The Year in Review

To prepare myself for the work ahead, in the first few months after my appointment I received several briefings from my own staff and from officials at CSE, including meetings with the Chief and his executive team. I met with the Minister of National Defence as well as his predecessor. I also met with the Security Intelligence Review Committee and with the Security and Intelligence Coordinator, who is also the National Security Advisor to the Prime Minister, and to whom the Chief of CSE reports for matters of operations and policy.

What quickly became apparent to me was the array of challenges facing CSE and the rest of the intelligence community in light of globalized threats with implications for Canada's international affairs, defence and security. The need to monitor and understand these threats is vital, yet efforts to do so have been curtailed in recent years by what has become an increasingly complex web of global communication technologies. Significant challenges to foreign intelligence collection — one of CSE's primary mandates — also arise in this environment.¹

These and other new demands led to legislative amendments and the development of new legal frameworks that should meet two objectives: first, facilitating the activities of intelligence agencies; and second, requiring that those agencies meet certain standards and respect certain thresholds that allow them to define and account for their activities.

In parallel with technological development to permit foreign intelligence collection in an ever expanding and complex global communications environment, it is also important to develop technologies that enable intelligence agencies to protect the rights and privacy of Canadians. In other words, technology developed for purposes of acquiring information from the global information infrastructure must be complemented by technology that can be used to protect privacy. It is in this context that the need for review of CSE's activities remains high.

Against this backdrop, several general issues related to foreign intelligence collection drew my attention in the past year; two in particular warrant discussion here.

Governing Authorities for Foreign Intelligence collection

Canada's intelligence requirements, including its foreign intelligence priorities, are established annually by the Ad Hoc Committee on Intelligence Priorities (formerly the Meeting of Ministers on Security and Intelligence), chaired by the Prime Minister.# Several federal agencies, including the Communications Security Establishment, contribute to meeting these priorities. To carry out its foreign intelligence mandate, the CSE relies on the authority of the National Defence Act (NDA),² which empowers CSE to "acquire and use information from the global information infrastructure for the purpose of providing foreign intelligence, in accordance with Government of Canada intelligence priorities". When CSE does this, it is acting as a principal provider of foreign intelligence.

In addition, CSE, under the authority of the NDA, assists other federal agencies in the performance of their lawful duties. In these instances, CSE does so as an agent. In providing technical and operational assistance to federal law enforcement and security agencies, CSE is strictly governed by the terms and conditions of the principal's governing authorities, which in some instances may be a warrant from the Federal Court of Canada.

These two roles — as principal and agent — were formalized in legislation in 2001, but they are not new for CSE. What is new is CSE's authority under the NDA to intercept private communications, under prescribed conditions, if authorized to do so by the Minister of National Defence.³ With a ministerial authorization, CSE can intercept and use a communication with a connection to Canada (that is, a 'private communication') acquired in the course of targeting a foreign entity abroad, provided it meets certain conditions laid out in the NDA. This provision adds a new authority to the legal framework within which foreign intelligence can be lawfully acquired.

From my initial review of some foreign intelligence collection activities, I had concerns that, in some instances, the linkages between these activities and the authorities that govern them were not being given due consideration. I was pleased to learn, therefore, that during the past year the legal frameworks available to the intelligence community for foreign intelligence collection were revisited to ensure that all available authorities had been fully considered before foreign intelligence activities were authorized. I encourage the government to continue to do so.

Ministerial Authorizations

Historically, governments have relied on intelligence gathering as part of their efforts to protect and promote national interests and to identify and counter threats to those interests. The advent of new technologies, along with revolutionary developments in the communications industry over the past decade, have hindered some traditional forms of intelligence collection, including the foreign signals intelligence collection performed by CSE.

In the not so distant past, foreign intelligence collection was fashioned around predictable communications patterns and technologies. As a result, it could be conducted within relatively neatly defined legal frameworks. This environment facilitated the review and assessment of foreign intelligence collection activities. During my first year as CSE Commissioner, however, I quickly understood that this is no longer the case. Governments have had to reassess their ability to protect national interests and counter activities such as terrorism that threaten domestic and international security. Canada is no exception.

New legal mechanisms were needed to respond to this changing environment. One response was the ministerial authorization (MA) provisions in Part V.1 of the National Defence Act, added to the Act in 2001.⁴

Today's integrated technologies carry different kinds of traffic and follow complex communication paths that transit international borders and mix foreign communications with private communications. The MA provisions do not allow CSE to target Canadians or their communications. (CSE has never been allowed to do this.) Today, however, CSE is in a better position to fulfil its foreign intelligence responsibilities because, with the Minister's consent, it can follow targeted foreign communications even if they have a connection with Canada. I believe that few Canadians would disagree with the intent of this provision and the authority it provides in today's context of terrorism and threats to Canadians' safety and security.

Since the new legislation was passed, I can confirm that CSE has exercised this authority. As CSE Commissioner, I understand the need for it and support its objective. Subsection 273.65 (8) of the NDA requires that I review CSE activities carried out under an MA to ensure that they are authorized and report annually to the Minister.

I believe CSE's policies, instruments and processes must require and facilitate the management and accountability of any activities it conducts under the authority of an MA, particularly activities that relate to intercepting private communications and safeguarding the privacy of Canadians. While this is an evolving process, I can report that CSE has continued to improve the MA structure and strengthened the MA management and accountability mechanisms.

Report of the Auditor General of Canada

The Auditor General's November 2003 report was tabled in Parliament on February 11, 2004. Chapter 10 of the report — Other Audit Observations — included an audit note, headed Independent reviews of security and intelligence agencies, that went on to state, "The activities of security and intelligence agencies are not subject to consistent levels of review and disclosure."

The report suggested that the CSE Commissioner's annual report should be expanded beyond considering CSE's compliance with the law to include such topics as management issues or potential problems at CSE. I believe that a review of the annual reports produced by this office to date will confirm that these areas have, in fact, been considered as they relate to two of the organization's business lines, foreign intelligence collection and the protection of government information systems and networks.

For example, over the past several years, reviews have led to observations in such areas as CSE's strategic planning activities; internal policies, procedures and handling practices; and management and control frameworks. These observations have always been made, however, in the context of lawfulness and CSE's efforts to safeguard the privacy of Canadians.

I believe the content of the CSE Commissioner's public annual report must be guided by his mandate, which is to review and report on CSE's activities to ensure that they are in compliance with the law, and to report to the Minister of National Defence annually on the Commissioner's activities and findings.

---

¹ Foreign intelligence is defined in the National Defence Act as information or intelligence about the capabilities, intentions or activities of a foreign individual, state, organization or terrorist group, as they relate to international affairs, defence or security (Part V.1, section 273.61).

² R.S.C. 1985, c. N-5.

³ Private communications are the communications of Canadians or persons in Canada. Specifically, private communication is defined in section 183 of the Criminal Code as any oral communication, or any telecommunication, that is made by an originator who is in Canada or is intended by the originator to be received by a person who is in Canada and that is made under circumstances in which it is reasonable for the originator to expect that it will not be intercepted by any person other than the person intended by the originator to receive it, and includes any radio-based telephone communication that is treated electronically or otherwise for the purpose of preventing intelligible reception by any person other than the person intended by the originator to receive it.

⁴ Part V.1 was added to the National Defence Act by the Anti-Terrorism Act, which became law on December 24, 2001. Before issuing a ministerial authorization, the Minister must be satisfied that the four conditions set out in subsection 273.65 (2) of the NDA have been met:

1. the interception will be directed at foreign entities located outside Canada;
2. the information to be obtained could not reasonably be obtained by other means;
3. the expected foreign intelligence value of the information that would be derived from the interception justifies it; and
4. satisfactory measures are in place to protect the privacy of Canadians and to ensure that private communications will only be used or retained if they are essential to international affairs, defence or security.