OTTAWA–Canada’s domestic spy agency is in the market for hackers.
The Canadian Security Intelligence Service (CSIS) wants to hire a “network exploitation analyst” to assist the agency in “cyber investigative activities.”
The successful candidate will be expected to build new tools for the spy agency to carry out electronic snooping, develop and maintain a database of “malware” exploits, and provide analysis of “technical artifacts,” according to the job posting.
CSIS, which investigates activities suspected of constituting threats to national security, can and routinely does rely on its sister agency, the Communication Security Establishment (CSE), for high-tech help with its espionage efforts. While CSE is focused on gathering foreign intelligence and is forbidden from spying on Canadians, it can assist domestic law enforcement and intelligence agencies with their own investigations.
But one spy watcher said CSIS building up an in-house capability for cyber spying may have less to do with traditional espionage than with its new powers actually to disrupt threats to Canada.
Ronald Deibert, the director of Citizen Lab at the University of Toronto’s Munk School of Global Affairs, said he’s not surprised CSIS is in the market for hackers — state-sponsored hacking is on the rise, and the Liberal government’s new national security laws empower Canada’s spy agencies to take part.
But Deibert, one of Canada’s foremost cybersecurity researchers, told the Star that he has significant concerns about the agencies’ new electronic powers.
“While (Liberal national security bill) C-59 placed some limits and provided some clarity on what those disruption powers would entail, the prospect of CSIS hacking in any form should give everyone pause, especially because there is still a lot of uncertainty around what that mandate would allow,” Deibert said in an email.
“Practically speaking, CSIS hacking could include computer network interference in a foreign election process, compromising the integrity of important digital tools that Canadians rely on for everyday privacy and security, creating fake online personas and using them to spread disinformation and more.”
John Townsend, a spokesperson for the spy agency, said Bill C-59 gives the agency “clear legislative authority” for the collection and analysis of information not “directly or immediately” related to national security threats.
“Data acquisition and exploitation are key to modern national security investigations,” Townsend wrote in a statement. “CSIS has employed network exploitation analysts and data scientists for some time. Given our mandate and specific operational requirements, CSIS does not disclose details related to individual job functions.”
The agency is also hunting for data scientists to develop a new program to sift through massive amounts of information to glean useful intelligence, according to a separate job posting.
CSIS received a sharp rebuke in 2016 from Federal Court Justice Simon Noël over the agency’s Operational Data Analysis Centre, which for almost a decade retained and analyzed data on people who posed no threat to Canada’s national security.
While Noël ruled that CSIS lawfully collected the information during the course of their investigations, it was illegal to retain “third party” data indefinitely.
Bill C-59, which Public Safety Minister Ralph Goodale introduced in 2017 but has yet to become law, set parameters around how the spy agency can access, collect and analyze “publicly-available data” for its investigations, but critics have suggested the powers are ill-defined and overly broad.
CSIS wants its new team of data scientists to “autonomously find, enrich, transform, interpret, and exploit data to create intelligence products.” So: find data sets, figure out how to “exploit” the information contained in them, and condense it into reports that the spies can stomach.
Deibert pointed to a larger, more philosophical question about Canada’s spies’ growing powers for electronic espionage: is this the kind of activity Canada wants to sanction?
“To the extent CSIS, CSE and other Canadian government agencies are players in this space, they will be contributing to this highly-profitable but extremely dangerous market for ‘digital weapons,’” Deibert said.
“By empowering CSIS to hack, in other words, Canada is helping to normalize a dangerously escalating arms race in cyberspace proven to cause demonstrable harm to businesses, governments, and civil society, including back here in Canada.”
Alex Boutilier is an Ottawa-based reporter covering national politics. Follow him on Twitter: @alexboutilier or reach him at 613-237-1441.