Communications Security Establishment

CSE originates from Canada's joint military and civilian code-breaking and intelligence efforts during the Second World War. Examination Unit The Examination Unit (XU) was established in June 1941, as a branch of the National Research Council. In March 1942, XU moved to Laurier House in Sandy Hill, Ottawa. This location was chosen because they felt it would draw no suspicion from adversaries. In September 1945, U.S. President Harry Truman declared it would be vital to carry out such operations in peacetime, and Canadian authorities came to the same conclusion in December later that year. On 13 April 1946, a secret Order in Council allowed for postwar continuation of wartime cryptologic efforts and thus the Communications Branch of the National Research Council of Canada (CBNRC) was founded. This agency would be the predecessor to today's Communications Security Establishment (CSE). This unit successfully decrypted, translated, and analyzed these foreign signals, and turned that raw information into useful intelligence reports during the course of the war. CBNRC finally began domestic COMSEC efforts on 1 January 1947. In February 1950, R. S. McLaren was appointed the first CBNRC Senior Liaison Officer (CBSLO) to Washington, D.C. In March 1962: CBNRC installed its first IBM supercomputer, costing CA$372k. In December 1964, CBNRC began collaboration on "Canadian ALVIS" (CID 610), the first and only Canadian cipher machine to be mass-produced based on the British ALVIS (BID 610). This was the first time that the organization had ever been mentioned in public. Communications Security Establishment In 1975, the CBNRC was transferred to the Department of National Defence (DND) by an Order in Council, and became the Communications Security Establishment. This led to the publication of the Canadian Trusted Computer Product Evaluation Criteria. CSE adopted the applied title Communications Security Establishment Canada (CSEC; , CSTC). Since mid-2014, the organization has used its legal name (Communications Security Establishment) and initials (CSE) on its website and in public statements. In November 2011, CSE was made an independent agency. As part of the omnibus bill, oversight of CSE activities was assumed by the newly created National Security and Intelligence Review Agency (NSIRA). On October 11, 2023, CSE Chief Caroline Xavier said in an interview with CBC News that CSE offices in various cities may be opened to alleviate staffing shortages. ==Activities==

Unique within Canada's security and intelligence community, the Communications Security Establishment employs code-makers and code-breakers (cryptanalysis) to provide the Government of Canada with information technology security (IT Security) and foreign signals intelligence services. CSE also provides technical and operational assistance to the Royal Canadian Mounted Police and federal law enforcement and security agencies, including the Canada Border Services Agency and the Canadian Air Transport Security Authority. Foreign Signals Intelligence CSE works with its closest foreign intelligence allies, the US, UK, Australia and New Zealand to share the collection burden and the resulting intelligence yield. Canada is a substantial beneficiary and participant of the collaborative effort within the partnership to collect and report on foreign communications. These machines are now retired. Little information is available on the types of computers used by CSE since then. However, Cray in the US has produced a number of improved supercomputers since then. These include the Cray SX-6, early 2000s, the Cray X1, 2003 (development funded in part by the NSA), Cray XD1, 2004, Cray XT3, Cray XT4, 2006, Cray XMt, 2006 and Cray CX1, 2008. It is possible that some of these models have been used by CSE and are in use today. Cyber Operations CSE’s mandate authorizes it to conduct foreign cyber operations that disrupt the capabilities of adversaries to help protect Canada and Canadians. Cyber operations conducted by CSE is broken down to defensive and active cyber operations, and must relate to international affairs, defence or security. Defensive cyber operations authorizes CSE to defend Canadian systems against foreign cyber attacks. For instance, a cyber actor trying to steal information from a government network could be thwarted by CSE by disabling the cyber actor's server. In addition to government systems, the Minister of National Defence can designate systems of importance such as: energy grids, telecom networks, healthcare databases, banking systems, elections infrastructure in order for CSE to be authorized to defend them. hostile intelligence agencies, state-sponsored hackers. For instance, CSE can disrupt an adversary's means of communication. While assisting, CSE operates under the requesting agency's legal authority and restrictions. This means that CSE can, in fact, target Canadians and individuals in Canada while operating under its assistance mandate, as long as the requesting agency has the legal authority to, such as a court-issued warrant. History Formerly known as communications security (COMSEC), CSE's Information Technology Security branch grew out of a need to protect sensitive information transmitted by various agencies of the government, especially the Department of Foreign Affairs and International Trade (DFAIT), Canada Border Services Agency (CBSA), DND, and the Royal Canadian Mounted Police (RCMP). Officially created on 1 October 2018, CCCS consolidated the existing operational cyber-security units of several federal government organizations, including the Canadian Cyber Incident Response Centre of Public Safety Canada; the Security Operations Centre of Shared Services Canada; and the Information Technology Security branch of CSE. Vulnerability Research Centre The Vulnerability Research Centre (VRC; ) is part of CSE’s Research Directorate. Its focus is to advance Canada’s interests through world-class strategic vulnerability research. To do so, the VRC: • conducts security reviews against systems of importance to the Government of Canada • researches computer security vulnerabilities through source code auditing, software reverse engineering and dynamic analysis • provides advice and guidance on vulnerability prevention and mitigation • researches and develops novel vulnerability research techniques and tradecraft • collaborates with other Government of Canada departments, international partners and other CSE divisions to promote the exchange of expertise • performs recruitment, training and mentorship to help develop the next generation of vulnerability research practitioners within Canada Though officially founded in 2009, TIMC officially opened and formally named in September 2011. Led by Dr. Drew Vandeth, CSE researchers proposed and established the institute. The institute's first director was Dr. Hugh Williams with Dr. Drew Vandeth as the first Deputy Director. Unclassified Academic & Open-Source Contributions Researchers Leland McInnes and John Healy at the Tutte Institute developed a technique called Uniform Manifold Approximation and Projection (UMAP), originally designed to analyze malware. The algorithm and software of UMAP has since been released by TIMC to the open-source community, and is now being used to answer questions about COVID-19. As of 2024-25, TIMC's open-source contributions averaged over 2.5 million downloads per month and have been adapted to NVIDIA's RAPIDS and HypernetX == Facilities ==

CSE occupies two buildings in Ottawa, the Edward Drake Building and the Cyber Centre's office at 1625 Vanier Parkway. Formerly occupying the Sir Leonard Tilley Building. With the rapid expansion in the number of CSE personnel since the 9/11 attack in the US, CSE has built new facilities. A new CA$1.2 billion facility, encompassing , has been built in the eastern part of Ottawa, immediately west of the headquarters building for the Canadian Security Intelligence Service. Construction began in early 2011 and was completed in 2015. On 26 February 2015, CSE officially inaugurated their headquarters at the new Edward Drake Building, named for Lt. Colonel Edward Drake, a pioneer of the Canadian signals intelligence. Employees are equipped with laptops and smart phones, and work most often at an unclassified level. 1625 Vanier Parkway is also the home of the Learning Hub, which runs cyber security and communications security training for Government of Canada employees., former headquarters of CSE|leftCSE formerly occupied the Tilley Building, located at 719 Heron Road starting in June 1961, before moving to the Edward Drake Building. It was designed by architect Jean-Serge Le Fort. The floor space covers 23,832 square metres and the land area covers 4.527 hectares. This building was named in honour of Samuel Leonard Tilley, federal Finance Minister in 1873–1878. == Insignia ==

CSE uses generic identifiers imposed by the Federal Identity Program. However, CSE is one of several federal departments and agencies (primarily those having law enforcement, security or regulatory functions) that have been granted a badge by the Canadian Heraldic Authority. The badge was granted in 1994, while CSE's pennant was first raised in 1996 to mark the organization's 50th anniversary. From the 1990s to the mid 2000s, CSE's Information Technology Security program used a logo to identify its products and publications. The triangle represented threats, while the arc symbolized protection. ==Governance and mandate==

Legislation In addition to those mentioned below, CSE is bound by all other Canadian laws, including the Criminal Code, the Canadian Charter of Rights and Freedoms, the Privacy Act, Security of Information Act, and the Avoiding Complicity in Mistreatment by Foreign Entities Act. Communications Security Establishment Act In June 2019, the Communications Security Establishment Act (CSE Act) was passed, as part of the National Security Act 2017. The Actcame into force two months after passing. Governance and oversight The Minister of National Defence guides and authorizes the activities of CSE using ministerial directives, ministerial authorizations, and ministerial orders, all of which are based on the "government’s intelligence priorities as set out by Cabinet through discussion and consultations with the security and intelligence community." The Defence Minister cannot authorize any activities that are not included in the CSE mandate or grant CSE any powers that do not exist in Canadian law. • National Security and Intelligence Review Agency (NSIRA) – NSIRA is fully independent of government and of CSE. Its committee members are appointed by the sitting prime minister in consultation with Parliamentary leaders, and handle complaints against all Canadian national security agencies. • Intelligence Commissioner – the Intelligence Commissioner is independent of CSE and has oversight of all national security and intelligence gathering activities of the Government of Canada, including CSE. • National Security and Intelligence Committee of Parliamentarians (NSICOP) – NSICOP is a committee of Parliamentarians that have the security clearances to review and report on any aspect of CSE's activities. The Commissioner provided an annual public report on his activities and findings to Parliament, through the Minister of National Defence. Between 1996 and 2019, there were six Commissioners: As part of an omnibus national security bill (the National Security Act 2017) passed by Parliament in 2019, the OCSEC was abolished and its responsibilities divided between two newly created entities: employees of the OCSEC were transferred to the Office of the Intelligence Commissioner; and the review functions of the former OCSEC were assumed by the National Security and Intelligence Review Agency (NSIRA). ==ECHELON==

Under the 1948 UKUSA agreement, CSE's intelligence is shared with the U.S. National Security Agency (NSA), the British Government Communications Headquarters (GCHQ), the Australian Signals Directorate (ASD), and New Zealand's Government Communications Security Bureau (GCSB). ==Controversies==

CBNRC and the information it gathered and shared was kept secret for 34 years until 9 January 1974, when the CBC Television documentary show, The Fifth Estate, aired an episode focused on the organization, with research by James Dubro. In 1996, it was suggested that CSE had monitored all communications between National Defence Headquarters and Somalia, and were withholding information from the Somalia Inquiry into the killing of two unarmed Somalis by Canadian soldiers. In 2006, CTV Montreal's program On Your Side conducted a three-part documentary on CSE naming it "Canada's most secretive spy agency" and that "this ultra-secret agency has now become very powerful," conducting surveillance by monitoring phone calls, e-mails, chat groups, radio, microwave, and satellite. In 2007, former Ontario lieutenant-governor, James Bartleman, testified at the Air India Inquiry on May 3 that he saw a CSE communications intercept warning of the June 22, 1985 bombing of Air India Flight 182 before it occurred. Two former CSE employees have since testified that no CSE report was ever produced. In 2013, a coalition of civil liberties associations launched a campaign directed against the government's perceived lack of transparency on issues related to the agency, demanding more information on its purported domestic surveillance activities. Further criticism has arisen surrounding the construction costs of the agency's new headquarters in Ottawa. The project is slated to cost over CA$1.1 billion, making it the most expensive government building in Canadian history. In 2014, a leaked, top-secret presentation entitled “IP Profiling Analytics & Mission Impacts” summarized experiments tracking the cellphones of travellers passing through Toronto Pearson International Airport. Critics argued that the experiment was invasive and indiscriminate, while CSE countered that it was consistent with all relevant laws and mandates. In 2016, CSE Commissioner found that one of the agency's metadata activities did not comply with the law. Specifically, CSE had failed to properly minimize certain Canadian identity information before sending it to foreign governments, contravening parts of the National Defence Act and the Privacy Act. Media portrayal In The Good Wife episode "Landing," both the NSA and CSE are shown monitoring personal phone calls and hacking private cell phones' recording devices in order to listen in on personal conversations. One plaintiff describes CSE as "the Canadian version of the NSA." ==See also==