Language selection

Government of Canada / Gouvernement du Canada

Search


Review of the Communications Security Establishment’s Disclosures of Canadian Identifying Information

Context

On November 25, 2020, the National Security and Intelligence Review Agency (NSIRA) presented the Minister of National Defence and the Minister of Public Safety with a classified compliance report on its review of CSE’s disclosures of Canadian identifying information (CII). In this review, NSIRA found that the CII disclosure regime lacked rigour and that its implementation may not have been in compliance with the Privacy Act. Additionally, NSIRA found that the Federal Court may not have been adequately informed about key elements of CSE’s disclosures of CII collected on the authority of warrants issued in relation to section 16 of the Canadian Security Intelligence Service (CSIS) Act. Given the findings of the review, NSIRA has published its unclassified summary of the compliance report.

In carrying out its foreign intelligence mandate, CSE may incidentally acquire information about Canadians or person(s) in Canada. CII is information that could be used to identify an individual, and is normally suppressed from reporting unless Government of Canada or foreign clients request these details and are able to demonstrate that they have operational justification and legal authority to receive it.

After a thorough review of CSE’s disclosures of CII, which also involved direct engagement with other Government of Canada departments that request CII, NSIRA made 6 findings and 11 recommendations. This unclassified summary provides an overview of the CII disclosure regime, and NSIRA’s observations related to the policies, procedures, training, and the legal authorities governing it.

Publishing this summary aligns with NSIRA’s efforts at increasing transparency and being more accessible to Canadians through its work. Looking forward, NSIRA will conduct future reviews of the CII disclosure regime to ensure that its recommendations are implemented in a way that will improve the CII disclosure program and that this program is compliant with the applicable legal framework.

As per section 8(1)(a) of the NSIRA Act, independent review of CSE’s activities is a statutory requirement for NSIRA. As such, NSIRA will continue to review CSE activities and report on compliance issues if they arise.

To learn more about NSIRA’ mandate, click here.

Date of Publishing:

Executive Summary

Subsequent to the collection of foreign signals intelligence by the Communications Security Establishment (CSE), any incidentally collected Canadian identifying information (CII) is suppressed in CSE’s intelligence reporting to protect the privacy of Canadians and persons in Canada. However, the Government of Canada (GC) and foreign clients of such reports can request the details of this information if they have lawful authority and operational justification.

The National Security and Intelligence Review Agency (NSIRA) conducted a review of CSE’s disclosures of CII to GC clients. In reviewing disclosures containing 2,351 Canadian identifiers over a five year period, NSIRA found that 28% of requests from all clients were not sufficiently justified to warrant the release of CII. . Nevertheless, during the period under review, CSE approved 99% of these requests for CII from its domestic clients. Given this and other findings related to CSE’s internal practices, NSIRA found that CSE’s implementation of its CII disclosure regime may not be in compliance with the Privacy Act.

Moreover, NSIRA found that CSE has released CII to GC clients from its technical and operational assistance to the Canadian Security Intelligence Service (CSIS) in relation to section 16 of the CSIS Act, in a manner that was likely not communicated to the Federal Court by CSIS.

This report is a summary of the more detailed, classified report provided to the Minister of National Defence on November 25, 2020.

Introduction

The Communications Security Establishment (CSE) may incidentally acquire information about Canadians or persons in Canada in its collection of foreign signals intelligence (SIGINT). Canadian identifying information (CII) refers to any information that can identify an individual, ranging from names to email addresses and IP addresses. CII is suppressed in intelligence reports to protect the privacy of Canadians and persons in Canada. Government of Canada (GC) and foreign clients may subsequently request the details of this information if they have lawful authority and operational justification to collect it. This information sharing regime has been in place since the 2001 enactment of CSE’s powers under the National Defence Act, and has been previously reviewed by the Office of the CSE Commissioner (OCSEC)

Following a review of CSE’s disclosures of CII, the National Security and Intelligence Review Agency (NSIRA) concluded that CSE’s implementation of its disclosure regime may not be in compliance with the Privacy Act. Therefore, pursuant to subsection 35(1) of the NSIRA Act, NSIRA submitted a compliance report to the Minister of National Defence on November 25, 2020.

CSE’s disclosure regime, in place for nearly two decades, is one of the most important national security information sharing structures in the federal government, surpassing the volume of disclosures processed through the information sharing mechanism under the Security of Canada Information Disclosure Act (SCIDA). Unlike CSE’s disclosure regime, information sharing processes under SCIDA have recently undergone comprehensive scrutiny and debate both in Parliament and by the public as part of the deliberation of Bill C-59.

CSE’s work results in special responsibilities to protect the privacy of Canadians. In this context, NSIRA assessed CSE’s operational structures, policies, and processes to determine the rigour of the CII disclosure regime. NSIRA found serious problems with several aspects of the governance and implementation of CSE’s CII disclosure regime. NSIRA also found that CSE discloses information collected pursuant to the authority of Federal Court issued warrants as part of its assistance to the Canadian Security Intelligence Service (CSIS). NSIRA believes that although the Federal Court is aware of CSIS’ disclosure of CII, the Court may not have been fully informed about the parallel disclosure process taking place at CSE. In January 2021, CSIS provided the Federal Court with a copy of NSIRA’s full, classified review, excluding information protected by solicitor-client privilege.

Methodology

As part of its review, NSIRA examined a selected sample of CII disclosures and their associated intelligence reports – initially from July 1, 2018 to July 31, 2019, though the review period was later expanded to cover July 1, 2015 to July 31, 2019 for certain types of disclosures. Over that period, CSE received requests for 3,708 Canadian identifiers. NSIRA received information about the outcome of all of these requests. Additionally, NSIRA was able to closely review requests pertaining to 2,351 identifiers.

In all, NSIRA examined electronic records, correspondence, intelligence reports, legal opinions, policies, procedures, documents pertaining to judicial proceedings, Ministerial Authorizations, and Ministerial Directives of relevance to CSE’s CII disclosure regime. CSE also responded to NSIRA’s questions throughout the review.

While this began as a review of solely CSE, it became evident that NSIRA also needed to engage with CSE’s Government of Canada clients of CII. In the spirit of its legislation, NSIRA “followed the thread” by engaging with a range of federal departments, from recurring clients of CII, such as CSIS and the Royal Canadian Mounted Police (RCMP), to less frequent clients, such as Innovation Science and Economic Development Canada (ISED). Through this engagement, NSIRA was able to understand the lifecycle of CII disclosures, from their origin within intelligence reporting to their eventual use by Government of Canada clients.

NSIRA also assessed CSE’s disclosures of CII arising from its assistance to CSIS in relation to section 16 of the CSIS Act. When CSE assists CSIS in that context, it is bound by the applicable Federal Court warrants’ conditions. While CSIS’ disclosures were not the subject of this review, they helped contextualize the adherence of CSE’s section 16 CII disclosures with the conditions and principles on which the Court issued the relevant warrants.

NSIRA also reviewed CSIS affidavits to the Federal Court in relation to Canadian information acquired through section 16 warrants, which served as the basis for a recent decision issued on this program by the Court (reported as 2020 FC 697). Given this window into the parallel practices and policy requirements of CSIS, NSIRA had the opportunity to contextualize CSE’s disclosures of CII arising from section 16 collection in a way that was unprecedented for an external review body.

Based on the records provided by CSE, CSIS, and other federal government entities, NSIRA made several findings and recommendations to improve the governance of CSE’s CII disclosure regime and to bring to the attention of the Federal Court important aspects of CSE’s disclosures of information acquired in relation to section 16 of the CSIS Act.

For CSE to disclose Canadians’ personal information without their consent, both CSE and the CII recipient must comply with relevant legislation, which, for the period under review, consisted of the Privacy Act and the National Defence Act:

In assessing CSE’s disclosures, NSIRA applied a two-pronged test in line with the Privacy Act requirements: the institution holding the personal information must have a disclosure authority to disclose it to another institution, and the recipient institution must have a collection authority. These thresholds derive from existing Privacy Act jurisprudence. In other words:

  • CSE’s CII clients are required to meet the section 4 collection requirement of the Privacy Act by establishing a direct and immediate relationship (with no intermediary) between the information to be collected through a CII request and their operating programs or activities.
  • On CSE’s side, its disclosures of CII had to comply with section 8 of the Privacy Act, and the National Defence Act, which was the governing statute for CSE during the review period.
  • Because the disclosure authority within the National Defence Act required CSE to protect the privacy of Canadians, NSIRA assessed whether CSE evaluated each disclosure request rigorously on its own merits, including the operational justification provided by clients, to determine whether the requests were reasonable and whether the disclosure was appropriate under the Privacy Act regime.

CSE’s internal practices

NSIRA assessed CSE’s privacy protection measures for compliance with its legal responsibilities and Ministerial Direction. NSIRA assessed whether CSE’s CII disclosures are subject to a thorough, well-documented evaluation and approval process that demonstrates each disclosure’s compliance with legal and operational requirements. Specifically, NSIRA assessed whether CSE’s clients demonstrated their legal authority to collect CII, and did so in compliance with section 4 of the Privacy Act by showing a direct and immediate relationship between their mandated activities and the requested CII.

During the period under review, CSE received requests for 3,708 identifiers from 15 domestic departments, releasing 3,671 – which represents a release rate of 99%. This release rate was also reflected in the eventual sample of disclosures selected for detailed review by NSIRA. NSIRA expected to find disclosure requests of a consistently high quality commensurate with their near-absolute approval by CSE. Nevertheless, the findings below represent several areas in which NSIRA observed shortcomings.

Employee training and documentation requirements

CSE employees generally decide whether to release CII. NSIRA did not find evidence of written guidance or training to guide employees’ assessment of the substance of disclosure requests; instead, the training materials and procedures that employees receive primarily focus on the logistical processes to release CII.

In their assessment of CII requests, CSE personnel can take a range of actions, including conducting further research into a requesting department and its mandate or communicating with the requester to obtain clarity. NSIRA found that these actions are generally not documented for requests from domestic clients, and the approved disclosures only contain the requested CII without the reasons for approving the request. NSIRA was unable to confirm that CSE personnel were taking steps to communicate with a requestor to clarify incomplete or unclear disclosure requests.

While this is not a requirement in CSE’s policies for domestic requests, NSIRA observed detailed rationales provided by personnel responsible for approving and denying CII requests originating from foreign clients for CII. NSIRA believes CSE should require employees to document their assessment of requests from domestic clients, including the rationale for their approval.

In sum, NSIRA found that CSE’s employees do not receive sufficient written training and guidance on assessing the substance of disclosure requests and are not required to document mandatory actions and assessments they make when releasing CII. NSIRA recommended that CSE require, through procedures and policy, that employees document their decision-making and rationales and train them to assess the substance of disclosure requests in light of applicable legal obligations.

Management oversight

Certain types of disclosures are elevated for review and approval at a higher level within the organization. This is another process that lacked the appropriate documentation. Based on data compiled by NSIRA, all requests for CII reviewed at this level were approved, with no documentation of the rationale behind the decision to approve the remainder.

An internal monthly compliance check is conducted to confirm that releases of CII follow sufficient justification, that only the requested CII is released, and to determine whether any procedural errors have occurred. The compliance checks reviewed by NSIRA did not contain any analysis of the disclosure requests. While CSE explained that employees are informally coached if disclosures do not meet requirements, this is not documented within the compliance checks, which provide only statistical summaries of CII disclosures.

NSIRA found that personnel responsible for approving certain CII disclosures and conducting periodic compliance checks did not document their decision-making and assessment of requests. NSIRA recommended that similar to employees at the working level, CSE management must document their decision-making and rationales.

CSE’s assessment of CII disclosure requests

CSE’s CII disclosure request form requires that the requestor state an applicable legal authority for collecting the information. NSIRA observed requests where this information was not provided. In this context, NSIRA expected that CSE would follow up with requestors or assure itself through its own assessment that the requestor had the appropriate legal authority for collecting CII. NSIRA found no evidence that this process was taking place.

NSIRA used its ability to follow the thread of a disclosure and engaged some of CSE clients for CII regarding their legal authority to collect Canadians’ personal information. Where these departments had not indicated a legal authority to receive CII, NSIRA inquired directly with them about their legal authorities, receiving detailed legal assessments prepared in response to NSIRA’s questions. NSIRA found no documented evidence that CSE had similarly assured itself of the clients’ legal authorities at the time of disclosure.

As the custodian of incidentally collected CII, CSE has the responsibility to assure itself and document that both a collection and disclosure authority exist before sharing it with third party clients.

Next to a legal authority, the second key component of a disclosure request is the recipient’s operational justification for collecting the CII. A demonstrable operational nexus is required to justify a requester’s collection of CII in line with the Privacy Act regime.

NSIRA found that CSIS, the RCMP, and the Canada Border Services Agency (CBSA) generally demonstrated a clear link between the intelligence reporting and associated CII to their mandated activities, with some exceptions. This was a result of the strong operational justifications provided proactively by these clients, and does not reflect a more rigorous process on CSE’s end. Disclosures to these departments comprised approximately half of NSIRA’s sample.

CSE has accepted operational justifications provided by these and other clients that NSIRA found to be inadequate. In these cases, the clients’ justifications pertained to CII that was not demonstrably related to their mandate or operations.

From the sample of all disclosures reviewed by NSIRA, we found 69% to be justified, 28% to be insufficiently justified to warrant the release of CII, 2% that could not be evaluated, and 1% that CSE denied. Nevertheless, within this sample, CSE had approved these disclosure requests at a 99% rate.

CSE also released additional personal information to clients beyond that which was requested and explained this to be a standard practice. For example, NSIRA observed cases where CSE disclosed Canadians’ names and other personal information even when the recipient only asked CSE for a company’s identity. NSIRA observed other types of scenarios where CSE disclosed more identifiers than requested.

In sum, NSIRA found that CSE has not sufficiently assessed the legal authorities invoked by its clients and recommended that CSE and these clients obtain legal advice from the Department of Justice to determine the extent of their legal authority to collect CII. NSIRA further found that CSE’s implementation of its CII disclosure regime may not have been in compliance with the Privacy Act framework and recommended that CSE cease disclosing CII to clients other than CSIS, RCMP, and CBSA until it addresses the findings and recommendations contained in NSIRA’s review.

CSE’s governance of the disclosure regime

Many of the systemic issues presented in NSIRA’s review arise from CSE’s CII disclosure regime governance. CSE develops its internal policies, procedures, and legal assessments to which its disclosure clients are generally not privy. CSE’s existing arrangements with its clients govern operational issues such as security standards, information handling and system access. However, at an institutional level, NSIRA has not found a consistent understanding among CSE’s CII disclosure clients of the legal requirements underlying this practice.

A more transparent governance structure would allow all parties to understand and formally acknowledge at an institutional level the legal and operational requirements behind disclosing and collecting CII. It is not sufficient for CSE to manage the regime with its clients not privy to the policies, procedures, and legal requirements that underlie it.

NSIRA found that CSE’s governance of the CII disclosure regime does not foster an environment where its clients can take equal responsibility for CII disclosures. NSIRA recommended that CSE work with the Department of Justice and the Treasury Board of Canada Secretariat to establish Information Sharing Agreements with its regular domestic clients.

CSE’s disclosure of CII collected through its assistance to CSIS

Throughout the review, NSIRA encountered reporting and associated disclosures that pertained to activities of foreign persons within Canada. As CSE is prohibited from directing its activities at such persons, NSIRA submitted a series of questions and received briefings on the subject. NSIRA learned that CSE discloses CII collected as part of its assistance to CSIS in relation to section 16 of the CSIS Act.

Under section 16 of the CSIS Act, CSIS may assist the Minister of Foreign Affairs or the Minister of National Defence by collecting foreign intelligence within Canada in relation to Canada’s defence or international affairs. In turn, CSIS can apply to the Federal Court for a warrant, under section 21 of the CSIS Act, to obtain judicial authorization for intrusive collection powers in support of the section 16 investigation. Subsequently, CSIS may request CSE assistance if it does not have the tools or capacity to carry out this collection. CSE’s assistance takes the form of developing tools and techniques, intercepting target communications, decryption, report writing, and translation.

In its assistance to CSIS, CSE must respect the legal authorities and limitations imposed on CSIS by law and Federal Court warrants. In its documented requests for CSE assistance, CSIS does not explicitly request that CSE disclose the CII collected under warrant. Such disclosures are also absent from internal CSE plans that set out CSE’s support parameters. At the same time, both agencies insist that CSE can disclose such CII using its regular disclosure policies and procedures.

The practice of handling CII incidentally collected pursuant to section 16-related warrants has been the subject of ongoing treatment by the Federal Court. CSIS has described its own practices to the Court, including detailed summaries of how section 16 information is collected, its processing for intelligence reporting, and the rigorous disclosure regime associated with this reporting. CSIS also noted, in less detail and with omissions, some aspects of CSE’s parallel disclosure of CII collected through its assistance to CSIS under these warrants.

Overall, the stringent practices described by CSIS to the Court do not present a complete picture. For instance, CSIS’s limited distribution of section 16 intelligence reports and associated CII is not mirrored in CSE’s wider release of this information. Additionally, the senior approval levels that CSIS has in place for disclosing information about Canadian officials are also not reflected in CSE’s practices. In fact, CSE does not have a policy on how to treat Canadian officials’ information through its assistance mandate, and generally releases it at the working level. Further, CSE personnel are not generally aware that the information they are releasing originates from section 16 collection, and its associated Federal Court warrants and conditions. Moreover, CSIS has communicated to the Court that its own disclosure practice includes an assessment of a disclosure request by the operational branch responsible for the warrant, while CSE discloses such CII independent of CSIS operational branches.

In recent testimony before Parliament, CSE was asked how it operationalizes its assistance mandate. In its response, CSE stated that information collected under assistance is segregated, returned to CSIS, and belongs to CSIS, emphasizing that CSE effectively acts as an agent of CSIS in supporting section 16 activities. NSIRA is of the view that this is not a complete representation of the lifecycle of information collected by CSE in its assistance. By approving CSE’s section 16 intelligence reports, CSIS effectively releases ownership of this information to CSE, which was not conveyed to the Federal Court by CSIS in its affidavits detailing the reporting and use of section 16 information.

CSE’s treatment and dissemination of this information differs from the stringent standards communicated to the Court by CSIS, particularly when it pertains to Canadian public officials and other sensitive groups. NSIRA believes that fully describing the CII disclosure process during warrant applications is necessary to support the process of imposing any terms and conditions advisable in the public interest, as contemplated by paragraph 21(4)(f) of the CSIS Act.

Given the findings of the review, NSIRA recommended that the Federal Court be fully informed of CSE’s disclosure practices and that, in the interim, CSE cease disclosing CII incidentally collected under the authority of federal court warrants related to section 16 investigations.

Conclusion

NSIRA’s findings and observations over the course of this review indicate that CSE’s implementation of its disclosure regime may not be in compliance with its obligations under the Privacy Act. Throughout this review, CSE has defended practices that NSIRA believes do not reflect a commitment to rigorous implementation of the Privacy Act. Finally, CSE has released CII as part of its assistance to CSIS in a manner that contradicts the procedures communicated to the Federal Court.

Accordingly, NSIRA made a number of recommendations as outlined above, to improve the governance of CSE’s CII disclosure regime and to bring to the attention of the Federal Court important aspects of CSE’s disclosures of information acquired in relation to section 16 of the CSIS Act.

Share this page
Date Modified:

Review Of Departmental Implementation Of The Avoiding Complicity In Mistreatment By Foreign Entities Act For 2019

Completed Reviews

Review Of Departmental Implementation Of The Avoiding Complicity In Mistreatment By Foreign Entities Act For 2019


Backgrounder

In 2011, the Government of Canada implemented a general framework for Addressing Risks of Mistreatment in Sharing Information with Foreign Entities. The framework aimed to establish a coherent and consistent approach across government when sharing and receiving information with Foreign Entities. Following this, Ministerial Direction was issued to applicable departments in 2011 on Information Sharing with Foreign Entities, and then again in 2017 on Avoiding Complicity in Mistreatment by Foreign Entities.

On July 13, 2019, the Avoiding Complicity Act came into force. This Act codifies and enshrines Canada’s commitments in respect to the Canadian Charter of Rights and Freedoms, and Canada’s international legal obligations on prohibiting torture and other cruel and inhumane treatment.

On September 4, 2019, pursuant to section 3 of the Act, the Governor in Council (GiC) issued written directions to the Deputy Heads of the following 12 departments and agencies: Canada Border Services Agency (CBSA), Canada Revenue Agency (CRA), Canadian Security Intelligence Service (CSIS), Communications Security Establishment (CSE), Department of Fisheries and Oceans Canada (DFO), Department of National Defence and Canadian Armed Forces (DND/CAF), Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), Global Affairs Canada (GAC), Immigration, Refugees, and Citizenship Canada (IRCC), Public Safety Canada (PS), the Royal Canadian Mounted Police (RCMP) and Transport Canada (TC).

The GiC issued directions focused on three aspects of handling information when interacting with a foreign entity: the disclosure of information, the requesting of information, and the use of any information received.

Pursuant to section 7 of the Act, every Deputy Head having received direction must, before March 1 of each year, submit to the appropriate Minister a report regarding the implementation of those directions during the previous calendar year. Following this, every Deputy Head must, as soon as feasible after submitting the report, make a version of it available to the public.

Date of Publishing:

Executive Summary

The Avoiding Complicity in Mistreatment by Foreign Entities Act (Avoiding Complicity Act or Act) and its associated directions seek to prevent the mistreatment of any individual as a result of information exchanged between a Government of Canada department and a foreign entity. At the heart of the directions is the consideration of substantial risk, and whether that risk, if present, can be mitigated or not. To do this, the Act and the directions lay out a series of requirements that need to be met or implemented when handling information. This review covers the implementation of the directions sent to 12 departments and agencies from their date of issuance, September 4, 2019, to the end of the previous calendar year, December 31, 2019. It was conducted under subsection 8(2.2) of the National Security and Intelligence Review Agency Act (NSIRA Act), which requires NSIRA to review, each calendar year, the implementation of all directions issued under the Act.

While this was the inaugural annual review under the NSIRA Act, it builds upon previous work in this area undertaken by NSIRA and its predecessor SIRC. NSIRA’s review on the 2017 Ministerial Direction on information sharing with Foreign Entities is an example. The results from this previous review were sent to applicable departments in July 2020. NSIRA is building upon this previous review and strongly supports the findings and recommendations within it. As of the date of this report, departmental responses have not been received regarding the recommendations provided in NSIRA’s July 2020 Ministerial Direction review.

(U) It was essential to ensure that both NSIRA and the departments being reviewed met their obligations under the Avoiding Complicity Act and the NSIRA Act. The approach used to gather information during a global pandemic was purposely designed for this first and unique review period.

To capture a complete view on the departmental implementation, NSIRA requested information that related directly to every department’s specific obligations under the Act and the directions. The responses and associated information captured departmental activities related to the Act during the review period, and what procedures, policies, tools, etc. (frameworks) were leveraged to support these activities. NSIRA believes that having a robust framework is an essential part of an effective implementation of the directions departments have received.

Beyond the specific requirements of implementation, the information provided by the departments also helped to identify gaps, considerations for best practices, and the work departments have undertaken since the review period to build and formalize their frameworks. This information and knowledge will help set up the foundation for future reviews and assist efforts on creating consistent implementation across departments. While many of the issues discussed in this report go beyond the specific requirements of the directions, their consideration is critical to the overall improvement of the implementation process and how departments ultimately support the Act. No case studies were undertaken for this review. However, the information gathered has helped establish a baseline for overarching issues the community is facing. Building on this, future reviews will begin to examine specific sharing framework challenges and questions and look closely at specific cases and departmental legal opinions to guide review findings.

While NSIRA was pleased with the considerable efforts made by many departments new to the Avoiding Complicity Act in building up their supporting frameworks, it was clear during this review that departments are employing very different approaches to guide their information handling activities. The responses received demonstrate various inconsistencies across the departments. Having a consistent and coordinated approach when addressing the concerns related the Act is not a requirement for implementation, however, NSIRA believes that there is value in such an approach. And while departments will always require unique aspects in their sharing frameworks to address the unique characteristics of their mandates and activities, to improve the implementation process, a goal all involved likely have, the identification and sharing of best practices is critical.

For example, determining the best means for having a unified approach when engaging with foreign entities of concern or ensuring that an information sharing activity is consistently evaluated for risk by all departments. The recommendations provided on these issues in this review capture what NSIRA believes to be important concerns and considerations for supporting and improving departmental implementation.

Additionally, as the directives received under the Act do not describe the specific means by which departments ‘implement’ them, it is incumbent on the community to ensure that they have sufficiently robust frameworks and programs in place to fully support an assertion of implementation. Therefore, the information gathered during this review went beyond a strict assessment of implementation, but also considered the aspects required to better support this implementation. Going forward, this approach will help establish the foundation for subsequent reviews. Drawing on the findings and concerns identified here, NSIRA will continue to consider aspects that will ultimately improve underlying frameworks, thereby supporting an improved implementation of the Act across the community.

Authorities

This review was conducted under subsection 8(2.2) of the NSIRA Act, which requires NSIRA to review, each calendar year, the implementation of all directions issued under the Avoiding Complicity Act.

Introduction

Focus of the Act

In the same spirit as the Ministerial Direction (MD) that preceded it, the Avoiding Complicity Act and its associated directions seek to prevent the mistreatment of any individual due to the exchange of information between a Government of Canada department and a foreign entity. The Act also aims to limit the use of information received from a foreign entity that may have been obtained through the mistreatment of an individual. While the previous MD guided the activities of a selection of Canada’s security and intelligence departments, the Act broadened this scope to capture all departments whose interactions with foreign entities included information exchanges where such a concern may apply.

The focus of the Act is to ensure departments take the necessary steps during their information sharing activities to avoid contributing in any way to the mistreatment of an individual. To do this, the Act and the directions lay out a series of requirements that need to be met or implemented when handling information. There is an expectation that each department will satisfy these requirements by leveraging departmentally established mechanisms and procedures, or frameworks that will allow each department to confidently demonstrate how it has responded to its responsibilities under the Act.

During the first year that the Act was in force, written directions using nearly identical language were sent to the Deputy Heads of 12 departments. In regard to disclosure, the directions read as follows:
“If the disclosure of information to a foreign entity would result in a substantial risk of mistreatment of an individual, the Deputy Head must ensure that Department officials do not disclose the information unless the officials determine that the risk can be mitigated, such as through the use of caveats or assurances, and appropriate measures are taken to mitigate the risk.”

With respect to requesting information, the directions state:
“If the making of a request to a foreign entity for information would result in a substantial risk of mistreatment of an individual, the Deputy Head must ensure that Department officials do not make the request for information unless the officials determine that the risk can be mitigated, such as through the use of caveats or assurances, and appropriate measures are taken to mitigate the risk.”

Lastly, as it relates to the use of information, the directions indicate:
“The Deputy Head must ensure that information that is likely to have been obtained through the mistreatment of an individual by a foreign entity is not used by the Department

  • (a) in any way that creates a substantial risk of further mistreatment;
  • (b) as evidence in any judicial, administrative or other proceeding; or
    (c) in any way that deprives someone of their rights or freedoms, unless the Deputy Head or, in exceptional circumstances, a senior official designated by the Deputy Head determines that the use of the information is necessary to prevent loss of life or significant personal injury and authorizes the use accordingly.”

At the heart of the directions is the consideration of substantial risk, and whether that risk, if present, can be mitigated or not. This determination is done on a case-by-case basis. Each department is responsible for making these determinations as it applies to its activities. Following the outcome of a department’s determination of these important questions, cases may be approved, denied, or elevated to the Deputy Head for consideration. For the latter cases, this then results in additional reporting requirements for the Deputy Head. Throughout this process, there is also a requirement to ensure the accuracy, reliability, and limitations of use of all information being handled.

Review Objectives

After the Avoiding Complicity Act came into force in July 2019, the Governor in Council’s written directions were sent to each applicable department in September 2019. The period for this year’s review is September 4, 2019 to December 31, 2019. The short timeframe (approximately 4 months) associated with this year’s review means that departments are being assessed, in large part, on what they would already have had in place to address risks of mistreatment associated with information sharing, or what they were able to implement in a four-month window. NSIRA is cognizant that for the departments that were not previously subject to the 2017 MD on Avoiding Complicity in Mistreatment by Foreign Entities, the timeframe to implement the written directions was somewhat limited, as it would have been challenging to create and operationalize new procedures such that they would be reflected in the department’s activities during the period being reviewed.

While it was essential to ensure that both NSIRA and the departments being reviewed met their obligations, these challenges were kept in mind when evaluating the objectives for this first review. Given these considerations, the objectives of this year’s review were to determine whether:

  • departments had fully implemented the directions received under the Act in conformity with the obligations set out therein;
  • departments had established and operationalized frameworks that sufficiently enabled them to meet the obligations set out in the Act and directions; and,
  • there was consistency in implementation across applicable departments.

Methodology and assessment focus

To capture a complete view of the departmental implementation of the Act, NSIRA constructed a series of questions related directly to every department’s obligations under the Act and the directions. The responses and associated information captured what specific activities took place during the review period and what departmental frameworks were leveraged to adequately support these activities.

The information provided by the departments also helped to identify gaps, considerations for best practices, and the work departments have undertaken to build and formalize their frameworks to meet their obligations under the Act and directions. The information provided and the knowledge gained will help set up the foundation for future reviews and help create consistent implementation across departments.

The method used to gather information during a global pandemic was designed for this first and unique review period. We believe it allowed departments to quickly and efficiently indicate both whether the directions had been implemented, and what frameworks, processes, and policies had been leveraged or put in place.

Responses to many of the RFI questions were simply yes/no answers. Often, answers were dependent on what information handling activities took place with foreign entities by the department during the review period. As such, a number of questions could be returned with ‘not applicable’, and this was an acceptable response. Many of the questions were related to specific and easily defined requirements under the Act and its associated directions, e.g. ‘was a report submitted to the Minister?’ or ‘Did the Deputy Minister inform the applicable bodies of all their decision made under the act?’.

Other questions were designed to capture the details of the underlying processes that supported a department’s implementation, i.e. a department may indicate that they ensured no substantial risk of mistreatment was present in any of their information sharing activities, but how did they support this claim? Likewise, for an assertion that a possible substantial risk of mistreatment had been mitigated, what was in place that allowed a department to make this assertion? Therefore, this series of questions required sufficiently detailed responses to fully capture what a department had in place that allowed it to confidently state that it has met its implementation obligations under the Act and the issued directions.

Finally, a portion of the questions was intended to capture the level of uniformity in implementation across departments. This includes such things as country/entity assessments, triage practices, and record keeping. Much of this information will also help with recommendations going forward. This multi-faceted approach resulted in three main areas being evaluated to assess implementation for this review period and help set the groundwork for future reviews.

  • Departments have clear and comprehensive frameworks, policies, and guidelines such that they can demonstrate how they have fully implemented the directions under the Act.
  • All reporting requirements associated with both the Act and its applicable directions have been met.
  • Differences or gaps associate with areas such as country/entities assessments, record keeping, case triage, etc., such that consistent implementation across departments would be challenging.

Summary of the results table

The table in Annex A captures a summary of both the departmental responses to the implementation questions and NSIRA’s assessment regarding these responses. The assessment was based on the associated details provided by departments in the context of the specific information requested. As explained above, many of the responses were returned as not applicable (n/a). Since many implementation requirements are connected to specific activities, the absence of such activities would mean that the requirement does not come into play. The best example of this for the current review is the absence of any Deputy Minister level determinations. All 12 departments indicated that they did not have any cases referred to the Deputy Minister level for determination. All additional reporting requirements associated with this level of decision were not applicable and thus considered satisfied.

If a specific requirement was not met, it was flagged. The relatively few instances of this were connected with departments not meeting certain reporting obligations under the Act. In all cases, the department involved pre-identified these missing requirements and indicated that efforts were underway to address them.

The concerns and findings captured in the table (and others) are discussed subsequently. A concern was flagged in two situations: where there was an uncertainty associated with a department’s ability to support their implementation requirements; and cross-cutting issues related to general aspects of all of the frameworks described, both of which led to the findings and recommendations proposed.

Findings and Recommendations

Realities of Implementation for 2019

A challenge for departments for this first review was associated with one of the assessment items listed above, i.e. whether they had established frameworks to demonstrate how they supported the implementation of the directions they received.

With the Avoiding Complicity Act coming into force in July 2019, it was not feasible that departments would create and stand-up new frameworks for information exchanges in time for the period being reviewed. Although the Act did specify several Deputy Heads that were to receive directions, it only included those who received the previous 2017 MD. The remaining new departments received their directions in September 2019. Regardless of this two-month difference, each department would have been required to rely on, to some extent, existing procedures when handling information sharing with foreign entities during the review period.

This put the departments that had previously formalized policies and processes at an advantage when implementing the directions. For those departments who were not subject to the previous 2017 MD on information sharing, NSIRA considered how they leveraged and adjusted what was already in place to respond to their new responsibilities under the Act. What we then expected to see, for all departments, was what subsequent steps were taken during the review period and afterwards, to either adjust or create frameworks to better meet implementation requirements going forward. NSIRA noted that in response to questions on frameworks for handling information and mitigating risk, several of the departments new to the considerations of the Act provided extensive detail on their efforts and progress on building out their frameworks to support the directives. References to having these frameworks formalized over the subsequent year were also encouraging.

Finding no. 1: NSIRA found that several departments, new to the considerations of the Act, described considerable progress being made during the review period and afterwards to build out formalized frameworks to support implementation.

Importance of establishing operational framework

As discussed, having fully established operational frameworks in place for this review period may not have been feasible for the departments that did not previously have processes to support their activities. This, however, did not exempt a department from the requirements of implementation. Each department was still expected to leverage what it currently had in place to properly address the concerns associated with the Avoiding Complicity Act. Furthermore, there was a logical follow-on expectation that departments would take subsequent steps to build out formal frameworks to address any perceived gaps to support the implementation of the Act going forward if necessary.

After reviewing the responses received, NSIRA is concerned that departments with minimal information sharing activities taking place during their operations have yet to address the necessity of having a robust framework in place, regardless of how often that framework is leveraged. For example, although PS and TC may primarily act as facilitators or coordinators for information exchanges on specific programs, they are still interacting with foreign entities, and therefore are required to fully assess their interactions with a foreign entity in this regard.

If a department without a formal framework assesses that it has few or no cases associated with the Act, then it may believe it is adequately positioned to address any sharing concerns should they arise. This, however, is not the case. Even single instances of information exchange in which the concerns of the Act may apply require a framework to support it properly. In many cases, it will be the framework itself that properly identifies whether a sharing activity raises concerns under the Act. If there is no formal process in place, then this identification becomes problematic. Simply saying that there are no cases or activities associated with the Act is not sufficient. That determination can only be made after a sharing activity is scrutinized through the lens of a robust framework. Going forward, all departments who receive directions should demonstrate a formal framework that ensures all information sharing activities are adequately evaluated against the considerations of the Act.

Finding no. 2: NSIRA found that departments conducting minimal information exchanges with foreign entities have not yet fully addressed the importance of having an official information sharing framework in place.

Recommendation no. 1: NSIRA recommends that all departments in receipt of directions under the Act have an official framework that ensures they can fully support their implementation of the directions.

Community coordination and best practices

While departmental coordination and the sharing of best practices are not a requirement of the Avoiding Complicity Act or the directions, NSIRA considered such an approach’s value. What became clear during this first review was that every department employs a very different framework to guide their information sharing activities with foreign entities. This is to be expected to some extent, given the different mandates, sharing requirements, and areas of focus associated with each department. However, these differences are also a reflection of the independent, internal development that has taken place for the different frameworks being used. While the departments receiving directions under the Act do interact on this subject to some extent, to date, based on the responses provided, it appears that the majority of the work done by the departments to build supporting frameworks to address their responsibilities associated with the Act have been done so independently. There was little to no overlap with how departments described the various aspects of their frameworks, even amongst the departments subject to the earlier MD on this issue.

There would be value in departments collectively identifying the key aspects common or required in all information exchanges with foreign entities and then working together to craft best practices, irrespective of what a department currently has in place. This process should draw on all available resources to make this determination. Each department can then turn to their existing frameworks to consider where and how they can be adjusted to match this community-agreed upon ideal. This is not to say that aspects of what a department already has in place in their framework will not ultimately be seen as the best practice. Several departments do have robust sharing frameworks in place, and these will contribute significantly to this exercise. However, arriving at this determination independently will provide an additional level of confidence.

Department-specific challenges, of course, cannot be ignored. In fact, they will weigh in strongly on such a conversation. Departments share information under their mandates for various reasons, and this will mean that coordination on certain aspects of a sharing framework may not be possible. However, this needs to be evaluated. It is important that what already exists, or what is hard change, does not unduly influence what may be best. This approach will create uniformity (where possible) across the community and provide a starting point for ‘must haves’ for each department to evaluate their existing processes against.

The Public Safety Information Sharing Coordination Group (ISCG) was established to support departments on information sharing. As such, it is in an ideal position to help mitigate issues arising from the lack of coordination. Leading such efforts would build on the work already being done by this group. During recent discussions with NSIRA, the ISCG indicated that the tracking of lessons learned and the sharing of best practices was not yet routine. Going forward, there would be value in a more coordinated effort when departments are updating/changing their framework. Ensuring that this coordination takes place will require support and leadership by senior-level officials. This will help in sharing best practices once identified, and establish more consistent approaches across departments.

Finding no. 3: NSIRA found that the differences and variability in departmental frameworks demonstrate a previous lack of coordination across the community and a need to identify best practices.

Recommendation no. 2: NSIRA recommends that departments coordinate to identify best practices for all essential components of information sharing frameworks and that the ISCG is leveraged to ensure these practices are shared where possible across the community to support the implementation of the Act.

Framework application inconsistency

A series of questions in this review was related to aspects of consistency in how departments apply their frameworks. From this series, a comparison was made on how many times an information sharing/use event triggered an evaluation of any kind against the considerations of the Avoiding Complicity Act, versus how many of these triaged cases were elevated or referred up for decision. The results helped gauge two important aspects of a framework: One, the threshold requirements, i.e. how often a sharing activity triggers an evaluation of any kind; and two, the decision making power given to the operators who are initially handling these activities.

The feedback and the responses received demonstrate potential inconsistencies in both aspects across departments. For example, several departments indicated zero cases as being triaged/evaluated under the concerns of the Act during the review period, yet also specified that they are involved in regular information sharing or, specified that no information received from foreign entities was derived from mistreatment. These responses appear to be inconsistent as it would be problematic to participate in information sharing or to make such mistreatment determinations without the activity being evaluated on some level.

Other departments indicated a larger number of cases as initial triaged/evaluated, but also indicated that none of them were elevated in their decision making process for higher-level decisions. This would seem to suggest that all determinations were being made at the operational level. Such a result puts significant weight on the operator and the initial assessment tools they are leveraging if they are making all determinations independently. This reinforces the importance of a robust framework to help make these determinations, as previously indicated in Finding no. 2. As a result of these differences, potential challenges arise on accurately assessing the volume of cases being handled by departments, the tracking of those cases deemed to present a substantial risk, those which can be mitigated for, and those where the risk was not found to be substantial or even present.

These responses may result from how each department defines a ‘case’ or how it records a case, or they may be a result of differences in how a department’s decision-making process is leveraged. NSIRA’s concern is that these differences may indicate an inconsistency in application thresholds at different departments. As such, the following results were viewed as a potential issue based on the responses received:

  • if a department was involved in any kind for information exchange with a foreign entity during the review period, but did not indicate that any cases were formally triaged/evaluated; or
  • if there was a significant number of cases triaged, but none were elevated to a higher level for determination.

Such results do not necessarily indicate a problem as aspects of a framework may be able to account for this, however, looking further into how and why the department’s framework produced these outcomes is important. Future reviews will be able to do this. Consistent initial steps for information sharing activities, including triage/evaluation thresholds and documentation, are critical to the effective application of a framework, and ultimately to identifying best practices.

Finding no. 4: NSIRA found that there are inconsistencies in the application of existing sharing frameworks between departments, specifically concerning information evaluation thresholds, and decisions being elevated for senior level determinations,

Recommendation no. 3: NSIRA recommends that departments establish consistent thresholds for triggers in their information sharing frameworks, including initial evaluations against the concerns of the Act, when a case is to be elevated in the decision process, and how this is documented.

Country and entity assessments

A key recommendation of NSIRA’s previous review on information sharing related to the country/entity assessments being used by departments to inform their decision making process when sharing or using information with a foreign entity. While the use of country/entity assessments is not a required aspect of implementing the directions under the Act, NSIRA continues to support this tool as an important aspect of any sharing framework. In its previous review, NSIRA determined that having a firm grasp on the human rights situation, as well as any other pertinent information associated with a country/entity, was essential to making an informed decision on whether there should be concerns, caveats, or limitations when handling information with that country/entity. Moreover, having such information captured to ensure all departments consistently approach these countries/entities is critical. At the time of the previous review, the following recommendation was made:

  • a unified set of assessments of the human rights situations in foreign countries including as standardized ‘risk of mistreatment’ classification level for each country; and
  • to the extent that multiple departments deal with the same foreign entities in a given country, standardized assessments of the risk of mistreatment of sharing information with foreign entities.

It is important to note that there has been no formal response from departments on this previous recommendation as of the date of this report. Furthermore, during this report, two departments continue to raise concerns with NSIRA’s stance on this issue during the consultation process. While NSIRA continues to support this recommendation, as explained below, further discussions with departments on how to approach this matter may be warranted, specifically on the distinction between how this recommendation may apply to a foreign country/entity vs a specific foreign partner a department may be dealing with.

Based on the responses provided on this topic for the current review period, there is still inconsistency in this area. While almost all departments indicated that country/entity assessments were a standard part of their framework, the responses also indicate differences in which country assessments are used, how they are leveraged, and who is responsible for updating them. For example, several departments rely on their own in-house created assessments, while others leverage the assessments created by Global Affairs Canada and others. While departments who indicated that they are leveraging country/entity assessment tools in their process also indicated that these assessments captured human rights concerns, this has yet to be independently evaluated. NSIRA is concerned that these differences could result in different approaches/stances being taken by departments when dealing with the same foreign entity. While the country/entity assessments tools themselves are not necessarily in question, the fact that every department is not leveraging or does not have access to all useful or applicable information is.

NSIRA remains of the view that having a consistent stance on all countries and entities when implementing the requirements of the Act is important. Issues such as mistreatment and human rights should not be decided at a departmental level, but on a whole-of-government level. While mindful of classification levels, ensuring all departments have access to the same relevant information associated with a foreign country/entity is critical to making an informed decision. Due to the nature of their work, departments may be privy to unique information on a country/entity, some or all of which can be shared. This would lead to fully informed assessments that allow for a consistent approach when dealing with any country/entity. In addition to improving duplication of effort in this area by departments, NSIRA continues to see standardized country and entity assessments, which can be accessed and contributed to by all departments, as key to moving toward a more consistent and effective implementation of the Act across the community

Finding no. 5: NSIRA found a lack of unification and standardization in the country and entity assessments being leveraged by departments, resulting in inconsistencies in approach/stance by the community when interacting with Foreign Entities of concern related to the Act.

Recommendation no. 4: NSIRA recommends that departments identify a means to establish unified and standardized country and entity risk assessment tools to support a consistent approach by departments when interacting with Foreign Entities of concern under the Act.

Conclusion

While aspects of implementation can be easily quantified and evaluated e.g. reporting requirements to a Minister, others, which support implementation are more difficult to measure, e.g.:

  • What does a sufficiently robust framework for assessing and mitigating risk when sharing with a foreign entity look like?
  • Does this depend on the specific requirements and activities of the department; or,
  • Are there steps that should always be involved when vetting a foreign entity under the considerations of the Act?

Measuring and weighing the answers to such questions is challenging. They are more nuanced, and can’t be as easily quantified. Regardless, they must be considered and addressed. Drawing on the considerations and concerns identified in this review will help departments to ask the questions that will improve their underlying frameworks with the following goals in mind:

  • To identify the essential/key elements that need to be a part of any framework for it to address the concerns associated with the Avoiding Complicity Act sufficiently; and,
  • To have all identified best practices implemented as consistently as possible across departments.

Future reviews will push towards these goals by seeking answers to those questions above. By looking more closely at specific case studies, departmental legal opinions, items of inconsistency, and the departmental frameworks that are already demonstrating best practices that should be shared. Ultimately the results of such efforts will contribute to improving the implementation of the Act across the community.

Share this page
Date Modified:

Departmental Plan: 2021-2022

Meta data information

Cat. Number: PS106-6E-PDF
ISSN: 2563-0334

© Her Majesty the Queen in Right of Canada, 2020

Date of Publishing:

From the Executive Director

I am very pleased to present the 2021–22 Departmental Plan for the National Security and Intelligence Review Agency (NSIRA). The year ahead will build on a very successful 2020–21, in which we achieved several key milestones for our new agency, despite the challenges imposed on us and the organizations we review as a result of the COVID-19 pandemic.

In 2021–22, we will be continuing to implement NSIRA’s three-year review plan, which emphasizes reviews of increasing scale and complexity as we become familiar with the operations of departments and agencies that have only recently become subject to review.

In the year ahead, we will also roll out a new process for taking in and investigating complaints from members of the public. Multiple key stakeholders will help to shape this new process, which aims to provide greater accessibility and greater timeliness to our complaints investigation function.

Significant efforts to scale up our operations will continue in 2021–22, including expanding to a second site, recruiting staff across all business lines, and continuing our support to staff working from home. In all aspects, we will continue to prioritize our staff’s health and safety as we build on our successes and pursue ambitious organizational goals. We will also continue to emphasize diversity and inclusion in the workplace, including developing an employment equity strategy.

More details on this and other initiatives are found in this report. I hope that it helps inform Canadians of NSIRA’s priorities for the year ahead.

John Davies
Executive Director

Plans at a glance

Over the coming year, NSIRA will continue its ambitious review agenda, based on the three-year review plan established in 2020–21. This will include mandatory reviews related to the Canadian Security Intelligence Service (CSIS), the Communications Security Establishment (CSE), the Security of Canada Information Disclosure Act and Governor in Council directions under the Avoiding Complicity in Mistreatment by Foreign Entities Act. NSIRA will also continue to expand the agency’s knowledge of departments and agencies not previously subject to expert review, including through the conduct of interagency reviews and by “following the thread” of activities from one agency to another. Of note, in 2021–22, NSIRA will continue its comprehensive review, announced in July 2020, to fully identify the systemic, governance and cultural shortcomings and failures that resulted in CSIS engaging in illegal activity and a related breach of candour to the Federal Court.

In 2021–22, NSIRA will also focus on implementing a new model for investigating complaints. This work will be rooted in the development of new rules of procedure, which will be implemented after consultation with key stakeholders in the year ahead. The goals of this process are to enhance access to justice for complainants and to ensure that NSIRA investigates complaints in a timely manner.

An important responsibility over the coming year will be further adapting operations to the conditions imposed by the COVID-19 pandemic, with a priority on maintaining a safe and healthy work environment. NSIRA will also emphasize employment equity, diversity and inclusion as a major corporate theme over the year ahead, including training staff on key concepts.

For more information on NSIRA’s plans, priorities and planned results, see the “Core responsibilities: planned results and resources, and key risks” section of this report.

Core responsibilities: planned results and resources, and key risks

This section contains detailed information on the department’s planned results and resources for each of its core responsibilities. It also contains information on key risks related to achieving those results.

National Security and Intelligence Reviews and Complaints Investigations

Description

NSIRA reviews Government of Canada national security and intelligence activities to assess whether they are lawful, reasonable and necessary. It investigates complaints from members of the public regarding activities of CSIS, CSE or the national security activities of the Royal Canadian Mounted Police (RCMP), as well as certain other national security–related complaints. This independent scrutiny contributes to the strengthening of the framework of accountability for national security and intelligence activities undertaken by Government of Canada institutions and supports public confidence in this regard.

Planning highlights

In support of this outcome, in 2021–22, NSIRA will implement an ambitious review agenda. It will continue to review the activities of CSIS and CSE to provide responsible ministers and the Canadian public with an informed assessment of these activities, including their lawfulness, reasonableness and necessity. NSIRA will also build on the knowledge it has acquired of departments and agencies, such as the RCMP, the Canada Border Services Agency, Immigration, Refugees and Citizenship Canada, and the Department of National Defence and Canadian Armed Forces. Using that knowledge, NSIRA will ensure these organizations’ national security or intelligence activities are independently verified and assessed. NSIRA is committed to transcending the silos that have characterized national security review until now, and will “follow the thread” of an activity between agencies to ensure its assessments reflect the complex and interwoven approach Canada takes to national security.

In 2021–22, NSIRA will complete its review of the systemic, governance and cultural factors that led to CSIS engaging in illegal activity and breaching its duty of candour to the Federal Court. This review is being conducted jointly by two NSIRA members, the Honourable Marie Deschamps, a former justice of the Supreme Court of Canada, and Craig Forcese, a professor in the Faculty of Law at the University of Ottawa. This matter was referred to NSIRA by the Minister of Public Safety and Emergency Preparedness and the Minister of Justice. NSIRA is confident its findings and recommendations will play a constructive role in ensuring that future national security activities reflect Canadians’ expectations of these fundamental institutions.

NSIRA is committed to ensuring its review agenda remains responsive and topical. In 2021–22, NSIRA will continue to engage with community stakeholders to understand their concerns surrounding national security and intelligence activities. NSIRA will ensure that matters of equity and non-discrimination are reflected in its review agenda. NSIRA’s work must also be accessible to the public and civil society. In 2021–22, NSIRA will increase its activities on Twitter and ensure that the agency’s processes, methodologies and findings are readily available on its website. NSIRA will proactively publish unclassified versions of its reports throughout the year. The annual report will continue to summarize NSIRA’s review findings and recommendations in context, situating these elements within a broader discussion of the key trends and challenges NSIRA has observed over the year.

In 2021–22, NSIRA will continue to draw on the close relationships it has established with the National Security and Intelligence Committee of Parliamentarians and the Office of the Privacy Commissioner. The agency will coordinate its activities to ensure review is efficient and comprehensive, and avoids unnecessary duplication of effort. NSIRA is also developing close ties to its international equivalents. It will host a conference in 2021–22 that will bring together review agency representatives from Canada, the United States, Australia, New Zealand and the United Kingdom to discuss artificial intelligence and other topics of common interest. NSIRA will also deploy multidisciplinary review teams in 2021–22, leveraging the integrated expertise of researchers, lawyers and technical experts right from the start. This will ensure NSIRA reviews reflect a sound understanding of many complex issues, and that the agency is equipped to provide clear, precise analysis of the impacts of new technology in an ever-changing national security environment.

In 2021–22, NSIRA will also strengthen institutions’ accountability and enhance public confidence by ensuring consistency, quality and timeliness in investigating national security–related complaints. The independent investigation of complaints plays a critical role in maintaining public confidence in Canada’s national security institutions. In 2021–22, NSIRA will continue to offer an informal resolution process to complement the investigative process to respond to complaints. NSIRA also developed new rules of procedure to ensure timeliness in the investigation of complaints. The ambition is to ensure access to justice. New service standards to be set in January 2021 will enable baseline measurements to be established in 2021–22.

Gender-based analysis plus

In 2021–22, NSIRA will undertake several initiatives related to employment equity, diversity and inclusion. Incorporating baseline data derived from employee self-identification, NSIRA will develop an employment equity strategy to increase representation and to ensure it reflects the diversity of the Canadian public, which it serves.

Training and learning events for staff on issues related to systemic discrimination will continue over the coming year. These activities will ensure a common understanding of key concepts and build a corporate culture that promotes the values of diversity and inclusion in the workplace.

Work will continue in 2021–22 to incorporate analysis of bias and discrimination into reviews and complaints investigations. NSIRA will also work with centres of excellence within the Government of Canada to enhance its understanding of how gender-based analysis plus concepts can be more formally integrated into its work.

Finally, NSIRA will build on outreach and engagement conducted over the past year to expand its range of stakeholder partnerships and learn more about concerns related to the differential impacts of national security and intelligence activities.

Key risks

NSIRA’s ability to access the information it needs to do its work and speak to the relevant stakeholders to understand policies, operations and ongoing issues is closely tied to the capacity of the organizations being reviewed to respond to NSIRA’s demands. The resource constraints of those organizations might continue to be compounded next year by disruptions stemming from the COVID-19 pandemic. This presents a risk of hindering NSIRA’s ability to deliver on its mandate in a timely way. NSIRA is mitigating this risk by ensuring clear communication about information requests and by setting review priorities.

The physical distancing precautions required by the COVID-19 pandemic might continue to be needed in 2021–22. This would limit employees’ access to NSIRA offices and to classified physical and electronic documents. Such restrictions could slow NSIRA’s ability to deliver on its mandate in a timely way and limit the frequency and type of outreach NSIRA can do in person. The pandemic also complicates the recruitment, on-boarding and training of new review staff. NSIRA is mitigating these risks by adapting its office space and investing in communications technology. It will continue to innovate to enable its operations and engage virtually with stakeholders, departments and agencies.

Departmental results Departmental result indicator Target Date to achieve target 2017-18 actual results* 2018-19 actual results* 2019-20 actual results*
*Because NSIRA was created on July 12, 2019, there is no comparative information to provide for 2017–18 and 2018–19. Actual results for 2019–20 are not available as the new Departmental Results Framework in the changeover from the Security Intelligence Review Committee (SIRC) to NSIRA was being developed. This new framework is for measuring and reporting on results achieved starting in 2021–22.
Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary All mandatory reviews are completed on an annual basis 100% completion of mandatory reviews 2021-22 Not applicable (N/A) N/A N/A
Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year At least one national security or intelligence activity is reviewed in at least five departments or agencies annually 2021-22 N/A N/A N/A
All Member-approved high priority national security or intelligence activities are reviewed over a three- year period 100% completion over three years; at least 33% completed each year 2021-22 N/A N/A N/A
National security-related complaints are independently investigated in a timely manner Percentage of investigations completed within NSIRA service standards 90% 2021-22 N/A N/A N/A

Financial, human resources and performance information for NSIRA’s program inventory is available in the GC InfoBase.

Planned budgetary financial resources for assisting the National Security and Intelligence Review Agency

2021–22 budgetary spending (as indicated in Main Estimates) 2021–22 planned spending 2022–23 planned spending 2023–24 planned spending
12,047,835 12,047,835 10,740,923 10,744,262

Financial, human resources and performance information for NSIRA’s program inventory is available in the GC InfoBase.

Planned human resources for assisting the National Security and Intelligence Review Agency

2021–22 planned full-time equivalents 2022–23 planned full-time equivalents 2023–24 planned full-time equivalents
69.0 69.0 69.0

It is expected that NSIRA will be at full capacity by the close of 2021–22 to fulfil its new mandate.

Financial, human resources and performance information for NSIRA’s program inventory is available in the GC InfoBase.

Internal Services: planned results

Description

Internal Services are those groups of related activities and resources that the federal government considers to be services in support of Programs and/or required to meet corporate obligations of an organization. Internal Services refers to the activities and resources of the 10 distinct services that support Program delivery in the organization, regardless of the Internal Services delivery model in a department. These services are:

  • Management and Oversight Services
  • Communications Services
  • Legal Services
  • Human Resources Management Services
  • Financial Management Services
  • Information Management Services
  • Information Technology Services
  • Real Property Management Services
  • Materiel Management Services
  • Acquisition Management Services

Planning highlights

A key priority in the coming year will be Internal Services support and leadership with respect to the development and implementation of effective employment equity, diversity and inclusion strategies.

NSIRA will also continue to leverage technologies and proven information management practices to increase the effectiveness of operations as the agency continues to operate under COVID-19 pandemic conditions.

The ability of NSIRA to continue its rapid increase in personnel will be contingent on effective Internal Services functions. As a result, over the coming year, NSIRA will continue to invest in and strengthen its frameworks for human resources management, information technology and security, and continue to implement its accommodation strategy.

Planned budgetary financial resources for Internal Services

2021–22 budgetary spending (as indicated in Main Estimates) 2021–22 planned spending 2022–23 planned spending 2023–24 planned spending
18,147,084 18,147,084 15,386,717 7,691,725

Planned human resources for Internal Services

2021–22 planned full-time equivalents 2022–23 planned full-time equivalents 2023–24 planned full-time equivalents
31.0 31.0 31.0

Financial, human resources and performance information for NSIRA’s program inventory is available in the GC InfoBase.

Spending and human resources

This section provides an overview of the department’s planned spending and human resources for the next three consecutive fiscal years, and compares planned spending for the upcoming year with the current year’s spending.

Planned spending

Departmental spending 2018–19 to 2023–24

The following graph presents planned (voted and statutory) spending over time.

Departmental spending trend graph
2018-19 2019-20 2020-21 2021-22 2022-23 2023-24
Statutory 0 371,057 1,056,362 1,704,632 1,704,632 1,704,632
Voted 0 5,254,250 16,662,479 28,490,287 24,423,008 16,731,355
Total 0 5,625,250 17,718,841 30,194,919 26,127,640 18,435,987

Because NSIRA was created in July 2019, the actual expenditures of fiscal year 2019–20 do not reflect a full fiscal year of spending. The increase from 2019–20 to 2020–21 is also explained by growth in personnel and the initiation of accommodation, infrastructure and systems investments that were delayed from the previous fiscal year.

Fiscal years 2021–22 to 2023–24 present planned spending based on approved authorities. The fluctuation in planned spending between fiscal year 2020–21 to 2023–24 is mainly explained by funds earmarked for the completion of accommodation, infrastructure and systems projects.

When compared with the Departmental Plan from the previous year, the change in planned spending for 2021–22 and 2022–23 is largely resulting from a reprofile of funding from 2019–20 to 2021–22 and 2022–23 to align funding with the delayed projects noted.

Planned spending for 2023–24 shows the ongoing financial authorities after completion of the office expansion project.

Budgetary planning summary for core responsibilities and Internal Services (dollars)

The following table shows actual, forecast and planned spending for NSIRA’s core responsibility and for Internal Services for the years relevant to the current planning year.

Core responsibilities and Internal Services 2017–18 expenditures 2018–19 expenditures 2019–20 forecast spending 2020–21 budgetary spending (as indicated in Main Estimates) 2020–21 planned spending 2021–22 planned spending 2022–23 planned spending
* Because NSIRA was created on July 12, 2019, there is no comparative information to provide for prior years. Numbers for 2019–20 are for the reporting period of July 12, 2019 – March 31, 2020.
National Security and Intelligence Reviews and Complaints Investigations N/A 3,009,066 6,716,166 12,047,835 12,047,835 10,740,923 10,744,262
Subtotal N/A 3,009,066 6,716,166 12,047,835 12,047,835 10,740,923 10,744,262
Internal Services N/A 2,616,241 11,002,675 18,147,084 18,147,084 15,386,717 7,691,725
Total N/A 5,625,307 17,718,841 30,194,919 30,194,919 26,127,640 18,435,987

Planned human resources

The following table shows actual, forecast and planned full-time equivalents (FTEs) for the core responsibility in NSIRA’s departmental results framework and for Internal Services for the years relevant to the current planning year.

Human resources planning summary for core responsibilities and Internal Services

Core responsibilities and Internal Services 2018-19 Actual full-time equivalents 2019-20 Actual full-time equivalents 2020-21 Forecast full-time equivalents 2021-22 Planned full-time equivalents 2022-23 Planned full-time equivalents 2023-24 Planned full-time equivalents
* Because NSIRA was created on July 12, 2019, there is no comparative information to provide for prior years. Numbers for 2019–20 are for the reporting period of July 12, 2019 – March 31, 2020.
Assist the National Security and Intelligence Review Agency N/A 17.5 44.1 69.0 69.0 69.0
Subtotal N/A 17.5 44.1 69.0 69.0 69.0
Internal Services N/A 11.2 23.6 31.0 31.0 31.0
Total N/A 28.7 67.7 100.0 100.0 100.0

Over the course of 2019–20, funding for an additional 26 FTEs was received to account for NSIRA’s expanded mandate. It is expected that NSIRA will be at full capacity by the close of 2021–22 to fulfil its new mandate.

Estimates by vote

Information on NSIRA’s organizational appropriations is available in the 2021–22 Main Estimates.

Condensed future-oriented statement of operations

The future-oriented condensed statement of operations provides an overview of NSIRA’s operations for 2020–21 to 2021–22.

The amounts for forecast and planned results in this statement of operations were prepared on an accrual basis. The amounts for forecast and planned spending presented in other sections of the Departmental Plan were prepared on an expenditure basis. Amounts may therefore differ.

A more detailed future-oriented statement of operations and associated notes, including a reconciliation of the net cost of operations to the requested authorities, are available on NSIRA’s website.

Future-oriented Condensed statement of operations for the year ending March 31, 2022 (dollars)

Financial information 2020-21 Forecast results 2021-22 Planned results Difference (2021-22 planned results minus 2020-21 Forecast results)
Total expenses 17,695,822 28,235,300 10,539,478
Total revenues
Net cost of operations before government funding and transfers 17,695,822 28,235,300 10,539,478

The difference between the 2021–22 planned results and 2020–21 forecast results is mostly explained by $8.5M of planned accommodation, infrastructure and systems project costs. It is also explained by the increase in personnel to reach NSIRA’s full capacity of 100 FTE’s by the close of 2021–22.

Corporate Information

Organizational profile

Appropriate minister: The Right Honourable Justin Trudeau, Prime Minister of Canada
Institutional head: John Davies, Executive Director
Ministerial portfolio: Privy Council Office
Enabling instrument: National Security and Intelligence Review Agency Act
Year of incorporation / commencement: 2019

Raison d’être, mandate and role: who we are and what we do

“Raison d’être, mandate and role: who we are and what we do” is available on NSIRA‘s website.

Operating context

Information on the operating context is available on NSIRA’s website.

Reporting framework

NSIRA’s Departmental Results Framework, with accompanying results and indicators, is under development. Additional information on key performance measures will be included in the 2021- 22 Departmental Plan.

Core Responsibility: National Security and Intelligence Reviews and Complaints Investigations
Departmental Results Framework Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary Indicator: All mandatory reviews are completed on an annual basis Internal Services
Indicator: Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year
Indicator: All Member-approved high priority national security or intelligence activities are reviewed over a three-year period
National security-related complaints are independently investigated in a timely manner Indicator: Percentage of investigations completed within NSIRA service standards
Program Inventory Program: National security and intelligence activity reviews and complaints investigations

The changeover of the Security Intelligence Review Committee (SIRC) to NSIRA required significant changes to the Departmental Results Framework, expected results and indicators. With NSIRA’s broader mandate, these changes now provide a framework for measuring and reporting on results achieved starting in 2021–22 and beyond.

Changes to the approved reporting framework since 2020-21

Structure 2020-21 2021-22 Change Reason for change
Total expenses Investigations of Canadian Security Intelligence Service’s (CSIS’s) operational activities National Security and Intelligence Reviews and Complaints Investigations New Core responsibility New Departmental Results Framework
Programs Review of CSIS’s operations National security and intelligence activity reviews and complaints investigations New Program New Departmental Results Framework
Investigation of complaints against CSIS

Supporting information on the program inventory

Supporting information on planned expenditures, human resources, and results related to NSIRA’s program inventory is available in the GC InfoBase.

Supplementary information tables

The following supplementary information tables are available on NSIRA‘s website.

  • Departmental Sustainable Development Strategy
  • Gender-based analysis plus

Federal tax expenditures

NSIRA’s Departmental Plan does not include information on tax expenditures that relate to its planned results for 2021–22.

Tax expenditures are the responsibility of the Minister of Finance, and the Department of Finance Canada publishes cost estimates and projections for government-wide tax expenditures each year in the Report on Federal Tax Expenditures.[xi] This report provides detailed information on tax expenditures, including objectives, historical background and references to related federal spending programs, as well as evaluations, research papers and gender-based analysis. The tax measures presented in this report are solely the responsibility of the Minister of Finance.

Organizational contact information

National Security and Intelligence Review Agency
P.O. Box 2430, Station “D” Ottawa, Ontario
K1P 5W5

Telephone: The phone number is temporarily disabled
Fax: 613-907-4445
Email: info@nsira-ossnr.gc.ca
Website: www.nsira-ossnr.gc.ca

Appendix: definitions

appropriation (crédit)

Any authority of Parliament to pay money out of the Consolidated Revenue Fund.

budgetary expenditures (dépenses budgétaires)

Operating and capital expenditures; transfer payments to other levels of government, organizations or individuals; and payments to Crown corporations.

core responsibility (responsabilité essentielle)

An enduring function or role performed by a department. The intentions of the department with respect to a core responsibility are reflected in one or more related departmental results that the department seeks to contribute to or influence.

Departmental Plan (plan ministériel)

A report on the plans and expected performance of an appropriated department over a 3‑year period. Departmental Plans are usually tabled in Parliament each spring.

departmental priority (priorité)

A plan or project that a department has chosen to focus and report on during the planning period. Priorities represent the things that are most important or what must be done first to support the achievement of the desired departmental results.

departmental result (résultat ministériel)

A consequence or outcome that a department seeks to achieve. A departmental result is often outside departments’ immediate control, but it should be influenced by program-level outcomes.

departmental result indicator (indicateur de résultat ministériel)

A quantitative measure of progress on a departmental result.

departmental results framework (cadre ministériel des résultats)

A framework that connects the department’s core responsibilities to its departmental results and departmental result indicators.

Departmental Results Report (rapport sur les résultats ministériels)

A report on a department’s actual accomplishments against the plans, priorities and expected results set out in the corresponding Departmental Plan.

experimentation (expérimentation)

The conducting of activities that seek to first explore, then test and compare the effects and impacts of policies and interventions in order to inform evidence-based decision-making, and improve outcomes for Canadians, by learning what works, for whom and in what circumstances. Experimentation is related to, but distinct from innovation (the trying of new things), because it involves a rigorous comparison of results. For example, using a new website to communicate with Canadians can be an innovation; systematically testing the new website against existing outreach tools or an old website to see which one leads to more engagement, is experimentation.

full‑time equivalent (équivalent temps plein)

A measure of the extent to which an employee represents a full person‑year charge against a departmental budget. For a particular position, the full‑time equivalent figure is the ratio of number of hours the person actually works divided by the standard number of hours set out in the person’s collective agreement.

gender-based analysis plus (GBA Plus) (analyse comparative entre les sexes plus [ACS Plus])

An analytical process used to assess how diverse groups of women, men and gender-diverse people experience policies, programs and services based on multiple factors including race ethnicity, religion, age, and mental or physical disability.

government-wide priorities (priorités pangouvernementales)

For the purpose of the 2020–21 Departmental Results Report, those high-level themes outlining the government’s agenda in the 2019 Speech from the Throne, namely: Fighting climate change; Strengthening the Middle Class; Walking the road of reconciliation; Keeping Canadians safe and healthy; and Positioning Canada for success in an uncertain world.

horizontal initiative (initiative horizontale)

An initiative where two or more federal organizations are given funding to pursue a shared outcome, often linked to a government priority.

non‑budgetary expenditures (dépenses non budgétaires)

Net outlays and receipts related to loans, investments and advances, which change the composition of the financial assets of the Government of Canada.

performance (rendement)

What an organization did with its resources to achieve its results, how well those results compare to what the organization intended to achieve, and how well lessons learned have been identified.

performance indicator (indicateur de rendement)

A qualitative or quantitative means of measuring an output or outcome, with the intention of gauging the performance of an organization, program, policy or initiative respecting expected results.

performance reporting (production de rapports sur le rendement)

The process of communicating evidence‑based performance information. Performance reporting supports decision making, accountability and transparency.

plan (plan)

The articulation of strategic choices, which provides information on how an organization intends to achieve its priorities and associated results. Generally, a plan will explain the logic behind the strategies chosen and tend to focus on actions that lead to the expected result.

planned spending (dépenses prévues)

For Departmental Plans and Departmental Results Reports, planned spending refers to those amounts presented in Main Estimates.

A department is expected to be aware of the authorities that it has sought and received. The determination of planned spending is a departmental responsibility, and departments must be able to defend the expenditure and accrual numbers presented in their Departmental Plans and Departmental Results Reports.

program (programme)

Individual or groups of services, activities or combinations thereof that are managed together within the department and focus on a specific set of outputs, outcomes or service levels.

program inventory (répertoire des programmes)

Identifies all the department’s programs and describes how resources are organized to contribute to the department’s core responsibilities and results.

result (résultat)

A consequence attributed, in part, to an organization, policy, program or initiative. Results are not within the control of a single organization, policy, program or initiative; instead they are within the area of the organization’s influence.

statutory expenditures (dépenses législatives)

Expenditures that Parliament has approved through legislation other than appropriation acts. The legislation sets out the purpose of the expenditures and the terms and conditions under which they may be made.

target (cible)

A measurable performance or success level that an organization, program or initiative plans to achieve within a specified time period. Targets can be either quantitative or qualitative.

voted expenditures (dépenses votées)

Expenditures that Parliament approves annually through an appropriation act. The vote wording becomes the governing conditions under which these expenditures may be made.

Share this page
Date Modified:

National Security and Intelligence Review Agency Annual Report 2019

Backgrounder

The report focuses on NSIRA’s initial review work from July 2019 through December 2019, and also includes discussion of previously unreleased reviews by predecessor organizations, namely the Security Intelligence Review Committee (SIRC) and the Office of the Communications Security Establishment Commissioner (OCSEC). We discuss Canada’s complex, interwoven approach to national security through the cross-cutting themes of intelligence collection, safeguarding, information sharing, and intelligence informed actions.  Highlights include:

  • Legal issues regarding new technologies;
  • Ongoing concerns related to the duty of candour owed by CSIS to the Federal Court;
  • Issues concerning CSIS’s use of the polygraph;
  • CSE privacy protection practices; and,
  • Inconsistent approaches to how Canada avoids mistreatment when sharing information abroad.

NSIRA’s mandate also brings together the investigation of complaints related to national security made by members of the public. The report describes issues related to complaints from 2019, emphasizing our commitment to modernizing the complaints investigation process to ensure greater timeliness and accessibility. We also raise concerns concerning gaps in the current legal framework for “whistleblowing as it relates to the national security community.”

Our annual report discusses our organization’s underlining values, particularly our desire to be more accessible in our work, reach a broader audience, and have our review priorities and complaints process informed by engaging communities who feel they are affected by national security and intelligence activities.

 “We hope that our annual report will both inform Canadians as to how their national security agencies protect us and give them confidence that strong accountability and transparency mechanisms are in place and working as intended. We look forward to engaging Canadians on the report’s findings.”

–The Honourable Dr. Ian Holloway, P.C., C.D., Q.C. (NSIRA Interim Chair)—

Date of Publishing:

Dear Prime Minister,

On behalf of the National Security and Intelligence Review Agency, it is my pleasure to present you with our first annual report. Consistent with subsection 38(1) of the National Security and Intelligence Review Agency Act, the report includes information about our activities in 2019, as well as our findings and recommendations. Pursuant to transitional provisions 12(1) and 12(2) of the National Security Act, 2017, this report also includes information that our predecessor organizations, the Security Intelligence Review Committee and the Office of the Communications Security Establishment Commissioner, had not yet reported on publicly.

In accordance with paragraph 52(1)(b) of the National Security and Intelligence Review Agency Act, our report was prepared after consultation with the deputy heads concerned in an effort to ensure that it does not contain information the disclosure of which would be injurious to national security, national defence or international relations, or is information that is subject to solicitor-client privilege or the professional secrecy of advocates and notaries or to litigation privilege.

Yours sincerely,

The Honourable Dr. Ian Holloway, P.C., C.D., Q.C.
Acting Chair
National Security and Intelligence Review Agency

Committee message

We are proud to present the first annual report of the National Security and Intelligence Review Agency (NSIRA) for work undertaken in 2019. Our enabling legislation requires us to present a report to Parliament each year with respect to our activities during the previous calendar year, including any reviews not yet made public by our predecessor organizations, the Security Intelligence Review Committee, and the Office of the Communications Security Establishment Commissioner. In doing so, our report discusses our activities within a framework that addresses the complex, multi-agency and interwoven approach to national security that exists in Canada.

We are primarily a retrospective body, meaning we generally look at activities that have already taken place and make conclusions regarding their compliance with the law and ministerial direction. We also examine the reasonableness and necessity of a department’s exercise of its powers. We are very conscious of the need for timely access to our findings by parliamentarians and all Canadians. NSIRA is committed to releasing redacted reviews as soon as possible after they are provided to the appropriate minister(s). We hope that our annual report will be a mechanism to reflect on broader trends and themes that cut across the full range of our work. We feel strongly that this approach is embedded in our mandate, and is supported by the government’s own push for greater transparency in national security.

Openness also means deepening the dialogue with Canadians on national security. We have broadened our exposure to a diverse set of viewpoints to ensure our review plan reflects the concerns and priorities of all Canadians. This is particularly important in the context of anti-racism movements that are taking place around the world. We hope that engagement with diverse communities will help our organization learn about how we can best contribute to the fight against racism and discrimination in the national security and intelligence field. Engagement with Canadian experts, with cultural communities and with civil society has already begun as we build our social media presence and our capacity to organize videoconferences and in-person meetings. We have met several stakeholders in Ottawa, Victoria, Toronto and Calgary — and more activities are planned in the year ahead. Internationally, we work with and share our experiences with parallel review bodies as a member of the Five Eyes Intelligence Oversight and Review Council, which is made up of our partners in Australia, New Zealand, the United Kingdom and the United States.

We are mindful of the need to avoid overlap with other review bodies and to make the best use of resources within the national security community that are in place to facilitate our work. We know that for many departments and agencies, external review is a new endeavour that will take time to adjust to. We are very pleased with the level of cooperation and support we are seeing. We have developed and shared our three-year review plan, which we hope will clarify our work priorities and give the organizations that we will be reviewing time to adjust and prepare. Our legislation is unequivocal as to our access to information: we are entitled to timely access to anything that is in the possession or under the control of a department in relation to our reviews (except only Cabinet confidences). The integrity of our work demands this access. Our public reports will accordingly record any shortcomings in this regard. To avoid duplication and to enhance the quality of Canada’s system of national security accountability, we are committed to cooperating with other oversight and review bodies, including the Intelligence Commissioner’s Office, the National Security and Intelligence Committee of Parliamentarians, the Office of the Privacy Commissioner of Canada (OPC), the Civilian Review and Complaints Commission for the RCMP and the Office of the Auditor General of Canada.

NSIRA also brings together under one roof the investigation of complaints related to national security that are made by members of the public. We have a mandate to investigate complaints into the activities of the Canadian Security Intelligence Service, the Communications Security Establishment and national security-related activities of the Royal Canadian Mounted Police. Additionally, we can investigate complaints arising from an individual whose security clearance is denied or revoked, as well as referrals from the Canadian Human Rights Commission and certain matters under the Citizenship Act. We are confident that this consolidation of complaints investigations will help to ensure that Canadians’ national security-related grievances can be addressed with the greatest degree of consistency, quality and timeliness possible. A particular task we are undertaking over the next year is to improve the efficiency of the complaints process.

We would be remiss if we did not address the unique and challenging environment facing us all at this moment. The COVID-19 pandemic has had far-reaching consequences the world over that we are perhaps only beginning to understand. Throughout much of 2020, NSIRA staff have been working from home, with minimal access to the office and, therefore, minimal access to classified physical and electronic documents that must be kept within a secure space. We are very proud of the extraordinary work of our staff, who have kept momentum alive during this difficult period, and who continue to put measures in place to enhance our organizational adaptability. We also expect that organizations that are subject to our review and complaints investigations will continue to allocate personnel to these vital functions, and continue to prioritize national security accountability as they too adjust to an ever-changing situation.

At this time, we would like to express our gratitude to three NSIRA members whose terms concluded this year: the Honourable Pierre Blais, the Honourable L. Yves Fortier, and Murray Rankin, NSIRA’s first Chair. Their collegiality and leadership during a time of transition were greatly appreciated, and their contributions to national security accountability in Canada continue to be deeply felt.

We are honoured to have been chosen to be the first members of NSIRA. We are committed to providing meaningful findings and recommendations on the extent to which Canada’s national security community is complying with the law and on the necessity and reasonableness of its actions. We look forward to the challenge facing us in this increasingly complex environment.

The Honourable Dr. Ian Holloway, P.C., C.D., Q.C. (Acting Chair)
The Honourable Marie Deschamps, C.C.
Professor Craig Forcese
The Honourable Marie-Lucie Morin, P.C., C.M.
The Honourable Pierre Blais, P.C. (Member until May 2020)
The Honourable L. Yves Fortier, P.C., C.C., O.Q., Q.C. (Member until October 2020)
Murray Rankin, Q.C. (Member and Chair until September 2020)

Executive summary

  • Information pertaining to the transition from the Security Intelligence Review Committee (SIRC) to the National Security and Intelligence Review Agency (NSIRA), corporate milestones, organizational values and objectives, and other relevant elements, are briefly described in the introduction, and are supplemented with more detailed material in various annexes as well as on NSIRA’s website.
  • Review findings and themes discussed in this report reflect NSIRA’s work over the first several months of our mandate, beginning in July 2019. They also build on work done by SIRC and the Office of the Communications Security Establishment Commissioner (OCSEC), including reviews that these organizations had not yet released prior to the establishment of NSIRA. Summaries of these reviews are found in Annexes A and B. We discuss findings and themes in this report according to the “information continuum”: collection, safeguarding, sharing and action.
  • A key challenge for departments and agencies in Canada is to ensure that their use of new technology conforms to privacy laws and respects Canadians’ rights under the Canadian Charter of Rights and Freedoms (the Charter). NSIRA is aware of instances where an agency used technology in ways that exceeded legal authorities. Notably, one of NSIRA’s first reviews concerned the Canadian Security Intelligence Service’s (CSIS) use of publicly available geolocation data. NSIRA concluded that CSIS’s use of this data without a warrant risked breaching section 8 of the Charter, which protects against unreasonable search and seizure. NSIRA submitted a report under section 35 of the NSIRA Act, to the Minister of Public Safety and Emergency Preparedness regarding the possible unlawful activity.
  • The report provides an overview of some longstanding issues with regard to the failure of CSIS to meet its duty of candour to the Federal Court, most recently in relation to its human source activities. Specifically, CSIS did not inform the Court that CSIS’s warrant applications were based on intelligence that had likely been collected by illegal means. The Court also observed failings with regard to the Department of Justice’s role in the situation. In response, the Government referred the matter to NSIRA for review under paragraph 8(1)(c) of the NSIRA Act. Over the next year, NSIRA will dedicate significant resources to a review stemming from this Federal Court decision.
  • NSIRA has prioritized safeguarding (i.e., how the government protects people, information and assets) as a review theme we will examine on a yearly basis. In our first year, NSIRA completed one safeguarding review of CSIS, and commenced another within the Department of National Defence (DND). Of note, our observations with regard to the polygraph (i.e., “lie detector test”) during the security clearance process, highlight a number of shortcomings, including:
    • CSIS was unable to justify the capacity of examiners — who are not medical practitioners — to ask medical-related questions of the examinees.
    • There were unequal outcomes or consequences for polygraph exams conducted on external applicants to CSIS vs. current employees.
  • This finding raises broader issues. Although the Treasury Board Secretariat (TBS) Standard on Security Screening, created in 2014, cites the use of the polygraph as an appropriate tool for assessing candidates seeking an Enhanced Top Secret clearance, TBS was unable to provide any policy rationale for the use of this tool. NSIRA brought a number of shortcomings to the attention of TBS. The standard is currently under internal review at TBS, and we are awaiting the results.
  • NSIRA made several findings and corresponding recommendations for the Communications Security Establishment (CSE) to improve its documentation, mitigation and privacy protection practices in relation to its Privacy Incidents File.
  • In 2019, NSIRA launched our first interagency review, an assessment of the implementation of the 2017 Ministerial Direction on Avoiding Complicity in Mistreatment by Foreign Entities by: the Canada Border Services Agency, CSE, CSIS, DND, Global Affairs Canada, and the Royal Canadian Mounted Police. NSIRA found significant variation among the six departments and agencies in terms of their success in implementing the 2017 ministerial direction. While some departments or agencies, such as CSIS and CSE, had fairly advanced procedures for implementing the ministerial direction, the review highlighted some shortcomings. Some departments and agencies face challenges in operationalizing this direction. Some also face challenges in establishing decision-making mechanisms that are independent from the operational front line in cases where there is a risk of mistreatment. One of the key issues that NSIRA’s review identified was the inconsistent application of the “substantial risk of mistreatment” threshold across departments – under the 2017 directions and their successors, sharing is prohibited where there is a “substantial risk of mistreatment of an individual by a foreign entity”. How departments and agencies assess this standard will be a future area of inquiry.
  • In 2020–21, NSIRA is modernizing the process for addressing complaints. Our goal will not change: to provide a just and efficient investigation and resolution of complaints. Two priorities will guide the modernization: access to justice for self-represented complainants, and the need for a broader spectrum of tools to streamline the resolution of complaints.
  • In previous correspondence to the Attorney General, NSIRA identified legislative gaps related to whistleblower protections in Canada’s national security community and the corresponding negative implications resulting from these gaps. In the interim, NSIRA will be implementing internal procedures to address concerns brought forward by members of the security and intelligence community.
  • In 2019, NSIRA launched a series of public engagements to increase awareness of our new organization, expand our network, and deepen our understanding of Canadians’ concerns relating to national security and intelligence activities. Over the coming year NSIRA intends to continue our outreach and engagement program, with a focus on four key areas: expanding our network to help us address issues related to new and emerging technologies (including artificial intelligence); broadening our dialogue with stakeholders to inform NSIRA’s future review priorities; building new relationships with community groups, in an effort to demystify the complaints investigation process; and scaling up recruitment efforts to ensure NSIRA continues to build an elite workforce with a diverse set of skills and backgrounds.
  • To enhance transparency, NSIRA also intends to proactively redact and release future NSIRA reports as they are approved throughout the year, rather than waiting for the release of our annual report to disclose our findings and recommendations. The organization is working with departments and agencies to ensure that this new approach is as timely and efficient as possible, and both protects vital national security and intelligence information, and provides the public with as much insight as possible into the results of NSIRA’s reviews.

Introduction

01. The National Security and Intelligence Review Agency (NSIRA) began operations July 12, 2019, as part of the transformation of Canada’s national security accountability framework. As a result, this inaugural annual report covers only a six-month period, from July to the end of the 2019 calendar year. During that time and continuing into 2020, NSIRA did a great deal of work to ensure the successful transition from the Security Intelligence Review Committee (SIRC), to a larger organization with a much broader mandate.

02. Because the NSIRA website provides detailed information relating to NSIRA’s mandate, the types of reviews undertaken, the process and lifecycle of a review, and the complaints investigation process, this report does not discuss these topics.

03. Instead, it focuses on NSIRA’s initial work on reviews, our complaints investigations, and our public engagement and transparency efforts. The emphasis on analysis of recent findings and trends in review draws on previously unreleased SIRC and Office of the Communications Security Establishment Commissioner reviews going back to 2018 and 2019, respectively, as well as NSIRA reviews completed in the first several months of operation. Summaries of these individual reports are available in Annexes A and B.

04. Part 1 outlines our organizational values and NSIRA’s approach to building a new institution.

05. Part 2 provides detailed analysis of themes that cut across many of these reviews, drawing linkages and establishing a platform for future work.

06. Part 3 deals with our complaints investigations and briefly discusses themes from 2019 and priorities for the year ahead, with an emphasis on modernizing the complaints investigation process to ensure greater timeliness and accessibility. Summaries and statistics relating to complaints investigations are available in Annexes C and D.

07. Part 4 outlines NSIRA’s efforts and our vision in addressing engagement and transparency, which are key priorities for the organization.

08. Key accomplishments and ongoing priorities with respect to NSIRA’s corporate services, including measures taken to adapt to an expanded mandate, are detailed in Annex E. 

09. This is NSIRA’s first annual report, and we have structured it in a way that aims to be useful and engaging for the reader, while it serves its intended function, namely, to make an important contribution to Canadians’ dialogue on national security and intelligence issues. We are interested in feedback on how to make it as helpful and accessible as possible in achieving this aim.

Part 1: Institution building

10. The creation of NSIRA, following the proclamation of the National Security Act, 2017, represented a considerable step forward in the development of national security and intelligence accountability in Canada. Over the past two decades, national security and intelligence operations have become increasingly interconnected within the Government of Canada. This resulted in a number of departments and agencies that had not traditionally been part of the security and intelligence community now playing key roles in this area. However, review bodies’ powers did not evolve with the changing national security and intelligence landscape, and their ability to review agencies and make contributions remained compartmentalized.

11. NSIRA’s creation remedies these long-standing gaps in Canada’s national security architecture and significantly strengthens the framework for national security accountability. NSIRA has taken over the mandates of our predecessors to review the operations of the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), respectively, but we also have an additional and novel mandate to review any activity in the federal government that relates to national security or intelligence. Alongside this expanded mandate, NSIRA has unfettered access to classified information in the possession or under the control of any department or agency (except Cabinet confidences). This allows NSIRA to break down the previously compartmentalized approach to review and accountability, and replace it with horizontal, in-depth interagency review. As such, Canada now has one of the world’s most extensive systems for independent review of national security in the world.

12. Since July 2019, the NSIRA Secretariat has focused on ensuring a successful and effective transition to a much larger organization with a much broader mandate. This included emphasis on the following: securing new accommodations; effective staffing and knowledge development; establishing strong working relationships with departments and agencies, as well as other Canadian review bodies; and delivering on our mandatory reporting requirements. NSIRA absorbed a staff complement from the Security Intelligence Review Committee (SIRC), who had expertise in review and complaints investigation related to CSIS. Sustained effort to recruit staff and build knowledge of the broader security and intelligence community will continue in the year ahead.

Review

13. In the early months of our mandate, NSIRA developed a three-year review plan. This plan will help develop a systematic approach to deciding what to review and how to set priorities. Besides helping to guide resource allocation and staffing decisions in the medium term, the review plan provides clarity to the departments and agencies we review and prevents overlap with other review bodies.

14. Part of the challenge inherent in NSIRA’s mandate is thinking differently about how to organize and undertake reviews. The interagency mandate allows for reviews to be planned and undertaken in a horizontal manner, involving several departments and agencies from the start. Similarly, NSIRA is also working in a horizontal manner internally, to incorporate legal and technical experts into reviews more systematically, so that considerations in these areas are built into reviews from the start.

15. Within this plan, in-depth review of CSIS and CSE remain organizational priorities. NSIRA is also developing foundational knowledge of national security and intelligence activities conducted in federal government institutions that have not traditionally been subject to review. Through a series of increasingly complex and in-depth reviews conducted over the upcoming years, NSIRA will seek to provide a holistic and detailed picture of activities, programs or key themes in the national security and intelligence community.

16. When conducting reviews, whether simple scoping exercises or more complex projects, NSIRA considers a number of elements to develop conclusions, findings and recommendations. These include the lawfulness, compliance with directives and policies, reasonableness, necessity, and proportionality of security and intelligence activities. These considerations help NSIRA ensure that Canadians are confident that national security and intelligence activities undertaken by the Government of Canada are thoroughly reviewed and assessed.

Complaints investigations

17. In addition to NSIRA’s review mandate, the organization has the responsibility to investigate national security-related complaints. This includes hearing complaints from the public regarding actions taken by CSIS and CSE, national security-related complaints regarding the Royal Canadian Mounted Police (RCMP), and complaints related to the revocation or denial of security clearances.

18. NSIRA acknowledges that the complaints investigation framework inherited from SIRC has been far too slow and too complex. An analysis of the number of complaints filed annually and the number outside NSIRA’s jurisdiction to investigate also reveals a clear knowledge gap with respect to NSIRA’s role in this regard. For these reasons, NSIRA has begun to reform the complaints process, including increasing access, timeliness and accountability.

NSIRA’s values

19. NSIRA inherited a number of values, practices and expertise from the review agencies that came before. Nonetheless, NSIRA is dedicated to undertaking our work in a new way — one that emphasizes outreach, engagement and transparency. As such, NSIRA has begun a comprehensive program of engagement with civil society, community groups, academics and others, based on a number of objectives including but not limited to:

  • informing NSIRA’s review plan;
  • raising awareness of and demystifying the complaints investigation process;
  • leveraging and creating communities of interest on key issues (for instance, on artificial intelligence); and
  • recruiting talented Canadians.

20. The new organization wants to break with previous practices that resulted in findings and recommendations being publicly reported only once per year. To increase transparency, NSIRA is committed to the release of unclassified versions of reviews as they become available after redaction and translation. By making our reviews available to the public, NSIRA hopes to increase transparency and accountability, and to open the door to extensive discussions and debate in the public sphere. Consequently, a priority is to draft reports that avoid classified information because the intent is to release them; this “write to release” approach will facilitate the redaction process, where necessary, and ensure more timely and effective release of information.

21. NSIRA is committed to:

  • openness and transparency, in an effort to better connect with Canadians;
  • methodological excellence to ensure the quality of our work; and
  • forward thinking and innovation, including how we consider the impacts of new technology and an ever-changing national security environment.

22. To achieve our numerous and complex objectives, NSIRA relies on a skilled and experienced workforce. As the organization grows, NSIRA will continue to recruit talented candidates that reflect Canada’s diverse and inclusive nature.

23. NSIRA understands the importance of organizational health and wellness as fundamental to success. The organization wishes to be an employer of choice that promotes and provides a healthy work environment. Although the COVID-19 pandemic has raised unprecedented challenges, NSIRA remains focused on further adapting to the sweeping changes brought by the pandemic. Ensuring the physical and mental health and wellness of our staff remains a cornerstone of the organization’s strategy as we develop creative ways to maintain effectiveness and efficiency while working in a distributed manner.

24. In addition to maintaining a broad expertise within the organization, NSIRA has been focusing on building a strong network of partnerships to help define our research priorities and deliver on our mandate. NSIRA has been working with other organizations within the Canadian review and accountability system, such as the National Security and Intelligence Committee of Parliamentarians (NSICOP) and the Office of the Privacy Commissioner of Canada (OPC), on issues of common interest to maximize both the effectiveness and efficiency of national security review agencies, while limiting duplication of efforts.

25. NSIRA made a great deal of progress in all aspects of our mandate throughout the first few months of operation in 2019. Many ambitious projects are under way for the year ahead, in order to progress on building an institution that is fit to play a broad and constructive role in Canada’s system for national security accountability.

Part 2: Review

Section I — The information continuum

This part outlines NSIRA’s framework for discussing findings and trends in review, and provides detailed analysis according to the four categories within this framework. This part does not go into detail about review methodology and prioritization. In short, as we expand our knowledge base of national security and intelligence activities across the Government of Canada, NSIRA aims to undertake increasingly complex reviews over the next three years.

27. Members of NSIRA are planning to proactively redact and publicly release full reviews, along with unclassified executive summaries, as they are approved and translated, rather than having to wait for the annual report to showcase the organization’s review work. This new practice opens up opportunities for the annual report to discuss and dissect lessons learned throughout the year in new and interesting ways. Rather than discussing the findings and recommendations of each review individually (or vertically), as had been done in the Security Intelligence Review Committee (SIRC) and Office of the Communications Security Establishment Commissioner (OCSEC) annual reports, NSIRA will focus on the entire body of work horizontally, and ask what broad lessons, trends or themes emerge. NSIRA believes that this will allow for a more comprehensive analysis of findings and will help to develop more holistic and interconnected review planning.

28. The following discussion is organized according to what NSIRA calls the “information continuum.” This continuum is meant to reflect the lifecycle of information, from how it is collected and safeguarded, to how it is shared and, ultimately, how it is used to inform real-world actions undertaken for national security or intelligence purposes.

29. NSIRA acknowledges that the information continuum differs from the national security and intelligence information cycle. The continuum is not a unidirectional process, and all concepts mentioned in it are intertwined. However, we hope that presenting our findings within this framework will facilitate a reader’s understanding of key themes and priorities within the national security and intelligence environment. Future annual reports might adopt a different structure depending on the recommendations NSIRA receives and the information we wish to communicate.

Section II — Collection

30. Collection is the first step in the information continuum described in this report. It refers to all forms of information gathering by the Government of Canada’s departments and agencies that relates to national security or intelligence. It covers information that is gathered directly by these federal institutions, in Canada and abroad, as well as information received from other federal entities and other orders of government, such as information from provincial or municipal law enforcement. The receipt of information from foreign entities is also a form of collection, but given the special human rights considerations governing such activity, this report discusses this topic in the section on information sharing.

31. Departments and agencies collect information using a range of techniques. Some recruit human sources to collect information on the agency’s behalf. Others intercept telecommunications through a variety of technical means, such as wiretaps. Telecommunications, in this context, refers to both the gathering of communications content (e.g., intercepting a voice conversation or email) and metadata (e.g., telecommunications subscriber information or information related to Internet connections). Importantly, collection here refers to information that is gathered by Government of Canada institutions both covertly and overtly, and includes publicly available information. The distinction between what is publicly available and what is not has been controversial, and it is a subject that NSIRA will review in the future. Often, the information collected relates only to one person or a handful of people; in other instances, departments and agencies collect data in bulk.

32. Obviously, the collection of certain information by departments and agencies can intrude into the private affairs of Canadians. Indeed, of the many types of national security and intelligence activities that NSIRA is mandated to review, collection is the area with the most potential to impinge on the privacy rights of Canadians. Nonetheless, Canadians expect their private lives, communications and online activities to remain free from state surveillance unless the intrusion complies with the law (including, where required, pre-authorization by an independent judicial officer), and that the collection is reasonable, and goes no further than necessary to achieve a legitimate goal, such as the investigation of a criminal offence or the investigation of a threat to the security of Canada. For these reasons, scrutinizing the government’s collection of information will be a permanent area of focus for NSIRA.

Legal frameworks

33. The legal frameworks governing information collection by government departments and agencies are complex, and vary from department to department, and agency to agency. There are a few overarching principles, however. In simple terms, all departments and agencies are subject to the Canadian Charter of Rights and Freedoms (the Charter) and must ensure that their collection of information is “reasonable” under section 8 of the Charter, which protects against “unreasonable search and seizure” of their persons, property and information. This means that where state action intrudes on a person’s reasonable expectation of privacy, the search must generally be pre-authorized by an independent judicial officer — typically a judge issuing a warrant. In limited circumstances, however, warrantless collection of information in which a person has a reasonable expectation of privacy is permissible, so long as it is authorized by a law that is considered reasonable in striking an appropriate balance between privacy and the state interest being pursued, and the search is conducted reasonably.

34. In Canada, the police and other peace officers seek a number of different authorizations permitting intrusive searches and seizures that implicate a person’s reasonable expectation of privacy. These “lawful access” authorizations include search warrants, production orders to obtain documents or records, and warrants authorizing the interception of private communications. The Canadian Security Intelligence Service (CSIS) can seek warrants from the Federal Court authorizing the interception of any communication or the obtaining of any information, record, document or thing. The procedures followed for obtaining these authorizations vary depending on the statute governing the agency seeking it, and also depend on the search’s intrusiveness. The Communications Security Establishment (CSE), for its part, collects information outside of Canada in accordance with its various mandates related to foreign intelligence and cybersecurity. Where those collection activities might otherwise contravene an act of Parliament or interfere with the reasonable expectation of privacy of a Canadian or any person in Canada, CSE must obtain ministerial authorizations from the Minister of National Defence. Before they come into effect, CSE’s ministerial authorizations under its foreign intelligence mandate and its cybersecurity and information assurance mandate must be approved by the Intelligence Commissioner, who is a retired judge.

35. Regardless of the sensitivity of the information being collected, a department or agency must have a legal authority to collect it. Departments and agencies receive such legal authority from their enabling statutes (for example, the CSIS Act for CSIS; the CSE Act for CSE), as well as from common law powers, especially for the RCMP.

36. These statutes also set important limits, often by spelling out what information departments are permitted to collect, when and to what extent. For instance, CSE is prohibited from directing its collection against Canadians or persons in Canada. But it is not always possible to know in advance which information involves Canadians and which does not. As a result, CSE may sometimes collect information relating to Canadians and persons in Canada incidentally — that is, without deliberately seeking it. CSE must handle this information in accordance with the CSE Act and the ministerial authorizations that it has received from the Minister of National Defence.

Ministerial direction and policy

37. The collection of information by the Government of Canada is guided not only by the law, but also by a range of ministerial directions and internal policies. Ministerial direction represents the formal guidance issued by a minister to a department or agency. Though not a statutory instrument, a ministerial direction has a more robust legal status than mere departmental internal policy, and often serves to set out a minister’s expectations regarding how a department should function, and how it should interpret its legal powers. These directions are used, for example, to implement the Government of Canada’s Intelligence Priorities, which are periodically approved by Cabinet. The Intelligence Priorities set out those areas that the Government of Canada has identified as requiring the greatest need for information. Ministers then direct departments to allocate collection resources accordingly, although they must always remain within the scope of their legal collection mandates. When NSIRA reviews a collection activity related to national security or intelligence, we review not just compliance with the law, but also compliance with ministerial direction and internal policy.

Collection challenges

Technology and privacy

38. Criminals and those who pose a threat to national security are constantly adopting the latest technologies to shield their activities from scrutiny. This places pressure on investigative agencies, in Canada and abroad, to maintain their capacity to collect usable information. As a result, Canada’s national security and intelligence agencies must employ new technologies quickly to circumvent or get ahead of the capabilities of their subjects of investigation.

39. Unfortunately, many new technologies can be used in ways that erode privacy. The rise of the Internet and mobile communications means that individuals now generate far more information and metadata about themselves than in the past. At the same time, intelligence collectors are facing a progressive loss of direct access to private communications stemming from the increasing ubiquity of strong encryption. In part for these reasons, there has been heightened interest worldwide in the bulk collection of information and metadata in recent decades. This raw material is then sifted and analyzed to glean insights and patterns. For example, use of smartphones leaves digital traces that, particularly when assembled or later identified, can reveal contacts, patterns of movement and other intimate details. A key difference between bulk collection and more traditional techniques, such as wiretaps, is that the vast majority of the information collected relates to ordinary citizens who are not subjects of investigation. The risks that such techniques pose for personal privacy are clear.

40. A major challenge for departments and agencies in Canada is to ensure that their use of new technology conforms to privacy laws and respects Charter rights. Generally, this requires departments and agencies to engage the federal Department of Justice to obtain advice on the legal parameters that govern the use of the technology, and then to put in place a strong policy framework and obtain the necessary authorizations before beginning to use a new technology. Often this is exactly what happens. But NSIRA is also aware of instances where technology was used in ways that exceeded legal authorities. These are described below. Some of these examples are drawn from NSIRA’s reviews to date, while others are drawn from SIRC’s history of reviewing CSIS.

41. On a few occasions in recent years, CSIS used new collection techniques without first fully understanding and addressing their legal and policy implications. In these cases, legal and policy work lagged behind the operational imperative to maintain and improve collection capabilities. This risked — and at times compromised — the lawfulness of the collection activity and the privacy of Canadians. The first example is from an NSIRA review:

a) Geolocation: One of NSIRA’s first reviews concerned CSIS’s use of publicly available geolocation data. This review raised pressing questions regarding the use of data that is publicly available, but that nevertheless engages a person’s reasonable expectation of privacy. NSIRA concluded that CSIS’s use of this data without a warrant risked breaching section 8 of the Charter, which protects against unreasonable search and seizure. NSIRA’s review examined the decision-making process that led CSIS to use this data without a warrant, and found that CSIS lacked the policies or procedures to ensure that before the data was used CSIS sought legal advice to avoid unlawful use of the data. On March 16, 2020, we submitted a report under section 35 of the NSIRA Act to the Minister of Public Safety and Emergency Preparedness describing the possible unlawful activity. Under section 35, NSIRA must refer to the relevant minister any national security or intelligence activity that might not be in compliance with the law. The minister is then required to forward the report to the Attorney General.

42. Other examples can be drawn from the period before NSIRA was created, which were reported by the former review bodies, SIRC and OCSEC:

a) CSIS metadata: A 2014 SIRC review assessed whether CSIS’s collection, use and retention of metadata collected under the authority of a Federal Court warrant was carried out lawfully and appropriately. At the time, CSIS warrants required any communications or metadata collected incidentally (i.e., not related to the subjects of the warrant) to be destroyed, unless certain conditions were met, including if there were reasonable grounds to believe that the information “may assist” in the investigation of a threat to the security of Canada. CSIS concluded that the words “may assist” established a low threshold, and accordingly retained and used the metadata, despite the data having been collected incidentally. SIRC was given no indication that CSIS had informed the Federal Court of the nature and scope of its activities. SIRC therefore recommended that CSIS make the Court aware of the extent of its retention and use of metadata collected under warrant. Alerted by SIRC’s recommendation, the Federal Court concluded in October 2016 that CSIS could not retain the information unless it was related to a threat to the security of Canada, because CSIS’s collection mandate in section 12 of the CSIS Act includes the qualifier that CSIS can collect information or intelligence only “to the extent that it is strictly necessary.” The Court found that CSIS’s authority to retain information was informed by this limit. Therefore, it held that CSIS had exceeded its lawful authority in retaining much of the metadata collected under warrant. The Court also found that CSIS had failed in its duty of candour to the Court. As discussed below, the question of retention of electronic “datasets” is a matter now more fully regulated by the CSIS Act, following amendments made by the National Security Act, 2017.

b) CSE metadata: Technological advances have created vast amounts of information in the digital realm. Agencies often turn to automation to apply privacy protection measures to large amounts of information efficiently. In 2013, CSE notified its previous review body, OCSEC, that metadata containing Canadian identity information had not been properly minimized by software. This software failure resulted in Canada’s Five Eyes allies receiving data that Canadian laws prohibit CSE from sharing. CSE suspended sharing certain types of metadata while it developed a solution to rectify this problem. Although this was the only instance in which CSE was found by OCSEC not to have complied with the law, related issues arose periodically, including the incomplete reporting on private communications. OCSEC found this to be the result of human and system error. Many of the observations raised historically by OCSEC centred on the interaction of human and technical elements involved in collection and subsequent reporting activities.

c) Datasets: In 2016, SIRC reviewed CSIS’s use of datasets. These datasets were not collected under the authority of a warrant. The review examined whether the collection of such datasets met the statutory test for collection by CSIS under section 12 of the CSIS Act, which is that information can be collected only to the extent “strictly necessary.” Most of the datasets were not directly related to national security threats. SIRC found that there was no comprehensive governance framework guiding the collection, retention and use of bulk datasets. There was also no requirement to assess the datasets to ensure that they met the requirement of being “strictly necessary” to advise the government on suspected threats. These events pushed CSIS to reconsider the legal underpinnings of its collection of datasets. Amendments to the CSIS Act included in the National Security Act, 2017, have since provided CSIS with an explicit authority to collect, retain and use datasets containing personal information that is not directly and immediately related to a threat to the security of Canada. As noted in the final SIRC certificate, pending the coming into force of the National Security Act, 2017, CSIS continued its dataset program despite the legal risks that had been identified.

43. These examples illustrate how the adoption of new collection technologies also poses a challenge for review bodies, who must equip themselves with the technical expertise needed to ensure that the implications of the technologies being deployed are fully understood. This is particularly important given that the use of many new technologies is a closely guarded secret and thus shielded from public scrutiny. As such, it is largely up to review and oversight bodies to scrutinize the use of these technologies. NSIRA’s plans to address this issue are set out in the section on “Future priorities.”

Candour

44. CSIS has struggled to overcome an institutional culture of secrecy that has contributed to failures to fully disclose certain activities and information to the Federal Court, to the Minister of Public Safety and Emergency Preparedness, and to review bodies. A lack of candour can be particularly problematic where it intersects with the use of new technology. The difference between collection that is lawful or unlawful often hinges on very specific details regarding the information that the technology will enable CSIS to collect. A key consideration is whether that information will reveal intimate details of the lifestyle and personal choices of an individual. The breadth of the information collected and other details of its use can also affect a technology’s level of intrusiveness. It is thus vital that oversight and review bodies are made fully aware of departmental activities in order to fulfil their mandates. The broader the scrutiny of a new technology’s use, the more that its implications will be thoroughly considered.

45. Three times in recent years, the Federal Court has found that CSIS failed in its duty of candour toward the Court during warrant applications. In two of the three instances, CSIS omitted certain information regarding the use of technology to collect information. The omissions compromised the Court’s ability to properly exercise its judicial control function. Indeed, it is worth noting that the Court is not required to approve CSIS warrants, even if CSIS meets the basic statutory requirements. The Court must also be satisfied that the warrant powers are reasonable in light of all the circumstances, and must therefore be given all the information it needs to make this key assessment. The Court is also permitted to place any conditions on CSIS warrants that it considers to be in the public interest, and must therefore be able to appreciate the privacy implications of new technologies.

46. The Minister of Public Safety and Emergency Preparedness also plays an important role overseeing the activities of CSIS because of his or her statutory responsibilities related to the CSIS warrant process. Before CSIS can submit a warrant application to the Federal Court, the application must first be approved by the Minister. The Minister — and the officials in Public Safety Canada who advise the Minister — must therefore be provided with all relevant information. It is notable that the Minister has felt it necessary to issue ever-more precise and detailed direction to CSIS specifying that the organization must keep the Minister informed of its activities. The most recent example, the 2019 Ministerial Direction for Accountability, specified that CSIS must inform the Minister of activities “where a novel authority, technique, or technology, is used. This includes novel uses of existing authorities, techniques, or technologies.”

Human source activities

47. Most recently, CSIS failed to meet its duty of candour to the Court in relation to its human source activities. CSIS sometimes pays human sources to collect intelligence. Often, the access these sources have to valuable information is directly related to their personal involvement in terrorism or other threat activities. In paying these individuals for their information, CSIS runs the risk of violating the laws that prohibit paying any money or providing any other resources that support terrorism or other criminal activity. For years, CSIS relied on the doctrine of Crown immunity to provide a legal justification for its actions and to remain within the ambit of the rule of law. The law in Canada has evolved in recent decades, however, making the use of Crown immunity increasingly tenuous as a justification.

48. In 2015 and 2016, SIRC raised a number of questions regarding the legality of CSIS’s human source activities. Notably, SIRC recommended that CSIS obtain legal clarification regarding the continued viability of its reliance on Crown immunity. In response, CSIS obtained legal advice in early 2017 that concluded that Crown immunity could no longer be used to justify activities that would ordinarily be unlawful. This set off a chain of events inside government that culminated in the creation of a new statutory regime allowing CSIS to take actions that would otherwise be unlawful in the course of its human source operations. This new regime was introduced as part of Bill C-59, the National Security Act, 2017, which came into force in mid-2019. While Bill C-59 was before Parliament, however, CSIS decided to continue several human source operations, given their intelligence value, despite the fact that they seemed to violate the law. CSIS only decided to halt these activities in January 2019.

49. In March 2019, SIRC completed its certification of the 2017–18 annual report submitted by the Director of CSIS to the Minister of Public Safety and Emergency Preparedness. Prior to the National Security Act, 2017, SIRC was required to certify the lawfulness of the activities described in each of CSIS’s reports to the Minister. The 2017–18 report discussed CSIS’s continued reliance on Crown immunity in the context of its human source activities. SIRC reviewed the situation and concluded that CSIS had in fact been advised that Crown immunity could no longer be used as a legal defence. As a result, in its certificate, SIRC found that CSIS had knowingly broken the law. SIRC also made clear that although CSIS’s operations could have been important from the standpoint of national security, this in no way excused it from adhering to the rule of law. 

50. Starting in early 2018, the Federal Court began to question the legal basis of CSIS’s human source activities independently of SIRC. These questions led to a series of proceedings that culminated, as mentioned, in the Court finding CSIS to have breached its duty of candour to the Court. Specifically, CSIS did not inform the Court that CSIS’s warrant applications were based on intelligence likely collected by illegal means. The Court also observed certain failings with regard to the Department of Justice’s role in the situation. The Court recommended that there be a broader, independent review of the systemic, governance and cultural shortcomings and failures at CSIS and the Department of Justice that resulted in CSIS engaging in illegal activity and in the related breach of its duty of candour to the Court.

51. In response to the identified shortcomings, the government referred the matter to NSIRA for review under paragraph 8(1)(c) of the NSIRA Act. This review, conducted both at the request of the Minister and also under NSIRA’s autonomous review authority in section 8 of the Act, is now under way. Two members of NSIRA, the Honourable Marie Deschamps, C.C., a former Justice of the Supreme Court of Canada, and Professor Craig Forcese of the Faculty of Law at the University of Ottawa, are jointly leading the review.

52. These events are troubling. CSIS not only broke the law, but CSIS and its legal counsel also failed to disclose important matters to the Federal Court, which they were required to do. CSIS also failed to provide key legal opinions to SIRC, or else provided them many years too late, even though SIRC had a legal right to this information.

Future priorities

53. NSIRA’s review mandate has three principal parts: the review of CSIS, the review of CSE, and the review of the national security or intelligence activities of all other federal entities. The review of CSIS and CSE will always remain central to NSIRA’s mission, but over the coming years, NSIRA will systematically map and review other departments’ collection activities. In so doing, NSIRA will scrutinize collection activities to ensure that they are lawful, reasonable and necessary. In other words, NSIRA will not only consider whether a department can collect information, but also whether it reasonably should do so in light of the department’s mandate and the implications for privacy.

54. In our reviews, NSIRA will emphasize scrutiny of a department’s or agency’s use of technology, and particularly new or emerging technologies that pose the greatest risks. NSIRA’s reviews will make recommendations with an eye to improving departmental processes to manage the legal and privacy risks associated with the use of technology. When relevant, NSIRA will examine departmental candour with ministers and oversight bodies, consistent with Canada’s broader system of accountability for national security and intelligence.

55. To achieve these goals, NSIRA will invest in building in-house technological expertise, through a combination of hiring technological experts, training and reaching out to the broader technological community. NSIRA will also collaborate with allied accountability bodies through a forum known as the Five Eyes Intelligence Oversight and Review Council (FIORC). NSIRA will seek to stay current with regard to new and emerging technologies, including artificial intelligence, machine learning and quantum computing, and related concerns such as “big data.” Our goal is to be able to review departmental use of these technologies and their effects in a timely and effective manner.

56. NSIRA has also worked — and will continue to work — with the Office of the Privacy Commissioner of Canada (OPC) and the National Security and Intelligence Committee of Parliamentarians (NSICOP) on matters of joint concern to ensure that the broadest range of perspectives are brought to bear.

CSIS

57. Over the next year, much of NSIRA’s review scrutiny of CSIS will be dedicated to the review stemming from the Federal Court decision discussed above.

58. In addition, NSIRA will systematically map CSIS’s use of technology and its warrant powers. NSIRA will then undertake reviews of the technologies and powers that are deemed to pose the greatest risks. In this way, NSIRA will gain knowledge of CSIS’s most intrusive activities over time. NSIRA will also increase scrutiny of the warrant process in order to monitor CSIS’s candour to the Federal Court.

59. In addition, the National Security Act, 2017, gave CSIS a suite of new powers. NSIRA will review CSIS’s use of these powers in the coming years so as to help inform Parliament’s statutory review of the National Security Act, 2017, which will begin in 2022 or 2023. In particular, NSIRA will review CSIS’s use of datasets, including those that are publicly available, as well as the new justification regime for CSIS activities, that are undertaken in support of collection, which would otherwise be unlawful. NSIRA is also required each year to review at least one aspect of CSIS’s activities under its threat reduction mandate. This mandate authorizes CSIS to go beyond the collection of information in order to take active measures to “reduce” threats to the security of Canada. Over the coming years, NSIRA will take stock of CSIS’s use of these powers since they were acquired in 2015.

CSE

60. CSE uses a range of collection powers and technologies in its everyday operations. Over time, NSIRA intends to comprehensively review the full suite of collection techniques in place at CSE. NSIRA will start by focusing on certain collection techniques that are authorized under a ministerial authorization and comparing them to techniques that are authorized through other channels. As well, NSIRA will examine how CSE addresses incidentally intercepted information, especially the information of Canadians or persons in Canada, and how it decides whether to retain the information.

61. The rapid technological evolution in areas such as quantum computing, 5G and artificial intelligence will affect the work of CSE, perhaps more than any other federal entity. These technologies could also result in the collection of new information or the development of new collection techniques. Using our growing technical expertise in these areas, NSIRA will conduct both general and targeted reviews of the use of these technologies.

62. CSE has also received new powers in the National Security Act, 2017, including the ability to carry out defensive and offensive cyber operations. CSE cannot use these powers to collect information, separately from authorizations issued under its foreign intelligence or cybersecurity mandates. As CSE begins to conduct these operations, NSIRA will review them to ensure they are not being used for — or do not result in — the collection of information.

Other government departments

63. For entities other than CSIS and CSE, NSIRA’s initial reviews will build foundational knowledge of departments with significant collection programs. Of note, NSICOP has already reviewed the security and intelligence activities of the Canada Border Services Agency (CBSA) and of the Department of National Defence (DND) and Canadian Armed Forces (CAF). These reviews identified certain areas of risk, including the use of what is termed “scenario-based targeting,” which is used to screen travellers entering the country, as well as the CBSA’s use of covert surveillance in Canada. NSIRA will build on NSICOP’s work with in-depth reviews of the collection activities of these departments and agencies.

64. NSIRA also intends to map collection through the rest of the federal national security and intelligence apparatus. In particular, NSIRA will explore the collection programs of the RCMP by looking in detail at the RCMP’s national security criminal investigation program, and by examining how the RCMP collects intelligence in support of those investigations. Throughout, NSIRA will be mindful of public concerns with respect to law enforcement, and pay due attention to the RCMP’s activities in sensitive sectors and to any appearance of bias.

65. Within the next three years, NSIRA will examine the collection activities of Global Affairs Canada (GAC). NSIRA will also map the collection and use of biometrics across the government in relation to its security and intelligence activities. This review will examine the collection and use of biometrics by Immigration, Refugees and Citizenship Canada, the CBSA and Transport Canada in relation to their national security responsibilities and canvass the use of biometrics by CSIS and the RCMP in security intelligence and national security-related police investigations.

66. Among the novel and complex areas of collection that NSIRA will also review is the collection of financial intelligence. Financial intelligence is a core component of national security collection, especially in relation to terrorism. It is also central to large law enforcement intelligence operations, especially those that involve money laundering and terrorist financing. Canada’s financial intelligence centre of expertise and responsibility is the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). NSIRA will review FINTRAC’s activities and examine FINTRAC’s relationship with domestic partners.

67. Over the course of the next year, NSIRA will also conduct targeted reviews of DND/CAF. NSIRA has already begun to review the Canadian Forces National Counter-Intelligence Unit to determine how this unit conducts its counter-intelligence gathering activities and, in particular, how the unit’s activities correspond to legal and governance frameworks by focusing on cases of right-wing extremism. NSIRA will also review the Defence Intelligence Enterprise, to gain a general overview and to learn how it is positioned within DND/CAF governance frameworks and authorities. In light of recent media coverage, this review will focus on medical and open-source intelligence.

Medical intelligence and public health intelligence

68. Given the current COVID-19 pandemic, NSIRA will explore how the Government of Canada collects intelligence on medical issues or in relation to the health of Canadians. This is known as medical intelligence, or public health intelligence. At present, NSIRA does not have a firm understanding of what the government considers to be medical intelligence or the extent to which medical intelligence is used. To rectify this gap, NSIRA will review the Public Health Agency of Canada, as well as DND/CAF, whose American counterpart operates the National Center for Medical Intelligence. In Canada, medical issues are usually not part of the public discourse as to what should or should not constitute the government’s intelligence priorities. Medical intelligence will be a completely new area for NSIRA, and it is hoped that it will provoke a useful conversation in light of current events.

Section III — Safeguarding

69. Safeguarding refers to the protection of people, information and other government assets within the national security and intelligence portfolio. Information collected, analyzed and used within this community is often sensitive, either due to the sources and methods from which it is derived, or because of attendant legal protections.

70. There are real consequences when safeguarding measures fail. Should hostile actors like terrorists or foreign governments gain access to information on human sources, for example, this could put lives at risk. Likewise, if hostile actors learn details on electronic methods of collection, this could lead them to apply countermeasures, which could limit Canadian knowledge on key security and intelligence priorities. There is also reputational risk to the Canadian security and intelligence community if allies perceive that the sensitive information they share with Canada, in trust, is not being adequately protected. It is therefore incumbent on the government to ensure that such information is secured from exploitation, compromise or other unauthorized disclosure.

71. Several security breaches in recent years illustrate that the Canadian national security system has not been immune from the risks associated with “insider threats.” The first contemporary public reminder of this risk was the successful prosecution of Jeffrey Delisle. He was a Canadian Navy Sub-Lieutenant who, in 2007, began releasing classified information to the Russian government. On November 30, 2013, Qing Quentin Huang was arrested and charged with attempting to communicate safeguarded information to the Chinese embassy in Ottawa. Mr. Huang had been employed in a sector providing specialized services to the government. Last year, police laid charges against Cameron Ortis, a civilian executive within the RCMP, who was charged with leaking classified information to foreign entities. Both the Huang and Ortis cases remain before the courts.

Safeguarding policy and legal thresholds

72. Safeguarding is neither a legal term of art nor a precisely defined policy term. It encompasses several distinct elements clustered together due to their impact on the protection of people, information and assets. For this reason, the rules for safeguarding begin with the two main policy instruments that govern the management of security within the Government of Canada: the Policy on Government Security and the Directive on Security Management. These policy instruments outline the various requirements for organizations and employees to contribute to security in the workplace.

73. The Treasury Board Secretariat (TBS) is the lead government agency responsible for setting the minimum standards, or safeguards, used to support these policy instruments, covering:

  • information and identity assurance;
  • individual security screening;
  • physical security;
  • information technology security;
  • emergency and business continuity management; and
  • government contracting.

74. Department- and agency-specific policies and procedures across the security and intelligence community — derived from the TBS standards — also set out additional security requirements. As important as it is to define what safeguarding is, it is equally important to understand what it is not. In this context, safeguarding does not refer to measures directed at persons who do not have access to sensitive government information or assets.

75. Employees in the security and intelligence community are also subject to liability for any violation of the provisions of the Security of Information Act (SOIA), which sets out various offences related to the handling of classified material. For instance, the SOIA defines “special operational information” as information that the Government of Canada is taking measures to safeguard.

76. One of the important objectives of the SOIA is to prohibit the unlawful disclosure of sensitive information. However, a mechanism allows for situations where an individual believes that the disclosure of such information is in the public interest — that is, whistleblowing — for example, in preventing public servants from committing a crime in the course of their duties. Whistleblowing protections guard against violations of public trust that erode the confidence of the public in the government’s practices. Whistleblowing protections give an individual a potential legitimate defence against prosecution under some offences in the SOIA.

77. Because the stakes can be high for disclosing safeguarded information, the SOIA outlines a series of preconditions that would enable an accused person to avoid criminal liability for such disclosures. If they are met, the Court will perform a balancing exercise to determine whether the disclosure was in the public interest. These preconditions include weighing factors like the extent or risk of harm created by the disclosure and the seriousness of the alleged offence. However, where the accused is alleging an offence has been committed (and except where disclosure of information is necessary to avoid grievous bodily harm or death), the judge may find the public interest favoured disclosure only where the accused first reported the wrongdoing. NSIRA is the final step in this reporting chain.

Safeguarding themes

78. The concept of safeguarding has an impact on NSIRA’s work in three crucial ways. First, as discussed above NSIRA has procedures for receiving reporting of wrongdoing by whistleblowers. Second, NSIRA must ensure that our members, employees and systems safeguard sensitive information, assets and people from compromise. Third, in both our review and complaint investigation activities, NSIRA plays a crucial role in assessing if the governance systems used to deter, detect and mitigate such risks are compliant, reasonable and necessary.

79. NSIRA has prioritized safeguarding as a review theme to be examined yearly. In selecting this as a review priority, we will help determine the extent to which the security and intelligence community is appropriately safeguarding its employees, information and assets, and will report on whether such practices are lawful, reasonable and necessary to reduce the identified risks. To this end, in our first year NSIRA completed one safeguarding review relating to CSIS, and started another within DND. The latter review was ongoing at the time of writing. When these two reviews are considered holistically along with available open-source information, broader observations can be made about safeguarding.

80. A key observation is the importance of maintaining security vigilance. Currently, the security system engages in high-intensity scrutiny at predetermined intervals — e.g., initial screening on hiring, five-year updates to security clearances, yearly employee security awareness week — and then periods between these intervals where security is less prominent. Moreover, if other priorities take precedence, the time between intervals could increase. In the case of Mr. Delisle, for instance, his Top Secret security clearance had lapsed and was not properly updated prior to his arrival at the government facility where he committed his crimes. Had proper clearance renewal standards been followed, his loyalty to Canada would have been assessed and other vulnerabilities scrutinized.

81. Another important observation is the essential role of clear, concise and updated policies in setting standards across the government. As already mentioned, TBS establishes the minimum security standards for government departments and agencies to follow. Gaps in these standards could create a domino effect, with each department and agency creating their own policies and procedures. Such gaps could lead not only to an absence of standardization across government, but also, in certain cases, to the unreasonable and unnecessary application of security practices.

The polygraph

82. A final observation relates to the government’s use of the polygraph for screening security and intelligence employees. Commonly referred to as a lie detector test, the polygraph is a technology that measures and records several physiological indicators such as blood pressure, pulse, respiration and skin conductivity while a person responds to a number of questions. “Deceptive” answers produce physiological responses that can, so it is alleged, be differentiated from those associated with “non-deceptive” answers.

83. The TBS Standard on Security Screening, created in 2014, cites the use of the polygraph as an appropriate tool, among others, for assessing candidates seeking an Enhanced Top Secret (ETS) clearance. CSIS, in conducting security assessments for its staff, uses the results of the polygraph as a determinative element when granting ETS clearances, rather than an instructive element, to be considered as part of a series of relevant factors. If an outside candidate, employee or individual contracting with the Government of Canada is denied a security clearance that is necessary to obtain or keep federal employment or a contract, the individual can make a complaint to NSIRA pursuant to section 18 of the NSIRA Act. If NSIRA’s jurisdiction is established, the complaint would be investigated by an NSIRA member. This could include, for example, a complaint where a CSIS employee was terminated solely because of the revocation of a security clearance, and the Deputy Head of CSIS could have based the decision to revoke the clearance on the results of a polygraph test. Given the highly invasive and controversial nature of this technology, NSIRA decided to examine the use of the polygraph within our latest safeguarding review of CSIS. We sought to determine the justifications for its use, and the extent to which such determinations are reasonable and necessary.

84. Several key observations were derived from this analysis. First, this tool can have profound negative impacts on an employee’s mental health if not used appropriately. Second, CSIS was unable justify the merits of examiners — who are not medical practitioners — to ask medical-related questions of the people they examine. Third, the outcomes or consequences for polygraph exams conducted on external applicants compared with CSIS employees differed. [ Text removed – As of November 20, 2020, NSIRA and CSIS could not agree on how all of the facts of this review should be presented in an unclassified, public document]. Essentially, a successful polygraph is a determinative factor for external applicants in obtaining an ETS clearance through CSIS. Fourth, CSIS requires policy clarity for cases where employees fail the polygraph examination. Finally, CSIS did not conduct a privacy impact assessment (PIA) for the use of the polygraph, despite a PIA being required by government policy when a department or agency is dealing with “personal information.”

85. These issues raised in the CSIS context are related to a much broader consideration: namely, the extent to which the government’s overarching policy document, the Standard on Security Screening, provides adequate guidance for departments and agencies when they implement this safeguarding measure. For example, this standard requires the use of the polygraph for all ETS clearances, but it is silent on any guidance on the implementation of this requirement, including the conditions for the reasonable use of the polygraph. Rather, such key considerations are left to the discretion of specific departments and agencies.

86. The OPC has also raised concerns with TBS as to how the polygraph examination is used as an enhanced screening requirement under the 2014 Standard on Security Screening. In July 2017 correspondence, for example, the OPC noted particular concerns surrounding its effectiveness, sensitivity and privacy implications, and the potential adverse consequences associated with polygraph examinations.

87. These contemporary observations are not new. In seven consecutive annual reports, ranging from 1985–86 to 1991–92, SIRC requested that CSIS stop using the polygraph. One of the key concerns raised by successive committees were SIRC’s “grave doubts” about the use of the technology, pointing to the fact that test results could be wrong 10% of the time or more. As well, Canadian courts have refused to admit the results of a polygraph as evidence in criminal trials. The Supreme Court of Canada has found that they are unreliable and risky, and would not assist the Court in determining a person’s guilt or innocence.

88. After consideration of the foregoing, on December 12, 2019, NSIRA sent a letter to TBS seeking access to the legal advice prepared for Treasury Board on how the polygraph complies with Canadian legal requirements, as well as a summary of the evidentiary basis used to establish the requirement for using the polygraph, and any assessments of how the use of the polygraph achieves its intended goal. The TBS response failed to answer NSIRA’s questions. However, the letter did acknowledge that the next round of security policy modifications was under way.

89. When SIRC recommended in 1985 that CSIS should cease using the polygraph, it was meant to allow the government time to reach definitive conclusions about whether this technique should be employed by Canadian agencies and, if so, under what circumstances and under what rules. SIRC requested what sound government policy instruments should always require: namely, that there are consistent approaches across government; that risks are managed; and that policies exhibit public service values such as probity, prudence, equity and transparency. NSIRA has not been provided with evidence that suggests that the use of the polygraph meets all of these policy requirements. To this end, future reviews will examine the polygraph’s use outside of CSIS, and based on the information assessed, NSIRA will make a definitive determination about the legality and utility of this instrument.

Future review priorities

90. NSIRA will conduct several reviews of safeguarding practices in the coming years, in an effort to ensure that we are covering as broad a spectrum as possible of security and intelligence community actors. These safeguarding reviews will allow NSIRA to remain involved in relevant key priorities of the field, such as legality, privacy, science-based tools and international best practices.

91. As an independent agency charged with assessing propriety and legality at the core of our mandate, we make our own assessment of the lawfulness of the actions of the security and intelligence community. This forms the basis for NSIRA findings, recommendations and reporting. To this end, NSIRA intends to maintain a strong focus on assessing the process for the input of expert legal advice. Within the context of specific reviews, NSIRA will review the Department of Justice’s role in providing legal analysis to security and intelligence stakeholders.

92. Considering the primacy of privacy in much of the information collected and used by the government in this field, another priority is the need to evaluate the government’s respect for privacy rights, regardless of the policy merits of the safeguarding measure. One of NSIRA’s fellow accountability organizations, the OPC, plays a key role in helping ensure government compliance with Canadian privacy legislation. NSIRA will continue to work collaboratively with the OPC on future safeguarding reviews.

93. In keeping with NSIRA’s mandate to assess the reasonableness and necessity of a department’s exercise of its powers, NSIRA intends to go beyond assessing whether safeguarding measures are legally sound and privacy compliant. NSIRA’s mandate includes reviewing for necessity and reasonableness. For any government to continue to build an adaptive security system, scientific evidence and data-driven analysis must inform which safeguarding tools and processes are necessary. Currently, NSIRA is concerned that there is an absence of transparent and defensible science underpinning policy decisions for selecting security measures. Therefore, our future reviews will include the examination of scientific justifications for specific safeguarding measures.

94. Finally, NSIRA will assess the potential for the government to further advance collaborative practices through additional outreach with foreign partners in allied countries. Although it is known that exchanges of this nature are routine within certain sectors of the security and intelligence community, another feature of these exchanges that should be examined is the extent to which these outreach and coordination efforts relate to safeguarding measures and the extent to which they help revitalize the government’s security posture. NSIRA’s reviews will also provide insight into this component of international best practices.

95. Five safeguarding reviews are planned over the coming years to ensure coverage of as broad a spectrum as possible of security and intelligence community actors. The first will address an aspect of security screening within GAC. The second safeguarding review will relate to CSE’s use of the polygraph for employee security screening; this will be in addition to the yearly reviews of CSE that routinely cover various cybersecurity initiatives used to protect government systems from exploitation. The third review will consider the use of biometrics across the Canadian government. The final two reviews will examine aspects of the RCMP (i.e., the division devoted to Operations Research within this police force, while the other will evaluate the security/safeguarding implications of the Ortis case, using the RCMP’s own internal reviews as a starting point for our analysis).

96. This series of reviews relating to safeguarding will help to provide Parliament and all Canadians with facts about the adequacy of security practices within the security and intelligence community, and ideally, help improve such safeguarding measures. Most importantly, NSIRA exists to ensure that whatever government security standards are ultimately created, they are tested through expert scrutiny and their application is reported on to encourage sustained public debate.

Section IV— Sharing

97. Departments and agencies complement the information they collect on their own with robust information sharing both domestically and internationally. Counter-terrorism, in particular, requires an integrated response, one that involves multiple departments and agencies, in Canada and internationally. Indeed, this is one of the lessons that has been learned post-9/11, but it comes with its own risks and a concomitant need for caution.

98. Information sharing in the security and intelligence community, however, is a broader issue than sharing information to prevent acts of terrorism. Departments share not only to prevent acts of terrorism, but also to counter espionage, foreign interference and the proliferation of restricted technologies. They also share information to advance Canada’s foreign policy and defence priorities. Moreover, they share information broadly — within the security and intelligence community; outside that community with other federal, provincial, municipal and private sector organizations; and with foreign partners.

99. Equally noteworthy is the impact of technology on information sharing. Departments are able not only to collect vast amounts of information, but also to share that information more quickly and easily than ever before. And the burgeoning field of data analytics encourages the sharing of information that can then be analyzed.

100. Against this backdrop, information sharing raises issues of privacy and potential mistreatment abroad, as well as the need to protect sensitive sources and methods when information is shared. These are important issues for Canadians and for policy-makers, and so they will be for NSIRA as well in our review work.

Legal framework for sharing

101. A complex legal framework governs departments’ information sharing. The Privacy Act is an overarching piece of legislation; it is not limited to issues pertaining to the sharing of personal information for national security purposes. The Act sets out specific rules regarding when and why federal government agencies are permitted to share personal information. More recently, Parliament also enacted the Security of Canada Information Disclosure Act (SCIDA), discussed below.

102. In addition, agencies such as CSE, CSIS and the RCMP are subject to specific provisions in their governing statutes for sharing information. Departments can also share information for specific purposes under specific legislation. For example, under the Customs Act, CBSA officials can share customs information where that information is reasonably regarded by the official to be information relating to the national security or defence of Canada. Likewise, in certain circumstances, FINTRAC and law enforcement bodies receive and disclose financial information pursuant to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.

103. Departments’ information sharing can also be shaped by international agreements and resolutions, as well as guidance from their respective ministers.

Information-sharing challenges

104. On the basis of three commissions of inquiry in the past 15 years — as well as numerous reviews by NSIRA’s predecessors OCSEC and SIRC — we can safely say that the key challenges of sharing information for national security purposes domestically and internationally are well documented.

105. Justice Major’s Commission of Inquiry into the bombing of Air India Flight 182 addressed several questions, including whether there was effective cooperation and sharing of information between CSIS and the RCMP. Ultimately, the inquiry concluded that the failure of domestic agencies to share information effectively contributed in a material way to the tragic downing of the Air India flight.

106. Since then, CSIS and the RCMP have taken steps to strengthen their information sharing and cooperation. The objective of a CSIS national security investigation is to provide security intelligence to the government; the RCMP collects evidence to be used in a judicial process. While collecting for these different purposes, the two agencies have a shared interest in protecting their respective sources and investigative techniques.

107. In national security investigations, intelligence agencies — most notably CSIS — can be reluctant to share information with the police. Police themselves might want to maintain a distance from intelligence information because it could eventually be subject to disclosure; disclosure disputes can delay or disrupt criminal prosecutions. From a public safety perspective, the limited sharing between intelligence and police agencies could be harmful. This was Justice Major’s central conclusion. It can complicate coordination and impede or delay the range of public safety actions available to the government. This is known as the “intelligence to evidence” dilemma.

108. To address this issue, CSIS and the RCMP have developed a One Vision framework. The framework seeks to enhance cooperation and streamline information sharing.

109. The intelligence to evidence issue was a key part of the country-wide national security consultations that the government undertook in 2016. Ultimately, the government did not bring forward any legislative amendments to specifically address this issue. During our first year, however, NSIRA heard from an external expert that CSIS and the RCMP continue to wrestle with this challenge. The two organizations are undertaking a thorough review to find ways they can remove unnecessary impediments to information sharing and facilitate successful enforcement. Given the importance of the CSIS-RCMP relationship, NSIRA has launched an in-depth case study, to be completed later in 2020, that examines this relationship.

Clear authority for sharing

110. Historically, departments wanting to share national security information regarding threats to Canadian citizens and interests have been concerned about the lack of an independent authority to do so. The Privacy Act’s “consistent use” provision can be used in the national security context where there is a reasonable and direct connection to the original purpose for which the information was obtained. However, this legislation is not specific to the national security context. Overall, it was believed that the complexity of the legal landscape was impeding the sharing of information with national security and intelligence agencies.

111. In response, the government passed the Security of Canada Information Sharing Act (SCISA) in 2015. It created a single legislative authority for federal government institutions to disclose information on an activity that “undermines the security of Canada.” The intent in doing so was to improve the effectiveness and timeliness of sharing threat-related information, including by departments and agencies that are outside the core security and intelligence community. In separate reviews of disclosures under SCISA, however, both SIRC and the OPC were critical of departments’ internal controls and record keeping.

112. The legislation was amended and renamed SCIDA as part of the National Security Act, 2017. Further, NSIRA now has a statutory requirement, pursuant to subsection 39(1) of the NSIRA Act, to conduct a review of disclosures made under SCIDA. To ensure robust review of these disclosures, and in keeping with the statutory authority to coordinate to avoid unnecessary duplication of work, NSIRA and the OPC have agreed to work together on these review efforts.

113. NSIRA is also looking beyond SCIDA to other aspects of the challenge of having clear authority to share information for national security purposes. In our first year, NSIRA has elected to conduct three reviews that feature CSE’s incidental collection and use of Canadian identity information, including disclosure of such information to departments. When sharing intelligence reports with other departments and agencies, CSE typically suppresses Canadian identity information, which is collected incidentally in the course of its foreign intelligence activities and its cybersecurity and information assurance activities. However, departments and agencies that can demonstrate they have the legal authority and operational justification to receive the Canadian identity information can submit to CSE a request for disclosure of the information. NSIRA expects to complete a review later in 2020 that focuses on the lawfulness and appropriateness of Canadian identity information disclosures, and a review that focuses on CSE’s ministerial authorizations and ministerial orders.

Review of CSE’s Privacy Incidents File

114. One review featuring Canadian identity information was NSIRA’s first completed review relating to CSE. The review examines CSE’s Privacy Incidents File, which records privacy incidents discovered by CSE. A privacy incident occurs when the privacy of a Canadian, or a person in Canada, is put at risk in a manner that runs counter to, or is not provided for, in CSE’s policies. The review of the Privacy Incidents File was an annual review conducted by OCSEC, CSE’s former independent review body. For this review, based on an examination of a selected sample of incidents reported in the Privacy Incidents File for the period of July 1, 2018, to July 31, 2019, NSIRA commended CSE’s timely response to reporting and mitigating privacy incidents. However, NSIRA made five additional findings and corresponding recommendations for CSE to improve its documentation, mitigation and privacy protection practices.

Sharing with international partners and the risk of mistreatment

115. Justice O’Connor’s inquiry into the actions of Canadian officials in relation to Maher Arar examined the circumstances under which a Canadian citizen, Maher Arar, was rendered to Syria and tortured. A key outcome of the inquiry was its conclusion that sharing inaccurate or non-caveated information with foreign partners can result in the mistreatment and torture of individuals, as it did with Mr. Arar.

116. The government responded by issuing a series of ministerial directions on information sharing with foreign partners, culminating in the Avoiding Complicity in Mistreatment by Foreign Entities Act (Complicity Avoidance Act), which came into force in 2019 and required written direction be issued by the Governor in Council (GIC) to the deputy head of multiple departments and agencies. The GIC directions have codified the expectations of departments and agencies. In particular, there is now a clear prohibition for any sharing of information that would result in a substantial risk of mistreatment of an individual. Additionally, they limit the use of any information that was likely obtained through the mistreatment of an individual.

117. Throughout its history, SIRC paid careful attention to CSIS’s information-sharing practices with foreign partners. It also specifically addressed the operationalization of the relevant ministerial direction. Its attention to these issues continued through 2018–19, through two separate reviews of CSIS foreign stations. The first of these reviews focused on the need for CSIS to institute and follow a rigorous decision-making process with respect to sharing information with foreign partners, supported by foreign arrangements anchored in thorough assessments of the human rights records of Canada’s foreign partners.

118. The second foreign station review also examined CSIS’s relationships with foreign partners within the geographic region encompassed by the station. In this case, all of the foreign partners are deemed high risk from a human rights perspective and, thus, restrictions have been placed on all foreign arrangements in the station’s area of responsibility.

119. One of NSIRA’s first reviews examined changes to CSIS’s procedures and policies on information sharing by means of a detailed examination of three cases, identified as high risk, that had been reviewed by CSIS’s Information Sharing Evaluation Committee. The review yielded two recommendations meant to ensure that decisions are made at a level commensurate with the assessment of risk, and that legal opinions are sought, as appropriate, to ensure compliance with the law and ministerial directions when sharing information with a foreign entity.

120. As part of our governing statute, NSIRA is now required to review departments’ implementation of GIC directions on information sharing with foreign partners under the Complicity Avoidance Act. To date, the GIC has issued these directions to 12 departments, including several that have never before received formal direction specific to information sharing with foreign partners.

121. To prepare for this new responsibility, NSIRA launched our first interagency review, an assessment of how six departments and agencies— the CBSA, CSE, CSIS, DND, GAC and the RCMP — were implementing the 2017 Ministerial Direction on Avoiding Complicity in Mistreatment by Foreign Entities, which was the basis of the direction under the Complicity Avoidance Act. The purpose of the review was also to provide a future roadmap for departments that, pursuant to the Complicity Avoidance Act, received this direction for the first time in 2019.

122. NSIRA found significant variation among the six departments and agencies in terms of their success in implementing the 2017 ministerial direction. Some, like CSE, have developed and rolled out comprehensive policy suites to guide their information sharing with foreign partners. Some departments face challenges in operationalizing this direction. Some also face challenges in establishing decision-making mechanisms that are independent from the operational front line in cases where there is a risk of mistreatment. One of the key issues that NSIRA’s review identified was the inconsistent application of the “substantial risk” threshold across departments and agencies. This will be an area of inquiry in the future.

Future priorities

123. NSIRA has a specific statutory requirement to review the implementation of GIC direction under the Complicity Avoidance Act, and to review disclosures under SCIDA. These reviews are annual requirements, reflecting the potential risks to Canadians when departments and agencies share under these respective statutory mandates. NSIRA will be attentive to those risks, including the potential risks to privacy posed by information sharing. At the same time, however, NSIRA intends to map and review the full range of information sharing in which departments engage — under different statutes and legal sources, as well as internationally and with one another, provincial and territorial agencies, and the private sector.

124. Over our first three years, NSIRA will begin to explore information sharing across the security and intelligence community. We will focus on key partnerships, and how departments and agencies collaborate in keeping Canadians safe and achieving Canada’s foreign policy and defence objectives. The scope of information sharing is broad, and NSIRA hopes to build our understanding of this issue over time.

125. NSIRA has begun a building block review of CSIS-RCMP collaboration and information sharing in relation to a particular investigation. One of the objectives of this review is to document the challenges that the two agencies face in relation to the intelligence to evidence dilemma.

126. NSIRA will examine other key partnerships within the security and intelligence community, including information sharing between CSIS and CBSA to prevent people or goods posing a threat to national security from crossing the border. We will also examine how CSE and CSIS collaborate to collect foreign intelligence that is useful for Canadian policy-makers.

127. NSIRA will also look at horizontal arrangements, and information sharing across different levels of government. For example, we will assess institutionalized measures to promote sharing and cooperation, such as in relation to Integrated National Security Enforcement Team investigations. These teams are led by the RCMP and include representatives from other federal agencies, as well as representatives from municipal police services and provincial police in the case of Ontario and Quebec. NSIRA will also look at information sharing outside of the counter-terrorism context, including how departments and agencies protect Canada’s economic security, beginning with actions under the Investment Canada Act and extending to include the full spectrum of tools at the government’s disposal.

128. NSIRA will examine information sharing with private sector organizations, such as information that the Canadian Centre for Cyber Security collects from organizations to prevent or mitigate cyber attacks by hostile state actors, or that chartered banks report to FINTRAC for investigating suspicious financial transactions.

129. Finally, NSIRA recognizes that in examining information sharing with foreign partners, we can see and understand only Canadian actions. NSIRA therefore participates in international fora such as FIORC, which brings together review bodies from Canada, Australia, New Zealand, the United Kingdom and the United States to stay up to date with (unclassified) trends internationally and to share best practices. Given the close relationship that exists among the Five Eyes intelligence agencies, information sharing has been a topic of discussion at FIORC. These discussions are one way for NSIRA to address the potential gap in accountability that exists with respect to international cooperation.

130. In sum, cooperation and information sharing among members of Canada’s security and intelligence community have always been essential features of Canada’s national security efforts. In practice, this means that there will be very little of NSIRA’s review work that will not include attention to information sharing in some form or another. NSIRA will be attentive to the risks of sharing, as well as the need for effective and timely sharing.

Section V— Action

131. “Actions” refer to any activities undertaken by a federal government department or agency to influence an outcome relating to national security or intelligence. Actions can also come as a result of intelligence collection and/or intelligence sharing. Intelligence is one aspect of the information and analysis that shape how actions are construed and implemented. The action itself, and the influence of intelligence, can be visible (overt) or invisible (covert) to Canadians. A visible action would eventually be known to the recipient, while the occurrence of an invisible action might never be known.

132. The former review bodies, SIRC and OCSEC, could conduct only agency-specific reviews of the key “collectors”: CSIS and CSE. Their reviews of national security activities tended to focus on collection, safeguarding and information sharing. This briefly changed when Parliament enacted the Anti-terrorism Act, 2015, and SIRC began to undertake reviews of CSIS’s new mandate to reduce threats to the security of Canada. SIRC provided the only after-the-fact review of these extraordinary new powers. However, SIRC’s reviews remained confined to CSIS’s actions — a narrow subset of the broad array of national security-related actions taken every day across Canada’s security and intelligence community.

133. NSIRA’s mandate goes beyond intelligence and its collectors, extending to any national security-related activity of any department or agency. Our statutory authorities equip us with the power to review the full range of “action” activities. Such activities have rarely been subject to any form of independent review, and NSIRA is able to ensure that they now are.

134. The National Security Act, 2017, established clear mandates for the main intelligence collectors subject to review, CSIS and CSE, to act in certain circumstances against perceived national security threats. For CSIS, this new legislation updated its threat reduction mandate. For CSE, the Act established active cyber operations (ACO) and defensive cyber operations (DCO) as aspects of its mandate. These new authorities merely supplement the many existing authorities that enable over a dozen other federal security and intelligence departments and agencies to take actions relating to national security, making the “action” cluster of activities vast. For instance, actions within the security and intelligence community include the interception of people and goods at the border by the CBSA and criminal arrest (including, potentially, preventive detention) by the RCMP.

135. The range of actions within NSIRA’s mandate to review “any activity carried out by a department that relates to national security or intelligence” is broad, and includes such actions as denying a person entry into Canada, revoking a Canadian’s passport, placing a person on the Secure Air Travel Act list (Canada’s “No Fly List”), disrupting a person’s affairs through a threat reduction measure, detaining an alleged terrorist or carrying out military actions in an armed conflict. Sometimes, a high-level strategic decision can also be an action activity, such as a policy choice on a national priority like securing the Arctic.

136. NSIRA’s reviews in this area overlap with other priority subject areas. We can review national security action activities that stem from intelligence collection, national security actions unrelated to intelligence collection, and national security actions that lead to intelligence collection. As an example of this last category, a CAF tactical raid during an overseas mission could yield new sources of intelligence that might then seed an NSIRA review in that area.

137. Due to the largely secretive nature of national security and intelligence actions, the effects and impacts are often unseen by the larger public. NSIRA is acutely conscious of concerns expressed during our outreach to civil society with how actions of the security and intelligence agencies might affect the lives of Canadians. This amplifies earlier concerns, primarily centred on privacy issues stemming from information collection and sharing. As a result, one of our key tenets is, to the extent possible, to bring transparency and accountability to our reviews of the actions of the security and intelligence community.

Past review observations

138. As mentioned, before the National Security Act, 2017, reviews did not typically extend to the realm of action activities. For this reason, NSIRA has only a modest archive of domestic review materials from which to extrapolate themes in action reviews. NSIRA’s current focus is to build on foundational reviews to derive key themes. This report discusses NSIRA’s approach to future review in the next section. Nevertheless, some themes have emerged from past reviews of CSIS’s threat reduction measures (TRMs) — which were the only action activities reviewed in the past.

139. From the introduction of its TRM mandate in 2015 to August 2020, CSIS has not sought a warrant from the Federal Court for TRM activities. When introduced, TRM powers raised legal questions and potential issues related to the Charter. The National Security Act, 2017, addressed many of these ambiguities, and enacted new provisions that strengthened Charter protections. NSIRA will closely monitor CSIS’s use of TRMs and review its assessments of when warrants are required for TRMs. NSIRA will also be attentive to how CSIS executes any TRM conducted under the authority of a warrant — and pay close attention to the extent of CSIS’s compliance with all court directions and conditions.

CSE

140. Other themes arising in our review of action activities stem from the widespread commentary within civil society relating to CSE’s new powers to conduct ACOs and DCOs. Prior to the National Security Act, 2017, CSE’s mandates limited the organization (primarily) to observation and collection. Now, under its ACO/DCO mandates, CSE can direct actions through the global information infrastructure at the activities of foreign individuals or foreign entities outside Canada. CSE can conduct ACO activities on or through the global information infrastructure to degrade, disrupt, influence, respond to or interfere with the capabilities or activities of entities as they relate to international affairs, defence or security. CSE can conduct DCO activities on or through the global information infrastructure to help protect the electronic information and information infrastructures of federal institutions or those designated as being important to the Government of Canada. These powers have equivalents among those available to Five Eyes partners. They also empower CSE to play a significant, but unprecedented, role in national security action activities.

141. Civil liberties groups have identified ACO/DCO activities as a principal concern with the National Security Act, 2017, and point specifically to the absence of independent oversight (that is, pre-authorization) of these activities. Under the current statutory regime, in order for CSE to lawfully conduct ACO/DCO, the Minister of National Defence must authorize all such activities. This authorization requires the Minister to conclude that there are reasonable grounds to believe that the activity is reasonable and proportionate, having regard to the nature of the objective to be achieved and the nature of the activities. Additionally, the Minister of Foreign Affairs must approve ACO activities and must be consulted on DCO activities.

142. Ministerial authorizations for ACO/DCO activities do not require the approval of the Intelligence Commissioner, which is not the case for foreign intelligence and cybersecurity activities. There is, therefore, no scrutiny by an arm’s-length, independent body of ACO/DCO authorizations prior to their approval. This is why NSIRA considers our reviews of ACO/DCO actions to be particularly important. Unlike in the case of CSIS TRMs, CSE has no statutory obligation to notify NSIRA when it undertakes ACO/DCO activities. NSIRA intends, however, to focus proactively on these activities.

143. Although legislation limits powers such as TRMs and ACO/DCO, these activities occur in secret. This is in contrast with other types of national security actions, such as arrests made by police, which are overt and can be challenged in open court. NSIRA considers the opacity of certain types of actions to warrant future reviews. The more secret the national security action, the more essential it is for NSIRA to conduct rigorous review.

Law enforcement

144. Prior to the enactment of the National Security Act, 2017, the RCMP’s national security-related activities were reviewed by the Civilian Review and Complaints Commission for the RCMP. Those national security-related actions are now reviewed by NSIRA. The enactment of new offences — especially terrorism offences — and a focus on terrorism have drawn police into a greater national security role. Police investigate crime, and have a role in preventing its occurrence. In doing so, police might investigate, among other things, terrorism offences, while at the same time being involved in community-based programs directed at countering radicalization to violence. They can also engage in crime prevention or risk mitigation actions that do not lead to full prosecutions. The traditional tool for holding police accountable is the criminal justice system. For example, police conduct will be scrutinized during a criminal trial. However, accountability mechanisms are less robust where police pursue national security threat disruption strategies that are not challenged in the courts. Therefore, we believe that NSIRA’s review functions will become particularly important in these circumstances.

145. The CBSA’s scrutiny of people and goods crossing the border can be triggered by intelligence shared from domestic and foreign partners or derived from its own collection and assessment efforts. CBSA actions include searches at the border and the seizure or interdiction of goods, currency and people. These searches and the CBSA’s determination that a non-Canadian might be inadmissible can have implications for people’s liberty, privacy, freedom of movement and commercial interests. NSIRA’s task is to review the CBSA’s national security and intelligence activities in an effort, among other things, to ensure that it fully complies with its legal requirements. This is especially true as, at present, no independent body currently can hear public complaints against the CBSA.

Future priorities

146. In our reviews of action activities, NSIRA makes findings and recommendations on an organization’s compliance with the law and any applicable ministerial direction and the reasonableness and necessity of its exercise of its powers. NSIRA is in a unique position to assess the Government of Canada’s visible or invisible actions and to provide assurance to Canadians that their national security and intelligence agencies are accountable in order to protect Canada’s national security interests and defend the rights and freedoms of Canadians and people residing in Canada.

147. NSIRA’s strategic plan focuses on reviewing three types of action activities: operational actions, law enforcement actions and administrative actions, defined below. In each of the following categories, NSIRA has identified certain action activities of interest that we will scrutinize in future reviews. The items listed are not necessarily part of NSIRA’s review plan but serve to highlight the breadth of situations that fall within reviews of the “action” activities undertaken by the security and intelligence community.

  • Operational: covert action activities in direct support of a national security objective. Operational actions of interest to NSIRA include: CSE’s use of ACO/DCO, to be reviewed annually; CSIS TRMs, to be reviewed annually; and CAF’s operations in theatre and on the battlefield.
  • Law enforcement: covert or overt action activities to enforce laws, investigate crimes and make arrests. Law enforcement action activities on which NSIRA might concentrate, while being sensitive to the administration of justice and the concept of police independence in investigative decisions, include the CBSA’s targeting that leads to the identification and/or interception of high-risk people, goods and conveyances that pose a threat to the security of Canadians, and RCMP investigations that could lead to detention, arrest or prosecution.
  • Administrative: visible action activities taken in the act or process of administering a statutory power entrusted by Parliament to the federal government. Administrative action activities on which NSIRA might focus include: GAC’s implementation of foreign policy and trade sanctions; the Investment Canada Act reviews of investments that could be injurious to national security; the decision to add a person to the Secure Air Travel Act list under the Passenger Protect Program; and national security-related admissibility issues.

148. As NSIRA’s capacity to conduct reviews expands, we will compile a complete picture of the actions that national security and intelligence agencies take in exercising their mandates, and assess these actions for legal compliance, reasonableness and necessity.

Part 3: Complaints

Section I— NSIRA’s complaints investigation mandate

Under the NSIRA Act, one of NSIRA’s core functions is to investigate complaints in the following instances:

  • complaints with respect to an activity carried out by the Canadian Security Intelligence Service (CSIS) or the Communications Security Establishment (CSE);
  • complaints referred by the Civilian Review and Complaints Commission for the RCMP (CRCC) with respect to an activity by the Royal Canadian Mounted Police (RCMP) that is closely related to national security; and
  • complaints regarding the denial or revocation of security clearances to federal government employees and contractors.

150. Through the National Security Act, 2017, NSIRA inherited the complaints functions of the Security Intelligence Review Committee (SIRC) and the Office of the CSE Commissioner, which investigated complaints related to CSIS and CSE, respectively. In addition, NSIRA absorbed responsibility for investigating national security-related complaints against the RCMP. NSIRA also inherited SIRC’s complaints investigation infrastructure, but it was evident early in our mandate that the SIRC model needed to be enhanced to provide more timely and efficient investigations. NSIRA has therefore begun to rework the Rules of Procedure and enhance the overall process. NSIRA has also worked collaboratively with the RCMP and the CRCC to effectively manage national security-related complaints against the RCMP.

Section II— Synopsis of trends and key themes

151. NSIRA has experienced an increase in the volume of complaints we receive, specifically complaints against CSIS, as well as complaints relating to security clearances. In comparison to the complaints statistics in the SIRC annual report for 2017–18 and statistics for 2018–19, NSIRA has seen an increase of 40% for newly opened complaint files. In particular, complaints against CSIS have doubled and security clearance complaints have increased by 30%. NSIRA did not investigate most of the recent complaints against CSIS because we concluded that they were not in NSIRA’s jurisdiction — they did not concern an activity carried out by CSIS, or NSIRA was satisfied that the complaints were trivial, frivolous or made in bad faith.

152. The majority of the complaints received relating to the alleged denial or revocation of a security clearance did not fall within NSIRA’s mandate. Rather, it turned out they were related to a complainant’s reliability status or enhanced reliability status. NSIRA may only investigate complaints relating to security clearances, not reliability status matters. Complaints relating to reliability status generally must be challenged on judicial review in the Federal Court. As a result, NSIRA investigated very few security clearance complaints. A lesson drawn from the past year is that departments and agencies should ensure that they provide clear and accurate information regarding an individual’s rights of review and redress, and correctly identify both the nature of the security status at issue and the body to whom the person may complain as a result of being denied that status. By the same token, NSIRA is taking steps to increase the public’s awareness of our mandate, while also ensuring that complainants are informed of their redress mechanisms early on so that their rights to seek a remedy are preserved.

153. With respect to security clearance complaints investigated both by NSIRA and SIRC, some of the key issues revolved around out-of-country background checks and cases in which there was insufficient information to grant an individual a security clearance. One of the lessons derived from these types of complaints is that departments must ensure that individuals receive a written notice informing them of the reasons for the decision, if that is possible in the circumstances (i.e., such disclosure is not prohibited under federal legislation). Going forward, NSIRA will continue to encourage the parties to make efforts to informally resolve complaints at the earliest opportunity.

Section III— Whistleblower protection

154. The Public Servants Disclosure Protection Act (PSDPA) is whistleblowing legislation that offers federal public sector employees an external mechanism to report ethical breaches and to complain about reprisals that they believe they have suffered. The PSDPA, however, specifically excludes members of CSIS, CSE and the Canadian Armed Forces (CAF), as well as all people who wish to make a disclosure pertaining to special operational information. CSIS, CSE and the CAF have implemented internal mechanisms for disclosure of wrongdoing, pursuant to their requirements under the PSDPA. However, the current structure offers no external reporting mechanisms for disclosures that pertain to special operational information and/or for employees from CSIS, CSE or the CAF.

155. As discussed above, a “public interest defence” is available, in certain circumstances, to Canadian whistleblowers who are permanently bound to secrecy and who have been charged with certain offences under the Security of Information Act (SOIA). This defence is available only if the accused has followed the steps outlined in the SOIA before making the disclosure to the public. The SOIA identifies NSIRA as a forum in which, under certain conditions, this kind of disclosure of wrongdoing can be made. However, the SOIA does not describe how this process is meant to function procedurally nor does it articulate the role, if any, that NSIRA should play in accepting disclosures of wrongdoing from CSIS, CSE or CAF employees.

156. In previous correspondence to the Attorney General, NSIRA identified these legislative gaps and the negative implications for national security that can occur when democratic countries have deficient protocols for whistleblowing within their national security and intelligence communities. In the interim, NSIRA will be implementing internal procedures to address concerns brought forward by members of the security and intelligence community. If the concern brought to NSIRA is not within the scope of the public interest defence under section 15 of the SOIA, NSIRA can examine the matter if it relates to NSIRA’s review mandate, pursuant to subsection 8(1) of the NSIRA Act.

157. Canada’s threat environment and national security landscape require effective and robust protections for Canada’s national secrets and for the public servants who keep these secrets. Potential legislative amendments to enhance current whistleblowing protections for members of the security and intelligence community could include amendments to the SOIA, to the PSDPA or to the NSIRA Act. A key component of any legislative amendment would be external accountability and protections akin to those of the Office of the Integrity Commissioner under the PSDPA.

Section IV— Priorities for the year ahead

158. In 2020, NSIRA is modernizing the complaints process. NSIRA’s goal remains the just, efficient investigation and resolution of complaints. Modernization is needed to adapt to the changing complaints landscape. Two priorities will guide the modernization: access to justice for self-represented complainants and a broader spectrum of tools to streamline the resolution of complaints.

159. To this end, NSIRA is updating our website and revising our forms to provide clearer directions for potential complainants. We intend to place greater emphasis on explaining NSIRA’s jurisdiction, and how to file complaints, which should assist in a complaint starting in a timely fashion and in the correct forum. Further, the website will contain a guide for self-represented complainants, so they can better navigate each step of the process and have their complaint resolved in an appropriate way.

160. One size never fits all. Each complaint that NSIRA receives calls for a unique approach. As noted, we are currently updating our Rules of Procedure. The new rules will allow for greater flexibility, efficiency and transparency. Some of the changes under consideration are the following: a discussion of expectations with a complainant at the outset; a new process for quickly deciding jurisdiction; an interview with the complainant; more options for informal resolution; quick and standardized disclosure of information between the parties; and, a requirement for declassified file summaries and chronologies. NSIRA believes these changes will allow complaints investigations to proceed more quickly and in a more efficient manner.

Part 4: Engagement and transparency

As expressed in the National Security Act, 2017 preamble, “enhanced accountability and transparency are vital to ensuring public trust and confidence in Government of Canada institutions that carry out national security or intelligence activities.” Along with public engagement, these are core values for NSIRA and we consider each to be vital to ensuring that we fulfil our mandate. The benefits of public engagement have been underscored in recent years, including through the national security consultations undertaken by the government in 2016. Engagement with stakeholders during our first year of operation helped establish connections and relationships that we will build on in the years ahead. As outlined in this section, NSIRA has taken strong steps in our first year of operation to promote increased transparency of national security and intelligence activities. In addition to our own initiatives, NSIRA will continue to encourage departments and agencies to promote transparency of their activities, including in fulfilment of the National Security Transparency Commitment.

Section I— Engagement

162. In 2019, NSIRA launched a series of public engagements to increase awareness about the organization, to expand our network, and to deepen our understanding of Canadians’ concerns with respect to national security and intelligence activities. In 2019 and into 2020, we undertook engagement sessions throughout the country with various stakeholders, including academics, civil society, law enforcement and government organizations.

163. These sessions provided a valuable opportunity for NSIRA to hear from stakeholders about programs and issues that they recommended for NSIRA review, as well as the privacy and civil liberties risks they felt these programs presented. The uniformly positive feedback that NSIRA received from stakeholders demonstrated the value of these engagements.

164. Internationally, NSIRA continues to be actively involved with the Five Eyes Intelligence Oversight and Review Council, which allows NSIRA to: advance our knowledge of cross-cutting international themes in the area of national security and intelligence accountability; share priorities and compare best practices; collaborate on key issues of mutual interest; and promote coordinated review of issues of international importance.

165. Over the coming year NSIRA intends to continue our program of outreach and engagement. We will take advantage of opportunities to connect with stakeholders nationally and internationally via videoconference and, where possible, in person. In the year ahead, engagement will focus on four key areas:

  • expanding our network with respect to issues related to new and emerging technologies (including artificial intelligence), to better understand their use as well as the risks and opportunities they present from a national security accountability perspective;
  • broadening our dialogue with stakeholders to inform future review priorities;
  • building new relationships with community groups to demystify the complaints investigation process; and
  • scaling up recruitment efforts to ensure we continue to build an elite workforce with a diverse set of skills and backgrounds.

Section II— Transparency

166. NSIRA has taken a number of steps to increase openness and transparency related to our work and the work of the national security and intelligence community. We established a Twitter account early in our mandate, which we are using to share content, provide updates on our work and provide a platform for dialogue on security-related issues.

Redaction and writing for release

167. Over recent months, NSIRA has begun publishing reports from our predecessor organization, the Security Intelligence Review Committee (SIRC), that had been redacted for release to individuals who had applied to see the reports through the Access to Information Act. Under the Access to Information Act, the reports only had to be made available to the applicant. To support transparency, NSIRA plans to gradually publish online redacted versions of all SIRC reviews, from 1985 to 2019, which involves more than 270 reports.

168. To complement this initiative, NSIRA also wishes to proactively redact and release future NSIRA reports as they are approved and translated throughout the year, rather than waiting for the release of our annual report to publicize our findings and recommendations. This aims to enhance the timeliness and relevance of NSIRA’s work to public discourse on national security and intelligence issues. It also means that we can devote more time and space in future annual reports to discussing and analyzing horizontal or thematic trends, rather than individual (or vertical) reviews or issues.

169. NSIRA is working with departments and agencies to ensure that this new approach takes place in such a way that vital national security and intelligence information is protected, while at the same time providing the public with as much insight as possible into the results of our reviews. On a case-by-case basis, relevant ministers will be offered an opportunity to raise concerns with respect to the release of specific reports.

170. To facilitate redaction efforts and release reports in an efficient and timely manner, NSIRA has committed to making efforts to “write for release.” This method includes writing as much as possible at an unclassified level, including unclassified executive summaries; clearly identifying within a report what portions contain classified information; and leaving classified information out of the body of the report where possible and, instead, including it in footnotes or annexes.

Conclusion

171. We are very proud of NSIRA’s achievements during our first five months of operation. We have an ambitious agenda for the year ahead, despite the constraints imposed by the pandemic. We have set in motion a review plan that covers multiple issues over the coming year and will involve numerous departments and agencies. We are in the midst of significantly overhauling our complaints investigation process, with the aim of making it more accessible for all. We will also expand our corporate infrastructure to facilitate our growth over the years ahead, including through the acquisition of additional office space and the hiring of talented new staff.

172. We look forward to deepening our relations with other review and oversight bodies in Canada and internationally, as well as with diverse stakeholder groups to ensure that our work is as effective and as meaningful as possible. On that note, we hope that this report is useful. We encourage all readers to tell us their thoughts on the format, the content, and any aspects that we can improve in the next iteration.

173. We are very grateful to our staff for continuing to achieve strong results despite the challenges that the ongoing pandemic has presented. We look forward to tackling the many challenges and opportunities that await us in the year ahead.

Share this page
Date Modified:

Quarterly Report: For the quarter ended September 30th, 2020

Date of Publishing:

Introduction

This quarterly report has been prepared by management as required by section 65.1 of the Financial Administration Act and in the form and manner prescribed by the Directive on Accounting Standards, GC 4400 Departmental Quarterly Financial Report. This quarterly financial report should be read in conjunction with the 2020- 21 Main Estimates.

A summary description of the National Security and Intelligence Review Agency Secretariat (NSIRA) program activities can be found in Part II of the Main Estimates. For information on the mandate of NSIRA, please visit its website at http://www.nsira-ossnr.gc.ca.

This quarterly report has not been subject to an external audit or review. 

Mandate

The National Security and Intelligence Review Agency (NSIRA) is an independent external review body, which reports to Parliament. NSIRA was established in July of 2019 and is responsible to conduct reviews of the Government of Canada national security and intelligence activities to ensure that they are lawful, reasonable and necessary. NSIRA also hears public complaints regarding key national security agencies and activities. NSIRA replaces the Security Intelligence Review Committee (SIRC), which reviewed CSIS (Canadian Security Intelligence Service) activities as well as those related to the revocation or denial of security clearances. Going forward, it will also hear complaints regarding the Communication Security Establishment (CSE), as well as national security-related complaints regarding the RCMP.

Basis of presentation

This quarterly report has been prepared by management using an expenditure basis of accounting. The accompanying Statement of Authorities includes the department’s spending authorities granted by Parliament and those used by the department, consistent with the 2020-21 Main Estimates. This quarterly report has been prepared using a special purpose financial reporting framework (cash basis) designed to meet financial information needs with respect to the use of spending authorities.

The authority of Parliament is required before moneys can be spent by the Government. Approvals are given in the form of annually approved limits through appropriation acts or through legislation in the form of statutory spending authority for specific purposes.

Highlights of the fiscal quarter and fiscal year-to-date results

This section highlights the significant items that contributed to the net increase or decrease in authorities available for the year and actual expenditures for the quarter ended September 30, 2020.

NSIRA spent approximately 20% of its authorities by the end of the second quarter, compared to 34% in the same quarter of 2019-20 (see graph 1 below).

Graph 1: Comparison of total authorities and total net budgetary expenditures, Q2 2020–21 and Q2 2019–20

Graph: Comparison of total authorities and total net budgetary expenditures - Text version follows
Comparison of total authorities and total net budgetary expenditures, Q2 2020–21 and Q2 2019–20
  2020-21 2019-20
Total Authorities $20.5 $5.3
Q2 Expenditures $2.7 $1.0
Year-to-Date Expenditures $4.0 $1.8

Significant changes to authorities

As per graph 2 below as at September 30, 2020, NSIRA had authorities available for use of $20.5 million in 2020-21 compared to $5.3 million as of September 30, 2019, for a net increase of $15.2 million or 287%.

Graph 2: Variance in authorities as at September 30, 2020

Graph: Variance in authorities as at September 30, 2020 - Text version follows
Variance in authorities as at September 30, 2020 (in millions)
  Fiscal year 2019-20 total available for use for the year ended March 31, 2020 Fiscal year 2020-21 total available for use for the year ended March 31, 2021
Vote 1 – Operating $4.8 $19.2
Statutory $0.5 $1.2
Total budgetary authorities $5.3 $20.5

Due to the COVID-19 pandemic and limited sessions in the spring for Parliament to study supply, the Standing Orders of the House of Commons were amended to extend the study period into the Fall. As a result, NSIRA is expected to receive full supply for the 2020-21 Main Estimates in December 2020.

The authorities’ increase of $15.2 million is explained by the approval of funding for the mandate of NSIRA. A portion of the increase, $5.0 M, is to be used to initiate temporary and permanent accommodation projects.

Significant changes to quarter expenditures

The second quarter expenditures totaled $2.7M for an increase of $1.7M when compared to $1M spent during the same period in 2019-20. Table 1 below presents budgetary expenditures by standard object.

Table 1

Material Variances to Expenditures by Standard Object Fiscal year 2020-21: expended during the quarter ended September 30, 2020 Fiscal year 2019-20: expended during the quarter ended September 30, 2019 Variance $ Variance %
Personnel 2,229 761 1,468 193%
Transportation and communications 12 55 (43) (78%)
Information (9) 0 (9)
Professional and special services 275 91 184 202%
Rentals 64 14 50 357%
Repair and maintenance 4 6 (2) (33%)
Utilities, materials and supplies (3) 3 (6) (200%)
Acquisition of machinery and equipment 43 23 20 87%
Other subsidies and payment 42 47 (5) (11%)
Total gross budgetary expenditures 2,656 1,000 1,656 166%

Personnel

The increase of $1.5M relates to additional staffing to support NSIRA’s new departmental mandate.

Transportation and communications

The increase of $1.5M relates to additional staffing to support NSIRA’s new departmental mandate.

Information

The decrease of $9K is explained by a reallocation of expenditures between standard objects.

Professional and special services

The increase of $184K is mainly due to large contracts in Management consulting.

Rentals

The increase of $50K is mostly explained by the timing of the invoices as well as new software licence costs.

Utilities, Materials and Supplies

The decrease of $6K is explained by a reallocation of expenses between standard objects.

Acquisition of machinery and equipment

The increase of $20K is mainly explained by furniture acquisitions and office remodelling to accommodate the increased number of employees.

Other Subsidies and payments

The decrease of $5K is due to multiple salary overpayments processed in the second quarter of 2019-20 which didn’t occur in 2020-21

Significant changes to year-to-date expenditures

Year-to-date expenditures recorded to the end of the second quarter totaled $4.0M for an increase of $2.2M when compared to $1.8M spent during the same period in 2019-20. Table 2 below presents budgetary expenditures by standard object.

Table 2

Material Variances to Expenditures by Standard Object YTD Expenditures as of September 30, 2020 YTD Expenditures as of September 30, 2019 Variance $ Variance %
Personnel 3,340 1,310 2,030 155%
Transportation and communications 19 85 (66) (78%)
Information 41 4 37 925%
Professional and special services 343 178 165 93%
Rentals 64 39 25 64%
Repair and maintenance 57 7 50 714%
Utilities, materials and supplies 7 7 0 0%
Acquisition of machinery and equipment 43 28 15 54%
Other subsidies and payment 42 144 (102) (71%)
Total gross budgetary expenditures 3,955 1,801 2,154 120%

Personnel

The increase of $2M is mainly related to staffing to support NSIRA’s new departmental mandate as well as timing of salary recoveries by other government departments.

Transportation and communications

The decrease of $66K is mainly explained by lack of travel due to the COVID-19 pandemic.

Information

The increase of $37K is explained by higher expenditures for electronic subscriptions and communication consultants.

Professional and special services

The increase of $165K is mainly due to large contract in Management consulting.

Rentals

The increase of $25K is mostly explained by new software licence costs.

Acquisition of machinery and equipment

The increase of $15K is mainly explained by furniture acquisitions and office remodelling to accommodate the increase in number of employees.

Other Subsidies and payments

The decrease of $102K is due to multiple Salary Overpayments processed in first two quarters of 2019-20.

Risks and uncertainties

The COVID-19 pandemic had a significant impact on the ability of NSIRA to grow its organization in a way that is commensurate with its new mandate. The physical distancing requirements decreased the ability of staff to concurrently work with departments and agencies subject to reviews. In light of that, NSIRA revised its Review Plan and has advanced the introduction of a new approach to the review of complaints.

The ability to hire a sufficient number of qualified personnel within relevant timelines remains a short- and medium-term risk for NSIRA, particularly given the specialized knowledge and skillset required for many positions. This is further compounded by the requirement for candidates to obtain a Top Secret security clearance, which can incur significant delays, especially during the pandemic.

While NSIRA has been able to secure temporary space to address its immediate space requirements, the timing at which this staff will be able to operate within this high security zone has still not been determined. NSIRA is working closely with Public Services and Procurement Canada to expedite the fit-up plans.

The ability of NSIRA to access the information it needs to do its work and speak to the relevant internal stakeholders to understand policies, operations and ongoing issues is closely tied to the reviewed departments’ capacity to respond to the demands of NSIRA. The pandemic impacts and existing resource constraints of the reviewed departments could delay NSIRA’s ability to deliver on its mandate in a timely way.

NSIRA is closely monitoring pay transactions to identify and address over and under payments in a timely manner and continues to apply ongoing mitigating controls, which were implemented in 2016.

Mitigation measures for the risks outlined above have been identified and are factored into NSIRA’s approach to the conduct of its mandate.

Significant changes in relation to operations, personnel and programs

The pandemic forced changes in the way NSIRA conducts operations. The requirement for physical distancing and the existing challenge with respect to high security zone accommodation has led NSIRA to authorize staff to work with nonsensitive files from home.

Murray Rankin, Chair of NSIRA, has left the Agency. Honourable L. Yves Fortier has been designated acting Chair.

There have been no new Governor-in-Council appointments during the second quarter.

There have been no changes to the NSIRA Program.

Approved by senior officials:

John Davies
Executive Director

Pierre Souligny
Senior Director, Corporate Services, Chief Financial Officer

Appendix

Statement of authorities (Unaudited)

(in thousands of dollars)

  Fiscal year 2020–21 Fiscal year 2019–20
  Total available for use for the year ending March 31, 2021 (note 1) Used during the quarter ended September 30, 2020 Year to date used at quarter-end Total available for use for the year ending March 31, 2020 (note 1) Used during the quarter ended September 30, 2019 Year to date used at quarter-end
Vote 1 – Net operating expenditures 19,217 2,285 3,213 4,809 869 1,538
Budgetary statutory authorities
Contributions to employee benefit plans 1,237 371 742 526 131 263
Total budgetary authorities 20,453 2,656 3,955 5,334 1,000 1,801

Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.

Note 2: Details may not add to totals due to rounding

Departmental budgetary expenditures by standard object (unaudited)

(in thousands of dollars)

  Fiscal year 2020–21 Fiscal year 2019–20
  Planned expenditures for the year ending March 31, 2021 (note 1) Expended during the quarter ended September 30, 2020 Year to date used at quarter-end Planned expenditures for the year ending March 31, 2020 Expended during the quarter ended September 30, 2019 Year to date used at quarter-end
Expenditures
Personnel 9,592 2,229 3,340 4,142 761 1,310
Transportation and communications 968 12 19 232 55 85
Information 303 (9) 41 76 4
Professional and special services 2,708 275 343 465 91 178
Rentals 197 64 64 70 14 39
Repair and maintenance 5,945 4 57 4 6 7
Utilities, materials and supplies 144 (3) 7 29 3 7
Acquisition of machinery and equipment 327 43 43 315 23 28
Other subsidies and payments 268 42 42 2 47 144
Total gross budgetary expenditures
(note 2)
20,453 2,656 3,955 5,334 1,000 1,801

Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.

Note 2: Details may not sum to totals due to rounding.

Share this page
Date Modified:

Departmental Plan: 2020-2021

Meta data information

Cat. Number: PS106-6E-PDF
ISSN: 2563-0334

© Her Majesty the Queen in Right of Canada, as represented by the National Security and Intelligence Review Agency, 2020.

Date of Publishing:

Message from the Chair

It is an honour and a privilege to be named the inaugural Chair of the National Security and Intelligence Review Agency (NSIRA).

NSIRA is comprised of seven appointed members, working with a Secretariat with expertise in review, law, national security and policy. NSIRA has a mandate to review any Government of Canada national security and intelligence activities to ensure that they are lawful, reasonable and necessary. NSIRA also investigates complaints from members of the public regarding national security agencies and activities. Its recent creation fills a longstanding gap in Canada’s national security architecture and significantly strengthens our framework for national security accountability.

NSIRA will report on its work through a variety of mechanisms. It is required to produce an unclassified annual report summarizing the full range of its activities, findings, and recommendations. This annual report is to be submitted to the Prime Minister and tabled in both Houses of Parliament. NSIRA is also required to submit annual reports to the Minister of Public Safety and the Minister of National Defence regarding the activities of the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), respectively, as well as an additional annual report to the Minister of Public Safety regarding disclosures under the Security of Canada Information Disclosure Act (SCIDA). As the Chair of NSIRA, I am required on an annual basis to brief the Minister of Public Safety on CSIS’ exercise of its powers, duties and functions, and to do the same for the Minister of National Defence with respect to CSE.

NSIRA will also work with the National Security and Intelligence Committee of Parliamentarians (NSICOP) and the Privacy Commissioner on issues of common interest, to maximize both the effectiveness and the efficiency of national security review activities.

I am grateful for the support that I have received thus far in my new role, and I look forward to continuing to work with my colleagues in the year ahead in fulfilling NSIRA’s important new mandate.

Murray Rankin, Q.C.

Chair, National Security and Intelligence Review Agency

Message from the Executive Director

It is my pleasure to submit the first Departmental Plan for the National Security and Intelligence Review Agency, for 2020-21.

During our first full year of operation, we will focus on transitioning to a much broader mandate, which now includes review of national security and intelligence activities across the Government of Canada, as well as the investigation of complaints related to CSIS, CSE, and national security complaints related to the Royal Canadian Mounted Police (RCMP).

We will focus on building a strong network of partnerships to help us define our research priorities and deliver on our mandate in an increasingly complex national security environment. In doing so, we also want to be more transparent with Canadians. A longer term vision is being developed and will be articulated in greater detail in our forthcoming annual report. Ensuring a healthy work environment so that all employees feel valued and included is key to attaining this vision.

I hope that you find the information below useful in detailing how NSIRA is resourced and intends to fulfill its mandate in the year ahead.

John Davies
Executive Director

Plans at a glance

Established in July 2019, NSIRA represents a significant enhancement for national security accountability in Canada. NSIRA has a statutory mandate to review the activities of CSIS and CSE, as well as the national security and intelligence activities of all other federal departments and agencies. To fulfill its review mandate, NSIRA has unfettered access to classified information other than Cabinet confidences. In addition, NSIRA inherited the complaints investigation functions of the Security Intelligence Review Committee (SIRC), which was responsible for hearing complaints from members of the public regarding the actions of CSIS, as well as those related to the revocation or denial of security clearances. Going forward, it will also hear complaints regarding the CSE, as well as national security-related complaints regarding the RCMP.

In its first full year of operations, NSIRA will focus on ensuring it transitions effectively to a much larger organization with a much broader mandate. This includes: securing new accommodations; effective staffing and knowledge development; establishing strong working relations with review partners and other Canadian review bodies; and, delivering on mandatory reporting requirements as noted in the National Security and Intelligence Review Agency Act. Going forward, as NSIRA’s institutional capacity adapts, reviews will grow in complexity and sophistication, with an increasing focus on inter-agency activities. A key planning tool to be developed is a three-year research plan. This plan will guide resource allocation and staffing decisions over the medium term.

NSIRA is committed to: openness and transparency to connect better with Canadians; methodological excellence to ensure the quality of our work; and, forward thinking and innovation, including how we consider the impacts of new technology and an ever-changing national security environment. NSIRA understands the importance of organizational health and wellness as fundamental to our success. As we act on these values, NSIRA expects to be well positioned to deliver on our mandate.

For more information on the NSIRA’s plans, priorities and planned results, see the “Core responsibilities: planned results and resources, and key risks” section of this report.

Core responsibilities: planned results and resources, and key risks

Assist the National Security and Intelligence Review Agency

Description

The Secretariat will assist NSIRA members in fulfilling the agency’s mandate. The Secretariat will conduct a range of activities to support the agency, including accessing relevant information and providing strategic and expert advice in the conduct of reviews, quasi-judicial investigation of complaints and the development of reports. It will also provide administrative support in arranging for briefings, hearings and consultations with stakeholders and international counterparts, and support to ensure compliance with security requirements.

Planning highlights

NSIRA will directly contribute to enhancing scrutiny of, and accountability for, national security and intelligence activities undertaken by Government of Canada institutions. This will increase public confidence that these activities are thoroughly reviewed and assessed as to whether they are lawful, reasonable and necessary.

Work in the year ahead will focus on adapting to NSIRA’s broad new mandate. This will involve building knowledge of the national security and intelligence activities of departments and agencies across the Government of Canada, in support of both the review and complaints investigations functions. Staffing new positions with high-quality candidates who can bring specialized knowledge and expertise to the organization will be a key priority.

NSIRA will carry out a number of activities in 2020-21 in support of its new mandate, including:

  • Supporting the development of reports, including on specific annual mandatory reviews and the NSIRA’s annual public report, which will be submitted to the Prime Minister;
  • Developing a medium-term research plan that reflects the broad scope of NSIRA’s new review mandate and the modern realities of inter-agency cooperation in the field of national security;
  • Working actively with its counterparts at the NSICOP, the Office of the Privacy Commissioner, and the Office of the Intelligence Commissioner to foster productive collaboration within the Canadian review community;
  • Undertaking the investigation of complaints, updating procedures and establishing protocols in relation to the newly expanded aspects of this function;
  • Exploring ways to continue to build relationships with like-mandated international review bodies to participate in the exchange of best practices; and,
  • Enhancing NSIRA’s engagement with Canadians on matters of national security and intelligence in order to build public trust.

Gender-based analysis plus

NSIRA is committed to developing a diverse and inclusive workforce comprised of individuals with a broad range of backgrounds and perspectives. The NSIRA Secretariat recently issued its first employee survey to establish baselines on employee demographics as well as on matters related to workplace wellness. In the year ahead, a number of steps will be taken to follow up on this initiative and to foster an inclusive and positive work environment. Greater diversity in the workforce is an important staffing objective for the organization.

NSIRA is also mindful of the potential impact that national security and intelligence activities can have on diverse communities in Canada. This and related issues can arise in the context of reviews as well as complaints, and NSIRA has the authority to scrutinize national security and intelligence activities for signs of bias and discrimination.

In the year ahead, NSIRA will engage Canadians to discuss research planning and priorities, as well as findings and recommendations of interest, and to better understand concerns regarding differential impacts of national security and intelligence activities. This engagement will include a diverse range of stakeholder groups.

NSIRA is also aware of concerns about bias and unfair targeting in the context of new and emerging technologies. In the year ahead, we will work to better understand this issue and the implications that it entails for Canadians. We are also exploring training tools for NSIRA staff to ensure that considerations related to Gender-based analysis plus are incorporated into our review methodology.

Key risks

The ability to hire a sufficient number of qualified personnel within relevant timelines remains a short- and medium-term risk for NSIRA, particularly given the specialized knowledge and skillsets required for many positions. This is further compounded by the requirement for candidates to obtain a Top Secret security clearance, which can incur significant delays.

The ability to expand into additional secure accommodations in a timely manner is also a significant risk for NSIRA, given that its mandate requires it to operate within a high security zone. A lack of secure accommodations would negatively impact the ability of NSIRA to hire large numbers of staff, impeding its ability to deliver on its mandate.

The ability to ensure that NSIRA’s work is conducted in accordance with the highest security standards remains top-of-mind for the organization. In the year ahead, we will work to ensure that employees are aware of and abide by all relevant security protocols, while ensuring that our accommodations and information systems are fit-for-purpose. In this regard, we will work with the national security community to ensure that they have confidence in our approach.

The ability of NSIRA to access the information it needs to do its work and speak to the relevant internal stakeholders to understand policies, operations and ongoing issues is closely tied to the reviewed departments’ capacity to respond to the demands of NSIRA. The resource constraints of the reviewed departments could delay NSIRA’s ability to deliver on its mandate in a timely way.

Mitigation measures for the risks outlined above will be developed and factored into NSIRA’s work throughout the year ahead.

Planned results for assisting the National Security and Intelligence Review Agency

NSIRA’s Departmental Results Framework, with accompanying results and indicators, is under development. Additional information on key performance measures will be included in the 2021- 22 Departmental Plan.

Financial, human resources and performance information for NSIRA’s program inventory is available in the GC InfoBase.

Planned budgetary financial resources for assisting the National Security and Intelligence Review Agency

2020–21 budgetary spending (as indicated in Main Estimates) 2020–21 planned spending 2021–22 planned spending 2022–23 planned spending
11,309,411 11,309,411 12,107,192 13,842,015

Financial, human resources and performance information for NSIRA’s program inventory is available in the GC InfoBase.

Planned human resources for assisting the National Security and Intelligence Review Agency

2020–21 planned full-time equivalents 2021–22 planned full-time equivalents 2022–23 planned full-time equivalents
48 75 75

Financial, human resources and performance information for NSIRA’s program inventory is available in the GC InfoBase.

Internal Services: planned results

Description

Internal Services are those groups of related activities and resources that the federal government considers to be services in support of Programs and/or required to meet corporate obligations of an organization. Internal Services refers to the activities and resources of the 10 distinct services that support Program delivery in the organization, regardless of the Internal Services delivery model in a department. These services are:

  • Management and Oversight Services
  • Communications Services
  • Legal Services
  • Human Resources Management Services
  • Financial Management Services
  • Information Management Services
  • Information Technology Services
  • Real Property Management Services
  • Materiel Management Services
  • Acquisition Management Services

Planning highlights

In this first full year of operations, NSIRA will focus on expanding into additional secure facilities and on staffing vacant positions. The Secretariat is working with officials from the Privy Council Office and Public Services and Procurement Canada to identify opportunities for expansion into an additional high security zone, as well as opportunities to retrofit existing spaces for eventual occupation. On the issue of human resources, the Secretariat is recruiting with a view to ensuring that new staff are diverse and have the necessary skills and core competencies that will provide NSIRA with high-quality support it requires over the long term.

The Secretariat will also work to ensure that staff are equipped with the necessary Information Management/Information Technology (IM/IT) systems, equipment and support services to perform their work, as the organization grows.

Planned budgetary financial resources for Internal Services

2020–21 budgetary spending (as indicated in Main Estimates) 2020–21 planned spending 2021–22 planned spending 2022–23 planned spending
12,975,559 12,975,559 12,107,192 4,614,005

Funding for 2020-21 and 2021-22 is higher than ongoing funding figures due to plans for funds being used for the building and refurbishing of additional office space.

Planned human resources for Internal Services

2020–21 planned full-time equivalents 2021–22 planned full-time equivalents 2022–23 planned full-time equivalents
22 25 25

Financial, human resources and performance information for NSIRA’s program inventory is available in the GC InfoBase.

Spending and human resources

This section provides an overview of the department’s planned spending and human resources for the next three consecutive fiscal years, and compares planned spending for the upcoming year with the current year’s spending.

Planned spending

Departmental spending 2017–18 to 2022–23

The following graph presents planned (voted and statutory) spending over time.

The figures in the graph above reflect the fact that NSIRA was established part-way through the 2019-20 fiscal year, with a coming-into-force date of July 12, 2019. Fiscal Year 2019-20 presents forecast spending for the current fiscal year. Fiscal years 2020-21 to 2022-23 present planned spending based on approved authorities. The planned spending for 2020-21 and 2021-22 includes funding for construction and fit-up of secure office space required by NSIRA for its activities.

Budgetary planning summary for core responsibilities and Internal Services (dollars)

The following table shows actual, forecast and planned spending for NSIRA’s core responsibility and for Internal Services for the years relevant to the current planning year.

Core responsibilities and Internal Services 2017–18 expenditures 2018–19 expenditures 2019–20 forecast spending 2020–21 budgetary spending (as indicated in Main Estimates) 2020–21 planned spending 2021–22 planned spending 2022–23 planned spending
National Security and Intelligence Reviews and Complaints Investigations N/A N/A 2,964,990 11,309,411 11,309,411 12,107,192 13,842,015
Subtotal N/A N/A 2,964,990 11,309,411 11,309,411 12,107,192 13,842,015
Internal Services N/A N/A 4,984,840 12,975,559 12,975,559 12,107,192 4,614,005
Total N/A N/A 7,949,830 24,284,970 24,284,970 24,214,384 18,456,020

As NSIRA was created on July 12, 2019, there is no comparative information to provide for prior years. Numbers for 2019-20 are for the reporting period July 12, 2019 – March 31, 2020.

Due to delays in acquiring and fitting up a second office site for the growing organization, NSIRA is expected to lapse funds, allocated for construction and equipping office space in 2019-20. Planned spending for 2022-23 shows the ongoing financial authorities after completion of the office expansion project.

Planned human resources

The following table shows actual, forecast and planned full-time equivalents (FTEs) for the core responsibility in NSIRA’s departmental results framework and for Internal Services for the years relevant to the current planning year.

Human resources planning summary for core responsibilities and Internal Services

Core responsibilities and Internal Services 2017-18 Actual full-time equivalents 2018-19 Actual full-time equivalents 2019-20 Forecast full-time equivalents 2020-21 Planned full-time equivalents 2021-22 Planned full-time equivalents 2022-23 Planned full-time equivalents
Assist the National Security and Intelligence Review Agency N/A N/A 24 48 75 75
Subtotal N/A N/A 24 48 75 75
Internal Services N/A N/A 15 22 25 25
Total N/A N/A 39 70 100 100

Accommodations challenges as well as security clearance requirements pushed anticipated staffing actions to future reporting periods. As NSIRA evolves, it will need to prioritize staffing efforts in order to fulfill its expanded mandate.

Estimates by vote

Information on NSIRA’s organizational appropriations is available in the 2020–21 Main Estimates.

Condensed future-oriented statement of operations

The condensed future-oriented statement of operations provides an overview of NSIRA’s operations for 2019–20 to 2020–21.

The amounts for forecast and planned results in this statement of operations were prepared on an accrual basis. The amounts for forecast and planned spending presented in other sections of the Departmental Plan were prepared on an expenditure basis. Amounts may therefore differ.

A more detailed future-oriented statement of operations and associated notes, including a reconciliation of the net cost of operations to the requested authorities, are available on NSIRA’s website.

Human resources planning summary for core responsibilities and Internal Services

Financial information 2019-20 Forecast results 2020-21 Planned results Difference (2020-21 planned results minus 2019-20 Forecast results)
Total expenses 8,924,002 25,780,059 16,856,058
Total revenues 248 248 0
Net cost of operations before government funding and transfers 8,923,754 25,779,811 16,856,058

The large increase between planned results for 2020-21 and forecasted results for 2019-20 is due to the later-than-expected royal assent of the National Security and Intelligence Review Agency Act and the coming-into-force of the NSIRA. The difference has been further compounded by the challenge of finding suitable highly secure accommodations and the resulting inability to complete planned hiring in 2019-20.

Corporate Information

Organizational profile

Appropriate minister: The Right Honourable Justin Trudeau, Prime Minister of Canada
Institutional head: John Davies, Executive Director
Ministerial portfolio: Privy Council Office
Enabling instrument: National Security and Intelligence Review Agency Act
Year of incorporation / commencement: 2019

Raison d’être, mandate and role: who we are and what we do

“Raison d’être, mandate and role: who we are and what we do” is available on NSIRA‘s website.

Operating context

Information on the operating context is available on NSIRA’s website.

Reporting framework

NSIRA’s Departmental Results Framework, with accompanying results and indicators, is under development. Additional information on key performance measures will be included in the 2021- 22 Departmental Plan.

Supporting information on the program inventory

Supporting information on planned expenditures, human resources, and results related to NSIRA’s program inventory is available in the GC InfoBase.

Supplementary information tables

The following supplementary information tables are available on NSIRA‘s website.

  • Departmental Sustainable Development Strategy
  • Gender-based analysis plus

Federal tax expenditures

NSIRA’s Departmental Plan does not include information on tax expenditures that relate to its planned results for 2020–21.

Tax expenditures are the responsibility of the Minister of Finance, and the Department of Finance Canada publishes cost estimates and projections for government-wide tax expenditures each year in the Report on Federal Tax Expenditures. This report provides detailed information on tax expenditures, including objectives, historical background and references to related federal spending programs, as well as evaluations, research papers and gender-based analysis. The tax measures presented in this report are solely the responsibility of the Minister of Finance.

Organizational contact information

National Security and Intelligence Review Agency
P.O. Box 2430, Station “D” Ottawa, Ontario
K1P 5W5


Fax: 613-907-4445
Email: info@nsira-ossnr.gc.ca
Website: www.nsira-ossnr.gc.ca

Appendix: definitions

appropriation (crédit)

Any authority of Parliament to pay money out of the Consolidated Revenue Fund.

budgetary expenditures (dépenses budgétaires)

Operating and capital expenditures; transfer payments to other levels of government, organizations or individuals; and payments to Crown corporations.

core responsibility (responsabilité essentielle)

An enduring function or role performed by a department. The intentions of the department with respect to a core responsibility are reflected in one or more related departmental results that the department seeks to contribute to or influence.

Departmental Plan (plan ministériel)

A report on the plans and expected performance of an appropriated department over a 3‑year period. Departmental Plans are usually tabled in Parliament each spring.

departmental priority (priorité)

A plan or project that a department has chosen to focus and report on during the planning period. Priorities represent the things that are most important or what must be done first to support the achievement of the desired departmental results.

departmental result (résultat ministériel)

A consequence or outcome that a department seeks to achieve. A departmental result is often outside departments’ immediate control, but it should be influenced by program-level outcomes.

departmental result indicator (indicateur de résultat ministériel)

A quantitative measure of progress on a departmental result.

departmental results framework (cadre ministériel des résultats)

A framework that connects the department’s core responsibilities to its departmental results and departmental result indicators.

Departmental Results Report (rapport sur les résultats ministériels)

A report on a department’s actual accomplishments against the plans, priorities and expected results set out in the corresponding Departmental Plan.

experimentation (expérimentation)

The conducting of activities that seek to first explore, then test and compare the effects and impacts of policies and interventions in order to inform evidence-based decision-making, and improve outcomes for Canadians, by learning what works, for whom and in what circumstances. Experimentation is related to, but distinct from innovation (the trying of new things), because it involves a rigorous comparison of results. For example, using a new website to communicate with Canadians can be an innovation; systematically testing the new website against existing outreach tools or an old website to see which one leads to more engagement, is experimentation.

full‑time equivalent (équivalent temps plein)

A measure of the extent to which an employee represents a full person‑year charge against a departmental budget. For a particular position, the full‑time equivalent figure is the ratio of number of hours the person actually works divided by the standard number of hours set out in the person’s collective agreement.

gender-based analysis plus (GBA Plus) (analyse comparative entre les sexes plus [ACS Plus])

An analytical process used to assess how diverse groups of women, men and gender-diverse people experience policies, programs and services based on multiple factors including race ethnicity, religion, age, and mental or physical disability.

government-wide priorities (priorités pangouvernementales)

For the purpose of the 2020–21 Departmental Results Report, those high-level themes outlining the government’s agenda in the 2019 Speech from the Throne, namely: Fighting climate change; Strengthening the Middle Class; Walking the road of reconciliation; Keeping Canadians safe and healthy; and Positioning Canada for success in an uncertain world.

horizontal initiative (initiative horizontale)

An initiative where two or more federal organizations are given funding to pursue a shared outcome, often linked to a government priority.

non‑budgetary expenditures (dépenses non budgétaires)

Net outlays and receipts related to loans, investments and advances, which change the composition of the financial assets of the Government of Canada.

performance (rendement)

What an organization did with its resources to achieve its results, how well those results compare to what the organization intended to achieve, and how well lessons learned have been identified.

performance indicator (indicateur de rendement)

A qualitative or quantitative means of measuring an output or outcome, with the intention of gauging the performance of an organization, program, policy or initiative respecting expected results.

performance reporting (production de rapports sur le rendement)

The process of communicating evidence‑based performance information. Performance reporting supports decision making, accountability and transparency.

plan (plan)

The articulation of strategic choices, which provides information on how an organization intends to achieve its priorities and associated results. Generally, a plan will explain the logic behind the strategies chosen and tend to focus on actions that lead to the expected result.

planned spending (dépenses prévues)

For Departmental Plans and Departmental Results Reports, planned spending refers to those amounts presented in Main Estimates.

A department is expected to be aware of the authorities that it has sought and received. The determination of planned spending is a departmental responsibility, and departments must be able to defend the expenditure and accrual numbers presented in their Departmental Plans and Departmental Results Reports.

program (programme)

Individual or groups of services, activities or combinations thereof that are managed together within the department and focus on a specific set of outputs, outcomes or service levels.

program inventory (répertoire des programmes)

Identifies all the department’s programs and describes how resources are organized to contribute to the department’s core responsibilities and results.

result (résultat)

A consequence attributed, in part, to an organization, policy, program or initiative. Results are not within the control of a single organization, policy, program or initiative; instead they are within the area of the organization’s influence.

statutory expenditures (dépenses législatives)

Expenditures that Parliament has approved through legislation other than appropriation acts. The legislation sets out the purpose of the expenditures and the terms and conditions under which they may be made.

target (cible)

A measurable performance or success level that an organization, program or initiative plans to achieve within a specified time period. Targets can be either quantitative or qualitative.

voted expenditures (dépenses votées)

Expenditures that Parliament approves annually through an appropriation act. The vote wording becomes the governing conditions under which these expenditures may be made.

Share this page
Date Modified:

Departmental Results Report: 2019-20

Meta data information

Cat. Number: PS106-8E-PDF
ISSN: 2563-5174

© Her Majesty the Queen in Right of Canada, 2020

Date of Publishing:

Message from the Executive Director

The National Security and Intelligence Review Agency (NSIRA) experienced significant growth and transformation in the 2019-20 fiscal year. With the coming into force of the National Security and Intelligence Review Agency Act in July 2019, our focus has been on transitioning the Security Intelligence Review Committee (SIRC) to an organization with a much broader mandate.

This has involved hiring and accommodating the talent required to deliver NSIRA’s expansive mandate, roughly doubling the staff complement throughout the fiscal year. It also has involved scaling up physical, personnel and information security practices, and implementing new policies and procedures for pay and finance systems.

In our first year, we have established strong working relationships with organizations newly subject to review. We have also worked to ensure effective collaboration with other accountability bodies, such as the National Security and Intelligence Committee of Parliamentarians, the Office of the Privacy Commissioner, and the Civilian Review and Complaints Commission for the RCMP. These relationships will continue to serve our respective organizations well in the management of complaints investigations and as the review agenda grows in complexity and sophistication, with an increasing focus on interagency activities. To this end, 2019-20 marked the establishment of NSIRA’s first three-year review plan, which reflects the broader scope of NSIRA’s review mandate.

With respect to complaints investigations, NSIRA’s mandate expanded from complaints related to the Canadian Security Intelligence Service to include complaints related to the Communications Security Establishment and, where there is a close nexus to national security, the Royal Canadian Mounted Police. Work in 2019-20 included updating procedures and establishing protocols for the new aspects of this function. Our work reforming the complaints investigations process so that it is more timely and more accessible to the public will continue into 2020-21.

NSIRA’s core values centre on public engagement and transparency. With the support of staff, NSIRA members held numerous outreach and stakeholder engagement sessions in 2019-20, including to explain our new mandate, learn about stakeholder priorities and demystify the complaints process. NSIRA also began releasing online redacted versions of SIRC reports that had previously been released to applicants under the Access to Information Act. Our intention is to enhance public dialogue on issues related to national security and intelligence. Going forward, NSIRA is committed to proactively, in consultation with relevant ministers, redacting and releasing our reviews as they are completed throughout the year.

I am extremely proud of the way that NSIRA staff have adapted to NSIRA’s expanded mandate, and of the professionalism, objectivity and energy that they bring to their work, even more so during the ongoing COVID-19 pandemic. I wish to thank NSIRA staff for their continued commitment to and flexibility regarding new work arrangements during this especially challenging time.

I am confident that this enthusiasm and hard work will find us in good stead in the year ahead as we continue to expand our corporate infrastructure to facilitate growth, and as we embark on an ambitious agenda of review, complaints investigation and stakeholder engagement.

John Davies
Executive Director
National Security and Intelligence Review Agency

Results at a glance and operating context

Actual spending

2019-20 : $6,921,056

Actual human resources

2019–20 full-time equivalents : 36.9

The total actual spending and actual human resources used over fiscal year 2019-20 comprises resources spent and used by SIRC until July 2019 and by its successor NSIRA from July 12, 2019, until year-end.

On July 12, 2019, Canada’s framework for national security accountability underwent a major transformation with the creation of the National Security and Intelligence Review Agency (NSIRA), the coming into force of the NSIRA Act and by the earlier passage of Bill-C59 – National Security Act, 2017.

Although NSIRA inherited some corporate infrastructure from SIRC, NSIRA’s mandate extends far beyond SIRC’s focus on activities performed by the Canadian Security Intelligence Service (CSIS). NSIRA is an independent organization mandated to review all Government of Canada national security and intelligence activities to assess whether they are lawful, comply with ministerial direction, reasonable and necessary.

NSIRA’s complaints investigation mandate also extends beyond CSIS, to include complaints regarding the Communications Security Establishment (CSE), as well as complaints related to national security activities of the Royal Canadian Mounted Police (RCMP).

With these significant changes taking effect in 2019-20, activities have mainly focused on establishing the necessary foundation for delivering on the expanded mandate.

Some of the key results achieved over the course of 2019-20 by SIRC and NSIRA include the following:

  • Better inform Canadians and Parliamentarians

To reflect its expanded mandate, NSIRA created new teams to build capacity in reviewing all of the federal departments and agencies engaged in national security and intelligence activities.

This fiscal year, NSIRA approved and completed five reviews: three focused on CSIS activities; one was a review of CSE activities; and one was the first NSIRA interdepartmental review, which examined how six federal departments implemented ministerial direction. NSIRA developed a risk-based approach for choosing the subjects of reviews to ensure close and continuous scrutiny of high-risk areas, emerging threats, intelligence priorities and activities identified in the course of the reviews. NSIRA also adopted a longer-term approach to planning its reviews and developed a three-year evidence-based, comprehensive review plan, to ensure that programs and activities span the entire national security and intelligence community and will better inform Canadians and parliamentarians. The NSIRA members approved the review plan in February 2020. During the course of this fiscal year, NSIRA also took steps toward redacting SIRC’s classified reviews and translating them, in preparation for publication on its website.

Finally, NSIRA’s Chair continued to engage with ministers and departments and agencies at senior levels. As well, NSIRA briefed the Minister of Public Safety and Emergency Preparedness and the Minister of National Defence both verbally and in writing, as required under the NSIRA Act.

  • Continue to improve access to justice

The process for the investigation of complaints is continuously being refined and streamlined through the implementation of best practices and procedures to promote access to justice and ensure timeliness in the conduct of investigations. On receiving its mandate, NSIRA continued to build on SIRC’s knowledge while expanding the complaints investigation process to include investigations of complaints related to CSE and complaints referred to it by the Civilian Review and Complaints Commission for the RCMP. This fiscal year, NSIRA finalized two investigations that SIRC had started; one recommendation was issued with respect to CSIS’s actions.

Staffing was a main priority over the course of 2019–20 in anticipation of NSIRA’s needs under its mandate. NSIRA was able to attract many talented reviewers, lawyers, and support staff to position it for success in 2020.

For more information on NSIRA’s plans, priorities and results achieved, see the “Results: what we achieved” section of this report.

Results: what we achieved

The core responsibility, description and results reported here are specific to SIRC. Although SIRC became NSIRA partway through the 2019-20 fiscal year, NSIRA’s Departmental Results Framework, with accompanying results and indicators, is still being developed. It will be implemented starting in 2021-22. Consequently, 2019-20 actual results for NSIRA are not available. Nonetheless, this section also describes NSIRA’s efforts to establish a strong foundation for executing its mandate.

Core responsibility

Investigations of Canadian Security Intelligence Services’ operational activities

Description:

SIRC is an external independent review body responsible for: reviewing the Canadian Security Intelligence Service to determine whether its operational activities complied with the law and ministerial direction; investigating complaints by any person about any action of the Service, including denials of security clearances; and, certifying the Canadian Security Intelligence Service Director’s annual report to the Minister of Public Safety and Emergency Preparedness to determine whether any activities were not authorized, contravened ministerial direction, or involved any unreasonable or unnecessary exercise of powers. SIRC makes findings and, where appropriate, recommendations designed to improve performance and prevent non-compliance. The results of this work, edited to protect national security and personal privacy, are summarized in an annual report, which is tabled in Parliament by the Minister.

Results:

The Canadian Security Intelligence Service complies with the law and its actions are reasonable and necessary.

With SIRC dissolving in June 2019, actual 2019-20 results are not available. NSIRA will be implementing a new Departmental Results Framework starting in 2021-22.

Review of national security and intelligence activities and outreach

Between April 1, 2019, and July 12, 2019, three in-depth reviews of CSIS activities were undertaken. These reviews were completed and approved by NSIRA in Fall 2019. These reviews examined a cross-section of national security and intelligence activities, including internal security, intelligence collection and disposal, and information sharing.

In December 2019, NSIRA completed its first review of CSE; and in February 2020, NSIRA’s first interdepartmental review was finalized, which focused on the implementation of a ministerial direction by several federal departments and agencies.

To maximize coverage and understanding of the national security and intelligence community in Canada, NSIRA members and NSIRA staff actively engaged with a range of government and non-governmental partners including academics and civil society representatives. NSIRA also continued to build relationships with counterpart organizations, including the National Security and Intelligence Committee of Parliamentarians and the Office of the Privacy Commissioner.

Investigation of complaints against the Canadian Security Intelligence Service

Between April 1, 2019, and July 12, 2019, SIRC issued one final report regarding a complaint investigation against CSIS. The report did not contain any recommendations and the complaint was dismissed.

As of July 12, 2019, NSIRA took over SIRC’s investigations process. Outstanding complaints and new complaints received were processed as quickly as possible. This included informal resolution efforts and quasi-judicial hearings when necessary.

The investigation process relies heavily on its information resources to effectively fulfil its mandate. This year, NSIRA strengthened processes and procedures to improve information management and increase effectiveness.

Gender-based analysis plus

The new NSIRA mandate includes review of any activity carried out by a department or agency that relates to national security or intelligence, including issues related to bias and discrimination. Its mandate also requires NSIRA to report publicly, in an unclassified manner, on its findings and recommendations.

In complaints investigations, NSIRA systematically follows a well-documented process in all cases to ensure equal access to justice for all complainants. NSIRA has also begun to analyze trends in complaints to identify potential biases and discrimination and to collect demographic data about complainants. The aim is to assess whether certain population groups are more frequently involved in grievances with the security agencies.

NSIRA’s staffing practices consider gender-based analysis plus objectives. NSIRA hired a diverse group of employees with a mix of experience and skills to fulfil its broad mandate. For the 2019-20 period, the number of women hired was more than twice that of men; nearly 20% of the total hires were members of visible minority groups. This breadth of experience and competencies provides the agency with high-quality, non-partisan advice and support.

Furthermore, NSIRA engages with a broad and diverse range of stakeholders and community groups to inform its review priorities, demystify the complaints investigation process, and help with recruiting an elite workforce.

Experimentation

Given the functions and responsibilities of SIRC and NSIRA, the agencies did not pursue experimentation activities.

Results achieved
Departmental results  Performance indicators  Target Date to achieve target 2017–18 Actual results 2018–19 Actual results 2019–20 Actual results*
* SIRC’s changeover to NSIRA requires significant changes to the Departmental Results Framework, expected results and indicators. Consequently, 2019–20 actual results for NSIRA are not available. NSIRA will implement a new Departmental Results Framework starting in 2021–22.
CSIS complies with the law and its actions are reasonable and necessary Percentage of high- and medium-risk operational activities reviewed annually 80% 2019–20 79% 86% Not applicable (N/A)
Degree to which the parties to complaints are satisfied with the complaints process N/A 2022–23 N/A N/A N/A
Percentage of recommendations accepted by CSIS 90% 2018–19 95.7% N/A N/A
Percentage of recommendations advanced by CSIS 80% 2019–20 66.7% 82% N/A
Budgetary financial resources (dollars)
Departmental results  Performance indicators  Target Date to achieve target 2017–18 Actual results 2018–19 Actual results 2019–20 Actual results*
* Actual spending in 2019–20 can be broken down by agency as follows:
  • SIRC: $814,874
  • NSIRA: $3,009,066
CSIS complies with the law and its actions are reasonable and necessary Percentage of high- and medium-risk operational activities reviewed annually 80% 2019–20 79% 86% Not applicable (N/A)
Degree to which the parties to complaints are satisfied with the complaints process N/A 2022–23 N/A N/A N/A
Percentage of recommendations accepted by CSIS 90% 2018–19 95.7% N/A N/A
Percentage of recommendations advanced by CSIS 80% 2019–20 66.7% 82% N/A

Financial authorities were transferred from SIRC to NSIRA in 2019–20.

Human resources (full-time equivalents)
2019–20 Planned full-time equivalents 2019–20 Actual full-time equivalents 2019–20 Difference (Actual full-time equivalents minus Planned full-time equivalents)
* Actual spending in 2019–20 can be broken down by agency as follows:
  • SIRC: 4.8
  • NSIRA: 17.5
24.5 22.3* (2.2)

SIRC’s current staff carried over to NSIRA and formed the basis of the new NSIRA.

Financial, human resources and performance information for NSIRA’s Program Inventory is available in GC InfoBase.

Internal Services

Description

Internal Services are those groups of related activities and resources that the federal government considers to be services in support of programs and/or required to meet corporate obligations of an organization. Internal Services refers to the activities and resources of the 10 distinct service categories that support Program delivery in the organization, regardless of the Internal Services delivery model in a department. The 10 service categories are:

  • Acquisition Management Services
  • Communication Services
  • Financial Management Services
  • Human Resources Management Services
  • Information Management Services
  • Information Technology Services
  • Legal Services
  • Material Management Services
  • Management and Oversight Services
  • Real Property Management Services

Results

Over the course of 2019-20, the priority of internal services functions has been ensuring the successful transition from SIRC to NSIRA. This involved overhauling existing or developing new human resources, financial, accommodation and security policies, practices and systems.

Budgetary financial resources (dollars)
2019-20 Main Estimates 2019-20 Planned spending 2019-20 Total authorities available for use 2019-20 Actual spending (authorities used) 2019-20 Difference (Actual spending minus Planned spending)
* Actual spending in 2019–20 can be broken down by agency as follows:
  • SIRC: $480,875
  • NSIRA: $2,616,241
1,402,384 1,402,384 16,624,630 3,097,116* 1,694,732

Financial authorities were transferred from SIRC to NSIRA in 2019–20.

Human resources (full-time equivalents)
2019–20 Planned full-time equivalents 2019–20 Actual full-time equivalents 2019–20 Difference (Actual full-time equivalents minus Planned full-time equivalents)
* Actual spending in 2019–20 can be broken down by agency as follows:
  • SIRC: 3.5
  • NSIRA: 11.2
7.5 14.7* 7.1

SIRC’s current staff carried over to NSIRA and formed the basis of the new NSIRA.

Actual expenditures

Departmental spending trend graph

The following graph presents planned (voted and statutory spending) over time.

Graph: Departmental spending trend - Text version follows
Departmental spending trend graph
2017-18 2018-19 2019-20 2020-21 2021-22 2022-23
Statutory 332,840 357,096 517,233 1,483,914 1,704,632 1,704,632
Voted 5,841,352 4,635,457 6,403,823 22,801,056 22,509,752 16,751,388
Total 6,174,192 4,992,553 6,921,056 24,284,970 24,214,384 18,456,020

The graph illustrates SIRC’s and NSIRA’s spending trend over a six-year period from 2017-18 to 2022-23. Fiscal years 2017-18 to 2019-20 reflect the organization’s actual expenditures as reported in the Public Accounts. Fiscal years 2020-21 to 2022-23 represent planned spending.

The decrease of $1.2 million in spending from 2017-18 to 2018-19 is mainly explained by the SIRC relocation project, including the information management/information technology modernization project in 2017-18. SIRC changed office space at the end of fiscal year 2017-18.

The increase from 2018-19 to 2019-20 is mainly explained by the cost of additional resources hired as part of the transition from SIRC to NSIRA.

The variance between actual spending in 2019-20 and planned spending for 2020-21 is due to the timing of the approval of the NSIRA Act and the creation of NSIRA, as well as delays in the identification of a short- and long-term accommodation strategy. These delays held back accommodation, infrastructure and system projects required to support NSIRA’s mandate.

The increase is also attributable to a year-over-year increase in spending authorities for NSIRA’s new, broader mandate. Starting in fiscal year 2022-23, NSIRA’s planned spending will decrease by almost $6.0 million due to the sunset of some of the funding for new office space.

Budgetary performance summary for core responsibilities and Internal Services (dollars)

SIRC
Core responsibilities and Internal Services 2019-20 Main Estimates 2019-20 Planned spending 2020-21 Planned spending 2021-22 Planned spending 2019-20 Total authorities available for use 2017-18 Actual spending (authorities used) 2018-19 Actual spending (authorities used) 2019-20 Actual spending (authorities used)
Investigations of Canadian Security Intelligence Services’ operational activities 3,752,433 3,752,433 0 0 815,364 2,894,198 2,648,567 814,874
Subtotal 3,752,433 3,752,433 0 0 815,364 2,894,198 2,648,567 814,874
Internal Services 1,402,384 1,402,384 0 0 480,875 3,279,994 2,343,986 480,875
Total 5,154,817 5,154,817 0 0 1,296,239 6,174,192 4,992,553 1,295,749
NSIRA
Core responsibilities and Internal Services 2019-20 Main Estimates 2019-20 Planned spending 2020-21 Planned spending 2021-22 Planned spending 2019-20 Total authorities available for use 2017-18 Actual spending (authorities used) 2018-19 Actual spending (authorities used) 2019-20 Actual spending (authorities used)
Investigations of Canadian Security Intelligence Services’ operational activities 0 0 11,309,411 12,107,192 6,695,628 0 0 3,009,066
Subtotal 0 0 11,309,411 12,107,192 6,695,628 0 0 3,009,066
Internal Services 0 0 12,975,559 12,107,192 16,143,755 0 0 2,616,241
Total 0 0 24,284,970 24,214,384 22,839,383 0 0 5,625,307

Actual human resources

Human resources summary for Core Responsibilities and Internal Services

SIRC
Core responsibilities and Internal Services 2017-18 Actual full-time equivalents 2018-19 Actual full-time equivalents 2019-20 Planned full-time equivalents 2019-20 Actual full-time equivalents 2020-21 Planned full-time equivalents 2021-22 Planned full-time equivalents
Investigations of Canadian Security Intelligence Services’ operational activities 18.7 18.1 24.5 4.8 0.0 0.0
Subtotal 18.7 18.1 24.5 4.8 0.0 0.0
Internal Services 10.0 10.8 7.5 3.5 0.0 0.0
Total 28.7 28.9 32.0 8.3 0.0 0.0
NSIRA
Core responsibilities and Internal Services 2017-18 Actual full-time equivalents 2018-19 Actual full-time equivalents 2019-20 Planned full-time equivalents 2019-20 Actual full-time equivalents 2020-21 Planned full-time equivalents 2021-22 Planned full-time equivalents
*Over the course of 2019-20, funding for an additional 26 FTEs was received to account for the expanded mandate of NSIRA. These FTEs are not accounted for in the planned 2019-20 FTEs.
Investigations of Canadian Security Intelligence Services’ operational activities 0.0 0.0 0.0 17.5 48.0 75.0
Subtotal 0.0 0.0 0.0 17.5 48.0 75.0
Internal Services 0.0 0.0 0.0 11.2 22.0 25.0
Total 0.0 0.0 0.0 28.7 70.0 100.0

In the next two years, NSIRA will be focused on hiring up to 100 FTEs to deliver on its new mandate.

Expenditures by vote

For information on NSIRA’s organizational voted and statutory expenditures, consult the Public Accounts of Canada 2019-2020.

Government of Canada spending and activities

Information on the alignment of NSIRA’s spending with the Government of Canada’s spending and activities is available in GC InfoBase.

Financial statements and financial statements highlights

Financial statements

SIRC’s and NSIRA’s financial statements (unaudited) for the year ended March 31, 2019, are available on NSIRA‘s website.

Financial statement highlights

Condensed Statement of Operations (unaudited) for the year ended March 31, 2020 (dollars)
SIRC
Financial information 2019-20 Planned results 2019-20 Actual results 2018-19 Actual results Difference (2019-20 Actual results minus 2019-20 Planned results) Difference (2019-20 Actual results minus 2018-19 Actual results)
Total expenses 6,074,207 1,723,632 5,539,131 (4,350,575) (3,815,499)
Total revenues 0 0 (490) 0 490
Net cost of operations before government funding and transfers 6,074,207 1,723,632 5,538,642 (4,350,575) (3,815,010)
NSIRA
Financial information 2019-20 Planned results 2019-20 Actual results 2018-19 Actual results Difference (2019-20 Actual results minus 2019-20 Planned results) Difference (2019-20 Actual results minus 2018-19 Actual results)
Total expenses 0 6,330,487 0 6,330,487 6,330,487
Total revenues 0 0 0 0 0
Net cost of operations before government funding and transfers 0 6,330,487 0 6,330,487 6,330,487

Difference between 2018-19 actual results and 2019-20 actual results:

The agency’s actual net cost of operations before government funding and transfer for 2019-20, as compared with 2018-19, increased primarily as a result of the transition from SIRC to NSIRA and the additional resources hired to support NSIRA’s new mandate.

Difference between 2019-20 actual results and 2019-20 planned results:

The agency’s actual net cost of operations from continuing activities was higher than the planned results for the fiscal year as a result of the transition from SIRC to NSIRA.

Condensed Statement of Financial Position (unaudited) as of March 31, 2020 (dollars)
SIRC
Financial information 2019-20 2018-19 Difference (2019-20 minus 2018-19)
Total net liabilities 1,412,420 1,494,816 (82,396)
Total net financial assets 1,315,658 1,355,974 (40,316)
Departmental net debt 96,762 138,843 (42,081)
Total non-financial assets 80,751 1,399,684 (1,318,933)
Departmental net financial position (16,011) 1,260,841 (1,276,852)
NSIRA
Financial information 2019-20 2018-19 Difference (2019-20 minus 2018-19)
Total net liabilities 2,029,928 0 2,029,928
Total net financial assets 1,627,351 0 1,627,351
Departmental net debt 402,577 0 402,577
Total non-financial assets 1,075,318 0 1,075,318
Departmental net financial position 672,741 0 672,741

In 2019-20, the agency’s net liabilities and net financial assets increased primarily due to the transition from SIRC to NSIRA.

Additional information

Organizational profile

Appropriate minister: The Right Honourable Justin Trudeau, Prime Minister of Canada

Institutional head: John Davies, Executive Director

Ministerial portfolio: Privy Council Office

Enabling instrument: National Security and Intelligence Review Agency Act

Year of incorporation / commencement: 2019

Raison d’être, mandate and role: who we are and what we do

“Raison d’être, mandate and role: who we are and what we do” is available on NSIRA‘s website.

Reporting framework

SIRC’s Departmental Results Framework and Program Inventory of record for 2019-20 are shown below.

Graphical presentation: Departmental Reporting Framework and Program Inventory - Text version follows
Core Responsibility: Investigations of Canadian Security Intelligence Services’ operational activities
Departmental Results Framework CSIS complies with the law and its actions are reasonable and necessary Indicator: Percentage of high- and medium-risk operational activities reviewed annually Internal Services
Indicator: Degree to which the parties to complaints are satisfied with the complaints process
Indicator: Percentage of recommendations accepted by CSIS
Indicator: Percentage of recommendations accepted by CSIS
Program Inventory Program: Review of CSIS operations
Program: Investigation of complaints against the CSIS

SIRC became NSIRA partway through the 2019-20 fiscal year. NSIRA’s Departmental Results Framework, with accompanying results and indicators, is under development. Additional information on key performance measures will be included in the 2021-22 Departmental Plan.

Supporting information on the program inventory

Financial, human resources and performance information for NSIRA’s Program Inventory is available in GC InfoBase.

Supplementary information tables

The following supplementary information tables are available on NSIRA‘s website.

  • Gender-based analysis plus

Federal tax expenditures

The tax system can be used to achieve public policy objectives through the application of special measures such as low tax rates, exemptions, deductions, deferrals and credits. The Department of Finance Canada publishes cost estimates and projections for these measures each year in the Report on Federal Tax Expenditures. This report also provides detailed background information on tax expenditures, including descriptions, objectives, historical information and references to related federal spending programs. The tax measures presented in this report are the responsibility of the Minister of Finance.

Organizational contact information

National Security and Intelligence Review Agency
P.O. Box 2430, Station “D”
Ottawa, Ontario
K1P 5W5

The phone number is temporarily disabled
Fax: 613-907-4445

Email: info@nsira-ossnr.gc.ca
Website: www.nsira-ossnr.gc.ca

Share this page
Date Modified:

Quarterly Report: For the quarter ended June 30, 2020

Date of Publishing:

Introduction

This quarterly report has been prepared by management as required by section 65.1 of the Financial Administration Act and in the form and manner prescribed by the Directive on Accounting Standards, GC 4400 Departmental Quarterly Financial Report. This quarterly financial report should be read in conjunction with the 2020- 21 Main Estimates.

A summary description of the National Security and Intelligence Review Agency Secretariat (NSIRA) program activities can be found in Part II of the Main Estimates. For information on the mandate of NSIRA, please visit its website at http://www.nsira-ossnr.gc.ca.

This quarterly report has not been subject to an external audit or review.

Mandate

The National Security and Intelligence Review Agency (NSIRA) is an independent external review body, which reports to Parliament. NSIRA was established in July of 2019 and is responsible to conduct reviews of the Government of Canada national security and intelligence activities to ensure that they are lawful, reasonable and necessary. NSIRA also hears public complaints regarding key national security agencies and activities. NSIRA replaces the Security Intelligence Review Committee (SIRC), which reviewed CSIS (Canadian Security Intelligence Service) activities as well as those related to the revocation or denial of security clearances. Going forward, it will also hear complaints regarding the Communication Security Establishment (CSE), as well as national security-related complaints regarding the RCMP. 

Basis of presentation

This quarterly report has been prepared by management using an expenditure basis of accounting. The accompanying Statement of Authorities includes the department’s spending authorities granted by Parliament and those used by the department, consistent with the 2020-21 Main Estimates. This quarterly report has been prepared using a special purpose financial reporting framework (cash basis) designed to meet financial information needs with respect to the use of spending authorities.

The authority of Parliament is required before moneys can be spent by the Government. Approvals are given in the form of annually approved limits through appropriation acts or through legislation in the form of statutory spending authority for specific purposes.

Highlights of the fiscal quarter and fiscal year-to-date results

This section highlights the significant items that contributed to the net increase or decrease in authorities available for the year and actual expenditures for the quarter ended June 30, 2020.

NSIRA spent approximately 5% of its authorities by the end of the first quarter, compared to 15% in the same quarter of 2019-20 (see graph 1 below). 

Graph 1: Comparison of total authorities and total net budgetary expenditures, Q1 2020–21 and Q1 2019–20

Graph: Comparison of total authorities and total net budgetary expenditures - Text version follows
Comparison of total authorities and total net budgetary expenditures, Q1 2020–21 and Q1 2019–20
  2020-21 2019-20
Total Authorities $24.3 $5.2
Q1 Expenditures $1.2 $0.8

Significant changes to authorities

As per graph 2 below as at June 30, 2020, NSIRA had authorities available for use of $24.3 million in 2020-21 compared to $5.2 million as of June 30, 2019, for a net increase of $19.1 million or 367%.

Graph 2: Variance in authorities as at June 30, 2020

Graph: Variance in authorities as at June 30, 2020 - Text version follows
Variance in authorities as at June 30, 2020 (in millions)
  Fiscal year 2019-20 total available for use for the year ended March 31, 2020 Fiscal year 2020-21 total available for use for the year ended March 31, 2021
Vote 1 – Operating $4.6 $22.8
Statutory $0.5 $1.5
Total budgetary authorities $5.2 $24.3

The authorities’ increase of $19.1 million is explained by the approval of funding for the mandate of NSIRA. A portion of the increase, $5.0 M, is to be used to initiate temporary and permanent accommodation projects.

Significant changes to quarter expenditures

Year-to-date expenditures recorded to the end of the first quarter totaled $1.2M for an increase of $0.4M when compared to $0.8M spent during the same period in 2019-20. Table 1 below presents budgetary expenditures by standard object. The authorities’ increase of $19.1 million is explained by the approval of funding for the mandate of NSIRA. A portion of the increase, $5.0 M, is to be used to initiate temporary and permanent accommodation projects.

Table 1

(in thousands of dollars)

Material Variances to Expenditures by Standard Object YTD Expenditures as of June 30, 2020 YTD Expenditures as of June 30, 2019 Variance $ Variance %
Personnel 1,111 548 563 103%
Transportation and communications 7 30 (23) (77%)
Information 50 4 46 1150%
Professional and special services 68 87 (19) (22%)
Rentals 0 25 (25) (100%)
Repair and maintenance 0 1 (1) (100%)
Utilities, materials and supplies 9 3 6 200%
Acquisition of machinery and equipment 0 5 (5) (100%)
Other subsidies and payment 0 97 (97) (100%)
Total gross budgetary expenditures 1,246 801 445 56%

Personnel

The increase of $563,000 is mainly related to staffing to support new departmental mandate. 

Transportation and communications

The decrease of $23,000 is mainly explained by lack of travel due to COVID-19 pandemic. 

Information

The increase of $46,000 is explained by higher expenditures for electronic subscriptions.

Professional and special services

The decrease of $19,000 is mainly due to the timing of the invoices for Translation.

Rentals

The decrease of $25,000 is mostly explained by the timing of the invoices as well as lower expenditures on rentals due to the pandemic. 

Utilities, Materials and Supplies

The increase of $6,000 is mostly due an increase in spending for material and supplies.

Acquisition of machinery and equipment

The decrease of $5,000 is mainly explained by delays in acquisitions due to the pandemic. 

Other Subsidies and payments

The decrease of $97,000 is due to multiple Salary Overpayments processed in first quarter of 2019-20. 

Risks and uncertainties

The COVID-19 Pandemic had a significant impact on the ability of NSIRA to grow its organization in a way that is commensurate with its new mandate. The physical distancing requirements decreased the ability of staff to concurrently work with departments and agencies subject to reviews. In light of that, NSIRA revised its Review Plan and has advanced the introduction of a new approach to the review of complaints.

The ability to hire a sufficient number of qualified personnel within relevant timelines remains a short- and medium-term risk for NSIRA, particularly given the specialized knowledge and skillsets required for many positions. This is further compounded by the requirement for candidates to obtain a Top Secret security clearance, which can incur significant delays, especially during the Pandemic.

While NSIRA has been able to secure temporary space to address its immediate space requirements, the timing at which this staff will be able to operate within this high security zone has still not been determined. NSIRA is working closely with Public Services and Procurement Canada to expedite the fit-up plans.

The ability of NSIRA to access the information it needs to do its work and speak to the relevant internal stakeholders to understand policies, operations and ongoing issues is closely tied to the reviewed departments’ capacity to respond to the demands of NSIRA. The Pandemic impacts and existing resource constraints of the reviewed departments could delay NSIRA’s ability to deliver on its mandate in a timely way.

NSIRA is closely monitoring pay transactions to identify and address over and under payments in a timely manner and continues to apply ongoing mitigating controls, which were implemented in 2016.

Mitigation measures for the risks outlined above have been identified and are factored into NSIRA’s approach to the conduct of its mandate. 

Significant changes in relation to operations, personnel and programs

The Pandemic forced some changes in the way NSIRA’s conducts operations. The requirement for physical distancing and the existing challenge with respect to high security zone accommodation has led NSIRA to authorize staff to work with nonsensitive files from home.

There have been no new Governor-in-Council appointments during the first quarter. Charles Fugere has been named new Senior General Counsel with NSIRA.

There have been no changes to the NSIRA Program.  

Approved by senior officials:

John Davies
Executive Director

Pierre Souligny
Senior Director, Corporate Services, Chief Financial Officer

Appendix

Statement of authorities (Unaudited)

(in thousands of dollars)

  Fiscal year 2020–21 Fiscal year 2019–20
  Total available for use for the year ending March 31, 2021 (note 1) Used during the quarter ended June 30, 2020 Year to date used at quarter-end Total available for use for the year ending March 31, 2020 (note 1) Used during the quarter ended June 30, 2019 Year to date used at quarter-end
Vote 1 – Net operating expenditures 22,801 875 875 4,629 670 670
Budgetary statutory authorities
Contributions to employee benefit plans 1,484 371 371 526 131 131
Total budgetary authorities (note 2) 24,285 1,246 1,246 5,155 801 801

Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.

Note 2: Details may not sum to totals due to rounding.

Departmental budgetary expenditures by standard object (unaudited)

(in thousands of dollars)

  Fiscal year 2020–21 Fiscal year 2019–20
  Planned expenditures for the year ending March 31, 2021 (note 1) Expended during the quarter ended June 30, 2020 Year to date used at quarter-end Planned expenditures for the year ending March 31, 2020 Expended during the quarter ended June 30, 2019 Year to date used at quarter-end
Expenditures
Personnel 11,510 1,111 1,111 3,962 548 548
Transportation and communications 1,162 7 7 232 30 30
Information 364 50 50 76 4 4
Professional and special services 3,250 68 68 265 87 87
Rentals 237 0 0 70 25 25
Repair and maintenance 7,134 4 1 1
Utilities, materials and supplies 173 9 9 29 3 3
Acquisition of machinery and equipment 393 315 5 5
Other subsidies and payments 63 2 97 97
Total gross budgetary expenditures
(note 2)
24,285 1,246 1,246 5,155 801 801

Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.

Note 2: Details may not sum to totals due to rounding.

Share this page
Date Modified:

Quarterly Report: For the quarter ended December 31, 2019

Date of Publishing:

Introduction

This quarterly report has been prepared by management as required by section 65.1 of the Financial Administration Act and in the form and manner prescribed by the Directive on Accounting Standards, GC 4400 Departmental Quarterly Financial Report. This quarterly financial report should be read in conjunction with the 2019-20 Main Estimates.

A summary description of the National Security and Intelligence Review Agency Secretariat (NSIRA) program activities can be found in Part II of the Main Estimates. For information on the mandate of NSIRA, please visit its website at http://www.nsira-ossnr.gc.ca.

This quarterly report has not been subject to an external audit or review.

Mandate

On June 21, 2019 the National Security and Intelligence Review Agency Act (NSIRA Act) received Royal Assent. This new legislation, which came into force on July 12, 2019, significantly enhances national security accountability in Canada. NSIRA has a statutory mandate to review the activities of the Canadian Security Intelligence Service (CSIS) and of the Communications Security Establishment (CSE), as well as the national security and intelligence activities of all other federal governement departments and agencies. The NSIRA replaces the Security Intelligence Review Committee (SIRC), which reviewed CSIS’s activites and it also replaces the Office of the CSE Commissioner (OCSEC), which reviewed CSE’s activities.

In addition, NSIRA inherited the complaints investigation functions of the Security Intelligence
Review Committee (SIRC), which was responsible for hearing complaints from members of the
public regarding the actions of CSIS, as well as those related to the revocation or denial of
security clearances. Going forward, NSIRA will also hear complaints regarding the CSE, as well
as national security-related complaints regarding the RCMP.

The NSIRA will report its findings and recommendations on an annual basis to Parliament with
its first annual public report planned to be tabled in 2020. The NSIRA is also required to produce
an annual report for Parliament on the disclosure of information under the Security of Canada
Information Disclosure Act.

Basis of presentation

This quarterly report has been prepared by management using an expenditure basis of accounting. The accompanying Statement of Authorities includes the department’s spending authorities granted by Parliament and those used by the department, consistent with the 2019- 20 Main Estimates as well as the Supplementary Estimates (A) and Treasury Board (TB) Central Votes. This quarterly report has been prepared using a special purpose financial reporting framework (cash basis) designed to meet financial information needs with respect to the use of spending authorities.

The authority of Parliament is required before moneys can be spent by the Government. Approvals are given in the form of annually approved limits through appropriation acts or through legislation in the form of statutory spending authority for specific purposes.

When Parliament is dissolved for the purposes of a general election, section 30 of the Financial Administration Act authorizes the Governor General, under certain conditions, to issue a special warrant authorizing the Government to withdraw funds from the Consolidated Revenue Fund. A special warrant is deemed to be an appropriation for the fiscal year in which it is issued.

Highlights of the fiscal quarter and fiscal year-to-date results

This section highlights the significant items that contributed to the net increase or decrease in
authorities available for the year and actual expenditures for the quarter ended December 31,
2019.

NSIRA spent approximately 15% of its authorities by the end of the third quarter, compared to
55% in the same quarter of 2018-19 (see graph 1 below).

Graph 1: Comparison of total authorities and total net budgetary expenditures, Q3 2019–20 and Q3 2018–19

Graph: Comparison of total authorities and total net budgetary expenditures - Text version follows
Comparison of total authorities and total net budgetary expenditures, Q3 2019–20 and Q3 2018–19
  2019-20 2018-19
Total Authorities $24.9 $5.5
Q3 Expenditures $2.0 $0.9
Year-To-Date Expenditures $3.8 $3.0

Significant changes to authorities

As per graph 2 below as at December 31, 2019, NSIRA has authorities available for use of $24.9 million in 2019-20 compared to $5.5 million as of December 31, 2018, for a net increase of $19.4 million or 353%.

Graph 2: Variance in authorities as at December 31, 2019

Graph: Variance in authorities as at December 30, 2019 - Text version follows
Variance in authorities as at December 31, 2019 (in millions)
  Fiscal year 2018-19 total available for use for the year ended March 31, 2019 Fiscal year 2019-20 total available for use for the year ended March 31, 2020
Vote 1 – Operating $5.0 $23.6
Statutory $0.5 $1.2
Total budgetary authorities $5.5 $24.9

The authorities increase of $19.4 million is explained by the approval, through Supplementary Estimates, of funding for the mandate of NSIRA.

Significant changes to quarter expenditures

The third quarter expenditures totaled $2.0M for an increase of $1.1M when compared to $0.9M spent during the same period in 2018-19. Table 1 below presents budgetary expenditures by standard object.

Table 1

(in thousands of dollars)

Material Variances to Expenditures by Standard Object Fiscal year 2019-20 Expended during the quarter ended December 31, 2019 Fiscal year 2018-19 Expended during the quarter ended December 31, 2018 Variance $ Variance %
Personnel 1,504 684 820 120%
Transportation and communications 99 46 53 115%
Information 3 0 3 0%
Professional and special services 377 49 328 669%
Rentals 4 27 (23) (85%)
Repair and maintenance 47 46 1 2%
Utilities, materials and supplies 14 11 3 27%
Acquisition of machinery and equipment 6 29 (23) (79%)
Other subsidies and payment (68) (29) (39) 134%
Total gross budgetary expenditures 1,985 863 1,122 130%

Personnel

The increase of $820,000 is mainly related to staffing to support new departmental mandate. 

Transportation and communications

The increase of $53,000 is mainly explained by higher travel expenditures in support of NSIRA’s expanded mandate.

Professional and special services

The increase of $328,000 is mainly due to the timing of the invoices for Financial Management Services.

Rentals

The decrease of $23,000 is mostly explained by the acquisition of Software licenses in 2018-19.

Acquisition of machinery and equipment

The decrease of $23,000 is mainly explained by furniture acquisitions in 2018-19 in preparation for the creation of NSIRA.

Other Subsidies and payments

The decrease of $39,000 is mostly due to elevated recoveries of salary overpayments processed in the third quarter of 2019-20.

Significant changes to quarter expenditures

The year-to-date expenditures totaled $3.8M for an increase of $0.8M when compared to $3.0M spent during the same period in 2018-19. Table 2 below presents budgetary expenditures by standard object.

Table 2

(in thousands of dollars)

Material Variances to Expenditures by Standard Object YTD Expenditures as of December 30, 2019 YTD Expenditures as of December 30, 2018 Variance $ Variance %
Personnel 2,814 2,267 547 24%
Transportation and communications 184 187 (3) (2%)
Information 7 28 (21) (75%)
Professional and special services 555 229 326 142%
Rentals 43 50 (7) (14%)
Repair and maintenance 53 64 (11) (17%)
Utilities, materials and supplies 20 14 6 43%
Acquisition of machinery and equipment 35 142 (107) (75%)
Other subsidies and payment 76 20 56 280%
Total gross budgetary expenditures 3,787 3,001 786 26%

Personnel

The increase of $547,000 is mainly explained by the staffing actions in support of NSIRA expanded operations.

Information

The decrease of $21,000 is mainly related to the earlier production of the SIRC Annual Report in June 2018.

Professional and special services

The increase of $326,000 is mainly explained by the timing of the invoices in 2019-20.

Acquisition of machinery and equipment

The decrease of $107,000 is mostly due to the Network Infrastructure upgrade project that was completed in 2018-19

Other Subsidies and payments

The increase of $56,000 is mainly explained by growth in the payroll system overpayments in 2019-20.

Risks and uncertainties

The ability to hire a sufficient number of qualified personnel within relevant timelines remains a short- and medium-term risk for NSIRA, particularly given the specialized knowledge and skillsets required for many positions. This is further compounded by the requirement for candidates to obtain a Top Secret security clearance, which can incur significant delays.

The ability to expand into additional secure accommodations in a timely manner is also a significant risk for NSIRA, given that its mandate requires it to operate within a high security zone. A lack of secure accommodations would negatively impact the ability of NSIRA to hire large numbers of staff, impeding its ability to deliver on its mandate.

The ability of NSIRA to access the information it needs to do its work and speak to the relevant internal stakeholders to understand policies, operations and ongoing issues is closely tied to the reviewed departments’ capacity to respond to the demands of NSIRA. The resource constraints of the reviewed departments could delay NSIRA’s ability to deliver on its mandate in a timely way.

NSIRA is closely monitoring pay transactions to identify and address over and under payments in a timely manner and continues to apply ongoing mitigating controls which were implemented in 2016.

Mitigation measures for the risks outlined above have been identified and are factored into NSIRA’s approach to the conduct of its mandate.

Significant changes in relation to operations, personnel and programs

The Security Inteligence Review Committee ceased to exist upon the coming into force of Part 1 of the National Security Act, 2017 on July 12, 2019. The National Security and Intelligence Review Act established a new organization, which has assumed, amongst other things, responsiblities of that Committee. NSIRA is responsible for reviewing intelligence and national security activities across government. This new expanded mandate is expected to bring big changes to Operations and Personnel in the years to come.

NSIRA accessed funds through the 2019-20 Supplementary Estimates (A), as well as funds deemed over from SIRC.

Approved by senior officials:

John Davies
Executive Director

Chantelle Bowers
A/Deputy Executive Director and Senior General Counsel, A/Chief Financial Officer

Share this page
Date Modified:

Financial Statements: NSIRA 2019–20

Date of Publishing:

Statement of Management Responsibility Including Internal Control over Financial Reporting

Responsibility for the integrity and objectivity of the accompanying financial statements for the period starting July 12, 2019 and ending March 31, 2020, and all information contained in these financial statements rests with the management of the National Security and Intelligence Review Agency (NSIRA). These financial statements have been prepared by management using the Government of Canada’s accounting policies, which are based on Canadian public sector accounting standards.

Management is responsible for the integrity and objectivity of the information in these financial statements. Some of the information in the financial statements is based on management’s best estimates and judgment, and gives due consideration to materiality. To fulfill its accounting and reporting responsibilities, management maintains a set of accounts that provides a centralized record of NSIRA’s financial transactions. Financial information submitted in the preparation of the Public Accounts of Canada, and included in NSIRA’s Departmental Results Report, is consistent with these financial statements.

Management is also responsible for maintaining an effective system of internal control over financial reporting (ICFR) designed to provide reasonable assurance that financial information is reliable, that assets are safeguarded and that transactions are properly authorized and recorded in accordance with the Financial Administration Act and other applicable legislation, regulations, authorities and policies.

Management seeks to ensure the objectivity and integrity of data in its financial statements through careful selection, training and development of qualified staff; through organizational arrangements that provide appropriate divisions of responsibility; through communication programs aimed at ensuring that regulations, policies, standards, and managerial authorities are understood throughout the NSIRA and through conducting an annual risk-based assessment of the effectiveness of the system of ICFR.

The system of ICFR is designed to mitigate risks to a reasonable level based on an ongoing process to identify key risks, to assess effectiveness of associated key controls, and to make any necessary adjustments.

A risk-based assessment of the system of ICFR for the year ended March 31, 2020 was completed in accordance with the Treasury Board Policy on Financial Management and the results and action plans are summarized in the Annex.

The financial statements of the National Security Intelligence Review Agency have not been audited.

John Davies
Executive Director

Pierre Souligny
Chief Financial Officer

Ottawa, Canada
October 8, 2020

Statement of Financial Position (Unaudited)

As of March 31 (in thousands of dollars)

  For the Period July 12, 2019 through March 31, 2020
2019
Liabilities
Accounts payable and accrued liabilities (Note 5) 1,560
Vacation pay and compensatory leave 323
Employee future benefits (Note 6b) 146
Total liabilities 2,029
Financial assets
Due from Consolidated Revenue Fund 1,536
Accounts receivable and advances (Note 7) 90
Total net financial assets 1,626
Departmental net debt 403
Non-financial assets
Prepaid expenses 109
Tangible capital assets (Note 8) 967
Total non-financial assets 1,076
Departmental net financial position 673

Contractual obligations (note 9)

The accompanying notes form an integral part of these financial statements.

John Davies
Deputy Head

Pierre Souligny
Chief Financial Officer

Ottawa, Canada
December 10, 2021

Statement of Operations and Departmental Net Financial Position (Unaudited)

For the Year Ended March 31 (in thousands of dollars)

  Planned Results 2020 For the period July 12, 2019 through March 31, 2020
2019
Expenses
Assist the National Security Intelligence Review Agency 3,671
Internal Service 2,659
Total expenses 6,330
Net cost from continuing operations 6,330
Net cost of operations before government funding and transfers 6,330
Government funding and transfers
Net cash provided by Government of Canada   3,919
Change in due from Consolidated Revenue Fund   1,536
Services provided without charge by other government departments (Note 10a)   611
Transfer of assets and liabilities from other government departments   937
Net cost of operations after government funding and transfers   (673)
Departmental net financial position – Beginning of year  
Departmental net financial position – End of year   673

Segmented information (note 11)

The accompanying notes form an integral part of these financial statements.

Statement of Change in Departmental Net Debt (Unaudited)

For the Year Ended March 31 (in thousands of dollars)

  For the period July 12, 2019 through March 31, 2020 2019
Net cost of operations after government funding and transfers (673)
Change due to tangible capital assets
Acquisition of tangible capital assets 14
Transfer of tangible capital asset to/from other government department 953
Total change due to tangible capital assets 967
Change due to prepaid expenses 109
Net increase (decrease) in departmental net debt 403
Departmental net debt – Beginning of year
Departmental net debt – End of year 403

The accompanying notes form an integral part of these financial statements.

Statement of Cash Flows (Unaudited)

For the Year Ended March 31 (in thousands of dollars)

  For the Period July 12, 2019 through March 31, 2020 2019
Operating activities
Net cost of operations before government funding and transfers 6,330
Non-cash items:
Amortization of tangible capital assets
Transfer of tangible capital assets to/from other government department 953
Services provided without charge by other government departments (Note 9a) (611)
Transfer of overpayments
Variations in Statement of Financial Position:
Increase (decrease) in accounts receivable and advances 90
Increase (decrease) in prepaid expenses 109
Decrease (increase) in accounts payable and accrued liabilities (1,560)
Decrease (increase) in vacation pay and compensatory leave (323)
Decrease (increase) in future employee benefits (146)
Cash used in operating activities 3,905
Capital ingesting activities
Acquisitions of tangible capital assets (Note 8) 14
Cash used in capital investing activities 14
Net cash provided by Government of Canada 3,919

The accompanying notes form an integral part of these financial statements.

Notes to the Financial Statements (Unaudited)

1. Authority and objectives

On July 12, 2019 Bill C-59 enacted the National Security and Intelligence Review Agency Act (NSIRA Act), and repealed the provisions of the Canadian Security Intelligence Service Act (CSIS Act) which governed the activities of Security Intelligence Review Committee (SIRC). The National Security Intelligence Review Agency (NSIRA) has a statutory mandate to review the activities of the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), as well as the national security and intelligence activities of all other federal departments and agencies. To fulfill its review mandate, NSIRA has unfettered access to classified information other than Cabinet confidences. In addition, NSIRA inherited the complaints investigation functions of the SIRC, which was responsible for hearing complaints from members of the public regarding the actions of CSIS, as well as those related to the revocation or denial of security clearances. Going forward, it will also hear complaints regarding the CSE, as well as national security-related complaints regarding the Royal Canadian Mounted Police (RCMP).

To achieve its strategic outcome and deliver results for Canadians, NSIRA articulates its plans and priorities based on the core responsibility and program inventory included below:

Assist the NSIRA

Support the Conduct of Reviews and Investigations, and the Development of Reports

The secretariat will assist NSIRA members in fulfilling the agency’s mandate. The Secretariat will conduct a range of activities to support the agency, including accessing relevant information and providing strategic and expert advice in the conduct of reviews, quasi-judicial investigation of complaints and the development of reports. It will also provide administrative support in arranging for briefings, hearings and consultations with stakeholders and international counterparts, and support to ensure compliance with security requirements.

Internal Services

Internal support services are groups of related activities and resources that are administered to support the needs of programs and other corporate obligations of an organization. These groups are: Management and Oversight Services; Communications Services; Legal Services; Human Resources Management Services; Financial Management Services; Information Management Services; Information Technology Services; Real Property Services; Materiel Services; Acquisition Services; and Other Administrative Services. Internal Services include only those activities and resources that apply across an organization and not to those provided specifically to a program.

2. Government Reorganization

Through the enactment of the NSIRA Act and the repeal of the CSIS Act, the activities and the responsibilities of the defunct SIRC were transferred to NSIRA. As a result, the net assets of $2,349,184 and net liabilities of $1,412,420 have been transferred to the NSIRA, resulting in an adjustment to NSIRA’s net financial position of $936,764.

These financial statements represent the partial year results of operations for the period July 12, 2019 through March 31, 2020, and the financial position of the NSIRA as at March 31, 2020, including all transferred assets and liabilities.

3. Summary of significant accounting policies

These financial statements are prepared using NSIRA’s accounting policies stated below, which are based on Canadian public sector accounting standards. The presentation and results using the stated accounting policies do not result in any significant differences from Canadian public sector accounting standards.

Significant accounting policies are as follows:

(a) Parliamentary authorities

NSIRA is financed by the Government of Canada through Parliamentary authorities. Financial reporting of authorities provided to NSIRA do not parallel financial reporting according to generally accepted accounting principles since authorities are primarily based on cash flow requirements. Consequently, items recognized in the Statement of Operations and Departmental Net Financial Position and in the Statement of Financial Position are not necessarily the same as those provided through authorities from Parliament. Note 4 provides a reconciliation between the bases of reporting. The planned results amounts in the ”Expenses” and ”Revenues” sections of the Statement of Operations and Departmental Net Financial Position are the amounts reported in the Future-Oriented Statement of Operations included in the 2019-2020 Departmental Plan. Planned results are not presented in the ”Government funding and transfers” section of the Statement of Operations and Departmental Net Financial Position and in the Statement of Change in Departmental Net Debt because these amounts were not included in the 2019-2020 Departmental Plan.

(b) Net cash provided by Government of Canada

NSIRA operates within the Consolidated Revenue Fund (CRF), which is administered by the Receiver General for Canada. All cash received by NSIRA is deposited to the CRF, and all cash disbursements made by NSIRA are paid from the CRF. The net cash provided by Government is the difference between all cash receipts and all cash disbursements, including transactions between departments of the Government.

(c) Amounts due from or to the CRF

Amounts due from or to the CRF are the result of timing differences at year-end between when a transaction affects authorities and when it is processed through the CRF. Amounts due from the CRF represent the net amount of cash that NSIRA is entitled to draw from the CRF without further authorities to discharge its liabilities.

(d) Expenses

  • Vacation pay and compensatory leave are accrued as the benefits are earned by employees under their respective terms of employment.
  • Services provided without charge by other government departments for accommodation, employer contributions to the health and dental insurance plans and workers’ compensation are recorded as operating expenses at their carrying value.

(e) Employee future benefits

  • Pension benefits: Eligible employees participate in the Public Service Pension Plan, a pension plan administered by the Government. NSIRA’s contributions to the Plan are charged to expenses in the year incurred and represent the total departmental obligation to the Plan. NSIRA’s responsibility with regard to the Plan is limited to its contributions. Actuarial surpluses or deficiencies are recognized in the financial statements of the Government of Canada, as the Plan’s sponsor.
  • Severance benefits: The accumulation of severance benefits for voluntary departures ceased for applicable employee groups. The remaining obligation for employees who did not withdraw benefits is calculated using information derived from the results of the actuarially determined liability for employee severance benefits for the Government as a whole.

(f) Accounts receivable

Accounts receivable are initially recorded at cost and when necessary, an allowance for valuation is recorded to reduce the carrying value of accounts receivable to amounts that approximate their net recoverable value.

(g) Non-financial assets

All tangible capital assets having an initial cost of $5,000 or more are recorded at their acquisition cost. Tangible capital assets do not include immovable assets located on reserves as defined in the Indian Act, works of art, museum collection and Crown land to which no acquisition cost is attributable; and intangible assets.

Inventories are valued at cost and are comprised of spare parts and supplies held for future program delivery and are not primarily intended for resale. Inventories that no longer have service potential are valued at the lower of cost or net realizable value.

(h) Measurement uncertainty

The preparation of these financial statements requires management to make estimates and assumptions that affect the reported and disclosed amounts of assets, liabilities, revenues and expenses reported in the financial statements and accompanying notes at March 31. The estimates are based on facts and circumstances, historical experience, general economic conditions and reflect the Government’s best estimate of the related amount at the end of the reporting period. The most significant items where estimates are used are contingent liabilities, the liability for employee future benefits and the useful life of tangible capital assets. Actual results could significantly differ from those estimated. Management’s estimates are reviewed periodically and, as adjustments become necessary, they are recorded in the financial statements in the year they become known.

4. Parliamentary authorities

NSIRA receives most of its funding through annual Parliamentary authorities. Items recognized in the Statement of Operations and Departmental Net Financial Position and the Statement of Financial Position in one year may be funded through Parliamentary authorities in prior, current or future years. Accordingly, NSIRA has different net results of operations for the year on a government funding basis than on an accrual accounting basis. The differences are reconciled in the following tables:

(a) Reconciliation of net cost of operations to current year authorities used

(in thousands of dollars)

  For the priod July 12, 2019 to March 31, 2020 2019
Net cost of operations before government funding and transfers 6,330
Adjustments for items affecting net cost of operations but not affecting authorities:
Amortization of tangible capital assets
Services provided without charge by other government departments (611)
Increase / (decrease) in vacation pay and compensatory leave (76)
Increase / (decrease) in employee future benefits (72)
Refund of prior years’ expenditures (1)
Total items affecting net cost of operations but not affecting authorities (760)
Adjustments for items not affecting net cost of operations but affecting authorities
Acquisition of tangible capital assets 14
Increase / (decrease) in prepaid expenses 28
Accounts receivable and advances 13
Total items not affecting net cost of operations but affecting authorities 55
Current year authorities used 5,625

(b) Authorities provided and used

(in thousands of dollars)

  For the period July 12, 2019 to March 31, 2020 2019
Authorities provided:
Vote 1 – Operating expenditures 22,468
Statutory amounts 371
Less:
Lapsed: Operating (17,214)
Current year authorities used 5,625

5. Accounts payable and accrued liabilities

The following table presents details of NSIRA’s accounts payable and accrued liabilities.

  For the Period July 12, 2019 to March 31, 2020
2019
Authorities provided:
Accounts payable – Other government departments and agencies 306
Accounts payable – External parties (8)
Accounts payable and accrued liabilities transferred in from other government department (note 2) 1,262
Total accounts payable 1,560
Total accounts payable and accrued liabilities 1,560

6. Employee future benefits

(a) Pension benefits

NSIRA’s employees participate in the Public Service Pension Plan (the ”Plan”), which is sponsored and administered by the Government of Canada. Pension benefits accrue up to a maximum period of 35 years at a rate of two percent per year of pensionable service, times the average of the best five consecutive years of earnings. The benefits are integrated with Canada/Québec Pension Plan benefits and they are indexed to inflation.

Both the employees and the Agency contribute to the cost of the Plan. Due to the amendment of the Public Service Superannuation Act following the implementation of provisions related to Economic Action Plan 2012, employee contributors have been divided into two groups – Group 1 related to existing plan members as of December 31, 2012 and Group 2 relates to members joining the Plan as of January 1, 2013. Each group has a distinct contribution rate.

The 2019-20 expense amounts to $325,594 ($0 in 2018-19). For Group 1 members, the expense represents approximately 1.01 times (1.01 times in 2018-19) the employee contributions and, for Group 2 members, approximately 1.00 times (1.00 times in 2018-19) the employee contributions.

NSIRA’s responsibility with regard to the Plan is limited to its contributions. Actuarial surpluses or deficiencies are recognized in the Consolidated Financial Statements of the Government of Canada, as the Plan’s sponsor.

(b) Severance benefits

Severance benefits provided to NSIRA’s employees were previously based on an employee’s eligibility, years of service and salary at termination of employment. However, since 2011 the accumulation of severance benefits for voluntary departures progressively ceased for substantially all employees. Employees subject to these changes were given the option to be paid the full or partial value of benefits earned to date or collect the full or remaining value of benefits upon departure from the public service. By March 31, 2018, substantially all settlements for immediate cash out were completed. Severance benefits are unfunded and, consequently, the outstanding obligation will be paid from future authorities.

The changes in the obligations during the year were as follows:

(in thousands of dollars)

  For the Period July 12, 2019 to March 31, 2020 2019
Accrued benefit obligation – Beginning of year
Accrued benefit obligation transferred in from other government department 74
Expense for the year 72
Accrued benefit obligation – End of year 146

7. Accounts receivable and advances

The following table presents details of NSIRA’s accounts receivable and advances balances:

(in thousands of dollars)

  For the Period July 12, 2019 to March 31, 2020 2019
Receivables – Other government departments and agencies (21)
Receivables – External parties 11
Employee advances 2
Accounts receivable and advances transferred in from other government department 98
Net accounts receivable 90

8. Tangible capital assets

Amortization of tangible capital assets is done on a straight-line basis over the estimated useful life of the asset as follows:

Asset Class Amortization Period
Informatics hardware 3 to 5 years
Other equipment 10 to 15 years

(in thousands of dollars)

  Cost Accumulated Amortization Net Book Value
Capital Asset Class Opening Balance Acquisitions Adjustments (1) Disposal and Write- Offs Closing Balance Opening Balance Amortization Adjustments (1) Disposals and Write- Offs Closing Balance For the period July 12, 2019 to March 31, 2020
2019
Informatics hardware 279 279 120 120 159
Other equipment 14 998 1,012 204 204 808
Total 14 1,277 1,291 324 324 967

9. Contractual obligations

The nature of NSIRA’s activities may result in some large multi-year contracts and obligations whereby NSIRA will be obligated to make future payments in order to carry out its programs or when the services/goods are received. Significant contractual obligations that can be reasonably estimated are summarized as follows:

  2021 2022 2023 2024 2025 2026 and subsequent Total
Professional and special services 117 117
Information 32 32
Repair and maintenance 74 74
Transportation and communications 32 32
Total 7,906 255

NSIRA is related as a result of common ownership to all government departments, agencies, and Crown Corporations.

NSIRA enters into transactions with these entities in the normal course of business and on normal trade terms.

During the year, NSIRA received common services which were obtained without charge from other government departments as disclosed below.

(a) Common services provided without charge by other government departments

During the year, NSIRA received services without charge from certain common service organizations, related to accommodation, the employer’s contribution to the health and dental insurance plans and workers’ compensation coverage. These services provided without charge have been recorded at the carrying value in NSIRA’s Statement of Operations and Departmental Net Financial Position as follows:

(in thousands of dollars)

  For the Period July 12, 2019 to March 31, 2020
2019
Accommodation 316
Employer’s contribution to the health and dental insurance plans 295
Total 611

The Government has centralized some of its administrative activities for efficiency, cost-effectiveness purposes and economic delivery of programs to the public. As a result, the Government uses central agencies and common service organizations so that one department performs services for all other departments and agencies without charge. The costs of these services, such as the payroll and cheque issuance services provided by Public Services and Procurement Canada are not included in NSIRA’s Statement of Operations and Departmental Net Financial Position. The costs of information technology infrastructure services provided by Shared Services Canada, following the transfer of responsibilities in November 2011 are also not included in NSIRA’s Statement of Operations and Departmental Net Financial Position.

(b) Other transactions with other government departments and agencies

  For the Period July 12, 2019 to March 31, 2020
2019
Expenses 2,235

11. Segmented information

Presentation by segment is based on NSIRA’s Departmental Results Framework. The presentation by segment is based on the same accounting policies as described in the Summary of significant accounting policies in note 3. The following table presents the expenses incurred and revenues generated for the main program alignments, by major object of expense and by major type of revenue. The segment results for the period are as follows:

  Assist the NSIRA Internal Services For the period July 12, 2019 to March 31, 2020 2019
Expenses
Salaries and employee benefits 2,971 1,025 3,996
Professional and special services 160 1,201 1,361
Accommodation 316 316
Transportation and communications 103 122 225
Information 13 65 78
Acquisition of machinery and equipment 20 53 73
Repair and maintenance 115 115
Rental 1 50 51
Utilities, materials and supplies 10 30 40
Other 76 (1) 75
Total expenses 3,670 2,660 6,330
Net cost from continuing operations 3,670 2,660 6,330

Annex to the Statement of Management Responsibility Including Internal Control over Financial Reporting for Fiscal Year 2021-22 (unaudited)

1. Introduction

This document provides summary information on measures taken by the National Security Intelligence Review Agency (NSIRA) to maintain an effective system of internal control over financial reporting (ICFR) including information on internal control management, assessment results and related action plans.

2. Departmental system of internal control over financial reporting

2.1  Internal Control Management

NSIRA recognizes the importance of setting the tone from the top to help ensure that staff at all levels understand their roles in maintaining effective financial systems of ICFR and are well equipped to exercise these responsibilities effectively. In accordance with a Memorandum of Understanding, NSIRA’s financial transactions are processed by the Privy Council Office (PCO) within their financial system and are for the most part subject to the same control environment.

NSIRA relies on PCO control measures to a large extent, but also recognizes the importance of ensuring that it implements its own complementary measures. To this end, NSIRA ensures that all managers with financial delegation have completed the appropriate training course prior to exercising their delegation. NSIRA has implemented a rigourous governance and accountability structure to support the oversight of its system of internal control, which includes:

  • Values and ethics framework;
  • Organizational accountability structures as they relate to internal control management to support sound financial management including roles and responsibilities for senior managers in their areas of responsibility;
  • Evidence of effective planning and reporting activities which includes multiple financial reviews and regular financial reporting to all managers including senior management;
  • Integrated risk management and on-going quality assurance and monitoring activities;
  • On-going communication and training on statutory requirements, policies, and procedures for sound financial management and control; and
  • Monitoring and regular updates as needed on internal control management plus assessment results and action.

2.2  Service Arrangements relevant to financial statements

NSIRA relies on other organizations for the processing of certain transactions that are recorded in its financial statements, and relies on these service providers to ensure an adequate system of ICFR is maintained over services provided to NSIRA.

Common Arrangements:
  • Public Services and Procurement Canada, which administers the payment of salaries and the procurement of goods and services, and provides accommodation services
  • Shared Services Canada, which provides IT infrastructure services
  • Treasury Board of Canada Secretariat, which provides information on public service insurance and centrally administers payment of the employer’s share of contributions toward statutory employee benefit plans
Specific Arrangements:
  • As aforementioned, NSIRA’s financial transactions are processed by PCO within their financial system and are for the most part subject to the same control environment. These services are the subject of a MOU between the two organizations.

3. Departmental assessment results during fiscal year 2019-20

New or significantly amended key controls

As a result of the Covid-19 pandemic, select business processes were modified to enable them to remain operational and effective while key staff work remotely. Digital signatures were introduced consistent with the approach identified by the Office of the Comptroller General to enable financial and other authorizations to continue to operate efficiently and effectively at NSIRA. This impacted multiple processes relying on the use of signatures including expenditures, delegation of authority, and procurement. Year-end close processes were modified as needed due to the requirement for staff to work remotely, however the impacts were not significant. Changes to the resulting redesigned processes have been documented.

On-going monitoring program

NSIRA continues to ensure its compliance with Treasury Board Guidelines

4. Departmental action plan

4.1  Progress during fiscal year 2019-20

NSIRA’s management team, along with the support of the Privy Council Office, has maintained a financial system and an internal control mechanism that ensures that financial information is understandable, relevant, reliable and comparable.

4.2  Departmental action plan for the next fiscal year and subsequent fiscal years

We understand our responsibility in terms of appropriate financial comptrollership and communication with the public, and we will continue to ensure that financial controls are in place and rigourous reporting process are in place going forward.

Share this page
Date Modified: