Thank you.
I have one quick question for Mr. Plouffe, but I think it's an important one.
CSEC is an integral part of our national security establishment and deals with a much higher level of technology than most government departments, and overseeing mathematicians and cryptographers whose full-time job is obfuscation is necessarily difficult. It's one thing to have total access to everything; it's another to interpret that data. In signals intelligence, data mining, and so forth, and in the deliberate compromising of targeted machines, who conducts the accountability code audits?
To give you an example of what I'm wondering about, WIRED magazine reported that last year the Kaspersky Lab turned up a pretty fascinating operation called the “Equation Group” that remotely flashed hard-drive firmware and is believed to come from a Five Eyes partner of the National Security Agency. This is low-level assembly language-type work and requires very specific expertise.
What processes are in place to interpret this level of sophistication in oversight capacity, and how is it achieved or how could it be achieved?