At long last working my way through all of NSIRA’s annual report and I am saddened by the lack of uptake by journalists.

There are some 🚨🚨🚨 ringing, at different part of the report, and not major response or reaction.

The report is available at: nsira-ossnr.gc.ca/tabling-of-the… In this 🧵 I highlight some interesting and some alarming things. (Warning: I will likely make typos. They will bother me more than you. I am sorry in advance.)

🚨 1) NSIRA is pushing CSIS to disclose when it is adopts “a novel authority, technique or technology is used”. 🚨

Ian Levy, NCSC’s Technical Director, has an excellent blog post discussing key issues in cybersecurity and where things may go in the future. See: ncsc.gov.uk/blog-post/so-l… I think it’s particularly worth reading for those interested in Canada’s C-26 on the basis that there are discussions of how equivalent UK legislation is being used and, also, because it envisions how cybersecurity could move forward in the future.

Parliamentary interpreter sent to hospital, union blames headset rules ctvnews.ca/politics/parli… I’ve been in, and watched, too many parliamentary meetings where people weren’t wearing approved headsets. It’s a very real issue.

However.

In recent past, headsets that were issued were not MacOS/iOS compatible. They were USB-A headsets that no adaptor could make work IME.

I’m looking forward to this remote event on November 9 that @DentonsCanada is hosting, entitled “Regulating the Internet – Really?
Part III: Managing the tensions of competing rights” dentons.com/en/about-dento… It is packed with a who’s who on these issues in Canada, including: @mgeist, @EmilyLaidlaw, @TeresaScassa, Tim Morris, @pavLAWich, @PrivacyPrivee, @3mendous, Chantal Bernier, and Monica Song, amongst many others.

New Post: The Policy and Political Implications of 'Securing Canada's Telecommunications Systems' christopher-parsons.com/the-policy-and… #cdnpoli #cdnnatsec Three findings from analyzing the recent “Securing Canada’s Telecommunications Systems” policy statement:

1. the government is unclear when referring to “supply chain breaches” making it challenging to assess the specific risks being addressed

Parliamentary interpreters report increasing medical issues linked to work conditions theglobeandmail.com/politics/artic… I can't emphasize how important it is for this issue to be taken very, very seriously. The interpreters working for the Government of Canada, and responsible for translating legislative proceedings, are absolutely top class.

Justice Mosley on a request from CSIS to retain a pair of Canadian datasets decisions.fct-cf.gc.ca/fc-cf/decision…

#cndnatsec #cndpoli There are many noteworthy details:
* a helpful outlining of how dataset retention processes actually occur
* a warning “it is difficult to see how any collection of personal information [in an approved class of dataset] might be excluded given the breadth of their scope” [11]

On May 5 2022, the Intelligence Commissioner’s Office (ICO) released their 2021 Annual Report (available at: canada.ca/en/intelligenc…).

In this 🧵 I unpack some of what I found in my initial analysis of it. 1a. The ICO believes that the “regime of oversight is functioning as it was intended by Parliament”, speaking to how the Commissioner regards the efficacy of his office’s work.

🧵on Canada's (draft) cyber foreign policy strategy

Last summer, the Chief of @cse_cst stated @CanadaFP had prepared its 'International Cybersecurity Strategy and Cyber Diplomacy Initiative'.

The strategy has yet to be released by the Government of Canada. #cdnpoli #cdnnatsec However, my ATIP of the policy *has* been delivered. You can download the January - May 2021 drafts of "Canada's Foreign Policy for State Behaviour in Cyberspace" at: christopher-parsons.com/wp-content/upl… #cdnpoli #cdnnatsec

I recognize that this isn’t as exciting as the use of the Emergencies Act, tumult in Ottawa, etc, but this report provides a lot of useful insight into cyber defences in Canada. And a whole lot of attribution of hostile parties and what they’ve done historically.

https://twitter.com/NSICOPCanada/status/1493363518627885058

As just one example, the chart on CSE’s history of sensors is just mostly public now. Up until very recently (as in a few months ago) CSE would fight to keep this information secret.

Chinese Spies Accused of Using Huawei in Secret Australia Telecom Hack bloomberg.com/news/articles/… This is a really great story from @business and congrats to the reporters for getting the story. A few comments:

1) At its core, this is a story of a Chinese government HUMINT operation that saw intel agencies push compromised software updates to operator networks

Ministerial Letters are out. Things I’m seeing:

From ISED (pm.gc.ca/en/mandate-let…): plans for more natsec/surveillance around university research; right to repair stuff; update the Investment Cnd Act to support natsec assessments, more on Digital Charter, DARPA-like program From PSC (pm.gc.ca/en/mandate-let…): CBSA review body promised, focus on financial crimes, legislation planned for 5G/critical infrastructure, more intel sharing with Cnd partners targeting research/investment; more natsec-related resources to RCMP and other security agencies [½]

Yesterday, @nsiracanada released their annual report. You can find it at: nsira-ossnr.gc.ca/tabling-of-the… In this thread I’ll be highlighting some items of note, and general thoughts, on what we learned about our national security agencies as well as their review body. I’ll be structuring using the top-line headings in the report in case you want to follow along.

🚨🚨NEW REPORT from @citizenlab: Pandemic Privacy: A preliminary analysis of collection technologies, data collection laws, and legislative reform during COVID-19 citizenlab.ca/2021/09/pandem… 🚨🚨 This report by @wbaballard, @AmandaCutinha, & myself:

1) performs a comparative analysis of pandemic data collection technologies
2) finds privacy laws didn’t inhibit Canada’s COVID-19 response, and
3) identifies how proposed privacy law reforms would harm Canadians’ privacy

Earlier this year, Canada's National Security Intelligence Review Agency (NSIRA) announced it experienced a 'cyber incident. @NSIRACanada is responsible for, amongst other things, reviewing the operations which have been undertaken by Canada's intelligence community. #cndnatsec At the time there was very little public information, which led me to raise a serious of questions of what unclassified or Protected (as opposed to Secret, Top Secret, or Top Secret SI) information might have been accessed by a third party. See: christopher-parsons.com/questions-surr…

Encrypted Phone Firm Ciphr, Used by Criminals, Moves to Cut-off Australia vice.com/en/article/k78… It's really interesting that Ciphr is expanding to include a 'Lite' version that may significantly expand their user base. Why might an organization that ostensibly markets its services criminals do this?

Stanford professors urge U.S. to end program looking for Chinese spies in academia reuters.com/world/us/stanf… The FBI has a track record of laying charges against American faculty for inappropriately working with Chinese institutions. But it’s critical that observers recognize that a large number of these investigations are subsequently dismissed.

Ottawa imposes national security risk assessments for university researchers seeking federal funds theglobeandmail.com/politics/artic… This announcement has the potential to really gum up academic research protocols by disincentivizing researchers from doing certain classes of work in Canada due to adding bureaucracy or fear of security review and its consequences.