christopher-parsons.com
Open in
urlscan Pro
192.0.78.24
Public Scan
Submitted URL: http://christopher-parsons.com/
Effective URL: https://christopher-parsons.com/
Submission: On November 08 via api from US — Scanned from IT
Effective URL: https://christopher-parsons.com/
Submission: On November 08 via api from US — Scanned from IT
Form analysis 4 forms found in the DOM
GET https://christopher-parsons.com/
<form role="search" method="get" class="search-form" action="https://christopher-parsons.com/">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Search …" value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>GET https://christopher-parsons.com/
<form role="search" method="get" action="https://christopher-parsons.com/" class="wp-block-search__no-button wp-block-search"><label class="wp-block-search__label" for="wp-block-search__input-1"><strong>Search</strong></label>
<div class="wp-block-search__inside-wrapper "><input class="wp-block-search__input" id="wp-block-search__input-1" placeholder="Search" value="" type="search" name="s" required=""></div>
</form>POST https://subscribe.wordpress.com
<form method="post" action="https://subscribe.wordpress.com" accept-charset="utf-8" style="display: none;">
<div>
<input type="email" name="email" placeholder="Enter your email address" class="actnbr-email-field" aria-label="Enter your email address">
</div>
<input type="hidden" name="action" value="subscribe">
<input type="hidden" name="blog_id" value="208797601">
<input type="hidden" name="source" value="https://christopher-parsons.com/">
<input type="hidden" name="sub-type" value="actionbar-follow">
<input type="hidden" id="_wpnonce" name="_wpnonce" value="39656b67fc">
<div class="actnbr-button-wrap">
<button type="submit" value="Sign me up"> Sign me up </button>
</div>
</form><form id="jp-carousel-comment-form">
<label for="jp-carousel-comment-form-comment-field" class="screen-reader-text">Write a Comment...</label>
<textarea name="comment" class="jp-carousel-comment-form-field jp-carousel-comment-form-textarea" id="jp-carousel-comment-form-comment-field" placeholder="Write a Comment..."></textarea>
<div id="jp-carousel-comment-form-submit-and-info-wrapper">
<div id="jp-carousel-comment-form-commenting-as">
<fieldset>
<label for="jp-carousel-comment-form-email-field">Email (Required)</label>
<input type="text" name="email" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-email-field">
</fieldset>
<fieldset>
<label for="jp-carousel-comment-form-author-field">Name (Required)</label>
<input type="text" name="author" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-author-field">
</fieldset>
<fieldset>
<label for="jp-carousel-comment-form-url-field">Website</label>
<input type="text" name="url" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-url-field">
</fieldset>
</div>
<input type="submit" name="submit" class="jp-carousel-comment-form-button" id="jp-carousel-comment-form-button-submit" value="Post Comment">
</div>
</form>Text Content
TECHNOLOGY, THOUGHTS & TRINKETS
TOURING THE DIGITAL THOUGH TYPE
Menu Skip to content
* Home
* CV
* SIGINT Summaries
* ASD Summaries
* ASD Covernames
* CSE Summaries
* CSE Covernames
* GCHQ Summaries
* GCHQ Covernames
* GCSB Codenames
* GCSB Summaries
* NSA Summaries
* NSA Covernames
* Resources
* ATIPs
* Order Paper Responses
* CATSMI Project
* Canadian Electronic Surveillance Reports
* IMSI Catchers in Canada Resources
* Links of Interest
* Miscellaneous
* About
* About
* Archives
* Contact
* RSS
Search
Search for:
HIGHLIGHTS FROM NSIRA’S 2022 ANNUAL REPORT
November 25, 2023November 26, 2023 / Christopher Parsons
The National Security and Intelligence Review Agency (NSIRA) tabled its annual
report on October 30, 2023. NSIRA is responsible for conducting national
security reviews of Canadian federal agencies, and its annual report summarises
activities that have been undertaken in 2022. The report also discusses new
policies and capacities concerning its review activities.
In this post, I summarise and discuss many of the central items in the annual
report. This includes the Agency’s approach to developing themes and
categorising recommendations, aspects of particular the reviews, how NSIRA’s
technology directorate is developing, the ways in which NSIRA is maturing how it
measures engagements with reviewed agencies and associated confidence ratings,
and its international engagements.
Significantly, this annual report includes several explicit calls for
legislative review as pertain to complaints investigations. It is, also,
possible that the Agency may be building an evidence-based argument for why law
reform may be needed to ensure that NSIRA can obtain adequate access to
information or materials to conduct reviews of some government agencies.
THEMES AND CATEGORISATION OF RECOMMENDATIONS
NSIRA has been developing and issuing recommendations to government institutions
for multiple years. The result is that the Agency can begin to categorise the
kinds of recommendations that it is issuing. Categorisation is helpful because
it can start to reveal trends within and across reviewed institutions and, then,
enable those institutions to better focus their efforts to update organisational
practices. Moveover, with this information NSIRA may generally be able to
monitor for substantive changes in common problem areas both within and across
reviewed agencies.
The following table re-creates the categorisation descriptions in NSIRA’s annual
report(see: page 3).
Theme Topics Governance
* Policies, procedures, framework and other authorities
* Internal oversight
* Risk management, assessment and practices
* Decision-making and accountability, including ministerial accountability and
direction
* Training, tools and staffing resources
Propriety
* Reasonableness, necessity, efficacy and proportionality
* Legal thresholds and advice, compliance and privacy interests
Information management and sharing
* Collection, documentation, tracking, implementing, reporting, monitoring and
safeguarding
* Information sharing and disclosure
* Keeping and providing accurate and up-to-date information, timeliness
This tripartite division lets NSIRA categorise all of the different
recommendations it has made in its 2020, 2021, and 2022 annual reports, which
has the effect of showcasing trends over the years. I have republished NSIRA’s
chart denoting these trends, below.
ANALYSIS OF THEMES AND CATEGORISATION OF RECOMMENDATIONS
I can’t immediately think of items that do not fit in the categories that NSIRA
has developed, though it will be interesting to observe over time whether this
categorisation will continue to capture all possible types of recommendations.
Further, with this categorisation schema now in hand, will this affect the
crafting of recommendations so that they clearly ‘fit’ within each of these
categories? Will single recommendations sometimes fit within multiple
categories? Or is it possible that additional categories may be developed based
on future recommendations?
I can see the strong utility of this, generally, for organisations — be they
government or non-government — to track the kinds of recommendations they are
making. It could both assist with internal tracking and governance measures
while, also, focusing in on the core classes of issues that are being found
within and across organisations that are under review, or otherwise subject to
external examinational or critique.
REVIEWS
The reviews section of NSIRA’s annual report summarises the reviews that the
Agency has undertaken over the past year, with those full reports generally
available on NSIRA’s website.1
REVIEWS OF CSIS ACTIVITIES
NSIRA provides a range of different statistics concerning CSIS’ activities,
including those concerning:
* Warrants that are sought
* Threat Reduction Measures (TRMs)
* CSIS targets
* Dataset evaluation and retention
* Justified commissions of activities that otherwise would involve committing
or directing the committing of unlawful acts
* Compliance incidents
In what follows I identify noteworthy aspects of the statistics and associated
narratives provided. First, warrants sought by CSIS may be used “to intercept
communications, enter a location, or obtain information, records or documents.
Each individual warrant application could include multiple individuals or
request the use of multiple intrusive powers.” It is worth highlighting that
NSIRA has explicitly stated in footnote 15 that:
> A number of warrants issued during this period reflected the development of
> innovative new authorities and collection techniques, which required close
> collaboration between collectors, technology operators, policy analysts and
> legal counsel.2
Warranted authorisations were granted under section 12,3 16,4 and 21 5 of the
CSIS Act as well as two authorisations under section 11.13 6. The total number
of warrants that have been sought and approved are in line with previous years’
statistics, standing at 28, with 6 being new, 14 being replacements, and 8 being
supplemental.
TRMs can be sought and exercised without requiring judicial authorisation, so
long as the activity in question does not “limit a right or freedom protected by
the Canadian Charter of Rights and Freedoms or would otherwise be contrary to
Canadian law”. Warrants are required when an activity would conflict with
Charter rights or Canadian law. The number of authorisation sought (16) was
about in the middle of the lower (10) and upper (24) bounds of requested
authorisations in previous years, and executed TRMs (12) is similarly in the
middle of the lower (8) and upper (19) bounds of past years’ statistics.
CSIS targets have declined over the past 5 years, moving from 430 targets in
2018 to 340 in 2022. However, this number can be misleading on the basis that a
target could be for an individual or a group composing many people.
CSIS continues to notify NSIRA about judicial authorisations or ministerial
authorisations to collect Canadian or foreign datasets, in excess of what the
Service is required to do under the law. Generally, the statistics show that
evaluated datasets tend to be retained and neither the Federal Court, Minister,
or Intelligence Commissioner have denied CSIS the ability to retain evaluated
datasets.
There have been considerable increases in the number of authorizations to CSIS
personnel to undertake activities that involve “committing an act or omission
themselves (commissions by employees)” or directing “another person to commit an
act or omission (directions to commit) as a part of their duties and functions.”
Relatedly, there have also been more commissions/directions to commit that have
been recorded. Statistics are denoted in the below table, which was produced by
NSIRA.
Finally, the compliance information provided by NSIRA shows a growing breakdown
of the ways in which CSIS activates can found to be non-compliant with either
Canadian law, the Charter, warrant conditions, or CSIS governance practices.
ANALYSIS OF CSIS ACTIVITIES
A few things clearly drew my attention.
1. It is unclear what the new warranted authorities or collection activities
have involved, but the listing of parties involved in developing these
suggest that there may be a notable expansion in CSIS capabilities.
2. It might be helpful in future reports to have a footnote explaining the
difference between new, replacement, and supplemental warrants. The last
item, in particular, is a term that I’m not familiar with, which suggests
that many others reading these reports who are not national security
insiders or legal experts may have similar questions.
3. That no judicially supervised TRMs have been undertaken is notable and
suggests that these measures may not yet have risen to concerns raised by
some civil society and other actors. In particular, past concerns have
focused on how how these techniques could affect residents of Canada and
their Charter rights.
4. We still lack clear an understanding of what, precisely, is being evaluated
or retained by CSIS when it collects datasets and subsequently analyses
them. This remains a significant blindspot and prevents the public or
legislators from clearly understanding what, exactly, CSIS can do (or is
doing) with retained datasets.
5. The justifications framework makes clear that more and more activities are
being undertaken which would, otherwise, be unlawful. It is an open question
whether these activities may impede the ability of federal law enforcement,
or other parties, to use the Criminal Code (or other legislation) to take
action against individuals or groups in Canada who have been targeted by
CSIS. Specifically, what (if any) relationship is there between these
justified activities undertaken by CSIS and the One Vision 3.0 framework
between the RCMP and CSIS?
COMMUNICATIONS SECURITY ESTABLISHMENT
NSIRA undertook two reviews of CSE activities, including about Active Cyber
Operations (ACO) and Defensive Cyber Operations (DCO), and of an undisclosed
foreign intelligence activity.
NSIRA found that “ACOs and DCOs that CSE planned or conducted during the period
of review were lawful and noted improvements in GAC’s assessments for foreign
policy risk and international law” and as well as that “CSE developed and
improved its processes for the planning and conduct of ACOs and DCOs in a way
that reflected some of NSIRA’s observations from the governance review.”
However, “NSIRA faced significant challenges in accessing CSE information on
this review. These access challenges had a negative impact on the review. As a
result, NSIRA could not be confident in the completeness of information provided
by CSE.“7
The CSE collection activity is not described in any detail, though NSIRA
“identified several instances where the program’s activities were not adequately
captured within CSE’s applications for certain ministerial authorizations.”
NSIRA has had challenges with its reviews of CSE’s operations since the Agency’s
establishment. In 2022, this led to NSIRA’s Chair meeting with the Minister of
National Defence “to discuss ongoing issues and challenges related to NSIRA
reviews of CSE activities.”
The NSIRA annual report includes an extensive set of statistics about the CSE’s
activities. To begin, there has been an additional cybersecurity as well as
active cyber operations authorisation in 2022 versus 2021, with the effect that
there are now:
* 3 foreign intelligence authorisations
* 3 cybersecurity — federal and non-federal — authorisations
* 1 DCO authorisation
* 3 ACO authorisations
We can expect that at least some of these may be linked to the Canadian
government’s (and CSE’s) efforts to help Ukraine in its fight against Russia’s
illegal war of aggression. However, the general breadth of Ministerial
Authorisations are such that any new ones will cover off large categories of
activities which could be undertaken in a variety of situations or locations.
My colleague, Bill Robinson, may be pleased to see that CSE is authorising NSIRA
to identify the number of reports CSE is releasing (3,185 in 2022), to the
number of agencies/departments (26 in 2022), and the number of clients within
departments/agencies (1,761 in 2022). He will likely be less pleased to see (as
am I) that CSE refuses to release statistics concerning:
* The regularity at which information relating to a Canadian or a person in
Canada, or “Canadian-collected information” is included in CSE’s end-product
reporting
* The regularity at which Canadian identifying information (CII) is suppressed
in CSE foreign intelligence or cyber security reporting
* The number of DCOs or ACOs which were approved, and carried out, in 2022
The regularity at which CII information was released, however, was provided for
Government of Canada requests (657) and Five Eyes requests (62). There was an
aggregate decrease from 831 requests in 2021 to 719 requests in 2022, with CSE
denying 65 of the 2022 requests and 51 of the requests still being processed.
There were more privacy incidents registered by CSE itself (114 in 2022 versus
96 in 2021) and a reduction in second-party incidents (23 in 2022 versus 33 in
2021). No specific information about the nature of the incidents are provided.
There was a large number of cyber incidents that were opened by the Canadian
Centre for Cyber Security. This included 1,070 affecting federal institutions
and 1,575 affecting critical infrastructure.
While not as detailed as past work by Canadian reporters, which once identified
how many times CSE provided assistance to specific federal partners, NSIRA’s
2022 annual report does continue to disclose how frequently CSE receives
requests for assistance. In 2022 it received 62 requests (up from 35 in 2021),
with 1 cancelled and 2 denied, resulting in 59 being approved.
ANALYSIS OF CSE ACTIVITIES
There are numerous things that are of note in the section of CSE.
1. Despite having reviewed ACO and DCO activities, NSIRA was unable to be
confident of the information it had been provided when conducting the
review. Put differently, we should take the outputs of the review with a
grain of salt, and this matters both on a governance level as well as
because ACOs and DCOs have the potential to be extremely impactful to
individuals’ Charter or human rights.8
2. Issues between NSIRA and CSE have risen to the level that the Chair of NSIRA
and Minister of National Defence are meeting. This is suggestive that issues
could not be resolved at the senior staff level despite years of effort to
do so. Escalating this to the Minister is about as high-level a complaint or
concern that NSIRA can raise within the government hierarchy.
3. A mainline privacy concern is how frequently CII is being collected and,
subsequently, included in reporting. That CSE continues to refuse to provide
statistics on how often it is being suppressed impedes the public’s and
politicians’ abilities to understand how much ‘incidental’ collection of CII
occurs in the course of the CSE’s activities. A similar complaint can be
made concerning CSE’s refusal to release statistics about the regularity at
which information related to a Canadian or person in Canada, or
“Canadian-collected information” is included in end-product reporting. This
issue has even greater salience given that Bill C-26, which addresses
critical infrastructure and cybersecurity, is currently at Committee. If
passed into law, even more CII or information related to Canadian persons
could be obtained by CSE.
4. It is unclear whether critical infrastructure incidents opened with the
Cyber Centre included just federally regulated institutions or all critical
infrastructure providers (including those under provincial jurisdiction).
The effect is to impair an understanding of how much work CSE is undertaking
on behalf of provinces (or to support provinces in protecting
infrastructure) .
5. There has been an explosion in how frequently CSE is providing assistance to
other federal partners, but it is unclear who specifically is receiving the
assistance or to what effect. While the expansion may be linked to the war
between Ukraine and Russia, there may be other factors at play which are
hidden from the reader due to how NSIRA is permitted to disclose information
in its annual report.
OTHER DEPARTMENTS
NSIRA also conducted reviews of the Department of National Defence and the
Canadian Armed Forces (DND/CAF), Canadian Border Services Agency (CBSA), and
mandated annual reviews under the Security of Canada Information Disclosure Act
(SCIDA) and Avoiding Complicity in Mistreatment by Foreign Entities Act (ACA).
Key points include:
* The DND/CAF review saw NSIRA conclude that DND/CAF’s human source handling
actives may be being undertaken in ways that are, in NSIRA’s opinion,
potentially unlawful. The Minister disagreed, with NSIRA believing that the
Minister’s conclusion was a result of applying an inappropriately narrow
interpretation of the facts and the law. Further work will continue on this
file.
* CBSA’s air passenger targeting review found areas needing improvement,
including surrounding documentation practices, and demonstrating adequate
justification for its selection of indicators as signals for increased risk.
* GAC was found to need to improve on its disclosure policies under SCIDA, on
the basis that GAC “did not meet the two-part threshold requirements of the
SCIDA before disclosing the information, which was not compliant with the
SCIDA.”
* The definition of “significant risk” related to avoiding complicity in
mistreatment by foreign entities does not exist in legislation, which
continues to create challenges. NSIRA is calling for this to be addressed in
future legislative reform. Moreover, neither the CBSA or Public Safety Canada
have fully implemented a framework under the ACA.
* NSIRA has moved to begin closing certain ongoing work or not ultimately
produce a final report to a Minister. Other work–including a NSIRA review of
how the RCMP handles encryption in the interception of privacy communications
in national security criminal investigations–has been deconflicted, given the
activities of other review and oversight bodies such as the National Security
and Intelligence Committee Of Parliamentarians (NSICOP).
ANALYSIS OF OTHER DEPARTMENTS
1. This is not the first time that the activities undertaken by DND/CAF have
been subject to critique, such as NSIRA’s assessment of the Canadian Forces
National Counter-Intelligence Unit. NSIRA’s ability to examine some of these
activities continues to showcase the importance of having a review agency
that can comprehensively undertake review across all national security
bodies. Moreover, that it is flagging review areas (e.g., the 2020 annual
report noted that additional reviews had been initiated/planned, including
on DND/CAF’s HUMINT capabilities) and following through speaks well to
NSIRA’s ability to meet its commitments.
2. There are real risks to individuals when agencies inadequately comply with
the ACA. As I have written previously, without adequate frameworks there is
a concern that “some agencies will continue to obtain information from, or
disclose it to, foreign states which are known to either use information to
facilitate abuses, or that use torture or other mistreatment to obtain the
information that is sent to Canadian agencies. Which agencies continue to
support information sharing with these kinds or states, and their rationales
for doing so, should be on the record so that they and the government more
broadly can be held accountable for such decision making.”
3. It’s worth highlighting that NSIRA is calling for legislative reform to
create the definition of “significant risk” concerning the ACA.
4. Decisions to close certain reviews–or at least not issue a report to a
relevant Minister–reveals a growing maturity within NSIRA as it develops
policies and procedures on how to advance its work. I am curious as to
whether a decision to not issue a report to a Minister may, still, result in
functional improvements in how government agencies undertake select national
security activities. Further, the NSICOP report on the RCMP’s handling of
encryption will be important to read once it is published given the
longstanding debate in Canada over encryption and encryption policies.
TECHNOLOGY DIRECTORATE
NSIRA continues to build up its internal technical capabilites, with its team
now including engineers, computer scientists, technologists and technology
review professionals. The mandate of the Directorate is expansive, and includes:
* Lead the review of Information Technology (IT) systems and capabilities
* Assess a reviewed entity’s IT compliance with applicable laws, ministerial
direction and policy
* Conduct independent technical investigations
* Recommend IT system and data safeguards to minimize the risk of legal
non-compliance
* Produce reports explaining and interpreting technical subjects
* Lead the integration of technology themes into yearly NSIRA review plans
* Leverage external expertise in the understanding and assessment of IT risks
* Support assigned NSIRA members in the investigation of complaints against
CSIS, CSE or the RCMP when technical expertise is required to assess the
evidence
The Directorate has 3 employees, as well as a cooperative education student and
2 external researchers. It has also built out links with academic researchers.
In the coming year, it will continue to grow the number of employees, support
ongoing education, and engage external researchers to build capacity. Curiously,
the Directorate also intends to “prioritize unclassified research on a number of
topics, including open-source intelligence, advertising technologies and
metadata (content versus non-content data).”
ANALYSIS OF TECHNOLOGY DIRECTORATE
Generally, I am interested in how this Directorate is being developed and the
processes that are being established for it to succeed. Specifically, how are
external researchers are identified and leveraged? How has the external academic
network been (or is being) developed? Answers to these questions could provide
lessons for other regulators with different areas of responsibility but which
possess (or are building) comparable technology teams.
The specifically stated areas of non-classified research is worth paying
attention to. OSINT is a growing focus for national security and has been an
area of invite-only meetings amongst Canadian national security practitioners
over the past years. The topic area is, also, complicated by some guidance from
the Privacy Commissioner of Canada, Treasury Board’s Privacy Implementation
Notice 2023-03, and more generally by the United States’ Office of the Director
of National Intelligence’s report on Commercially Available Information. This
same report may, also, have overlaps with why NSIRA is interested in
unclassified work concerning advertising technologies.9
ENGAGEMENTS WITH REVIEWEES AND CONFIDENCE STATEMENTS
NSIRA tracks a number of variables that are used to understand the nature of its
relationships with reviewed agencies and, also, due to some challenges with
particular reviewed agencies has had to develop confidence ratings. These
ratings are used to assess how confident NSIRA is in the comprehensiveness and
accuracy of the materials it receives from reviewed bodies. The annual report
serves to summarise the state of things during 2022.
When discussing engagements with reviewees, NSIRA has adopted a common
text-template while, also, adding narrative text that contextualises whether the
Agency is experiencing challenges with reviewed bodies. The variables that NSIRA
reports on include:
* Access to on-site office space
* Whether lack of on-site access is an issue
* Direct access to network resources or files of reviewed bodies
* Whether there is an issue associated with how access to network resources or
files is performed by a reviewed body
* Whether information is produced to NSIRA in a timely manner
* Overall whether the engagements are good, improving, or bad.10
I try to summarise the state of engagements with reviewed bodies in the below
table.
Agency Office Space Space Issue? Network Access Access Issue? Timeliness Good /
Improving / Bad CSIS Y N Y N Y Good CSE Y ? Partial Y/? Partial Improving from
bad DND/CAF Y N Y N Partial Good and improving RCMP Y N N N Partial Improving
GAC N N N N Y Good CBSA N N(?) N N Partial Good
NSIRA is now tracking delays when it requests information from reviewed bodies
and has a three-part process of sending advisory letters to senior bureaucrats
and, ultimately, Ministers when delays persist. Advisory letters were used 5
times in 2022, with 3 having been sent to CSE and 2 to RCMP. There is no
explicit indication as to whether these letters were to senior bureaucrats or to
the Minister.11
Moreover, NSIRA has expanded the criteria to assess the responsiveness and
ability to verify information. These include the following criteria:
* Timeliness of responses to requests for information
* Quality of responses to requests for information
* Access to systems
* Access to people
* Access to facilities
* Professionalism
* Proactiveness
ANALYSIS OF ENGAGEMENTS WITH REVIEWEES AND CONFIDENCE STATEMENTS
While I appreciate that there may be sensitivities in presenting a table that
summarises the nature of NSIRA’s engagements with reviewed agencies, it might be
helpful to consider including in the future as more data is accumulated so that
NSIRA can provide year-over-year comparisons. Information in this format may be
particularly useful to identify areas of improvement for Ministers or their
deputies.
NSIRA is, also, clearly trying to mature its confidence statement process. We
have moved from what was a ‘tripwire system’ in the 2020 report to a much more
robust way to collect, and present, information about the behaviour of reviewed
bodies. How this affects confidence statements may be the next step in this
maturity process.
OTHER ITEMS
COMPLAINTS INVESTIGATIONS
NSIRA discusses that it is developing processes to more quickly address
complaints that it receives. There are two particular calls for law reform
around investigations.
1. [A]n allowance for NSIRA members to have jurisdiction to complete any
complaint investigation files they have begun, even if their appointment
term expires.
2. Broadened rights of access to individuals and premises of reviewed
organizations to enhance verification activities.
Notably, NSIRA is calling for enhanced education–not new powers–with regards to
increasing awareness of its mandate around complaints. The Agency writes that,
> … members do not have the ability to make remedial orders, such as
> compensation, or to order a government department to pay damages to
> complainants. NSIRA continues to make improvements to its public website to
> raise this awareness and better inform the public and complainants on the
> investigations mandate and investigative procedures it follows.
ANALYSIS OF COMPLAINTS INVESTIGATIONS
First, the calls for legislative reform suggest that there has been an issue
with a retiring member not being able to complete a file, which added to the
transaction costs of handling an investigation, as well as challenges in being
able to verify information or activities.
Second, that education and awareness is being called for with regards to
members’ abilities and powers, as opposed to calling for new powers, may be
indicative of where NSIRA is prioritising its present legislative law reforms.
It may, also, speak to NSIRA not wanting to expand its mandate with regards to
complaint processes at the present moment in time.
NSIRA PARTNERSHIPS
NSIRA continues to develop international partnerships and meet with other review
bodies, including: the Five Eyes Intelligence Oversight and Review Council, the
UK’s Investigatory Powers Commissioner’s Office, Australia’s Inspector-General
of Intelligence and Security, the International Intelligence Oversight forum, as
well as visiting with the Norwegian Parliamentary Oversight Committee on
Intelligence and Security Services, Danish Intelligence Oversight Board, the
Netherlands’ Review Committee on the Intelligence and Security Services, and the
Swiss Independent Oversight Authority for Intelligence Activities.
NSIRA is also engaging with NSICOP, the Civilian Review and Complaints
Commissioner for the RCMP, and the Office of the Intelligence Commissioner,
along with legal professionals who are members of other agents of Parliament.
On a technology front, NSIRA has engaged the Privacy Commissioner’s Technology
Analysis Directorate, AI technology team at the Treasury Board’s Office of the
Chief Information Officer, and the Canadian Digital Service. Finally, the
Technology Directorate is specifically identified as responsible for continuing
to develop “domestic and international partnerships, including expanding its
network with academics, civil society and commercial leaders to ensure key
technological issues factor into its approaches.”
ANALYSIS OF NSIRA PARTNERSHIPS
NSIRA is clearly engaging internationally and domestically to learn about, and
potentially share, best practices and techniques for engaging with regulated
entities. That NSIRA began to host international meetings in the fall of 2023
speaks well to its growing capacity and involvement amongst its peers.
CONCLUSION
NSIRA has produced another helpful annual report that explains a great deal to
the public, and especially to those who have read and assessed many of the
annual reports over the years. In particular, the continuing focus on
process–how much access NSIRA has to reviewed agencies’ materials, the
timeliness of that access, and quality of the engagements–is important should
the Government of Canada move forward to consider law reform.
Law reform should, generally, be seen as a last-step measure when it comes to
addressing issues between different government agencies. However, should NSIRA
continue to suffer challenges in fulfilling its mandate due to lack of access to
relevant review materials then changes should likely be considered when the
government moves to introduce national security-related law reform.
--------------------------------------------------------------------------------
Footnotes:
1. Reviews which have not completed a declassification process, or for which
there are no plans to declassify, are not available on NSIRA’s webpage. ↩︎
2. Boldface not in original. ↩︎
3. Per Public Safety Canada, “Section 12 of the CSIS Act mandates CSIS to
collect and analyse intelligence on threats to the security of Canada, and,
in relation to those threats, report to, and advise the Government of
Canada. These threats are defined in the CSIS Act as espionage or sabotage;
foreign influenced activities that are detrimental to the interests of
Canada; activities directed toward the threat or use of acts of serious
violence; and, activities directed toward undermining the system of
government in Canada.” ↩︎
4. Per Public Safety Canada, “Section 16 of the CSIS Act authorizes CSIS to
collect, within Canada, foreign intelligence relating to the capabilities,
intentions or activities of any foreign state or group of foreign states,
subject to the restriction that its activities cannot be directed at
Canadian citizens, permanent residents, or corporations.” ↩︎
5. (Per Public Safety Canada, “Section 21 of the CSIS Act authorizes CSIS to
apply for a warrant to conduct activities where there are reasonable
grounds to believe that a warrant is required to enable CSIS to investigate
a threat to the security of Canada or perform its duties and functions
pursuant to Section 16 of the CSIS Act. The CSIS Act requires that the
Minister of Public Safety approve warrant applications before they are
submitted to the Federal Court.” ↩︎
6. Judicial authorisation to retain a Canadian dataset ↩︎
7. Emphasis not in original. ↩︎
8. For more, see: “Analysis of the Communications Security Establishment Act
and Related Provisions in Bill C-59 (An Act respecting national security
matters), First Reading (December 18, 2017)“, pages 27-31 ↩︎
9. In the United States, Senator Ron Wyden has continued to raise the alarm
that commercial advertising and surveillance networks could endanger
American national security. I fully expect the same threat to exist to
Canadians as well. ↩︎
10. Note: on this last item, I am taking liberties in reading between the lines
to some extent in how I am categorising the nature of the engagements.
NSIRA does not make such a blunt assessment of the status of their
engagements. ↩︎
11. Given that a meeting did take place between the Minister of National
Defence and the Chair of NSIRA, this suggest at least one of the letters to
CSE may have been to the Minister. ↩︎
FINDING YOU: THE NETWORK EFFECT OF TELECOMMUNICATIONS VULNERABILITIES FOR
LOCATION DISCLOSURE
November 1, 2023November 1, 2023 / Christopher Parsons
Last week, I published a report with Gary Miller and the Citizen Lab entitled,
“Finding You: The Network Effect of Telecommunications Vulnerabilities for
Location Disclosure.” I undertook this research while still employed by the
Citizen Lab and was delighted to see it available to the public. In it, we
discuss how the configuration and vulnerabilities of contemporary
telecommunications networks enables surveillance actors to surreptitiously
monitor the location of mobile phone users.
The report provides a high-level overview of the geolocation-related threats
associated with contemporary networks that depend on the protocols used by 3G,
4G, and 5G network operators, followed by evidence of the proliferation of these
threats. Part 1 provides the historical context of unauthorized location
disclosures in mobile networks and the importance of the target identifiers used
by surveillance actors. Part 2 explains how mobile networks are made vulnerable
by signaling protocols used for international roaming, and how networks are made
available to surveillance actors to carry out attacks. An overview of the mobile
ecosystem lays the foundation for the technical details of domestic versus
international network surveillance, while the vectors of active versus passive
surveillance techniques with evidence of attacks shows how location information
is presented to the actor. Part 3 provides details of a case study from a media
report that shows evidence of widespread state-sponsored surveillance, followed
by threat intelligence data revealing network sources attributed to attacks
detected in 2023. These case studies underscore the significance and relevance
of undertaking these kinds of surveillance operations.
Deficiencies in oversight and accountability of network security are discussed
in Part 4. This includes outlining the incentives and enablers that are provided
to surveillance actors from industry organizations and government regulatory
agencies. Part 5 makes clear that the adoption of 5G technologies will not
mitigate future surveillance risks unless policymakers quickly move to compel
telecommunications providers to adopt the security features that are available
in 5G standards and equipment. If policymakers do not move swiftly then
surveillance actors may continue to prey upon mobile phone users by tracking
their physical location. Such a future paints a bleak picture of user privacy
and must be avoided.
Download a ,pdf version of “Finding You: The Network Effect of
Telecommunications Vulnerabilities for Location Disclosure
NSICOP’S 2022 ANNUAL REPORT
August 4, 2023 / Christopher Parsons
Photo by Pixabay on Pexels.com
On July 19, 2023 the National Security and Intelligence Committee of
Parliamentarians (NSICOP) released its annual report. The report continues the
committee’s work of providing transparency around a number of the national
security activities which are undertaken by the Government of Canada. This
report assumes heightened importance because NSICOP’s authorizing legislation is
now expected to undergo a 5-year review; this report is helpful in understanding
what kinds of legislative reforms the Committee, itself, believes are important
so as to maintain or enhance Canadian residents’ trust in the country’s national
security agencies.
In this post I summarize the challenges that NSICOP believes face it, its
proposed legislative reforms, and then briefly itemize notable aspects of
reviews that are either underway or which have been concluded. Ultimately I
believe that we can firmly state that NSICOP’s work has revealed important
aspects of the Canadian national security community’s operations that were
hitherto secret and, as such, the Committee’s members and staff are to be
congratulated on their efforts over the past five years.
CHALLENGES FACING NSICOP
NSICOP is reporting two key challenges.
First the government is not legislatively required to reply to the
recommendations that are included in NSICOP’s reports. These recommendations are
issued with the intent of “strengthening the policies, operations and
accountability of the security and intelligence community.” While they may
sometimes require the federal government to undertake additional activities
NSICOP is hardly a ‘gotcha’ review body.
To its credit the government has begun to respond to some recommendations but
the majority of those made by NSICOP have yet to be publicly taken up. Beyond
indicating the effectiveness of NSICOP’s work—and thus ensuring that the public
knows that NSICOP isn’t a paper tiger—responses from the government are
important for unmasking some of the secrecy surrounding national security
activities. Residents of Canada largely lack insight into the government’s
national security policies. NSICOP’s recommendations, and how the government
responds to them, provide some degree of light into an otherwise very dark and
shadowy world.
Second the Committee is warning (again) that there is a serious issue around
obtaining information to which the Committee is lawfully entitled. There are
three stated situations where information is not being disclosed to NSICOP:
1. Some departments have cited reasons outside the statutory exceptions found
in the National Security and Intelligence Committee of Parliamentarians Act
for not providing information that the Committee requested in past reviews
2. Some departments selectively refused to provide relevant information, such
as a departmental study, despite the Committee’s right of access under its
enabling legislation
3. The Committee is concerned that an overbroad legal definition of what
constitutes a Cabinet confidence has had an impact on the Committee’s
reviews
For any review agency to function it requires access to information that it is
lawfully entitled to obtain, so as to assess agencies’ activities and provide
meaningful recommendations or take other actions under its mandate. It is
concerning that, in at least some cases, NSICOP reports that information it
sought directly from organizations was only discovered through different
sources, be they indirectly from third-party organizations or even from records
released publicly under the federal Access to Information and Privacy regime.
Readers would be advised to consider the implications of the challenges facing
NSICOP, and then place them alongside recent efforts by the National Security
Intelligence Review Agency (NSIRA) to include a confidence statement with its
recent reports due to NSIRA’s own challenges in sometimes obtaining the
information it required to undertake its legislatively-mandated review
functions. That both agencies have reported challenges in accessing documents
raises questions about the review maturity of organizations which are now
subject to national security review.
PROPOSED LEGISLATIVE REFORM
From a legislative reform standpoint, NSICOP is indicating that it will make two
central submissions when called to discuss reforms to the NSICOP Act.
First, it will ask that the NSICOP Act be reformed to confirm that the Committee
and its members can get improved access to information and, also, be able to
better exchange information with other review bodies. This latter call—improved
exchange of information—is notable and worth considering: where regulated
agencies can coordinate amongst themselves it is imperative that their review
agencies can, similarly, coordinate and exchange information. Such exchanges
between review agencies serve multiple purposes, including:
* sharing information relevant to a review
* enabling better deconfliction processes
* letting review agencies better coordinate when they are simultaneously
examining the same subject from the slightly different perspectives
associated with their respective mandates.
Second, NSICOP is stating that it will request legislative changes to better
align its composition with the United Kingdom’s Intelligence and Security
Committee (ISC). Specifically, NSICOP believes that becoming a body of
Parliament (and not of the executive branch) would “enhance the independence and
efficiency of the Committee.”
For clarity, the UK’s ISC is a committee of Parliament with a statutory
responsibility for the oversight of the UK intelligence community. In shifting
to this model NSICOP would no longer operate within the executive branch—and,
thus, perceived as being subject to executive capture—and enable members of the
public as well as parliamentarians to recognize that the Committee’s members
were not being gagged or otherwise manipulated by merit of NSICOP being housed
within the executive branch.
The decision to create NSICOP as an executive branch body was seen at the time
as a way to slowly develop trust and capacity between parliamentarians and
reviewed intelligence agencies, as well as guaranteeing that parliamentarians
did not inappropriately handle information. Some who once called for NSICOP to
be within the executive have, since, shifted perspectives and believe it should
be turned into a parliamentary body. It remains unclear, however, whether the
federal government similarly believes this would be an appropriate modification
to NSICOP.
Both of these reforms would constitute significant shifts in the ability of the
Committee to undertake its activities and will deserve careful and close
thought, and assessments of the extents to which these reforms would genuinely
enhance NSICOP’s capacity to fulfill its mandate.
RECENT AND UNDERWAY REVIEWS
2022 saw NSICOP complete or initiate a number of notable reviews. These include:
* A Special Report on the Government of Canada’s Framework to and Activities to
Defend its Systems and Networks from Cyber Attack (Completed)1
* A Special Report on the National Security and Intelligence Activities of
Global Affairs Canada (Completed)
* A review of the lawful interception of communications of security and
intelligence organizations and the “going dark” challenge (Ongoing)
* A review of the RCMP’s Federal Policing mandate (Ongoing)
None of NSICOP’s proposed reviews in 2022 were deemed injurious to national
security, nor was information denied to the Committee based on these grounds.
Twelve agencies were required to provide a copy of their annual reports as
required under the Avoiding Complicity in Mistreatment by Foreign Entities Act.
Twelve provided them to NSICOP, though they are not reviewed or assessed in the
annual report.
NSICOP did not receive any referrals by minister of the Crown to undertake a
review of a national security or intelligence matter.
A SPECIAL REPORT ON THE NATIONAL SECURITY AND INTELLIGENCE ACTIVITIES OF GLOBAL
AFFAIRS CANADA
This special report was tabled in November 2022. The annual report notes that
“significant weaknesses” were found around Global Affairs Canada’s (GAC)
internal governance of its foreign policy coherence role. Namely, this included
a lack of “policies and few oversight committees” which NSICOP worried “may
introduce weaknesses into the government’s assessment of foreign policy risk.”
There were, also, concerns around the lack of Ministerial direction about how
GAC collected intelligence around the world. There was also no formal process by
which GAC informed its Minister of how it plays a role in relation to CSIS’
collection of intelligence. Relatedly, NSICOP was concerned by “the near total
absence of governance and formalized reporting to the minister regarding GAC’s
facilitator role.”
One of GAC’s key roles is to coordinate the government’s response to terrorist
hostage taking. However, NSICOP found that:
> GAC has a three-person team that supports an interdepartmental task force, but
> in twenty years the Department has done little to prepare for these incidents:
> there is no policy framework, no training, and no routine tabletop simulation
> exercises for the task force.
>
> …
>
> At best, GAC convenes implicated departments with much greater operational
> roles and specific accountabilities, and works to build a coherent approach
> without authority to direct a whole-of-government response. Part of the
> challenge is one of the Department’s own making: over the past 10 years, it
> has not developed the necessary policy, operational and training mechanisms
> for implicated government organizations to respond to such events coherently.
> Notwithstanding these gaps, the most significant problem is political:
> successive governments have failed to provide direction for a framework to
> address such critical incidents or provide specific direction on individual
> cases. Together, these challenges undermine the ability of the Department and
> its security and intelligence partners to respond effectively to
> hostage-takings.
Upon receiving the review GAC committed to reforms to respond to the issues
identified by NSICOP.
SUMMARIES AND RECOMMENDATIONS OF PRIOR REVIEWS
NSICOP’s annual report helpfully provides a listing of past reports that it has
undertaken and allocates a page to each review. These summarize the issues taken
up in a given report, identify the associated recommendations, and clarify the
extent to which the government has (or has not) responded to each of them. The
summaries, also, go so far as to indicate when legislation overtook particular
recommendations, such as NSICOP’s proposal that the National Security and
Intelligence Review Agency (NSIRA) be mandated to issue an annual report
pertaining to the Department of National Defence/Canadian Armed Forces
activities related to national security or intelligence.
Many of these reviews have drawn significant attention since they were released,
such as NSICOP’s report on foreign interference (and which included the
recommendation that combatting foreign interference include establishing
“regular mechanisms to work with sub-national levels of government and law
enforcement organizations, including to provide necessary security clearances”),
but the summarization of these reviews is helpful for simply remembering all of
the work that the Committee and its members have undertaken since its inception.
It would be helpful for all review agencies to develop public timelines to
include in their annual reports and on their websites; such timelines could just
denote and link to all of the reports the review agency has completed (or begun)
so that readers could better appreciate (and remember) their past and ongoing
work.
I think that it’s important to highlight that, just one decade ago, these
summaries alone would have been considered an amazing amount of detail that
pulled the veil back on Canada’s national security activities. That we can read
the summaries, as well as the redacted reports that are posted on the
Committee’s website, is astounding when considering where Canada was in terms of
national security transparency and accountability ten years ago. When combined
with other reporting from NSIRA and the Intelligence Commissioner it is apparent
that the public and parliamentarians alike are in a remarkably better situation
to understand, assess, interrogate, and approve of (or call for the cessation
of) the actions carried out by Canada’s national security agencies.
CONCLUSION
NSICOP has sometimes been on the receiving end of critiques or complaints, some
of which have arguably been deserved and others less so. It is a body that has
been severely tested by some public and political pressures. And it has been
challenged in fulfilling elements of its mandate for reasons described in its
2022 annual report.
Nevertheless, the Committee and its members are to be congratulated for their
efforts. They have worked to release information that hitherto has been kept
secret from the public and parliamentarians. There remain challenges to overcome
and more must be done to further enhance the public’s and parliamentarians’
understanding of national security agencies, challenges and threats facing
Canadians institutions and organizations, and responses that the government has
undertaken in response. Still, NSICOP has done much to educate the public since
its inception and, if its legislation is reformed per its requests, I suspect
the Committee could be even better situated to undertaking reviews while further
raising the levels of awareness of national security issues.
--------------------------------------------------------------------------------
1. For my previous analysis of this report, see: “Unpacking NSICOP’s Special
Report on the Government of Canada’s Framework and Activities to Defend its
Systems and Networks from Cyber Attack” ↩︎
THE UTILITY OF SECRET INTELLIGENCE IN SECRET-INTELLIGENCE RESISTANT POLITICAL
AND BUREAUCRATIC CULTURES
July 6, 2023July 6, 2023 / Christopher Parsons
Dan Lomas’ recent RUSI essay, “The Death of Secret Intelligence? Think Again,”
is a good and fair assessment of the value of secret intelligence and open
source intelligence. Lomas clearly and forcefully explains the real benefits of
secret intelligence for a subset of policymakers and decision makers. You should
read it.
To truly take advantage of secret intelligence, however, policymakers and
decision makers must want to read and use it. Secret intelligence-resistant
(SI-resistant) bureaucratic or political cultures that have seemingly
managed—and still do—without substantive amounts of secret intelligence to guide
policy analysis or decision making may be dubious of the value of secret
intelligence. Members of these cultures may see open source intelligence as
either sufficient or ‘good enough’ for their purposes.1
Those who attempt to reform SI-resistant cultures must grapple with what may be
conflicting long-term perceptions of the value (or lack thereof) of this
intelligence. Members of this resistant culture can sometimes become even more
avoidant of state secrets by merit of fearing the consequences of knowing or
having access to them: when knowing secret intelligence is perceived as being
linked to an inability to do much with it, for fear of burning sources and
methods and then suffering untold professional or political harms, there are
good political and bureaucratic reasons to do without the secret stuff. In these
kinds of cultures, there is a risk (real or imagined) that secret intelligence
can be toxic to one’s career or future ambitions.
It is in this kind of toxic environment that knowing state secrets may be seen
as a problem calling for solutions. Decision makers might have to undertake
parallel construction to develop secret intelligence-adjacent fact patterns to
justify the conclusions at which they arrived, when those conclusions were in
fact guided by secret intelligence. And integrating useful state secrets into
policy advice could prevent the circulation of that advice within the
government, with the effect of barring uncleared colleagues and managers from
the secret intelligence-enhanced (and potentially career enhancing) insights.
Not circulating one’s work could mean that a highly capable policy analyst
cannot catch the attention of their uncleared managers or directors who may be
helpful for lifting the analyst and their career to the next bureaucratic
height. Members of the SI-resistant class might wonder whether secrets are
really all that they’re cracked up to be.2
This gulf of doubt, the questions of utility, and the practical ‘do we really
need to change questions’ are challenging issues to overcome in SI-resistant
cultures. Perhaps one way forward, though one which somewhat comically requires
overcoming certain preferences for government secrecy around access to
documents, is to open the vaults (or Archives) of historical secret information.
In cultures which value secret information we can read and watch insider and
expert (and…not so expert) explanations, movies, and valourizations of the merit
of secret intelligence in transforming a country’s position in the world. This
kind of storytelling may be a key ingredient in developing a political and
bureaucratic culture that recognizes the value of incorporating secret
intelligence more regularly into routine government affairs. Just pointing at
bureaucratic and political cultures that are more open to using secret
intelligence, however, and saying ‘mimic them!’ is unlikely to drive much change
in a culture that has long been secret intelligence-resistant.
Thus, while the RUSI article does an excellent job trumpeting the value of
secret and open source intelligence, the advice and findings really may
principally apply to countries with high numbers of security cleared decision
makers and where the public—and thus elected politicians—acknowledge the value
of secret intelligence amongst the oceans of open source materials that exists
around them. And even when there is an appetite for secret intelligence it must
be practical to access it.
In some secret intelligence-resistant cultures, there have long been processes
where secret intelligence-laden analyst reports have been deposited on
non-experts’ desks. Those same non-expects know that if they read the materials
they may face possible jeopardy. On the one hand, they largely cannot disclose
what they learn but, on the other, if they do not read the materials and that
becomes public knowledge then they may be seen as poor stewards of the realm.
The responsible ones will dutifully read their briefing books and ensure they
never accidentally reveal their secret knowledge to anyone who isn’t in the
secret intelligence tribe. Those less responsible might, instead, expect that
they wouldn’t be able to use the secret intelligence anyways and ultimately have
more hours in their weeks to guide the realm and her interests when they
exclusively rely on non-classified information.
As should be obvious, the aforementioned method of circulating secret
intelligence does not present a particularly efficacious way of incorporating
secret intelligence into government activities. Another way must be found that
ideally is developed in at least marginally public settings and in tandem with
genuine efforts to open up historical secret archives to historians, academics,
and public policy makers to come to their own conclusions about what the value
of secret intelligence has actually been. Only once, and if, the SI-resistant
culture comes to realize it truly has been missing something are broader
cultural changes likely to ensue where that culture’s secret-intelligence
resistance at least shifts to secret intelligence-ambivalence. Such would be a
small step along a long road towards truly accepting and regularly integrating
secret intelligence into the realm’s public affairs.
--------------------------------------------------------------------------------
1. They may even, largely, be correct. ↩︎
2. Of course, holding a contrary view are members of invite-only events where a
great gnashing of teeth can arise over the ‘secrecy and OSINT problem.’ In
these, at least some of the secrecy-indoctrinated participants may even
discuss the very question of whether OSINT is truly useful while,
ultimately, the room broadly reaches a muttering agreement that the secret
intelligence many have spent their careers collecting and enriching really
adds a lot of value for decision makers. Even if the same decision makers
rarely make use of the information due to their secret
intelligence-resistant cultures. Indeed, the gnashing can be enough that a
concerned participant might worry that dentists should be on hand to issue
mouthguards to some attending participants. ↩︎
STATEMENT ABOUT THE ATTACK IN THE UNIVERSITY OF WATERLOO’S GENDER ISSUES
PHILOSOPHY COURSE
June 30, 2023June 30, 2023 / Christopher Parsons
My personal career is significantly defined by the feminist philosophy classes
that I took as an undergraduate and graduate student. That education taught me
essential critiques about scientific objectivity and the standpoints of
knowledge creators, offered broader critical thinking skills, and revealed how
power structures have historically been architected to silence or appropriate
women’s contributions to Western scientific and political development. To this
day those classes inform all of the personal and professional activities in
which I am involved.
It is with this explicitly in mind that I am horrified by the hateful attack
that recently took place at the University of Waterloo, where junior faculty and
students alike were violently assaulted because they cared about learning about
gender and philosophy. This could have been myself or many of my friends or
supervising faculty in years past.
CSIS has identified non-religious extremism as one of the most significant
threats to Canada’s national security. And faculty and students at the
University of Waterloo have experienced this first-hand after being attacked and
made to experience fear for simply wanting to learn about the relationship
between gender and the formation of power, knowledge, or socially constructed
reality.
Misogyny, oppression, and racism are realities in Canada, and Canadians need to
talk more openly and frequently about it. These cannot be fixed overnight but,
instead, are challenges that require sustained and often inglorious work to
correct. At its core, this work demands critically assessing institutions’ and
organizations’ pasts, recognizing and righting historical wrongs, and adjusting
power and social structures to reflect a more just and fair present and future.
I would encourage our leaders to take these threats and issues seriously, and to
continue to meaningfully work to combat the hateful underlying ideology that
lies behind these violent and malevolent actions. Some leaders in politics,
workplaces, and social groups are clearly acting to address these issues, but
they must be joined by all leaders at every level of society. Doing anything
else betrays all who live in Canada while exhibiting a failure of leadership,
and ceding the moral gravitas that is required to lead our businesses,
institutions, agencies, and communities.
THE G7 COMMUNIQUE AND ARTIFICIAL INTELLIGENCE
May 27, 2023May 27, 2023 / Christopher Parsons
The G7 Communique which was issued on May 20 included discussions of AI
technology and governance. While comments are high-level they are worth paying
attention to since they may indicate where ongoing strategic pressure will be
placed when developing AI policies.
The G7’s end goals around AI are to ensure that trustworthy AI is developed that
is aligned with democratic values. The specific values called out include:
* fairness;
* accountability;
* transparency;
* safety;
* protection from online harassment, hate, and abuse; and
* respect for privacy and human rights, fundamental freedoms, and the
protection of personal data.
While not surprising, the core values stated do underscore the role for privacy
regulators and advocates in the development of AI governance policies and
practices.
Three other highlights include:
1. The need to work with private parties to promote responsible AI, with the
caveat that platforms are singled out for the needing to address child
sexual exploitation and abuse while upholding the children’s rights to
safety and privacy online.
2. A strong emphasis on developing interoperable international governance and
technical standards to promote responsible AI governance and technologies.
3. A commitment by the G7, in collaboration with the OECD and GPAI, to launch
discussions on generative AI technologies by end of the year.
The first point, concerning child sexual exploitation, either suggests a new
front on the discussions of technology policy and online child abuse images or
is just another reference to ongoing pressure on large internet platforms. Only
time will tell us how to interpret this aspect of the G7’s messaging. Monitoring
other Five Eyes meetings and G7 outputs maybe help with this interpretation.
The second point, on international governance, raises the question of whether
federal governments will link national regulations to international standards.
Should that occur then it will be interesting to see the extent to which
regulations in Canada’s Artificial Intelligence and Data Act ultimately refer
to, or integrate, such standards. Assuming, of course, that that the Act is
passed into law in its present format.
The third point underscores how generative AI technologies are attracting
attention on prominent and important national and international agendas. It
remains to be seen, however, whether such attention persists and, also, whether
we see ongoing and significant concerns continue to percolate as the public and
politicians become used to the technology and it’s increasing integration with
failing computing functions. For my money I don’t see emerging uses of AI
systems to fall off the agenda anytime in the near future.
If you’re curious in assessing the AI-related aspects of the Communique
yourself, you can find them in the Preamble at 1, as well as in Digital at 38
POSTS NAVIGATION
← Older posts
Search
The SIGINT Summaries detail some of the revelations in documents released by
Edward Snowden. The summaries are accompanied by definitions for covernames used
by the ASD, CSE, GCHQ, and GCSB, and NSA.
Select Publications
* Ballard, Benjamin; and Christopher Parsons. (2022). “Mixed traditions:
evaluating telecommunications transparency,” Internet Policy Review 11(1).
Available
at: https://policyreview.info/articles/analysis/mixed-traditions-evaluating-telecommunications-transparency.
* Parsons, Christopher. (2021). “The new security research rules threaten
universities’ ability to be open and inclusive,” Globe and Mail, July 2021.
Available
at: https://www.theglobeandmail.com/opinion/article-the-new-security-research-rules-threaten-universities-ability-to-be/.
* Mahieu, René; Asghari, Hadi; Parsons, Christopher; van Hoboken, Joris;
Crete-Nishihata, Masashi; Hilts, Andrew; and Anstis Siena. (2021). "Measuring
the Brussels Effect through Access Requests: Has the European General Data
Protection Regulation Influenced the Data Protection Rights of Canadian
Citizens?" Journal of Information Policy 11. Available at:
https://scholarlypublishingcollective.org/psup/information-policy/article/doi/10.5325/jinfopoli.11.2021.0301/292024/Measuring-the-Brussels-Effect-through-Access.
* Parsons, Christopher. (2020). “Huawei & 5G: Clarifying the Canadian Equities
and Charting a Strategic Path Forward,” Citizen Lab. Available
at: https://citizenlab.ca/2020/12/huawei-5g-clarifying-the-canadian-equities-and-charting-a-strategic-path-forward/.
* Parsons, Christopher. (2020). “Huawei & 5G: Clarifying the Canadian Equities
and Charting a Strategic Path Forward,” Citizen Lab. Available
at: https://citizenlab.ca/2020/12/huawei-5g-clarifying-the-canadian-equities-and-charting-a-strategic-path-forward/.
* Gold, Josh; Parsons, Christopher; and Poetranto, Irene. (2020). “Canada’s
Scattered and Uncoordinated Cyber Foreign Policy: A Call for Clarity,” Just
Security, August 2020. Available
at: https://www.justsecurity.org/71817/canadas-scattered-and-uncoordinated-cyber-foreign-policy-a-call-for-clarity/.
* Parsons, Christopher; and Gold, Josh. (2020). “A Deep Dive into Canada’s
Overhaul of Its Foreign Intelligence and Cybersecurity Laws,” Just Security,
June 2020. Available
at: https://www.justsecurity.org/70519/a-deep-dive-into-canadas-overhaul-of-its-foreign-intelligence-and-cybersecurity-laws/.
* Parsons, Christopher. (2019). “Canada’s New and Irresponsible Encryption
Policy: How the Government of Canada’s New Policy Threatens Charter Rights,
Cybersecurity, Economic Growth, and Foreign Policy,” Citizen Lab. Available
at: https://citizenlab.ca/2019/08/canadas-new-and-irresponsible-encryption-policy-how-the-government-of-canadas-new-policy-threatens-charter-rights-cybersecurity-economic-growth-and-foreign-policy/.
* Parsons, Christopher; Molnar, Adam; Dalek, Jakub; Knockel, Jeffrey; Kenyon,
Miles; Haselton, Bennett; Khoo, Cynthia; and Deibert, Ronald. (2019). “The
Predator in Your Pocket: A Multidisciplinary Assessment of the Stalkerware
Application Industry,” Citizen Lab. Available
at: https://citizenlab.ca/docs/stalkerware-holistic.pdf.
* Gill, Lex; Israel, Tamir; and Parsons, Christopher. (2018). “Shining a Light
on the Encryption Debate: A Canadian Field Guide,” Citizen Lab. Available
at: https://citizenlab.ca/wp-content/uploads/2018/05/Shining-A-Light-Encryption-CitLab-CIPPIC.pdf.
* Parsons, Christopher; and Molnar, Adam. (2017). “Government Surveillance
Accountability: The Failures of Contemporary Canadian Interception Reports,”
Canadian Journal of Law and Technology 16(1). Available
at: https://ojs.library.dal.ca/CJLT/article/view/9007.
* Parsons, Christopher; and Molnar, Adam. (2017). “Government Surveillance
Accountability: The Failures of Contemporary Canadian Interception Reports,”
Canadian Journal of Law and Technology 16(1). Available
at: https://ojs.library.dal.ca/CJLT/article/view/9007.
* Parsons, Christopher; and Molnar, Adam. (2017). “Government Surveillance
Accountability: The Failures of Contemporary Canadian Interception Reports,”
Canadian Journal of Law and Technology 16(1). Available
at: https://ojs.library.dal.ca/CJLT/article/view/9007.
* Parsons, Christopher; Israel, Tamir. (2016). “Gone Opaque? An Analysis of
Hypothetical IMSI Catcher Overuse in Canada,” Citizen Lab – Telecom
Transparency Project // CIPPIC. Available
at: https://citizenlab.org/wp-content/uploads/2016/09/20160818-Report-Gone_Opaque.pdf
Blog at WordPress.com.
Technology, Thoughts & Trinkets
Blog at WordPress.com.
* Subscribe Subscribed
* Technology, Thoughts & Trinkets
Sign me up
* Already have a WordPress.com account? Log in now.
* Privacy
* * Technology, Thoughts & Trinkets
* Customize
* Subscribe Subscribed
* Sign up
* Log in
* Report this content
* View site in Reader
* Manage subscriptions
* Collapse this bar
Loading Comments...
Write a Comment...
Email (Required) Name (Required) Website