CSEC's activities related to the collection of foreign signals intelligence and to the protection of electronic information and information infrastructures of importance to the Government of Canada are subject to three legislative limitations aimed at protecting Canadians' privacy:
Private Communication: "any oral communication, or any telecommunication, that is made by an originator who is in Canada or is intended by the originator to be received by a person who is in Canada and that is made under circumstances in which it is reasonable for the originator to expect that it will not be intercepted by any person other than the person intended by the originator to receive it, and includes any radio-based telephone communication that is treated electronically or otherwise for the purpose of preventing intelligible reception by any person other than the person intended by the originator to receive it" (section 183 of the Criminal Code).
When CSEC is conducting activities to acquire foreign signals intelligence, it cannot know beforehand with whom a targeted foreign entity outside Canada may communicate. Similarly, when CSEC is conducting activities to help protect Government of Canada computer systems, it cannot know beforehand who may communicate with or through that computer system. Given the complexity and interconnectedness of the global information infrastructure, it is unavoidable that CSEC will intercept a number of private communications. It is for this reason that CSEC requires a ministerial authorization for these activities — to shield itself from the Criminal Code in cases where it may unintentionally intercept a communication coming to or originating from Canada and where a person has an expectation of privacy. CSEC's ministerial authorizations relate to an "activity" or "class of activities" specified in the authorizations — that is, to a specific method of acquiring foreign signals intelligence or of protecting computer systems (the how); the authorizations do not relate to a specific individual or subject (the whom or the what).
Ministerial authorization: authorization provided in writing by the Minister of National Defence to CSEC so that CSEC is not in contravention of the Criminal Code if — in the conduct of foreign signals intelligence collection or IT security activities — it should unintentionally intercept a private communication. An authorization can be in effect for no longer than one year. In 2011–2012, there were six foreign signals intelligence collection and two IT security ministerial authorizations in effect.
To issue a ministerial authorization for foreign signals intelligence collection, the Minister must first be satisfied that:
To issue a ministerial authorization to protect the computer systems or networks of the Government of Canada, the Minister must be satisfied that:
Each year, I review all of CSEC's ministerial authorizations — which may be in effect for a period of no longer than one year — to ensure that the activities are authorized and that the above conditions for authorization are met. I report to the Minister of National Defence on my review.
For CSEC to provide assistance to federal law enforcement and security agencies in fulfilling their mandated activities, the National Defence Act requires that those agencies first demonstrate that they have the legal authority — such as an authorization or a warrant — to conduct the activities. CSEC is then subject to the same laws and limitations that govern the agencies it is assisting rather than to the three legislative limitations listed above. In addition, ministerial authorizations do not apply to these activities.