Overview of the 2013—2014 Findings and Recommendations
During the 2013—2014 reporting year, six classified reports were submitted to the Minister of National Defence on reviews and a study of CSEC activities.
These investigations were conducted under two areas of my mandate:
- ensuring CSEC activities are in compliance with the law – as set out in paragraph 273.63(2)(a) of the National Defence Act; and
- ensuring CSEC activities under a ministerial authorization are authorized – as set out in subsection 273.65(8) of the National Defence Act.
Each year, I provide an overall statement on my findings about the lawfulness of CSEC activities. All of the activities of CSEC reviewed in 2013—2014 complied with the law. CSEC was cooperative with my office in the conduct of reviews.
This year, I made 10 recommendations to promote compliance, strengthen privacy protection and support the Minister of National Defence in his decision making and control of CSEC.
A number of reviews focused on the need for precision and accuracy of language in information exchanges with CSEC's domestic and international partners.
I examined a number of new automated processes of CSEC, with privacy protections being built into them. I verified CSEC's use of technology to diminish the possibilities of human errors or privacy violations.
Information sharing with international partners was the focus of a specific in-depth review and was an important part of three other reviews. I recommended that the Minister of National Defence issue a new directive to CSEC on information sharing activities with its second party partners in the United States, the United Kingdom, Australia and New Zealand (that is, second party partners are CSEC's counterparts in the Five Eyes alliance), to clearly set out expectations for the protection of the privacy of Canadians. I recommended that CSEC promulgate guidance to formalize and strengthen practices for addressing potential privacy concerns involving second party partners. I also recommended that CSEC record second party partners' confirmation that they have actioned CSEC requests to address any privacy incidents relating to a Canadian.
Two recommendations require CSEC to make available to the Minister of National Defence more comprehensive information regarding communications it collects and the private communications it unintentionally intercepts as part of authorized foreign signals intelligence collection, as well as information CSEC obtains from its second party partners.
Two recommendations emphasize the requirement for CSEC to immediately identify a foreign signals intelligence private communication for essentiality to international affairs, defence or security, and to regularly assess whether the retention of a private communication is strictly necessary and remains essential to international affairs, defence or security, or whether that communication should be deleted.
Three recommendations address gaps in CSEC policy related to: proper accountability and approvals for certain sensitive activities; certain metadata activity; and the specific circumstances and handling of a particular type of communication.
The recommendations are described in the section on highlights of reviews. My office and I will monitor developments.
In addition to the five reviews and one study completed this year, my predecessor sent a letter to the Minister in June 2013 to report on a follow-up review of certain CSEC activities. In this review, Commissioner Décary examined a small number of additional CSEC documents relating to certain individuals. He did not have any outstanding questions relating to compliance with the law or to the protection of the privacy of Canadians.
- Date modified: