Leaks sparked spy safety concerns: memos
OTTAWA - Canada's secret eavesdropping agency feared for the personal safety of staff following the leak of sensitive intelligence by a former U.S. spy contractor, newly declassified memos show.
The Ottawa-based Communications Security Establishment combed through personnel files to assess risks to employees whose name, agency affiliation or specific duties may have been disclosed by Edward Snowden, says an internal note from the head of the spy service.
In the September 2013 memo, CSE chief John Forster urged staff with concerns to speak with a manager or personnel security officials.
"There should not be any conversation that is too difficult to have, or any question that is too difficult to ask," says the memo, originally classified top secret for Canadian eyes only.
It is among several Forster messages, obtained by The Canadian Press under the Access to Information Act, about the high-profile Snowden leaks.
CSE monitors foreign computer, satellite, radio and telephone traffic for information of intelligence interest to the federal government. Its codebreakers, linguists and computer specialists make the agency a key player in the so-called Five Eyes community comprising Canada, the United States, Britain, Australia and New Zealand.
Snowden disclosed a trove of material that showed the U.S. National Security Agency, CSE's American counterpart, had quietly gained access to a wide array of emails, chat logs and other information from major Internet companies, as well as data about a huge volume of telephone calls.
The cache of documents — which Snowden continues to leak piecemeal to the media — contains several references to the Canadian agency's classified operations.
In a June message, shortly after the leaks began grabbing headlines, Forster sent a message to CSE's more than 2,000 employees to say that if friends and family know where they work, it's likely they will be asked over the summer about recent news stories.
"Please be mindful of a few things as you're engaged in casual chats around a BBQ or pool, softball field or soccer pitch," Forster wrote.
"While you may be asked about particular statements, stories or programs mentioned in the media, remember the media coverage has not been entirely accurate. It would be almost impossible to correct every mistake, and I certainly don't want you to try. Please refrain from speculating about what has been reported."
It emerged in January that the Snowden leaks prompted CSE to review its policies on sharing information with key partners and its practices for protecting the privacy of Canadians.
The latest memos show CSE's efforts to determine what Snowden had seen — and taken with him — continued well into the fall.
"As we learn more about what information is or could be out there, our departmental response is covering several fronts. First and foremost are the safety, security and well-being of our people," Forster said in the September memo.
"Personnel Security has been very involved in the forensic investigation, and they continue to assess the risks to personnel stemming from information that may have been leaked."
As a result of the Snowden disclosures, CSE's chief information officer began a review aimed at protecting the spy agency's advanced information technology systems, the September memo says. In addition, officials in CSE's corporate services branch began "a similar review of our security practices," Forster added.
Asked to elaborate on the concern, CSE spokesman Ryan Foreman said that as a foreign intelligence agency, CSE counters terrorism, espionage, cyberattacks, kidnappings of Canadians abroad, assaults on embassies and other serious threats.
"The safety and security of CSE personnel is vital to ensure that they are able to carry out these tasks that protect Canadians. This includes, where appropriate, protecting the identities of employees and their affiliation with CSE."
An October memo from Forster about a leaked CSE slide presentation — which suggested the agency had spied on Brazil — said it was important to note "the author's name was not revealed in the media coverage."
Most news organizations privy to the Snowden material are conscious of potential threats to personnel security and have acted accordingly, said Wesley Wark, who teaches at the University of Ottawa's graduate school of public and international affairs.
"But the fear is that the Snowden material in unredacted form may be in the hands of others, including other state intelligence services, whether wittingly through the actions of Snowden himself, or unwittingly," he said.
Wark added there is real danger to CSE employees if the leaked documents reveal information about the agency's operational posts abroad or names of CSE personnel involved in overseas military actions.
In addition, he said, should the contact information or identities of staff engaged in "sensitive intelligence collection issues" be revealed, they could become the target of an intelligence-gathering operation, especially one that might use cyber-espionage tools to hack into communications and database networks.
Follow @JimBronskill on Twitter