This repos pdf documents (I extracted the pdfs from the source portfolio archives for ease of viewing) are sourced from here
I have included the contents of Bill Robinson's post about the releases followed by the bccla post of the releases.
Yesterday, the British Columbia Civil Liberties Association (BCCLA) posted an important collection of 284 documents relating to the operations of the Communications Security Establishment. The documents provide a unique window into the ways the statutory provisions governing CSE were interpreted and operationalized by the agency in the period between 2001, when CSE's first statutory mandate was added to the National Defence Act, and the 2019 entry into force of the CSE Act. They also provide rare insight into the way CSE's signals intelligence (SIGINT) and information technology security (ITSEC) programs actually work.
In 2013, in the wake of the Snowden revelations, the BCCLA took the government to court, alleging that CSE’s bulk collection of metadata and incidental collection of private communications violated Canadians’ Charter rights to privacy. The case, which went on for several years, took place behind closed doors, and is likely ultimately to have played an important role in the government's decision to enact a number of reforms to CSE's powers and the oversight and review mechanisms for the agency in the CSE Act and other parts of Bill C-59, passed in 2019. (You can read more about the litigation here.)
During the course of the litigation, the BCCLA was provided with a large body of documents concerning CSE's operations. Although heavily redacted in many parts, these documents contained a lot of never previously revealed information about the agency's activities, with particular emphasis on the rules and procedures governing the collection and handling of communications and other information concerning persons located in Canada and Canadians located anywhere by CSE's signals intelligence (SIGINT) and information technology security (ITSEC) programs.
Unfortunately, they were provided under a confidentiality undertaking that prevented the BCCLA from making them public. However, in 2017 I made an access to information request for the documents, and eventually, following an appeal to the Information Commissioner, they were provided to me with no additional redactions. The government then released the BCCLA from its undertaking.
Now the BCCLA has made the collection, comprising over 4,900 pages of documents, available for download on its website. You can find the links at the end of Greg McMullen's guide to their contents.
I've also put together some introductory notes here.
The following key operational policy documents are included in the collection:
OPS-1, Protecting the Privacy of Canadians and Ensuring Legal Compliance in the Conduct of CSEC Activities (AGC 0022)
OPS-1-1, Operational Procedures for the Release of Suppressed Information from SIGINT Reports (AGC 0020) (28 September 2012 version) and OPS-1-1, Policy on Release of Suppressed Information (AGC 0253) (14 November 2014 version)
OPS-1-6, Operational Procedures for Naming and Releasing identities in Cyber Defence Reports (AGC 0011)
OPS-1-7, Operational Procedures for Naming in SIGINT Reports (AGC 0019)
OPS-1-8, Operational Procedures for Policy Compliance Monitoring to Ensure Legal Compliance and the Protection of the Privacy of Canadians (AGC 0024)
OPS-1-10, Operational Procedures for Metadata Analysis [redacted] (AGC 0012)
OPS-1-11, Retention Schedules for SIGINT Data(AGC 0007)
OPS-1-13, Operational Procedures Related to Canadian [redacted] Collection Activities (AGC 0023)
OPS-1-15, Operational Procedures for Cyber Defence Activities Using System Owner Data(AGC 0018)
OPS-1-16, Policy on Metadata Analysis for Foreign Intelligence Purposes (AGC 0279)
OPS-3-1, Operational Procedures for [redacted; probably "Computer Network Exploitation"] Activities (AGC 0026)
OPS-6, Policy on Mistreatment Risk Management(AGC 0266).
These twelve operational policy documents provide the most detailed window into the policies that govern CSE's operations ever made available to the public. It is important to note that all were superseded in 2018 when CSE introduced an entirely rewritten Mission Policy Suite in preparation for the passage of the CSE Act. However, it is likely that most of the details of those policies remain unchanged, so the documents also provide the best currently available insight into the likely parameters of present operational policies at the agency.
The collection also contains numerous other documents, training materials, and briefing decks that provide further insight into CSE policies and activities. These include:
-
The Ministerial Directive issued by the Minister of National Defence on CSE use of metadata (both the 9 March 2005 version (AGC 0004) and the 21 November 2011 version (AGC 0017)).
-
The Ministerial Directive on the Integrated SIGINT Operational Model (AGC 0076), which governs CSE's relationship with Canadian military SIGINT activities.
-
Examples of the annual Ministerial Authorizations issued under the pre-2019 system to authorize CSE collection activities risking the inadvertent collection of Canadian private communications. Examples of the background memos provided to the Minister of National Defence to explain proposed Ministerial Authorizations are also in the collection.
-
CSE's classified Annual Reports to the Minister of National Defence for fiscal years 2010-11, 2011-12, 2012-13, and 2013-14.
-
Copies of many of the memoranda of understanding between CSE and client departments on the provision of SIGINT services.
-
Subsidiary policy and procedure documents on a wide range of subjects, such as Producing Gists for Indications and Warning Purposes (AGC 0134), Targeting Identifiers for [Foreign Intelligence] under Mandate A (AGC 0135), and Foreign Assessments and Protected Entities(AGC 0136).
-
Two training manuals for CSE employees: SIGINT 101 Orientation Program (AGC 0182), an introduction to CSE's SIGINT program, and DGI [Director General Intelligence] Familiarization Manual (AGC 0193), an introduction to work as a SIGINT analyst at CSE.
-
Numerous classified reports from CSE's pre-2019 watchdog body, the Office of the Communications Security Establishment Commissioner (OCSEC), and CSE's responses to those reports. These include OCSEC's 2015 review of CSE's metadata activities (AGC 0278), which examines a series of failures by CSE to protect information about Canadians in metadata shared with foreign partners. This report is the best source of information available on those events, which led to the only declaration that CSE had failed to comply with the law that OCSEC ever issued.
In addition to broader policy questions, the documents are an unparalleled source of background information about aspects of CSE's activities. For example, one OCSEC review (AGC 0110) describes the nature of the Client Relations Officer (CRO) system that CSE uses to deliver SIGINT products to many of its government clients. Another (AGC 0179) contains the first data ever released to the public on the percentage of requests made by SIGINT clients for Canadian Identity Information that were approved by CSE (1113 of 1119, or more than 99%). In 2021, the National Security and Intelligence Review Agency (NSIRA), which replaced OCSEC in 2019, was able to release additional data on CSE's approval rate for requests, possibly in part because the BCCLA release had already established that such data could be declassified.
In other cases the documents provide insight into aspects of CSE's activities that the agency is still redacting from NSIRA reports. For example, pages 19-21 of this NSIRA report released in 2021 discussed a flawed policy related to privacy protection that was later rescinded by CSE, but NSIRA was evidently unable to include any information about the nature of the policy in its report. The key details of the policy in question can be found on pages 30-31 of OPS-1-7, Operational Procedures for Naming in SIGINT Reports (AGC 0019).
In other cases, one can observe the evolution of CSE policies over time. For example, in document AGC 0182 (p. 99) it is explained that "we [CSE] do not have to protect the privacy of non-Canadians in Canada. This means that in reports we can name people who are in Canada and who fall into certain categories like holding work or student visas, or who are illegal immigrants." But document AGC 0206 (p. 122) reports that this policy was changed in April 2014, with CSE's privacy policies now covering all persons in Canada. (Given the timing of this change, it's likely that it was made in response to the BCCLA's legal action.)
The documents are also a gold mine of information on the official definitions of key terms used by CSE, encompassing concepts such as Canadian Privacy-Related Information, Metadata, and Contact Chaining. The BCCLA has put together a guide to many of those terms here (but note that their glossary is "a work in progress and not intended as a formal dictionary").
Some of the documents in the BCCLA collection have previously been released to individual requesters through the Access to Information Act. But in many cases the versions released were significantly more heavily redacted than the versions provided to the BCCLA. (The parts of the documents pertaining to CSE's mandate to provide support to federal law enforcement and security agencies are an exception, however, as those parts were redacted in their entirety from the BCCLA documents as "not relevant" to their case.) In addition, in many cases documents released to individual requesters are never published or otherwise made accessible to other researchers or the general public.
The BCCLA collection is unique in providing systematic access to these documents for online research and downloading.
Enjoy!
Pulling Back the Curtain on Canada’s Mass Surveillance Programs – Part Two: The CSE Secret Spying Archive
Posted on March 16, 2023 by Greg McMullen
The BCCLA is sharing over 4,000 never-before-seen pages detailing the Communications Security Establishment’s (CSE) surveillance practices.
These documents paint a picture of a powerful spy agency in dire need of oversight. Read on to learn more.
A key aspect of any legal proceeding is the discovery process, where both parties are required to disclose all relevant documents in their possession, regardless of whether they support or undermine their position. In the context of national security litigation, this process can be challenging for claimants. Courts tend to give significant weight to claims of secrecy by national security agencies, particularly when it relates to specific methods used by these agencies.
As part of the case these released documents come from, the Federal Court granted the government’s request that the hearings be conducted in secret, and that the related court files be sealed to prevent public access. These measures were allowed despite the fact that all documents were heavily redacted to conceal sensitive national security information. It seemed the public might never be allowed to learn important details about CSE’s spying programs or the BCCLA’s court case challenging them.
That changed when Bill Robinson, a researcher who worked with BCCLA on the case, made a request for the documents under the Access to Information Act. CSE initially refused to release them, claiming litigation privilege. Robinson then made a formal complaint to the Information Commissioner, which the commissioner upheld. Finally, CSE agreed to release the documents with no additional redactions, and the government agreed to lift the implied undertaking of confidentiality, allowing the BCCLA to share these critical documents with the public.
Even with these heavy redactions, the documents paint a picture of a powerful spy agency in dire need of oversight.
Despite rules against targeting Canadians, CSE regularly collected Canadians’ communications, shared Canadians’ information with third parties, chose to protect those intelligence sharing relationships over the privacy of Canadians, and prioritized its continued operation over all else.
These documents total over 4,900 pages, making up 284 individual documents and focus on the period immediately before the litigation was filed, from the mid-2000s to mid-2010s.
The documents fall into 3 broad categories:
Ministerial Authorizations and Ministerial Directives are documents signed by the Minister of National Defence. Ministerial Authorizations grant CSE authorities to conduct various classes of surveillance activities, while Ministerial Directives provide instruction on how to exercise those authorities.
The documents in this batch include:
Ministerial Authorizations from 2010 – 2015;
Ministerial Directives relating to:
- the collection and use of metadata [1];
- measures necessary to protect the privacy of Canadians 2[]; and
- information sharing with other governments when sharing the information creates a “substantial risk of mistreatment” [3];
Memoranda from the CSE chief requesting the Ministerial Authorizations and Directives and providing rationales for granting them; and
Memoranda of Understanding (“MOUs”) between CSE and various government agencies or departments allowing CSE to provide assistance with various matters, including computer network security, and often allowing CSE to intercept that agency or body’s communications. MOUs were signed with:
- Canada Revenue Agency (CRA) [4];
- Canadian Forces [5];
- Canadian Nuclear Safety Commission [6];
- Canadian Security Intelligence Service (CSIS) [7];
- Department of Foreign Affairs and International Trade (DFAIT) [8];
- Health Canada [9];
- Public Works and Government Services Canada [10];
- Natural Resources Canada [11];
- Royal Canadian Mounted Police (RCMP) [12]; and
- Shared Services Canada [13].
These documents include a wide array of CSE policy and operations manuals that guide the activities of the various branches of CSE and the agency as a whole. These include multiple documents from the following series:
- Operational Policy Series (OPS);
- Canadian SIGINT Operations Instructions (CSOI);
- IT Security Operational Instructions (ITSOI);
- Canadian SIGINT Security Standards (CSSS);
- Policy and Communication Instructions (PCI); and
- SIGINT Programs Instructions (SPI).
These documents cover a wide range of subjects, including public annual reports from the CSE Commissioner,[14] CSE reports to the Minister of National Defence,[15] and previously secret documents detailing failures by CSE to follow its own procedures intended to protect Canadians’ information,[16] and transferring information about Canadians to its Five Eyes partners without properly removing identifying information.[17]
Like many government agencies, CSE has developed a set of jargon and acronyms that can seem designed to be impenetrable to the public. The documents allowed us to produce a glossary of CSE terminology to assist you in reading them and other public documents released by the CSE. The documents also reveal how CSE redefines common words to create its own vocabulary. These non-standard definitions provide a misleading impression of CSE’s actions to the public, and potentially to the ministers tasked with authorizing CSE’s surveillance powers.
One example of this is the verb “intercept”. In common usage, intercepting a communication would mean getting the contents of a communication between two people, like a wiretap or reading someone’s mail. Even in the Criminal Code, “intercept” has a broad meaning that aligns with the common understanding of the word: “intercept includes listen to, record or acquire a communication or acquire the substance, meaning or purport thereof.”[18]
CSE’s definition of “intercept” is much narrower. They say a communication is only “intercepted” when it is “selected by CSEC on specific criteria, and is sent from the [REDACTED] to CSEC traffic repositories”.[19] Using the CSE’s vocabulary, taking a copy of an instant message as it moves across the internet is not “interception” – it is merely “collection”.
2. CSE was not allowed to target Canadians but regularly collected Canadians’ information and received it from foreign partners
Under both the National Defence Act (NDA) regime and the new CSE Act regime, it is clear that CSE is not allowed to spy on Canadians or people in Canada and must have measures in place to protect the privacy of Canadians. The NDA, which was in place during the time period covered by the documents, stated that CSE’s activities “shall not be directed at Canadians or any person in Canada”[20], and “shall be subject to measures to protect the privacy of Canadians in the use and retention of intercepted information”.[21]
All the same, CSE collected vast quantities of information about Canadians. CSE collects “raw SIGINT” data directly from its collection points in Canada’s communications infrastructure and elsewhere, including both content of communications and metadata.[22]
Typically, information that identifies a Canadian person is “suppressed” or “minimized” (CSE-speak for redacted or removed) before it is shared by CSE. However, the unredacted “raw SIGINT” is still maintained by CSE, and a wide range of CSE personnel can access the raw SIGINT “as needed to fulfill official duties”.[23] Raw SIGINT can also be shared outside of CSE, with Canadian Armed Forces personnel or Departmental Security Officers. The circumstances under which such sharing is allowed are redacted.[24]
CSE also advised the CSE Commissioner that CSE did not need a Ministerial Authorization to use metadata or communications involving Canadians if those communications were provided to CSE by another country. In CSE’s view, the prohibition on intercepting private communications of Canadians does not apply if it receives the information from a foreign partner. CSE could not provide the CSE Commissioner with details on how often this occurs.[25]
The documents confirm what we have suspected since the original release of the Snowden documents, and the subject of the BCCLA’s litigation: CSE had programs in place for the bulk collection of metadata relating to telephone and internet traffic, much like the programs operated by the National Security Agency in the United States. A secret report from the CSE Commissioner dated 2015 confirmed that “CSE may acquire “bulk” or “unselected” metadata at all SIGINT collection apertures for all telecommunications events”[26][emphasis added]. Those “SIGINT collection apertures” most likely include CSE surveillance posts located in or near internet backbones leading in and out of Canada.
In practice, this likely means that CSE has records of Canadians’ use of websites or apps based outside of Canada, including Google, Facebook, Instagram, YouTube, Tiktok, Twitter, and more, along with their calls, emails, or instant messages to people living outside Canada. Even the metadata of domestic telecommunications can be subject to collection, as a large percentage of Canada-to-Canada internet traffic crosses the Canadian border during its travels.
The 2015 report noted that “CSE’s collection posture has strengthened” since the last report on metadata in 2008.[27] It is likely that trend has continued, meaning the amount of data collected and sources it is collected from have increased since 2015.
4. CSE’s cybersecurity mandate gives it the authority to access Canadians’ personal information from within other government agencies
As the documents were produced via the BCCLA’s lawsuit over surveillance, most of the documents are focused on CSE’s SIGINT mandate. However, there are some interesting glimpses into CSE’s cybersecurity mandate provided in both policy documents and in a series of MOUs between CSE and various government agencies.
For example, a MOU with DFAIT, dated November 2012, allows CSE to “perform computer and network monitoring and related analysis”.[28] The MOU goes on to say that private communications will be intercepted by CSE, and that CSE may share any information that is identified as being relevant to CSE’s cybersecurity mandate, and thus comes under its “control”, with Five Eyes partners.[29]
5. CSE shared information potentially relating to Canadians with other government agencies and other countries, and developed a system to share bulk metadata collected by CSE with Five Eyes partners
CSE shared the information it collected with a variety of other government agencies. One example is shown in a MOU between CSE and CRA. Under that MOU, CSE provided CRA with access to SIGINT end-product reports to investigate terrorism financing and prevent terrorist organizations from obtaining charitable status.[30] Under the MOU, CRA had to notify CSE before taking any actions or initiating any proceedings based on information obtained from CSE, presumably to prevent the targets from learning about CSE’s techniques and information sharing.[31]
CSE had a similar MOU with Health Canada, noting that agency’s responsibilities for maintaining pandemic preparedness, and for responding to nuclear accidents or terrorist attacks. Like the MOU with CRA, the Health Canada MOU required Health Canada to notify CSE before taking actions based on information obtained from CSE.[32]
The Ministerial Directive on Metadata directs CSE to share the metadata it collects “with international allies to maximize its mandate activities […] and strengthen Canada’s partnerships abroad.”[33] However, when CSE shares information about Canadian persons with Five Eyes partners or other countries, information about Canadians must be “suppressed” or, in the case of metadata, “minimized”. [34]
A report from the CSE Commissioner in 2015 shows that CSE went beyond simply sharing information. It created an automated sharing system that allowed Five Eyes partners to search CSE’s collection of telephone and internet metadata.[35]
6. CSE violated law for five years by failing to minimize Canadian information shared with Five Eyes partners
As outlined above, under the Ministerial Directive on Metadata, CSE has the authority to share metadata with allied countries’ intelligence agencies as long as any information about people in Canada is “minimized” to remove any identifying information about the Canadian person.
A letter from the CSE Commissioner dated October 5, 2015, shows that information about Canadians was routinely shared with Five Eyes partners for five years without the data being properly minimized. When sharing telephone metadata, CSE “failed to ensure” its systems were properly minimizing information identifying Canadian persons, resulting in Canadian information being shared. When allowing Five Eyes partners to search its collection of internet metadata, CSE failed to properly exclude search terms relating to Canadian persons. It shared results that included internet protocol (IP) addresses, which are considered personally identifiable information. [36]
The report found that CSE had violated Canadian law, including the NDA and the Privacy Act, and that CSE “failed to act with due diligence”. CSE was not able to provide the CSE Commissioner with details showing the scope of the privacy violations resulting from the unauthorized sharing.[37]The unauthorized sharing of Canadian information continued from 2009, when the automated sharing system was established, to spring 2014, when CSE suspended its programs for sharing telephone and internet metadata with its Five Eyes partners.[38]
7. CSE prioritized its relationships with other intelligence agencies over the privacy and safety of Canadians
CSE places a heavy emphasis on developing and maintaining its relationships with other intelligence agencies, particularly the Five Eyes agencies. The documents show how this plays out in CSE policy and operations, and how efforts to maintain these relationships often come before CSE’s duty to protect the privacy of Canadians.
CSE’s prioritization of relationships with foreign partners can be seen in its approach to the 2011 Ministerial Directive providing a “Framework for Addressing Risks in Sharing Information with Foreign Entities” (the “Mistreatment MD”). The Mistreatment MD is a guide for making decisions about sharing information with a foreign government when the information creates a “substantial risk of mistreatment” of the subject of the information.[39] “Mistreatment” is defined by the Mistreatment MD as “torture or other cruel, inhuman, or degrading treatment or punishment”.[40]
CSE grades the risk of mistreatment according to a scale from Low Risk, when mistreatment is unlikely, to Speculative Risk, when the intended recipient has “a questionable human rights record” or there are “concerns about the recipient’s adherence to the**** Convention Against Torture,” to Substantial Risk if there is a “personal, present, and foreseeable risk of mistreatment”. A Substantial Risk can be mitigated by restrictions on the use of the information, assurances there will be no mistreatment, or further suppressing information so it is less likely to lead to mistreatment. [41]
Five Eyes countries have agreements for information sharing in place with CSE that set out how they will use the information shared, and are deemed “safe” for the purposes of the Mistreatment MD. The Five Eyes partners’ rules, such as NSA’s “strict policies that limit access to non-minimized raw traffic”, are cited by CSE as providing “confidence that partners are safeguarding the privacy of Canadians”.[42]
The CSE must conduct a Mistreatment Risk Assessment before sharing information with non-Five Eyes countries.[43] Sharing with those countries can also be limited based on those countries’ privacy safeguards and policies.[44] The CSE also makes sure that a “mention of mutual respect for privacy concerns be stated wherever appropriate in future agreements and shared policies”.
CSE asks Five Eyes countries to report monthly on measures meant to protect the privacy of Canadians whose information is shared with them. However, CSE states that it would not penalize second party countries for failing to comply with those safeguards, because doing so would “have a significant negative effect on [CSE].”[45] The CSE Commissioner recommended that CSE at least collect statistics on the number of Canadians’ private communications accessed by second parties, but CSE refused even this basic measure:
“The proposed requirement to have Second Parties expand their reporting to [CSE] to include statistics on recognized private communications would likely have a similar negative effect on [CSE], in that it would become too onerous for Second Parties to do business with [CSE] (given that this requirement would have to apply to all [CSE] collection programs). There are limits on partnership commitments.”
Despite the limited “partnership commitments” from Five Eyes partners, CSE is aware that Five Eyes countries “may derogate from the agreements, if it is judged necessary for their respective national interests.”[46] The documents show CSE and its Five Eyes partners do not “seek or share evidence from each other to demonstrate that these rules are in fact being followed.”[47]
The CSE acknowledged to the CSE Commissioner that, “[t]he sanction for not complying with these measures is the ability to restrict the sharing of further information.”[48] The documents show this is not a step CSE was willing to take. As CSE told the CSE Commissioner, “there are limits to what any country can require of another”.
The documents in this collection demonstrate that the facts alleged by the BCCLA in its lawsuit were correct: CSE operates bulk metadata surveillance programs that collect and share information about Canadians with government clients and foreign intelligence agencies. What was truly shocking is how hard CSE pushes up against the edge of legality, and pushes back against even the most reasonable regulation and oversight.
The findings above are just the tip of the iceberg. We encourage journalists, academics, watchdogs, advocates, and the general public to dig into the documents and help us see what else can be found. We hope you’ll share your findings with the public, collaborate with each other, and reach out to us if you think you’ve found something we missed.
The BCCLA was represented by David Martin of Martin & Associates, Sebastian Ennis of Iris Legal, and Neil Abraham of Olthuis van Ert. The BCCLA was also represented by Joseph Arvay, O.C., O.B.C., Q.C.
Bill Robinson and Greg McMullen served as experts on the case. Due to the scope and duration of this litigation, it is not possible to give credit to all those who participated but the BCCLA is extremely grateful to everyone who contributed.
Index and Glossary of CSE Glossary of Terms:
Please note that this glossary is a work in progress and not intended as a formal dictionary.
Indexed Secret Spying Documents:
Please note, to view these documents, click the link and download the file (rather than viewing in a browser) as they are in a portfolio file structure.
AGC 0001_0035 AGC 0036_0100 AGC 0101_0150 AGC 0151_0182 AGC 0183_0225 AGC 0226_0260 AGC 0261_0294
[1] AGC0017
[2] AGC0021
[3] AGC0081
[4] AGC0148
[5] AGC0116
[6] AGC0149
[7] AGC0165
[8] AGC0120 and AGC0150
[9] AGC0147
[10] AGC0177
[11] AGC0156
[12] AGC0164
[13] AGC0128
[14] AGC0001-10, AGC0013-4, AGC0027, AGC0038, AGC0158, and AGC0282
[15] AGC0070, AGC0194, and AGC0236-7
[16] AGC0261
[17] AGC0166 and AGC0278
[18] Criminal Code, s 183
[19] AGC0241 at p 13 (p 8 of Report)
[20] NDA,s 273.64(1)(a)
[21] NDA,s 273.64(1)(b)
[22] AGC0157 at p 9
[23] AGC0157 at p 9
[24] AGC0157 at p 14
[25] AGC0166 at p 25.
[26] AGC0278 at p 15
[27] AGC0278 at p 31
[28] AGC0120 at p 2
[29] AGC0120 at p 3
[30] AGC0148
[31] AGC0148 at p 2
[32] AGC0147
[33] AGC0017
[34] AGC0157 at p 9.
[35] AGC0281
[36] AGC0281
[37] AGC0281
[38] AGC0281
[39] AGC0081
[40] AGC0081 at p 2
[41] AGC0266 at p 10-11
[42] AGC0166 at p 13, fn 17
[43] AGC0168 at p 10
[44] AGC0166 at p 13, fn 17
[45] AGC0166 at p 12, fn 16
[46] AGC0166 at p 18
[47] AGC0166 at p 29
[48] AGC0166 at p 13, fn 17