Latest news with #CommunicationsSecurityEstablishment
Yahoo
9 hours ago
- Politics
- Yahoo
Spy agency says it 'improperly' shared Canadians' data with international partners
One of Canada's intelligence agencies says it "improperly" shared information about Canadians that it had obtained "incidentally" with international partners. The Communications Security Establishment (CSE) shared some details about the incident after the intelligence commissioner — the quasi-judicial position that reviews the cyber spy agency's activities — flagged the case in his annual report tabled in Parliament earlier this week. CSE spokesperson Janny Bender Asselin told CBC News that last year the agency had to notify the defence minister "of an incident where CSE improperly shared information." "CSE identified an activity where, between 2020 and 2023, we shared some information with international partners without properly removing Canadian information that had been acquired incidentally when targeting valid foreign intelligence targets," she said. "CSE acted quickly to contain the issue." The CSE is considered one of Canada's intelligence crown jewels, responsible for intercepting and analyzing foreign electronic communications, launching cyber operations and defending the government's networks and critical infrastructure from attacks. Asselin said that included seeking assurances from CSE's trusted partners that the shared information was deleted. "We continue to update our policies and procedures to prevent reoccurrence," she said. CSE did not say how many Canadians were impacted or to which countries the information was shared, citing operational security. Details were shared with Intelligence Commissioner Simon Noël, who raised it in his recently published report. The commissioner is part of the chain of approval before CSE and its sister agency, the Canadian Security Intelligence Service (CSIS), can go ahead with certain intelligence-gathering and cybersecurity activities. CSE first needs to seek permission from the minister of defence — known as ministerial authorization — if the proposed action would otherwise break the law or potentially infringe on the privacy interests of Canadians. Under the law, ministerial authorizations must prove the activities are reasonable, necessary and that measures are in place to protect Canadians' privacy. The intelligence commissioner then provides a layer of oversight and either signs off on the mission, approves with conditions or denies the request outright. Noël also makes sure CSE remains compliant after receiving the green light and sticks to what was approved — which was not the case in this information-sharing matter. The commissioner's report doesn't include many details, citing national security. The case will be included in CSE's own annual report, which is expected later this month, said Asselin. Noël's report said he urged the intelligence agency to be as transparent about the incident as possible. It doesn't appear the individuals involved were alerted, although CSE said it reported the incident to its oversight and review bodies, including the Office of the Privacy Commissioner. "The disclosure of this incident involving CSE raises many serious concerns," said Matt Malone, director of the Canadian Internet Policy and Public Interest Clinic. The University of Ottawa professor said the findings justify many of the fears raised by civil society groups about the potential for inappropriate information in the Liberal government's cybersecurity bill. The first iteration of the bill died when the House prorogued earlier this year, and it was reintroduced by Prime Minister Mark Carney's government as Bill C-8. If passed, federally regulated industries would have to report cybersecurity incidents to CSE, meaning it would be in possession of more information. "All of this bodes very poorly for the state of privacy protection in Canada," Malone said. "Three of the eight government bills introduced so far in this Parliament are extremely privacy-corrosive." In 2024, the information commissioner received 13 ministerial authorizations for review — seven relating to CSE activities and six relating to CSIS activities. He approved the activities in 11 authorizations, approved the activities with conditions in one authorization and partially approved the activities in the other authorization.
CBC
06-03-2025
- Politics
- CBC
China, Russia will 'very likely' use AI to target Canadian voters: Intelligence agency
Social Sharing Canada's cyber intelligence agency is warning that countries including China, Russia and Iran will "very likely" lean on artificial intelligence to try and interfere in the upcoming federal election and mislead voters. In a report assessing threats to Canada's democratic process in the upcoming year, the Communications Security Establishment (CSE) said those known hostile actors are looking to use AI to fuel disinformation campaigns or launch hacking operations. While the 28-page document suggests the threats are real and evolving, CSE does stress that it believes it's "very unlikely" that AI-enabled activities will "fundamentally undermine the integrity of Canada's next general election." It said these actors "are most likely to use generative Al as a means of creating and spreading disinformation, designed to sow division among Canadians and push narratives conducive to the interests of foreign states," wrote the agency in its report, released Thursday morning. "Canadian politicians and political parties are at heightened risk of being targeted by cyber threat actors, particularly through phishing attempts." Generative AI is the technology powering popular tools like ChatGPT that are trained on huge amounts of data to generate a response to a wide range of requests from a user. The report focuses on the rapidly evolving and increasingly affordable technology. There are generative AI tools that can create text, images, computer code, music or video, and others can quickly sort and analyze data. Only some of those tools have applied strict guardrails for their use. Parties hold troves of data CSE says Canadian politicians and political parties are likely to be targeted by threat actors seeking to conduct hack-and-leak operations, where stolen information is put online to cause harm or embarrassment. The intelligence agency says foreign actors could easily use generative AI to engage with targets as part of an extended phishing operation to breach their networks. Some nation states, including China, have already amassed billions of data points on politicians, public figures like journalists and citizens around the world typically through open-source acquisition, covert purchase and theft, says the report. WATCH | Can you spot the deepfake? How AI is threatening elections: Can you spot the deepfake? How AI is threatening elections 1 year ago Duration 7:08 "Canadian political parties hold terabytes of politically relevant data about Canadian voters as do commercial data brokers," the report notes. That data can be harnessed to run targeted personal influence or espionage campaigns, says CSE, which is responsible for monitoring foreign signals intelligence and is the lead on Canada's cyber operations. "We assess foreign actors are almost certainly attempting to acquire this data, which they can then weaponize against Canadian democratic processes," reads the report. Chances of an early election growing CSE does say it's unlikely that hostile actors will carry out a destructive cyberattack against election infrastructure, such as attempting to paralyze telecommunications systems on election day, "outside of imminent or direct armed conflict." It said the People's Republic of China is the most likely to deploy its vast AI capabilities to push narratives favourable to its interests and spread disinformation among Canadian voters, in particular "Chinese-diaspora communities." CSE suggests Russia and Iran see the Canadian election as a lower priority target compared to the U.S. and U.K. It's a virtual certainty that Canadians will find themselves at the ballot box this spring. The Conservatives, who are still leading in the polls but have seen their dominance slip in recent weeks, have been adamant about their plans to bring down the government at the first opportunity after Parliament returns March 24. The NDP has also said it would topple the Liberals, but is now suggesting the House of Commons reconvene for an emergency session to pass a support package for workers impacted by the trade war first. There's also a chance an election is called before Parliament returns, depending on the outcome of Sunday's Liberal leadership convention. Perceived front-runner Mark Carney hasn't said publicly whether he'd call a snap election. His main rival, former finance minister and Liberal MP Chrystia Freeland, promised Wednesday to consult with premiers and business and union leaders as her first act if she becomes prime minister on whether to call a federal election. Thursday's CSE report is an update to an assessment it put out in 2022 looking at threats to Canada's democratic institutions, including the use of deceptive deepfakes — hyper-realistic generated images and videos — to fool voters. The updated threat assessment echoes those early warnings and points to the troubling trend of deepfake pornography. "Canadian public figures, especially women and members of the 2SLGBTQI+ community, are at heightened risk," said the report, which could "deter participation in democracy for those targeted." The warning follows a report from the foreign interference inquiry, which investigated cases of meddling in Canada's elections.
