Go to the Globe and Mail homepage

Jump to main navigationJump to main content

The new Communications Security Establishment Canada complex in Ottawa. (Sean Kilpatrick/The Canadian Press)
The new Communications Security Establishment Canada complex in Ottawa. (Sean Kilpatrick/The Canadian Press)

The Globe goes inside Canada’s top-secret spy agency Add to ...

No cellphones, no recording devices, no computers.

No names.

The seven officials at the boardroom table insist that their identities cannot be published – the risk, one explains, is that they would become targets of a “hostile foreign intelligence service.”

Given the top-secret nature of their work, that request is understandable. That this conversation is taking place at all is unprecedented – and, to use one official’s word, “uncomfortable.”

Outsiders rarely interact directly with professional spies at the Communications Security Establishment of Canada. Yet inside CSEC’s gleaming new $1-billion headquarters in Ottawa’s east end, those engaged in “signals intelligence” are desperate to defend their craft amid a string of controversial disclosures.

Among them: that CSEC spied on Brazil’s energy sector; that it tracked devices that used wireless Internet at a Canadian airport; and that it collaborated nearly 300 times over the course of four years with domestic law-enforcement agencies.

All of this has prompted fears that Canada’s deep-pocketed spying juggernaut is defying personal freedoms at home, not just keeping tabs on threats in foreign countries.

Amplified in no small part by the ongoing Edward Snowden leaks, it has also prompted a public debate once reserved for privacy critics and information-technology experts.

As we sit in the CSEC boardroom, Defence Minister Rob Nicholson is being grilled 10 kilometres away on Parliament Hill by Opposition MPs pressing him for details of CSEC’s spying operations. (Three days later, agency “chief” John Forster was forced to defend his agency’s actions to a parliamentary committee suddenly trying to understand the finer points of “signals intelligence” work.)

After 68 years of working in the shadows, in other words, CSEC now finds itself in the spotlight – a glare that could lead to more oversight and less funding if critics get their way.

Over the course of a two-hour-long conversation with The Globe and Mail – the first public conversation by professional Canadian spies about modern surveillance methods – the federal agents set out to explain what they can about their work.

Three dark-suited men in their 30s – an operational policy director, a cyberdefence director-general and a signals intelligence director – are pacing a windowless room.

For now, this is among the few functioning spaces inside the agency’s lavish new campus. Most of the 2,200 employees aren’t due to move until later this year. But we are here to discuss how “metadata” emanating from computers and smartphones – presumptively, Internet protocol addresses, phone logs and smartphone geolocation data – give CSEC a view of a world’s worth of communications.

The problem is that, in a broad sweep of metadata, capturing a Canadian conversation – private chat that is protected by law and accessible only with a warrant – is always a possibility.

To simplify how CSEC works, the signals-intelligence director outlines a cloud on a white board: This is the Internet. He then draws five boxes inside and labels them “covert collection sites.”

He stops short of elaborating. (Three more staffers in corporate communications and a very senior female boss are also with us, keeping a close watch on all that is being said.)

“They are positioned where they need to be,” he says.

The collection process at these covert sites begins when CSEC machinery logs global telecommunications traffic in bulk. During this first pass, the raw data arrive as an undifferentiated mess, and no one knows – or could know, if they wanted – whether any Canadian metadata are in the mix.

It’s only during the next step, “processing and analysis” that identifying information starts to be revealed – and those pesky privacy concerns begin to kick in.

CSEC computers sift out the metadata, then analysts boil them down some more. This is where telling patterns emerge, including whether Canadian data are part of the sweep. CSEC says it treats Canadian material differently, but won’t say how.

The final step is “targeting.” Now knowing rough patterns worth watching, and how to avoid Canadians, the analysts task the covert collection sites to be on the lookout for communications from identifiable groups of foreigners.

“Let’s imagine there is a hostage situation unfolding,” the signals-intelligence director says; for example, extremists in a foreign city have taken a Canadian.

He draws three interlinked circles – the captors talking on their phones.

Other federal agencies such as the RCMP and CSIS would want CSEC to get at that communications chain to find the kidnappers. “The solution to this, for us, is metadata,” he says, explaining how the agency can funnel down through massive flows.

Once analysts in Ottawa pinpoint the hostage takers’ devices, he says, it may be time to start the bugging.

Report Typo/Error
Single page

Follow on Twitter: @colinfreeze

Next story




Most popular videos »

More from The Globe and Mail

Most popular