Canadian government expects another Snowden-level leak, documents say
OTTAWA–It’s not a matter of if there will be another Edward Snowden, it’s a matter of when, according to internal government documents obtained by the Star.
Global Affairs officials warned minister Stéphane Dion in November an event on the scale of Snowden’s disclosures about Internet surveillance is inevitable.
“Incidents similar to the Snowden disclosures and the Sony hack will happen again and we can expect that sudden events will affect international debates on cyberspace,” the document reads.
The briefing note, prepared for Dion in November and obtained under access to information law, suggests that Snowden’s disclosures about Western mass surveillance “altered the tone” of the international discussion on cyberspace.
In 2013 Snowden, a former employee of the U.S. National Security Agency (NSA), pulled back the curtain on mass surveillance online, detailing the capabilities of the “Five Eyes” countries — Canada, the United States, the U.K., Australia and New Zealand — to monitor activity online. His release of classified NSA documents triggered outrage among those who said he put lives at risk, and praise from others who argued he shed light on questionable practices and has forced needed change. He was forced to flee the U.S. and was granted asylum in Russia.
Then in 2014, hackers broke into Sony company computers and released thousands of emails, documents and sensitive personal information. U.S. federal investigators blamed North Korea.
While Canada has long advocated for an open and free Internet, suggestions that the nation’s spy agency the Communications Security Establishment (CSE) has engaged in mass online surveillance have complicated that narrative.
But the documents state Ottawa remains committed to a free Internet — not only from a democratic point of view, but for the potential for Canadian businesses and consumers to access ever-broadening online markets.
“All states are grappling with how to harness the potential of networked technologies while managing their far-ranging impacts … The goal (for Canada) is to protect human rights and democratic space, recognize legitimate public safety needs, and preserve the openness and dynamism that has brought about such enormous benefit.”
In a statement Saturday, a spokesperson for Global Affairs said the federal government believes that protecting online privacy and supporting human rights go hand in hand.
“Canada is concerned about rising threats emanating from cyberspace, including from repressive governments and their proxies, as well as the growing threats posed by cybercrime and terrorists’ use of the Internet,” wrote spokesperson John Babcock in an email to the Star.
“While addressing cyber threats, we must not legitimize Internet controls that will be used to restrict human rights and freedoms and hinder the free flow of information.”
The Star reported in 2015 that CSE has stepped up their efforts to guard against “insider threats” since Snowden shared an unprecedented trove of intelligence documents with journalist Glenn Greenwald in 2013. The move was also prompted by a Halifax-based Royal Canadian Navy officer, Jeffrey Delisle, who sold secrets to Russia in 2012.
“Following the unauthorized disclosures of Canadian Navy Sub-Lieutenant Jeffrey Delisle and NSA contractor Edward Snowden, CSE has intensified its efforts to tighten already stringent security,” read CSE’s 2013-14 report to the minister of national defence.
The documents note that Canadian media coverage about Internet security has tended to focus on large-scale hacks, such as the 2014 breach at the National Research Council, or the Heartbleed exploit used on the Canada Revenue Agency that same year.
But officials make clear Canada’s interest in the file goes beyond playing defence against malicious actors. The documents note that a number of “authoritarian regimes” are hoping to impose greater control over their citizens’ access to cyberspace.
“Domestically, they employ repression and censorship. Internationally, they lobby for greater state regulation of cyberspace, including calls to bring it under UN control,” the documents read.
“They also seek to rewrite current understandings of international law to shape the international cyber environment to reflect their values and interests. The same states also exploit cyberspace through espionage and theft of sensitive information from government and private sector networks, including those of Canada.”