|Type||government agency responsible for|
|Headquarters||Ottawa, Ontario, Canada|
|Employees||2,752 (March 2020)|
|Annual budget||$779.7 million (2020–21)|
The Communications Security Establishment (CSE; French: Centre de la sécurité des télécommunications, CST), formerly (from 2008-2014) called the Communications Security Establishment Canada (CSEC), is the Government of Canada's national cryptologic agency. It is responsible for foreign signals intelligence (SIGINT) and communications security (COMSEC), protecting federal government electronic information and communication networks, and is the technical authority for cyber security and information assurance.
Administered under the Department of National Defence (DND), the CSE is accountable to the Minister of National Defence through its deputy head, the Chief of CSE. The National Defence Minister is in turn accountable to the Cabinet and Parliament. The Chief of the CSE is currently Shelly Bruce, who assumed the office on 27 June 2018.
The Agency has recently built a new headquarters and campus encompassing 340,000 m2 (84 acres). The new headquarters totals a little over 110,000 m2 (1,200,000 sq ft) and is adjacent to CSIS.
CSE originates from Canada's joint military and civilian code-breaking and intelligence efforts during the Second World War.
The Examination Unit (XU) was established during the Second World War, in June 1941, as a branch of the National Research Council. It was the first civilian office in Canada solely dedicated to decryption of communications signals; until then, SIGINT was entirely within the purview of the Canadian military, and mostly limited to intercepts.
In March 1942, XU moved next door to Laurier House in Sandy Hill, Ottawa; this location was chosen because they felt it would draw no suspicion to the enemies. In September, the Department of External Affairs established its Special Intelligence Section at XU with the purpose of reviewing decoded SIGINT with other collateral information to produce intelligence summaries.
The original mandate of the Examination Unit was to intercept the communications of Vichy France and Germany. Its mandate later expanded to include interception and decryption of Japanese communications after Japan entered the war. The unit was estimated to have had 50 staff members at any one time. In total 77 people worked there.
By 1945, the disparate SIGINT collection units of the Canadian Navy, Army, and Air Force, were consolidated into the Joint Discrimination Unit (JDU), which was headquartered in Ottawa in the same building as the XU. By the end of the War, the military JDU and the civilian XU were able to coordinate SIGINT collection, analysis, and dissemination so efficiently that it led officials to consider the establishment of peacetime SIGINT operations. In September 1945, U.S. President Harry Truman declared it would be vital to carry out such operations, and Canadian authorities came to the same conclusion in December later that year.
On 13 April 1946, a secret Order in Council allowed for postwar continuation of wartime cryptologic efforts and thus the Communications Branch of the National Research Council of Canada (CBNRC) was founded. This agency would be the predecessor to today's Communications Security Establishment (CSE).
Beginning operations on 3 September 1946, the Communications Branch of the National Research Council (CBNRC) was the first peace-time cryptologic agency and was kept secret for much of its beginning. The CBNRC was established through a secret Order in Council signed on 13 April 1946, combining the civilian Examination Unit (XU) and the military Joint Discrimination Unit (JDU). Located at LaSalle Academy; .
With Edward Drake as its first director, the agency worked with intercepted foreign electronic communications, collected largely from the Royal Canadian Signal Corps (RCCS) station at Rockcliffe Airport in Ottawa. CSE also worked with Canadian Forces Station Leitrim (CFS Leitrim; formerly 1 Special Wireless Station till 1949, and Ottawa Wireless Station till 1966), Canada's oldest operational signal intelligence (SIGINT) collection station, established by the RCCS in 1941 and located just south of Ottawa. In 1946, the station's complement was 75 personnel (compared to its around 2,000 employees in 2013–2014). This unit successfully decrypted, translated, and analyzed these foreign signals, and turned that raw information into useful intelligence reports during the course of the war.
CBNRC finally began domestic COMSEC efforts on 1 January 1947. During the Cold War, the CBNRC was primarily responsible for providing SIGINT data to the Department of National Defence regarding the military operations of the Soviet Union.
In February 1950, R. S. McLaren was appointed the first CBNRC Senior Liaison Officer (CBSLO) to Washington, D.C. In March 1962: CBNRC installed its first IBM supercomputer, costing CA$372k. In December 1964, CBNRC began collaboration on "Canadian ALVIS" (CID 610), the first and only Canadian cipher machine to be mass-produced; based on the British ALVIS (BID 610).
CBNRC and the information it gathered and shared was kept secret for 34 years until 9 January 1974, when the CBC Television documentary show, The Fifth Estate, aired an episode focused on the organization, with research by James Dubro. This was the first time that the organization had ever been mentioned in public. This resulted in an outcry in the House of Common and an admission by the Canadian government that the organization existed.
In 1975, the CBNRC was transferred to the Department of National Defence (DND) by an Order in Council, and became the Communications Security Establishment. CSE was now publicly known, and had diversified since the Cold War becoming the primary SIGINT resource in Canada.
In 1988, CSE created the Canadian System Security Centre to establish a Canadian computer security standard among other goals. This led to the publication of the Canadian Trusted Computer Product Evaluation Criteria.
Following the September 11 attacks in 2001, Canada's Anti-terrorism Act (ATA) was ratified, receiving royal assent on 18 December 2001. It amended the National Defence Act to formally acknowledge and mandate the activities of CSE. It also made amendments to the Canadian Security Intelligence Service Act, the Criminal Code, and the Official Secrets Act (later the Security of Information Act).
In early 2008, in line with the Federal Identity Program (FIP) of the Government of Canada, which requires all federal agencies to have the word Canada in their name, CSE adopted the applied title Communications Security Establishment Canada (CSEC; French: Centre de la sécurité des télécommunications Canada, CSTC). Since mid-2014, the organization has used its legal name (Communications Security Establishment) and initials (CSE) on its website and in public statements.
In November 2011, CSE was made an independent agency, though still operating under the National Defence portfolio and constrained by the National Defence Act.
In June 2019, the Communications Security Establishment Act was passed as part of an omnibus national security bill called the National Security Act 2017. Coming into force two months later, in August, the act set out the mandate and powers of CSE. As part of the omnibus bill, oversight of CSE activities was assumed by the newly created National Security and Intelligence Review Agency (NSIRA).
Main article: Badge of the Communications Security Establishment
CSE uses generic identifiers imposed by the Federal Identity Program. However, CSE is one of several federal departments and agencies (primarily those having law enforcement, security, or regulatory functions) that have been granted a badge by the Canadian Heraldic Authority. The badge was granted in 1994, while CSE's pennant was first raised in 1996 to mark the organization's 50th anniversary.
From the 1990s to the mid 2000s, CSE's Information Technology Security program used a logo to identify its products and publications; the triangle represented threats, while the arc symbolized protection.
Unique within Canada's security and intelligence community, the Communications Security Establishment employs code-makers and code-breakers (cryptanalysis) to provide the Government of Canada with information technology security (IT Security) and foreign signals intelligence services. CSE also provides technical and operational assistance to the Royal Canadian Mounted Police and federal law enforcement and security agencies, including the Canada Border Services Agency and the Canadian Air Transport Security Authority.
CSE's SIGINT program produces intelligence that responds to Canadian government requirements. At CFS Leitrim, the main military SIGINT facility in the south end of Ottawa, the establishment collects foreign intelligence that can be used by the government for strategic warning, policy formulation, decision-making in the fields of national security and national defence, and day-to-day assessment of foreign capabilities and intentions. The station at Leitrim specializes in intercepting electronic communications to and from embassies in Ottawa. Other Canadian military SIGINT facilities are located at: CFB Gander Newfoundland with a detachment from CFS Leitrim, CFS Masset, BC (under remote control from CFS Leitrim) and CFS Alert, Nunavut.
CSE relies on its closest foreign intelligence allies, the US, UK, Australia and New Zealand to share the collection burden and the resulting intelligence yield. Canada is a substantial beneficiary and participant of the collaborative effort within the partnership to collect and report on foreign communications.
During the Cold War, CSE's primary client for signals intelligence was National Defence, and its focus was the military operations of the then Soviet Union. Since the end of the Cold War, Government of Canada requirements have evolved to include a wide variety of political, defence, and security issues of interest to a much broader range of client departments.
While these continue to be key intelligence priorities for Government of Canada decision-makers, increasing focus on protecting the safety of Canadians is prompting greater interest in intelligence on transnational issues, including terrorism.
CSE code breaking capabilities degraded substantially in the 1960s and 1970s but were upgraded with the acquisition of a Cray X-MP/11 (modified) supercomputer delivered to the Sir Leonard Tilley building in March 1985 and the hiring of code breaking analysts. It was, at the time, the most powerful computer in Canada. In the early 1990s, the Establishment purchased a Floating Point Systems FPS 522-EA supercomputer at a cost of $1,620,371. This machine was upgraded to a Cray S-MP superserver after Cray acquired Floating Point Systems in December 1991 and used the Folklore Operating System supplied by the NSA in the US. These machines are now retired.
Little information is available on the types of computers used by the CSE since then. However, Cray in the US has produced a number of improved supercomputers since then. These include the Cray SX-6, early 2000s, the Cray X1, 2003 (development funded in part by the NSA), Cray XD1, 2004, Cray XT3, Cray XT4, 2006, Cray XMt, 2006 and Cray CX1, 2008. It is possible that some of these models have been used by the CSE and are in use today.
|Centre Canadien pour la Cyber Sécurité|
|Parent department||Communications Security Establishment|
The Canadian Centre for Cyber Security (CCCS or Cyber Centre; French: Centre Canadien pour la Cyber Sécurité) is the Government of Canada authority responsible for monitoring threats, protecting national critical infrastructure against cyber incidents, and coordinating the national response to any incidents related to cyber security.
As a unit under the Communications Security Establishment (CSE), the agency is Canada's computer emergency response team (CSIRT) and the Canadian government's computer Incident response team (CIRT).
Officially created on 1 October 2018, CCCS consolidated the existing operational cyber-security units of several federal government organizations, including Public Safety Canada's Canadian Cyber Incident Response Centre, Shared Services Canada's Security Operations Centre, and the CSE's Information Technology Security branch.
Formerly known as communications security (COMSEC), the CSE's Information Technology Security branch grew out of a need to protect sensitive information transmitted by various agencies of the government, especially the Department of Foreign Affairs and International Trade (DFAIT), Canada Border Services Agency (CBSA), DND, and the Royal Canadian Mounted Police (RCMP).
The Cyber Centre was developed in response to CSE's consultations with Canadians in 2016 which identified various issues pertaining to cyber security in relation to the federal government, including accountability, departmental coordination, and leadership. In February 2018, the federal budget allocated funds for CSE, in collaboration with Public Safety Canada and Shared Services Canada, to launch the Cyber Centre.
Officially created on 1 October 2018, CCCS consolidated the existing operational cyber-security units of several federal government organizations, including the Canadian Cyber Incident Response Centre of Public Safety Canada; the Security Operations Centre of Shared Services Canada; and the Information Technology Security branch of CSE.
Prior to opening, in June 2018, Minister Ralph Goodale appointed Scott Jones the head of the new Centre.
|Headquarters||Edward Drake Building, Ottawa, ON|
|Parent department||Communications Security Establishment|
The Tutte Institute for Mathematics and Computing (TIMC) is a research institute programme of the Government of Canada responsible for conducting classified research in the areas of cryptology and knowledge discovery to support the Canadian Cryptologic Program and its Five-Eyes international partners.
Though officially founded in 2009, TIMC officially opened and formally named in September 2011. Named after cryptanalyst and mathematician William T. Tutte, TIMC is based within CSE's Edward Drake Building in Ottawa.
Sponsored and funded by the Communications Security Establishment, the institute is partnered with Institutes for Defence Analyses, CCR Princeton, CCR La Jolla, CCS Bowie, the Heilbronn Institute for Mathematical Research, Carleton University, and the University of Calgary and is working to create partnerships with other research institutes, government agencies and universities.
Researchers Leland McInnes and John Healy at the Tutte Institute developed a technique called Uniform Manifold Approximation and Projection (UMAP), originally designed to analyze malware. The algorithm and software of UMAP has since been released by TIMC to the open-source community, and is now being used to answer questions about COVID-19.
CSE occupies several buildings in Ottawa, including the Edward Drake Building and the neighbouring Sir Leonard Tilley Building.
CSE moved to the Tilley Building in June 1961. On 26 February 2015, CSE officially inaugurated the Edward Drake Building, named for Lt. Colonel Edward Drake, a pioneer of the Canadian signals intelligence.
With the rapid expansion in the number of CSE personnel since the 9/11 attack in the US, the CSE has built new facilities. A new CA$1.2 billion facility, encompassing 72,000 square metres (18 acres), has been built in the eastern part of Ottawa, immediately west of the headquarters building for the Canadian Security Intelligence Service. Construction began in early 2011 and was completed in 2015.
In addition to those mentioned below, CSE is bound by all other Canadian laws, including the Criminal Code, the Canadian Charter of Rights and Freedoms, the Privacy Act, Security of Information Act, and the Avoiding Complicity in Mistreatment by Foreign Entities Act.
In December 2001, the Canadian government passed omnibus bill C-36 into law as the Anti-Terrorism Act. The Act amended portions of the National Defence Act and officially recognized CSE's three-part mandate:
The Anti-Terrorism Act also strengthened CSE's capacity to engage in the war on terrorism by providing needed authorities to fulfill its mandate.
In the 2007 Proceedings of the Canadian Senate Standing Committee on National Security and Defence, then-CSE Chief John Adams indicated that the CSE is collecting communications data when he suggested that the legislation was not perfect in regard to interception of information relating to the "envelope."
|Communications Security Establishment Act|
|Parliament of Canada|
|Citation||S.C. 2019, c. 13, s. 76|
|Enacted by||section 76 of chapter 13 of the Statutes of Canada, 2019|
|Assented to||21 June 2019|
|Effective||1 August 2019|
|Status: Current legislation|
In June 2019, the Communications Security Establishment Act (CSE Act) was passed, as part of the National Security Act 2017. The Act, which came into force two months after passing, notes that there are five aspects of CSE's mandate:
The CSE Act requires that CSE activities do not target Canadians anywhere in the world, or any person in Canada, "unless there are reasons to believe that there is an imminent danger of death or serious bodily harm. The Act also requires the CSE protect the privacy of Canadians and persons in Canada. As such, CSE is forbidden, by law, to intercept domestic communications. When intercepting communications between a domestic and foreign source, the domestic communications are destroyed or otherwise ignored. (After the September 11 attacks on the United States in 2001, however, CSE's powers expanded to allow the interception of foreign communications that begin or end in Canada, as long as the other party is outside the border and ministerial authorization is issued specifically for this case and purpose.)
The Minister of National Defence guides and authorizes the activities of CSE using ministerial directives, ministerial authorizations, and ministerial orders, all of which are based on the "government’s intelligence priorities as set out by Cabinet through discussion and consultations with the security and intelligence community." The Defence Minister cannot authorize any activities that are not included in the CSE mandate or grant CSE any powers that do not exist in Canadian law.
Ministerial directives are how the Minister of National Defence instructs the Chief of CSE.
CSE operates under a system of independent oversight:
CSE activities are also subject to several external oversight and review bodies.
As with any other federal department or agency of Canada, the activities of CSE are also subject to review by various federal bodies, including:
|Herbert Yardley||1941 June 10|
|Oliver Strachey||1942 January|
|F.A. (Tony) Kendrick||1942 July|
|Gilbert de B. Robinson (acting)||1945 April||until July 1945|
|Edward Drake||1945 August 1|
|Communications Branch of the National Research Council|
|Edward Drake||1946 September 1||died in office|
|Kevin O’Neill||1971 February|
|Communications Security Establishment|
|Peter Hunt||1980 July|
|Stewart Woolner||1989 July|
|Ian Glen||1999 July|
|Keith Coulter||2001 August|
|John Adams||2005 July|
|John Forster||2012 January 30|
|Greta Bossenmaier||2015 February 9|
|Shelly Bruce||2018 June 27|
Oversight over CSE was formerly provided by the Office of the Communications Security Establishment Commissioner (OCSEC; French: Bureau du commissaire du Centre de la sécurité des télécommunications, BCCST), which was created on 19 June 1996 to review CSE's activities for compliance with the applicable legislation, accept and investigate complaints regarding the lawfulness of the agency's activities, and to perform special duties under the 'Public Interest Defence' clause of the Security of Information Act. The Commissioner provided an annual public report on his activities and findings to Parliament, through the Minister of National Defence.
Between 1996 and 2019, there were six Commissioners:
As part of an omnibus national security bill (the National Security Act, 2017) passed by Parliament in 2019, the OCSEC was abolished and its responsibilities divided between two newly created entities: employees of the OCSEC were transferred to the Office of the Intelligence Commissioner; and the review functions of the former OCSEC were assumed by the National Security and Intelligence Review Agency (NSIRA).
The previous Commissioner of CSE, Jean-Pierre Plouffe, was appointed to the role of Intelligence Commissioner on 18 July 2019.
|Part of a series on|
Main article: ECHELON
Under the 1948 UKUSA agreement, CSE's intelligence is shared with the U.S. National Security Agency (NSA), the British Government Communications Headquarters (GCHQ), the Australian Signals Directorate (ASD), and New Zealand's Government Communications Security Bureau (GCSB).
Along with these services from the United States, the UK, New Zealand, and Australia, CSE is believed to form the ECHELON system. Its capabilities are suspected to include the ability to monitor a large proportion of the world's transmitted civilian telephone, fax and data traffic. The intercepted data, or "dictionaries" are "reported linked together through a high-powered array of computers known as 'Platform'."
CBNRC and the information it gathered and shared was kept secret for 34 years until 9 January 1974, when the CBC Television documentary show, The Fifth Estate, aired an episode focused on the organization, with research by James Dubro. This was the first time that the organization had ever been mentioned in public. This resulted in an outcry in the House of Commons and an admission by the Canadian government that the organization existed.
A former employee of the organization, Mike Frost, claimed in a 1994 book, Spyworld, that the agency eavesdropped on Margaret Trudeau to find out if she smoked marijuana and that CSE had monitored two of former British prime minister Margaret Thatcher's dissenting cabinet ministers in London on behalf of the UK's secret service.
In 1996, it was suggested that CSE had monitored all communications between National Defence Headquarters and Somalia, and were withholding information from the Somalia Inquiry into the killing of two unarmed Somalis by Canadian soldiers.
In 2006, CTV Montreal's program On Your Side conducted a three-part documentary on CSE naming it "Canada's most secretive spy agency" and that "this ultra-secret agency has now become very powerful," conducting surveillance by monitoring phone calls, e-mails, chat groups, radio, microwave, and satellite.
In 2007, former Ontario lieutenant-governor, James Bartleman, testified at the Air India Inquiry on May 3 that he saw a CSE communications intercept warning of the June 22, 1985 bombing of Air India Flight 182 before it occurred. Two former CSE employees have since testified that no CSE report was ever produced.
In 2013, a coalition of civil liberties associations launched a campaign directed against the government's perceived lack of transparency on issues related to the agency, demanding more information on its purported domestic surveillance activities.
Further criticism has arisen surrounding the construction costs of the agency's new headquarters in Ottawa. The project is slated to cost over CA$1.1 billion, making it the most expensive government building in Canadian history.
In 2014, a leaked, top-secret presentation entitled “IP Profiling Analytics & Mission Impacts” summarized experiments tracking the cellphones of travellers passing through Toronto Pearson International Airport. Critics argued that the experiment was invasive and indiscriminate, while CSE countered that it was consistent with all relevant laws and mandates.
In 2016, the CSE Commissioner found that one of the agency's metadata activities did not comply with the law. Specifically, CSE had failed to properly minimize certain Canadian identity information before sending it to foreign governments, contravening parts of the National Defence Act and the Privacy Act.
In The Good Wife episode "Landing," both the NSA and the CSE are shown monitoring personal phone calls and hacking private cell phones' recording devices in order to listen in on personal conversations. One plaintiff describes the CSE as "the Canadian version of the NSA."
Shelly Bruce, currently Associate Chief of the Communications Security Establishment, becomes Chief of the Communications Security Establishment, effective immediately.
In 1974 the television program "The Fifth Estate" broadcast an exposé of Canadian involvement in signals intelligence. The program revealed the existence of the hitherto low-profile CBNRC, and explored the nature of its signals intelligence program and its US partners. The Fifth Estate's revelations were raised in the House of Commons over the next week. As a result of the unwelcome publicity, the government soon transferred Canada's SIGINT and Communications Security organization to the Department of National Defence portfolio, and renamed it the Communications Security Establishment (CSE).
As a key initiative of the 2018 National Cyber Security Strategy the cyber security functions from three departments will be united to establish the Canadian Centre for Cyber Security (the Cyber Centre) as one unique, innovative, and forward-looking organization, as part of the Communications Security Establishment (CSE).
The Cyber Centre will be a single unified source of expert advice, guidance, services and support on cyber security for government, critical infrastructure owners and operations, the private sector and the Canadian public.