British intelligence has praised Canada’s electronic spy agency for being “nimble” and more advanced in some areas than they are, notably in cybersecurity where Canada is “at the head of the pack.”
A five-year study by the British House of Commons’ Intelligence and Security committee, said Canada plays a “leading role” in cybersecurity in the Five Eyes intelligence partnership, which also includes Britain, the U.S., Australia and New Zealand.
A report by the committee on international partnerships, using testimony from spy agencies and published this month, notes that Britain has adopted a Canadian system to guard against cyberattack.
However, the findings follow a warning by The Business Council of Canada earlier this year that Canada risks being seen as a “weak link” by its allies if it does not move swiftly to mitigate economic security threats. The report, by a group representing Canada’s big employers, said there are “already troubling signs that Canada’s closest allies are taking note of our reluctance to confront growing security threats.”
The British committee, chaired by Conservative MP Sir Julian Lewis, had access to classified material and heard testimony from the heads of Britain’s intelligence agencies, including MI5, which covers domestic intelligence and national security; MI6, in charge of foreign intelligence; and Government Communications Headquarters (GCHQ), the electronic spy agency; as well as Britain’s defence intelligence arm.
The report said MI5 and MI6 “have strong working relationships with CSIS” and links between the two country’s spy agencies are “strong and trusting.”
The committee said evidence showed that the partnership between Canada’s cyberspies, the Communications Security Establishment (CSE), and GCHQ is “flourishing.”
GCHQ testified before the parliamentary committee that “Canada is really nimble, and they’re very focused on cybersecurity.”
The report said GCHQ had noted “Canada’s mature and leading role on cybersecurity within the Five Eyes.”
“Canada has been with us at the head of the pack on cybersecurity and our relationship on cybersecurity is extremely strong and deep,” GCHQ told the committee. “It’s the deepest of the Five Eyes actually and they have pioneered some things that we are using, including how you monitor for threats across government, and similarly we’ve shared capability in the other direction.”
In 2020, Britain’s National Cyber Security Centre disclosed that “our friends at the Canadian Centre for Cyber Security” had allowed it to use Canada’s Host Based Sensor technology to defend British government systems, rather than spending years developing its own.
The Canadian system places sensors on government of Canada computers that can automatically detect and stop unusual activity, including malware trying to install. It also collects data about malicious activity for analysis. The Centre for Cyber Security, part of CSE, has installed the system on more than 850,000 government of Canada devices, across 85 federal institutions.
The Five Eyes alliance, in which members agree not to spy on one another, shares intelligence and conducts joint operations, working together in some areas to develop capabilities.
Collecting and sharing “metadata,” or intercepted telecommunications trails, can expand intelligence-gathering operations.
But CSE has faced criticism from its watchdog in the past that it has unlawfully shared data with foreign allies. CSE is banned from spying on Canadians without a warrant.
The British report says in some cases, defence intelligence tasks are passed around the Five Eyes to allow 24-hour coverage, through what is known as “follow the sun working” to take advantage of different time zones, the report says.
Britain’s chief of defence intelligence gave as an example an operation where imagery analysts working at an RAF base hand the mission onto Washington, D.C., and then to Canadian partners “who will then hand on to Australian and New Zealand partners who then hand it back to us.”
The report found that Canadian Forces Intelligence Command also brings added value to the Five Eyes alliance “rather than duplicating capabilities and analyses carried out by others.”
The report said that Britain is looking at developing its space assets, enabling more satellite surveillance, allowing it to “pay more into the Five Eyes pot.”
The committee concluded that there “is little prospect” of the Five Eyes expanding its membership, for example to Japan, in the medium term, as the levels of mutual trust required by each partner “to share its most sensitive and closely guarded secrets” are such that the threshold for entry must be very high.
The report expressed concern about Britain working with countries with lower ethical standards, saying that the “U.K.–U.S. relationship was strained by U.S. actions involving cruel, inhuman and degrading treatment (CIDT), torture and rendition of terrorism suspects” in the early 2000s. The report refers to detention at Guantanamo Bay.
The committee criticized former British foreign secretary Dominic Raab, who they said misled it when he said he had never authorized action that carried a risk of torture.
The report said it later received information that “revealed that the then-foreign secretary had in fact authorized action on one occasion that carried a real risk of torture – even though assurances were sought, they did not reduce the risk down to less than a real risk of torture.”
He had also authorized action, the report said, that carried a real risk of cruel, inhuman and degrading treatment – three times in 12 months – and action that carried a risk of other unacceptable treatment, for example during arrest and detention, on 22 occasions within 12 months.