Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

7/14/2016
10:15 AM
Bruce Cowper
Bruce Cowper
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

What's Next For Canada’s Surveillance Landscape?

Edward Snowden headlines SecTor security conference as Canadian privacy advocates await the Trudeau government's next move in the country's complex privacy and security debate.

Edward Snowden’s 2013 revelations of massive state surveillance shocked the world and made it more aware of electronic privacy issues, but north of the border, Canada continues to struggle with its own.

Just over a year ago, the former Conservative Canadian government, led by Stephen Harper, enacted a piece of legislation that enraged privacy advocates. Bill C-51 extended the powers of Canada’s intelligence services, prompting an open letter from over 100 Canadian academics imploring the government to rethink it. Even the federal Privacy Commissioner complained about it.

A year later, we have a new government that has promised to overhaul things. What has been done, and where does Canada’s complex debate over privacy and national security sit now?

C-51 angered privacy advocates by increasing information-sharing powers between 17 government agencies. The Canadian Security Intelligence Service (CSIS), which is Canada’s domestic intelligence agency, can now obtain the tax records of anyone perceived to be a national security threat, for example. The bill also permitted the disclosure of information shared between government agencies to others.

C-51 gave new powers to CSIS. They included the "disruption" mandate, which lets it take measures to reduce threats when it believes they pose a threat to the security of Canada. Legal experts have questioned the wording here, worrying that CSIS gets to determine what constitutes a threat and suggesting that it can legitimize a slew of activities including electronic surveillance without the need for the agency to ask for a warrant.

All of this dismayed Snowden, who has specifically referenced Canada when warning against passing anti-terror laws that curtail civil liberties.


Edward Snowden will be speaking via video link at the SecTor security conference in Toronto at 9 am on Tuesday October 18, and will be taking questions from Dark Reading readers. If you have relevant questions you would like to ask, let the SecTor team know by posting them in the comments section at the bottom of this article. SecTor will be selecting the best to be addressed at the event.


Politically, the Conservative Harper government naturally supported the bill, having introduced it in the first place, while the left-leaning National Democratic Party (NDP) strongly opposed it. The moderate Liberal party, which ended up winning last year’s federal election, came down in the middle, supporting the bill but with some caveats.

Trudeau: Broader oversight, narrower scope
Liberal leader and now-Prime Minister Justin Trudeau voted for the bill but vowed to temper it a little in two broad areas.

The first focal point was oversight. The Liberal government would create a multi-party oversight committee to ensure that CSIS was acting appropriately. Snowden himself criticized Canada for poor spying oversight back in May 2015, not long before the Bill became law.

CSIS hasn’t been entirely without oversight in the past. Traditionally, the body responsible for overseeing CSIS has been the Security Intelligence Review Committee (SIRC). This body typically reviewed a sample of CSIS warrant applications, but in its annual report for 2014-15, it explained that it would have to broaden its review activities to cope with the new powers granted to CSIS under C-51. The Harper Government had already earmarked additional funding to help with this in its 2015 Economic Action Plan.

SIRC explained that it had broadened its scope to cover CSIS’ use of metadata, and had found it wanting in areas including training, policy and procedure, investigative thresholds, and recording its decision-making. SIRC had made some key recommendations in this area that CSIS had not taken up, the report said.

The Trudeau’s concern was that SIRC described itself as a review body, examining past activities, rather than an oversight body, monitoring CSIS operations in real-time.

The Liberal leader vowed to alter this and started to make good on this promise in early 2016. His public safety minister Ralph Goodale has now introduced Bill C-22, which would create a cross-party oversight committee that would oversee almost 20 agencies related to national security.

Mandatory review period
The second problem that Trudeau had with C-51 was with the bill’s scope. He promised to refine some of its language to omit legal protests and advocacy from definition as terrorist activities, and said that he would introduce a mandatory review period for the legislation.

He hasn’t taken these steps at the time of writing, and privacy advocates are awaiting the government’s next move. In the interim, Trudeau has been shuffling. One notable political action was his appointment of a new national security advisor, Daniel Jean, in May this year. Jean replaces former Harper government National Security Advisor Richard Fadden, an ex-director of CSIS, who recently retired.

Jean doesn’t come from the spy community, moving up instead from his role as deputy minister of foreign affairs. Before that, he served in Heritage Canada and the Treasury Board. That may point to a more international intelligence focus at the top and a move away from more hardline domestic intelligence policies. It could be taken as an indicator that the Trudeau government intends to calibrate Bill C-51 to bring it more in line with its new focus.

All this will still be guesswork until Trudeau actually takes steps to change the legislation. An attempt at proper oversight may appease privacy advocates a little, but we still don’t know what will happen to the government’s electronic surveillance powers until a minister stands up in parliament with a proposed amendment.

Even when that happens, it’s unlikely to satisfy privacy advocates who have always called for the repeal of C-51, but they’re unlikely to get much more. After all, the Trudeau government never promised to do away with the thing altogether.

Don’t forget, Edward Snowden will be speaking via video link at the SecTor security conference on October 18, so post your questions in the comments section below.

Related Content:

Bruce Cowper is a founding member of the Security Education Conference Toronto (SecTor), the Toronto Area Security Klatch (TASK), the Ottawa Area Security Klatch (OASK) and an active member of numerous organizations across North America. In his day job, Bruce works for ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
BruceCowper
50%
50%
BruceCowper,
User Rank: Author
10/17/2016 | 10:50:18 AM
Re: Snowden Keynote
The keynote is currently only being broadcast at the event, both in the keynote hall and expo theatre. You can register for the expo at sector.ca/register.
AmyRobison
50%
50%
AmyRobison,
User Rank: Apprentice
10/17/2016 | 10:28:21 AM
Snowden Keynote
Will Snowden's session tomorrow morning be streamed live or released later online?
AmyRobison
50%
50%
AmyRobison,
User Rank: Apprentice
10/4/2016 | 11:23:13 AM
Question for Snowden
The Secure Exchange of Encrypted Data (SEED) Protocol is a recently patented cybersecurity invention (U.S. Patent Nos. 9,378,380 and 9,390,228) that uses individualized asymmetric encryption in combination with a distributed, interlocking design to secure confidential data that must be shared between organizations. (More info is available online.) The question for Mr. Snowden: Would the SEED Protocol have prevented you from being able to access and leak the NSA documents?
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.