill and Ronald Deibert, as well as Tamir Israel, a lawyer with the Canadian Internet Policy and Public Interest Clinic, and Bill Robinson, who has long chronicled CSE’s history and activities.

In an interview with Toronto's Star on Sunday newspaper, Gill said Canada also runs the risk of normalising state-sponsored hacking and disinformation campaigns, a particular worry in North America, as the United States continues to unravel alleged Russian attempts to influence the 2016 presidential election through disinformation and hacking.

“The open question (is) whether or not affording the (CSE) these types of capabilities will contribute to Canada’s security interests or undermine them,” Gill said.
“By creating a climate which normalises these types of activities, creates a legislative framework for them, we’re accepting as Canadians that we think that these types of operations are okay. I’m not convinced that Canadians have had a robust public conversation about ... a kind of cyber warfare.”

The report compares CSE’s new cyber operations powers to the much-criticized “disruption” powers granted to another security agency, CSIS, by the Conservative administartion in 2015. 

Like the Conservatives’ Bill C-51, the Liberals’ national security bill permits CSE to take a wide array of “disruptive” activities, while explicitly prohibiting only a few limit cases. Bill C-59 is still before the House of Commons’ national security committee.

The governing Liberal party have signaled a willingness to substantially amend the legislation should issues be raised. The committee’s review will resume in early 2018.

The Toronto Star:

You Might Also Read:

Does Canada Need Its Own CIA Or MI6?:

Canada Prioritizes Cyber-Attack:

 

 

« GDPR Compliance & Personal Data Protection
Retaliation Against N Korea For WannaCry »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Messageware

Messageware

Messageware is the market leader in securing, enhancing, and customizing Microsoft Exchange and Outlook Web App.

CSIRT.CZ

CSIRT.CZ

CSIRT.CZ is the National Computer Security Incident Response Team of the Czech Republic.

National Association of State Chief Information Officers (NASCIO)

National Association of State Chief Information Officers (NASCIO)

NASCIO's Cybersecurity Committee focuses helps state CIOs to formulate high-level security and data protection policies and technical controls.

Israel National Cyber Directorate (INCD)

Israel National Cyber Directorate (INCD)

The Israel National Cyber Directorate is the national security and technological agency responsible for defending Israel’s national cyberspace and for establishing and advancing Israel’s cyber power.

CyberPilot

CyberPilot

CyberPilot ApS is a Danish cybersecurity company. We work with all types of companies and organisations, both large and small, who want to achieve effective cybersecurity.

SIGA

SIGA

SIGA provides cyber security solutions for Industrial Control Systems SCADA systems used in critical infrastructures and industrial processes.

Aujas Cybersecurity

Aujas Cybersecurity

Aujas has deep expertise and capabilities in Identity and Access Management, Risk Advisory, Security Verification, Security Engineering, & Managed Detection and Response services.

CybeReady

CybeReady

CybeReady’s Autonomous Platform offers continuous adaptive training to all employees and guarantees significant reduction in organizational risk of phishing attacks.

Wazuh

Wazuh

Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.

Trusted Cyber Solutions

Trusted Cyber Solutions

Trusted Cyber Solutions is an independent Cyber Security and Risk Management consultancy.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).

Oz Forensics

Oz Forensics

Oz Forensics is a global leader in preventing biometric and deepfake fraud. It is a developer of facial Liveness detection for Antifraud Biometric Software with high expertise in the Fintech market.

Invictus International Consulting

Invictus International Consulting

Invictus International Consulting are a recognized leader in full-spectrum cyber technology solutions designed to protect the security of our nation's global defense and critical infrastructure.

BioID

BioID

BioID are a German company offering deepfake detection, liveness detection, facial authentication & identity verification as a Service. 

Infosec Ventures

Infosec Ventures

Infosec Ventures incubates and scales cyber security innovators that solve inefficiencies in cyber security.

BeckTek

BeckTek

BeckTek specialize in IT Cyber Security & Support, helping clients run their businesses faster, easier and more profitably.