Incident: Unauthorized Metadata Sharing Due to Software Flaw by Canadian Agency.

Published Date: 2016-01-28

Postmortem Analysis
Timeline 1. The software failure incident where Canada's ultra-secret eavesdropping agency illegally collected Canadians' metadata due to a software flaw was discovered internally in 2013 [39594]. Therefore, the software failure incident happened in 2013.
System 1. Software flaw in the Communications Security Establishment (CSE) system - resulted in the sharing of metadata, used to identify, manage, or route communications over networks that could identify Canadians [39594].
Responsible Organization 1. The software flaw was responsible for causing the software failure incident at Canada's ultra-secret eavesdropping agency, the Communications Security Establishment (CSE) [39594].
Impacted Organization 1. Canadians - The software failure incident impacted Canadians as their metadata was illegally collected due to a software flaw [39594].
Software Causes 1. The software failure incident was caused by a software flaw that resulted in the sharing of metadata, leading to the illegal collection of Canadians' metadata [39594].
Non-software Causes 1. The breach of Canadian privacy and national security laws was deemed "unintentional" ([39594]). 2. Concerns were raised about efforts by the Canadian Security Intelligence Service (CSIS) to counter "insider threats," including deficiencies in preventing and investigating classified document leaks ([39594]). 3. CSIS rejected recommendations made by the Security Intelligence Review Committee (SIRC) ([39594]). 4. SIRC raised a potential legal concern regarding CSIS's use of paid al-Qaida or Taliban informants, noting a conflict with United Nations regulations prohibiting association with or funding of these jihadist groups ([39594]).
Impacts 1. The software failure incident led to Canada's ultra-secret eavesdropping agency, the Communications Security Establishment (CSE), suspending its sharing of metadata with its Five Eyes intelligence partners - Australia, Britain, New Zealand, and the United States until a fix is found [39594].
Preventions 1. Regular software audits and quality assurance checks could have potentially identified the software flaw that led to the sharing of metadata [39594]. 2. Implementation of stricter data privacy and security protocols within the software system could have helped prevent unintentional breaches like the one caused by the software flaw [39594]. 3. Enhanced training and awareness programs for employees using the software to ensure they understand the implications of mishandling data and metadata [39594].
Fixes 1. Conduct a thorough review and update of the software system to address the software flaw that resulted in the sharing of metadata [39594].
References 1. Communications Security Establishment (CSE) official 2. Canadian defense minister Harjit Sajjan 3. Public safety minister Ralph Goodale 4. Canadian Security Intelligence Service (CSIS) 5. Security Intelligence Review Committee (SIRC)

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident related to the illegal collection of Canadians' metadata by Canada's Communications Security Establishment (CSE) was described as unintentional and blamed on a software flaw that resulted in sharing metadata [39594]. This incident occurred within the same organization, CSE. (b) There is no information in the provided article about a similar incident happening at other organizations or with their products and services.
Phase (Design/Operation) design (a) The software failure incident in the article was attributed to a design flaw that resulted in the sharing of metadata by Canada's Communications Security Establishment (CSE) with international partners. The breach was described as unintentional and was discovered internally in 2013. The sharing of metadata, which could identify Canadians, was a result of a software flaw in the system [39594]. (b) The article does not provide specific information about the software failure incident being due to operation or misuse of the system.
Boundary (Internal/External) within_system (a) within_system: The software failure incident reported in the article was attributed to a software flaw within the system. The Communications Security Establishment (CSE) mentioned that the breach of sharing Canadians' metadata with international partners was unintentional and was caused by a software flaw that led to the sharing of metadata [39594]. This indicates that the failure originated from within the system itself.
Nature (Human/Non-human) non-human_actions (a) The software failure incident in the article was attributed to a non-human action, specifically a software flaw. The Communications Security Establishment (CSE) mentioned that the breach of sharing Canadians' metadata with international partners was unintentional and was caused by a software flaw that led to the sharing of metadata that could identify Canadians [39594]. This indicates that the failure was due to a contributing factor introduced without human participation.
Dimension (Hardware/Software) software (a) The software failure incident mentioned in the article was attributed to a software flaw that resulted in the sharing of metadata, leading to the illegal collection of Canadians' metadata in sweeps of foreign communications by Canada's Communications Security Establishment (CSE) [39594]. (b) The software failure incident was specifically linked to a software flaw within the system, indicating that the contributing factors that led to the breach originated in the software itself [39594].
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident related to the illegal collection of Canadians' metadata by Canada's ultra-secret eavesdropping agency was non-malicious. The breach was described as unintentional and attributed to a software flaw that resulted in the sharing of metadata, which could identify Canadians. The agency stated that the likelihood of this leading to any abuses was low, and the breach of Canadian privacy and national security laws was deemed unintentional [39594].
Intent (Poor/Accidental Decisions) poor_decisions (a) poor_decisions: The software failure incident related to the illegal collection of Canadians' metadata by Canada's Communications Security Establishment (CSE) was attributed to a software flaw that resulted in sharing the metadata with international partners unintentionally. This indicates that the failure was due to poor decisions or contributing factors introduced by poor decisions [39594].
Capability (Incompetence/Accidental) development_incompetence, accidental (a) The software failure incident in the article was attributed to development incompetence. The Communications Security Establishment (CSE) in Canada revealed that the breach of Canadians' metadata was unintentional and was caused by a software flaw that resulted in the sharing of metadata with international partners [39594]. The agency mentioned that the breach was discovered internally in 2013, indicating that it was a result of a lack of professional competence in ensuring the proper handling of sensitive data.
Duration temporary The software failure incident mentioned in the article is temporary. The Communications Security Establishment (CSE) discovered the breach in 2013 due to a software flaw that resulted in the sharing of metadata [39594]. As a result of this incident, the CSE suspended its sharing of metadata with its Five Eyes intelligence partners until a fix is found. This indicates that the software failure was not permanent but rather a temporary issue that could be resolved with a fix.
Behaviour omission, value, other (a) crash: The software failure incident in the article is not described as a crash where the system loses state and does not perform any of its intended functions. (b) omission: The software flaw resulted in the sharing of metadata, which is considered an omission as the system omitted to properly manage or route communications over networks, leading to the collection of Canadians' metadata [39594]. (c) timing: The software failure incident is not related to timing issues where the system performs its intended functions but at the wrong time. (d) value: The software flaw led to the system performing its intended functions incorrectly by sharing metadata that could identify Canadians, which is a value-related failure [39594]. (e) byzantine: The software failure incident does not exhibit characteristics of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. (f) other: The behavior of the software failure incident in the article can be categorized as a mistake or anomaly in the system's operation, resulting in the unintentional sharing of Canadians' metadata due to a software flaw [39594].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, theoretical_consequence, unknown (a) unknown (b) unknown (c) unknown (d) The software failure incident resulted in the illegal collection of Canadians' metadata, impacting their privacy and potentially breaching national security laws [39594]. (e) unknown (f) unknown (g) The likelihood of the software failure leading to abuses was deemed "low" by the agency [39594]. (h) The software failure incident led to the suspension of sharing metadata with international partners until a fix was found [39594]. (i) unknown
Domain government [a] The failed system in the reported incident was related to the government industry. The software flaw that led to the sharing of Canadians' metadata was within the Communications Security Establishment (CSE), which is Canada's ultra-secret eavesdropping agency responsible for intelligence gathering and national security [39594]. The incident involved a breach of Canadian privacy and national security laws, indicating its direct connection to the government sector.

Sources

Back to List