Highlights of the Six Classified Reports Submitted to the Minister in 2013—2014
1. Review of CSEC foreign signals intelligence information sharing with international partners
CSEC's ability to fulfill its foreign signals intelligence collection and IT security mandates rests, in part, on building and maintaining productive relations with its foreign counterparts. CSEC's long-standing relationships with its closest allies – the U.S. National Security Agency, the U.K. Government Communications Headquarters, the Australian Signals Directorate and the New Zealand Government Communications Security Bureau – continue to benefit CSEC, and, in turn, the Government of Canada. This cooperative alliance may be more valuable to Canada now than at any other time, in the context of increasingly complex technological challenges added to dynamic international affairs and threat environments. Canada is a net importer of intelligence; the amount of foreign signals intelligence CSEC receives from the Second Parties is extensive.
The global nature of today's threats requires security and intelligence agencies to cooperate and share information with one another. The Government of Canada's response to the report of the Standing Committee on Public Safety and National Security, Review of the Findings and Recommendations Arising from the Iacobucci and O'Connor Inquiries, recognized that:
the exchange of information with foreign partners raises unique challenges – policy, legal and operational – that are examined on a case-by-case basis in the context of Canada's national security environment. The cumulative result of successive commissions of inquiry, reports and lessons learned has been the refinement of policies and practices surrounding the exchange of information between foreign partners and Canada's national security and intelligence and law enforcement communities.
The need for information sharing is vital. However, information must be exchanged in compliance with the law, including the Charter, and must include sufficient measures to protect the privacy of Canadians.
The Five Eyes foreign signals intelligence alliance evolved from collaboration during the Second World War. Long-standing agreements and present-day resolutions provide the foundation for CSEC foreign signals intelligence information sharing with the Second Parties. Although these cooperative arrangements include a commitment by the partners to respect the privacy of each other's citizens, it is recognized that each partner is an agency of a sovereign nation that may derogate from the agreements and resolutions, if it is judged necessary for their respective national interests.
This was the first review focused exclusively on CSEC foreign signals intelligence information sharing activities with the Second Parties. In the first part of the review, which was summarized in his 2011—2012 public annual report, former Commissioner Décary found that CSEC has substantial controls and measures in place to help ensure that its foreign signals intelligence information sharing with the Second Parties is lawful and protects the privacy of Canadians.
The second part of the review focused on two questions:
- How does CSEC assure itself that its international partners follow the long-standing agreements and practices that provide a foundation for CSEC's foreign signals intelligence information sharing?
- How many private communications and what volume of information about Canadians does CSEC share with and receive from the Second Parties?
Commissioner Décary assessed CSEC activities in the context of the limitations in the National Defence Act for the protection of the privacy of Canadians, that is, CSEC foreign signals intelligence activities "shall not be directed at Canadians or any person in Canada" (paragraph 273.64(2)(a) of the National Defence Act) and "shall be subject to measures to protect the privacy of Canadians in the use and retention of intercepted information" (paragraph 273.64(2)(b) of the Act). He examined the legislative framework for CSEC's provision to and receipt from the Second Parties of intercepted communications and other foreign signals intelligence information, particularly private communications and information about Canadians. He also examined CSEC's due diligence respecting its sharing activities, for example, to see whether CSEC takes all reasonable steps to confirm that the Second Parties treat Canadians' privacy consistent with the laws of Canada and the privacy protections applied by CSEC.
Findings and recommendations
Commissioner Décary's review resulted in two recommendations to support the Minister of National Defence in his accountability for CSEC and to provide additional measures to protect the privacy of Canadians.
The first recommendation related to the first question about how CSEC assures itself that its second party partners follow the long-standing agreements and practices, including the protection of the privacy of Canadians.
The allies recognize each other's sovereignty and respect each other's laws by pledging not to target one another's communications. Consequently, CSEC policies and procedures state that collection activities are not to be directed at second party nationals located anywhere, or against anyone located in second party territory. Document review, discussions in interviews and written answers suggest that CSEC conducts its foreign signals intelligence activities in a manner that is consistent with the agreements it has with its second party partners to respect the privacy of the partners' citizens, and to follow the partners' policies in this regard.
CSEC trusts that its second party partners will follow the general statements found in the agreements signed among the Second Parties and similarly not direct activities at Canadians or persons in Canada. However, Commissioner Décary was unable to assess the extent to which CSEC's second party partners follow the agreements and protect the private communications and information about Canadians in what CSEC shares with the partners. CSEC does not as a matter of general practice seek evidence to demonstrate that these principles are in fact being followed.
While CSEC uses indicators that it believes provide sufficient assurance that the Second Parties are honouring their arrangements, it did not initially demonstrate knowledge or provide evidence of how its second party partners treat information relating to Canadians. During the conduct of this review, CSEC declined to provide the Commissioner's office with a description of or a copy of relevant extracts of second party policies on the handling of this information. CSEC also declined at that time to identify for the Commissioner's office any specific differences – large or small – between respective partners' laws, policies and practices and how this may affect the partners' protection of the privacy of Canadians. CSEC suggested at that time that review of second party authorities and activities pertain to the Second Parties and not to the lawfulness of CSEC activities and these questions were therefore outside of the Commissioner's mandate.
As a result, Commissioner Décary recommended that the Minister of National Defence issue a new ministerial directive to provide general direction to CSEC on foreign signals intelligence information sharing activities and to set out expectations for the protection of the privacy of Canadians in the conduct of those activities. Commissioner Décary recommended that the drafting of this new directive be informed by an in-depth analysis of the potential impact of respective national differences in legal and policy authorities on CSEC compliance with the law and the protection of the privacy of Canadians, that is, a risk assessment. He recognized that such a risk assessment is not a trivial undertaking, would take time, and would require the cooperation of the Second Parties.
Subsequent to Commissioner Décary sending his classified report to the Minister of National Defence, the new Chief of CSEC, Mr. John Forster, re-examined CSEC's initial position, sought permission from second party partners, and provided the Commissioner's office with detailed documentation relating to respective second party policies and procedures on the treatment of information about Canadians. This is one example of Chief Forster's positive leadership to promote increased transparency of CSEC activities and to support review by my office. The second party policies contain comprehensive guidance directing their respective employees to protect and treat information about Canadians in a manner comparable to CSEC's approach.
However, in light of recent controversies in some second party countries, including about alleged domestic spying by their foreign signals intelligence agencies, I remain in agreement with Commissioner Décary that a risk assessment is essential. My office and I continue to follow developments in second party countries closely.
To formalize and strengthen practices for addressing potential privacy concerns involving second party partners, the new ministerial directive should explicitly acknowledge the risks associated with the fact that the information CSE shares with the Second Parties may include the communications of Canadians and information about Canadians, and that CSEC cannot demand, for reasons of sovereignty, that its second party partners account for any use of such information.
Commissioner Décary went beyond the basic scope of this review and recommended that the new directive address IT security information sharing with the Second Parties, as well as foreign signals intelligence information sharing.
Commissioner Décary's second recommendation related to private communications and the volume of information about Canadians CSEC shares with and receives from the Second Parties.
The unintentional interception of a private communication by CSEC is a different situation than the unintentional acquisition by CSEC from a second party source of a one-end Canadian communication.
The National Defence Act allows the Minister of National Defence to give CSEC written ministerial authorization to not be held criminally responsible if, during an authorized act of collecting foreign signals intelligence, private communications are unintentionally intercepted. The law specifies the conditions under which a ministerial authorization can be issued. Without the ministerial authorization regime, CSEC would be prohibited under the Criminal Code from intercepting the communications of a targeted foreign entity located outside Canada that was in contact with a Canadian or person in Canada.
The 2001 amendments to the National Defence Act established the ministerial authorizations regime. Ministerial authorizations allow CSEC to direct its activities at foreign entities abroad, for the sole purpose of providing foreign signals intelligence in accordance with the Government of Canada's intelligence priorities, even if doing so risks the unintentional interception of private communications of Canadians. By means of a ministerial authorization, the Minister of National Defence may authorize CSEC to conduct activities that risk the interception of private communications, as long as CSEC has met relevant criteria outlined in the National Defence Act (for example, by directing collection at foreign entities located outside Canada and implementing measures to protect the privacy of Canadians with respect to the use or retention of private communications unintentionally intercepted). Foreign signals interception activities conducted under a ministerial authorization must satisfy conditions stated in subsection 273.65(2) of the National Defence Act, and may also be subject to additional measures that the Minister of National Defence considers advisable. For example, to protect the privacy of Canadians, pursuant to subsection 273.65(5) of the Act, a ministerial authorization may require CSEC to report certain information to the Minister.
The requirements in ministerial authorizations apply only to interceptions conducted by CSEC under CSEC authorities using CSEC's own capabilities. The ministerial authorization regime is a Canadian instrument and applies to CSEC; it has no application to the Second Parties or to their respective sovereign regimes, since those parties treat information according to their own domestic authorities. Ministerial authorizations cover CSEC's unintentional interception of private communications, not CSEC's acquisition of foreign signals intelligence from second party sources. Such sharing is implicitly authorized under part (a) of CSEC's mandate [paragraph 273.64(1)(a) of the National Defence Act].
CSEC is prohibited from requesting an international partner to undertake activities that CSEC itself is legally prohibited from conducting. My reviews examine CSEC cooperation with its allies to ensure compliance with the law.
As a result, CSEC has not reported to the Minister of National Defence details, for example, regarding communications involving Canadians or information about Canadians that have been shared by its second party partners. Therefore, to support the Minister of National Defence in his accountability for CSEC and as an additional measure to protect the privacy of Canadians, Commissioner Décary recommended that CSEC report such details to the Minister on an annual basis.
Strong arguments can be made that a Canadian's expectation of privacy in her or his communications would be at least the same if not greater whether the communications are unintentionally intercepted and recognized by CSEC itself or are unintentionally acquired by a second party partner and shared with CSEC.
Regularly reporting to the Minister of National Defence a wider range of statistical information relating to information shared with the Second Parties, in a manner similar to the existing ministerial authorization statistics, would support the Minister in his accountability for CSEC. This would make the Minister aware of the extent of such information relating to Canadians and thereby supplement existing measures to protect the privacy of Canadians.
Information sharing with CSEC's second party partners is an essential component of CSEC's foreign signals intelligence collection and other activities. It is also a fact that each of the Second Parties, as a sovereign nation, can derogate from agreements made with CSEC as dictated by their own national interests. Attempting to prescribe in agreements or policies all details and to anticipate all eventualities respecting CSEC foreign signals intelligence information sharing with the Second Parties is not reasonable.
However, CSEC foreign signals intelligence information sharing activities with the Second Parties has the potential to directly affect the privacy and security of a Canadian when private communications or identity information is shared. Precision and accuracy of language in exchanges of information can be critical and affect outcomes, including how individuals are treated. That is why this review resulted in two recommendations to support the Minister of National Defence in his accountability for CSEC and to provide additional measures to protect the privacy of Canadians. The Minister of National Defence accepted and CSEC is working to address the two recommendations on a new ministerial directive on sharing and on reporting details to the Minister regarding communications involving Canadians or information about Canadians that have been shared by its Second Party partners. My office and I will monitor developments.
I will continue to examine the controls in place and measures taken by CSEC to help ensure that its foreign signals intelligence information sharing with the Second Parties is lawful and protects the privacy of Canadians in the conduct of future reviews.
In addition, this review provided the Commissioner's office with background information on CSEC disclosures of Canadian identity information to second party partners. Starting this year, I included disclosures of Canadian identities to second party partners in an expanded annual review.
I will also continue to include privacy incidents involving the second party partners in my annual review of the incidents identified by CSEC.
In the coming months, I will explore options to cooperate with review bodies of second party countries to examine information sharing activities among respective intelligence agencies and to verify the application of respective policies. A number of Canadian and international academics have referred to an accountability gap concerning an absence of international cooperation among review bodies. These researchers suggest that growing international intelligence cooperation should be matched by growing international cooperation between review bodies. I will examine opportunities for cooperation.
This review was started by my predecessor and completed under my authority. The purpose of the review was to acquire detailed knowledge of CSEC's Office of Counter Terrorism (OCT) and to assess any changes to its activities since the last in-depth review was completed in 2007. I examined a sample of recent OCT activities to determine whether the activities complied with the law and the extent to which CSEC protected the privacy of Canadians.
Another specific objective was to follow up on matters raised in a review of certain foreign signals intelligence activities, summarized in Commissioner Décary's report of last year. The purpose of this aspect of the review was to determine whether developments in CSEC policies and procedures since the period previously under review have resulted in an improvement in the clarity of language in CSEC information exchanges with partners, and CSIS in particular.
The OCT was established in October 2001, in the aftermath of the events of September 11, to centralize CSEC foreign signals intelligence efforts relating to international terrorism threats. OCT operational activities involve acquiring and using information from the global information infrastructure for the purpose of providing foreign intelligence relating to terrorism, and providing technical and operational assistance to federal law enforcement and security agencies in the performance of their lawful duties to investigate terrorism. The OCT collaborates closely with CSIS and the Royal Canadian Mounted Police and with CSEC's second party partners. The OCT may also support the government's response to critical incidents such as a Canadian being taken hostage abroad.
Findings and recommendations
OCT activities are subject to the same legal requirements to protect the privacy of Canadians that apply to all CSEC activities. CSEC has sufficient policies and processes to satisfy the legal requirement not to direct its OCT activities at a Canadian wherever he or she may be or at any person in Canada. OCT employees demonstrated knowledge of policy and practices aimed at ensuring compliance with the law and privacy protection, and managers routinely monitored the activities for compliance.
I found that a sample of metadata activities involving information about Canadians conducted by the OCT was generally conducted in compliance with operational policy. I did, however, find that parts of CSEC policy related to this metadata activity did not reflect standard practices. I recommended that CSEC modify its policy for these activities to reflect its current practices, specifically for record keeping. I will pursue examination of this issue as part of my ongoing review of CSEC foreign signals intelligence and IT security activities that may use metadata.
I also recommended that CSEC promulgate written guidance to formalize and strengthen existing practices for addressing potential privacy concerns with Second Party partners. Although CSEC cooperative arrangements include a commitment by the partners to respect the privacy of each other's citizens, it is recognized that each partner is an agency of a sovereign nation that may derogate from the arrangements, if it is judged necessary for their respective national interests.
Since the 2007 review of the OCT, CSEC has promulgated new guidance and introduced a new process for recording information exchanges between itself and federal law enforcement and security agencies. This procedural change is significant and will promote clarity of language in such information exchanges. As a result, I concluded that CSEC addressed the recommendation in my predecessor's review of certain foreign signals intelligence activitiesrespecting clarity of language. The OCT materials reviewed raised no concerns such as those encountered in my predecessor's review reported last year; the information exchanges were clear and unambiguous.
While I made two recommendations to the Minister of National Defence to strengthen CSEC policy, I found that the OCT activities were conducted in compliance with the law and ministerial direction. The Minister of National Defence accepted and CSEC is working to address the two recommendations by promulgating new and updated operational policy guidance to address the issues identified in the recommendations. My office and I will monitor developments.
This study was started by my predecessor and completed under my authority. Policy compliance monitoring is a long-standing program internal to CSEC that assists it in ensuring and demonstrating that its foreign signals intelligence and IT security operational activities comply with the law, ministerial requirements and policy, including protecting the privacy of Canadians. Policy compliance monitoring may identify areas of possible concern, but also has an educational role within CSEC. This was the first comprehensive study of CSEC policy compliance monitoring activities since a 2009 audit by CSEC internal auditors resulted in CSEC changing a number of its related policy framework and activities. A central finding of the 2009 audit was that some supervisors in operational areas believed the direction in CSEC policy was not sufficiently clear.
Records of CSEC monitoring activities inform my reviews by demonstrating CSEC efforts to ensure compliance. Commissioners have emphasized the importance of a robust policy compliance monitoring framework and activities. For example, in his February 25, 2011, Review of CSEC's Activities Under Foreign Intelligence Ministerial Authorizations, Commissioner Décary recommended that "given the importance to helping to ensure compliance and the protection of privacy, CSEC should accelerate the timeline for implementation of an improved foreign signals intelligence Active Monitoring Program."
The objectives of the study were:
- to acquire detailed knowledge of and to document CSEC's new monitoring framework and how related activities contribute to CSEC compliance and privacy protection;
- to observe the level of awareness among foreign signals intelligence and IT security operational managers and employees of the policy framework and activities;
- to use the knowledge gleaned to inform my standard criteria and methodology used for reviews, namely how to assess whether CSEC has an effective management control system; and
- to identify any issues that may require follow-up.
Since the 2009 audit, CSEC has promulgated comprehensive policy and procedures that clearly define the roles and responsibilities for those involved in policy compliance monitoring. The new guidance contains detailed and specific requirements and activities for monitoring under seven themes: data handling; reporting; retention and disposition; collection management; information management; conditions of ministerial authorizations; and dissemination.
I found a rigorous approach to policy compliance monitoring based on document reviews, interviews with CSEC operational managers and employees, and with those employees in the foreign signals intelligence and IT security program areas that are dedicated and responsible for compliance and oversight of operational activities. The direction on monitoring is clear and comprehensive and is being followed. Monitoring activities are now part of CSEC's day-to-day activities. Both the foreign signals intelligence and IT security program areas have incorporated mandatory policy awareness and policy knowledge tests for employees into their compliance monitoring programs. In addition, requirements for policy compliance monitoring are being built into new or updated CSEC tools and systems.
One area that I identified for improvement is the establishment of consistent naming conventions for policy compliance monitoring records within CSEC's system of corporate records. This would help ensure the timely availability of these records to demonstrate CSEC efforts to ensure compliance with the law, ministerial requirements and policy.
Since the 2009 audit, CSEC foreign signals intelligence and IT security have taken significant measures to strengthen compliance by implementing a new framework for policy compliance monitoring and detailed operational instructions, training and testing, as well as a number of new related activities.
I will continue to assess and verify CSEC policy compliance monitoring activities in the conduct of reviews.
Why gather foreign signals intelligence?
CSEC collects foreign signals intelligence to help protect the security of Canada and of Canadians against, for example, foreign-based terrorism, foreign espionage, cyber attacks and kidnappings of Canadians abroad, as well as to support government decision making by providing a better understanding of global events. With the potential for invasion of the privacy of Canadians, are the risks involved in collecting foreign signals intelligence worth it? Parliamentarians thought so in 2001 when they passed amendments to the National Defence Act that provided a legislative basis for CSEC. But Parliamentarians also foresaw the danger of potential misuse of signals intelligence and explicitly required CSEC to target only foreign entities, not Canadians or individuals in Canada, and not Canadians abroad. Further, in drafting CSEC's governing legislation, Parliamentarians required CSEC to put in place measures to protect the privacy of Canadians, in particular, in the use and retention of intercepted information. Human error and overzealousness present other risks; Parliament chose to manage these risks by entrenching the office of the CSE Commissioner in the legislation to review CSEC activities to ensure that they are in compliance with the law, including the protection of the privacy of Canadians.
The National Defence Act allows the Minister of National Defence to give CSEC written ministerial authorization to conduct activities that risk the unintentional interception of private communications while collecting foreign signals intelligence. The law specifies the conditions under which a ministerial authorization can be issued. Ministerial authorizations relate to an "activity or class of activities" specified in the authorizations. This term is interpreted by Justice Canada as meaning a specific method of acquiring foreign signals intelligence (the how). The authorizations do not relate to a specific individual or subject (the whom or the what). (More information on ministerial authorizations as well as on the authorities for and limitations on CSEC activities are available on the office's website and CSEC website.)
The law also directs the CSE Commissioner to review activities carried out under a ministerial authorization and to report annually to the Minister of National Defence on the review. An annual combined review of the foreign signals intelligence ministerial authorizations is one way that I fulfill this part of my mandate. This year, I examined the three foreign signals intelligence ministerial authorizations in effect from December 1, 2012, to November 30, 2013, relating to three activities or classes of activities.
The purpose of this review was to: ensure that the activities conducted under the ministerial authorizations were authorized; identify any significant changes – for the year under review, compared with previous years – to the authorization documents themselves and to CSEC activities or class of activities described in the authorizations; assess the impact, if any, of the changes on the risk to
non-compliance and on the risk to privacy, and, as a result, identify any subjects requiring follow-up review; and examine private communications unintentionally intercepted by CSEC under these authorizations, for compliance with the law and the protection of the privacy of Canadians.
In past years as part of this annual review, Commissioners examined samples of unintentionally intercepted private communications. This year, I examined allof the 66 private communications unintentionally acquired by CSEC in the conduct of its foreign signals intelligence activities that CSEC used in reports or retained at the end of the 2012—2013 ministerial authorization period for use in future reporting. I examined all reports produced by CSEC in 2012—2013 containing information derived from private communications. For these 66 private communications, my employees tested the contents of CSEC systems and databases and listened to the intercepted voice recordings, read the written contents, or examined the associated transcripts of the communications. I also examined key metrics relating to interception, private communications and the privacy of Canadians.
Findings and recommendations
The 2012—2013 foreign signals intelligence ministerial authorizations were authorized, that is, they met the four conditions for authorization set out in the National Defence Act.
Conditions for authorization of foreign signals intelligence ministerial authorizations
The Minister of National Defence may only issue a [foreign signals intelligence] ministerial authorization [ ] if satisfied that
(a) the interception will be directed at foreign entities located outside Canada;
(b) the information to be obtained could not reasonably be obtained by other means;
(c) the expected foreign intelligence value of the information that would be derived from the interception justifies it; and
(d) satisfactory measures are in place to protect the privacy of Canadians and to ensure that private communications will only be used or retained if they are essential to international affairs, defence or security.
CSEC made significant changes to the format of its foreign signals intelligence ministerial authorizations in 2012—2013. As a result, collection that was formerly authorized under six ministerial authorizations in 2011—2012 was authorized under three ministerial authorizations in 2012—2013. I examined the changes to the documents, carefully comparing the contents to previous documents and evaluating CSEC's justification for the changes made to the documents. I had no questions about the changes. The new format resulted in documents that are more properly aligned with the purpose of the ministerial authorizations – that is, to shield CSEC from potential liability under Part VI of the Criminal Code in the event that CSEC unintentionally intercepts private communications as part of authorized foreign signals intelligence collection – and that are clear and comprehensive. It is important to note that reporting requirements to the Minister of National Defence did not change under the new ministerial authorizations.
I also examined changes to CSEC operational policies relating to the conduct of the activities under foreign signals intelligence ministerial authorizations. To ensure proper accountability for certain sensitive activities, I recommended that CSEC promulgate detailed guidance regarding the additional approvals required for these particular activities. I had no concerns about the other changes made by CSEC to its operational policies.
In 2012—2013, CSEC made some changes to the technology used for some of its foreign signals intelligence collection activities. I had no concerns about the changes and will examine any impact of the changes in subsequent in-depth reviews of the activities.
During the period under review, CSEC finalized and launched one tool (referred to in my predecessor's report of last year), and implemented another tool, both of which will assist CSEC analysts in correctly identifying and marking collected communications that might be private communications or contain information about Canadians. These markings are important because they determine how CSEC systems and databases treat, retain or delete the communications. The new tools should reduce the potential for human error. It remains, however, the analysts' responsibility to validate the results of these automated tools.
While CSEC made a significant change to how it counts the "collected communications" that it reports to the Minister of National Defence, CSEC is also continuing to use the same method as in previous years to count and report recognized private communications. This ensures the ability to make year-over-year comparisons of the overall number of collected communications and the number of unintentionally intercepted private communications.
Recognized private communications
Overall, in 2012—2013, the volume of communications collected through CSEC's foreign signals intelligence activities increased. However, the number of recognized private communications unintentionally intercepted and retained by CSEC was small enough that I could review each of them individually. At the end of the 2012—2013 ministerial authorization period, CSEC retained 66 of the recognized private communications that it collected. Of these, 41 private communications were used in CSEC reports (with any Canadian identities suppressed in the reports) and 25 were retained by CSEC for future use. All other recognized private communications unintentionally intercepted by CSEC were destroyed.
I found that all CSEC reports based on private communications contained foreign intelligence relating to international affairs, defence or security.
However, during my review I found instances where procedures relating to the identification of private communications were not followed correctly by CSEC employees. In one instance, a private communication was recognized but, contrary to policy, that communication was incorrectly marked for retention even though it had not been assessed as essential to international affairs, defence or security. In another situation, CSEC identified several private communications, but did not mark them for retention or deletion until several weeks after they were identified.
In addition, there were other instances of analysts retaining foreign intelligence private communications – in some cases, for several months – that had been, but no longer were, essential to international affairs, defence or security. In these cases, CSEC reminders to delete these communications were not actioned in a timely manner. However, these private communications were ultimately deleted prior to the end of the ministerial authorization period, on which reporting to the Minister of National Defence is based.
As a result of these examples, I made three recommendations. First, I recommended that CSEC analysts immediately identify recognized private communications for essentiality to international affairs, defence or security, as required by the National Defence Act, or, if not essential, for deletion. Second, I recommended that CSEC analysts regularly assess, at a minimum quarterly, whether the ongoing retention of a recognized private communication not yet used in a report is strictly necessary and remains essential to international affairs, defence or security or whether that private communication should be deleted. Third, I recommended that CSEC make available to the Minister of National Defence more comprehensive information regarding the number of collected communications and intercepted private communications that it acquires and retains throughout the period that a ministerial authorization remains in effect.
As a result of another example in which an analyst retained for some time private communications pending further guidance, I recommended that CSEC promulgate policy on the specific circumstances and handling of a particular type of communication.
Finally, I found that CSEC made further progress in implementing a recommendation from the 2010—2011 annual review of foreign signals intelligence ministerial authorizations to report to the Minister of National Defence certain information relating to privacy. My office and I will continue to monitor developments.
I found that all private communications that were recognized by CSEC were intercepted unintentionally. There was no intention on CSEC's part in collecting these communications with a Canadian end; the Canadian end was in all cases incidental to CSEC's intentional targeting of a foreign entity outside Canada (the foreign end).
The Minister of National Defence accepted and CSEC is working to address the five recommendations I made to promote compliance, strengthen privacy protection and support the Minister in his accountability for CSEC. CSEC has committed to issuing guidance for the approval of certain sensitive activities. CSEC indicated it will include more information in its 2013—2014 ministerial authorizations annual report on the number of private communications retained throughout the reporting year. CSEC has committed to enforcing the roles and responsibilities of analysts as identified in existing operational policies and procedures respecting the identification of private communications. CSEC has also committed to ensuring that all analysts review their retained private communications quarterly to assess whether the communications remain essential and should be retained or whether the communications should be deleted. Finally, CSEC has committed to developing and promulgating policy guidance on the specific circumstances and handling of a particular type of communication. My office and I will monitor developments.
5. Annual review of a sample of disclosures by CSEC of Canadian identity information to Government of Canada clients and second party partners
This is the fourth annual review of disclosures by CSEC of Canadian identity information from foreign signals intelligence reports to Government of Canada clients. For the first time, this review included a sample of disclosures to CSEC's second party partners, as well as disclosures through a Government of Canada client or second party partner to non-Five Eyes recipients. The review encompassed the period of July 1, 2012, to June 30, 2013.
The National Defence Act and the Privacy Act require CSEC to take measures to protect the privacy of Canadians, including personal information. Canadian identity information may be included in CSEC foreign signals intelligence reports if it is essential to understanding the intelligence. However, with some limited exceptions that are stated in CSEC policy, any information that identifies a Canadian must be suppressed in the reports – that is, replaced by a generic reference such as "a named Canadian." When receiving a subsequent request for disclosure of the details of the suppressed information, CSEC must verify that the requesting Government of Canada client or second party partner has both the authority and operational justification for obtaining the Canadian identity information. Only then may CSEC provide that information.
My office selected and examined a sample of approximately 20 percent of disclosure requests received by CSEC from all clients and partners during the period under review, associated end-product reports, and any associated disclosures of Canadian identity information. Denial of disclosures to Government of Canada clients and international partners were also examined.
I found that CSEC's disclosure of Canadian identity information from foreign signals intelligence reports to Government of Canada clients and second party partners complied with the law and with ministerial direction concerning the protection of the privacy of Canadians. CSEC effectively applied satisfactory measures to protect personal information and the privacy of Canadians in its disclosures.
Investigation by my office identified two privacy incidents pertaining to two Canadians mentioned in four reports. It appears that a second party partner unintentionally included Canadian identity information in the reports, that is, Canadian identity information was not initially suppressed in those reports as required by CSEC and second party policies. This is not to suggest that there was any deliberate non-compliance on the part of CSEC or of any of its partners; at that time, it was unknown that the individuals were Canadians. CSEC recorded the incidents in its Privacy Incidents File. I will be examining CSEC's responses to these incidents.
My office also identified and discussed with CSEC a number of minor instances where records of the disclosures were not in accordance with best practices. I will monitor these issues as part of future annual reviews of disclosures.
CSEC has comprehensive policies and procedures that guide its disclosure of Canadian identity information from foreign signals intelligence reports to Government of Canada clients. It is a positive development that CSEC is amending its policy guidance to provide further direction regarding disclosures to second party partners.
CSEC employees interviewed were fully knowledgeable about and complied with the policies and procedures, and CSEC managers routinely and closely monitored disclosures to ensure compliance and privacy protection.
It is a positive development that CSEC continues to give priority to the completion of the full automation of its information and records management processes for the disclosure of Canadian identity information from foreign signals intelligence reports.
My review did not result in any recommendations. CSEC conducted its activities in a thorough manner; all of the requests reviewed were authorized and justified.
Should there be an instance of non-compliance in CSEC disclosure of Canadian identity information, the potential impact on the privacy of Canadians could be significant. It is for this reason that I intend to continue to conduct an annual review of disclosures.
6. Annual review of incidents and procedural errors identified by CSEC in 2013 that affected or had the potential to affect the privacy of Canadians and measures taken by CSEC to address them
CSEC requires its foreign signals intelligence and IT security employees to report and document privacy incidents in order to demonstrate compliance with legal and ministerial requirements and CSEC policies, and to prevent further incidents. Incidents are documented in one of two files, depending on the severity. The Privacy Incidents File (PIF) is a record of CSEC incidents where privacy was breached. The Minor Procedural Errors Report (MPER) contains operational errors that occurred in connection with information relating to Canadians but that did not result in that information leaving the control of CSEC, or in that information being exposed to external recipients who ought not to have received it. The PIF and MPER are voluntary CSEC initiatives to record what CSEC defines as privacy incidents.
Every review I conduct of CSEC activities generally includes an examination of any privacy incident relating to the subject of the review. The annual review of the entire PIF and MPER focuses on incidents not examined in detail in the course of my other reviews. This is done to assure myself that CSEC took appropriate corrective actions for all privacy incidents it identified.
The objectives of this review were: to acquire knowledge of the incidents, procedural errors and subsequent CSEC actions to correct the incidents or mitigate the consequences; to inform development of my work plan by determining what privacy incidents, procedural errors and related activities, if any, may raise issues about compliance or the protection of the privacy of Canadians, and therefore should be subject to follow-up review; and to assist me in evaluating CSEC's policy compliance monitoring framework and related activities.
Findings and recommendation
Based on my review of CSEC records, CSEC answers during interviews and in response to written questions, as well as independent verification by my office of reports in a CSEC database, I am satisfied that CSEC took appropriate corrective actions in response to the procedural errors and privacy incidents it identified and recorded during 2013.
I found that the procedural errors were minor and none involved a breach of privacy.
Where privacy was breached, CSEC did not discover any adverse impact on the Canadian subjects.
CSEC has implemented or is working on certain remedial actions to prevent future privacy incidents similar to those identified. For example, CSEC created new guidance and is clarifying other policy to help prevent the unintentional naming of Canadians in CSEC reports. I will monitor the impact of the changes in future reviews.
One privacy incident resulted from the sharing of information between CSEC and CSIS. In his 2012—2013 review of certain foreign signals intelligence activities, my predecessor made a recommendation respecting clarity of language for when CSEC is sharing information with its Government of Canada partners. In my Review of the Activities of the CSEC Office of Counter Terrorism of this year, I discuss the implementation of a process introduced by CSEC that has helped prevent the use of imprecise and inconsistent language in CSEC exchanges of information with its Government of Canada partners. I accept CSEC's explanation of why a technical issue at the time of the privacy incident resulted in this particular exchange being made outside of the new process. My office and I will continue to monitor CSEC information exchanges with partners to ensure proper processes are followed and that there is clarity of language to avoid any ambiguous situations that might raise questions about compliance.
I also found that CSEC generally takes appropriate measures to protect the privacy of Canadians when a privacy incident arises from activities of a Second Party. However, because of the enhanced potential of the violation of the privacy of a Canadian when a privacy incident involves a Second Party, I recommended that CSEC request that its second party partners confirm that CSEC requests to address any privacy incidents relating to a Canadian have been actioned by the partners, and that CSEC record the responses in the PIF.
My review did not reveal any systemic deficiencies or issues that require follow-up review.
I intend to continue to conduct an annual review of CSEC's PIF and MPER.
The Minister of National Defence accepted the recommendation. My office and I will monitor developments with regard to the findings and recommendation I have made in this review.
- Date modified: