Formally administered under the Department of National Defence (DND), the CSE is now a separate agency under the National Defence portfolio. The CSE is accountable to the Minister of National Defence through its deputy head, the Chief of CSE. The National Defence Minister is in turn accountable to the Cabinet and Parliament. The current Chief of the CSE is Caroline Xavier, who assumed the office on 31 August 2022.[6][7]
In 2015, the agency built a new headquarters and campus encompassing 340,000 m2 (84 acres). The facility totals a little over 110,000 m2 (1,200,000 sq ft) and is adjacent to CSIS.
In March 1942, XU moved next door to Laurier House in Sandy Hill, Ottawa;[10] this location was chosen because they felt it would draw no suspicion to the enemies.[11] In September, the Department of External Affairs established its Special Intelligence Section at XU with the purpose of reviewing decoded SIGINT with other collateral information to produce intelligence summaries.[10]
The original mandate of the Examination Unit was to intercept the communications of Vichy France and Germany. Its mandate later expanded to include interception and decryption of Japanese communications after Japan entered the war. The unit was estimated to have had 50 staff members at any one time. In total 77 people worked there.[11]
By 1945, the disparate SIGINT collection units of the Canadian Navy, Army, and Air Force, were consolidated into the Joint Discrimination Unit (JDU), which was headquartered in Ottawa in the same building as the XU. By the end of the War, the military JDU and the civilian XU were able to coordinate SIGINT collection, analysis, and dissemination so efficiently that it led officials to consider the establishment of peacetime SIGINT operations.[9] In September 1945, U.S. PresidentHarry Truman declared it would be vital to carry out such operations, and Canadian authorities came to the same conclusion in December later that year.[9][12]
On 13 April 1946, a secret Order in Council allowed for postwar continuation of wartime cryptologic efforts and thus the Communications Branch of the National Research Council of Canada (CBNRC) was founded. This agency would be the predecessor to today's Communications Security Establishment (CSE).[9][10][12]
Communications Branch of the National Research Council
Beginning operations on 3 September 1946, the Communications Branch of the National Research Council (CBNRC) was the first peace-timecryptologic agency and was kept secret for much of its beginning.[8] The CBNRC was established through a secret Order in Council signed on 13 April 1946, combining the civilian Examination Unit (XU) and the military Joint Discrimination Unit (JDU) and was located at LaSalle Academy.[9]
With Edward Drake as its first director, the agency worked with intercepted foreign electronic communications, collected largely from the Royal Canadian Signal Corps (RCCS) station at Rockcliffe Airport in Ottawa. CSE also worked with Canadian Forces Station Leitrim (CFS Leitrim; formerly 1 Special Wireless Station till 1949, and Ottawa Wireless Station till 1966), Canada's oldest operational signal intelligence (SIGINT) collection station, established by the RCCS in 1941 and located just south of Ottawa. In 1946, the station's complement was 75 personnel (compared to its around 2,000 employees in 2013–2014).[13] This unit successfully decrypted, translated, and analyzed these foreign signals, and turned that raw information into useful intelligence reports during the course of the war.
CBNRC finally began domestic COMSEC efforts on 1 January 1947.[10] During the Cold War, the CBNRC was primarily responsible for providing SIGINT data to the Department of National Defence regarding the military operations of the Soviet Union.[14]
In February 1950, R. S. McLaren was appointed the first CBNRC Senior Liaison Officer (CBSLO) to Washington, D.C. In March 1962: CBNRC installed its first IBMsupercomputer, costing CA$372k. In December 1964, CBNRC began collaboration on "Canadian ALVIS" (CID 610), the first and only Canadian cipher machine to be mass-produced; based on the British ALVIS (BID 610).[10]
CBNRC and the information it gathered and shared was kept secret for 34 years until 9 January 1974, when CBC Television aired a documentary titled The Fifth Estate: The Espionage Establishment.[15] This was the first time that the organization had ever been mentioned in public.[9] This resulted in an outcry in the House of Common and an admission by the Canadian government that the organization existed.[16]
Communications Security Establishment
In 1975, the CBNRC was transferred to the Department of National Defence (DND) by an Order in Council, and became the Communications Security Establishment.[8] CSE was now publicly known, and had diversified since the Cold War becoming the primary SIGINT resource in Canada.
In early 2008, in line with the Federal Identity Program (FIP) of the Government of Canada, which requires all federal agencies to have the word Canada in their name,[18] CSE adopted the applied title Communications Security Establishment Canada (CSEC; French: Centre de la sécurité des télécommunications Canada, CSTC). Since mid-2014, the organization has used its legal name (Communications Security Establishment) and initials (CSE) on its website and in public statements.
In November 2011, CSE was made an independent agency, though still operating under the National Defence portfolio and constrained by the National Defence Act.[9]
In June 2019, the Communications Security Establishment Act was passed as part of an omnibus national security bill called the National Security Act 2017. Coming into force two months later, in August, the act set out the mandate and powers of CSE.[19] As part of the omnibus bill, oversight of CSE activities was assumed by the newly created National Security and Intelligence Review Agency (NSIRA).[20]
On October 11, 2023, CSE Chief Caroline Xavier said in an interview with CBC News that CSE offices in various cities may be opened to alleviate staffing shortages.[21]
CSE uses generic identifiers imposed by the Federal Identity Program. However, CSE is one of several federal departments and agencies (primarily those having law enforcement, security or regulatory functions) that have been granted a badge by the Canadian Heraldic Authority. The badge was granted in 1994, while CSE's pennant was first raised in 1996 to mark the organization's 50th anniversary.
From the 1990s to the mid 2000s, CSE's Information Technology Security program used a logo to identify its products and publications. The triangle represented threats, while the arc symbolized protection.[22]
CSE relies on its closest foreign intelligence allies, the US, UK, Australia and New Zealand to share the collection burden and the resulting intelligence yield. Canada is a substantial beneficiary and participant of the collaborative effort within the partnership to collect and report on foreign communications.[14]
During the Cold War, CSE's primary client for signals intelligence was National Defence, and its focus was the military operations of the then Soviet Union. Since the end of the Cold War, Government of Canada requirements have evolved to include a wide variety of political, defence, and security issues of interest to a much broader range of client departments.
While these continue to be key intelligence priorities for Government of Canada decision-makers, increasing focus on protecting the safety of Canadians is prompting greater interest in intelligence on transnational issues, including terrorism.
Code breaking equipment
CSE code breaking capabilities degraded substantially in the 1960s and 1970s but were upgraded with the acquisition of a Cray X-MP/11 (modified) supercomputer delivered to the Sir Leonard Tilley building in March 1985 and the hiring of code breaking analysts. It was, at the time, the most powerful computer in Canada. In the early 1990s, the Establishment purchased a Floating Point Systems FPS 522-EA supercomputer at a cost of $1,620,371. This machine was upgraded to a Cray S-MP superserver after Cray acquired Floating Point Systems in December 1991 and used the Folklore Operating System supplied by the NSA in the US.[23] These machines are now retired.
Little information is available on the types of computers used by the CSE since then. However, Cray in the US has produced a number of improved supercomputers since then. These include the Cray SX-6, early 2000s, the Cray X1, 2003 (development funded in part by the NSA), Cray XD1, 2004, Cray XT3, Cray XT4, 2006, Cray XMt, 2006 and Cray CX1, 2008. It is possible that some of these models have been used by the CSE and are in use today.
The Canadian Centre for Cyber Security (CCCS or Cyber Centre; French: Centre Canadien pour la Cyber Sécurité) is the Government of Canada authority responsible for monitoring threats, protecting national critical infrastructure against cyber incidents, and coordinating the national response to any incidents related to cyber security.
Officially created on 1 October 2018, CCCS consolidated the existing operational cyber-security units of several federal government organizations, including Public Safety Canada's Canadian Cyber Incident Response Centre, Shared Services Canada's Security Operations Centre, and the CSE's Information Technology Security branch.[24][25]
The Cyber Centre was developed in response to CSE's consultations with Canadians in 2016 which identified various issues pertaining to cyber security in relation to the federal government, including accountability, departmental coordination, and leadership. In February 2018, the federal budget allocated funds for CSE, in collaboration with Public Safety Canada and Shared Services Canada, to launch the Cyber Centre.[27]
Officially created on 1 October 2018, CCCS consolidated the existing operational cyber-security units of several federal government organizations, including the Canadian Cyber Incident Response Centre of Public Safety Canada; the Security Operations Centre of Shared Services Canada; and the Information Technology Security branch of CSE.[24][25]
Researchers Leland McInnes and John Healy at the Tutte Institute developed a technique called Uniform Manifold Approximation and Projection (UMAP), originally designed to analyze malware. The algorithm and software of UMAP has since been released by TIMC to the open-source community, and is now being used to answer questions about COVID-19.[32]
CSE moved to the Tilley Building in June 1961.[10] On 26 February 2015, CSE officially inaugurated the Edward Drake Building, named for Lt. Colonel Edward Drake, a pioneer of the Canadian signals intelligence.[8][10]
With the rapid expansion in the number of CSE personnel since the 9/11 attack in the US, the CSE has built new facilities. A new CA$1.2 billion[33] facility, encompassing 72,000 square metres (18 acres), has been built in the eastern part of Ottawa, immediately west of the headquarters building for the Canadian Security Intelligence Service. Construction began in early 2011 and was completed in 2015.[34]
In December 2001, the Canadian government passed omnibus bill C-36 into law as the Anti-Terrorism Act. The Act amended portions of the National Defence Act and officially recognized CSE's three-part mandate:
To acquire and use information from the global information infrastructure for the purpose of providing foreign intelligence, in accordance with Government of Canada intelligence priorities.
To provide advice, guidance and services to help ensure the protection of electronic information and of information infrastructures of importance to the Government of Canada.
To provide technical and operational assistance to federal law enforcement and security agencies in the performance of their lawful duties.
The Anti-Terrorism Act also strengthened CSE's capacity to engage in the war on terrorism by providing needed authorities to fulfill its mandate.
In June 2019, the Communications Security Establishment Act (CSE Act) was passed, as part of the National Security Act 2017. The Act, which came into force two months after passing, notes that there are five aspects of CSE's mandate:[19]
Cybersecurity and information assurance to help protect electronic information and information infrastructures of the Canadian government and those designated to be of importance to the government
Defensive cyber operations
Active cyber operations
Technical and operational assistance to federal law enforcement and security agencies, the Canadian Forces, and the Department of National Defence.
The CSE Act requires that CSE activities do not target Canadians anywhere in the world, or any person in Canada, "unless there are reasons to believe that there is an imminent danger of death or serious bodily harm. The Act also requires the CSE protect the privacy of Canadians and persons in Canada. As such, CSE is forbidden, by law, to intercept domestic communications. When intercepting communications between a domestic and foreign source, the domestic communications are destroyed or otherwise ignored. (After the September 11 attacks on the United States in 2001, however, CSE's powers expanded to allow the interception of foreign communications that begin or end in Canada, as long as the other party is outside the border and ministerial authorization is issued specifically for this case and purpose.)[36]
Governance and oversight
The Minister of National Defence guides and authorizes the activities of CSE using ministerial directives, ministerial authorizations, and ministerial orders, all of which are based on the "government’s intelligence priorities as set out by Cabinet through discussion and consultations with the security and intelligence community." The Defence Minister cannot authorize any activities that are not included in the CSE mandate or grant CSE any powers that do not exist in Canadian law.[19]
Ministerial directives are how the Minister of National Defence instructs the Chief of CSE.[19]
CSE operates under a system of independent oversight:[37]
National Security and Intelligence Review Agency (NSIRA) – NSIRA is fully independent of government and of CSE. Its committee members are appointed by the sitting Prime Minister in consultation with Parliamentary leaders, and handle complaints against all Canadian national security agencies.
Intelligence Commissioner – the Intelligence Commissioner is independent of CSE and has oversight of all national security and intelligence gathering activities of the Government of Canada, including CSE.[38] The Commissioner issues an annual report to the Prime Minister, who must table it in Parliament after removing confidential and classified information. The Commissioner is entitled to receive all reports that are compiled by NSIRA.[39]
Oversight over CSE was formerly provided by the Office of the Communications Security Establishment Commissioner (OCSEC; French: Bureau du commissaire du Centre de la sécurité des télécommunications, BCCST), which was created on 19 June 1996 to review CSE's activities for compliance with the applicable legislation, accept and investigate complaints regarding the lawfulness of the agency's activities, and to perform special duties under the 'Public Interest Defence' clause of the Security of Information Act.[40] The Commissioner provided an annual public report on his activities and findings to Parliament, through the Minister of National Defence.[41]
Between 1996 and 2019, there were six Commissioners:[10]
Along with these services from the United States, the UK, New Zealand, and Australia, CSE is believed to form the ECHELON system. Its capabilities are suspected to include the ability to monitor a large proportion of the world's transmitted civilian telephone, fax and data traffic. The intercepted data, or "dictionaries" are "reported linked together through a high-powered array of computers known as 'Platform'."[43]
Controversies
CBNRC and the information it gathered and shared was kept secret for 34 years until 9 January 1974, when the CBC Television documentary show, The Fifth Estate, aired an episode focused on the organization, with research by James Dubro.[15] This was the first time that the organization had ever been mentioned in public.[9] This resulted in an outcry in the House of Commons and an admission by the Canadian government that the organization existed.[16]
A former employee of the organization, Mike Frost, claimed in a 1994 book, Spyworld, that the agency eavesdropped on Margaret Trudeau to find out if she smoked marijuana and that CSE had monitored two of former British prime minister Margaret Thatcher's dissenting cabinet ministers in London on behalf of the UK's secret service.[44]
In 1996, it was suggested that CSE had monitored all communications between National Defence Headquarters and Somalia, and were withholding information from the Somalia Inquiry into the killing of two unarmed Somalis by Canadian soldiers.[45]
In 2006, CTV Montreal's program On Your Side conducted a three-part documentary on CSE naming it "Canada's most secretive spy agency" and that "this ultra-secret agency has now become very powerful," conducting surveillance by monitoring phone calls, e-mails, chat groups, radio, microwave, and satellite.[46]
In 2007, former Ontario lieutenant-governor, James Bartleman, testified at the Air India Inquiry on May 3 that he saw a CSE communications intercept warning of the June 22, 1985 bombing of Air India Flight 182 before it occurred. Two former CSE employees have since testified that no CSE report was ever produced.[47]
In 2013, a coalition of civil liberties associations launched a campaign directed against the government's perceived lack of transparency on issues related to the agency, demanding more information on its purported domestic surveillance activities.[48]
Further criticism has arisen surrounding the construction costs of the agency's new headquarters in Ottawa. The project is slated to cost over CA$1.1 billion, making it the most expensive government building in Canadian history.[49]
In 2014, a leaked, top-secret presentation entitled “IP Profiling Analytics & Mission Impacts” summarized experiments tracking the cellphones of travellers passing through Toronto Pearson International Airport.[50] Critics argued that the experiment was invasive and indiscriminate, while CSE countered that it was consistent with all relevant laws and mandates.
In 2016, the CSE Commissioner found that one of the agency's metadata activities did not comply with the law. Specifically, CSE had failed to properly minimize certain Canadian identity information before sending it to foreign governments, contravening parts of the National Defence Act and the Privacy Act.[51]
Media portrayal
In The Good Wife episode "Landing," both the NSA and the CSE are shown monitoring personal phone calls and hacking private cell phones' recording devices in order to listen in on personal conversations. One plaintiff describes the CSE as "the Canadian version of the NSA."
^ abPepall, Diana (January 2017). Canada's Bletchley Park: The Examination Unit in Ottawa's Sandy Hill 1941-1945. Ottawa, ON, Canada: Historical Society of Ottawa. ISBN978-0-920960-43-1.
^ ab"Our Story". Communications Security Establishment Canada. 2022-03-14. Archived from the original on 12 Jan 2022. Retrieved 5 April 2023. In 1974, CBC Television aired a documentary "The Fifth Estate: the Espionage Establishment." While the program focused primarily on American international espionage, the program also included information on CBNRC – the first time the organization had ever been mentioned in public. The show's description of signals intelligence collection and information sharing within the Five-Eyes partnership, caused a sensation, and led to the first ever acknowledgement of the existence of the CBNRC in Canada's Parliament. The following year, 1975, the Communications Branch of the National Research Council was moved to the Department of National Defence and renamed the Communications Security Establishment (CSE).
^Government of Canada, Treasury Board of Canada; Gouvernement du Canada, Conseil du Trésor du Canada (March 17, 2022). "Treasury Board of Canada Secretariat". www.tbs-sct.gc.ca.
^ abcde"Governance". Communications Security Establishment. 2020-10-27. Archived from the original on 2021-05-22. Retrieved 2021-05-22.
^ ab"Canadian Centre for Cyber Security: backgrounder-fiche-information". Communications Security Establishment. 2018-06-12. Archived from the original on 2018-10-04. Retrieved 2018-10-04. As a key initiative of the 2018 National Cyber Security Strategy the cyber security functions from three departments will be united to establish the Canadian Centre for Cyber Security (the Cyber Centre) as one unique, innovative, and forward-looking organization, as part of the Communications Security Establishment (CSE).
^"Scott Jones, Head-designate, Canadian Centre for Cyber Security and Deputy Chief, IT Security, CSE". Communications Security Establishment (Press release). 2018-06-12. Archived from the original on 2018-06-28. Retrieved 2018-10-04. The Cyber Centre will be a single unified source of expert advice, guidance, services and support on cyber security for government, critical infrastructure owners and operations, the private sector and the Canadian public.
^ abRudner, Martin. (2007). "Canada's Communications Security Establishment, Signals Intelligence and Counter-Terrorism". Intelligence and National Security: 22(4) pp. 473–490
^Morris, Nomi (1996). "Inside Canada's most secret agency." Maclean's: 109(36) pp. 32–35
^Desbarats, Peter. "Somalia cover-up: A commissioner's journal", 1997