Privacy Impact Assessment Summary for the SSC Enterprise Perimeter Security Service

Purpose

The main purpose of the Enterprise Perimeter Security (EPS) service is to strengthen the Government of Canada’s (GC’s) Internet perimeter by inspecting Internet traffic and implementing security controls. We launched this solution to:

1. provide a deeper, global view of incidents;
2. deliver robust security enhancements to Protection and Detective Services for the existing Internet security perimeter defence service and infrastructure; and
3. modernize our response by using more adaptive, comprehensive, sophisticated and proactive approaches to prevent and reduce future and current threats.

Description

The proposed solution is designed to intercept all Secure Socket Layer/Transport Layer Security (SSL/TLS) sessions egressing GC networks using the Internet Information Service Points of Presence with a destination of the wider Internet. It will decrypt, inspect and process this traffic with several security tools and then re-encrypt the traffic for its ultimate destination.

Our authority for this service lies in Section 6 of the Shared Services Canada Act and Order-in-Council (PC) Numbers 2015-1071 and 2013-0368.   In addition, section 161 of the Financial Administration Act grants Shared Services Canada (SSC) the authority to protect its systems.

Why the Privacy Impact Assessment (PIA) Was Necessary

The PIA was necessary to ensure privacy was taken into account throughout the development, testing and implementation of the EPS service and to identify any potential privacy risks and lower the risks through appropriate actions.

PIA Findings and Mitigation Measures

The PIA evaluated all components of the EPS service including inputs, design, procedures, processes, outputs and human and project interfaces involving the collection, use, retention, disclosures and/or disposal of Personal Information (PI).

The service will be deployed to organizations that subscribe to SSC’s Internet services, also known as, Internet subscribers. The PIA did not cover networks, infrastructures, processes or PI under the control of Internet subscribers.

The PIA found that EPS has several privacy measures built into its design:

• SSC only scans, records and/or collects and retains minimal PI for logs when suspicious content is detected;
• There is minimal human intervention and no hard copies of reports are produced; and
• It has settings to bypass the decryption of sensitive banking and health personal information.

The PIA did find privacy risks.  Since the outset of this privacy assessment, SSC has made headway by decreasing the total number of risks, risk levels and remaining risks will be addressed through an SSC action plan, which consists of technical solutions, security controls and appropriate guidance.

Our work is not done yet, since the assessment of privacy risks is an ongoing process and does not stop once a PIA has been completed and approved. To this end, the PIA will be kept relevant and up to date to reflect any EPS modifications that affect an individual’s privacy.