I submitted a total of five classified reports to the Minister of National Defence over the period covered by this report. Two of these were initiated by my predecessor and completed during the first year of my term.
In 2003-2004, I submitted three classified reports to the Minister of National Defence on subjects related to my general mandate to review CSE's activities to ensure they conform with the law.
Submitting a classified report to the Minister does not mean that a lack of compliance with the law or ministerial authority has been detected. It indicates only that the report contains material that requires classified handling. I report to the Minister on all my reviews, either to provide assurance or to bring concerns to his attention, as each specific situation requires.
CSE conducted activities under seven ministerial authorizations in 2002-2003; two of these concerned foreign intelligence collection, while five related to information technology security. Within the time frame covered by this report, my office reviewed activities under five of the MAs; the others were nearing completion at the end of the reporting year. The five reviews resulted in two reports to the Minister, both covering information technology security activities.
None of the reports raised issues of unlawfulness. However, a more general issue about the structure of and process for using ministerial authorizations did arise. Certain weaknesses in policies and procedures related to these activities were brought to CSE's attention. While some issues have been resolved, others remain. I hope to be able to report further on these issues in next year's report.
Annex C provides a list of all classified reports to the Minister submitted by my predecessor and me since the Commissioner's office was established in 1996.
This year my staff reviewed all recommendations made by my predecessor and me in classified reports submitted to the Minister of National Defence since the creation of this office in 1996. The goal was to follow up with CSE on these recommendations and to determine whether the issues identified had been dealt with satisfactorily. I will be asking CSE for an annual update of this information.
The review showed that CSE's response to the recommendations has not been uniform. This is not surprising, given the diverse nature of the recommendations made to date: some could be implemented immediately; some related to policy or procedures; some were of a technical nature; and some required further study to determine their feasibility. Many related to how CSE can better manage and account for its activities.
Based on this review, I would observe that CSE has responded to many of the Commissioner's recommendations, but that a number of issues remain to be addressed, in particular, by establishing work plans and timetables with milestones and completion dates for specific corrective actions that CSE has acknowledged are necessary.
As I have made clear throughout this report, my recommendations and those of my predecessor are intended generally to be preventive, to forestall the possibility of non-compliance by putting effective controls in place. It is in this spirit that I will continue to follow up on CSE's response to recommendations from my office.
I can report that the activities of CSE that my office reviewed during the past year complied with the law and with ministerial authority. It is important to place this assertion in context. It should not be taken to mean that I am certifying that all CSE's activities in 2003-2004 were lawful. I cannot make this assertion, because I did not review all their activities — and no independent reviewer could. However, my office reviews a wide range of activities in considerable depth, based on our assessment of where the risks of unlawful activity are likely to be greatest. This is the appropriate context for the assurance my work provides.
I should add, however, that during the course of reviews, I occasionally identify circumstances where there are clear and evident risks that unlawful activity might occur (arising, for example, from deficiencies in policies or practices). My predecessor and I have made a practice of reporting these circumstances to CSE and to the Minister. As I made clear in the introduction to this report, I believe it is ultimately more useful to prevent unlawful activity than to identify it after the fact.
There were two complaints in the period covered by this report, but neither led to a formal investigation.
If I am to be in a position to assure complainants that CSE is not engaging in unlawful activity, my approach to complaints must take into account the mandate assigned to CSE under Part V.1 of the National Defence Act. Now, as before the introduction of Part V.1, CSE must not target the communications of Canadians or persons in Canada. As discussed earlier, however, it is no longer possible to state unequivocally that both ends of a communication intercepted by CSE are foreign. CSE can now intercept (though it cannot target) private communications, provided it obtains a ministerial authorization in advance. CSE may also use and retain that communication, provided it adheres to guidelines that are also established in Part V.1 of the NDA (see footnote 4).
Any complaint submitted to me about CSE's activities must therefore be examined in this light.
No persons approached me to avail themselves of the public interest defence provisions of the Security of Information Act, subparagraph 15 (5)(b)(ii).5
- Date modified: