Snowden leak prompted Canadian review,
New documents reveal actions taken by spy agency to safeguard its secrets
OTTAWA— When Edward Snowden begin leaking secrets about mass surveillance in the United States, Canada’s electronic spy agency quietly wondered if its security screening was sufficient to stop a copycat.
Newly released documents show some of the behind-the-scenes actions taken by the Communications Security Establishment (CSE) three years ago, when contractor Snowden first pulled back the curtain on the West’s pervasive mass surveillance capabilities.
Whatever changes were contemplated have been blacked out from the heavily censored document, most watermarked “secret” or “top secret.” While the documents note that CSE is generally confident in its security-clearance process for contractors, officials added that contractors are only “assessed for engagement for short, defined periods of time.”
Snowden fled the U.S. with a massive cache of documents relating to the National Security Agency (NSA), CSE’s American counterpart and close partner, while he was working as a contractor for the spy agency.
While hiding in Hong Kong in 2013, Snowden passed the documents to reporters from the Washington Post and the Guardian newspapers.
On June 6, 2013, the first stories about U.S. mass surveillance hit the front page — the NSA had a program called PRISM, which gave them direct access to the data mined by massive Internet companies, including Google and Facebook.
Within a month, CSE officials told then chief John Forster the agency might want to review some of its security practices around external contractors.
“Similar to its allies, CSE relies significantly on contractors for expertise in a broad range of activities,” the documents, requested by the Star in 2013 and obtained only this month, read.
“(But) there are some areas of contractor engagement that may benefit from a review of current practices.”
Two weeks later, another memo to Forster complained about a “pervasive lack of knowledge and understanding, in the public realm, of CSE’s role and mission.”
The secretive spy agency, which had received less than 40 media calls in 2012, was suddenly thrust into the spotlight.
“As CSE has not been able to provide the level of detail about activities that the media requested, academics, so-called experts and commentators have provided their opinions on the subject,” the memo reads.
“While some commentators have been well-versed on the issues and have outlined accurate accounts of CSE activities, others, including (name censored) have inaccurately represented CSE’s activities and au- thorities. CSE has been accused of being too secretive, which has led to misunderstandings of the agency’s activities and authorities.
“This has highlighted the need for outreach to the academic community and to the media.”
CSE’s communications staff recommended a briefing for academics and journalists, including reporters at the Star, La Presse, the Globe and Mail, the CBC and a number of other outlets, both Canadian and international. It does not appear that briefing took place.
CSE did give a briefing earlier this year, when its independent oversight body revealed the agency had inadvertently broken the law by transferring Canadian metadata to international partners. It was touted at the time as the first press conference in the CSE’s 70-year history. More of Snowden’s documents were reported over the summer in 2013.
The U.S. and Britain, two members of the Five Eyes security alliance that includes Canada, spied on foreign diplomats at a G20 summit. The NSA spied on ordinary German citizens as well as high-value targets such as Chancellor Angela Merkel. The Americans also kept tabs on foreign media organizations.
As the stories continued to roll out both in North America and abroad, the CSE kept a careful eye on the debate in the United States.
An Aug. 14 memo to Forster noted that while a dozen or so important disclosures about U.S. signals intelligence had been revealed, the debate in that country stayed stubbornly on the collection of telephone metadata.
On Aug. 28, Forster briefed the prime minister’s national security adviser about Snowden. At the time, documents revealing the CSE’s powers and actions had not yet been made public — but the agency had figured out just how much Snowden accessed and downloaded.
“CSE has focused its efforts on reviewing key Canadian (signals intelligence) access and collection capabilities that are deemed most valuable to determine the potential damage should information on these capabilities be released,” Forster wrote.
“CSE and its Five Eyes partners are working together to ensure consistent public messaging across all the allies regarding the unauthorized disclosures and their impact.”
The Star requested an interview with the CSE about its security screening of external contractors and what changes the agency has put in place after Snowden’s disclosures. In a written response, the agency said it could not discuss security issues.
“However, I can tell you that CSE constantly reviews its security posture to ensure that security policies and practices remain effective at protecting CSE’s capabilities and information,” wrote agency spokesperson Ryan Foreman in an email, noting contractors must undergo an extensive screening process that includes an in-depth interview, polygraph testing and a psychological review.
Foreman added that Snowden’s disclosures have been harmful to CSE’s operations — a line Five Eyes countries have consistently used since Snowden first revealed their activities.
Snowden remains living in exile in Moscow, but has said repeatedly said that he would return to the U.S. if he could be guaranteed a fair trial.
The 33-year-old recently joined the U.S.-based Freedom of the Press organization as a director.