Evidence of meeting #18 for National Defence in the 41st Parliament, 2nd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was information.
A recording is available from Parliament.
11:20 a.m.
John Forster Chief, Communications Security Establishment
Yes. The metadata we do collect, we collect from the global information infrastructure.
11:20 a.m.
NDP
11:20 a.m.
Chief, Communications Security Establishment
No, I can confirm the collection of.... We used a historical snapshot of metadata. There was no collection done from the airport. It was collected—
11:20 a.m.
NDP
Jack Harris NDP St. John's East, NL
—As part of your normal global collection.
So that same normal global collection would have collected that data whether it had been at the airport, in the downtown of the place where the airport was located, from equipment such as I have in my hand here, my cellphone, and an iPad. All that metadata that's collected is part of what you call your normal global collection. Am I correct?
11:25 a.m.
Chief, Communications Security Establishment
We collect as per the National Defence Act.
11:25 a.m.
NDP
Jack Harris NDP St. John's East, NL
I understand. I have the act. We'll get into the act in a moment.
11:25 a.m.
Conservative
Rob Nicholson Conservative Niagara Falls, ON
But it doesn't include any concept of private communication, if that's what you're looking at. But fair enough....
11:25 a.m.
NDP
Jack Harris NDP St. John's East, NL
Your normal, global collection that was analyzed with respect to that particular airport, that normal global collection includes all communications that occur, not just at airports but everywhere in the country. Is that correct?
11:25 a.m.
Chief, Communications Security Establishment
No. If I could elaborate a little bit....
When you look at the global information infrastructure—the Internet—if I'm sending an email from myself to the chair, for example, that email may get broken up into different pieces, and it may travel different communication routes around the world. When we collect information off the global Internet, Canadian information and metadata, which is not the content, along with foreign, is all intermingled and mixed. When you collect it, you may be collecting foreign, and you have no way of discerning in that context as it's impossible to identify and separate out, so you collect it. We're then required to protect and manage any Canadian metadata, which doesn't include the communications content, separately, and protect the privacy of that information.
11:25 a.m.
NDP
Jack Harris NDP St. John's East, NL
Just so I can be clear here, the data that's collected, you don't know whether it comes from Canadians, persons in Canada or not, but you're authorized to collect metadata from persons in Canada and Canadians, are you not?
11:25 a.m.
Chief, Communications Security Establishment
—data from the global information infrastructure, which is defined in the act, which includes global communication networks. As I said, data and communications will traverse the globe, depending on where the most efficient, cost-effective...and capacity is. Our Canadian data and foreign data may be intermingled, so when we collect it we're interested in foreign intelligence, so we use that to direct our activities of foreign targets.
11:25 a.m.
NDP
Jack Harris NDP St. John's East, NL
You know, we do hear formulas coming from the government, and you and the minister, that we don't target Canadians, we don't track Canadians, because you're not allowed to directly do that. But you collect that data as part of the data collection that you're doing from what you call the global infrastructure, but that would include information. We've heard metadata described as, for example, this cellphone is talking to that cellphone, or a person is using one of these Internet or GIS-type information systems, that this travels around and you're able to collect it, and you do. Some of it is from Canadians, and some of it is from others. Is that correct?
11:25 a.m.
Chief, Communications Security Establishment
Yes, Canadian and foreign, the metadata, which is not the content, will be intermingled together as it traverses global communication networks.
11:25 a.m.
NDP
Jack Harris NDP St. John's East, NL
So are you saying to me that you then, after collecting all that data, which is an ongoing process, you then separate out the Canadian from the others?
11:25 a.m.
Chief, Communications Security Establishment
Our use of metadata, we use it based on the directions from the minister for three things.
One is to understand global communication networks, so we use it to analyze networks so that when we're searching for a foreign target, it helps us to find where our best chance of success is in identifying targets in a sea of billions of communications.
Two, we use it to make sure that we're actually targeting a foreign communication and not a Canadian communication.
Three, we use metadata to help us detect and identify cyber-attacks against government systems and the information they contain. We can only use metadata either to understand global networks and analyze them, or to define our foreign targets. We don't use it to identify or target Canadians.
11:25 a.m.
Conservative
The Chair Conservative Peter Kent
Thank you, Mr. Forster.
That's your time, Mr. Harris.
Mr. Norlock, please.
April 3rd, 2014 / 11:25 a.m.
Conservative
Rick Norlock Conservative Northumberland—Quinte West, ON
Thank you very much, Mr. Chair, and through you to our witnesses, thank you for attending today.
I'd like to continue on with the questioning of my friend across the table.
Mr. Forster, if I understood correctly, metadata...when Canadians are listening to this information, of course they read the headlines and they get all upset that maybe there is some personal information that the government's collected on Canadians. I think you rightly identified that Canadians are not targeted, and that the purpose of collection of this data is to, as you put it, understand and analyze so that you can—from that sea of billions of communication methods and addresses that messages are going to, and pieced out to different entities throughout the world—more appropriately and properly identify those foreign information exchanges, shall we call them, that may be targeted against a Canadian target. Would I be correct in what I've just said?
11:30 a.m.
Conservative
Rick Norlock Conservative Northumberland—Quinte West, ON
And your job is to protect this country against people who would use the Internet and other types of technology to infiltrate not only the Government of Canada, including our military. But would I also be correct in identifying those threats to Canadian industry, those industries that protect Canadian jobs and increase Canadian jobs, and that have a high degree of intellectual property that we feel must be protected in order to maintain those jobs and to foster industry throughout Canada?
11:30 a.m.
Chief, Communications Security Establishment
Yes, our role is to help protect Canada from a variety of foreign-based threats. That could include terrorist organizations that are plotting attacks on our allies or Canadian interests overseas, support to the Canadian military in theatre of operations.
Regarding your last point, the organization plays a key role in protecting Canadian networks from cyber-attacks. That would include primarily the Government of Canada and all the information those systems contain, but as well critical infrastructure in Canada. So we collect information on those cyber-threats, cyber-attacks. We can help critical infrastructure providers protect their networks and the tech attacks, which could include the theft of valuable intellectual property, technology, research.
I would like to be clear in terms of our relations with industry. We do not collect and provide intelligence to them for their commercial advantage. We're not in that business at all. Our interactions with them would be solely in terms of helping them protect their networks from espionage and the disruption of their networks. We do that with Public Safety who has the lead role.
11:30 a.m.
Conservative
Rick Norlock Conservative Northumberland—Quinte West, ON
That's where I was going. So you would go to Public Safety and say, “We have an issue here. Here's what the issue is. You folks do what you have to do to make sure that we protect Canadian jobs in the industry and intellectual property that is domestic in nature.”
Would I be correct in saying your organization really doesn't want to know if I'm talking to my grandkids over the Internet, if I'm talking to some family members, if Canadians want to communicate, or the websites Canadians may want to go to? You're not interested in that. What you're interested in is the security of our country and not the individual communications of Canadians with other Canadians or the places they go to visit to get information.