Reviews

Overview

The Commissioner's mandate, as set out in the National Defence Act, is clear:

The Commissioner's powers, as set out in section 273.63 of the National Defence Act, are strong:

Logic Model

The following logic model provides a graphic description of how the review program functions.

Logic Model

What activities of CSE does the Commissioner review?

The Commissioner reviews the activities CSE conducts under its three-part mandate as set out in section 273.64 of the National Defence Act :

CSE's website provides more information on its mandate and activities.

CSE is prohibited by law (section 273.64 of the NDA) from directing its SIGINT collection and IT security activities at Canadians — wherever they might be in the world — or at any person in Canada. However, should CSE obtain any information relating to a Canadian while conducting its mandated activities, CSE must take measures to protect the privacy of that Canadian.

The Commissioner's review of CSE activities includes determining whether CSE has in place, and applies, satisfactory measures to protect a Canadian's reasonable expectation of privacy in CSE use and retention of any collected communications or information, including metadata, such as a telephone number, e-mail or Internet address.

For example, the Commissioner examines CSE use, disclosure and retention of any private communication that CSE may unintentionally intercept while collecting foreign SIGINT or protecting Government of Canada computer systems.

The Commissioner verifies that any Canadian identity information is protected and only shared with authorized partners when needed for understanding the foreign SIGINT or cyber defence information.

The Commissioner also verifies that CSE assistance to federal law enforcement and security agencies is consistent with the same authorities and limitations that govern the agency it is assisting — such as the terms and conditions in a judicial authorization or warrant.

The Commissioner is required under the National Defence Act to report to the Attorney General of Canada and to the Minister of National Defence any activities that he believes may not be in compliance with the law, with a particular emphasis on how CSE activities affect the privacy of Canadians.

As the minister responsible for CSE, the Minister of National Defence can — and does — direct CSE to implement the Commissioner's recommendations to help ensure compliance or enhance the protection of the privacy of Canadians.

Our approach

Determining and reporting on CSE compliance with the law and the extent to which it protects the privacy of Canadians are central features of the Commissioner's review mandate.

Reviews generally include an examination of past activities conducted by CSE. The principal purpose of reviews is to determine whether CSE activities have respected the authorities that govern them, including legal, ministerial and policy requirements. Furthermore, reviews include an examination of CSE's reasons for conducting activities to confirm that its justifications for the activities are lawful and the activities fall within CSE's mandate.

The Commissioner is responsible for reporting to the Attorney General of Canada and to the Minister of National Defence any non-compliance by CSE, such as an unlawful interception of a private communication or sharing Canadian identity information with a partner without justification or adequate measures to protect the privacy of that Canadian. However, the Commissioner also takes a preventative approach to review, exploring ways to strengthen CSE practices that contribute to compliance and incorporate measures that protect the privacy of Canadians.

Prevention is an important part of the Commissioner's mandate. A number of Commissioners' reports have included recommendations aimed at prevention, addressing weaknesses in CSE practices, policies or procedures that, if not corrected, could potentially contribute to non-compliance. The implementation of the Commissioners' recommendations by CSE helps reduce the risk of non-compliance and strengthen privacy protection.

Review methodologies used by the Commissioner's office are based on accepted principles and practices of audit processes in Canada, including those of the Auditor General of Canada. These practices include, for example:

These practices are reflected in review staff training, as well as in the operational policies and procedures that guide the reviews the Commissioner's office undertakes. To ensure rigour in our approach, the Commissioner's review work has been subject to independent assessment by audit professionals intimately familiar with the work of intelligence review.

Selecting activities for review

The Commissioner uses a risk-based and preventative approach in selecting activities for review. He prioritizes CSE activities where risk is greatest for potential non-compliance with the law, including risks to the privacy of Canadians, by considering, among other factors:

Ministerial Authorizations and Private Communications

The law also directs the Commissioner to review activities carried out under a ministerial authorization and to report to the Minister on the review. Each year, the Commissioner reviews all CSE foreign signals intelligence collection ministerial authorizations to ensure that the activities subsequently carried out are indeed authorized. The Commissioner examines whether any private communications intercepted were done so lawfully, whether any such communications that are used and retained are essential to international affairs, defence and security, and whether satisfactory measures are in place to protect the privacy of Canadians.

How Canadians' privacy is protected

Communications Security Establishment (CSE) activities related to the collection of foreign signals intelligence (SIGINT) and its information technology (IT) security activities to help protect electronic information and information infrastructures of importance to the Government of Canada are subject to three legislative limitations aimed at protecting Canadians' privacy:

  1. CSE is prohibited from directing its SIGINT collection and IT security activities at Canadians, regardless of their location anywhere in the world, or at any person in Canada, regardless of their nationality;
  2. In conducting activities under ministerial authorization, CSE may unintentionally intercept a communication that originates or terminates in Canada in which the originator has a reasonable expectation of privacy, which is a “private communication” as defined in section 183 of the Criminal Code CSE may use and retain a private communication obtained this way but only if it is essential to either international affairs, defence or security, or to identify, isolate or prevent harm to Government of Canada computer systems or networks; and
  3. To provide a formal framework for the unintentional interception of private communications while conducting foreign SIGINT collection or IT security activities, the National Defence Act requires express authorization by the Minister of National Defence. These are known as ministerial authorizations. The Minister may authorize the activities once he or she is satisfied that specific conditions provided for in the Act have been met, which includes assurances of how such unintentional interceptions of private communications would be handled should they arise.

Purpose of ministerial authorizations

When CSE is conducting activities to acquire foreign SIGINT, it cannot know beforehand with whom a targeted foreign entity outside Canada may communicate. Similarly, when CSE is conducting activities to help protect Government of Canada computer systems, it cannot know beforehand who may communicate with or through that computer system.

Additionally, given the complexity and interconnectedness of the global information infrastructure, it is unavoidable that CSE will intercept a number of private communications.

It is for these reasons that the Minister of National Defence may provide CSE with a ministerial authorization for these activities — to shield CSE from the Criminal Code in cases where it may unintentionally intercept a communication coming to or originating from Canada and where a person has an expectation of privacy.

CSE ministerial authorizations relate to an “activity or class of activities” specified in the authorizations. This term is interpreted by Justice Canada as meaning a method of acquiring foreign SIGINT or of protecting computer systems (the how), the authorizations do not relate to a specific individual or subject (the whom or the what).

A ministerial authorization can be in effect for no longer than one year. In 2013–2014, there were three foreign SIGINT collection and one IT security ministerial authorizations in effect.

Conditions for ministerial authorizations

To issue a ministerial authorization for foreign SIGINT collection, the Minister must first be satisfied that:

To issue a ministerial authorization to protect the computer systems or networks of the Government of Canada, the Minister must be satisfied that:

Each year, the Commissioner reviews CSE ministerial authorizations — which may be in effect for a period of no longer than one year — to ensure that the activities are authorized and that the above conditions for authorization are met. He reports to the Minister of National Defence on his review.

Review methodology and criteria

In conducting a review, the Commissioner's office uses a number of tools and techniques, such as:

Each review includes an assessment of CSE activities against a standard set of criteria:

Reviewers have specialized expertise relating to the technical, legal and privacy aspects of CSE activities. They also have security clearances at the level required to examine CSE records, systems and databases. They are bound by the Security of Information Act and cannot divulge to unauthorized persons the specific information they access.

Reporting on our findings

The Commissioner submits detailed classified reports on his reviews to the Minister of National Defence. These reports document CSE activities, contain findings relating to the review criteria, disclose the nature and significance of any deviations from the criteria, and include any resulting recommendations.

Following the standard audit practice of disclosure to the organization being reviewed, draft versions of review reports are presented to CSE for confirmation of factual accuracy. This is essential to the review process. If the facts are not substantiated, the findings, conclusions and any recommendations based on those facts would not be credible.

Where and when appropriate, the Commissioner makes recommendations to the Minister of National Defence who is responsible for CSE and can direct CSE to implement any recommendations. Recommendations are aimed at preventing possible non-compliance, improving privacy protections or correcting discrepancies between CSE activities and the Commissioner's expectations.

The Minister responds to the Commissioner and indicates whether the recommendations have been accepted. Since 1997, Commissioners have submitted to the Minister of National Defence 106 classified review reports. In total, the reports contained 166 recommendations. CSE has accepted and implemented or is working to address 95 percent (157) of these recommendations, including all 10 recommendations made in 2013–2014. The Commissioner publishes the titles of all review reports submitted to the Minister of National Defence (with any classified information removed) to demonstrate the depth and breadth of Commissioners' reviews.

The Commissioner summarizes his review activities in an annual report for Parliament, which is a public document. Consistent with the review model in Canada, CSE reviews the draft to verify that it does not contain any classified information according to the Security of Information Act. The report is provided to the Minister of National Defence, who cannot change it and must, by law, table it in Parliament.

The Commissioner alone determines the content of his reports, which are based on facts and conclusions drawn from those facts. The reports cannot be altered by CSE or any minister.

Date modified: