Each year, the Government establishes its intelligence requirements, including its foreign intelligence priorities. These priorities are then communicated in writing to the Chief of cse, by the Security and Intelligence Coordinator, Privy Council Office. As part of its response, CSE develops a business plan that guides the signals intelligence (sigint) program.
I examined the foreign intelligence priorities and the sigint business plan and I am able to confirm that for the fiscal year 1997/98, CSE's activities were consistent with these priorities.
In the course of my review activities, I had occasion to look at CSE's framework for sigint policies with lawfulness implications. I wanted to examine specific CSE policies to determine whether they provided adequate guidance to employees in the performance of their duties. I was particularly interested in policies related to privacy issues.
I found CSE's sigint policies to be sound. The policies in place, as well as the system under which they are developed, appear to be well conceived. Moreover, the procedural documentation drafted in support of these policies is comprehensive and clearly stated.
During my examination of these policies, I did observe that while CSE has an appreciable amount of policy, it is not always at the right organizational level. However, I did not encounter any major sigint policy gaps, and I can provide my assurance that none of the gaps related to the lawfulness of CSE's activities or to the privacy of Canadians.
I noted that a cornerstone of CSE's sigint policies deals with safeguarding the privacy of Canadians. It applies to information in the possession of cse, for the purpose of providing the government with foreign signals intelligence, in support of its foreign and defence policies.
I was able to observe that the policies require CSE employees to conduct their operational activities in strict recognition of, and adherence to, federal legislation governing the protection of the rights, privacy and freedoms of Canadians. The policies affirm CSE's commitment to respect the corresponding procedures of its close and long-standing allies, Australia, New Zealand, the United Kingdom and the United States (also known as the Second Parties). However, these procedures must conform first to the laws of Canada.
CSE undertakes explicitly to treat the communications of Second Party nationals in a manner consistent with the procedures issued by the agency of that country, provided such procedures do not contravene the laws of Canada. This is a reciprocal undertaking to ensure that the Second Parties do not target each others' communications or circumvent their own legislation by targeting communications at each others' behest. In other words, they do not do indirectly what would be unlawful for them to do directly.
During discussions, CSE officials referred to their key sigint policies as "living, breathing documents." In this regard, I noted that these policies are the subject of ongoing internal review. I also found that the policy design includes indicators to measure the effectiveness of the policy, one of which is the result of any audit carried out by the Privacy Commissioner. (I referred to his most recent findings on this topic in my last report.) Historically, these indicators have been used to guide subsequent iterations of the policy.
Among the mechanisms used to ensure that employees acquire the knowledge they need to discharge their duties lawfully are training on policies and on-the-job mentoring. I learned that over the past year, employees were also brought together to participate in an exercise to identify, among other things, the organization's core values. CSE officials stated that, without exception, all focus groups of employees identified the value of lawfulness as a core CSE value.
I was interested to learn about internal investigations and complaints at CSE. I examined reports and documents pertaining to all incidents involving employees since my appointment in June 1996. I wanted to know whether any of the incidents involved unlawful activity in the delivery of CSE's mandate. To protect the privacy rights of the individuals involved, procedures were adopted to ensure that their names and any other identifiers were shielded from view.
The incidents I reviewed involved a variety of matters such as miscellaneous internal security violations and infractions; however, there were no discernible trends. None of the incidents involved unlawful activity in relation to CSE's mandate, or infringements on the privacy of Canadians.
I also wanted to know what procedures were in place for employees who resign or are released. I learned that CSE had identified, and is in the process of implementing, a comprehensive program to address these and other matters. This is a positive first step, and I intend to look at it again at a future date.
During the year under review, my office refined its procedures for examining the electronic gateway to the information collected and held by CSE. Based on the results of this review and analysis, I am of the opinion that CSE has acted lawfully in the performance of its mandated activities since my last report. I am also satisfied that CSE has not targeted Canadian citizens or permanent residents.
In giving assurance that CSE does not target the communications of Canadians, I would like to add, for greater certainty, that this applies to all Canadians, including the people of Québec. CSE does not target Québec communications, or the Québec sovereignty movement, and it does not have a "French Section".
The Order in Council appointing me CSE Commissioner appears in an appendix to this report. Paragraph (c) authorizes me to submit a report containing classified information to the Minister of National Defence any time I consider it advisable. Since my last report, I have submitted three classified reports to the Minister. None of these reported on unlawful activity on the part of CSE.
- Date modified: