NSA leaks prompted Canadian eavesdropping review: declassified memo
The new Communications Security Establishment Canada (CSEC) complex is pictured in Ottawa on Tuesday, October 15, 2013. (THE CANADIAN PRESS / Sean Kilpatrick)
Jim Bronskill, The Canadian Press
Published Friday, January 17, 2014 5:11PM EST
OTTAWA -- The massive intelligence leak by former U.S. spy contractor Edward Snowden prompted Canada's secret eavesdropping agency to review its policies on sharing information with the Americans and other key partners, a newly declassified memo reveals.
The three-page note from Communications Security Establishment Canada chief John Forster says the unprecedented breach also sparked a CSEC examination of its practices for protecting the privacy of Canadians.
The undated memo to national security adviser Stephen Rigby -- obtained by The Canadian Press under the Access to Information Act -- was prepared some time in mid-2013, after Snowden's leaks began making global headlines.
The memo, originally classified top secret, says CSEC set about assessing the potential damage to Canadian signals intelligence collection capabilities, as well as asking its partners for confirmation on what data Snowden took from the U.S. National Security Agency.
The highly sensitive material showed the NSA had quietly obtained access to a broad spectrum of emails, chat logs and other information from major Internet companies, as well as data about a huge volume of telephone calls.
CSEC, the NSA's Canadian counterpart, monitors foreign computer, satellite, radio and telephone traffic for information of intelligence interest.
With a staff of more than 2,000 -- including skilled mathematicians, linguists and computer specialists -- CSEC is a key player in the so-called Five Eyes community comprising Canada, the United States, Britain, Australia and New Zealand.
"In collaboration with domestic and international partners, CSEC is undertaking an organization-wide operation to assess the impacts of these unlawful disclosures of classified information," says the memo, portions of which remain secret.
"Due to the unauthorized disclosures CSEC has developed an ongoing damage assessment, initiated external and internal communications strategies and introduced preventative measures to mitigate the potential of future damage."
A section on Forster's initial assessment of the damage is blacked out.
In addition to liaising with its Five Eyes partners, the spy agency briefed a committee of deputy ministers on the fallout and arranged a series of bilateral meetings with the Privy Council Office (where Rigby works), Foreign Affairs, the Canadian Security Intelligence Service and the RCMP.
The Ottawa-based CSEC held two briefings for staff members, along with specialized sessions, and took steps to "remind them of security protocols and provide guidance and support where appropriate," the memo says.
"CSEC is also reviewing internal policies related to information sharing with the Five Eyes as well as the protection of the privacy of Canadians to ensure that they are appropriate and clear."
CSEC spokeswoman Lauri Sullivan said Friday the agency "continues to review its policies, processes and procedures to ensure they are effective, and to ensure that CSE is taking the appropriate steps to protect information and the privacy of Canadians."
The CSEC memo's release came as U.S. President Barack Obama announced changes Friday to NSA practices with the aim of reassuring Americans their civil liberties will not be trampled.
At the time of the Forster memo, there had been no direct mention of CSEC in any of the stories spawned by Snowden's cache of documents.
However, material later disclosed by the whistleblower indicated that Canada helped the United States and Britain spy on participants at the London G20 summit in 2009. Other documents suggested CSEC once monitored Brazil's department of mines and energy.
Articles based on Snowden's material continue to appear in the media.
Forster told Rigby the electronic spy agency -- so low-profile it is still unknown to many Canadians -- was exploring ways to better inform the public about what it does, including its efforts to prevent terrorism and cyber-attacks.
CSEC has since posted new information on its website about how the agency functions.
"CSEC will also keep employees informed as its damage assessment and forensic work unfold," the memo says.