Update on CSE Efforts to Address Recommendations

CSE has accepted and implemented, or is working to address, 95 percent (166) of the 175 recommendations made since 1997, including the five recommendations in reports to the Minister this year. Commissioners track how CSE addresses recommendations and responds to negative findings as well as areas for follow-up identified in reviews. The Commissioner is monitoring 10 recommendations that CSE is working to address – five outstanding recommendations from previous years and five from this year.

This past year, CSE advised the office that work had been completed in response to five past recommendations.

Part of CSE's mandate includes providing assistance to federal law enforcement and security agencies. In 2015, the Commissioner's office reviewed CSE's assistance to the Canadian Security Intelligence Service (CSIS) under section 16 of the Canadian Security Intelligence Service Act. This section permits CSIS to collect foreign intelligence at the request of either the Minister of National Defence or the Minister of Foreign Affairs. The Commissioner recommended that CSE ensure all policies related to section 16 and the assistance it provides to CSIS are consistent with and reflect the approval process for these activities. CSE fulfilled this recommendation by promulgating an overarching policy on assistance to federal law enforcement and security agencies. CSE will consider additional updates to the policy as a result of a new memorandum of understanding being developed with CSIS concerning these activities.

CSE advised it had implemented a recommendation made in January 2018 from the Commissioner's review of CSE's 2015–2016 disclosures of Canadian identity information. CSE put in place measures to ensure that clients requesting disclosure of Canadian identity information specify both the client's lawful authority and a robust operational justification to receive this information. However, this year, the Commissioner found opportunities for improvement in his review of CSE's 2017–2018 disclosures of Canadian identity information.

A 2017 review examined CSE authorities and participation in a multilateral operational initiative. To ensure clarity for any new activities involving information sharing with foreign entities, the Commissioner recommended that CSE conduct adequate assessments with respect to authorities and measures to protect the privacy of Canadians prior to commencing such activities. The Minister accepted the recommendation and, in response, CSE developed an operational risk framework to examine authorities to participate in new operational activities.

In last year's review of CSE's foreign signals intelligence activities conducted under ministerial authorization, the Commissioner recommended that CSE ensure request memoranda to the Minister of National Defence contain comprehensive information to describe and document the agency's contemplated activities in a thorough manner so as to better support the Minister's decision-making. CSE addressed this recommendation by including additional contextual information in all three ministerial authorizations related to foreign signals intelligence for 2018–2019.

Also last year, the Commissioner recommended that CSE clarify language in ministerial authorizations related to solicitor-client communications. This recommendation applied to CSE's information technology security activities and its foreign signals intelligence collection activities. CSE satisfactorily addressed the recommendation by including the same definition of solicitor-client communication in both types of ministerial authorizations. This definition reflects the legal protection afforded these types of communications.