1996-05-18 - CSIS Supports Crypto (fwd)

Header Data

From: Steve Reid <root@edmweb.com>
To: cypherpunks@toad.com
Message Hash: 066572d7756f2b6bb7ef88f840bc7252a242b71c776527465111093a8a256077
Message ID: <Pine.BSF.3.91.960516203216.288E-100000@bitbucket.edmweb.com>
Reply To: N/A
UTC Datetime: 1996-05-18 11:19:30 UTC
Raw Date: Sat, 18 May 1996 19:19:30 +0800

Raw message

From: Steve Reid <root@edmweb.com>
Date: Sat, 18 May 1996 19:19:30 +0800
To: cypherpunks@toad.com
Subject: CSIS Supports Crypto (fwd)
Message-ID: <Pine.BSF.3.91.960516203216.288E-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


For what it's worth...

---------- Forwarded message ----------
Date: Thu, 16 May 96 20:00:38 EDT
From: David Jones <djones@insight.dcss.McMaster.CA>
To: efc-talk@insight.dcss.McMaster.CA
Subject: CSIS: growing threat of economic espionage


	  CSIS warns that Economic Espionage is growing
	 - Strong encryption may be one line of defence -

by David Jones

OTTAWA --  The Canadian Security Intelligence Service, CSIS,
wants Canadian corporations and government departments to be
aware of the growing problem of "economic espionage".

This is distinct from "industrial espionage", which is just
company-on-company spying; "economic espionage" is state-sponsored.

I spoke briefly with Ted Flanagan, who is the National Coordinator
for Economic Security and Proliferation Issues, for CSIS.
After hearing him make his pitch on the TV news, I wanted to ask him
about a possible conflict between, on the one hand, Canadian law
enforcement, which seems reluctant to see strong encryption become
widely used and, on the other hand, CSIS, which seems to be implying
that government departments and private companies should take active
steps to protect themselves, including the use of strong encryption.

Here's a few of his comments, (paraphrased)

   It's sometimes surprising for people to hear that foreign
   states do have significant resources and can easily monitor
   telecommunications, *globally*.  Companies have to be mindful
   of this.  Encryption may not be necessary for everything,
   but for particular aspects of their business communications,
   such as bid proposals, online transactions, it may be appropriate.
 
   Obviously there is a law enforcement concern about criminal
   activity being shielded by the use of encryption, but encryption
   is now a commonplace and commercially available fact of life.
   The technology exists and if individuals are going to use it for
   illicit purposes, then they're going to use it.

   The reality, though, is that the Canadian government does have
   a security policy and they do have encryption requirements.
   Encryption is the sort of thing that an awful lot of Canadian
   companies are also using, depending on their resources and needs.

   We're working with a community who we feel have a legitimate
   requirement to ensure that proprietary information is protected.
   There's no way to reverse the trend of having commercially
   available software for encryption.

So the bottom line for cops seems to be:
Encryption is here to stay; get used to it.

Ted Flanagan also explained CSIS's mandate.  It doesn't deal with
law enforcement per se, but it is concerned with national security.
It advises government departments and alerts private organizations
to potential threats.  It operates within Canada in a "defensive"
capacity.  There's been some speculation that Canada needs an
"offensive" intelligence agency that would be able to take steps
in foreign countries to further our national interests.  (Heck, if
they're spying on us, maybe we should spy on them!)  Don't bother
signing up to be the next Canadian James Bond, though.  There's no
political support for such an agency any time soon.

Part of the problem with raising corporate awareness of the threat
of espionage is that serious incidents are often hushed up because
of the damage that negative publicity would cause to the reputation
of a big Canadian company.  CSIS tries to work with companies on
a confidential basis and keeps a private database of incidents they
learn about.

So, next time you read a newspaper article about two teenage boys
getting busted for running a BBS with pirated software, keep in mind
that elsewhere there's *real* cyber-crime that is going down, ...
and although you may never hear about it, it's happening on a scale
that makes those BBS pirates look like, well, mischievous children.

Here's a random excerpt from the CSIS 1995 Annual Report

   "A foreign government is believed to have tasked its intelligence
   service to gather specific information.  The intelligence service
   in turn contracted with computer hackers to help meet the objective,
   in the course of which the hackers penetrated databases of two Canadian
   companies. These activities resulted in the compromise of the companies'
   numerous computer systems, passwords, personnel, and research files."

	URL = http://www.csis-scrs.gc.ca/eng/publicrp/pub1995e.html#economic

- -









Thread