The Year in Review

Review activities and highlights

Workplan

A regularly updated three-year workplan guides my office's review program. This plan, which I approve, is driven in part by my staff's extensive knowledge of CSE's activities. It gives priority to reviewing those activities where the risks to the privacy of Canadians are believed highest.

Methodology

My staff has access to all the CSE premises, documents, files and personnel required to carry out reviews. They conduct thorough file and document reviews, interview CSE officials and carry out a variety of checks and tests to determine whether CSE has carried out its activities lawfully and has appropriately protected the privacy of Canadians. It is important to note that these reviews are normally carried out after the fact, in order not to intervene, without cause, in CSE's activities and operations while they are being conducted.

When a review is completed, I provide a classified report to the Minister of National Defence.[5] Each report provides the Minister with my opinion on the lawfulness of the activities reviewed and includes any recommendations that I consider to be appropriate in the circumstances. Such recommendations generally address shortcomings in CSE's policies, procedures or practices that, if not corrected, increase the risk that unlawful activity might occur. In this, as in so many other cases, I am firmly convinced that an ounce of prevention is worth a pound of cure.

Reviews undertaken

In 2005–2006, my office completed a total of seven reviews. Six reviews were of CSE activities carried out under ministerial authorization. One of these six dealt with foreign intelligence collection, and five involved information technology security (ITS) operations. I also submitted a classified report to the Minister on a subject related to my general mandate to review the activities of CSE to ensure they are in compliance with the law. None of my seven reviews of CSE activities completed in 2005–2006 reported unlawful conduct.

Legal interpretations

With respect to my reviews of CSE activities carried out under ministerial authorization, I note that I concluded on their lawfulness in light of the Department of Justice interpretation of the applicable legislative provisions. I have pointed out elsewhere that there are ambiguities in the legislation as now drafted, a view that I share with my predecessor, the Hon. Claude Bisson, O.C., a former Chief Justice of Quebec. Currently, two eminent lawyers, the Deputy Minister of Justice and my independent Legal Counsel disagree over the meaning of key provisions that influence the nature of the assurance that I can provide. This underlines the importance of seizing the next opportunity to make statutory amendments.

Review highlights

Findings from my recent reviews of foreign intelligence collection under ministerial authorization have drawn my attention to the process CSE uses to translate approved government intelligence priorities into targeting specific foreign entities. I believe it should be possible to identify a clear linkage between the government intelligence priorities, the foreign entities targeted and the activity or class of activities for which ministerial authorization is needed.

However, reviews completed by my office, including the most recent one, have shown that supporting documentation provided by CSE as part of requests for the Minister's authorization address the underlying foreign intelligence requirements only in general terms. The lack of clarity in this regard has made it difficult for my staff to assess compliance with certain of the conditions that the legislation requires to be satisfied before a ministerial authorization is given. I have offered specific recommendations to the Minister and CSE for strengthening the process.

I provided a single integrated report to the Minister on the five reviews of ITS activities carried out by CSE under ministerial authorizations. As in previous reports, I set out in this report my continuing concern with CSE's record-keeping practices. I recognize that CSE is taking steps to improve its corporate records management practices in general. The authority to intrude on the privacy of Canadians in the course of protecting the government's computer systems and networks under an ITS ministerial authorization is a sensitive matter. CSE has acknowledged its responsibility to be able to record and account for such intrusions. I believe that CSE ought to give prompt attention to improving record-keeping practices in this regard, and I have asked my staff to monitor this issue closely in future reviews.

Under my general mandate to review the activities of CSE to ensure they comply with the law, I examined CSE's foreign intelligence collection activities directed at countering the threat posed by the proliferation of weapons of mass destruction and their delivery systems. Following the terrorist attacks in the U.S. in 2001, CSE enhanced its activities in the counter-proliferation area. It sends reports, based on the intelligence it collects and analyses, to Government of Canada clients and to allied agencies.

In June 2005 I provided the Minister with a classified report setting out the findings of this review. The CSE activities I reviewed complied with the law. The review identified, however, areas of policy weakness and, in one instance, a need to reconcile policy and practice. CSE accepted my recommendations, though in some cases with modifications, which they explained to me.

2005–2006 findings

In accordance with well-established practice, in each Annual Report I summarize my findings about the lawfulness of CSE's activities based on the reviews my office has completed in the past year. I am able to report that the CSE activities examined during the period under review complied with the law as it is currently interpreted by the Department of Justice, and I am satisfied that CSE lawfully used and retained the intercepted private communications that were examined by my office in 2005–2006.

Complaints about CSE activities

In addition to setting out my review mandate, the National Defence Act also requires me, in response to a complaint, to undertake any investigation I consider necessary to determine whether CSE engaged, or is engaging in unlawful activity. Complaints may be submitted by Canadians who believe that CSE has acted unlawfully in the performance of its duties. Until this past year, the Commissioner's office had received no complaints that required formal investigation.

There were again a limited number of complaints in 2005–2006 and, with one exception, they were not within my mandate. The one complaint received that both fell within my mandate and required investigation was still under investigation at the end of this reporting year. I anticipate that the investigation will be completed in spring 2006, after which I will report my findings to the Minister.

Duties under the Security of Information Act

The Security of Information Act establishes a process that persons permanently bound to secrecy under the Act must follow if they wish to claim a "public interest" defence for divulging classified information. For classified information about CSE, the CSE Commissioner is part of the process (see Annex A). No such matters were referred to me in 2005–2006.[6]

---

[5] Annex B lists all classified reports produced by the CSE Commissioner since 1996, when this office was established.

[6] My website at http://ocsec-bccst.gc.ca provides an overview of my office's processes for handling complaints under the National Defence Act and for concerns raised pursuant to the Security of Information Act.