This quarterly report has been prepared by management as required by section 65.1 of the Financial Administration Act and in the form and manner prescribed by the Directive on Accounting Standards, GC 4400 Departmental Quarterly Financial Report. This quarterly financial report should be read in conjunction with the 2024–2025 Main Estimates.
This quarterly report has not been subject to an external audit or review.
Mandate
The National Security and Intelligence Review Agency (NSIRA) is an independent external review body that reports to Parliament. Established in July 2019, NSIRA is responsible for conducting reviews of the Government of Canada’s national security and intelligence activities to ensure that they are lawful, reasonable and necessary. NSIRA also hears public complaints regarding key national security agencies and their activities.
The NSIRA Secretariat supports the Agency in the delivery of its mandate. Independent scrutiny contributes to strengthening the accountability framework for national security and intelligence activities and to enhancing public confidence. Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable, and necessary
This quarterly report has been prepared by management using an expenditure basis of accounting. The accompanying Statement of Authorities includes the agency’s spending authorities granted by Parliament and those used by the agency, consistent with the 2024–2025 Main Estimates. This quarterly report has been prepared using a special-purpose financial reporting framework (cash basis) designed to meet financial information needs with respect to the use of spending authorities.
The authority of Parliament is required before money can be spent by the government. Approvals are given in the form of annually approved limits through appropriation acts or through legislation in the form of statutory spending authorities for specific purposes.
The Department uses the full accrual method of accounting to prepare and present its annual departmental financial statements that are part of the departmental results reporting process. However, the spending authorities voted by Parliament remain on an expenditure basis.
Highlights of the fiscal quarter and fiscal year-to-date results
This section highlights the significant items that contributed to the net increase or decrease in authorities available for the year and actual expenditures for the quarter ended September 30, 2024.
NSIRA Secretariat spent approximately 45% of its authorities by the end of the second quarter, compared with 33% in the same quarter of 2023–2024 (see graph 1).
Graph 1: Comparison of total authorities and total net budgetary expenditures, Q2 2024–2025 and Q2 2023–2024 (in millions of dollars)
Text version of Figure 1
Comparison of total authorities and total net budgetary expenditures, Q2 2024–2025 and Q2 2023–2024 (in millions of dollars)
2024-25
2023-24
Total Authorities
$19.5
$24.3
Q2 Expenditures
$5.3
$3.8
Year-to-Date Expenditures
$8.8
$8.1
Significant changes to authorities
As of September 30, 2024, Parliament had approved $19.5 million in total authorities for use by NSIRA Secretariat for 2024–2025 compared with $24.3 million as of September 30, 2023, for a net decrease of $4.8 million or 19.8% (see graph 2).
Graph 2: Variance in authorities as of September 30, 2024 (in millions of dollars)
Text version of Figure 2
Variance in authorities as of September 30, 2024 (in millions of dollars)
Fiscal year 2023-24 total available for use for the year ended March 31, 2024
Fiscal year 2024-25 total available for use for the year ended March 31, 2025
Vote 1 – Operating
22.6
17.9
Statutory
1.7
1.6
Total budgetary authorities
24.3
19.5
*Details may not sum to totals due to rounding*
The decrease of $4.8 million in authorities is mostly explained by a reduction in capital funding for infrastructure projects due to the fact that they have reached completion in this fiscal year.
Significant changes to quarter expenditures
The second quarter expenditures totalled $5.3 million for an increase of $1.5 million when compared with $3.8 million spent during the same period in 2023–2024. Table 1 presents budgetary expenditures by standard object.
Table 1: Departmental budgetary expenditures by Standard Object (unaudited)
Fiscal year 2024-2025 (in thousands of dollars)
Variances in expenditures by standard object (in thousands of dollars)
Fiscal year 2024–25: expended during the quarter ended September 30, 2024
Fiscal year 2023–24: expended during the quarter ended September 30, 2023
Variance $
Variance %
Personnel
3,856
3,014
842
28%
Transportation and communications
77
62
15
24%
Information
7
4
3
75%
Professional and special services
1,320
504
816
162%
Rentals
17
25
(8)
(32%)
Repair and maintenance
37
3
34
1133%
Utilities, materials, and supplies
12
50
(38)
(76%)
Acquisition of machinery and equipment
8
4
4
100%
Other subsidies and payments
(38)
118
(156)
(132%)
Total gross budgetary expenditures
5,296
3,784
1,512
40%
Personnel
The increase of $842,000 reflects management’s decision to increase FTEs to enhance operational capacity in response to greater demand for output. It is also a result of an increase in average salary due to alignment with increases approved as part of collective bargaining.
Professional and special services
The increase of $816,000 is mainly explained by a change in the timing of the billing for maintenance and services in support of our classified IT network infrastructure.
Repair and maintenance
The increase of $34,000 is explained by some one-time office repairs in fiscal year 2024-2025.
Utilities, materials, and supplies
The decrease of $38,000 is explained by temporarily unreconciled acquisition card purchases in fiscal year 2023-2024.
Other subsidies and payments
The decrease of $156,000 is explained by an increase in the recovery of salary overpayments.
Significant changes to year-to-date expenditures
The year-to-date expenditures totalled $8.8 million for an increase of $0.7 million (8%) when compared with $8.1 million spent during the same period in 2023-2024. Table 2 presents budgetary expenditures by standard object.
Table 2: Departmental budgetary expenditures by Standard Object (unaudited) (continued)
Fiscal year 2024-2025 (in thousands of dollars)
Variances in expenditures by standard object (in thousands of dollars)
Fiscal year 2024–25: year-to-date expenditures as of September 30, 2024
Fiscal year 2023–24: year-to-date expenditures as of September 30, 2023
Variance $
Variance %
Personnel
6,864
5,900
964
16%
Transportation and communications
135
192
(57)
(30%)
Information
13
4
9
225%
Professional and special services
1,589
1,669
(80)
(5%)
Rentals
42
73
(31)
(42%)
Repair and maintenance
40
27
13
48%
Utilities, materials and supplies
40
57
(17)
(30%)
Acquisition of machinery and equipment
20
52
(32)
(62%)
Other subsidies and payments
41
122
(81)
(66%)
Total gross budgetary expenditures
8,784
8,096
688
8%
Transportation and communications
The decrease of $57,000 is due to the timing of invoicing for the organization’s Network Services.
Information
The increase of $9,000 is due to the timing of invoicing for printing services.
Acquisition of machinery and equipment
The decrease of $32,000 is mainly explained by the one-time purchase of a specialized laptop in 2023-2024.
Other subsidies and payments
The decrease of $81,000 is mainly explained by higher leasehold improvement amortization expenses in 2023-2024.
Risks and uncertainties
There is a risk that the funding received to offset pay increases will be insufficient to cover the costs of such increases and the year-over-year cost of services provided by other government departments/agencies is increasing significantly. To mitigate, NSIRA Secretariat is forecasting both personnel and operating expenditures three fiscal years out and identifying critical functions.
NSIRA Secretariat is closely monitoring pay transactions to identify and address over and under payments in a timely manner. It continues to apply ongoing mitigating controls such as participating in PSPC’s Reconciliation Tool (RT) initiative.
Mitigation measures for the risks outlined above have been identified and are factored into NSIRA Secretariat’s approach and timelines for the execution of its mandated activities.
Significant changes in relation to operations, personnel and programs
Mr. Charles Fugère was appointed by the Governor-in-Council to be Executive Director of the NSIRA Secretariat, for a period of three years, on July 27, 2024.
Approved by senior officials:
Charles Fugère Executive Director
Martyn Turcotte Chief Financial Officer
Appendix
Statement of authorities (Unaudited)
(in thousands of dollars)
Fiscal year 2024–25
Fiscal year 2023–24
Total available for use for the year ending March 31, 2025 (note 1)
Used during the quarter ended September 30, 2024
Year to date used at quarter-end
Total available for use for the year ending March 31, 2024 (note 1)
Used during the quarter ended September 30, 2023
Year to date used at quarter-end
Vote 1 – Net operating expenditures
17,857
4,895
7,983
22,564
3,345
7,218
Budgetary statutory authorities
Contributions to employee benefit plans
1,601
401
801
1,755
439
878
Total budgetary authorities (note 2)
19,458
5,296
8,784
24,319
3,784
8,096
Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.
Note 2: Details may not sum to totals due to rounding.
Departmental budgetary expenditures by standard object (unaudited)
(in thousands of dollars)
Fiscal year 2024–25
Fiscal year 2023–24
Planned expenditures for the year ending March 31, 2025 (note 1)
Expended during the quarter ended September 30, 2024
Year-to-date used at quarter-end
Planned expenditures for the year ending March 31, 2024
Expended during the quarter ended September 30, 2023
Year-to-date used at quarter-end
Expenditures
Personnel
13,205
3,856
6,864
13,303
3,014
5,900
Transportation and communications
685
77
135
650
62
192
Information
76
7
13
371
4
4
Professional and special services
4,624
1,320
1,589
4,906
504
1,669
Rentals
309
17
42
271
25
73
Repair and maintenance
436
37
40
4,580
3
27
Utilities, materials, and supplies
58
12
40
73
50
57
Acquisition of machinery and equipment
65
8
20
132
4
52
Other subsidies and payments
0
(38)
41
33
118
122
Total gross budgetary expenditures
(note 2)
19,458
5,296
8,784
24,319
3,784
8,096
Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.
Note 2: Details may not sum to totals due to rounding.
Ottawa, Ontario, November 6, 2024 – The National Security and Intelligence Review Agency’s (NSIRA) fifth annual report has been tabled in Parliament.
This report provides an overview and discussion of NSIRA’s review and investigation work throughout 2023, including its findings and recommendations. It highlights the significant outcomes achieved through strengthened partnerships and an unwavering commitment to all Canadians to provide accountability and transparency regarding the Government of Canada’s national security and intelligence activities.
The annual report also reflects on a major milestone: NSIRA’s five-year anniversary. The agency has matured since its inception in 2019, keeping pace with emerging threats, technological advancements, and evolving security and intelligence activities. In stride, NSIRA has built an enhanced capacity to address complex issues and conduct thorough and effective reviews and investigations with a team of dedicated professionals with diverse expertise.
In 2023, in addition to its mandatory reviews, NSIRA continued executing discretionary reviews that were deemed relevant and appropriate. Of the ongoing reviews in 2023, NSIRA has since completed 12. In particular, NSIRA’s review on the Dissemination of Intelligence on People’s Republic of China Political Foreign Interference, 2018–2023 was a significant achievement. NSIRA evaluated the flow of intelligence within government from the collectors to consumers, including senior public servants and elected officials. This involved scrutinizing internal processes regarding how collected information was shared and escalated to relevant decision-makers. NSIRA determined it was in the public interest to report on this matter and produced its first special report under section 40 of the NSIRA Act, which was tabled in both houses of Parliament in May 2024.
Review highlights in the report include the following:
A review of the Communications Security Establishment’s (CSE) use of the polygraph for security screening, which examined the way CSE operated its polygraph program and the role of the Treasury Board of Canada Secretariat (TBS) in establishing the Standard on Security Screening that governs the use of the polygraph for security screening by the Government of Canada;
A review of the Canadian Security Intelligence Service’s (CSIS) current application of its dataset regime, which enables CSIS to collect and retain datasets containing personal information that are not directly and immediately related to threats but likely to assist in national security investigations;
A review of operational collaboration between CSE and CSIS, NSIRA’s first review to examine the effectiveness of the collaboration by assessing their respective mandates and associated prohibitions;
Two mandated multi-departmental reviews: a review of directions issued with respect to the Avoiding Complicity in Mistreatment by Foreign Entities Act and a review of disclosures of information under the Security of Canada Information Disclosure Act; and
Three reviews concerning human source programs: the RCMP’s Human Source Program, CBSA’s Confidential Human Source Program, and the Department of National Defence/Canadian Armed Forces’ Human Source Handling Program.
NSIRA also closed 12 investigations in 2023. Last year, the agency saw an increase in complaints against CSIS under section 16 of the NSIRA Act, alleging process delays in immigration or citizenship security screening.
This annual report demonstrates the value of expanded partnerships and how the organization leveraged its network of international oversight partners in 2023, including lessons learned and shared. NSIRA’s integration into the global community of national security and intelligence oversight has advanced the agency’s development and enhanced its capacity to carry out its mandate.
Over the past five years, NSIRA has sought to demystify the often-opaque domain of national security and intelligence agencies and empower Canadians to participate in informed discussions about their security and rights. Recently, the agency codified its approach by formalizing its vision, mission, and values statements.
Looking ahead, NSIRA is committed to continuing its vital work reporting on whether national security or intelligence activities are respectful of the rights and freedoms of all Canadians and enhancing public awareness and understanding of the critical issues at stake in national security and intelligence.
As members of the National Security and Intelligence Review Agency (NSIRA), we are pleased to present our 2023 Annual Report, marking the five-year milestone of our agency’s journey. This report encapsulates our activities of the past year and provides an opportunity for reflection on the progress and evolution of our agency since 2019.
As world events have unfolded, and the pace of security and intelligence activities has advanced, the presence of our agency has never been more important. Since NSIRA’s inception, our mandate has been to provide independent oversight and accountability of Canada’s national security and intelligence activities. Over the last five years, we have brought greater transparency on such activities to the Canadian public, and we are proud of the strides we have made in fulfilling this crucial role.
Our agency has matured and strengthened in many ways. We have built enhanced capacity to conduct thorough and effective reviews and investigations of our country’s diverse range of national security and intelligence activities. We have assembled a team of dedicated professionals with a wealth of expertise in numerous fields, enabling us to address complex issues and provide informed assessments and recommendations.
We have also fostered constructive relationships with our reviewees, partner agencies, parliamentary committees, and civil society organizations. These partnerships have been instrumental in facilitating our access to information, engagement in meaningful dialogue, and our ability to promote transparency and accountability.
Over the last five years, we have enhanced public awareness and understanding of the critical issues at stake in the realm of national security and intelligence. Through the publication of our reports, we have sought to demystify this often-opaque domain and empower Canadians to participate in informed discussions about their security and rights.
As we reflect on our achievements to date, we are mindful of the challenges that lie ahead. The landscape of national security and intelligence is constantly evolving as emerging threats and technological advancements present new challenges. As adaptive and agile responses are required by Canada’s security and intelligence agencies, NSIRA will continue to assess whether such responses are lawful, reasonable, and necessary.
Looking ahead, we are committed to continuing our vital work. We remain dedicated and vigilant in our role of ensuring that Canada’s national security and intelligence framework remains accountable, and reporting on whether national security or intelligence activities are respectful of the rights and freedoms of all Canadians.
We extend our gratitude to all Secretariat staff, past and present, whose dedication and support has contributed to NSIRA’s evolution over the past five years. Their efforts have been invaluable in shaping our agency and our work serving the Canadian public.
Marie Deschamps Marie-Lucie Morin Foluke Laosebikan Jim Chu Craig Forcese Matthew Cassar Colleen Swords
Executive summary
2023 marked a momentous year for the National Security and Intelligence Review Agency (NSIRA). Relentless efforts to mature the agency’s processes and professionalize its approaches allowed NSIRA to conduct its reviews and investigations to the highest standards. This report highlights the significant outcomes achieved through refined methodologies, strengthened partnerships, and an unwavering commitment to all Canadians to provide accountability and transparency of the national security and intelligence activities of the Government of Canada.
NSIRA’s first five years
NSIRA celebrated its fifth anniversary in July 2024 and has used this as an opportunity to reflect on its growth and development, as well as lessons learned. The agency has embraced its broad and unique mandate, completing reviews that span organizations and increasing its transparency in implementing its investigations mandate. NSIRA has prioritized the growth and development of its staff, enhanced review literacy across reviewed entities, and continued to maintain best practices and the highest standards in implementing its mandate.
Value of expanded partnerships
NSIRA has expanded and leveraged its network of oversight partners through its numerous engagements with international counterparts and participation in international forums in 2023. This has benefitted all parties through sharing best practices, lessons learned, expertise, and research. NSIRA’s integration into the international community of national security and intelligence oversight has advanced the agency’s development and enhanced its capacity to carry out its mandate.
Reviews
The following are highlights and key outcomes of the reviews NSIRA completed in 2023. (Ongoing reviews are not included.) Annex B lists all the findings and recommendations associated with reviews completed in 2023.
Canadian Security Intelligence Service
NSIRA completed the following reviews where Canadian Security Intelligence Service (CSIS) activities were solely at issue:
a review of CSIS’ Dataset Regime, which examined its implementation, including aspects of governance, information management, retention practices, and training; and
an annual review of CSIS’ activities, which informed, in part, NSIRA’s 2023 classified annual report to the Minister of Public Safety.
Communications Security Establishment
NSIRA completed the following reviews where Communications Security Establishment (CSE) activities were mostly at issue:
a review on CSE’s use of the polygraph for security screening, which examined the way CSE operated its polygraph program and the role of the Treasury Board of Canada Secretariat (TBS) in establishing the Standard on Security Screening that governs the use of the polygraph for security screening by the Government of Canada;
a review of CSE’s network-based solutions and related cybersecurity and information assurance activities, which was NSIRA’s first review of these activities, as well as its first review of Shared Services Canada (SSC); and
an annual review of CSE’s activities, which informed, in part, NSIRA’s 2023 classified annual report to the Minister of National Defence.
Canada Border Services Agency
NSIRA completed a review of the Canada Border Services Agency’s (CBSA’s) Confidential Human Source (CHS) program, which examined the legal and policy frameworks governing the program, with particular attention to the management and assessment of risk; the agency’s discharge of its duty of care to its sources; and the sufficiency of ministerial direction and accountability in relation to the program.
Department of National Defence and the Canadian Armed Forces
NSIRA completed a review of the Department of National Defence (DND) and Canadian Armed Forces’ (CAFs) Human Source Handling program, which examined whether DND/CAF conducts its human source-handling activities lawfully, ethically, and with appropriate accountability.
Multi-departmental reviews
NSIRA completed a review of the operational collaboration between CSE and CSIS, which was NSIRA’s first review to examine the effectiveness of the collaboration by assessing their respective mandates and associated prohibitions. This review also satisfied NSIRA’s annual requirement under section 8(2) of the National Security and Intelligence Review Agency Act (NSIRA Act) to review an aspect of CSIS’ threat reduction measures (TRMs).
NSIRA completed two mandated multi-departmental reviews in 2023:
a review of directions issued with respect to the Avoiding Complicity in Mistreatment by Foreign Entities Act; and
a review of disclosures of information under the Security of Canada Information Disclosure Act (SCIDA).
Complaint investigations
The NSIRA Secretariat – in consultation with NSIRA members – established service standards for complaint investigations and set the goal of completing 90 percent of cases within the service standards. This commitment supports NSIRA’s complaint investigations by ensuring timeliness. NSIRA also implemented an independent verification process for complaints against CSE. Additionally, the agency completed a study on the collection of race-based data and other demographic information.
NSIRA observed an increase of complaints against CSIS, pursuant to section 16 of the NSIRA Act, alleging process delays in immigration or citizenship security screening.
Introduction
Mandate
The National Security and Intelligence Review Agency (NSIRA) is an independent agency that reports to Parliament and has the authority to conduct an integrated review of Government of Canada national security and intelligence activities. This provides Canada with one of the most extensive systems for independent review of national security in the world. NSIRA has a dual mandate: to conduct reviews, and to carry out investigations, of complaints related to Canada’s national security or intelligence activities. In fulfilling its mandate, the agency is assisted by a Secretariat headed by an Executive Director.
Reviews
NSIRA’s review mandate is broad, as outlined in subsection 8(1) of the National Security and Intelligence Review Agency Act (NSIRA Act). This mandate includes reviewing the activities of the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), as well as those of any other federal department or agency that are related to national security or intelligence. The agency may also review any national security or intelligence matter that a Minister of the Crown refers to NSIRA.
Investigations
NSIRA is responsible for investigating complaints related to national security or intelligence. This is outlined in paragraph 8(1)(d) of the NSIRA Act, and involves investigating the following:
complaints about the activities of CSIS or CSE;
complaints referred to it by the Civilian Review and Complaints Commission (CRCC) about the conduct of the Royal Canadian Mounted Police (RCMP) insofar as they relate to national security;
complaints related to decisions to deny or revoke federal government security clearances;
matters referred to it under the Canadian Human Rights Act; and
ministerial reports under the Citizenship Act that recommend denying certain citizenship applications.
NSIRA’s first five years
A new era of security and intelligence accountability in Canada
The conversation on national security and intelligence issues is evolving in Canada. In recent years, armed conflicts, the COVID-19 pandemic, and activities of foreign and domestic security and intelligence agencies have all been featured in news headlines. Most recently, Parliament debated the role of Canada’s security and intelligence agencies in responding to the threat of foreign political interference. The importance of robust review and oversight has never been more clear or timely. As the conversation grows, Canadians will want more information about the functioning of their security and intelligence systems. NSIRA is the trusted eyes and ears of Canadians, providing transparency that did not previously exist.
NSIRA’s mandate is to review issues and conduct investigations of complaints related to Canada’s national security or intelligence activities. Prior to NSIRA, although some activities were subject to review, no single agency had the mandate and authority to review activities across the national security and intelligence landscape, and some departments lacked an independent review body.
The siloed framework limited NSIRA’s predecessor agencies, the Security and Intelligence Review Committee (SIRC) and the Office of the Communications Security Establishment Commissioner to reviews and investigations of complaints within their narrow mandates. For example, reviews did not trace the progression of an issue as it traversed government departments.
A unique mandate
NSIRA’s broad mandate is unique within the international community, providing a much greater understanding of how departments and agencies work and interact in the national security and intelligence space. For example, in 2023, NSIRA launched a review of the dissemination of intelligence on foreign interference, focusing on how intelligence progressed from departments charged with collecting intelligence through to its ultimate consumers. Such a review was not possible for NSIRA’s siloed predecessors.
NSIRA’s reviews have involved 19 departments and agencies to date. Its expanded mandate for investigating complaints encompasses those against CSIS, CSE and, upon referral, those from the CRCC concerning the RCMP and the Canadian Human Rights Commission (CHRC). NSIRA’s work gets to the heart of how national security and intelligence activities are conducted, allowing for precise and effective recommendations.
Building processes and excellence from the ground up
NSIRA has prioritized professionalizing how it conducts reviews by developing policies and processes to support the review process. These were created even as the agency was growing and delivering on its complex mandate, and through the COVID-19 pandemic.
NSIRA has also modernized its policies and processes for its investigations of complaints. The agency undertook significant reform of its investigative process and published new Rules of Procedure to replace the previous model, increasing procedural transparency for those involved in the complaints process. When the COVID-19 pandemic made in-person hearings impossible, NSIRA pivoted and introduced alternate solutions, such as conducting its investigative interviews over video conference, thereby retaining access for participants.
NSIRA has built a proactive disclosure practice to publish its reports on its website. It has also undertaken an effort to publish those prepared by SIRC, to the greatest extent possible. The goal is to make NSIRA’s reviews and its findings and recommendations available to the public as soon as possible. Proactive disclosure increases transparency and contributes to the dialogue on national security and intelligence in Canada.
Empowering professionals
The Secretariat is now staffed by almost 100 full-time employees. NSIRA’s greatest asset is its people, and the Secretariat continues to attract staff with a range of expertise in research, review, technology, and law. This breadth has resulted in a diversity of reviews and a professionalized investigative model for addressing complaints.
NSIRA has actively developed a unique culture and is innovative in how it manages its review process. Review teams are comprised of individuals with diverse skill sets that reflect the need for legal and technical expertise. Teams are responsible for executing reviews under the direction of NSIRA members, with the guidance and support of Secretariat management. The result is detailed, fearless reviews.
Similarly, NSIRA’s model for investigations of complaints is now designed for NSIRA members to be expertly supported by legal, registry, and research staff. This enhances members’ effectiveness in their adjudicative role conducting investigations.
The challenge of more effective review
NSIRA’s mission is to serve as the trusted eyes and ears of Canadians through independent, expert review and investigation of the Government of Canada’s national security and intelligence activities. To successfully implement its mission, NSIRA must select the right reviews and have access to the required information.
The NSIRA Act requires NSIRA to conduct certain annual reviews; it also gives the agency discretion to choose topics to review. This discretion is fundamental as NSIRA must be able to “follow the thread” to ensure that activities deserving scrutiny are independently reviewed. Specifically, NSIRA has developed a review planning and consideration matrix, consisting of formal criteria that help identify review topics in accordance with NSIRA’s core mandate and mission. The prioritization of reviews is informed by additional strategic factors, including assessments of the nature of the activity and the compliance risk its poses, the novelty of the activity and any technology it employs, as well as resourcing, ongoing reviews, and public interest.
Access to information is the lifeblood of review, and NSIRA continues to insist upon its access rights. Effective review requires timely and complete responses to NSIRA’s requests for information, open and candid briefings, and mutual respect. Despite the agency’s unfettered access under the NSIRA Act, navigating access issues has not been without its struggles. There has been a learning curve, for both reviewed entities and NSIRA, and increasing review literacy in the departments and agencies under NSIRA’s review mandate is an ongoing priority.
Successes of NSIRA’s mandate
NSIRA’s impact on the national security and intelligence community extends beyond that of the reviewed departments. Recently, the Federal Court released a decision on a CSIS warrant matter that used an NSIRA report to inform its background and analysis. The Court considered the issues identified by NSIRA to be important in relation to the sharing of information collected under certain warrants.
Additionally, Ministers accountable for the security and intelligence community’s activities have recognized the value of independent review and have referred matters to NSIRA. The first of such reviews stemmed from a Federal Court judgment. As a result, the Ministers of Public Safety and Justice referred the matter to NSIRA. NSIRA’s report made findings and recommendations on Justice’s provision of legal advice, CSIS and Justice’s management of the warrant acquisition process, and broader cultural and governance issues.
Since 2019, NSIRA has completed 39 reviews (13 statutory and 26 discretionary). Of these reviews, 21 involved more than one department. NSIRA has also issued 17 different compliance reports to responsible Ministers, as required under section 35 of the NSIRA Act, whenever the agency finds that an activity may not be in compliance with the law. Compliance issues range from a department missing a deadline prescribed in legislation to a potential Charter violation. NSIRA’s reports have included more than 200 recommendations, ranging from specific process changes to wide-ranging structural reform. NSIRA has also received more than 200 complaints, highlighting the importance of accessibility to an independent investigation process to address complaints concerning the activities of CSIS, CSE, and the RCMP.
Looking ahead
As NSIRA looks to its future, it will also turn attention inward to ensure NSIRA’s structure and governance is fit for purpose. The upcoming legislative review of the NSIRA Act provides the opportunity to make any required improvements.
NSIRA is immensely proud of its contributions to the scrutiny and transparency of Canada’s security and intelligence activities during its first five years. It has played a pivotal role in ensuring there is independent accountability for the organizations involved in Canada’s security and intelligence activities. As NSIRA looks ahead, it does so with enthusiasm and a renewed mission. NSIRA has recently codified its approach by formalizing its vision, mission, and values statements, and while the formal statements may be new, the underlying elements have provided the agency’s foundation from its beginning.
NSIRA’s Mission, Vision, and Values
Value of expanded partnerships
Expanded international partnerships and cooperation
Under NSIRA’s predecessors, international partnerships were primarily established through the Five Eyes Intelligence Oversight and Review Council (FIORC), which continues to be a foundational alliance for NSIRA. In addition to reinforcing and building upon the relationships it inherited, NSIRA has cultivated new partnerships with foreign counterparts and actively participated in international forums. In 2023 alone, NSIRA engaged with the following organizations and attended the following events:
Organizations:
Australia’s Inspector-General of Intelligence and Security (IGIS Australia)
New Zealand’s Inspector-General of Intelligence and Security (IGIS New Zealand)
The United States of America’s Inspector General of the Intelligence Community (IC IG US)
The United Kingdom’s Investigatory Powers Commissioner’s Office (IPCO UK)
The United Nations’ Counter-Terrorism Executive Directorate (UNCTED)
The United States Privacy and Civil Liberties Oversight Board (PCLOB US)
The Norwegian Parliamentary Oversight Committee on Intelligence and Security Services (EOS Norway)
The Danish Intelligence Oversight Board (TET Denmark)
The Independent Oversight Authority for Intelligence Activities of Switzerland (OA-IA)
The German Parliamentary Oversight Panel (PKGr)
The Dutch Review Committee on the Intelligence and Security Services (CTIVD Netherlands)
Events and forums:
Five Eyes Intelligence Oversight and Review Council Conference
International Intelligence Oversight Forum
European Intelligence Oversight Conference
Lessons learned and lessons shared with international partners
Connecting with international counterparts and participating in multilateral discussions has enabled NSIRA to tap into a network of partners. Relevant information is shared regarding best practices, methodologies, recent developments, and common issues. Information sharing and cooperation in the traditionally esoteric and insulated field of national security oversight has broadened NSIRA’s outlook and informed its expectations with respect to the departments and agencies that it oversees.
NSIRA has found that many of the challenges it faces have been experienced, and in some cases overcome, by international partners. These include challenges that are operational in nature, such as tactics for acquiring and verifying information, and those that relate to NSIRA’s Secretariat, such as the recruitment, training, and retention of staff. Leveraging the lessons learned by our international counterparts has accelerated NSIRA’s own development and contributed to the agency’s growing reputation as an exemplar in the realm of national security and intelligence oversight.
While certainly a voracious consumer of best practices, NSIRA is an equally active contributor. The agency has reciprocally shared its own unique approaches, processes, and methods with the broader oversight community, which in some instances has led partner organizations to follow NSIRA’s lead and adopt its practices. Even where NSIRA has not been confronted with a specific issue firsthand, its perspective has been sought and acted upon by partners that recognize NSIRA’s wealth of experience and renown for innovation.
Continuous and repeated engagements with international partners have allowed for working- level relationships to take root, flourish, and bear fruit in the form of both regularly scheduled touch points and casual, ad hoc, file-specific exchanges. Lowering the institutional barriers has promoted the exchange of expertise, had a more direct impact on the substantive work of each institution, and produced more tangible outcomes, as described in the examples below.
Examples of value gained from engagements
Benefits to NSIRA
Through an extended assignment to NSIRA, a communications expert from IPCO UK conducted a wholistic assessment of the agency’s current communications posture and played a critical role in crafting an inaugural communications strategy. The implementation of this strategy has helped NSIRA reach and build connections with domestic stakeholders. NSIRA’s members and Secretariat staff are deeply grateful for the expert’s contributions during their time with the agency.
TET Denmark and EOS Norway were influential in the development and use of a new IT system review inspection, first used as part of NSIRA’s Review of the Lifecycle of CSIS’ Warranted Information. They also contributed to functional and performance benchmarking used by NSIRA in its methodologies, common practices, and assessment criteria.
NSIRA has consulted the American Inspector General to improve the responsiveness of reviewed departments and agencies to NSIRA’s recommendations. NSIRA has begun adopting best practices for ensuring there is follow-up on recommendations it has provided.
NSIRA’s contributions
At an event hosted by Global Affairs Canada (GAC) as part of Canada’s work in cooperation with the UNCTED, NSIRA gave a presentation to the UNCTED delegation to explain the role that independent review plays in assessing the legality of Canadian activities in the counter-terrorism realm. This showcased to international assessors how the Canadian model has built robust independent mechanisms for review of counter-terrorism operations that reaches both law enforcement and the intelligence service.
NSIRA’s review planning and consideration matrix was shared with New Zealand’s IGIS, TET Denmark, and several other international partners. Following their visit to NSIRA, TET Denmark has updated its IT standards to include quality assurance steps and added additional factors to its risk assessment framework.
Greater collaboration leads to greater accountability
Just as security and intelligence agencies regularly cooperate and share information with international partners, so too must the bodies that oversee them. Collaboration among NSIRA and its foreign counterparts has produced, and continues to yield, mutual benefits for all parties involved. As a result, NSIRA has become a more capable organization with greater visibility in the transnational security and intelligence community, ensuring effective and exhaustive accountability of Canada’s national security apparatus.
Domestically, within Canada’s review and oversight community, NSIRA brings a distinct and valued perspective, filling a previously unoccupied space in this important network. As such, the agency complements the activities of its peers. In 2023, NSIRA met with numerous Agents of Parliament, including the Auditor General of Canada, the Public Sector Integrity Commissioner, and the Privacy Commissioner. The multi-decade institutional experience and maturity of these agents and their respective offices has proven to be invaluably instructive for NSIRA, and the exchange of best practices has been extremely helpful, particularly in the development of the Secretariat’s communications capacity.
As provided for in the NSIRA Act, NSIRA engages with other oversight bodies to deconflict on issues of mutual interest. For example, in 2023, both NSIRA and the National Security and Intelligence Committee of Parliamentarians (NSICOP) launched reviews on the issue of political foreign interference. While maintaining its independence, NSIRA coordinated with NSICOP to avoid any unnecessary duplication of work in relation to each organization’s review.
Reviews
Overview
In addition to its annual reviews, NSIRA continued to execute discretionary reviews that it deemed relevant and appropriate to the authorities of its mandate. Of note was NSIRA’s review on the Dissemination of Intelligence on People’s Republic of China Political Foreign Interference, 2018–2023. NSIRA evaluated the flow of intelligence within government from the collectors to consumers, including senior public servants and elected officials. This involved scrutinizing internal processes regarding how collected information was shared and escalated to relevant decision-makers. NSIRA determined that it was in the public interest to report on this matter and produced its first special report under section 40 of the NSIRA Act. This report was tabled in both houses of Parliament in May 2024.
Table 1 captures all review work that was underway in 2023. This includes annually mandated reviews, discretionary reviews, and annual reviews of CSE and CSIS activities. High-level summaries of their content and outcomes are provided in subsequent sections for those reviews completed by the end of the calendar year; the full findings and recommendations can be found in Annex B. NSIRA makes the reviews available once they have been redacted for public release.
Table 1. NSIRA Review Activities During 2023
Review
Department(s)
Status
Annual Report to the Minister of National Defence on CSE activities for 2022
CSE
Completed
Annual Report to the Minister of Public Safety on CSIS activities for 2022
CSIS
Completed
Review of Government of Canada Institutions’ Disclosures of Information Under the Security of Canada Information Disclosure Act in 2022
PS, CSE, CSIS, GAC, RCMP, IRCC
Completed
Review of CSE’s Network-based Solutions and Related Cybersecurity & Information Assurance Activities
CSE and SSC
Completed
Review of CSIS Dataset Regime
CSIS
Completed
Review of the Department of National Defence/Canadian Armed Forces’ Human Source Handling Program
DND/CAF
Completed
Review of Operational Collaboration Between the CSE and CSIS
CSE and CSIS
Completed
Review of the CBSA’s Confidential Human Source Program
CBSA
Completed
Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2022
Review of the Dissemination of Intelligence on People’s Republic of China Political Foreign Interference, 2018–2023
CSIS, RCMP, GAC, CSE, PS, PCO
Completed
Review of Public Safety Canada and CSIS’s Accountability Mechanisms
CSIS, GAC, PS, DOJ
Completed
Review of the Lifecycle of CSIS’ Warranted Information
CSIS
Completed
Review of the RCMP’s Human Source Program
RCMP
Completed
Review of Government of Canada Institutions’ Disclosures of Information Under the Security of Canada Information Disclosure Act in 2023
PS, CSE, CSIS, GAC, RCMP, CBSA, IRCC
Ongoing
Review of CSE’s Vulnerabilities Equities Process
CSE, CSIS, RCMP
Ongoing
Review of CRA’s Review and Analysis Division (RAD)
CRA
Ongoing
Canadian Security Intelligence Service reviews
Overview
NSIRA has a mandate to review any Canadian Security Intelligence Service (CSIS) activity. The NSIRA Act requires the agency to submit an annual report on CSIS activities each year to the Minister of Public Safety and Emergency Preparedness. These reports are classified and include information related to CSIS’s compliance with the law and applicable ministerial directions, and the reasonableness and necessity of CSIS exercising its powers.
In 2023, NSIRA completed one dedicated review of CSIS and its annual review of CSIS activities, both summarized below. Furthermore, CSIS is involved in other NSIRA multi-departmental reviews, such as the agency’s review of the operational collaboration between CSE and CSIS, and the legally mandated annual reviews of the Security of Canada Information Disclosure Act (SCIDA) and the Avoiding Complicity in Mistreatment by Foreign Entities Act, the results of which are described in section 4.5, Multi-departmental reviews.
Review of CSIS Dataset Regime
In July 2019, the dataset regime came into force as part of the National Security Act 2017 (NSA 2017), creating sections 11.01–11.25 of the CSIS Act.The regime enables CSIS to collect and retain datasets containing personal information that are not directly and immediately related to threats, but likely to assist in national security investigations.
NSIRA examined the implementation of the regime, including aspects of governance, information management, retention practices, and training. The agency found compliance issues that permeated all aspects of the regime under review. Of concern, NSIRA found that CSIS’s current application of the dataset regime is inconsistent with the statutory framework. NSIRA also found multiple compliance issues with how CSIS has implemented the regime, including the retention of Canadian and foreign information without the requisite legally mandated authorizations and approvals.
The review concluded that CSIS has failed to adequately operationalize its dataset regime. CSIS did not seek to clarify legal ambiguities of the application of the regime before the Federal Court, despite having had the opportunity to do so. CSIS adopted multiple positions on its application and now risks limiting what is intended to be a collection and retention regime to a retention mechanism. Internally, CSIS has not provided sufficient resources and training to ensure compliance with the regime. Absent an internal commitment to adequately operationalize, resource, and support the implementation of a new legal regime, any such regime will fail no matter how fit for purpose it is believed to be.
Annual review of Canadian Security Intelligence Service activities
NSIRA completed its annual review of CSIS activities, which covers a range of activities contemplated and undertaken between January 1 and December 31, 2023. The review highlighted compliance-related challenges faced by CSIS, allowed NSIRA to continue monitoring ongoing trends, and identified emerging issues in CSIS’s exercise of its powers. Information obtained throughout the review, including that which CSIS is required to provide to NSIRA under the CSIS Act, was used in NSIRA’s Annual Report to the Minister of Public Safety on CSIS activities, as well as to inform ongoing NSIRA reviews and internal review planning for upcoming reviews.
Statistics and data
To achieve greater public accountability, NSIRA has requested that CSIS publish statistics and data about public interest and compliance-related aspects of its activities. NSIRA is of the opinion that the following statistics will provide the public with information related to the scope and breadth of CSIS operations, as well as display the evolution of activities from year to year.
Warrant applications
Section 21 of the CSIS Act authorizes CSIS to apply to a judge for a warrant if it believes, on reasonable grounds, that more intrusive powers are required to investigate a particular threat to the security of Canada. Warrants may be used by CSIS, for example, to intercept communications, enter a location, or obtain information, records, or documents. Each individual warrant application could include multiple individuals or request the use of multiple intrusive powers.
Table 2: Section 21 warrant applications made by the Canadian Security Intelligence Service, 2018–2023
Applications
2018
2019
2020
2021
2022*
2023
Total section 21 applications
24
24
15
31
28
30
Total approved warrants
24
23
15
31
28
30
New warrants
10
9
2
13
6
9
Replacements
11
12
8
14
14
10
Supplemental
3
2
5
4
8
11
Total denied warrants
0
1
0
0
0
0
*The applications submitted by CSIS to the Federal Court in 2022 resulted in the approval and issuance of 194 judicial authorities, including 164 warrants and 28 assistance orders issued pursuant to sections 12, 16, and 21 of the CSIS Act, as well as two judicial authorizations issued pursuant to section 11.13 of the Act. Each application is subject to a thorough production and vetting process that includes review by an independent Department of Justice counsel and challenge by a committee composed of executives of CSIS, PS, CSE, and the RCMP (as applicable) before seeking ministerial approval. A number of warrants issued during this period reflected the development of innovative new authorities and collection techniques, which required close collaboration between collectors, technology operators, policy analysts, and legal counsel.
Threat reduction measures
CSIS is authorized to seek a judicial warrant for a threat reduction measure (TRM) if it believes that certain intrusive measures, outlined in section 21 (1.1) of the CSIS Act, are required to reduce a threat. The CSIS Act is clear that when a proposed TRM would limit a right or freedom protected by the Canadian Charter of Rights and Freedoms or would otherwise be contrary to Canadian law, a judicial warrant authorizing the measure is required. To date, CSIS has sought no judicial authorizations to undertake warranted TRMs. TRMs approved in one year may be executed in future years. Operational reasons may also prevent an approved TRM from being executed.
Table 3: Total number of approved and executed threat reduction measures, 2015–2023
Threat reduction measures
2015
2016
2017
2018
2019
2020
2021
2022
2023
Approved
10
8
15
23
24
11
23
16
14
Executed
10
8
13
17
19
8
17
12
19
Warranted
0
0
0
0
0
0
0
0
0
Canadian Security Intelligence Service targets
CSISis mandated to investigate threats to the security of Canada, including espionage; foreign- influenced activities; political, religious, or ideologically motivated violence; and subversion. Section 12 of the CSIS Act sets out criteria for permitting the Service to investigate an individual, group, or entity for matters related to these threats. Subjects of a CSIS investigation, whether they be individuals or groups, are called “targets.”
Table 4: Number of Canadian Security Intelligence Service targets, 2018–2023
Targets
2018
2019
2020
2021
2022
2023
Number of targets
430
467
360
352
340
323
Datasets
Data analytics is an investigative tool for CSIS, through which it seeks to make connections and identify trends that may not be visible using traditional methods of investigation. NSA 2017 gave CSIS new powers, including a legal framework for the Service to collect, retain, and use datasets. The framework authorizes CSIS to collect datasets (divided into publicly available, Canadian, and foreign datasets) that may have the ability to assist it in the performance of its duties and functions. It also establishes safeguards for the protection of Canadian rights and freedoms, including privacy rights. These protections include enhanced requirements for ministerial accountability. Depending on the type of dataset, CSIS must meet different requirements before it is able to use a dataset.
The CSIS Act also requires that NSIRA be kept apprised of certain dataset-related activities. Reports prepared following the handling of datasets are to be provided to NSIRA under certain conditions and within reasonable timeframes. While CSIS is not required to advise NSIRA of judicial authorizations or ministerial approvals for the collection of Canadian and foreign datasets, CSIS has been proactively keeping NSIRA apprised of these activities.
Table 5: Evaluation and retention of publicly available, Canadian, and foreign datasets by the Canadian Security Intelligence Service, 2019–2023
Type of dataset
2019
2020
2021
2022
2023
Publicly available datasets
Evaluated
9
6
4
4
2
Retained
9
6
2
4
2
Canadian datasets
Evaluated
0
0
2
0
1
Retained (approved by the Federal Court)
0
0
0
2
0
Denied by the Federal Court
0
0
0
0
0
Foreign datasets
Evaluated
10
0
0
1
2
Retained (approved by the Minister of Public Safety and Intelligence Commissioner)
0
1
1
1
3
Denied by the Minister
0
0
0
0
0
Denied by the Intelligence Commissioner
0
0
0
0
0
Justification Framework
CSIS’s Justification Framework establishes a limited justification for its employees, and persons acting at their direction, to carry out activities that would otherwise constitute offences under Canadian law. CSIS’s framework is modelled on those already in place for Canadian law enforcement. It provides needed clarity to CSIS, and to Canadians, about what CSIS may lawfully do in the course of its activities. The framework recognizes that it is in the public interest to ensure that CSIS employees can effectively carry out intelligence collection duties and functions, including by engaging in otherwise unlawful acts or omissions, in the public interest and in accordance with the rule of law. The types of otherwise unlawful acts and omissions that are authorized by the Justification Framework are determined by the Minister of Public Safety and approved by the Intelligence Commissioner. There remain limitations on what activities can be undertaken, and nothing in the framework permits the commission of an act or omission that would infringe on a right or freedom guaranteed by the Charter.
According to section 20.1 of the CSIS Act, employees must be designated by the Minister of Public Safety and Emergency Preparedness to be covered under the Justification Framework while committing or directing an otherwise unlawful act or omission. Designated employees are CSIS employees who require the Justification Framework as part of their duties and functions. Designated employees are justified in committing an act or omission themselves (commissions by employees) and they may direct another person to commit an act or omission (directions to commit) as a part of their duties and functions.
Table 6: Authorizations, commissions, and directions under CSIS’ Justification Framework, 2019–2023
2019
2020
2021
2022
2023
Authorizations
49
147
178
172
172
Commissions by employees
1
39
51
61
47
Directions to commit
15
84
116
131
116
Emergency designations
0
0
0
0
0
Compliance
CSIS’s operational compliance program unit leads and manages overall compliance within the Service. The objective of this unit is to promote a culture of compliance within CSIS by leading an approach for reporting and assessing potential non-compliance incidents that provides timely advice and guidance related to internal policies and procedures for employees. This program is the centre for processing all instances of potential non-compliance related to operational activities.
NSIRA will continue to monitor closely the instances of non-compliance that relate to Canadian law and the Charter, and work with CSIS to improve transparency around these activities.
Table 7: Total number of non-compliance incidents processed by CSIS, 2019–2023
Incidents
2019
2020
2021
2022
2023
Processed compliance incidents
53
99
85
59
79
Administrative
53
64
42
48
Operational
40a
19b
21
17
31
Canadian law
N/A
N/A
1
2
4
Charter
N/A
N/A
6
5
15
Warrant conditions
N/A
N/A
6
3
11
CSIS governance
N/A
N/A
8
15
27
a For 2021, each operational non-compliance incident was reported based on the highest non-compliance (i.e., if the incident were non-compliant with the Charter and CSIS governance, it would be counted only under the Charter category). For 2022 and 2023, each incident is counted in all of the areas in which it was non-compliant. As such, the sum of operational non-compliance in the various categories exceeds the total number of such incidents.
b The total number of incidents of non-compliance were not further broken down in 2019 and 2020. This number represents the number of incidents of non-compliance with requirements such as the CSIS Act, the Charter, warrant terms and conditions, or CSIS internal policies or procedures.
Communications Security Establishment reviews
Overview
NSIRA has the mandate to review any activity conducted by the Communications Security Establishment (CSE). NSIRA must submit an annual report to the Minister of National Defence on CSE activities, including information related to CSE’s compliance with the law and applicable ministerial directions, and NSIRA’s assessment of the reasonableness and necessity of CSE exercising its powers.
In 2023, NSIRA completed two dedicated reviews of CSE and commenced an annual review of CSE activities, summarized below. Furthermore, CSE is included in other NSIRA multi-departmental reviews, such as the review of the operational collaboration between CSE and CSIS and the legally mandated annual reviews of the Security of Canada Information Disclosure Act (SCIDA) and the Avoiding Complicity in Mistreatment by Foreign Entities Act (see section 4.5).
Review of CSE’s Use of the Polygraph for Security Screening
NSIRA’s review of CSE’s use of the polygraph for security screening found that the policies and procedures in place at CSE inadequately addressed privacy issues. In particular, CSE’s use of personal information collected during polygraph exams for staffing purposes may have exceeded the consent provided and may not have complied with section 7 of the Privacy Act.
NSIRA also found issues with the way in which CSE operated its polygraph program, including unnecessarily repetitive and aggressive questioning by examiners, insufficient quality control of exams, and retention issues related to audiovisual recordings. Additionally, the way in which CSE used the results of polygraph exams to inform security screening decision-making could cause uncertainty over the opportunity to challenge denials of security clearances pursuant to the NSIRA Act. CSE generally over-relied on the results of polygraph exams for deciding security screening cases. When taken as a whole, CSE’s use of the polygraph for security screening raised serious concerns related to the Charter.
NSIRA also explored the role of the Treasury Board of Canada Secretariat (TBS) in establishing the Standard on Security Screening (the Standard), which governs the use of the polygraph for security screening by the Government of Canada. NSIRA found that TBS did not adequately consider the privacy or Charter implications of the use of the polygraph. TBS also did not implement sufficient safeguards in the Standard to address these implications.
As a result, NSIRA recommended that CSE and TBS both urgently address the fundamental issues related to the legality, reasonableness, and necessity of the use of the polygraph for security screening. If these issues cannot be addressed, NSIRA recommended that TBS remove the polygraph from the Standard and CSE should cease using it for security screening.
Review of CSE’s Network-based solutions and related Cybersecurity & Information Assurance activities
Since the CSE Act came into force in 2019, CSE’s cybersecurity and information assurance (CSIA) activities have grown in extent and importance. CSE acquires and analyzes vast amounts of information to identify and prevent cybersecurity threats, a necessary activity that nonetheless engages important privacy interests, a balance NSIRA sought to understand.
This was NSIRA’s first review of CSE’s CSIA activities, along with its first review of Shared Services Canada (SSC). The two departments work together on CSIA activities, as SSC is the system owner for most Government of Canada networks.
NSIRA found that CSE operates a comprehensive and integrated ecosystem of cybersecurity systems, tools, and capabilities to protect against cyber threats, with a design that incorporates measures meant to protect the privacy of Canadians and persons in Canada.
NSIRA made findings and recommendations in two areas of concern:
CSE’s communications to the Minister of National Defence about its CSIA program did not fully reflect its activities in practice. NSIRA made recommendations to CSE to improve its transparency in this regard.
CSE acquired information from sources that, in limited cases, may engage Canadian privacy interests. While this information has clear cybersecurity value, it was not acquired within the scheme of ministerial authorizations, due in part to an incongruence between subsections of the CSE Act. NSIRA recommended various actions to address this acquisition.
NSIRA built foundational knowledge about CSE’s CSIA activities through this review, which will inform NSIRA’s future activities.
Annual review of Communications Security Establishment activities
NSIRA conducted the second annual review of CSE activities. The 2023 review aimed to identify compliance-related challenges, general trends, and emerging issues based on information CSE is required by law to provide to NSIRA, as well as supplementary information. Primarily resulting in NSIRA’s Annual Report to the Minister of National Defence on CSE activities, the review also identified areas for future reviews of CSE activities and bolstered NSIRA’s knowledge of CSE activities.
Statistics and data
To achieve greater accountability and transparency, NSIRA has requested statistics and data from CSE about public interest and compliance-related aspects of its activities. NSIRA is of the opinion that these statistics will provide the public with important information related to the scope and breadth of CSE operations, as well as display the evolution of activities from year to year.
Ministerial authorizations and ministerial orders
Ministerial authorizations are issued to CSE by the Minister of National Defence. The authorizations support specific foreign intelligence, cybersecurity activities, defensive cyber operations, or active cyber operations conducted by CSE pursuant to those aspects of its mandate. Authorizations are issued when these activities could otherwise contravene an Act of Parliament or interfere with a reasonable expectation of privacy of a Canadian or a person in Canada.
Ministerial orders are issued by the Minister for the purpose of (1) designating any electronic information, any information infrastructures, or any class of electronic information or information infrastructures as electronic information or information infrastructures of importance to the Government of Canada (section 21[1] of the CSE Act); or (2) designating recipients of information related to Canadians or persons in Canada – that is, Canadian-identifying information (sections 45 and 44[1] of the CSE Act).
Table 9: Ministerial orders in effect as of 2023
Name of ministerial order
Enabling section of the CSE Act
Designating Recipients of Canadian Identifying Information Used, Analyzed or Retained Under a Foreign Intelligence Authorization
43
Designating Recipients of Information Relating to a Canadian or Person in Canada Acquired, Used or Analyzed Under the Cybersecurity and Information Assurance Aspects of the CSE Mandate
44
Designating Electronic Information and Information Infrastructures of Importance to the Government of Canada
21
Designating Electronic Information and Information Infrastructures of Ukraine as of Importance to the Government of Canada
21
Designating Electronic Information and Information Infrastructures of Latvia as of Importance to the Government of Canada
21
Foreign intelligence reporting
Under section 16 of the CSE Act, CSE is mandated to acquire information from or through the global information infrastructure. The CSE Act defines the global information infrastructure as including electromagnetic emissions; any equipment producing such emissions; communications systems; information technology systems and networks; and any data or technical information carried on, contained in, or relating to those emissions, that equipment, those systems, or those networks. CSE uses, analyzes, and disseminates the information for providing foreign intelligence in accordance with the Government of Canada’s intelligence priorities.
Table 10: Number of foreign intelligence reports issued, 2019–2023
CSE foreign intelligence reporting
2020 (#)
2021 (#)
2022 (#)
2023 (#)
Reports released
Not available
3,050
3,185
3,184
Departments and agencies
>25
28
26
28
Specific clients within departments and agencies
>2,100
1,627
1,761
2,049
Information relating to a Canadian or a person in Canada
Information relating to a Canadian or a person in Canada (IRTC) is information about Canadians or persons in Canada that may be incidentally collected by CSE while conducting foreign intelligence or cybersecurity activities under the authority of a ministerial authorization. Incidental collection refers to information acquired that CSE was not deliberately seeking and where the activity that enabled its acquisition was not directed at a Canadian or a person in Canada. According to CSE policy, IRTC is defined as any information recognized as having reference to a Canadian or person in Canada, regardless of whether that information could be used to identify that Canadian or person in Canada.
CSE was asked to release statistics or data about the regularity with which IRTC is included in CSE’s end-product reporting. CSE responded that this information “remains classified and cannot be published.”
Canadian-identifying information
CSE is prohibited from directing its activities at Canadians or persons in Canada. However, its collection methodologies sometimes result in incidentally acquiring such information. When such incidentally collected information is used in CSE’s foreign intelligence reporting, any part that potentially identifies a Canadian or a person in Canada is suppressed to protect the privacy of the individual(s) in question. CSE may release unsuppressed Canadian-identifying information (CII) to designated recipients when the recipients have the legal authority and operational justification to receive it, and when it is essential to international affairs, defence, or security (including cyber security).
Table 11: Number of requests for disclosure of Canadian-identifying information, 2021–2023
Type of request
2021 (#)
2022 (#)
2023 (#)
Government of Canada requests
741
657
1,087
Five Eyes requests
90
62
142
Non-Five Eyes requests
0
0
0
Total
831
719
1,229
In 2023, of the 1,229 requests received, CSE reported having denied 281 requests. By the end of the calendar year, 40 were still being processed.
CSE was asked to release the number of instances where CII is suppressed in CSE foreign intelligence or cyber security reporting. It indicated that this information “remains classified and cannot be published.”
Privacy incidents and procedural errors
A privacy incident occurs when the privacy of a Canadian or a person in Canada is put at risk in a manner that runs counter to, or is not provided for, in CSE’s policies. CSE tracks such incidents through its Privacy Incidents File, and for privacy incidents that are attributable to a second-party partner or a domestic partner, through its Second-Party Privacy Incidents File.
Table 12: Number of privacy incidents recorded by CSE, 2021–2023
Table 12: Number of privacy incidents recorded by CSE, 2021–2023
Type of incident
2021 (#)
2022 (#)
2023 (#)
Privacy incidents
96
114
107
Second-party privacy incidents
33
23
37
Non-privacy compliance incidents
Not available
Not available
28
Table 13: Number of privacy incidents that occurred under the foreign intelligence aspect of CSE’s mandate and recorded in 2023
Table 13: Number of privacy incidents that occurred under the foreign intelligence aspect of CSE’s mandate and recorded in 2023
Type of incident
2023 (#)
Privacy incidents
70
Second-party privacy incidents
37
Non-privacy compliance incidents
16
Table 14: Number of privacy incidents that occurred under the cybersecurity and information assurance aspect of CSE’s mandate and recorded in 2023
Table 14: Number of privacy incidents that occurred under the cybersecurity and information assurance aspect of CSE’s mandate and recorded in 2023
Type of incident
2023 (#)
Privacy incidents
37
Non-privacy compliance incidents
12
Cyber security and information assurance
Under section 17 of the CSE Act, CSE is mandated to provide advice, guidance, and services to help protect electronic information and information infrastructures of federal institutions, as well as those of non-federal entities that are designated by the Minister of National Defence as being of importance to the Government of Canada.
The Canadian Centre for Cyber Security (Cyber Centre) is Canada’s unified authority on cybersecurity. The Cyber Centre, which is a part of CSE, provides expert guidance, services, and education while working in collaboration with stakeholders in the private and public sectors. The Cyber Centre handles incidents in government and designated institutions that include:
reconnaissance activity by sophisticated threat actors;
phishing incidents (email containing malware);
unauthorized access to corporate IT environments;
imminent ransomware attacks; and
zero-day exploits, which involve exploration of critical vulnerabilities in unpatched software.
Table 15: Number of cyber incident cases opened by CSE, 2022 and 2023
Type of cyber incident
2022
2023
Federal institutions
1,070
977
Critical infrastructure
1,575
1,756
International
Not available
82
Total
2,645
2,815
Defensive and active cyber operations
Under section 18 of the CSE Act, CSE is mandated to conduct defensive cyber operations (DCO) to help protect electronic information and information infrastructures of federal institutions, as well as those of non-federal entities that are designated by the Minister as being of importance to the Government of Canada, from hostile cyber attacks.
Under section 19 of the CSE Act, CSE is mandated to conduct active cyber operations (ACO) against foreign individuals, states, organizations, or terrorist groups as they relate to international affairs, defence, or security.
CSE was asked to release the number of DCOs and ACOs approved, and the number carried out in 2023. CSE responded that this information “remains classified and cannot be published.”
Technical and operational assistance
As part of the assistance aspect of CSE’s mandate, CSE receives requests for assistance from Canadian law enforcement and security agencies, as well as from the Department of National Defence and the Canadian Forces (DND/CAF).
Table 16: Number of requests for assistance received and actioned by CSE, 2020–2023
Action
2020
2021
2022
2023
Approved
23
32
59
48
Not approved
1
3
0
0
Under review
Not available
Not available
0
2
Cancelled
Not available
Not available
1
0
Denied
Not available
Not available
2
1
Total received
24
35
62
53
Note: For 2020 and 2021, CSE was able to provide only the number of requests received and actioned. CSE advised, however, that it has since improved its internal tracking system for requests for assistance.
Other department reviews
Overview
In addition to the CSIS and CSE reviews above, NSIRA completed the following reviews of departments and agencies in 2023:
a review of the Canada Border Services Agency (CBSA);
a review of the Department of National Defence (DND) and the Canadian Armed Forces (CAF); and
NSIRA’s annual reviews of both the Security of Canada Information Disclosure Act and the Avoiding Complicity in Mistreatment by Foreign Entities Act, both of which involve a broader set of departments and agencies that make up the Canadian national security and intelligence community.
Canada Border Services Agency
Review of the CBSA’s Confidential Human Source Program
This review examined the legal and policy frameworks governing CBSA’s Confidential Human Source (CHS) program. The review had three areas of focus: the management and assessment of risk; CBSA’s discharge of its duty of care to its sources; and the sufficiency of ministerial direction and accountability in relation to the program. Together, these areas support CBSA’s ability to conduct its human source-handling activities lawfully, ethically, and with appropriate accountability.
The review reflects that, as an investigative tool used in support of CBSA’s mandate, the CHS Program rests on an adequate legal framework. However, the review found a number of gaps in the framework governing the program and was especially attentive to how CBSA manages the particular risks associated with the use of human sources without status in Canada. The review contains a number of findings that relate to CBSA’s risk management practices.
In two instances, NSRIA’s review concluded that CBSA’s activities may not be in compliance with the law. In the first, the review concluded through a detailed case study that CBSA may have twice breached the law of informer privilege by improperly disclosing information that might identify the human source. In this and another instance, NSIRA found that CBSA failed to inform the Minister of Public Safety of a human source activity that may have impacted the safety of an individual, as required by the Ministerial Direction on Surveillance and Confidential Human Sources. This constitutes non-compliance with subsection 12(2) of the CBSA Act.
NSIRA made six recommendations in this review. Collectively, they are meant to enhance the governance of the human source program to ensure CBSA is attentive to the welfare of its human sources across the full spectrum of activities. They also reflect NSIRA’s ongoing attention to the principle of ministerial accountability. Overall, NSIRA’s findings and recommendations reflect the level of maturity of CBSA’s program; although it has been operating for almost 40 years, the introduction of the policy suite specific to human sources is a relatively recent innovation. The review also reflects CBSA’s recent efforts to improve its program.
Department of National Defence and the Canadian Armed Forces
Review of DND/CAF’s Human Source Handling Program
This review examined whether DND/CAF conducts its human source-handling activities lawfully, ethically, and with appropriate accountability.
NSIRA found that DND/CAF’s policy framework allows human source-handling activities that may not be in compliance with the law. These risks arise particularly in relation to sources associated with terrorist groups. NSIRA recommended that Parliament enact a justification framework that would authorize DND/CAF and its sources to commit otherwise unlawful acts outside Canada, where reasonable for the collection of defence intelligence.
NSIRA found that DND/CAF’s risk assessment frameworks do not provide commanders with the accurate, consistent, and objective information they need to evaluate the risks of engaging with particular sources. NSIRA recommended that these frameworks be revised to ensure that all applicable risk factors are considered.
NSIRA found gaps in DND/CAF’s discharge of its duty of care to sources. Safeguarding processes were not always appropriately engaged; the complaints process was underdeveloped; and the risk posed to agents was, at times, insufficiently assessed. Measures to address these issues should be clearly operationalized in governance documents.
NSIRA found that the Minister of National Defence is not sufficiently informed on human source-handling operations to fulfill their ministerial accountabilities. The Minister should be aware of the legal, policy, and governance issues that may affect human source-handling operations.
NSIRA also found that further ministerial direction is required to support the governance of DND/CAF’s human source handling program. NSIRA recommended that the Minister issue ministerial direction to DND/CAF that will guide the lawful and ethical conduct of source-handling operations.
Multi-departmental reviews
Review of Operational Collaboration between CSE and CSIS
CSE and CSIS are two core pillars of Canadian intelligence collection, which means that effective collaboration between the departments is critical to national security. However, a tension exists between CSIS’s mandate, which authorizes collection and sharing of information about Canadians, and CSE’s core prohibition against directing its activities at Canadians. This is the first review that was able to access information from both departments and consider that tension.
NSIRA examined a sample of CSE and CSIS collaborative operational activities and information sharing, as well as collaboration between CSIS and CSE further to CSIS’s threat reduction measure (TRM) mandate. This satisfied NSIRA’s annual requirement under section 8(2) of the NSIRA Act to review an aspect of CSIS’s TRMs.
With respect to operational collaboration, including under CSIS’s TRM mandate, NSIRA found a lack of information sharing and proactive planning, as well as a failure on CSE’s part to properly account for and mitigate the risk of targeting Canadians when working with CSIS. NSIRA recommended some procedural changes to improve information flow, consultation, transparency, and accountability.
Concerning information sharing, NSIRA found that existing processes between the departments lacked guidance and accountability, and created risks of CSE targeting Canadians that were actualized in some instances. NSIRA recommended both departments establish policies, procedures, and analyst training. Additionally, NSIRA recommended that CSIS cease making requests to CSE pertaining to Canadians and consider the Canadian information it shares with CSE. NSIRA also recommended that CSE reconsider how it collects, retains, and reports Canadian information in certain scenarios and only use foreign lead information from CSIS reporting.
In this review, NSIRA found two cases of non-compliance with the law. Both involved CSE directing its activities at Canadians under its foreign intelligence mandate.
Review of federal institutions’ disclosures of information under the Security of Canada Information Disclosure Act in 2022
This review provided an overview of the use of the Security of Canada Information Disclosure Act (SCIDA) in 2022. In doing so, it documented the volume and nature of information disclosures made under the SCIDA, assesses compliance with the Act, and highlights patterns in its use across Government of Canada institutions and over time.
In 2022, four disclosing institutions made a total of 173 disclosures to five recipient institutions. NSIRA found that institutions complied with the SCIDA’s requirements for disclosure and record keeping in relation to the majority of these disclosures. Observed instances of non-compliance that were related to subsection 9(3), regarding the timeliness of records copied to NSIRA; subsection 5.1(1), regarding the timeliness of destruction or return of personal information; and subsection 5(2), regarding the provision of a statement on accuracy and reliability. These instances did not point to any systemic failures in Government of Canada institutions’ implementation of the Act.
NSIRA also made findings in relation to practices that, although compliant with the SCIDA, left room for improvement. NSIRA’s corresponding recommendations were designed to increase standardization across the Government of Canada in a manner that is consistent with the institutions’ demonstrated best practices and the Act’s guiding principles.
Overall, NSIRA observed improvements in reviewee performance compared to findings from prior years’ reports and over the course of the review. These improvements include corrective actions taken by reviewees in response to NSIRA’s requests for information in support of this review.
Review of departmental implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2022
This review assessed departments’ compliance with the Avoiding Complicity in Mistreatment by Foreign Entities Act (ACA) and their implementation of the ACA’s associated directions during the 2022 calendar year. Within this context, the review pursued a thematic focus on departments’ conduct of risk assessments, including the ways in which their methodologies may lead to a systematic under-assessment of the level of risk involved in an information-sharing transaction.
NSIRA’s findings and recommendations in this report reflect both developments and stagnations in departments’ implementation of the directions over time. NSIRA observed efforts to collaborate interdepartmentally and standardize certain practices across the Government of Canada. While these efforts reflect an improvement over past approaches, they fall short of the consistent framework for foreign information sharing government-wide envisioned by the Act. Additionally, NSIRA observed a number of practices that may lead departments to systematically under-assess the risks involved in contemplated information exchanges. Such under-assessments may in turn lead to information being exchanged, in contravention of the directions’ prohibitions.
NSIRA made five recommendations in this review. Collectively, they would ensure that all departments’ ACA frameworks reflect a degree of standardization commensurate with the spirit of the Act and its associated directions; and that these frameworks are designed to support compliance with the directions.
Complaint investigations
Overview
NSIRA is mandated to investigate national security-related public complaints. NSIRA complaint investigations are conducted with consistency, fairness, and timeliness. The agency’s public complaint mandate plays a critical role in ensuring that Canada’s national security and intelligence organizations are accountable to the Canadian public.
In 2022, NSIRA had committed to establishing service standards for the investigation of complaints, with the goal of completing 90 percent of investigations within its new service standards. These service standards were implemented and have been in effect since April 1, 2023, and set internal time limits for certain investigative steps for each type of complaint, under normal circumstances. NSIRA is pleased to report that for the period of April 1 to December 31, 2023, 100 percent of the service standards have been met across all investigation files subject to these service standards.
While remaining mindful of the interests of the complainant and the security imperatives of the organization, NSIRA established an independent verification process with CSE for new complaints filed under section 17 of the NSIRA Act. More specifically, after receiving a complaint, NSIRA must evaluate whether it is within NSIRA’s jurisdiction to investigate, based on conditions stated in the NSIRA Act. For complaints against CSE, just as with complaints against CSIS and the RCMP, NSIRA must be satisfied that the complaint against the respondent organization refers to an activity carried out by the organization and is not trivial, frivolous, or vexatious. This new independent verification process assists NSIRA in ascertaining its jurisdiction to investigate complaints filed against CSE.
NSIRA has developed a new internal tracking tool to ensure effective case management of complaint files.
NSIRA previously reported that it would improve its website to promote accessibility to the investigation of complaints. During the overhaul of its public-facing website in the fall of 2023, NSIRA amended its complaint forms to ensure that they meet WCAG 2.0 accessibility criteria and conformity requirements.
In 2023, NSIRA completed the last phase of a study jointly commissioned with the Civilian Review and Complaints Commission (CRCC) regarding the collection of race-based data and other demographic information. The study assessed the viability of the collection of identity-based and demographic data as part of the Government of Canada’s ongoing anti-racism initiatives.
In the course of this study, interviews were conducted with community members familiar with NSIRA, the CRCC, and the agencies they review. The study ultimately found that the collection of raced-based data was feasible.
The study also included recommendations in relation to the collection of race-based data as follows:
collection of race data from complainants and how to collect such data;
collection of other biographical data from complainants;
collection of race data about the staff police and intelligence organizations;
analysis of the collected data;
provision of the collected data to interested stakeholders, the general public, or both;
development of an advanced data analysis plan.
NSIRA welcomes the insights provided by the joint study and will closely review the recommendations to determine how they might be implemented by NSIRA. The collection of race-based and other demographic data in the national security and intelligence space is an entirely novel area. The study’s literature review highlighted that this type of race-based and other demographic data collection has never been done before in the national security and intelligence space in Canada, or by any of Canada’s international partners. NSIRA and the CRCC will continue to collaborate on this important initiative by determining potential implementation strategies.
Ongoing initiatives
In 2023, NSIRA began revising its Rules of Procedure to refine the procedures governing its complaints investigations. This revision will continue in 2024 with the support of the Secretariat in ensuring that the agency’s obligations provided for in its Accessibility Plan are met.
Part of the revisions to NSIRA’s procedures in 2024 will be to review the privacy statement included in its complaint forms to ensure greater transparency about how the information submitted to NSIRA by complainants will be used in NSIRA’s investigations.
Investigation summaries
Final reports issued
Investigation concerning allegations against CSIS (NSIRA File 07-403-45)
The complainant alleged that CSIS agents interacted with them on multiple occasions and claimed that those interactions amounted to illegal arrests and detentions; that the agents illegally intimidated them by claiming that they would deport them to Guantanamo Bay; and that the Service erroneously applied the Privacy Act in refusing to provide documents the complainant claims they were coerced into signing under duress during one of the above-noted interactions.
Upon reviewing all of the evidence presented by the parties and available information, NSIRA observed that the complainant never had any interactions with CSIS. NSIRA found that none of their allegations could be substantiated.
Allegations against CSIS for travel difficulties, harassment, and discrimination (NSIRA File 07-403-23)
The complainant alleged that, following an overseas trip, they experienced difficulties travelling internationally, which they believed were attributable to CSIS and CSIS’ sharing of information with the governments of foreign countries. The complainant claimed that CSIS had placed them on a “blacklist” as a member of the Islamic State of Iraq and Syria. They further alleged that CSIS harassed them and discriminated against them on the basis of race, ethnic origin, and religion.
At the time of the complainant’s trip, certain countries were regularly being used by extremist travellers from North America and Europe as intermediate destinations to access Islamic State of Iraq and the Levant-controlled territory.
The complainant’s family was interviewed by CSIS to gain information about the complainant, their beliefs, and possible intentions. The complainant considered this interaction to have been an inappropriate and wrongful interrogation of members of their family.
Upon review of all of the evidence, NSIRA found the activities of CSIS in this matter to have been lawful and reasonable. While investigative steps were conducted by CSIS, there was no evidence suggesting that CSIS placed the complainant on a blacklist or that information pertaining to the complainant was shared improperly. Similarly, the allegation that CSIS was responsible for the complainant’s travel difficulties was found to be unsubstantiated. The source of the complainant’s travel difficulties may lie outside of Canadian authorities, and thus beyond the scope of NSIRA’s jurisdiction.
NSIRA concluded that CSIS conducted an interview with the complainant’s parent at their home and with other family members present, during which their parent participated voluntarily and expressed their willingness to be of further assistance if required. The basis for conducting this interview was found to be reasonable and NSIRA did not find any evidence of inappropriateness, intimidation, wrongdoing, or harassment.
NSIRA did not find an evidentiary basis to support the allegations of harassment and of discrimination on the basis of racial, ethnic origins, or religion by CSIS against the complainant.
The complainant’s allegations were found to be unsupported.
Allegations against CSIS regarding criminal activity conducted by a CSIS Agent (NSIRA File 07-403-39)
The complainant alleged that a CSIS agent invaded their house and stated that they were an intelligence officer in operation. According to the complainant, the CSIS agent physically assaulted them, video recorded the complainant while the complainant was undressed, and threatened to kill them. The complainant further alleged that the Service is trying to silence them.
Upon a review of all of the evidence, it became clear that the complainant’s own conduct brought them to the attention of CSIS. They first communicated with CSIS and raised complaints regarding an individual. These allegations were received and considered by CSIS, which acted on the complaints to determine whether the individual named by the complainant was affiliated with CSIS. Based on a review of the documents submitted by CSIS, NSIRA determined that the individual alleged by the complainant to be a CSIS Agent was not a CSIS employee or otherwise involved with CSIS.
NSIRA further found that as part of the Service’s activities conducted in relation to the complainant, CSIS collected limited information on the complainant. NSIRA concluded that the collection of the complainant’s personal information was justified by CSIS’ mandate.
NSIRA concluded that the CSIS’ activities in relation to the complainant after they came to their attention were lawful and reasonable in the circumstances.
Allegations against CSIS regarding a citizenship security screening interview (NSIRA File 07-403-65)
The complainant had applied for Canadian citizenship and was subsequently required to attend an interview with CSIS. The complainant attended this interview with their lawyer. The complainant alleged that the CSIS officers who conducted the interview:
denied them and their lawyer the right to record and take notes of the interview;
violated past SIRC recommendations by not recording the interview themselves;
interacted with the complainant’s lawyer in an intimidating manner, and did not allow the lawyer to interject or to interrupt;
did not provide an adequate translation service; and
lacked cultural sensitivity during the interview, used inappropriate interview tactics, chose discussion points that created unnecessary tension, and behaved improperly.
Upon considering all of the evidence, NSIRA found that the CSIS officers erred in denying the complainant and their counsel the opportunity to take notes that they could take from the premises. CSIS acknowledged that this practice was no longer in place. NSIRA recommended that CSIS adjust its governing policy to make clear that the interviewee and their representative may take and retain notes from interviews.
NSIRA commented that since 2000, numerous SIRC reports and decisions have recommended that CSIS record immigration security screening interviews. However, CSIS did not consistently record such interviews at the time of the complainant’s interview. CSIS indicated that efforts to require recording of all immigration interviews in its written procedures was in progress. NSIRA recommended that CSIS proactively record interviews in immigration and citizenship matters, and that CSIS retain this recording at least until a decision is made by Immigration, Refugees and Citizenship Canada (IRCC) on CSIS’ advice. In the event that CSIS provides a negative conclusion, the recording should be kept until the immigration status is determined and for the period of any appeal of that determination.
Given that the complainant was unable to retain notes from the interview and that no recording of the interview existed, NSIRA was unable to make findings on most of the improper statements that the CSIS interviewer was alleged to have made. However, one statement in particular, which was an English idiom that the CSIS officer acknowledged using, was found to be unnecessary and counterproductive, as it risked compounding tension in the interview and may not have had a reasonable, literal translation in the language spoken by the complainant.
CSIS indicated and NSIRA agreed that counsel to an interviewee has a role in, but not control of, the interview process. An interview subject’s lawyer is not limited to passive silence, but also must not act in a manner that impairs the Service’s ability to perform its mandate. To this end, it is not open to counsel to lead witnesses or have an intrusive role in questioning. NSIRA noted, however, that it is proper for counsel to raise concerns about interpretation or to suggest clarifying questions. These concerns are to be posed during a pause or in some other pre-organized manner that does not disrupt the questioning. NSIRA recommended, therefore, that CSIS articulate within its own operating procedure the role of counsel (or other third parties) in the manner elaborated above, and that it communicates these expectations in advance to those attending an interview.
Finally, to remedy these errors, NSIRA recommended that CSIS convene a second interview attended by different officers and a different interpreter. Given the irregularities in the first interview and the resulting concern that it may contain inaccuracies, NSIRA further recommended that in completing its assessment and in providing advice to the IRCC, CSIS avoid giving weight to the results of the first interview.
Allegations against the RCMP for failure to return seized items (NSIRA File 07-407-08)
The complainant filed a complaint against the RCMP alleging that it failed to return property that was seized from their office, resulting from an RCMP investigation into a terrorist plot. The complainant further alleged that the RCMP damaged his property.
Upon considering the facts and timeline of the RCMP’s investigation that resulted in the seizure of the complainant’s property, NSIRA found that the property was properly detained, pursuant to the provisions of the Criminal Code and in accordance with RCMP policy.
NSIRA further found that there was no evidence that would permit to conclude that the complainant’s property was damaged by the RCMP during and after the seizure.
The complainant’s allegations were found to be unsupported.
Allegation that the RCMP failed to investigate threats against the Complainant and their family made by a foreign government (NSIRA File 07-407-04)
The complainant came to Canada as a refugee fleeing violent persecution. As a result of litigation against their former employer, who was linked to the government of a foreign state, the complainant alleged that they had been the victim of death threats from their former employer and government officials of the country from which they had fled. The complainant believed these threats to be credible, as they were often accompanied by contemporaneous details, such as the complainant’s clothing during a particular outing and the location they attended. The complainant believed that representatives of the aforementioned government employed at the country’s embassy in Canada were assisting in the surveillance of the complainant and their family, including their children while at school.
The complainant alleged that the RCMP failed to conduct a complete investigation into incidents involving threats, including death threats, made against the complainant and their family, and that these decisions by the RCMP were improperly influenced by foreign individuals.
The evidence provided by the RCMP demonstrated that it took the necessary steps to review the information submitted by the complainant, but determined that there were insufficient grounds for the RCMP to continue their investigation of the foreign influence aspects of the threats. However, the local police force was the police of jurisdiction for investigating the criminal harassment, threats, and safety concerns related to the complainant. The RCMP advised this police force that information collected by the RCMP would be turned over to them, and asked to be notified should the local police force identify someone in Canada working on behalf of a foreign government to threaten or intimidate the complainant. NSIRA found the RCMP’s initial investigation to be reasonably thorough and their ultimate decision to be a justifiable exercise of police discretion.
Furthermore, there was no evidence before NSIRA to support the complainant’s allegation that the RCMP’s decision to discontinue their investigation was improperly influenced by foreign individuals.
The complainant’s allegations were found to be unsupported.
Allegations against the RCMP in relation to the treatment of family members as part of a tactical operation (NSIRA File 07-407-05)
The RCMP arrested the complainant at his home on terrorism-related charges. In the course of the operation, the complainant’s family members were handcuffed. It was the complainant’s position that this was improper and that the RCMP officers did not utilize their cultural sensitivity training.
NSIRA found that:
The officers securing the complainant’s residence and whose conduct gave rise to this complaint were members of other police forces and not RCMP members.
Given the police had, at the time, reasonable grounds to believe that the premises might have contained unsecured and dangerous weapons, the initial detention of the complainant’s family members by using handcuffs was not arbitrary. However, as soon as the officers had control of the scene, the use of handcuffs was no longer appropriate. It followed that the family members were arbitrarily detained within the meaning of section 9 of the Charter.
Considering the cultural sensitivity briefing that was provided by the RCMP to the investigators taking part in the operation did address the essential consideration, there was no act or omission by the RCMP that raised the risk of culturally insensitive conduct.
NSIRA determined that, although the RCMP assumed a general supervisory role over the execution of the operation, they depended on the professionalism of the other police forces in planning and executing a dynamic search. Given that the conduct of the other police officers who participated in the search could not be attributed to the RCMP, no findings or recommendations were made for the RCMP in keeping with NSIRA’s jurisdiction.
Other Outcomes
Allegations against CSIS’s role in delaying security assessment regarding immigration or citizenship applications (NSIRA Files 07-403-81, 07-403-87, 07-403-100)
The complainants filed complaints against CSIS, alleging that the Service caused a significant delay in submitting the security assessment for their immigration or citizenship applications. During the investigations, NSIRA inquired about whether CSIS could provide updates with respect to their involvement in the respective processes. The Service provided letters to NSIRA that could be shared with the complainants advising them that CSIS had completed its assessment in the security screening process. As the complainants’ main allegations were in relation to the delay in the security screening, the matters were informally resolved in accordance with Rule 10.10 of NSIRA’s Rules of Procedure and the files were closed.
Allegations against the CSE regarding the discrimination of an employment applicant (NSIRA File 07-406-07)
The complainant filed a section 17 complaint regarding their employment application with CSE. More specifically, upon completing a student term contract with CSE and receiving a verbal offer for a further contract, CSE decided not to renew the complainant’s employment. The complainant alleged that this decision from CSE was based on their ethnicity. Despite the Chief of CSE having received a letter of complaint from the complainant, CSE notified NSIRA that its notification letter constituted their first notice of the complaint and requested that the matter be placed in abeyance (on hold). After completing an internal investigation of the complainant’s allegations (independent of NSIRA’s complaints process), CSE and the complainant began discussions toward a settlement. The parties ultimately reached a settlement and notified NSIRA accordingly. The complaint was informally resolved pursuant to Rule 10 of NSIRA’s Rules of Procedure prior to NSIRA rendering a decision on its jurisdiction to investigate this matter.
Allegations against the RCMP for failure to investigate a complaint (NSIRA File 07-407-10)
This complaint was referred to NSIRA by the Civilian Review and Complaints Commission (CRCC) for the RCMP, pursuant to subsection 45.53(4.1) of the RCMP Act. The complaint alleged that the RCMP failed to investigate individuals allegedly participating in a militia group. NSIRA tried to establish contact with the complainant several times to proceed with its investigation. NSIRA found that reasonable attempts had been made to communicate with the complainant and that the agency had exhausted all options. Accordingly, NSIRA issued reasons that the complaint had been abandoned, as per NSIRA’s Rules of Procedure. The complaint investigation file was closed.
Statistics on complaints investigations
Investigations progressed at significant levels in 2023 (see Annex C). NSIRA concluded several investigations and issued seven final reports. Additionally, four files were informally resolved in accordance with Rule 10 of NSIRA’s Rules of Procedure.
In 2023, NSIRA observed an increase of complaints against CSIS, pursuant to section 16 of the NSIRA Act, alleging process delays in immigration or citizenship security screening. Of note, under sections 14 and 15 of the CSIS Act, CSIS provides security advice to IRCC and CBSA to guide determinations with respect to whether citizenship or immigration applicants are threats to the security of Canada. While CSIS is committed to performing its security screening mandate in a timely manner, there is no standard for time allotted. In the 2023 calendar year, out of the six complaints over which NSIRA assumed jurisdiction under section 16 of the NSIRA Act, five pertained to allegations of delays that complainants attributed to CSIS’s security screening activities.
Conclusion
The comprehensive reviews and investigations NSIRA conducted in 2023 underscore the agency’s dedication to transparency and accountability. This work has provided constructive recommendations to enhance the operational practices and policy frameworks of Canada’s important national security and intelligence actors.
NSIRA recognizes the persistent and evolving nature of security threats, which necessitates adaptive and proactive approaches by Canada’s security and intelligence agencies. NSIRA is likewise committed to continually refining its methodologies, embracing technological advancements, and strengthening its analytical capabilities to keep pace in a rapidly changing world. NSIRA will continue to engage with domestic and international security and intelligence review partners to improve its practices and foster better public understanding of its work and the value it provides.
NSIRA is driven by its role as the trusted eyes and ears of Canadians within the otherwise closed domain of national security and intelligence, providing the critical function of enhancing transparency and accountability. NSIRA’s vision, mission, and values reflect this commitment and will guide NSIRA’s work at it looks to the future.
Annexes
Annex A: Abbreviations
Abbreviations and Full Names
Abbreviation
Full Name
ACA
Avoiding Complicity in Mistreatment by Foreign Entities Act
ACO
active cyber operations
CAF
Canadian Armed Forces
CBSA
Canada Border Services Agency
CHRC
Canadian Human Rights Commission
CHS
Confidential Human Source (program)
CII
Canadian-identifying information
CRA
Canada Revenue Agency
CRCC
Civilian Review and Complaints Commission for the RCMP
CSE
Communications Security Establishment
CSIA
Cybersecurity and information assurance
CSIS
Canadian Security Intelligence Service
CTIVD Netherlands
Dutch Review Committee on the Intelligence and Security
Cyber Centre
Canadian Centre for Cyber Security
DCO
defensive cyber operations
DFO
Department of Fisheries and Oceans
DND
Department of National Defence
EOS Norway
Norwegian Parliamentary Oversight Committee on Intelligence and Security Services
FINTRAC
Financial Transactions and Reports Analysis Centre of Canada
FIORC
Five Eyes Intelligence Oversight and Review Committee
GAC
Global Affairs Canada
GC
Government of Canada
HUMINT
Human Intelligence
IC IG US
United States of America’s Inspector General of the Intelligence Community
IGIS Australia
Australia’s Inspector-General of Intelligence and Security
IGIS New Zealand
New Zealand’s Inspector-General of Intelligence and Security
IPCO UK
United Kingdom’s Investigatory Powers Commissioner’s Office
IRCC
Immigration, Refugees and Citizenship Canada
IRTC
information relating to a Canadian or a person in Canada
IT
information technology
MD
Ministerial Direction
NBS
network-based solutions
NDA
National Defence Act
NSICOP
National Security and Intelligence Committee of Parliamentarians
NSIRA
National Security and Intelligence Review Agency
OA-IA
Independent Oversight Authority for Intelligence Activities of Switzerland
PCLOB US
United States Privacy and Civil Liberties Oversight Board
PCO
Privy Council Office
PKGr
German Parliamentary Oversight Panel
PS
Public Safety Canada
RAD
Review and Analysis Division
RCMP
Royal Canadian Mounted Police
REP
reasonable expectation of privacy
SCIDA
Security of Canada Information Disclosure Act
SIRC
Security and Intelligence Review Committee
SSC
Shared Services Canada
TBS
Treasury Board of Canada Secretariat
TC
Transport Canada
TET Denmark
Danish Intelligence Oversight Board
the Standard
Standard on Security Screening
TRM
threat reduction measure
UNCTED
United Nations’ Counter-Terrorism Executive Directorate
Abréviations et Noms Complets
Abréviation
Nom Complet
AMC
Affaires mondiales Canada
ARC
Agence du revenu du Canada
ARVP
Attente raisonnable en matière de droit à la vie privée
ASFC
Agence des services frontaliers du Canada
AS-Rens
Autorité de surveillance indépendante des activités de renseignement
BCP
Bureau du Conseil Privé
CANAFE
Centre d’analyse des opérations et déclarations financières du Canada
CCC
Centre canadien pour la cybersécurité
CCDP
Commission canadienne des droits de la personne
CCETP
Commission civile d’examen et de traitement des plaintes relatives à la Gendarmerie royale du Canada
COA
Cyberopérations actives
COD
Cyberopérations défensives
CPSNR
Comité des parlementaires sur la sécurité nationale et le renseignement
CSAI
Cybersécurité et assurance de l’information
CSARS
Comité de surveillance des activités de renseignement de sécurité
CSERGC
Conseil de surveillance et d’examen du renseignement du Groupe des cinq
CST
Centre de la sécurité des télécommunications
CTIVD Pays-Bas
Commission néerlandaise de contrôle des services de renseignement et de sécurité
DECT
Direction exécutive du Comité contre le terrorisme des Nations Unies
DRA
Division de la recherche et de l’analyse
EOS Norvège
Commission parlementaire norvégienne de contrôle des services de renseignement et de sécurité
FAC
Forces armées canadiennes
GRC
Gendarmerie royale du Canada
HUMINT
Renseignement humain
IC IG É.-U.
Inspecteur général de la communauté du renseignement des États-Unis d’Amérique
IGIS Australie
Inspecteur général du renseignement et de la sécurité de l’Australie
IGIS Nouvelle-Zélande
Inspecteur général du renseignement et de la sécurité de la Nouvelle-Zélande
INC
Information nominative sur un Canadien
IPCO R.-U.
Bureau du commissaire aux pouvoirs d’enquête du Royaume-Uni
IRCC
Immigration, Réfugiés et Citoyenneté Canada
IRCPC
Information qui se rapporte à des Canadiens ou à des personnes au Canada
la Norme
Norme sur le filtrage de sécurité
LCISC
Loi sur la communication d’information ayant trait à la sécurité du Canada
LCMTIEE
Loi visant à éviter la complicité dans les cas de mauvais traitements infligés par des entités étrangères
MND
Ministère de la Défense nationale
MPO
Ministère des Pêches et des Océans
MRM
Mesure de réduction de la menace
OSSNR
Office de surveillance des activités en matière de sécurité nationale et de renseignement
PCLOB É.-U.
Conseil de surveillance de la vie privée et des libertés civiles des États-Unis
PKGr
Comité de surveillance parlementaire de l’Allemagne
SCRS
Service canadien du renseignement de sécurité
SCT
Secrétariat du Conseil du Trésor du Canada
SHC
(Programme) des sources humaines confidentielles
SP
Sécurité publique Canada
SPC
Services partagés Canada
SR
Solutions réseau
TC
Transports Canada
TET Danemark
Conseil danois de surveillance des services de renseignement
TI
Technologie de l’information
Annex B: Review findings and recommendations
This Annex lists the full findings and recommendations of NSIRA’s reviews that were completed in 2023. In certain instances, original language has been redacted and replaced with summary language designated by [*summary*]. Once redacted, full reviews and available government responses to recommendations are published on NSIRA’s website.
Canadian Security Intelligence Service review
Review of CSIS Dataset Regime
NSIRA’s findings
NSIRA found that CSIS’s current application of the dataset regime is inconsistent with the statutory framework.
NSIRA found that CSIS’s current approach to dataset information collection under section 12 risks the creation of a parallel collection mechanism, one that weakens section 12’s statutory thresholds and at the same time lacks the external oversight regime intended to protect personal information under the dataset regime.
NSIRA found that CSIS failed to fully apprise the Court on their interpretation and application of the dataset regime. CSIS should have sought clarification from the Court as to its views on the precise conduct permissible prior to invocating the dataset regime.
NSIRA found that when conducting queries in exigent circumstances, CSIS retained information that did not meet the section 12 strictly necessary threshold.
NSIRA found that the lack of explicit time limits in section 11.17 of the dataset provisions governing foreign datasets has resulted in datasets being retained for multiple years pending a decision by the Minister or Minister’s designate (the CSIS Director).
NSIRA found that CSIS runs the risk of collecting information that is publicly available but for which there may be a reasonable expectation of privacy.
NSIRA found that CSIS’s policies governing the collection and retention of Canadian and foreign datasets do not align with its current interpretation of the dataset regime.
NSIRA found that CSIS does not have a policy governing the handling of transitory information. In addition, the existing Interim Direction [***] does not provide employees with sufficient instruction, which may result in CSIS retaining information that would otherwise be subject to the dataset regime.
NSIRA found that CSIS information management practices are responsible for multiple compliance incidents and currently create duplicates of datasets within CSIS’s systems.
NSIRA found that, as of August 2023, CSIS did not comply with the dataset provisions in the CSIS Act because it retained Canadian information extracted from foreign datasets, and foreign information amounting to a dataset.
NSIRA found that CSIS did not comply with the dataset provisions in the CSIS Act because it retained Canadian information and referenced it as recently as 2022. This information should have been destroyed upon coming into force of the NSA 2017, in July 2019.
NSIRA found that CSIS has not exhaustively scanned all of its systems to identify information that is subject to the dataset regime so that it may be processed in a compliant manner.
NSIRA found that the training required to become a designated employee to evaluate, query, and exploit section 11.01 datasets offers clear information on the collection and retention requirements.
NSIRA found that CSIS operational personnel, including those predominantly dealing with bulk information collection, have not received adequate training allowing them to identify when collected information may fall within the dataset regime.
NSIRA found that CSIS has not prioritized resourcing the technical unit responsible for the evaluation, querying, and exploitation of Canadian and foreign datasets.
NSIRA found that CSIS has not devoted sufficient resources to improving the current technical systems or developing new ones that are equipped to support bulk data use.
NSIRA found that CSIS collected information in relation to activities that could not on reasonable grounds be suspected to have constituted a threat to the security of Canada and the collection, analysis, and retention of which was not strictly necessary.
NSIRA’s Recommendations
Details
Recommendation 1: NSIRA recommends that in the next judicial authorization application for a Canadian dataset CSIS put its current position on the application of the dataset regime before the Court, including any use of the information prior to the decision to retain under the dataset regime.
Recommendation 2: NSIRA recommends that CSIS immediately destroy any record containing names retained pursuant to the exigent circumstances queries, as they do not meet the strictly necessary threshold.
Recommendation 3: NSIRA recommends that Parliament legislates a time limitation for the authorization of a foreign dataset by the Minister or Minister’s designate.
Recommendation 4: NSIRA recommends that CSIS meaningfully analyze and document any possible reasonable expectation of privacy when evaluating publicly available datasets.
Recommendation 5: NSIRA recommends that CSIS develop:
Guidelines regarding the implementation of section 6 of the Interim Direction on [**redacted**] that also include consideration of how the Direction’s retention rule is to be reconciled with the 90 day evaluation period in the dataset regime; and
A policy governing the handling of transitory information.
Recommendation 6: NSIRA recommends that CSIS cease to create duplicates of the information reported in the operational system.
Recommendation 7: NSIRA recommends that CSIS immediately destroy Canadian and foreign dataset information that is not strictly necessary to retain. This information no longer falls within the legal 90 day evaluation period and retaining it pursuant to the dataset regime is no longer a possibility.
Recommendation 8: NSIRA recommends that CSIS conduct an exhaustive scan of its operational and corporate repositories to identify and destroy any non-compliant information.
Recommendation 9: NSIRA recommends that CSIS develop and deliver scenario-based workshops to train operational personnel on CSIS’s current application of the dataset regime so that they can engage subject matter experts as necessary.
Recommendation 10: NSIRA recommends that CSIS prioritize resourcing the technical unit responsible for the evaluation, querying, and exploitation of Canadian and foreign datasets.
Recommendation 11: NSIRA recommends that CSIS prioritize the improvement of current technical systems or development of new systems, equipped to support compliant bulk data use.
Recommendation 12: NSIRA recommends that CSIS immediately destroy the case study dataset it collected pursuant to section 12, as it does not meet the statutory thresholds. This information no longer falls within the legal 90 day evaluation period and retaining it pursuant to the dataset regime is no longer a possibility.
Recommendation 13: NSIRA recommends that CSIS share the full unredacted copy of this report with the Federal Court.
Communications Security Establishment reviews
Review of CSE’s Use of the Polygraph in Security Screening
NSIRA’s findings
NSIRA found that CSE’s governance of the use of the polygraph for security screening inadequately addresses privacy issues.
NSIRA found that CSE did not conduct a Privacy Impact Assessment related to its use of the polygraph for security screening.
NSIRA found that CSE may not have considered whether all information collected during the polygraph is directly related or necessary to the assessment of loyalty to Canada or criminality, as required by the Privacy Act and the Directive on Privacy Practices.
NSIRA found that polygraph examiners applied an ad hoc approach as they assessed medical information collected during the polygraph.
NSIRA found that CSE may not have complied with section 7 of the Privacy Act by using information collected during polygraph exams for suitability and hiring decisions without the consent of the subject.
NSIRA found that CSE provides subjects with information that overstates the reliability and validity of the polygraph prior to obtaining consent.
NSIRA found that, in some instances, the way in which CSE conducted polygraph exams risked prompting subjects to fabricate information in an effort to clear themselves when faced with an unfavourable polygraph assessment.
NSIRA found instances where CSE’s quality control practices for polygraph exams were not always consistent with CSE policy.
NSIRA found that approximately 20% of security files from the sample reviewed were missing audiovisual recordings of polygraph exams.
NSIRA found that in all cases, when initial polygraph exam results indicated deception or were inconclusive, CSE’s practice was to conduct multiple polygraph exams rather than a resolution of doubt process as provided for under the Standard.
NSIRA found that the polygraph had an inordinate importance in security screening decision-making at CSE and other less-intrusive security screening activities were under-used or not used at all.
NSIRA found that the polygraph was de facto determinative in security screening decisions at CSE.
NSIRA found that CSE’s security screening decision-making may not comply with record-keeping requirements of the Standard on Security Screening.
NSIRA found that CSE’s use of the polygraph in security screening decisions makes more uncertain the opportunity to challenge denials of security clearances pursuant to the NSIRA Act and the Standard.
NSIRA found that TBS did not adequately consider privacy or Charter implications when it included the polygraph as a security screening activity under the Standard on Security Screening.
NSIRA found that the Standard on Security Screening insufficiently addresses Charter and privacy implications related to the use of the polygraph.
NSIRA found that the Government of Canada’s current use of the polygraph for security screening in the manner described in this review may raise serious concerns in relation to the Canadian Charter of Rights and Freedoms.
NSIRA’s Recommendations
Details
Recommendation 1: NSIRA recommends that the Treasury Board of Canada urgently remedy the issues identified by this review related to the legality, reasonableness and necessity of the use of the polygraph for security screening in Canada, or remove it from the Standard on Security Screening.
Recommendation 2: NSIRA recommends that CSE urgently remedy the issues identified by this review, including Charter and Privacy Act compliance, or cease conducting polygraph exams for security screening.
Review of CSE’s Network-based solutions and related Cybersecurity & Information Assurance activities
NSIRA’s findings
NSIRA found that CSE operates a comprehensive and integrated ecosystem of cybersecurity systems, tools, and capabilities to protect against cyber threats, with a design that incorporates measures meant to protect the privacy of Canadians and persons in Canada.
NSIRA found that CSE treated all network-based solutions (NBS) information as information related to a Canadian or a person in Canada (IRTC), and applied measures intended to protect privacy to all NBS-acquired information.
NSIRA found that information acquired through NBS will, by its nature, always include information related to a Canadian or person in Canada (IRTC) and is certain to include some information for which there is a reasonable expectation of privacy (REP) of a Canadian or person in Canada. This was not transparently communicated in corresponding applications to the Minister.
NSIRA found that, due to a lack of clarity in its relationship with SSC, CSE did not obtain consent from system owners for its cybersecurity and information assurance activities in the way described to the Minister.
NSIRA found that SSC was not fully aware of its responsibilities as a system owner, as described in CSE’s applications to the Minister.
NSIRA found that, despite the existence of a Memorandum of Understanding between CSE and SSC, there was a lack of clarity between the organizations on the implementation of agreed-upon commitments about NBS activities on networks operated by SSC.
NSIRA found that CSE did not explain to the Minister why consent to CSE’s cybersecurity activities could not reasonably be obtained from users of Government of Canada systems.
NSIRA found that CSE’s narrow application of subsection 22(4) of the CSE Act introduces legal and accountability risks and resulted in CSE acquiring information that may interfere with a reasonable expectation of privacy of a Canadian or person in Canada. This information was from a source acquired outside of the scheme of Ministerial authorizations.
NSIRA found that an incongruence between subsections 27(1) and 22(4) of the CSE Act prevents CSE from acquiring certain information from [*specific type of*] sources such as [*specific information source*], where this information interferes with the reasonable expectation of privacy of a Canadian or person in Canada. Some of this information would enhance CSE’s ability to fulfill its cybersecurity and information assurance mandate.
NSIRA’s Recommendations
Details
Recommendation 1: NSIRA recommends that CSE clearly explain, in its applications to the Minister, that:
Network-based solutions acquire information relating to a Canadian or a person in Canada (IRTC), including information that interferes with the reasonable expectation of privacy (REP) of Canadians or persons in Canada; and,
CSE subsequently uses, analyses, and retains this information for use in cybersecurity and information assurance activities.
Recommendation 2: NSIRA recommends that CSE renew its Memorandum of Understanding with SSC to ensure CSE and SSC meet their respective commitments, including any that CSE makes to the Minister regarding SSC’s role in informing system owners about the NBS program.
Recommendation 3: NSIRA recommends that CSE update Memoranda of Understanding with all of its cybersecurity partners, to ensure these partners have consented to CSE cybersecurity activities, and to ensure these arrangements reflect, and conform to, contemporary governance authorities. CSE should continue these updates, as a standard practice, as authorities evolve.
Recommendation 4: NSIRA recommends that CSE explain to the Minister how consent to CSE’s cybersecurity activities is obtained from users of Government of Canada systems, or otherwise explain why this consent could not reasonably be obtained.
Recommendation 5: NSIRA recommends that CSE reconsider whether limits on the acquisition by CSE of information from the global internet infrastructure (as per subsection 22(4) of the CSE Act) apply to information [*specific source of information*] sources.
This should include an assessment of whether section 8 of the Charter of Rights and Freedoms may be engaged, as well as cases where [*specific source of information*] sources may contain information that interferes with the reasonable expectation of privacy of a Canadian or person in Canada.
Recommendation 6: NSIRA recommends that, in order to continue these acquisition activities that are necessary for cybersecurity and information assurance (CSIA) purposes, CSE assess its current sources of CSIA information—that are acquired outside of an Authorization—for interference with the reasonable expectation of privacy of a Canadian or person in Canada.
This assessment should be repeated as required to ensure such information is not acquired without a valid Ministerial authorization.
Recommendation 7: NSIRA recommends that section 27 of the CSE Act be amended to permit the Minister to authorize CSE to acquire information that is necessary for CSE’s cybersecurity and information assurance aspect (but which may contain information that interferes with the reasonable expectation of privacy of a Canadian or person in Canada, or contravene an Act of Parliament), from sources other than federal information infrastructures and systems of importance to the Government of Canada.
Canada Border Services Agency review
Review of the CBSA’s Confidential Human Source Program
NSIRA’s findings
NSIRA found that CBSA policy does not require any documented approval or a documented assessment of the risks of using a CHS outside of the registration process.
NSIRA found that there was incomplete documentation in the preregistration period such that the CHS Program is impeded from monitoring the full spectrum of CHS Program activities.
NSIRA found that CBSA’s policies and practices around obtaining informed consent are insufficient to ensure that it is obtained systematically, and before individuals incur the risks of providing information in confidence to CBSA.
NSIRA found that measures to mitigate risks to CHSs are often not present or implemented.
NSIRA found that CBSA may have breached the law of informer privilege in two instances.
NSIRA found that Inland Enforcement Officers collected information and promised confidentiality, but did so without training under the applicable policy to support a proper understanding of the consequences of extending confidentiality.
NSIRA found that CBSA’s approach to risk management in their new policy suite does not fully align with principles in the MD.
NSIRA found that the information CBSA will provide to the Minister as required by Ministerial Direction is not sufficient to convey the size and scope of the Confidential Human Source Program.
NSIRA found that in two cases the CBSA did not comply with subsection 12(2) of the CBSA Act in that it failed to follow the MD’s requirement to inform the Minister when there was a Confidential Human Source activity that “may have significant adverse impact such as impacting the safety of an individual”.
NSIRA’s Recommendations
Details
Recommendation 1: NSIRA recommends that CBSA amends its policy to require a documented risk assessment and formal approval for using a CHS in the preregistration period.
Recommendation 2: NSIRA recommends that CBSA require that the interview checklist be administered no later than when the promise of confidentiality is extended.
Recommendation 3: NSIRA recommends that CBSA provide guidance as to how obtaining informed consent should be tailored to the individual circumstances of the CHS.
Recommendation 4: NSIRA recommends that CBSA put in place specific guidance on how to mitigate the full range of risks to CHSs and ensure that those mitigation measures are implemented.
Recommendation 5: NSIRA recommends CBSA expand its definition of active Confidential Human Source so that reporting to the Minister covers the breadth of the CHS program.
Recommendation 6: NSIRA recommends that CBSA immediately notify the Minister of the two cases identified in this review where safety of an individual is at issue.
Department of National Defence and the Canadian Armed Forces Review
Review of DND/CAF’s Human Source Handling Program
NSIRA’s findings
NSIRA found that DND/CAF’s policy framework allows human source handling activities that may not be in compliance with the law.
NSIRA found that DND/CAF policy is insufficiently specific with respect to recognizing and avoiding mistreatment risks created by human source handling activities.
NSIRA found that DND/CAF’s risk assessment framework for human source handling operations is inadequate. The current assessments of risk do not provide adequate or reliable information to decision-makers because they:
are overly subjective;
do not present mitigated and unmitigated risks clearly;
conflate risks; and
narrowly focus the considerations of certain risks at the expense of others.
NSIRA found gaps in the discharge of DND/CAF’s duty of care from engagement of the human source to disengagement. These gaps include:
a safeguard process that is not appropriately engaged for certain sources;
an underdeveloped complaints process for sources; and
insufficient assessments of the risk posed to Agents.
NSIRA found that the Minister of National Defence is not adequately informed in order to fulfill ministerial accountabilities for human source handling operations.
NSIRA found that further ministerial direction is required to support the governance of DND/CAF’s human source handling program.
NSIRA’s Recommendations
Details
Recommendation 1: NSIRA recommends that Parliament enact a justification framework to authorize DND/CAF and its sources to commit acts or omissions outside Canada that would otherwise be unlawful, where reasonable for the collection of defence intelligence.
Recommendation 2: NSIRA recommends that DND/CAF develop policy governance to properly equip Field HUMINT teams to conduct their human source handling activities in compliance with the law. At minimum, this should include:
Increased attention to determine whether individuals are involved in terrorist activity;
Governance controls to increase accountability and enable responsiveness;
A change in policy to only accept information with plausible lawful provenance;
The development of training to support CAF members on how to handle human sources while mitigating legal risk; and
A review of operations with respect to their compliance with Canada’s foreign legal obligations.
Recommendation 3: NSIRA recommends that DND/CAF adopt an approach for assessing whether its exchanges with human sources create a substantial risk of mistreatment that is specific to human source handling, comprehensive with respect to its obligations in international human rights law and international humanitarian law, and formalized in policy and procedure.
Recommendation 4: NSIRA recommends that DND/CAF develop a risk assessment framework specific to human source handling, with appropriate doctrinal guidance for the assessment of human sources that includes consideration of all relevant risk factors.
All DND/CAF members implicated in the risk assessment process (including field HUMINT team members, commanders, intelligence staff, and legal and policy advisors) should be appropriately trained on the new risk assessment framework and guidance to ensure consistency across teams and deployments.
Recommendation 5: NSIRA recommends that DND/CAF adopt, in consultation with other departments as necessary, additional measures aimed at ensuring the welfare and protection of their human sources. These measures should be clearly operationalized in governance documents (directives, orders, procedures, etc.) and should address, at minimum, the issues identified in Finding #3.
Recommendation 6: NSIRA recommends that DND/CAF, in consultation with the Minister of National Defence, improve the content of biannual reports to the Minister to include, at minimum, the legal, policy and governance issues that may impact human source handling operations.
Recommendation 7: NSIRA recommends that, with respect to human source handling operations, DND/CAF create official written records of notifications and briefings to the Minister of National Defence, as well as records of decision to improve mutual accountability.
Recommendation 8: NSIRA recommends that the Minister of National Defence issue ministerial direction on human source handling to DND/CAF that includes, at minimum:
Fundamental principles guiding the lawful and ethical conduct of source handling operations;
The types of risk that should be assessed and when these risks should be consulted at the ministerial level;
Expectations regarding the management of human sources; and
Direction regarding the content and frequency of reporting.
Multi-departmental reviews
Review of Operational Collaboration between CSE and CSIS
NSIRA’s findings
NSIRA found that CSE does not routinely share its operational plans and associated risk assessments with CSIS when operating under CSIS authorities. This may leave CSIS unable to fully assess CSE’s activities for compliance.
NSIRA found that close collaboration at the working level created the right conditions for CSIS to monitor CSE’s assistance activities for compliance with warrant conditions.
NSIRA found that CSIS failed to submit an updated request for assistance to CSE in a timely manner when it sought new warrant powers.
NSIRA found that CSE and CSIS did not engage in any joint investigation, assessment, or tracking of a compliance incident.
NSIRA found that CSE and CSIS failed to implement an effective operational framework for their collection activity. This contributed to two instances of non-compliance with the Federal Court’s direction.
NSIRA found that CSE and CSIS identified an effective opportunity to collaborate under their respective mandates and carried out an operation that proved beneficial for both Canada and its allies.
NSIRA found that, while CSIS’s operational framework was sufficient, CSE’s operational framework did not assess legal and policy risk specific to the operation.
NSIRA found that CSE and CSIS did not draft joint terms of engagement, a joint operational plan, or engage in joint risk assessments.
NSIRA found that CSE’s foreignness assessment did not account for the increased risk of targeting Canadians when working with CSIS.
NSIRA found that both CSE and CSIS lack policies, procedures, and accountability mechanisms to govern CSIS lead information messages and associated requests and actions.
NSIRA found that CSIS’s use of lead information messages to share information and make requests about Canadians creates a high risk of potential for non-compliance for CSE.
NSIRA found that CSE’s application of incidental collection provisions may not be appropriate in situations where CSE knows there is a Canadian nexus to a CSIS foreign intelligence lead, and where it knows it is likely to collect Canadian information in pursuing the lead.
NSIRA found that CSE did not comply with section 22(1) of the CSE Act when it [*reviewed the contents*] of a Canadian’s device obtained through a CSIS lead information message.
NSIRA found that CSE did not comply with either section 22(1) of the CSE Act or section 273.64(2)(a) of the National Defence Act (NDA) when it used [*a number of*] complete exceptional reports for foreign intelligence purposes.
NSIRA found that CSE does not consistently utilize its protected entity tool to prevent targeting Canadian identifiers it receives from CSIS.
NSIRA found that while CSIS performs an initial consultation, it does not routinely pursue further engagement with CSE during Threat Reduction Measure activities that could overlap with CSE activities.
NSIRA found that CSE did not notify CSIS in a timely manner of a compliance incident in its Active Cyber Operation, which was connected to a CSIS Threat Reduction Measure.
NSIRA found that CSE failed to cooperate effectively with CSIS, leading to a missed opportunity to advance Canadian intelligence objectives via domestic collaboration.
NSIRA’s Recommendations
Details
Recommendation 1: NSIRA recommends that CSE share its operational plans and associated risk assessments with CSIS prior to operating under CSIS authorities.
Recommendation 2: NSIRA recommends that when CSIS engages CSE for assistance with the execution of warranted powers, a CSIS employee be involved to ensure compliance in CSE’s collection activities until the request for assistance has terminated.
Recommendation 3: NSIRA recommends that CSIS develop a process to ensure that necessary requests for assistance are submitted to CSE in a timely manner subsequent to obtaining warrant powers.
Recommendation 4: NSIRA recommends when working under a request for assistance CSIS and CSE develop a framework for joint investigation of potential compliance incidents.
Recommendation 5: NSIRA recommends that CSIS ensure roles and responsibilities are clearly agreed to prior to allowing partners to execute warrant powers. Where appropriate, these agreements should be shared with the Federal Court.
Recommendation 6: NSIRA recommends that CSIS ensure it is directly involved in all substantive communications with any partner actively executing its warrant powers.
Recommendation 7: NSIRA recommends that CSIS share paragraphs 32 through 41 of this review, along with associated recommendations, with the Federal Court.
Recommendation 8: NSIRA recommends that when CSE engages in joint operations with CSIS it should perform risk assessments for each operational activity. These should specifically consider the risk of targeting Canadians and implement proactive measures to mitigate this risk.
Recommendation 9: NSIRA recommends that when participating in joint operations, CSE and CSIS either jointly develop or share written terms of engagement, operational plans, and risk assessments.
Recommendation 10: NSIRA recommends that CSE perform foreignness assessments that account for the increased risk of targeting Canadians when working with CSIS.
Recommendation 11: NSIRA recommends CSIS cease making requests for action and/or further information to CSE in relation to Canadians or people in Canada via CSIS lead information messages.
Recommendation 12: NSIRA recommends that CSIS develop policies, procedures, and analyst training to standardize the disclosure of CSIS lead information messages to CSE.
Recommendation 13: NSIRA recommends that CSE develop policies, procedures, and analyst training to standardize the use of CSIS lead information messages.
Recommendation 14: NSIRA recommends that CSE develop a regime for collecting, retaining, and reporting to CSIS Canadian information it uncovers further to legitimate foreign intelligence activities where it has advance knowledge of the Canadian information.
Recommendation 15: NSIRA recommends that CSE update its policies to prohibit the analysis of information relating to a Canadian or person in Canada for the purposes of identifying foreign intelligence.
Recommendation 16: NSIRA recommends that if CSIS decides to disclose exceptional reporting to CSE, it should extract the relevant foreign intelligence for disclosure as opposed to sending the entire report.
Recommendation 17: NSIRA recommends that CSE cease using complete exceptional reports from CSIS under its foreign intelligence mandate.
Recommendation 18: NSIRA recommends that CSE introduce a requirement to always apply the protected entity tool to all Canadian identifiers.
Recommendation 19: NSIRA recommends that CSIS pursue routine engagement with CSE during the implementation of its Threat Reduction Measures when the potential for operational overlap exists.
Recommendation 20: NSIRA recommends that CSE share details of potential compliance incidents with CSIS when an overlap may exist with a CSIS Threat Reduction Measure.
Review of Federal Institutions’ Disclosures of Information under the Security of Canada Information Disclosure Act in 2022
NSIRA’s findings
NSIRA found that CSE, CSIS, GAC, and IRCC regularly use the SCIDA in a manner that warrants information sharing arrangements, as encouraged by subsection 4(c) of the SCIDA.
NSIRA found that CBSA, DND/CAF, and IRCC were non-compliant with subsection 9(3) of the SCIDA, as they failed to provide all records created under subsections 9(1) or 9(2) to NSIRA within the legislated timeframe.
NSIRA found improved compliance outcomes in instances where departments prepared record overview spreadsheets under subsections 9(1) and 9(2) of the SCIDA that displayed the following characteristics:
a row for each disclosure made or received;
columns explicitly tied to each individual paragraph under section 9; and
additional columns to capture relevant administrative details, such as whether the disclosure was requested or proactive; the date of the request (if applicable); and any applicable file reference numbers.
NSIRA found that all GC institutions complied with their obligation to prepare and keep records that set out the information prescribed under subsections 9(1) and 9(2) of the SCIDA.
NSIRA found that more than half of the descriptions provided by CBSA and IRCC under paragraph 9(1)(e) of the SCIDA did not explicitly address their satisfaction that the disclosure was authorized under paragraph 5(1)(b), the proportionality test.
NSIRA found, within the sample of disclosures reviewed, that disclosing institutions demonstrated they had satisfied themselves of both the contribution and proportionality tests, in compliance with subsection 5(1) of the SCIDA.
NSIRA found that GAC satisfied itself under the SCIDA’s paragraph 5(1)(a) contribution test based on an incorrect understanding of the recipient’s national security mandate in two cases.
NSIRA found, within the sample of disclosures reviewed, that CBSA and GAC (in one and two disclosures, respectively) were non-compliant with the SCIDA’s subsection 5(2) requirement to provide a statement regarding accuracy and reliability.
NSIRA found, in relation to the remaining disclosures within the sample, that GAC, IRCC, and RCMP included their statements regarding accuracy and reliability within the disclosures themselves, whereas CBSA provided its statements in the disclosures’ cover letters.
NSIRA found that DND/CAF destroyed information under the SCIDA subsection 5.1(1), but they were non-compliant with the requirement to do so “as soon as feasible after receiving it.”
NSIRA found delays between when a disclosure was authorized for sending and when it was received by the individual designated by the head of the recipient institution to receive it in at least 20% (n=34) of disclosures.
NSIRA’s Recommendations
Details
Recommendation 1: NSIRA recommends that information sharing arrangements be used to govern regular SCIDA disclosures between GAC and CSIS; IRCC and CSIS; as well as IRCC and CSE.
Recommendation 2: NSIRA recommends that all GC institutions prepare record overviews to clearly address the requirements of subsections 9(1) and 9(2) of the SCIDA; and provide them to NSIRA along with a copy of the disclosure itself and, where relevant, a copy of the request.
Recommendation 3: NSIRA recommends that disclosing institutions explicitly address the requirements of both paragraphs 5(1)(a) and 5(1)(b) in the records that they prepare under paragraph 9(1)(e) of the SCIDA.
Recommendation 4: NSIRA recommends that GC institutions contemplating the use of proactive disclosures under the SCIDA communicate with the recipient institution, ahead of making the disclosure, to inform their assessments under subsection 5(1).
Recommendation 5: NSIRA recommends that all disclosing institutions include statements regarding accuracy and reliability within the same document as the disclosed information.
Recommendation 6: NSIRA recommends that GC institutions review their administrative processes for sending and receiving disclosures under the SCIDA, and correct practices that cause delays.
Review of departmental implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2022
NSIRA’s findings
NSIRA found that all departments, with the exception of DFO in respect of subsection 7(1), complied with the reporting requirements set out in the ACA.
NSIRA found that all departments had frameworks to govern their implementation of the ACA and its associated directions by the end of 2022.
NSIRA found that most departments demonstrated continual refinements of their ACA frameworks based on self-identified gaps, NSIRA recommendations, and community-wide coordination efforts.
NSIRA found that TC’s ACA governance framework did not include policies and procedures for:
escalating cases to the deputy head; or
assessing the risks of information sharing with foreign entities.
NSIRA found that all departments, with the exception of DFO, GAC, PS, and TC, used country and/or entity risk assessments to inform their assessments of substantial risk of mistreatment and corresponding case escalation.
NSIRA found that departments’ country risk assessments were inconsistent with one another.
NSIRA found that the simultaneous conduct of independent human rights risk assessments in different departments reflected a substantial duplication of effort across the GC, and created the opportunity for discrepant outcomes.
NSIRA found, for the fourth consecutive year, that no departments escalated cases to their deputy heads for determination or decision.
NSIRA found that some high-risk sharing activities were stopped prior to escalation for consideration of possible mitigations.
NSIRA found that certain departments’ ACA governance frameworks and risk assessment methodologies included features that may systematically under-assess the level of risk involved in a transaction. These features include:
discrepant applications of the threshold for substantial risk of mistreatment;
incorporating mitigations into baseline assessments of risk, while overestimating their effects; and
a lack of checks and balances in the risk assessment process.
NSIRA’s Recommendations
Details
Recommendation 1: NSIRA recommends that TC update its ACA governance framework to include policies and procedures for:
Escalating cases to the deputy head; and
Assessing the risks of information sharing with foreign entities.
Recommendation 2: NSIRA recommends that the Government of Canada designate a body responsible for developing:
A unified set of assessments of the human rights situations in foreign countries including a standard “risk of mistreatment” classification level for each country; and
To the extent that multiple departments deal with the same foreign entities in a given country, standardized assessments of the risk of mistreatment of sharing information with foreign entities.
Recommendation 3: NSIRA recommends that departments apply the “substantial risk” threshold in a manner consistent with the definition adopted government-wide; and that departments whose broader policy frameworks do not yet reflect this definition (CBSA, CRA, IRCC, and TC) make the attendant updates.
Recommendation 4: NSIRA recommends that departmental assessments of substantial risk of mistreatment be grounded in countries’ human rights records; and that subsequent entity-level considerations be based on validated, current, and consistent respect for caveats and assurances, rather than the absence of derogatory information particular to that entity or other bilateral considerations.
Recommendation 5: NSIRA recommends that all ACA governance frameworks incorporate layered checks and balances in the risk assessment and escalation of cases that may involve substantial risk of mistreatment.
Annex C: Statistics on complaints investigations
January 1–December 31, 2023
INTAKE INQUIRIES
135
New complaints filed
26
National Security and Intelligence Review Agency Act (NSIRA Act), section 16, Canadian Security and Intelligence Service (CSIS) complaints
I am pleased to present the National Security and Intelligence Review Agency (NSIRA) Secretariat’s Departmental Results Report for fiscal year 2023-24. This year, the Secretariat has effectively met its goals by supporting NSIRA in delivering comprehensive, impactful reviews and ensuring the integrity of complaint investigations. We have built upon our previous successes, significantly enhancing our capacity and expertise across all areas.
In 2023-24, the NSIRA Secretariat supported numerous national security and intelligence reviews, producing a range of high-quality expert reports, including ministerial reports, compliance reports, annual reports destined for tabling in Parliament, and NSIRA’s first special report. The reviews covered various Government of Canada organizations and were shared with key government leaders.
Our outreach and collaboration initiatives have bolstered NSIRA’s relationships with domestic review bodies, agents of Parliament, and international counterparts. The Secretariat played a pivotal role in hosting an international annual conference of NSIRA’s key partners, fostering the exchange of knowledge and best practices. This year, we also established connections with European partners and participated in key international oversight and review activities.
In terms of complaint investigations, the NSIRA Secretariat has continued to support the agency in the refinement of investigation processes, prioritizing timeliness, efficiency, and transparency. We have stabilized investigative procedures to ensure fair and timely conduct. With the normalization of our work environment post-pandemic, our efficiency increased, resulting in numerous formal investigations and informal resolutions. The implementation of service standards for investigative processes has been highly successful. Additionally, in cooperation with a domestic partner, we completed a study on the collection of race-based and demographic data, supporting anti-racism initiatives.
I extend my deepest gratitude to all NSIRA Secretariat employees for their unwavering dedication and commitment to our mission. Their efforts have ensured that our work reflects the highest standards and continues to ensure that Government of Canada security and intelligence activities are subject to expert scrutiny and independent assessment for legal compliance, reasonableness and necessity.
John Davies Executive Director National Security and Intelligence Review Agency
Results at a glance
A departmental results report provides an account of actual accomplishments against plans, priorities and expected results set out in the associated Departmental Plan.
NSIRA Secretariat’s top priorities for 2023-24 were as follows:
Mandatory reviews related to the Canadian Security Intelligence Service (CSIS), the Communications Security Establishment (CSE), the Security of Canada Information Disclosure Act and Governor in Council directions under the Avoiding Complicity in Mistreatment by Foreign Entities Act.
Completing the Review of the dissemination of intelligence on People’s Republic of China political foreign interference, 2018-2023, which was submitted to the Prime Minister as NSIRA’s first ever special report, and subsequently tabled in Parliament.
Meeting the newly implemented NSIRA Service Standards for the timely investigations of complaints.
Successfully hosting, in Ottawa, the annual conference of the Five Eyes Intelligence Oversight and Review Council.
Keeping the NSIRA Secretariat facility expansion project on track for successful completion and timely relocation of employees to the new workspace.
Highlights
In 2023-24, total actual spending (including internal services) for NSIRA Secretariat was $14,962,179 and total actual human resources spending was $11,861,196. For complete information on NSIRA Secretariat’s total spending and human resources, read the Spending and human resources section of the full report.
The following provides a summary of the department’s achievements in 2023-24 according to its approved Departmental Results Framework. A Departmental Results Framework consists of a department’s core responsibilities, the results it plans to achieve and the performance indicators that measure progress toward these results.
Core responsibility 1: National Security and Intelligence Reviews and Complaints Investigations
Actual spending: $7,307,710
Actual human resources: 51
Departmental results achieved
Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary
NSIRA Secretariat staff supported NSIRA in the completion of 11 national security and intelligence reviews over the course of the 2023-24 fiscal year. A total of 13 Government of Canada organizations were subject to review and eight Ministers, plus the Prime Minister, went on to receive one or more of the NSIRA reports that were approved by members in the 2023-24 fiscal year.
Results achieved
10 section 34 ministerial reports
12 section 35 compliance reports
1 section 39 report on disclosures under the Security of Canada Information Disclosure Act
NSIRA’s first ever section 40 special report to the Prime Minister, which was tabled in Parliament
Two departments were subject to NSIRA review for the first time: TBS and SSC.
National security related complaints are independently investigated in a timely manner
In 2023-24, the NSIRA Secretariat advanced its investigative processes, focusing on timeliness, efficiency, and transparency. The number of investigations remained high, with a notable rise in complaints about CSIS delays in security assessments for immigration.
The Secretariat enhanced its investigative fairness and efficiency by implementing new procedures and practices. With the easing of COVID-19 restrictions, NSIRA’s efficiency improved, completing six formal investigations and resolving seven complaints informally.
New service standards were introduced on April 1, 2023, setting internal time limits for investigative steps. NSIRA achieved a 100% success rate in meeting these standards.
Additionally, NSIRA and the CRCC concluded a study on collecting race-based and demographic data to support anti-racism initiatives. This collaboration will continue into 2024-25.
More information about National Security and Intelligence Reviews and Complaints Investigations can be found in the Results – what we achieved section of the full departmental results report.
Core responsibility 1: National Security and Intelligence Reviews and Complaints
In this section
Description
Progress on results
Key risks
Resources required to achieve results
Related government-wide priorities
Program inventory
Description
NSIRA reviews Government of Canada national security and intelligence activities to assess whether they are lawful, reasonable, and necessary. The Agency also investigates complaints from members of the public on the activities of the Canadian Security Intelligence Service (CSIS), the Communications Security Establishment (CSE), the Royal Canadian Mounted Police (RCMP), as well as certain other national security-related complaints, independently and in a timely manner.
The NSIRA Secretariat supports the Agency in the delivery of its mandate. Independent scrutiny contributes to strengthening the accountability framework for national security and intelligence activities and to enhancing public confidence. Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable, and necessary.
Progress on results
This section presents details on how the department performed to achieve results and meet targets for National Security and Intelligence Reviews and Complaints. Details are presented by departmental result.
Table 1: Targets and results for National Security and Intelligence Reviews and Complaints
Table 1 provides a summary of the target and actual results for each indicator associated with the results under National Security and Intelligence Reviews and Complaints.
Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary
Departmental results
Target
Date to achieve target
Actual Results
All mandatory reviews are completed on an annual basis
100% completion of mandatory reviews
2021–22
2021–22: 100%
2022–23: 100%
2023–24: 100%
Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year
At least one national security or intelligence activity is reviewed in at least five departments or agencies annually
2021–22
2021–22: 100%
2022–23: 100%
2023–24: 100%
All high priority national security or intelligence activities, as approved by members, are reviewed over a three-year period
100% completion over three years; at least 33% completed each year
2021–22
2021–22: 33%
2022–23: 33%
2023–24: 33%
National security related complaints are independently investigated in a timely manner
Departmental results
Target
Date to achieve target
Actual Results
Percentage of investigations completed within NSIRA Secretariat service standards.
90%
2022–23
2021–22: N/A
2022–23: N/A
2023–24: 100%
Note: The NSIRA Secretariat was created on July 12, 2019. Actual results for 2020–21 are not available because the new Departmental Results Framework in the changeover from the Security Intelligence Review Committee to the NSIRA Secretariat was being developed. This new framework is for measuring and reporting on results achieved starting in 2021–22.
The following section describes the results for National Security and Intelligence Reviews and Complaints Investigations in 2023–24 compared with the planned results set out in NSIRA Secretariat’s departmental plan for the year.
Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary
NSIRA Secretariat staff supported NSIRA in the completion of 11 national security and intelligence reviews over the course of the 2023-24 fiscal year. A total of 13 Government of Canada organizations were subject to review and eight Ministers, plus the Prime Minister, went on to receive one or more of the NSIRA reports that were approved by members in the 2023-24 fiscal year.
10 section 34 ministerial reports
12 section 35 compliance reports
1 section 39 report on disclosures under the Security of Canada Information Disclosure Act
NSIRA’s first ever section 40 special report to the Prime Minister, which was tabled in Parliament
Of the 11 reviews completed this year, three reviews included multiple Government of Canada organizations by design. These three multi-organization reviews were:
The annual review of disclosures under the Security of Canada Information Disclosure Act (SCIDA)
The annual review of the implementation of directions issued under the Avoiding Complicity in Mistreatment by Foreign Entities Act (ACA)
Review of the dissemination of intelligence on People’s Republic of China political foreign interference, 2018-2024
All Departments/agencies covered in these multi-organizational reviews were: Canada Border Services Agency (CBSA), Canada Revenue Agency (CRA), Communications Security Establishment (CSE), Canadian Security Intelligence Service (CSIS), Department of Fisheries and Oceans (DFO), Department of National Defence and Canadian Armed Forces (DND/CAF), Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), Global Affairs Canada (GAC), Immigration, Refugees and Citizenship Canada (IRCC), Privy Council Office (PCO), Public Safety Canada (PS), Royal Canadian Mounted Police (RCMP), and Transport Canada (TC).
Of the 11 reviews completed this year, four reviews focused on a topic that involved one Government of Canada organization:
CSIS – two reviews
CBSA – one review
DND/CAF – one review
Of the 11 reviews completed reviews this year, four reviews focused on topics that spanned across two Government of Canada organizations:
CSE and CSIS – one review
CSE and Treasury Board Secretariat (TBS) – one review
CSE and Shared Services Canada (SSC) – one review
CSIS and PS – one review
Two departments were subject to NSIRA review for the first time: TBS and SSC.
During the reporting period, the Secretariat continued to refine its processes and methodology to assist the NSIRA review mandate, with the goal of promoting high-quality, impactful reviews. This maturation included the implementation of developed tracking and data collection with a view to using business intelligence to support data-informed decision-making and to optimize review operations. NSIRA Secretariat staff promoted transparency and accountability by working with CBSA, CRA, CSE, CSIS, DFO, DND/CAF, FINTRAC, GAC, IRCC, PS, RCMP and TC to redact and proactively publish 7 reports on the NSIRA website.
National security related complaints are independently investigated in a timely manner
In 2023-24, the NSIRA Secretariat saw the continued maturation of the processes underpinning the fulfillment of its investigation mandate. The conduct of the investigative process has increased its emphasis on timeliness and efficiency, as well as transparency in order to enhance the relevance of the process for complainants.
The level of investigative activities remained high and included an increase in complaints against CSIS with respect to delays in security assessments related to immigration applications.
During the past year, NSIRA Secretariat stabilized its investigative processes for complaints as a result of the implementation of procedures and practices that ensured that the conduct of investigations is fair, timely and transparent. With the normalization of the NSIRA Secretariat’s work environment as a result of the dissipation of the constraints related to the COVID-19 pandemic, NSIRA investigations have seen an increase in efficiency. NSIRA completed six formal investigations and issued final reports in those cases, and concluded seven complaint matters by way of informal resolutions.
As of April 1, 2023, the NSIRA Secretariat implemented service standards related to the investigation of complaints. The service standards set internal time limits for important investigative steps for each type of complaint, under normal circumstances. The service standards specify the circumstances under which those time limits do not apply. The development of the service standards includes tracking and data collection on whether the NSIRA Secretariat is meeting its own service standards in the investigation of complaints. In 2023-24, it reached a success rate of 100% in meeting them.
Finally, the NSIRA Secretariat completed the last phase of a study on the collection of race-based data and other demographic information jointly commissioned with the CRCC. The study undertook work to assess the viability of the collection of identity-based and demographic data as part of the Government of Canada’s ongoing anti-racism initiatives. Improved, more precise and more consistent tracking, collection and measurement of data is necessary to support anti-racism efforts in government. NSIRA continued its collaboration with the CRCC in determining an implementation strategy and this work will continue in 2024-25.
Outreach and collaboration
Engagement and collaboration with current and new partners as well as public outreach were a big part of the support provided to NSIRA by Secretariat staff this year. Secretariat staff engaged in regular interactions with their counterparts in domestic review bodies such as the Secretariat of the National Security and Intelligence Committee of Parliamentarians and the Civilian Review and Complaints Commission to coordinate activities in a way to avoid of duplication in review efforts. Secretariat staff also established new collaborative relationships with counterparts at the various Agents of Parliament. In Fall 2023, the Secretariat supported NSIRA in hosting the Five Eyes Intelligence Oversight and Review Council (FIORC) annual conference in Ottawa. The 3-day event brought together review representatives from Canada, the United States, Australia, New Zealand, and the United Kingdom. The event was hosted in partnership with the Office of the Intelligence Commissioner. Secretariat staff further engaged in regular working level interactions with FIORC partners for the exchange of best practices and for the development of training in a variety of areas. As a result of Secretariat engagement efforts, NSIRA was able to establish important new connections with European partners and participated in the European Intelligence Oversight Conference. NSIRA also secured observer status participation in the Intelligence Oversight Working Group which gathers European oversight and review bodies. Secretariat staff also supported NSIRA in the production of the NSIRA Public Annual Report; the main public report informing Canadians about NSIRA’s work. In addition, Secretariat staff implemented timelier regular publication of unclassified versions of NSIRA reports throughout the year to engage the Canadian public regularly about NSIRA’s work.
Key risks
Effective review requires timely and complete responses to NSIRA’s requests for information, open and candid briefings, and mutual respect. Despite NSIRA’s expansive access rights under the NSIRA Act, Secretariat staff continued to note some instances where Government of Canada organizations did not prioritize the work of review or were not fully responsive to access requests. Compounding these challenges were outdated information management systems and practices within many reviewed organizations, which slowed down responsiveness. While work remains to be done on this front, Secretariat staff have shown excellent resilience and persistance in pushing Government of Canada organizations that are subject to NSIRA review to meet NSIRA’s expectations of responsiveness as an independent review body.
With respect to the Secretariat’s service standards, one risk to the achievement of the planned results for this core responsibility is the procedural unpredictability of NSIRA’s investigations due to the quasi-judicial nature of the process and the institutional independence of NSIRA members in the conduct of their investigations. Procedural unpredictability may result in some investigations becoming more protracted than others depending on the complexity of the complaint that NSIRA must address. In order to mitigate such a risk, the Secretariat’s service standards for the key steps in the process require that all necessary information, including documentary and oral evidence, be before NSIRA for the steps in question to be completed. With the variances in the length of time required for this totality of information to be before NSIRA, the Secretariat’s risk of a service standard lapsing is mitigated.
Resources required to achieve results
Table 2: Snapshot of resources required for National Security and Intelligence Reviews and Complaints Investigations
Table 2 provides a summary of the planned and actual spending and full-time equivalents (FTEs) required to achieve results.
In the fiscal year 2023-2024, the NSIRA Secretariat has continued to advance the Human Rights, Accessibility, Employment Equity, Diversity, and Inclusion (EEDI) Action Plan initiated on April 1, 2022. This includes incorporating a GBA+ lens into the design and implementation of policies and programs.
The Secretariat has continued to align its policies, programs, and practices with human rights, accessibility, and EE principles. The NSIRA Secretariat completed the final phase of a study on the collection of race-based and other demographic data, conducted in collaboration with the CRCC. This study evaluated the feasibility of collecting identity-based and demographic information to support the Government of Canada’s ongoing anti-racism initiatives. Enhanced, accurate, and consistent tracking, collection, and measurement of this data are essential for advancing anti-racism efforts within the government. NSIRA continued to work with the CRCC to develop an implementation strategy, with plans to further this initiative in 2024-25.
This year saw the publication of our Accessibility Plan – First Progress Report, which focused on increasing awareness and improving accessibility within the workforce and workplace. Through internal capacity building and new service agreements, NSIRA aims to address previously lagging areas and integrate accessibility sustainably across all operations.
In spring 2023, the Public Service Employee Survey (PSES) 2022 results were released to all staff, providing an opportunity to reflect on NSIRA employees’ views on the organization’s strengths and challenges regarding diversity and inclusion.
Additionally, the NSIRA Secretariat has initiated the development of a pay equity plan to ensure equitable compensation for all employees in compliance with the Pay Equity Act. These efforts reflect NSIRA’s ongoing commitment to fostering a more inclusive and equitable environment.
United Nations 2030 Agenda for Sustainable Development and the Sustainable Development Goals
More information on NSRIA Secretariat’s contributions to Canada’s Federal Implementation Plan on the 2030 Agenda and the Federal Sustainable Development Strategy can be found in our Departmental Sustainable Development Strategy.
Internal services
In this section
Description
Progress on results
Resources required to achieve results
Contracts awarded to Indigenous business
Description
Internal services are the services that are provided within a department so that it can meet its corporate obligations and deliver its programs. There are 8 categories of internal services:
management and oversight services
human resources management services
financial management services
information management services
information technology services
real property management services
materiel management services
acquisition management services
Progress on results
This section presents details on how the department performed to achieve results and meet targets for internal services.
During the reporting period, the NSIRA Secretariat continued to take steps to ensure resources were deployed in the most effective and efficient manner possible and its operations and administrative structures, tools and processes continued to focus on supporting the delivery of its priorities. Several tools to improve the ability for budget managers to plan and forecast were deployed and implemented in the forecasting cycle.
The Secretariat recognizes the need to be an inclusive, healthy, and flexible employer. Over the past year, we have encouraged flexible working arrangements, such as teleworking, to achieve work–life balance and meet performance expectations.
With the collaboration from PSPC, RCMP and CSE, the NSIRA Secretariat has completed a two-year construction project and has expanded its footprint with the addition of approx. 50 workstations with an occupancy target date of August 2024. The facilities team will continue the work associated with the Accessibility Canada Act management action plan, specifically the built environment.
The NSIRA Secretariat has explored various tools to assist with the material management program and will seek to implement the solution in the coming fiscal years once the tools and resources are in place.
The implementation of GCdocs within our organization is progressing significantly, reflecting our commitment to improving our information management. We have recently completed the configuration of the Protected B GCdocs environment, aligned with the updated organizational file plan. Additionally, we have initiated the document migration plan, marking a key milestone in our transition toward more efficient, secure, and compliant document handling. This advancement supports our goal of enhancing productivity, ensuring regulatory compliance, and improving collaboration across our organization.
Resources required to achieve results
Table 3: Resources required to achieve results for internal services this year
Table 3 provides a summary of the planned and actual spending and full-time equivalents (FTEs) required to achieve results.
Government of Canada departments are to meet a target of awarding at least 5% of the total value of contracts to Indigenous businesses each year. This commitment is to be fully implemented by the end of 2024–25.
NSIRA Secretariat is a Phase 3 department and is aiming to achieve the minimum 5% target by the end of 2024–25. For the year 2023-24, the actual percentage was 1% which includes commodities from Economic Object Code 1172 – Offices and Stationary Supplies and Economic Code 0630 Repairs and Maintenance Office buildings.
Some of the measures the NSIRA secretariat is taking to achieve the 5% minimum target include the implementation of a strategy to create more opportunities for Indigenous businesses, implementing tools such as an addition to our internal checklist that requires that indigenous procurement options are considered and the possibility of initiating discussion around potential set asides or areas of focus for indigenous procurement.
The Secretariat continues to explore various ways to improve our implementation strategy to create more opportunities for Indigenous businesses by including a periodic review of results against target and potential system adjustments to allow for more accurate and efficient tracking.
Spending and human resources
In this section
Spending
Funding
Financial statement highlights
Human resources
Spending
This section presents an overview of the department’s actual and planned expenditures from 2021–22 to 2026–27.
Budgetary performance summary
Table 4 Actual three-year spending on core responsibilities and internal services (dollars)
Table 4 presents how much money NSIRA Secretariat spent over the past three years to carry out its core responsibilities and for internal services.
Core responsibilities and internal services
2023–24 Main Estimates
2023–24 total authorities available for use
Actual spending over three years (authorities used)
National Security and Intelligence Reviews and Complaints Investigations
Table 5 Planned three-year spending on core responsibilities and internal services (dollars)
Table 5 presents how much money NSIRA Secretariat’s plans to spend over the next three years to carry out its core responsibilities and for internal services.
Core responsibilities and internal services
2024–25 planned spending
2025–26 planned spending
2026–27 planned spending
National Security and Intelligence Reviews and Complaints Investigations
$10,852,987
$10,852,051
$10,852,051
Internal services
$7,722,123
$7,758,034
$7,758,034
Total
$18,575,110
$18,610,085
$18,610,085
Analysis of the next three years of spending
Spending over the next three years is anticipated to remain constant as the facilities fit-up and expansion is completed and the organization is nearing a steady state. No additional special projects are planned that would impact overall spending.
This section provides an overview of the department’s voted and statutory funding for its core responsibilities and for internal services. For further information on funding authorities, consult the Government of Canada budgets and expenditures.
Graph 1: Approved funding (statutory and voted) over a six-year period
Graph 1 summarizes the department’s approved voted and statutory funding from 2021-22 to 2026-27.
Text version of Figure 1
Bar graph that summarizes the department’s approved voted and statutory funding from 2021-22 to 2026-27
2021-22
2022-23
2023-24
2024-25
2025-26
2026-27
Statutory
1,176,321
1,300,166
1,755,229
1,764,845
1,766,593
1,766,593
Voted
16,113,433
16,988,980
21,253,996
16,810,265
16,843,492
16,843,492
Total
17,289,754
18,289,147
23,009,225
18,575,110
18,610,085
18,610,085
Analysis of statutory and voted funding over a six-year period
Funding over the next six years is anticipated to remain constant as the facilities fit-up and expansion is completed and the organization is nearing a steady state. No additional special projects are planned or anticipated that would necessitate additional funding.
For further information on NSIRA Secretariat’s departmental voted and statutory expenditures, consult the Public Accounts of Canada.
Table 7 summarizes actual expenses and revenues which net to the cost of operations before government funding and transfers.
Financial information
2023–24 actual results
2022–23 actual results
Difference (2023-24 minus 2022-23)
Total expenses
$18,223
$19,586
-$1,363
Total revenues
$0
$0
$0
Net cost of operations before government funding and transfers
$18,223
$19,586
-$1,363
Table 8 Condensed Statement of Financial Position (unaudited) as of March 31, 2024 (dollars)
Table 8 provides a brief snapshot of the department’s liabilities (what it owes) and assets (what the department owns), which helps to indicate its ability to carry out programs and services.
Financial information
Actual fiscal year (2023–24)
Previous fiscal year (2022–23)
Difference (2023–24 minus 2022–23)
Total net liabilities
$2,374
$2,050
$324
Total net financial assets
$1,779
$1,578
$201
Departmental net debt
$595
$472
$123
Total non-financial assets
$7,391
$2,240
$5,151
Departmental net financial position
$6,796
$1,768
$5,028
Human resources
This section presents an overview of the department’s actual and planned human resources from 2021–22 to 2026–27.
Table 9: Actual human resources for core responsibilities and internal services
Table 9 shows a summary of human resources, in full-time equivalents (FTEs), for NSIRA Secretariat’s core responsibilities and for its internal services for the previous three fiscal years.
Core responsibilities and internal services
2021–22 actual FTEs
2022–23 actual FTEs
2023–24 actual FTEs
National Security and Intelligence Reviews and Complaints Investigations
52
53
51
Internal services
22
25
24
Total
74
78
75
Analysis of human resources over the last three years
The increase in FTEs from 74 in 2021–22 to 78 in 2022–23 is primarily a result of the staffing of vacant positions. There have been no significant differences in the past two years. NSIRA Secretariat human resources is expected to remain constant. Minor fluctuations reflect normal staff turnover.
Table 10: Human resources planning summary for core responsibilities and internal services
Table 10 shows information on human resources, in full-time equivalents (FTEs), for each of NSIRA Secretariat’s core responsibilities and for its internal services planned for the next three years. Human resources for the current fiscal year are forecasted based on year to date.
Core responsibilities and internal services
2024–25 planned FTEs
2025–26 planned FTEs
2026–27 planned FTEs
National Security and Intelligence Reviews and Complaints Investigations
69
69
69
Internal services
31
31
31
Total
100
100
100
Analysis of human resources for the next three years
FTE count to remain constant across the board.
Corporate information
Departmental profile
Appropriate minister(s): The Right Honourable Justin Trudeau, Prime Minister of Canada
Institutional head: Charles Fugère, Executive Director
The tax system can be used to achieve public policy objectives through the application of special measures such as low tax rates, exemptions, deductions, deferrals and credits. The Department of Finance Canada publishes cost estimates and projections for these measures each year in the Report on Federal Tax Expenditures. This report also provides detailed background information on tax expenditures, including descriptions, objectives, historical information and references to related federal spending programs as well as evaluations and GBA Plus of tax expenditures.
An enduring function or role performed by a department. The intentions of the department with respect to a core responsibility are reflected in one or more related departmental results that the department seeks to contribute to or influence.
Departmental Plan (plan ministériel)
A report on the plans and expected performance of an appropriated department over a 3year period. Departmental Plans are usually tabled in Parliament each spring.
departmental priority (priorité)
A plan or project that a department has chosen to focus and report on during the planning period. Priorities represent the things that are most important or what must be done first to support the achievement of the desired departmental results.
departmental result (résultat ministériel)
A consequence or outcome that a department seeks to achieve. A departmental result is often outside departments’ immediate control, but it should be influenced by program-level outcomes.
departmental result indicator (indicateur de résultat ministériel)
A quantitative measure of progress on a departmental result.
departmental results framework (cadre ministériel des résultats)
A framework that connects the department’s core responsibilities to its departmental results and departmental result indicators.
Departmental Results Report (rapport sur les résultats ministériels)
A report on a department’s actual accomplishments against the plans, priorities and expected results set out in the corresponding Departmental Plan.
Full-time equivalent (équivalent temps plein)
A measure of the extent to which an employee represents a full person-year charge against a departmental budget. For a particular position, the full-time equivalent figure is the ratio of number of hours the person actually works divided by the standard number of hours set out in the person’s collective agreement.
gender-based analysis plus (GBA Plus) (analyse comparative entre les sexes plus [ACS Plus])
An analytical tool used to assess support the development of responsive and inclusive how different groups of women, men and gender-diverse people experience policies, programs and policies, programs, and other initiatives. GBA Plus is a process for understanding who is impacted by the issue or opportunity being addressed by the initiative; identifying how the initiative could be tailored to meet diverse needs of the people most impacted; and anticipating and mitigating any barriers to accessing or benefitting from the initiative. GBA Plus is an intersectional analysis that goes beyond biological (sex) and socio-cultural (gender) differences to consider other factors, such as age, disability, education, ethnicity, economic status, geography (including rurality), language, race, religion, and sexual orientation.
An initiative where two or more federal departments are given funding to pursue a shared outcome, often linked to a government priority.
non‑budgetary expenditures (dépenses non budgétaires)
Net outlays and receipts related to loans, investments and advances, which change the composition of the financial assets of the Government of Canada.
performance (rendement)
What a department did with its resources to achieve its results, how well those results compare to what the department intended to achieve, and how well lessons learned have been identified.
performance indicator (indicateur de rendement)
A qualitative or quantitative means of measuring an output or outcome, with the intention of gauging the performance of an department, program, policy or initiative respecting expected results.
plan (plan)
The articulation of strategic choices, which provides information on how a department intends to achieve its priorities and associated results. Generally, a plan will explain the logic behind the strategies chosen and tend to focus on actions that lead to the expected result.
planned spending (dépenses prévues)
For Departmental Plans and Departmental Results Reports, planned spending refers to those amounts presented in Main Estimates.
A department is expected to be aware of the authorities that it has sought and received. The determination of planned spending is a departmental responsibility, and departments must be able to defend the expenditure and accrual numbers presented in their Departmental Plans and Departmental Results Reports.
program (programme)
Individual or groups of services, activities or combinations thereof that are managed together within the department and focus on a specific set of outputs, outcomes or service levels.
program inventory (répertoire des programmes)
Identifies all the department’s programs and describes how resources are organized to contribute to the department’s core responsibilities and results.
result (résultat)
A consequence attributed, in part, to an department, policy, program or initiative. Results are not within the control of a single department, policy, program or initiative; instead they are within the area of the department’s influence.
Indigenous business (entreprise autochtones)
For the purpose of the Directive on the Management of Procurement Appendix E: Mandatory Procedures for Contracts Awarded to Indigenous Businesses and the Government of Canada’s commitment that a mandatory minimum target of 5% of the total value of contracts is awarded to Indigenous businesses, a department that meets the definition and requirements as defined by the Indigenous Business Directory.
statutory expenditures (dépenses législatives)
Expenditures that Parliament has approved through legislation other than appropriation acts. The legislation sets out the purpose of the expenditures and the terms and conditions under which they may be made.
target (cible)
A measurable performance or success level that a department, program or initiative plans to achieve within a specified time period. Targets can be either quantitative or qualitative.
voted expenditures (dépenses votées)
Expenditures that Parliament approves annually through an appropriation act. The vote wording becomes the governing conditions under which these expenditures may be made.
This quarterly report has been prepared by management as required by section 65.1 of the Financial Administration Act and in the form and manner prescribed by the Directive on Accounting Standards, GC 4400 Departmental Quarterly Financial Report. This quarterly financial report should be read in conjunction with the 2024–2025 Main Estimates.
This quarterly report has not been subject to an external audit or review.
Mandate
The National Security and Intelligence Review Agency (NSIRA) is an independent external review body that reports to Parliament. Established in July 2019, NSIRA is responsible for conducting reviews of the Government of Canada’s national security and intelligence activities to ensure that they are lawful, reasonable and necessary. NSIRA also hears public complaints regarding key national security agencies and their activities.
The NSIRA Secretariat supports the Agency in the delivery of its mandate. Independent scrutiny contributes to strengthening the accountability framework for national security and intelligence activities and to enhancing public confidence. Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable, and necessary
This quarterly report has been prepared by management using an expenditure basis of accounting. The accompanying Statement of Authorities includes the agency’s spending authorities granted by Parliament and those used by the agency, consistent with the 2024–2025 Main Estimates. This quarterly report has been prepared using a special-purpose financial reporting framework (cash basis) designed to meet financial information needs with respect to the use of spending authorities.
The authority of Parliament is required before money can be spent by the government. Approvals are given in the form of annually approved limits through appropriation acts or through legislation in the form of statutory spending authorities for specific purposes.
Highlights of the fiscal quarter and fiscal year-to-date results
This section highlights the significant items that contributed to the net increase or decrease in authorities available for the year and actual expenditures for the quarter ended June 30, 2024.
NSIRA Secretariat spent approximately 19% of its authorities by the end of the first quarter, compared with 19% in the same quarter of 2023–2024 (see graph 1).
Graph 1: Comparison of total authorities and total net budgetary expenditures, Q1 2024–25 and Q1 2023–24
Text version of Figure 1
Comparison of total authorities and total net budgetary expenditures, Q1 2024–25 and Q1 2023–24
2024-25
2023-24
Total Authorities
$18.4
$23.0
Q1 Expenditures
$3.5
$4.3
Significant changes to authorities
As of June 30, 2024, Parliament had approved $18.4 million in total authorities for use by NSIRA Secretariat for 2024–2025 compared with $23.0 million as of June 30, 2023, for a net decrease of $4.6 million or 20.0% (see graph 2).
Graph 2: Variance in authorities as at June 30, 2024
Text version of Figure 2
Variance in authorities as at June 30, 2024 (in millions)
Fiscal year 2023-24 total available for use for the year ended March 31, 2024
Fiscal year 2024-25 total available for use for the year ended March 31, 2025
Vote 1 – Operating
21.3
16.8.3
Statutory
1.8
1.6
Total budgetary authorities
23.0
18.4
*Details may not sum to totals due to rounding*
The decrease of $4.6 million in authorities is mostly explained by a reduction in capital funding for infrastructure projects.
Significant changes to quarter expenditures
The first quarter expenditures totalled $3.5 million for a decrease of $0.8 million when compared with $4.3 million spent during the same period in 2023–2024. Table 1 presents budgetary expenditures by standard object.
Table 1
Variances in expenditures by standard object (in thousands of dollars)
Fiscal year 2024–25: expended during the quarter ended June 30, 2024
Fiscal year 2023–24: expended during the quarter ended June 30, 2023
Variance $
Variance %
Personnel
3,008
2,886
122
4%
Transportation and communications
58
130
(72)
(55%)
Information
6
0
6
100%
Professional and special services
269
1,165
(896)
(77%)
Rentals
25
48
(23)
(48%)
Repair and maintenance
3
24
(21)
(88%)
Utilities, materials, and supplies
28
7
21
300%
Acquisition of machinery and equipment
12
48
(36)
(75%)
Other subsidies and payments
79
4
75
1875%
Total gross budgetary expenditures
3,488
4,312
(824)
(19%)
Transportation and communications
The decrease of $72,000 is explained by a change in the timing of invoicing for the internet connection.
Professional and special services
The decrease of $896,000 is mainly explained by a change in the timing of the billing for maintenance and services in support of our classified IT network infrastructure.
Rentals
The decrease of $23,000 is explained by a decrease in cost for the rent for temporary office space.
Repair and maintenance
The decrease of $21,000 is explained by a one-time maintenance contract purchased in fiscal year 2023-2024.
Utilities, materials, and supplies
The increase of $21,000 is explained by unreconciled acquisition card purchases.
Acquisition of machinery and equipment
The decrease of $36,000 is explained by a one-time purchase of a specialized laptop along with a wall mounted charging station and warranty in 2023-2024.
Other subsidies and payments
The increase of $75,000 is explained by an increase in salary overpayments.
Risks and uncertainties
There is a risk that the funding received to offset pay increases anticipated over the coming year will be insufficient to cover the costs of such increases and the year-over-year cost of services provided by other government departments/agencies is increasing significantly.
NSIRA Secretariat is closely monitoring pay transactions to identify and address over and under payments in a timely manner and continues to apply ongoing mitigating controls.
Mitigation measures for the risks outlined above have been identified and are factored into NSIRA Secretariat’s approach and timelines for the execution of its mandated activities.
Significant changes in relation to operations, personnel and programs
Mr. Charles Fugère was appointed by the Governor-in-Council to be Executive Director of the NSIRA Secretariat on an interim basis on June 3, 2024.
Mr. Marc-André Cloutier, NSIRA Secretariat’s Director General, Corporate Services and CFO since 2023, retired in Q4 of 2023-2024. He has been replaced by Mr. Martyn Turcotte.
Approved by senior officials:
Charles Fugère Executive Director
Amanda Wark A/Chief Financial Officer
Appendix
Statement of authorities (Unaudited)
(in thousands of dollars)
Fiscal year 2024–25
Fiscal year 2023–24
Total available for use for the year ending March 31, 2025 (note 1)
Used during the quarter ended June 30, 2024
Year to date used at quarter-end
Total available for use for the year ending March 31, 2024 (note 1)
Used during the quarter ended June 30, 2023
Year to date used at quarter-end
Vote 1 – Net operating expenditures
16,810
3,088
3,088
21,254
3,873
3,873
Budgetary statutory authorities
Contributions to employee benefit plans
1,601
400
400
1,755
439
439
Total budgetary authorities (note 2)
18,411
3,488
3,488
23,009
4,312
4,312
Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.
Note 2: Details may not sum to totals due to rounding.
Departmental budgetary expenditures by standard object (unaudited)
(in thousands of dollars)
Fiscal year 2024–25
Fiscal year 2023–24
Planned expenditures for the year ending March 31, 2025 (note 1)
Expended during the quarter ended June 30, 2024
Year to date used at quarter-end
Planned expenditures for the year ending March 31, 2024
Expended during the quarter ended June 30, 2023
Year to date used at quarter-end
Expenditures
Personnel
13,205
3,088
3,088
13,303
2,886
2,886
Transportation and communications
685
58
58
650
130
130
Information
76
6
6
372
0
0
Professional and special services
3,577
269
269
3,596
1,165
1,165
Rentals
309
25
25
271
48
48
Repair and maintenance
436
3
3
4,580
24
24
Utilities, materials, and supplies
58
28
28
73
7
7
Acquisition of machinery and equipment
65
12
12
132
48
48
Other subsidies and payments
0
79
79
33
4
4
Total gross budgetary expenditures
(note 2)
18,411
3,488
3,488
23,009
4,312
4,312
Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.
Note 2: Details may not sum to totals due to rounding.
A departmental plan describes a department’s priorities, plans and associated costs for the upcoming three fiscal years.
Vision, mission, raison d’etre and operating context
Minister’s mandate letter
Key priorities
In 2024–25, the NSIRA Secretariat’s top priorities are to
support NSIRA Members in undertaking professional, independent reviews of Canada’s national security and intelligence activities;
support NSIRA Members in conducting independent investigations of national security and intelligence public complaints;
provide transparency about our work; and
continue to strengthen our domestic and international partnerships.
Refocusing Government Spending
In Budget 2023, the government committed to reducing spending by $14.1 billion over the next five years, starting in 2023–24, and by $4.1 billion annually after that.
While not officially part of the government spending reduction exercise, the NSIRA Secretariat will respect the spirit of this exercise by
critically considering the need for contractors, and
identifying work that can be done in-house or deferred, if required.
NSIRA remains committed to managing spending with prudence and probity and that resources are used effectively, and efficiently to achieve organizational objectives.
Highlights
A Departmental Results Framework consists of an organization’s core responsibilities, the results it plans to achieve, and the performance indicators that measure progress toward these results.
National security and intelligence reviews and complaints investigations
Departmental results:
NSIRA reviews Government of Canada national security and intelligence activities to assess whether they are lawful, reasonable, and necessary. The Agency also investigates complaints from members of the public on the activities of the Canadian Security Intelligence Service (CSIS), the Communications Security Establishment (CSE), the Royal Canadian Mounted Police (RCMP), as well as certain other national security-related complaints, independently and in a timely manner.
The NSIRA Secretariat supports the Agency in the delivery of its mandate. Independent scrutiny contributes to strengthening the accountability framework for national security and intelligence activities and to enhancing public confidence. Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable, and necessary.
See GC InfoBase for the full framework and program inventory.
Planned spending: $10,852,987
Planned human resources: 69
Support to national security and intelligence reviews and complaints investigations: The NSIRA Secretariat will support the Agency as it ensures institutions’ accountability and enhances public confidence. This will involve conducting transparent and timely investigations into complaints related to national security or intelligence activities and the denial of security clearances.
Throughout 2024–25, the NSIRA Secretariat will support and conduct the Agency’s current reviews and initiate new reviews as per its Forward Review Plan. It will also conduct the Agency’s mandated annual reviews under the National Security and Intelligence Review Agency Act and annual reviews of CSIS and CSE activities.
For more information on the NSIRA Secretariat’s plans, see the “Plans to deliver” section of this plan.
More information about National security and intelligence reviews and complaints investigations can be found in the full departmental plan.
This Departmental Plan describes the priorities and goals for the National Security and Intelligence Review Agency (NSIRA) Secretariat in 2024–25. Our work is fundamentally anchored by our role in supporting the Agency’s mandate to undertake independent, expert review and investigation of the Government of Canada’s national security and intelligence activities.
Since the Agency’s inception in 2019, the NSIRA Secretariat has worked to establish a professional workforce and the supporting infrastructure, processes, and policies needed to carry out its mandate. Our approaches have matured as we have taken time for deep internal reflection and to consult with our domestic and international partners. Combined with the growing willingness of the national security community to genuinely accept and adjust to our mandate, we are now well positioned to leverage what we have learned and confidently advance our work as a world-recognized review body. In so doing, we will continue to work towards NSIRA’s vision of an accountable, transparent, and effective national security and intelligence community that upholds the rule of law.
In 2024–25, the Secretariat will continue to improve the quality of our working environment to attract and retain an exceptional workforce. We recognize that prioritizing the physical and mental well-being of our employees, and continuing to advance diversity and inclusion, are important aspects of becoming an employer of choice. We have taken steps to implement meaningful action in the coming year. NSIRA is well positioned to take on new and exciting challenges in the year ahead. I would like to thank both Secretariat staff and NSIRA Members, whose ongoing professionalism and dedication to our important work continues to be the force behind our past and future success.
John Davies Executive Director National Security and Intelligence Review Agency Secretariat
Plans to deliver on core responsibilities and internal services
Core responsibilities and internal services:
National security and intelligence reviews and complaints investigations
Internal services
National security and intelligence reviews and complaints investigations
Description
NSIRA reviews Government of Canada national security and intelligence activities to assess whether they are lawful, reasonable, and necessary. The Agency investigates complaints from members of the public regarding activities of CSIS, CSE, and the national security activities of the RCMP, as well as certain other national security-related complaints.
The NSIRA Secretariat supports the Agency in the delivery of this mandate. The resulting independent scrutiny contributes to the strengthening of the framework of accountability for national security and intelligence activities undertaken by Government of Canada institutions and enhancing public confidence.
Quality of life impacts
NSIRA’s core responsibility relates most closely to the indicator ‘confidence in institutions’, within the ‘democracy and institutions’ sub domain and under the overarching domain of ‘good governance’.
Results and targets
The following tables show, for each departmental result related to national security and intelligence reviews and complaints investigations, the indicators, the results from the three most recently reported fiscal years, the targets and target dates approved in 2024–25.
Table 1: Indicators, results and targets for departmental result “Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable, and necessary”
Indicator
2020–21 result
2021–22 result
2022–23 result
Target
Date to achieve
All mandatory reviews are completed on an annual basis
N/A
100%
100%
100% completion of mandatory reviews
December 2022
Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year
N/A
100%
100%
At least one national security or intelligence activity is reviewed in at least five departments or agencies annually
December 2022
All Member-approved high priority national security or intelligence activities are reviewed over a three- year period
N/A
33%
33%
100% completion over three years; at least 33% completed each year
December 2022
Table 2: Indicators, results, and targets for departmental result “National security-related complaints are independently investigated in a timely manner”
Indicator
2020–21 result
2021–22 result
2022–23 result
Target
Date to achieve
Note: NSIRA was created on July 12, 2019. Actual results for 2020–21 are not available because the new Departmental Results Framework was being developed during the transition of the Security Intelligence Review Committee into the establishment of NSIRA. The new framework is for measuring and reporting on results achieved starting in 2021–22; in 2022–23, NSIRA finalized service standards on the time required to complete its investigations (effective April 1, 2023). The results will be included in the next Departmental Results Report.
Percentage of investigations completed within NSIRA service standards
N/A
N/A
N/A
90% – 100%
March 2024
The financial, human resources and performance information for NSIRA’s program inventory is available on GC InfoBase.
Plans to achieve results
Support to NSIRA reviews
The NSIRA Secretariat will continue to support the Agency’s current, ongoing reviews and new reviews from the Forward Review Plan throughout 2024–25. This will include supporting the annual reviews of CSIS and CSE activities, to provide responsible Ministers and the Canadian public with an assessment of these institutions’ activities, including their lawfulness, reasonableness, and necessity.
In 2024–25, the NSIRA Secretariat will continue to be informed and guided by the knowledge acquired through reviews of departments and agencies (reviewees) to date. As it becomes increasingly familiar with reviewees’ organizational structures, networks, policies, and activities, and able to apply such information to subsequent reviews, it will leverage this knowledge to ensure these institutions’ national security and intelligence activities are reviewed from a strongly informed position of independence. The NSIRA Secretariat will also continue to support reviews focused on crosscutting, horizontal issues that span multiple reviewees, with a goal of fully leveraging NSIRA’s authority in this regard.
In addition to conducting its mandated annual reviews in 2024-25, the NSIRA Secretariat will lead the development of a new review plan that is timely, topical, and responsive. The Forward Review Plan involves evaluating proposals for new reviews against an established matrix of criteria. The criteria represent the considerations or aspects that NSIRA deems to be the most important and relevant to the issues and topics it addresses through its discretionary reviews. The outcome will be a prioritized list of new reviews that will be undertaken once the existing reviews are completed. In this way, the NSIRA Secretariat will continue to support NSIRA Members in executing their responsibilities and exercising their authority under the NSIRA Act.
Support to NSIRA complaints investigations
In 2024–25, the NSIRA Secretariat will support the Agency in ensuring institutions’ accountability and enhancing public confidence by conducting transparent and timely investigations into complaints related to national security and the denial of security clearances. NSIRA’s independent investigation of complaints plays a critical role in maintaining public access to justice.
In the coming year, the NSIRA Secretariat will apply its rules of procedure, which were first implemented in 2021, to promote accessibility, timeliness, and efficiency in the Agency’s investigation of complaints. This includes an informal resolution process that has proven successful in resolving complaints that do not need to proceed e to formal investigation process.
The NSIRA Secretariat will further implement the Agency’s new service standards for the investigation of complaints, which were created in 2022–23 and effective as of April 1, 2023.
Transparency
The NSIRA Secretariat will continue to proactively publish unclassified versions of all Agency review reports. It will engage reviewees in a timelier manner on release approvals and aim to publish redacted reports on the NSIRA website shortly after these reports are provided to reviewees and their respective Ministers, leveraging processes developed during the previous year.
Partnerships
Participation
In 2024–25, the NSIRA Secretariat will build on its ongoing partnership efforts from the previous year. It will continue its participation in the Five Eyes Intelligence Oversight and Review Council, which brings together review agency representatives from Canada, the United States, Australia, New Zealand, and the United Kingdom.
Engagement
The NSIRA Secretariat will also continue to support multilateral and bilateral engagement with other like-minded European and international partners. Such participation and engagement will include ongoing working-level visits and exchanges. This work will support NSIRA’s interest in benefiting from, and contributing to, the sharing of best practices with the broader review and oversight community. The NSIRA Secretariat will also continue to build on recent efforts to foster collaborative relationships with other domestic review bodies and civil society groups.
Key risks
The NSIRA Secretariat has made progress on accessing the information required to conduct reviews; however, there continues to be risks associated with reviewees’ ability to respond to, and prioritize, information requests, hindering NSIRA’s ability to deliver its review plan in a timely way. The NSIRA Secretariat will continue to mitigate this risk by providing clear communication related to information requests, tracking their timely completion within communicated timelines, and escalating issues when appropriate.
Snapshot of planned resources in 2024–25
Planned spending: $18,575,110
Planned full-time resources: 100
Related government priorities
In 2024–25, the NSIRA Secretariat will continue to implement its three-year action plan on human rights, accessibility, employment equity, diversity, and inclusion. It first put this plan into effect during fiscal year 2022–23, following a maturity assessment of its policies, programs, and practices, and the Call to Action from the Clerk of the Privy Council. It includes, among many components, incorporating a gender-based analysis plus lens into the design and implementation of the NSIRA Secretariat’s policies and programs.
Employee self-identification data, which was first collected by the NSIRA Secretariat in 2023–2024 (further to the establishment of a special program under the Canadian Human Rights Act), will continue to inform the NSIRA Secretariat’s activities in the year ahead and better position it to:
prevent, eliminate, or reduce disadvantages and barriers that are experienced by any group of individuals based on, or related to, prohibited grounds of discrimination;
identify gaps in representation, to implement recruitment and retention measures aimed at not only achieving but retaining a diverse workforce and maintaining an inclusive work environment;
leverage the value of diverse peoples and perspectives in its work; and
identify meaningful opportunities for employee engagement in keeping with its overall commitment to human rights, accessibility, employment equity, diversity, and inclusion.
NSIRA’s Forward Looking Review Plan continues to be informed by considerations related to anti-racism, equity, and inclusion. These considerations apply to the process of selecting reviews to be undertaken, as well as to the analysis that takes place during individual reviews. NSIRA reviews routinely take into account the potential for national security or intelligence activities to result in disparate outcomes for various communities, and will continue to do so in the year ahead.
In 2024–25, in the context of complaint investigations, the NSIRA Secretariat will continue to support the Agency as it works with the Civilian Review and Complaints Commission (CRCC) to develop strategies for the collection, analysis, and use of identity-based data. Following the completion of a joint study, it will focus on assessing how some recommendations can be implemented for the collection, analysis, and use of identity-based data in relation to the NSIRA and CRCC mandates.
The NSIRA Secretariat will also continue to implement its Accessibility Plan, which outlines the steps that will be taken to increase accessibility within the organization and for all Canadians over the next two years. In addition, its Diversity, Inclusion, and Employment Equity Advisory Committee will continue to work with management and staff to build a more equitable, diverse, and inclusive workplace and workforce. This will include organizing discussions and learning events with all staff and providing advice on policy and program design.
In the year ahead, the NSIRA Secretariat will also develop and implement a pay equity plan, as required by the Pay Equity Act. Closing any identified gender pay gap is essential to advancing gender equality and fostering a workplace driven by inclusivity and fairness.
Program inventory
National security and intelligence reviews and complaints investigations are supported by the following program in the program inventory:
National security and intelligence activity reviews and complaints investigations.
Supporting information on planned expenditures, human resources, and results related to NSIRA’s program inventory is available on GC Infobase.
Internal services
Description
Internal services are the services that are provided within a department so that it can meet its corporate obligations and deliver its programs. There are 10 categories of internal services:
management and oversight services
communications services
human resources management services
financial management services
information management services
information technology services
real property management services
materiel management services
acquisition management services
Plans to achieve results
In 2024–25, the NSIRA Secretariat will continue to take steps to ensure resources are deployed in the most effective and efficient manner possible, and its operations and administrative structures, tools, and processes continue to focus on supporting the delivery of its priorities.
The NSIRA Secretariat recognizes the need to be an inclusive, healthy, and flexible employer. Over the coming year, it will continue to encourage flexible working arrangements, such as teleworking, to achieve work–life balance and meet performance expectations.
In the coming year, the NSIRA Secretariat’s office footprint, with modern and flexible workstations in the classified and non-classified realm, is expected to be completed. The project has been pushed back to a summer 2024 delivery date due to its complexity, supply chain challenges, and compliance requirements.
The NSIRA Secretariat also continues to implement security controls and keeps its Security Plan and Business Impact Analysis evergreen, to ensure resiliency over time. In addition, based on the NSIRA Secretariat’s Information Management plans and strategies developed last fiscal year, it has identified the tools and resources required to execute the plans and strategies over the coming years.
Snapshot of planned resources in 2024-25
Planned spending: $7,722,123
Planned full-time resources: 31
Related government priorities
Planning for contracts awarded to Indigenous businesses
The NSIRA Secretariat is among the final wave of departments and agencies that are to achieve the mandatory minimum target of contract awards to Indigenous businesses by 2024–25. Efforts are already well underway in support of the Government of Canada’s commitment which requires that an annual, mandatory minimum target of five percent of the total value of contracts be awarded to Indigenous businesses.
In 2021-22, the NSIRA Secretariat exceeded its plan to reach two percent of total contract values awarded to Indigenous business, and achieved three percent, as shown in Table 3. Measures undertaken by the NSIRA Secretariat to facilitate the achievement of the mandatory minimum target by 2024–25 include a commitment to process an increasing minimum number of contracts in each of the following three fiscal years, as set-asides under the Procurement Strategy for Indigenous Business.
Table 3: Progress toward target for contracts with Indigenous businesses
5% reporting field description
2021–22 actual % achieved
2022–23 actual % achieved
2023–24 planned % target
2024–25 planned % target
Total percentage of contracts with Indigenous businesses
3%
3%
3%
5%
Planned spending and human resources
This section provides an overview of NSIRA’s planned spending and human resources for the next three fiscal years and compares planned spending for 2024–25 with actual spending from previous years.
Spending
Table 4: Actual spending summary for core responsibilities and internal services ($ dollars)
The following table shows information on spending for each of NSIRA’s core responsibilities and for its internal services for the previous three fiscal years. Amounts for the current fiscal year are forecasted based on spending to date.
Core responsibilities and Internal Services
2020–21 actual expenditures
2021–22 actual expenditures
2022–23 forecast spending
National Security and Intelligence Reviews and Complaints Investigations
7,394,642
7,756,271
9,516,920
Subtotal
7,394,642
7,756,271
9,516,920
Internal Services
9,895,112
10,532,876
10,799,513
Total
17,289,754
18,289,147
20,316,433
Table 5: Budgetary planning summary for core responsibilities and internal services (dollars)
The following table shows information on spending for each of NSIRA’s core responsibilities and for its internal services for the upcoming three fiscal years.
Core responsibilities and Internal Services
2024–25 budgetary spending
(as indicated in Main Estimates)
2024–25 planned spending
2025–26 planned spending
2026–27 planned spending
National Security and Intelligence Reviews and Complaints Investigations
10,852,987
10,852,987
10,852,051
10,852,051
Subtotal
10,852,987
10,852,987
10,852,051
10,852,051
Internal Services
7,722,123
7,722,123
7,758,034
7,758,034
Total
18,575,110
18,575,110
18,610,085
18,610,085
Funding
Figure 1: Departmental spending 2021–22 to 2026–27
The following graph presents planned spending (voted and statutory expenditures) over time.
Text version of Figure 1
Departmental spending trend graph
2021–22
2022–23
2023–24
2024–25
2025–26
2026–27
Statutory
1,176,321
1,300,166
1,513,580
1,764,845
1,766,593
1,766,593
Voted
16,113,433
16,988,981
18,802,853
16,810,265
16,843,492
16,843,492
Total
17,289,754
18,289,147
20,316,433
18,575,110
18,610,085
18,610,085
Peak spending was reached in 2023–24 with the inclusion of the majority of construction project expenditures. The NSIRA Secretariat will move to steadier state of spending in 2024–25.
Estimates by vote
Information on NSIRA’s organizational appropriations is available in the 2024–25 Main Estimates.
Future-oriented condensed statement of operations
The future-oriented condensed statement of operations provides an overview of NSIRA’s operations for 2023–24 to 2024–25.
The forecast and planned amounts in this statement of operations were prepared on an accrual basis. The forecast and planned amounts presented in other sections of the Departmental Plan were prepared on an expenditure basis. Amounts may therefore differ.
A more detailed future-oriented statement of operations and associated notes, including a reconciliation of the net cost of operations with the requested authorities, are available at NSIRA’s website.
Table 6: Future-oriented condensed statement of operations for the year ending March 31, 2025 (dollars)
Financial information
2023–24 Forecast results
2024–25 Planned results
Difference (2024–25 planned results minus 2023–24 Forecast results)
Total expenses
18,786,869
20,400,691
1,613,823
Total revenues
0
0
0
Net cost of operations before government funding and transfers
18,786,869
20,400,691
1,613,823
Human resources
Table 7: Actual human resources for core responsibilities and internal services
The following table shows a summary of human resources, in full-time equivalents (FTEs), for NSIRA’s core responsibilities and for its internal services for the previous three fiscal years. Human resources for the current fiscal year are forecasted based on year to date.
Core responsibilities and Internal Services
2021–22 actual full time equivalents
2022–23 actual full time equivalents
2023–24 forecast full time equivalents
National Security and Intelligence Reviews and Complaints Investigations
52
53
69
Subtotal
52
53
69
Internal Services
22
25
31
Total
74
78
100
Given the NSIRA secretariat continues to be a growing organization, the increase of 4 FTEs is reasonable year over year. The organization plans to continue to grow towards 100 FTEs through various recruitment and retention programs.
Table 8: Human resources planning summary for core responsibilities and internal services
The following table shows information on human resources, in full-time equivalents (FTEs), for each of NSIRA’s core responsibilities and for its internal services planned for 2024–25 and future years.
Core responsibilities and Internal Services
2024–25 planned full time equivalents
2025–26 planned full time equivalents
2026–27 planned full time equivalents
National Security and Intelligence Reviews and Complaints Investigations
69
69
69
Subtotal
69
69
69
Internal Services
31
31
31
Total
100
100
100
With a tight labour market and the requirement for a significant portion of employees to work primarily from secure office space, recruitment continues to prove challenging. New recruitment and retention programs will help the NSIRA secretariat in its ongoing efforts to be fully staffed.
Corporate Information
Organizational profile
Appropriate minister: The Right Honourable Justin Trudeau, Prime Minister of Canada Institutional head: John Davies, Executive Director Ministerial portfolio: Privy Council Office Enabling instrument:National Security and Intelligence Review Agency Act Year of incorporation / commencement: 2019
Organizational contact information
National Security and Intelligence Review Agency P.O. Box 2430, Station “D” Ottawa, Ontario K1P 5W5
Information on NSIRA’s departmental sustainable development strategy can be found on NSIRA’s website
Federal tax expenditures
NSIRA’s Departmental Plan does not include information on tax expenditures.
Tax expenditures are the responsibility of the Minister of Finance. The Department of Finance Canada publishes cost estimates and projections for government wide tax expenditures each year in the Report on Federal Tax Expenditures.
This report provides detailed information on tax expenditures, including objectives, historical background and references to related federal spending programs, as well as evaluations, research papers and gender-based analysis plus.
Appendix: definitions
appropriation(crédit)
Any authority of Parliament to pay money out of the Consolidated Revenue Fund.
budgetary expenditures(dépenses budgétaires)
Operating and capital expenditures; transfer payments to other levels of government, organizations or individuals; and payments to Crown corporations.
core responsibility(responsabilité essentielle)
An enduring function or role performed by a department. The intentions of the department with respect to a core responsibility are reflected in one or more related departmental results that the department seeks to contribute to or influence.
Departmental Plan(plan ministériel)
A report on the plans and expected performance of an appropriated department over a 3‑year period. Departmental Plans are usually tabled in Parliament each spring.
departmental priority(priorité)
A plan or project that a department has chosen to focus and report on during the planning period. Priorities represent the things that are most important or what must be done first to support the achievement of the desired departmental results.
departmental result(résultat ministériel)
A consequence or outcome that a department seeks to achieve. A departmental result is often outside departments’ immediate control, but it should be influenced by program-level outcomes.
departmental result indicator (indicateur de résultat ministériel)
A quantitative measure of progress on a departmental result.
departmental results framework(cadre ministériel des résultats)
A framework that connects the department’s core responsibilities to its departmental results and departmental result indicators.
Departmental Results Report(rapport sur les résultats ministériels)
A report on a department’s actual accomplishments against the plans, priorities and expected results set out in the corresponding Departmental Plan.
experimentation(expérimentation)
The conducting of activities that seek to first explore, then test and compare the effects and impacts of policies and interventions in order to inform evidence-based decision-making, and improve outcomes for Canadians, by learning what works, for whom and in what circumstances. Experimentation is related to, but distinct from innovation (the trying of new things), because it involves a rigorous comparison of results. For example, using a new website to communicate with Canadians can be an innovation; systematically testing the new website against existing outreach tools or an old website to see which one leads to more engagement, is experimentation.
full‑time equivalent(équivalent temps plein)
A measure of the extent to which an employee represents a full person‑year charge against a departmental budget. For a particular position, the full‑time equivalent figure is the ratio of number of hours the person actually works divided by the standard number of hours set out in the person’s collective agreement.
gender-based analysis plus (GBA Plus)(analyse comparative entre les sexes plus [ACS Plus])
An analytical process used to assess how diverse groups of women, men and gender-diverse people experience policies, programs and services based on multiple factors including race ethnicity, religion, age, and mental or physical disability.
For the purpose of the 2020–21 Departmental Results Report, those high-level themes outlining the government’s agenda in the 2019 Speech from the Throne, namely: Fighting climate change; Strengthening the Middle Class; Walking the road of reconciliation; Keeping Canadians safe and healthy; and Positioning Canada for success in an uncertain world.
horizontal initiative(initiative horizontale)
An initiative where two or more federal organizations are given funding to pursue a shared outcome, often linked to a government priority.
non‑budgetary expenditures(dépenses non budgétaires)
Net outlays and receipts related to loans, investments and advances, which change the composition of the financial assets of the Government of Canada.
performance (rendement)
What an organization did with its resources to achieve its results, how well those results compare to what the organization intended to achieve, and how well lessons learned have been identified.
performance indicator(indicateur de rendement)
A qualitative or quantitative means of measuring an output or outcome, with the intention of gauging the performance of an organization, program, policy or initiative respecting expected results.
performance reporting(production de rapports sur le rendement)
The process of communicating evidence‑based performance information. Performance reporting supports decision making, accountability and transparency.
plan(plan)
The articulation of strategic choices, which provides information on how an organization intends to achieve its priorities and associated results. Generally, a plan will explain the logic behind the strategies chosen and tend to focus on actions that lead to the expected result.
planned spending(dépenses prévues)
For Departmental Plans and Departmental Results Reports, planned spending refers to those amounts presented in Main Estimates.
A department is expected to be aware of the authorities that it has sought and received. The determination of planned spending is a departmental responsibility, and departments must be able to defend the expenditure and accrual numbers presented in their Departmental Plans and Departmental Results Reports.
program(programme)
Individual or groups of services, activities or combinations thereof that are managed together within the department and focus on a specific set of outputs, outcomes or service levels.
program inventory(répertoire des programmes)
Identifies all the department’s programs and describes how resources are organized to contribute to the department’s core responsibilities and results.
result(résultat)
A consequence attributed, in part, to an organization, policy, program or initiative. Results are not within the control of a single organization, policy, program or initiative; instead they are within the area of the organization’s influence.
statutory expenditures(dépenses législatives)
Expenditures that Parliament has approved through legislation other than appropriation acts. The legislation sets out the purpose of the expenditures and the terms and conditions under which they may be made.
target (cible)
A measurable performance or success level that an organization, program or initiative plans to achieve within a specified time period. Targets can be either quantitative or qualitative.
voted expenditures(dépenses votées)
Expenditures that Parliament approves annually through an appropriation act. The vote wording becomes the governing conditions under which these expenditures may be made.
This quarterly report has been prepared by management as required by section 65.1 of the Financial Administration Act and in the form and manner prescribed by the Directive on Accounting Standards, GC 4400 Departmental Quarterly Financial Report. This quarterly financial report should be read in conjunction with the 2023–24 Main Estimates.
This quarterly report has not been subject to an external audit or review.
Mandate
The National Security and Intelligence Review Agency (NSIRA) is an independent external review body that reports to Parliament. Established in July 2019, NSIRA is responsible for conducting reviews of the Government of Canada’s national security and intelligence activities to ensure that they are lawful, reasonable and necessary. NSIRA also hears public complaints regarding key national security agencies and their activities.
This quarterly report has been prepared by management using an expenditure basis of accounting. The accompanying Statement of Authorities includes the agency’s spending authorities granted by Parliament and those used by the agency, consistent with the 2023–24 Main Estimates. This quarterly report has been prepared using a special-purpose financial reporting framework (cash basis) designed to meet financial information needs with respect to the use of spending authorities.
The authority of Parliament is required before money can be spent by the government. Approvals are given in the form of annually approved limits through appropriation acts or through legislation in the form of statutory spending authorities for specific purposes.
Highlights of the fiscal quarter and fiscal year-to-date results
This section highlights the significant items that contributed to the net increase or decrease in authorities available for the year and actual expenditures for the quarter ended September 30, 2023.
NSIRA Secretariat spent approximately 52% of its authorities by the end of the third quarter, compared with 39% in the same quarter of 2022–23 (see graph 1).
Graph 1: Comparison of total authorities and total net budgetary expenditures, Q3 2023–2024 and Q3 2022–2023
Text version of Figure 1
Comparison of total authorities and total net budgetary expenditures, Q3 2023–24 and Q3 2022–23
2023-24
2022-23
Total Authorities
$24.4
$29.8
Q2 Expenditures
$4.8
$4.7
Year-to-Date Expenditures
$12.8
$11.6
Significant changes to authorities
As at December 31, 2023, Parliament had approved $24.4 million in total authorities for use by NSIRA Secretariat for 2023–24 compared with $29.8 million as of December 31, 2022, for a net decrease of $5.3 million or 18% (see graph 2).
Graph 2: Variance in authorities as at December 31, 2023
Text version of Figure 2
Variance in authorities as at June 30, 2023 (in millions)
Fiscal year 2022-23 total available for use for the year ended March 31, 2023
Fiscal year 2023-24 total available for use for the year ended March 31, 2024
Vote 1 – Operating
28.1
22.6
Statutory
1.6
1.8
Total budgetary authorities
29.7
24.4
The decrease of $5.3 million in authorities is mostly explained by a gradual reduction in NSIRA Secretariat’s ongoing operating funding due to an ongoing construction project nearing completion.
Significant changes to quarter expenditures
The third quarter expenditures totalled $4.8 million for an increase of $0.1 million when compared with $4.7 million spent during the same period in 2022–2023. Table 1 presents budgetary expenditures by standard object.
Table 1
Variances in expenditures by standard object(in thousands of dollars)
Fiscal year 2023–24: expended during the quarter ended December 31, 2023
Fiscal year 2022–23: expended during the quarter ended December 31, 2022
Variance $
Variance %
Personnel
2,866
2,503
363
15%
Transportation and communications
110
82
28
34%
Information
1
4
(3)
(75%)
Professional and special services
486
1,271
(785)
(62%)
Rentals
78
83
(5)
(6%)
Repair and maintenance
1,161
685
476
69%
Utilities, materials and supplies
(1)
21
(22)
(105%)
Acquisition of machinery and equipment
83
2
81
4050%
Other subsidies and payment
(33)
17
(50)
(294%)
Total gross budgetary expenditures
4,751
4,668
83
2%
*Details may not sum to totals due to rounding*
Professional and special services
The decrease of $785,000 is due to the timing of invoicing for our Internal Support Services agreement.
Repair and maintenance
The increase of $476,000 is due to the timing of invoicing for an ongoing capital project.
Utilities, materials and supplies
The decrease of $22,000 is due to a temporarily unreconciled acquisition card suspense account.
Acquisition of machinery and equipment
The increase of $81,000 is due to the purchase of software licenses and the corresponding support and maintenance.
Other subsidies and payments
The decrease of $50,000 is explained by a prior year refund that was deposited to NSIRA’s account in error.
Significant changes to year-to-date expenditures
The year-to-date expenditures totalled $12.8 million for an increase of $1.2 million (11%) when compared with $11.6 million spent during the same period in 2022–23. Table 2 presents budgetary expenditures by standard object.
Table 2
Variances in expenditures by standard object(in thousands of dollars)
Fiscal year 2023–24: year-to-date expenditures as of December 31, 2023
Fiscal year 2022–23: year-to-date expenditures as of December 31, 2022
Variance $
Variance %
Personnel
8,766
7,751
1,015
13%
Transportation and communications
302
196
106
54%
Information
5
9
(4)
(44%)
Professional and special services
2,155
2,695
(540)
(20%)
Rentals
151
132
19
14%
Repair and maintenance
1,188
749
439
(59%)
Utilities, materials and supplies
56
49
7
14%
Acquisition of machinery and equipment
135
15
120
800%
Other subsidies and payment
89
18
71
394%
Total gross budgetary expenditures
12,847
11,614
1,233
11%
*Details may not sum to totals due to rounding*
Personnel
The increase of $1,015,000 relates to an increase in average salary, an increase in full time equivalent (FTE) positions, and back-pay from the new collective agreement for the EC and AS occupational groups.
Transportation and communications
The increase in $106,000 is due to the timing of the invoicing for our internet connections.
Professional and special services
The decrease of $540,000 is mainly explained by the conclusion of guard services contracts associated to a capital construction project and the timing of invoicing for internal support services.
Repair and maintenance
The increase of $439,000 is due to the timing of invoicing for an ongoing capital project.
Acquisition of machinery and equipment
The increase of $120,000 is mainly explained by the one-time purchase of a specialized laptop and licenses.
Other subsidies and payments
The increase of $71,000 is due to an increase in salary overpayments.
Risks and uncertainties
The NSIRA Secretariat has made progress on accessing the information required to conduct reviews; however, there continues to be risks associated with reviewees’ ability to respond to, and prioritize, information requests, hindering NSIRA’s ability to deliver its review plan in a timely way. The NSIRA Secretariat will continue to mitigate this risk by providing clear communication related to information requests, tracking their timely completion within communicated timelines, and escalating issues when appropriate.
There is a risk that the funding received to offset pay increases anticipated over the coming year will be insufficient to cover the costs of such increases and the year-over-year cost of services provided by other government departments/agencies is increasing significantly.
Mitigation measures for the risks outlined above have been identified and are factored into NSIRA Secretariat’s approach and timelines for the execution of its mandated activities
Significant changes in relation to operations, personnel and programs
There have been no changes to the NSIRA Secretariat Program.
Approved by senior officials:
John Davies Executive Director
Martyn Turcotte Director General, Corporate Services, Chief Financial Officer
Appendix
Statement of authorities (Unaudited)
(in thousands of dollars)
Fiscal year 2023–24
Fiscal year 2022–23
Total available for use for the year ending March 31, 2024 (note 1)
Used during the quarter ended December 31, 2023
Year to date used at quarter-end
Total available for use for the year ending March 31, 2023 (note 1)
Used during the quarter ended December 31, 2022
Year to date used at quarter-end
Vote 1 – Net operating expenditures
22,633
4,313
11,531
28.063
4,236
10,318
Budgetary statutory authorities
Contributions to employee benefit plans
1,755
438
1,316
1,728
432
1,296
Total budgetary authorities (note 2)
24,388
4,751
12,847
29,791
4,668
11,614
Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.
Note 2: Details may not sum to totals due to rounding.
Departmental budgetary expenditures by standard object (unaudited)
(in thousands of dollars)
Fiscal year 2023–24
Fiscal year 2022–23
Planned expenditures for the year ending March 31, 2024 (note 1)
Expended during the quarter ended December 31, 2023
Year to date used at quarter-end
Planned expenditures for the year ending March 31, 2023
Expended during the quarter ended December 31, 2022
Year to date used at quarter-end
Expenditures
Personnel
13,372
2,866
8,766
13,389
2,503
7,751
Transportation and communications
650
110
302
597
82
196
Information
371
1
5
372
4
9
Professional and special services
4,906
486
2,155
4,902
1,271
2,695
Rentals
271
78
151
271
83
132
Repair and maintenance
4,580
1,161
1,188
9,722
685
749
Utilities, materials and supplies
73
(1)
56
173
21
49
Acquisition of machinery and equipment
132
83
135
232
2
15
Other subsidies and payments
33
(33)
89
133
17
18
Total gross budgetary expenditures (note 2)
24,388
4,751
12,847
29,791
4,668
11,614
Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.
Note 2: Details may not sum to totals due to rounding.
The Canada Border Services Agency (CBSA)’s Air Passenger Targeting program performs pre-arrival risk assessments on inbound passengers. It seeks to identify passengers that may be at higher risk of being inadmissible to Canada or of otherwise contravening the CBSA’s program legislation. It does so by using information submitted by commercial air carriers called Advanced Passenger Information and Passenger Name Record data in a multi-stage process that involves manual and automated triaging methods, referred to as Flight List Targeting and Scenario Based Targeting.
The Advance Passenger Information and/or Passenger Name Record data used to perform these prearrival risk assessments include personal information about passengers that relates to prohibited grounds of discrimination under the Canadian Human Rights Act and the Canadian Charter of Rights and Freedoms (the Charter). These grounds include age, sex, and national or ethnic origin. The CBSA relies on information and intelligence from a variety of different sources to determine which of these data elements indicate a risk in passengers’ characteristics and travel patterns in the context of specific enforcement issues, including national security-related risks. Given their potential importance for Canada’s national security and for the CBSA’s concurrent obligations to avoid discrimination, attention to the validity of the inferences underpinning the CBSA’s reliance on the particular indicators it creates from this passenger data to perform these risk assessments is warranted. These considerations also have implications for Canada’s international commitments to combat terrorism and serious transnational crime and to respect privacy and human rights in the processing of passenger information.
NSIRA conducted an in-depth assessment of the lawfulness of the CBSA’s activities in the first step of the pre-arrival risk assessment, where inbound passengers are triaged using the passenger data provided by commercial air carriers. The review examined whether the CBSA complies with restrictions established in statutes and regulations on the use of the Advance Passenger Information and Passenger Name Record data and whether the CBSA complies with its obligations pertaining to non-discrimination.
While NSIRA found that the CBSA’s use of Advance Passenger Information and Passenger Name Record data complied with the Customs Act, the CBSA does not document its triaging activities in a manner that enables effective verification of compliance with regulatory restrictions established under the Protection of Passenger Information Regulations. This was more of a weakness in the CBSA’s manual Flight List Targeting triaging method than its automated Scenario Based Targeting method.
The CBSA was also unable to consistently demonstrate that an adequate justification exists for its reliance on particular indicators it created from the Advance Passenger Information and Passenger Name Record data to triage passengers. This is important, as the CBSA’s reliance on certain indicators results in drawing distinctions between travellers based on prohibited grounds of discrimination. These distinctions may lead to adverse impacts on passengers’ time, privacy, and equal treatment, which may be capable of reinforcing, perpetuating or exacerbating a disadvantage. Adequate justification for such adverse differentiation is needed to demonstrate that such distinctions are not discriminatory and are a reasonable limit on travellers’ equality rights.
Recordkeeping is important to ensure effective verification that Air Passenger Targeting triaging activities comply with the law and respect human rights and NSIRA observed important weaknesses in this regard. These recordkeeping weaknesses stem in part from the fact that the CBSA’s policies, procedures, and training are insufficiently detailed to adequately equip CBSA staff to identify discrimination and compliance-related risks and to act appropriately in their duties. Oversight structures and practices are also not rigorous enough to identify and mitigate potential compliance and discrimination-related risks. This is compounded by lack of collection and assessment of relevant data. NSIRA recommends improved documentation practices for triaging to demonstrate compliance with statutory and regulatory restrictions and to demonstrate that an adequate justification exists for its reliance on the indicators it creates from Advance Passenger Information and Passenger Name Record data. Such documentation is essential to enable effective internal oversight as well as external review.
NSIRA also recommends more robust training and increased oversight to ensure that triaging practices are not discriminatory. This should include updates to policies as appropriate as well as the collection and analysis of the data necessary to identify, analyze and mitigate discrimination-related risks
Front matter
Lists of acronyms
API
Advance Passenger Information
APT
Air Passenger Targeting
CBSA
Canada Border Services Agency
CHRA COVID-19 EU
Canadian Human Rights ActNovel Coronavirus/Coronavirus Disease of 2019European Union
FLT
Flight List Targeting
IATA
International Air Transport Association
ICES
Integrated Customs Enforcement System
IRPA
Immigration and Refugee Protection Act
IRPR
Immigration and Refugee Protection Regulations
MOU
Memorandum of Understanding
NSIRA
National Security and Intelligence Review Agency
OAG
Office of the Auditor General of Canada
OPC
Office of the Privacy Commissioner
PAXIS
Passenger Information System
PCLMTFA
Proceeds of Crime (Money Laundering) and Terrorist Financing Act
PICR
Passenger Information (Customs) Regulations
PNR
Passenger Name Record
PPIR
Protection of Passenger Information Regulations
RFI
Request for Information
SBT
Scenario Based Targeting
SOP
Standard Operating Procedures
UNSC
United Nations Security Council
US
United States
Lists of figures
Figure 1. Advance Passenger Information and Passenger Name Record Elements
Figure 2. Steps in the Air Passenger Targeting
Figure 3. Process for Developing Scenarios for Scenario Based Targeting
Figure 4. What is a “High Risk” Flight or Passenger
Figure 5. Instances Where the Link to Serious Transnational Crime or Terrorism Offences was unclear
Figure 6. Instances Where the Potential Contravention was Unclear in Targets
Figure 7. Legal Tests under the CHRA and the Charter
Figure 8. Advance Passenger Information and Passenger Name Record Data That Relate to Protected Grounds
Figure 9. Instances Where Behavioural Indicators Were Protected Grounds or Did Not Narrow Scope
Figure 10. Impacts on Travellers Resulting from Initial Triage
Figure 11. Summary of NSIRA’s Assessment of Scenario Supporting Documentation
Figure 12. Examples of Weaknesses in Scenario Supporting Documentation
Figure 13. Example of a Well-Substantiated Scenario
Figure 14. Why the Justification for the Indicators Used in Targeting is Important
Authorities
The National Security and Intelligence Review Agency (NSIRA) conducted this review under paragraph 8(1)(b) of the NSIRA Act.
Introduction
The Canada Border Services Agency (CBSA)’s Air Passenger Targeting program is one of several programs that help the Agency fulfill its mandate of “providing integrated border services that support [Canada’s] national security and public safety priorities and facilitate the free flow of [admissible] persons and goods” into Canada. Air Passenger Targeting uses passenger data submitted by commercial air carriers called Advance Passenger Information and Passenger Name Record data to conduct pre-arrival risk assessments. The pre-arrival risk assessments are intended to identify individuals at higher risk of being inadmissible to Canada or of otherwise contravening the CBSA’s program legislation. In 2019-20, the CBSA received this information to risk assess 33.9 million inbound international travellers.
Air Passenger Targeting has become an increasingly important tool for screening passengers. The CBSA’s deployment of self-serve kiosks to process travellers arriving in Canadian airports has decreased the ability of Border Services Officers to risk assess travellers through in-person observations or interactions, increasing the CBSA’s reliance on pre-arrival risk assessments, like Air Passenger Targeting, to identify and interdict inadmissible people and goods.
The Canadian border context affords the CBSA considerable discretion in how it conducts its activities. Individuals have lower reasonable expectations of privacy at the border. Brief interruptions to passengers’ liberty and freedom of movement are reasonable, given the state’s legitimate interest in screening travellers and regulating entry. However, the activities of the CBSA must not be discriminatory, meaning that any adverse differential treatment on the basis of prohibited grounds of discrimination, such as national or ethnic origin, age, or sex must be justified. Both the Canadian Human Rights Act and the Canadian Charter of Rights and Freedoms (the Charter) create distinct obligations in this regard. The Advance Passenger Information and Passenger Name Record data that the CBSA uses to perform these pre-arrival risk assessments includes personal information about passengers that is either a prohibited ground of discrimination or that relates closely to such grounds, warranting further attention to the CBSA’s compliance with these obligations. As Air Passenger Targeting involves passenger screening to identify national security-related risks (among others), attention to the validity of the inferences underpinning the CBSA’s interpretation of passenger information also has implications for Canada’s national security.
Air Passenger Targeting also engages Canada’s international commitments to combat terrorism and serious transnational crime and to respect privacy and human rights in the processing of passenger information. The latter commitment has been of particular importance to the European Union in the context of ongoing negotiations on an updated agreement for sharing passenger information.
About the review
NSIRA’s review examined two main aspects of the lawfulness of the CBSA’s passenger triaging activities in Air Passenger Targeting and their effects on travellers. The review examined whether the CBSA’s triaging activities comply with restrictions established in statutes and regulations on the use of Advance Passenger Information and Passenger Name Record data; and whether passenger triaging activities comply with the CBSA’s obligations pertaining to non-discrimination under the Canadian Human Rights Act and the Charter.9 NSIRA expected to find that the CBSA’s triaging activities are conducted with appropriate legal authority and comply with use restrictions on the passenger data and non-discrimination obligations, namely, that any adverse differentiation among travellers based on protected grounds is supported by adequate justification.
The review focused on the CBSA’s triaging activities in Air Passenger Targeting relevant to identifying potential national security-related threats and contraventions. However, it also examined the program as a whole across the CBSA’s three main targeting categories—national security, illicit migration, and contraband—to fully appreciate the program’s governance and operations, given its reliance on intelligence analysis. The review examined the Air Passenger Targeting program as implemented by the CBSA between November 2020 and September 2021.
The review relied on information from the following sources:
Program documents and legal opinions
Information provided in response to requests for information (written answers and briefings)
[***Sentence revised to remove privileged or injurious information. It describes the number of scenarios that were active on May 26, 2021***]
Supporting documentation for a sample of 12 scenarios that were active on May 26, 2021
A sample of 83 targets issued between January and March 2021 (including 59 targets subsequent to Flight List Targeting and 24 targets subsequent to Scenario Based Targeting)
A live demonstration at the National Targeting Centre, which conducts Air Passenger Targeting
Open sources, including news articles, academic articles, and prior reviews by other agencies.
Past performance data and relevant policy developments
Confidence statement
For all reviews, NSIRA seeks to independently verify information it receives. Access to information was through requests for information and briefings by the CBSA. During this review, NSIRA corroborated the information that was received through verbal briefings by receiving copies of program files and alive demonstration of Air Passenger Targeting. NSIRA is confident in the report’s findings and recommendations.
Orientation to the Review Report
After providing essential background information on the steps and activities involved in Air Passenger Targeting and its contribution to the CBSA’s mandate in Section 5, the review’s findings and recommendations are presented in Section 6.
In Section 6.1, NSIRA’s assessed the CBSA’s compliance with statutory and regulatory restrictions on the CBSA’s use of Advance Passenger Information and Passenger Name Record data. Weaknesses in how the CBSA documents its Air Passenger Targeting program activities prevented NSIRA from verifying that all triaging activities complied with these restrictions. These weaknesses also impede the CBSA’s own ability to provide effective internal oversight.
In Section 6.2, NSIRA’s assessed the CBSA’s compliance with its obligations pertaining to nondiscrimination under the Canadian Human Rights Act and the Charter. Similar weaknesses in documentation and recordkeeping prevented the CBSA from demonstrating, in several instances, that an adequate justification exists for its reliance on the indicators it created from Advance Passenger Information and Passenger Name Record data to triage inbound travellers. Ensuring that Air Passenger Targeting triaging practices are substantiated by relevant, reliable and documented information and intelligence is important to demonstrating that travellers’ equality rights are being respected, given that some of the indicators relied on to triage passengers relate to protected grounds and given that passenger triage may lead to adverse impacts for travellers. NSIRA recommends a number of measures to improve recordkeeping and identify and mitigate discrimination-related risks.
Background and content
Air Passenger Targeting and the CBSA’s Mandate
The Air Passenger Targeting program is housed within the National Targeting Centre and is currently supported by 92 Full-Time Equivalents. Air Passenger Targeting is one of several targeting programs at the CBSA, and pre-arrival risk assessments are also performed on cargo and conveyances in other modes of travel, such as marine or rail. Pre-arrival risk assessments are currently only performed on crew and passengers for commercial-based air and marine travel. Screening and secondary examinations of travellers entering Canada through other modes of travel such as land or rail are undertaken at the border.
The Air Passenger Targeting pre-arrival risk assessments are intended to help front line Border Services Officers to identify travellers and goods with a higher risk of being inadmissible to Canada or of otherwise contravening the CBSA’s program legislation and referring them for further examination once they arrive at a Canadian Port of Entry.
Pre-arrival risk assessments are performed in relation to multiple enforcement issues, all of which are associated with ever-evolving travel patterns and traveller characteristics that may vary from one part of the world to the other. Staff at the National Targeting Centre receive training, develop on-the-job experience, and have access to a large body of information and intelligence to perform their duties.
How Air Passenger Targeting works
Key Information Relied Upon in Air Passenger Targeting
Air Passenger Targeting relies on two sets of information to triage passengers for these risk assessments. The first set consists of information about passengers that commercial air carriers submit to the CBSA under section 148(1)(d) of the Immigration and Refugee Protection Act and 107.1 of the Customs Act. This information is referred to as Advance Passenger Information and Passenger Name Record data. Advance Passenger Information comprises information about a traveller and the flight information associated with their travel to Canada; Passenger Name Record data is not standardized and refers to information about a passenger kept in the air carrier’s reservation system. The particular data elements are prescribed under section 5 of the Passenger Information(Customs) Regulations and section 269(1) of the Immigration and Refugee Protection Regulations.
For simplicity, NSIRA refers to Advance Passenger Information and Passenger Name Record Data collectively as “passenger data” in this review unless otherwise specified. Figure 1 provides an overview of common Advance Passenger Information and Passenger Name Record data elements. Once received by the CBSA, the passenger data is loaded into the CBSA’s Passenger Information System (PAXIS). This is the main system used to conduct Air Passenger Targeting.
Figure 1. Advance Passenger Information and Passenger Name Record Elements
The second set consists of information and intelligence from a variety of other sources that is used to help the CBSA determine which Advance Passenger Information and Passenger Name Record data elements may indicate risks in passengers’ characteristics and travel patterns in the context of specific enforcement issues and can therefore provide indicators for triaging passengers. Key sources include:
Recent significant interdictions that are cross-referenced with historical enforcement and intelligence information, as well as with the Advance Passenger Information and/or Passenger Name Record data for interdicted subjects
Port of entry seizures
Information from Liaison Officers overseas
International intelligence bulletins
Intelligence products shared by domestic and international partners concerning actionable indicators and trends from partner agencies based on their area of expertise.
Open sources, including news articles, op-eds, academic articles, social media.
CBSA intelligence products based on one or more of the above-mentioned sources, such as Intelligence Bulletins, Targeting Snapshots or Placemats, Country Threat Assessments, Intelligence Briefs, daily news briefings.
The quality of the information supporting the CBSA’s inferences as to who may be a high-risk traveller is important to ensure the triage is reasonable and non-discriminatory (see Section 6.2).
Step by Step Process of Air Passenger Targeting
Air Passenger Targeting involves three key steps, illustrated in Figure 2. First, CBSA officers triage passengers based on the Advance Passenger Information and Passenger Name Record data using manual or automated methods. Second, CBSA officers undertake a risk assessment of the selected passengers using different sources of information and intelligence. Third, Targeting Officers decide whether to issue a “target,” based on the results of this risk assessment.
Figure 2. Steps in the Air Passenger Targeting Process
Step 1: Passenger Triage
The CBSA uses two distinct methods to triage passengers using Advance Passenger Information and Passenger Name Record data: Flight List Targeting and Scenario-Based Targeting.
Flight List Targeting is a manual triage method that involves two main steps. The officers use their judgement to make these selections (see Figure 4 for further details).
Targeting Officers select an inbound flight from those arriving that day that they consider to be at “higher risk” of transporting passengers that may be contravening the CBSA’s program legislation.
Targeting Officers then select passengers on those flights for further assessment, based on the details displayed about them in the list of passengers.
Scenario Based Targeting is an automated triage method that relies on “scenarios,” or pre-established set of indicators created from Advance Passenger Information and Passenger Name Record data elements that the CBSA considers as risk factors for a particular enforcement issue. The data for passengers on all inbound flights are automatically compared against the parameters of each scenario. Any passengers whose data match all of the parameters of one (or more) scenario are automatically selected for a Targeting Officer to assess further.
[***Sentence revised to remove privileged or injurious information. It describes the steps involved in developing scenarios ***]
Figure 3. Process for Developing Scenarios for Scenario Based Targeting
[***Figure revised to remove privileged or injurious information. It describes the steps involved in developing scenarios. ***]
Both of these triage methods are informed by an analysis of information and intelligence in slightly different ways. In Scenario Based Targeting, the National Targeting Centre’s Targeting Intelligence unit analyses intelligence and information to identify combinations of Advance Passenger Information and Passenger Name Record data elements associated with “high risk” passengers and travel patterns for the purposes of developing scenarios, as illustrated in Step 1 of Figure 3 above. In Flight List Targeting, Targeting Officers analyze information and intelligence to develop a personal “mental model” about what constitute “high risk” flights or passengers in the context of a specific enforcement issue. Examples are provided in Figure 4.
Figure 4. What is a “High Risk” Flight or Passenger?
Based on information about past trends and intelligence about future travel, CBSA officers identify certain flights or airports that have had a higher incidence of travellers subsequently found to be in contravention of the CBSA’s program legislation. The CBSA assesses flights from these points of origin as “high risk” flights. [Sentence revised to remove privileged or injurious information. It provided examples of flight information that the CBSA indicated was associated with past contraventions.]
Based on similar analysis, CBSA officers have assessed that certain combinations of traveller characteristics and travel patterns are or may be associated with contraventions of the CBSA’s program legislation. Travellers who match these characteristics are considered to be “high risk” travellers. [Sentence revised to remove privileged or injurious information. It provided examples of flight information that the CBSA indicated was associated with past contraventions.]
Steps 2 and 3: Passenger Risk Assessments and Issuing Targets
The initial triage of passengers may result in two additional steps for those who have been selected for further assessment: further passenger risk assessments (referred to by the CBSA as a “comprehensive review”) and a decision to issue a target if risks that were initially identified remain.
The passenger risk assessment process involves requesting and analyzing the following information to determine whether risks initially identified in the passenger’s Advance Passenger Information and Passenger Name Record data are no longer of concern (referred to as “negation”), whether they continue to be of concern, or whether those concerns have increased:
Mandatory and discretionary queries of CBSA and other government databases;
Open-source searches (including social media);
Requests for information to other Government of Canada departments and to the United States Customs and Border Protection agency (mandatory for all potential contraventions related to national security, but optional for other enforcement issues).
A target is issued when the risk assessment cannot “negate” risks initially inferred about the passenger. A target is a notification to Border Services Officers at a Canadian Port of Entry (in this case, airports) to refer the passenger for “secondary examination”. It does not mean that a passenger has been found in contravention of the CBSA’s program legislation. A target includes details about the passenger and the risks identified in relation to the potential contravention (referred to as a “target narrative”).
During secondary examinations, Border Services Officers engage in a progressive line of questioning. This questioning is informed by the details contained in the target as well as all other information available to the officers, including information provided by travellers and other observations developed during the examination. This information may allow the officers to establish a reasonable suspicion about whether the passenger has contravened customs, immigration, or other requirements that are enforced by the CBSA and pursue further questioning or examination. These examinations may also involve a search of luggage and/or digital devices where required and with managerial approval. The outcome of these examinations determines the next steps for individual travellers.
Findings and Recommendations
The CBSA’s Compliance with Restrictions Established in Law and Regulations
Restrictions that Apply to Air Passenger Targeting and Why They Matter
While Air Passenger Targeting is not explicitly discussed in legislation, both the Customs Act and the Immigration and Refugee Protection Act provide the CBSA with legislative authority to collect and use Advance Passenger Information and Passenger Name Record data in Air Passenger Targeting. Such use is further supported by section 4(1)(b) of the Protection of Passenger Information Regulations, which expressly contemplates the use of Passenger Name Record data to conduct trend analysis and to develop risk indicators for the purpose of identifying certain high-risk individuals.
NSIRA is satisfied that these statutory provisions also authorize the CBSA to collect and analyze the information and intelligence necessary to support Air Passenger Targeting. These inputs are necessary to contextualize its interpretation of the Advance Passenger Information and Passenger Name Record data and determine which data elements characterize “high risk” passengers and travel patterns in the context of different enforcement issues. However, the review did not examine whether all information and intelligence collected by the CBSA was necessary to the conduct of its operations (in Air Passenger Targeting or otherwise). This related topic may be the subject of future review.
These authorizing provisions create restrictions on the CBSA’s use of Advance Passenger Information and Passenger Name Record data. Two layers of use restrictions apply: one set arises from the Customs Act or the Immigration and Refugee Protection Act as authorizing statutes, and the other set arises from section 4 of the Protection of Passenger Information Regulations.
In examining compliance with the first set, NSIRA referred to section 107(3) of the Customs Act, the broader of the two authorities. Section 107(3) authorizes the CBSA to use Advance Passenger Information and Passenger Name Record data:
To administer or enforce the Customs Act, Customs Tariff, or related legislation;
To exercise its powers, duties and functions under the Immigration and Refugee Protection Act, including establishing a person’s identity or determining their inadmissibility; and/or
For the purposes of its program legislation.
NSIRA also examined compliance with the use restrictions established by section 4 of the Protection of Passenger Information Regulations. The regulations limit the CBSA’s use of Passenger Name Record data to the identification of persons “who have or may have committed” either a terrorism offence or a serious transnational crime. The data can be used to identify such persons directly, or to enable trend analysis or the development of risk indicators for that same purpose.
The Protection of Passenger Information Regulations were enacted to fulfill Canada’s commitments respecting its use of Passenger Name Record data as part of an agreement signed with the European Union. The Agreement specifies that “[Passenger Name Record] data will be used strictly for purposes of preventing and combating: terrorism and related crimes; other serious crimes, including organized crime, that are transnational in nature.” Although the 2006 agreement expired, ongoing efforts to negotiate a new agreement place continued importance on ensuring the CBSA’s ability to demonstrate compliance with the lawful uses of Passenger Name Record data. The constraints established in the regulations also indicate the Minister’s determination of when the use of Passenger Name Record data by the CBSA will be reasonable and proportional.
As a matter of law, the Protection of Passenger Information Regulations restrictions apply only to Passenger Name Record data provided to the CBSA under the Immigration and Refugee Protection Act. However, Advance Passenger Information and Passenger Name Record data are integrated within its systems. The CBSA also uses Passenger Name Record data to issue targets for the purposes of the Customs Act and the Immigration and Refugee Protection Act simultaneously. Given the CBSA’s commitments to the European Union under the above-mentioned Agreement and these other considerations, the CBSA observes these regulatory restrictions across its Air Passenger Targeting program as a matter of policy.
Assessing compliance with the Protection of Passenger Information Regulations required NSIRA to determine whether the enforcement issue of interest in the triaging decision fell within the regulations’ definitions of a “terrorism offence” or of a “serious transnational crime.”
What NSIRA found?
NSIRA found that, in its automated Scenario Based Targeting triaging method, the CBSA’s use of Advance Passenger Information and Passenger Name Record data to identify potential threats and contraventions of the CBSA’s program legislation complied with statutory restrictions. For its manual Flight List Targeting triaging method, NSIRA was not able to assess the reasons for the CBSA’s selection of individual travellers and was therefore not able to verify compliance with section 107(3) of the Customs Act. For both methods, NSIRA was also unable to verify that all triaging complied with the regulatory restrictions imposed by the Protection of Passenger Information Regulations on the CBSA’s use of Passenger Name Record data, namely that its use served to identify potential involvement in terrorism offences or serious transnational crimes. This was due to lack of precision in Scenario Based Targeting program documentation and lack of documentation about the basis for Flight List Targeting triaging decisions.
Do Scenario Based Targeting triage practices comply with statutory and regulatory restrictions?
In Scenario Based Targeting, all scenarios complied with the statutory restrictions on the use of Advance Passenger Information and Passenger Name Record data, as all scenarios were developed for the purposes of administering or enforcing the CBSA’s program legislation. However, in several instances, the scenario documentation did not precisely identify why the CBSA considered a particular enforcement concern to be related to a terrorism offence or serious transnational crime. This lack of precision obscured whether the scenarios complied with the Protection of Passenger Information Regulations.
NSIRA reviewed the information contained within the scenario templates for [***Sentence revised to remove privileged or injurious information. It describes the number of scenarios that were active on May 26, 2021***]. The templates require information on the specific legislative provisions associated with the potential contravention the scenario seeks to identify. The templates also require a general description of the details of the scenario, including the potential contravention.
The CBSA’s use of Advance Passenger Information and Passenger Name Record data in Scenario Based Targeting complied with the first layer of legal restrictions, as all of the scenarios sought to identify contraventions of the Immigration and Refugee Protection Act, the Customs Act, the Customs Tariff, and/or the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, which are authorized purposes under section 107(3) of the Customs Act. In many instances, the scenario’s purpose also complied with the complementary restrictions under the Immigration and Refugee Protection Act.
Regarding the second layer of restrictions imposed by the Protection of Passenger Information Regulations, most scenarios cited provisions for potential contraventions that were reasonably viewed as relating to terrorism or serious transnational crime. In several instances, however, the link to terrorism or serious transnational crime was not clear. This occurred in one of two ways:
Scenarios did not establish why a potential contravention cited as the intent of the scenario was related to an offence punishable by a term of at least four years of imprisonment, which one of the criteria in the definition of a serious transnational crime. It was therefore unclear how the enforcement interest related to a serious transnational crime (observed in at least 28 scenarios).Including more precise details on how the potential contravention relates to a serious transnational crime or terrorism offence would more clearly establish this link.
Scenarios cited three or more distinct grounds for serious inadmissibility, such as sections 34, 35,36, and/or 37 of the Immigration and Refugee Protection Act without providing further details as to why all grounds were relevant to the conduct at issue in the scenario (observed in at least 20 scenarios).
This obscured how the grounds related meaningfully to the conduct at issue and why the conduct related to a terrorism offence or serious transnational crime. Including more precise details on how each ground of inadmissibility included in a scenario is relevant to the conduct at issue would help in this regard.
Illustrative examples are provided in Figure 5, and further details on NSIRA’s assessment of compliance with the Customs Act and the Protection of Passenger Information Regulations are provided in Appendix 8.3.
Figure 5. Instances Where the Link to Serious Transnational Crime or Terrorism Offences was unclear
[Figure revised to remove privileged or injurious information. It described two examples where the link to serious transnational crime or terrorism offences was unclear in scenarios.]
Do Flight List Targeting triage practices comply with statutory and regulatory restrictions?
Lack of documentation about why officers selected particular flights or passengers prevented NSIRA from verifying whether Flight List Targeting triaging practices comply with the use restrictions found in the Customs Act or the Protection of Passenger Information Regulations. This lack of documentation also impedes the CBSA’s internal verification that Flight List Targeting triaging complies with these use restrictions.
As Targeting Officers rely on their judgement to triage passengers in Flight List Targeting, record keeping about triaging decisions is important to be able to verify that triaging complies with relevant statutes and regulations and take corrective action as appropriate. Although the National Targeting Centre has a Notebook Policy, which requires officers to “record all information about the officers’ activities,” the National Targeting Policy and the Air Passenger Targeting Standard Operating Procedures do not specify what stages of Air Passenger Targeting need to be documented or what information needs to be recorded at each step. Moreover, the Air Passenger Targeting Standard Operating Procedures, the Target Narrative Guidelines, and the format for issuing targets in the CBSA’s systems do not require officers to include precise details about the potential contravention that motivated their decision to issue a target.
NSIRA was only able to infer why a passenger was first selected for further assessment in Flight List Targeting from the details of targets, even though the explanatory value of analyzing targets for insight about initial triaging is limited. Targets are not issued for all initially selected passengers : only 15 percent of the passengers that were selected for a comprehensive risk assessment led to a target being issued in 2019-20.
As well, the enforcement issue contained within targets may have changed during later stages in the Air Passenger Targeting process and may not necessarily reflect the issue that motivated the initial triaging decision.
NSIRA found that all targets in a sample of 59 targets issued subsequent to Flight List Targeting complied with the first layer of use restrictions under section 107(3) of the Customs Act, as they cited either the “IRPA” or the “Customs Act” in the details of the target. However, the targets did not always specify a particular contravention of these Acts, which created a challenge for determining why the officers’ interest in the passenger related to a terrorism offence or serious transnational crime. Based on other descriptive details about the behaviours or risk factors contained in the target, it was only possible to clearly infer the enforcement issue and determine that it was a terrorism offence or a serious transnational crime in approximately half the targets (29 of 59). Illustrative examples are provided in Figure 6.
Figure 6. Instances Where the Potential Contravention was Unclear in Targets
[***Figure revised to remove privileged or injurious information. It described two examples of targets where the potential was unclear based on the details of the target.***]
Why is precision in record keeping important?
It is important to ensure that the potential contravention at issue is clear in scenario templates and targets and to ensure that recordkeeping about the reasons animating Flight List Targeting triaging is adequate in order to allow effective verification that all triaging activities comply with statutory and regulatory restrictions.
The CBSA’s current oversight functions consist of reviewing new scenarios prior to and in parallel with their activation and of reviewing targets after the fact for quality control and performance measurement. However, the documentation weaknesses identified above prevent the CBSA from ensuring that its triaging activities comply with statutory and regulatory restrictions. The CBSA’s oversight mechanisms should include robust verification that scenarios and manual Flight List Targeting triaging practices are animated by issues relevant to the administration or enforcement of the CBSA’s program legislation. Where Passenger Name Record data is used, oversight should also verify that the enforcement issue constitutes or is indicative of a terrorism offence or serious transnational crime. More precise and consistent recordkeeping of the reasons underlying passenger triage decisions in both Scenario Based Targeting and Flight List Targeting would help in this respect.
Guidance on what the legislative and regulatory restrictions entail for targeting activities was also not clearly articulated in the National Targeting Centre’s policies, standard operating procedures, or training materials. These guidance materials should include further specifics on:
Which issues pertinent to admissibility under the Immigration and Refugee Protection Act or other contraventions of the CBSA’s program legislation constitute or relate to a serious transnational crime or terrorism offence and why; and
How to document triaging decisions on a consistent basis to enable internal and external verification that targeting activities align with these legal and regulatory restrictions.
For example, the Scenario Based Targeting Governance Framework included helpful examples of risk categories that identify associated legislative provisions. Though the examples align with the definitions of serious transnational crime and terrorism offences in the Protection of Passenger Information Regulations, no explanation linking the examples to alignment with the regulations are provided. Equivalent guidance does not exist for Flight List Targeting.
Clearly identifying the potential enforcement issue is also important to verifying that the indicators created from Advance Passenger Information and Passenger Name Record data that are used to triage passengers are relevant to the issue and reliably predictive of it. This is important for demonstrating that the triaging practices are reasonable and non-discriminatory (see Section 6.3).
Finding 1. The CBSA’s use of Advance Passenger Information and Passenger Name Record data in Scenario Based Targeting complied with section 107(3) of the Customs Act.
Finding 2. The CBSA does not document its triaging practices in a manner that enables effective verification of whether all triaging decisions comply with statutory and regulatory restrictions.
Recommendation 1. NSIRA recommends that the CBSA document its triaging practices in a manner that enables effective verification of whether all triaging decisions comply with statutory and regulatory restrictions.
The CBSA’s Compliance with Obligations Pertaining to Non-Discrimination
The CBSA’s Non-Discrimination Obligations and Why They Matter
The Canadian Human Rights Act and the Charter each establish obligations pertaining to nondiscrimination. The tests for assessing whether or not discrimination has occurred are thematically similar, though with differences in approach and terminology as illustrated in Figure 7. The analysis under both instruments begins with a factual inquiry into whether a distinction is being drawn between travellers based on prohibited grounds of discrimination, and if so, whether it has an adverse effect on the traveller or reinforces, perpetuates or exacerbates disadvantage. If so, the analysis under the CHRA examines whether there is a bona fide justification for the adverse differentiation. The corresponding analysis under the Charter examines whether the limit on travellers’ equality rights is demonstrably justified in a free and democratic society.
Figure 7. Legal Tests under the CHRA and the Charter
What NSIRA Found
Although triaging in Air Passenger Targeting typically relies on multiple indicators that are created from Advance Passenger Information and Passenger Name Record data, some of these indicators are protected grounds or relate closely to protected grounds. Air Passenger Targeting triaging results in impacts on travellers that can be considered adverse in nature and are capable of reinforcing, perpetuating, or exacerbating disadvantages. This creates a risk of prima facie discrimination. While these limits on travellers’ equality rights may be justifiable, weaknesses in the CBSA’s program documentation prevented the CBSA from demonstrating that a bona fide justification supported the adverse differentiation of travellers in several instances. A large body of information and intelligence is available to CBSA staff; however, it was not compiled and documented in a way that consistently established why certain indicators used to triage passengers related to a threat or potential contravention and did not always establish that these indicators were current and reliable. This weakness with respect to ensuring precise, well-substantiated documentation is similar to the one already highlighted in relation to the CBSA’s compliance with legal and regulatory restrictions.
Further information on the nature of the differentiations made in Air Passenger Targeting triaging practices and their impact on individuals would be required to conclusively establish whether or not triaging practices are discriminatory. However, the risk of discrimination is sufficiently apparent to warrant careful attention. In this review, NSIRA will recommend measures that could help the CBSA to assess and mitigate discrimination-related risks.
Does the CBSA make a distinction in relation to “protected grounds”?
Some of the indicators relied on to triage passengers are either protected grounds themselves or relate closely to protected grounds. NSIRA observed instances where passengers appeared to be differentiated based on protected grounds.
NSIRA examined all scenarios that were active on May 26, 2021 and a sample of targets to determine whether the CBSA’s triaging practices engage prohibited grounds of discrimination, such as age, sex, or national or ethnic origin. NSIRA refers to these as “protected grounds” in the report. The assessment considered:
How the indicators used to triage passengers relate to protected grounds;
The significance of the indicators in triage and how individual indicators were weighted in relation to each other; and
Whether these indicators created distinctions among individuals, or classes of individuals, based on protected grounds, whether in their own right or by virtue of their cumulative impact.
NSIRA found that the CBSA triages passengers based on a combination of indicators that are created from Advance Passenger Information and Passenger Name Record data. This triaging often included indicators that were either protected grounds themselves or related closely to protected grounds. Examples of these indicators are provided in Figure 8 with further details on how the CBSA relied on these indicators in Appendix 8.4.
Figure 8. Advance Passenger Information and Passenger Name Record Data That Relate to Protected Grounds
Although the CBSA took certain measures to mitigate the possibility that triaging decisions were based primarily on protected grounds, NSIRA observed that these measures did not always adequately mitigate that risk. More specifically:
[***Note revised to remove injurious or privileged information. It lists examples of scenarios that relied on single elements.***] NSIRA observed instances where scenarios continued to rely largely on indicators that related closely to protected grounds. This was because the behavioural indicators were often used in a way that related closely to a protected ground (primarily national origin) or because the parameters for the behavioural indicators were very broad (for example: passports as a travel document) and did not significantly narrow the range of passengers captured by the scenario. Examples are provided in Figure 9.
Scenario Based Targeting triaging for potential contraventions relevant to national security focused disproportionately on a certain profile of passengers: [***Sentence revised to remove injurious or privileged information. It described a combination of traveller characteristics that relates to protected grounds.***] While individual scenarios considered a variety of other indicators that differed between each scenario and that appeared to be specific to a unique set of personal characteristics and behavioural patterns for each national security risk, the overall effect of the scenarios created a differential impact largely focused on this particular profile.
Figure 9. Instances Where Behavioural Indicators Were Protected Grounds or Did Not Narrow Scope
[***Figure revised to remove privileged or injurious information. It describes two examples of scenarios where behavioural indicators were used in a way that related closely to a protected ground or because the parameters for the behavioural indicators were very broad and did not significantly narrow the range of passengers captured by the scenario***]
As the CBSA’s triaging practices engage protected grounds and resulted in a differentiation of passengers based on protected grounds in certain instances, NSIRA considered the impacts that these distinctions may produce.
Do distinctions result in adverse impacts capable of reinforcing, perpetuating, or exacerbating a disadvantage?
Distinctions made in passenger triage lead to several types of potential impacts for the passengers that are selected for further assessment. These impacts are adverse in nature and are capable of reinforcing, perpetuating, or exacerbating disadvantages.
NSIRA considered the kinds of impacts that Air Passenger Targeting has for the passengers who are selected for further assessment through the initial triage. These impacts are illustrated in Figure 10. Each may have important effects on passengers’ time, privacy, and equality, particularly as the impacts accumulate during the screening process and/or where these impacts are experienced repeatedly by the same travellers.
Figure 10. Impacts on Travellers Resulting from Initial Triage
[Figure revised to remove privileged or injurious information. It describes numbers of passengers targeted by year.]
These impacts can be adverse in nature and are reasonably understood as being capable of reinforcing, perpetuating, or exacerbating disadvantage, particularly when viewed in light of possible systemic or historical disadvantages. However, disaggregated data on the ethno-cultural, gender, or other group identity of affected passengers and their circumstances in Canadian society would be required to fully appreciate Air Passenger Targeting’s impacts on affected groups.
A risk of prima facie discrimination is established where these adverse impacts accrue to individuals based on protected grounds. These adverse impacts on protected groups will not amount to discrimination under the Canadian Human Rights Act if the CBSA can demonstrate a bona fide justification for the differentiation and will be allowed under the Charter if the CBSA can establish that the distinctions are a reasonable limit on travellers’ equality rights.
Does the CBSA have an adequate justification for the adverse differentiation?
While a large body of information and intelligence is available to CBSA’s staff for their triaging activities, weaknesses in recordkeeping, in the coherent synthesis of this information, and in data collection prevented the CBSA from demonstrating, that an adequate justification exists for its use of the indicators it created from Advance Passenger Information and Passenger Name Record data in several instances.
NSIRA examined how the CBSA relied on information and intelligence to support its triaging practices by reviewing a sample of 12 scenarios and a sample of 59 targets issued subsequent to manual triaging in Flight List Targeting. NSIRA also examined performance data for the selected scenarios. In examining the supporting documentation provided for each scenario demonstrated an adequate justification for the indicators created from Advance Passenger Information and Passenger Name Record data to triage passengers, NSIRA considered a number of factors:
Whether the information was objective and empirical;
Whether it was credible and reliable, in terms of its source and the quality of its substantiation;
Whether the information was recent and up to date;
Whether the information established a meaningful connection between the indicator(s) and the enforcement issue;
Whether the indicators were specifically indicative of the enforcement issue or were general;
Whether the indicators were based on a representative sample size; and
Whether the reliance on the particular indicators to triage passengers was effective in identifying potential contraventions in the past (i.e. whether empirical results support the reliance).
In Scenario Based Targeting, 11 out of the 12 scenarios in the sample reviewed did not provide an adequate justification for the triaging indicators, due in part to weaknesses in the supporting documentation for scenarios.
A summary of NSIRA’s assessment in relation to each of the assessment criteria is provided in Figure 11 and examples are described below.
Figure 11. Summary of NSIRA’s Assessment of Scenario Supporting Documentation
Most of the supporting documentation for the scenario sample was based on empirical information about enforcement actions or other intelligence products developed by the CBSA or its partners that were derived from clearly identified empirical sources. NSIRA considered these products to be objective and reliable sources. However, NSIRA noted three instances where it was unclear what the basis of the information was, and therefore whether it was objective and credible.
Inconsistencies in how supporting documentation for scenarios was maintained created further challenges for verifying that scenarios were based on reliable and up-to-date information, as four of the scenarios examined relied on information that was more than five years old and the CBSA could not locate one or more documents cited as supporting documentation in nine of the scenarios. While deleting older information is appropriate if it is replaced with more recent information, doing so in absence of more recent supporting information may undermine the CBSA’s the ability to justify the basis of the scenario.
In 3 of 12 scenarios examined, it was unclear how the supporting documentation related to the potential contravention identified in the scenario, which prevented further analysis as to how the indicators created from Advance Passenger Information and Passenger Name Record data were meaningfully connected to the enforcement issue. In all except one of the 12 scenarios, the supporting documentation did not mention one or more of the indicators in the scenario, making it unclear what the basis was for relying on those indicators. A number of the unsubstantiated indicators in those scenarios related closely to protected grounds. Two examples are provided in Figure 12.
Figure 12. Examples of Weaknesses in Scenario Supporting Documentation
[***Figure revised to remove privileged or injurious information. It describes issues observed in the supporting documentation for two scenarios as examples. These concerned the reliability of speculative claims made in an op-ed that was used as supporting documentation for one scenario that did not provide a clear basis for the indicators relied on in the scenario, and lack of information related to one or more of the indicators in the other scenario.***]
In 11 of the 12 scenarios, the supporting documentation did not include enough information to assess whether the indicators in the scenarios were based on a representative sample size of passengers. This prevented verification that the indicators in the scenario and their parameters reflect a pattern or trend in traveller characteristics and travel patterns rather than a single instance or handful of instances. Deriving indicators from too small a sample size also creates a risk that the indicators are not reliably associated to a potential contravention but rather simply connoted individuals who happen to have been the subject of past enforcement activity. A small sample size can also create bias and confirmation bias about stereotypes pertaining to traveller behaviour or personal characteristics.
Lack of information in 11 of the 12 scenarios on the likelihood and impact of the risk posed by the enforcement issue also prevented further assessment of the extent that the indicators and parameters were unique to the particular enforcement issue either individually or collectively. Moreover, in 4 of the 12 scenarios, the supporting documentation did not include any information to indicate that the indicators and parameters of the scenario had indeed been associated with a confirmed contravention of the CBSA’s program legislation or whether the association between the indicators and the enforcement issue was simply hypothetical. While reliable intelligence could also provide an empirical basis for passenger triage to inform the development of scenarios, information about whether scenarios have actually resulted in confirmed contraventions of the CBSA’s program legislation can be integrated into the supporting documentation of scenarios over time. This issue is examined further in relation to performance data below.
Only one of the 12 scenarios in the sample had enough information to get a sense of the enforcement issue, to understand the basis for relying on the particular indicators in the scenario in relation to the enforcement issue, and to establish that the indicators were based on a clear pattern of association with a large number of confirmed contraventions and reflected an appropriate range. Details about this scenario and why the supporting document substantiated the scenario are provided in Figure 13.
[***Figure revised to remove privileged or injurious information. It describes how the supporting documentation provided for a scenario was based on credible, empirical information that helped to establish the enforcement issue, provided a sense of the prevalence of the issue and its pertinence to the CBSA mandate, established a correlation between the specific indicators in the scenario and confirmed contraventions based on a significant sample size, and established that the parameters for each indicator were appropriately defined.***]
A large body of information and intelligence is available to CBSA staff to inform their targeting activities; however, in all except one of the scenarios, the information, intelligence, and other analytical insights were not brought together coherently to demonstrate that the basis for triaging was justified in those particular instances. The CBSA indicated that they intend to prepare standardized intelligence products that would coherently bring together this information to support the development of new scenarios. Developing such products for all active scenarios would help ensure that an adequate justification exists for all differentiation arising from triaging decisions in Air Passenger Targeting. This issue is examined further in relation to oversight practices below.
In Flight List Targeting, there was insufficient documentation to explain why particular indicators were considered valid risk factors in the context of a particular enforcement issue.
While a large body of information and intelligence exists for Targeting Officers to draw from when triaging passengers in Flight List Targeting, these sources are not necessarily documented in the course of making triaging decisions. Flight List Targeting strategies are not codified and triaging decisions are not consistently documented. This means that the sources and considerations that informed individual triaging decisions were not always apparent in the program documentation that NSIRA reviewed.
Noting the limitations of analyzing targets for insight into initial triaging decisions mentioned previously, the sparse details contained within the sample of 59 targets issued subsequent to Flight List Targeting further limited NSIRA’s assessment. Most of the targets included information specific to each passenger that was obtained through the passenger risk assessment, which reasonably supported a justification for issuing the target. However, this information would have been obtained after initial triaging decisions. Targets occasionally included a brief explanation about why certain elements of Advance Passenger Information and Passenger Name Record data were considered to be risk factors, suggesting that the Targeting Officer’s triage decision may have been informed by information and intelligence. However, it was often unclear why the passenger data cited as risk factors in the target suggested a threat or potential contravention of the CBSA’s program legislation. Assessing how the passenger data cited as risk factors in a target corresponded with the potential contravention was further complicated where the enforcement issue was also unclear. Examples in Figure 14 illustrate this challenge.
Figure 14. Why the Justification for the Indicators Used in Targeting is Important
[***Figure revised to remove privileged or injurious information. It returns to the examples of targets discussed in Figure 6 where ambiguity about the enforcement issue created further challenges for assessing how the passenger data cited as risk factors in the target corresponded with the enforcement issue.***]
Performance data for the scenario sample indicates that the indicators created from Advance Passenger Information and Passenger Name Record data to triage passengers may not be closely correlated with the particular enforcement issue.
The CBSA should be able to demonstrate at the outset that information and intelligence justify the use of particular indicators created from Advance Passenger Information and Passenger Name Record data to triage passengers for potential contraventions, particularly where those indicators relate to protected grounds. However, secondary examination results from previously issued targets can provide a source of such information. These results also provide important insight into how strongly certain indicators correlate with potential contraventions and indicate areas where inferences should be revisited and revised.
NSIRA’s analysis of the performance data for the sample of 12 scenarios revealed that the indicators may not necessarily be closely correlated with the particular enforcement issue(s) in the scenarios or predict potential contraventions of the CBSA’s program legislation with high accuracy.
In many of the scenarios, less than 5 percent of passengers that matched to the scenario—based on their Advance Passenger Information and Passenger Name Record data—resulted in an enforcement action or relevant intelligence at the end of a secondary examination, which the CBSA refers to as a “resultant” target. This is due in part to the fact that the vast majority of passengers who are risk assessed do not result in a decision to issue a target. Additionally, certain enforcement issues may have a low probability of occurring, but a high impact. However, the fact that most passengers who match to a scenario are not of concern raises questions about the accuracy of relying on Advance Passenger Information and Passenger Name Record data elements as indicators and about the proportionality of the targeting practices.
On average, a quarter of targets issued (through both Flight List Targeting and Scenario Based Targeting) led to a “resultant” secondary examination, though the scenarios in the sample ranged widely from as low as 4.8 percent to as high as 72.7 percent.
Only nine of the 12 scenarios led to at least one enforcement action or useful intelligence between 2019-20 or 2020-21. Again, this is not necessarily an issue if an enforcement issue has a low probability of occurring, but a high impact. However, it also raises questions about the empirical basis of the scenario.
Many of the scenarios led to examination results for issues other than the one that justified the initial targeting. This suggests that the indicators may not be very precise and raises questions about the underlying assumptions or inferences.
NSIRA also observed that the performance data for scenarios matched to a significantly higher proportion of travellers and yielded a higher proportion of “resultant” targets in one year, with much lower results in the next year, indicating how rapidly travel patterns may change. The CBSA indicated that COVID-19 resulted in major shift in travel and business patterns, which has presented challenges for the CBSA to understand how the indicators have evolved in relation to a diversity of enforcement issues and to adapt their targeting strategies. This emphasizes the importance of ensuring that scenarios and Flight List Targeting activities are supported by up-to-date information and intelligence. It also emphasizes the importance of analyzing performance data to rigorously to evaluate, refine, and/or deactivate scenarios in order to remain consistent with a changing risk environment.
However, the insights that can be drawn from the performance data are limited, because the CSBA does not track the results of secondary examinations arising from random referrals or instances where passengers that were not targeted were later found to have contravened the CBSA’s program legislation by other means. This prevents contextualization of Air Passenger Targeting performance against a baseline (namely, whether Air Passenger Targeting is better, on par with, or less effective at predicting a potential contravention of its program legislation than a random referral). Beyond its relevance for performance measurement, baseline data would help to protect the CBSA against confirmation biases where enforcement results in a few isolated cases may reinforce stereotypes even though they do not represent a meaningful trend. Moreover, a “resultant” secondary examination according to the National Targeting Centre’s definition does not necessarily indicate a confirmed instance of non-compliance. This makes it difficult to analyze performance data as source of empirical information to support the CBSA’s justification for using certain indicators to triage passengers, as a “resultant” search may not always signify a correlation between the indicators and the potential contravention.
In sum, the CBSA was not able to demonstrate that adequate justification consistently supported its use of particular indicators in the scenarios and targets examined by NSIRA. This creates a risk that the triaging activities were discriminatory. To avoid discrimination, the link between the indicators used to triage passengers and the potential threats and contraventions they purport to identify must be well-substantiated by recent, reliable, and documented intelligence or empirical information that demonstrates that the indicators are reasonably predictive of potential harms to Canada’s national security and public safety. The CBSA was able to document an adequate justification for passenger triaging in one scenario. Compiling relevant information and intelligence for its other triaging activities would assist in demonstrating that they are also non-discriminatory.
Are any triage-related distinctions that are capable of reinforcing, perpetuating, or exacerbating disadvantage a reasonable limit on travellers’ equality rights?
Further information would be required to determine if any distinctions arising from Air Passenger Targeting that are capable of reinforcing, perpetuating, or exacerbating a disadvantage constitute a reasonable limit on travellers’ equality rights.
The analysis above establishes that Air Passenger Targeting may infringe travellers’ equality rights under the Charter. All Charter rights are subject to reasonable limits, however. To establish that a limit is reasonable, the state must demonstrate that it is rationally connected to a pressing and substantial objective, that it is minimally impairing of the right, and that there is a proportionality between its salutary and deleterious effects. These limits must also be prescribed by law.
The analysis of whether state actions constitute a reasonable limitation of Charter rights is highly fact specific. To examine this question, further data would be required on:
Precisely how various indicators relate to protected grounds;
Whether the indicators effectively further national security and public safety;
The reasonable availability of other means to ensure similar security outcomes at the border;
The impacts of Air Passenger Targeting for affected passengers; and
The significance of the contribution of Air Passenger Targeting to national security and other government objectives.
NSIRA notes these data gaps may create challenges for the CBSA in establishing that any discrimination resulting from Air Passenger Targeting is demonstrably justified under section 1 of the Charter. Documenting the contribution of Air Passenger Targeting to national security and public safety, the breadth and nature of its impacts, and contrasting the effectiveness of Air Passenger Targeting relative to other less intrusive means of achieving the CBSA’s objectives would assist the CBSA in demonstrating that the program is reasonable and demonstrably justified in Canadian society.
Has the CBSA complied with its obligations pertaining to non-discrimination?
Air Passenger Targeting triaging practices create a risk of prima facie discrimination. This is due to two key features. First, Air Passenger Targeting relies, in part, on indicators created from Advance Passenger Information and Passenger Name Record data that are either protected grounds themselves or that relate closely to such grounds. This was particularly the case for indicators relating to passengers’ age, sex, and national or ethnic origin. Passengers were differentiated based on these grounds, as they were selected for further assessment due in part to these characteristics. NSIRA also observed that the triaging resulted in disproportionate attention to certain nationalities and sexes, when the cumulative effect of scenarios was taken into account.
Second, this differentiation has adverse effects on travellers. Air Passenger Targeting triaging affects individuals’ privacy through subsequent risk assessments and mandatory referrals for secondary examination. Such scrutiny may also erode an individual’s sense of receiving the equal protection of the law, particularly where these impacts are repeatedly experienced by the same traveller or are perceived to be animated by racial, religious, ethnic, or other biases. These impacts are also capable of reinforcing, perpetuating, or exacerbating disadvantage, especially when viewed in light of systemic or historical disadvantage.
To comply with its obligations under the Canadian Human Rights Act, the CBSA must be able to demonstrate that a bona fide justification exists for this adverse differentiation. However, the CBSA was not able to demonstrate that its choice of indicators was consistently based on recent, reliable, and documented intelligence or empirical information. This weaknesses in the link between the indicators and the potential threats or contraventions they seek to identify, creates a risk of discrimination.
To comply with its Charter obligations, the CBSA must also be able to demonstrate that any resulting discrimination is a reasonable limit on travellers’ equality rights. The same weaknesses NSIRA observed in the CBSA’s substantiation of the link between particular indicators and potential threats or contraventions they seek to identify also undermines its ability to demonstrate the rational connection between its triaging indicators and potential contraventions of its program legislation. Further information on the contribution of Air Passenger Targeting to national security and its relative value compared to other screening means would also be needed to determine whether Air Passenger Targeting can be justified as a reasonable limit under the Charter.
The weaknesses NSIRA observed stem partly from lack of precision in the CBSA’s program documentation and other recordkeeping issues. These are examined in the following section.
Finding 3. The CBSA has not consistently demonstrated that an adequate justification exists for its Air Passenger Targeting triaging practices. This weakness in the link between the indicators used to triage passengers and the potential threats or contraventions they seek to identify creates a risk that Air Passenger Targeting triaging practices may be discriminatory.
Recommendation 2. NSIRA recommends that the CBSA ensure, in an ongoing manner, that its triaging practices are based on information and/or intelligence that justifies the use of each indicator. This justification should be well-documented to enable effective internal and external verification of whether the CBSA’s triaging practices comply with its non-discrimination obligations.
Recommendation 3. NSIRA recommends that the CBSA ensure that any Air Passenger Targeting-related distinctions on protected grounds that are capable of reinforcing, perpetuating, or exacerbating a disadvantage constitute a reasonable limit on travellers’ equality rights under the Charter.
What measures are in place to mitigate the risk of discrimination?
The policies, procedures, and training materials reviewed did not adequately equip CBSA staff to identify potential discrimination or to mitigate related risks in the exercise of their duties.
The CBSA’s Air Passenger Targeting policies acknowledged responsibility to respect privacy, human rights, and civil liberties. However, policies, procedures, and training were insufficiently detailed to equip staff to identify and mitigate discrimination-related risks in the exercise of their duties.
Targeting Officers did not receive any specific training related to human rights.
The CBSA’s policies, procedures, and other program guidance were not precise enough on specific requirements or steps to equip staff to mitigate risks related to discrimination. In particular, details were lacking in how to associate supporting documentation to a scenario or a triaging decision in Flight List Targeting, and when and how to revisit and update that information on are gular basis.
No specific policies, procedures, or guidelines were developed for Flight List Targeting beyond the Air Passenger Targeting Standard Operating Procedures, particularly those that relate to record keeping.
The oversight structures and practices that were reviewed were not rigorous enough to identify and mitigate potential discrimination-risks, compounded by an absence of relevant data for this task.
While the CBSA has oversight structures and practices in place for Air Passenger Targeting, it was unclear how these oversight practices were performed. NSIRA identified several areas where they may not be rigorous enough to identify and mitigate potential risks of discrimination as appropriate.
Scenarios are reviewed for policy, legal, privacy, human rights, and civil liberties implications as part of their activation and on an ongoing basis. However, it is not clear that these oversight functions are guided by a clear understanding of what constitutes discrimination or that all relevant aspects of scenarios are examined.
Scenarios are reviewed individually on a regular basis. However, it is not clear that the collective impact of the CBSA’s targeting activities is also assessed on a regular basis.
It is not clear whether any oversight functions related to non-discrimination take place in Flight List Targeting.
Moreover, the CBSA does not gather data relevant to fully assess whether Air Passenger Targeting results in discrimination or to mitigate its impacts.
The CBSA does not gather disaggregated demographic data about the passengers affected by each stage of the Air Passenger Targeting program. This is relevant to detecting whether the program may be drawing distinctions on protected grounds and/or whether it has a disproportionate impact on members of protected groups.
The CBSA does not compare information about its triaging practices against information relevant to understanding their potential impacts on travellers and whether those impacts indicate an issue with the CBSA’s targeting practices. This includes information about whether complaints about alleged discrimination at the border relate to a person identified through Air Passenger Targeting and whether the nature of secondary examinations resulting from Air Passenger Targeting may differ from those caused by random or other referrals.
The CBSA does not gather or assess relevant performance data or data on its impacts against a baseline comparator group in order to contextualize its analysis of this information.
Finding 4. The CBSA’s policies, procedures, and training are insufficiently detailed to adequately equip CBSA staff to identify potential discrimination-related risks and to take appropriate action to mitigate these risks in the exercise of their duties.
Finding 5. The CBSA’s oversight structures and practices are not rigorous enough to identify and mitigate potential discrimination-related risks, as appropriate. This is compounded by a lack of collection and assessment of relevant data.
A number of adjustments to current policies, procedures, guidance, training, and other oversight practices for the Air Passenger Targeting program will help the CBSA mitigate discrimination-related risks by ensuring that distinctions drawn in the initial triage of passengers are based on adequate justifications that are supported by intelligence and/or empirical information. A more detailed treatment on discrimination in training, policies, guidance materials, and oversight for the Air Passenger Targeting program could also provide CSBA staff and the units and committees that perform internal oversight functions with information they may require to exercise their functions accordingly. Careful attention should be paid to the following:
Understanding the CBSA’s human rights obligations and how risks related to discrimination should be identified and assessed;
Identifying when triaging indicators may relate to protected grounds;
Ensuring that any adverse differentiation is based on a well-substantiated connection between the indicators and the potential threat or potential contravention;
Ensuring the triage of travellers is informed by recent and reliable information and intelligence, with training on how to assess whether the supporting documents meets these requirements;
Identifying and addressing impacts resulting from passenger triaging practices to ensure that they are minimized and proportional to the benefit gained for public safety or national security;
Ensuring that impacts resulting from Air Passenger Targeting do not unduly reinforce, perpetuate, or exacerbate disadvantage; and
Developing tools to detect and mitigate potential biases by gathering and assessing relevant data on targeting practices, their performance, and their impacts.
In this respect, the obligations created by the United Kingdom Public Sector Equality Duty may be instructive. The duty is procedural in nature and requires that public bodies (including customs and immigration authorities) consider how they may eliminate discrimination in the exercise of their functions. It requires departments to turn their minds to the potential impact their decisions, policies or programs have, and how these may differ based on protected grounds, such as age, sex/gender, and race, ethnic or national origin, colour, or nationality. It also creates an obligation to acquire relevant information, if it is not already available, to avoid direct or indirect discrimination.
It is important to clarify that any data collection and analysis relevant to detecting and addressing potential discrimination should be conducted by a separate unit than the National Targeting Centre. Targeting Officers should not have access to disaggregated demographic data when triaging passengers, as this might increase discrimination-related risks. The CBSA recognizes this in its commitment to removing “sensitive data” about a person’s health or sex life from the Advance Passenger Information and Passenger Name Record data that it imports into its triaging systems. This precaution should not prevent other units within the CBSA from gathering and considering depersonalized, disaggregated demographic data, including to conduct Gender Based Analysis+ that could reduce the risk of discrimination and/or mitigate its potential impacts.
Recommendation 4. NSIRA recommends that the CBSA develop more robust and regular oversight for Air Passenger Targeting to ensure that its practices are not discriminatory. This should include updates to the CBSA’s policies, procedures, training, and other guidance, as appropriate.
Recommendation 5. NSIRA recommends that the CBSA start gathering and assessing the necessary data to identify, analyze, and mitigate discrimination-related risks. This includes disaggregated demographic data, data on the effects of Air Passenger Targeting on secondary examinations that may be apparent from related human rights complaints, and data on a baseline comparator group.
Conclusion
The pre-arrival risk assessments performed as part of the CBSA’s Air Passenger Targeting program support the CBSA’s ability to screen inbound travellers in relation to a variety of enforcement issues. However, some of the information used to triage passengers relates to protected grounds. This creates a risk that passengers may be differentiated based on prohibited grounds of discrimination. Triaging may lead to adverse impacts on passengers’ time, privacy, and equal treatment, which maybe capable of reinforcing, perpetuating or exacerbating disadvantage.
Careful attention to the reliability of the information and intelligence that underpin the choice of indicators to triage passengers and their connection to the threats or potential contraventions they seek to identify is needed to verify that the CBSA respects its non-discrimination obligations. This has implications for both Canada’s national security and its international commitments related to combatting terrorism and serious transnational crime and related to privacy and human rights.
NSIRA is satisfied that the CBSA has the legal authority to conduct Air Passenger Targeting. However, NSIRA observed shortcomings in the CBSA’s documentation of its program activities that complicated verification that all triaging decisions complied with statutory and regulatory restrictions. Improvements to documentation in these respects are essential and will help lower future compliance risks by ensuring the CBSA can verify that all triaging decisions comply with the terms of the Customs Act and the Protection of Passenger Information Regulations.
Similarly, the absence of adequate justification in several instances for the CBSA’s reliance on indicators created from passengers’ Advance Passenger Information and Passenger Name Record data leads to a risk of discrimination. Improving documentation requirements and setting out further detail in the CBSA’s policies, procedures, and training would better equip CBSA staff to understand these risks and mitigate them in the conduct of their duties. More robust and regular oversight to ensure that adequate justification exists for any adverse differentiation arising from Air Passenger Targeting grounds would equip the CBSA to identify which scenarios or manual Flight List Targeting triaging practices need further support. Improving relevant data gathering and assessment will also support the identification and mitigation of discrimination-related risks in Air Passenger Targeting.
Appendices
Findings & Recommendations
Findings
Recommendations
Finding 1. The CBSA’s use of Advance Passenger
Information and Passenger Name Record data in
Scenario Based Targeting complied with section
107(3) of the Customs Act.
Recommendation 1. NSIRA recommends that the
CBSA document its triaging practices in a manner
that enables effective verification of whether all
triaging decisions comply with statutory and
regulatory restrictions.
Finding 2. The CBSA does not document its
triaging practices in a manner that enables
effective verification of whether all triaging
decisions comply with statutory and regulatory
restrictions.
Recommendation 2. NSIRA recommends that the
CBSA ensure, in an ongoing manner, that its
triaging practices are based on information and/or
intelligence that justifies the use of each indicator.
This justification should be well-documented to
enable effective internal and external verification
of whether the CBSA’s triaging practices comply
with its non-discrimination obligations.
Finding 3. The CBSA has not consistently
demonstrated that an adequate justification exists
for its Air Passenger Targeting triaging practices.
This weakness in the link between the indicators
used to triage passengers and the potential
threats or contraventions they seek to identify
creates a risk that Air Passenger Targeting triaging
practices may be discriminatory.
Recommendation 3. NSIRA recommends that the
CBSA ensure that any Air Passenger Targetingrelated distinctions on protected grounds that are
capable of reinforcing, perpetuating, or
exacerbating a disadvantage constitute a
reasonable limit on travellers’ equality rights
under the Charter.
Finding 4. The CBSA’s policies, procedures, and
training are insufficiently detailed to adequately
equip CBSA staff to identify potential
discrimination-related risks and to take
appropriate action to mitigate these risks in the
exercise of their duties.
Recommendation 4. NSIRA recommends that the
CBSA develop more robust and regular oversight
for Air Passenger Targeting to ensure that its
practices are not discriminatory. This should
include updates to the CBSA’s policies,
procedures, training, and other guidance, as
appropriate.
Finding 5. The CBSA’s oversight structures and
practices are not rigorous enough to identify and
mitigate potential discrimination-related risks, as
appropriate. This is compounded by a lack of
collection and assessment of relevant data.
Recommendation 5. NSIRA recommends that the
CBSA start gathering and assessing the necessary
data to identify, analyze, and mitigate
discrimination-related risks. This includes
disaggregated demographic data, data on the
effects of Air Passenger Targeting on secondary
examinations that may be apparent from related
human rights complaints, and data on a baseline
comparator group.
The CBSA’s Authority to Collect and Use Advance Passenger Information and Passenger Name Record data in Air Passenger Targeting
Authority to Collect the Data
Customs Act, s. 107.1 & IRPA s. 148(1)(d)
Air carriers are required to provide “prescribed
information” about any person on board, or
expected to be on board, a flight arriving into
Canada.
Passenger Information Customs Regulations, s. 5 &
Immigration and Refugee Protection Regulations, s.
269(1)
Prescribe the required information, which constitute
Advance Passenger Information and Passenger
Name Record data.
Authority to Use the Data
Customs Act, s. 107(3)
“Customs information” (including Advance
Passenger Information/Passenger Name Record
data)115 may be used for three purposes:
• Administer or enforce the Customs Act, Customs
Tariff, or related legislation;
• Exercise the powers or perform the duties and
functions of the Minister of Public Safety under
the IRPA, including establishing a person’s
identity or determining their inadmissibility;
• For the purposes of other program legislation
that the Minister of Public Safety or the CBSA is
authorized to enforce
Immigration and Refugee Protection Act, s.149(a)
Advanced Passenger Information and Passenger
Name Record data may be used for three purposes:
• for the purposes of the IRPA;
• for the purposes of the Department of
Citizenship and Immigration Act;
• to identify a person for whom a warrant of arrest
has been issued in Canada.
Protection of Passenger Information Regulations, s.
4
Passenger Name Record data provided to the CBSA
under the Immigration and Refugee Protection Act116
may be used for two purposes:
• to identify persons who have or may have
committed a terrorism offence or serious
transnational crime;
• to conduct a trend analysis or develop risk
indicators for that purpose.
Frequently Cited Provisions in Scenario Templates
The figure summarizes the main provisions cited as potential contraventions in scenario templates. [***Sentence revised to remove privileged or injurious information. It describes the number of scenarios that were active on May 26, 2021***]. Five of the provisions that were cited as potential contraventions did not clearly establish a link to a serious transnational crime or terrorism offence in compliance with the Protection of Passenger Information Regulations (PPIR). These are marked in orange and described below.
Provisions
Description
Complies with Cust Act
Complies with PPIR
IRPA s. 20
Presenting visa or other documents
Yes
Yes*
IRPA s. 34
Inadmissible, national security reasons
Yes
Yes
IRPA s. 35
Inadmissible, human rights violations
Yes
Yes
IRPA s. 36
Inadmissible, serious criminality
Yes
Yes
IRPA s. 37
Inadmissible, organized criminality
Yes
Yes
IRPA s. 40
Inadmissible, misrepresentation
Yes
Yes*
IRPA s. 41
Inadmissible, IRPA non-compliance
Yes
Yes*
IRPA s. 117
Human smuggling
Yes
Yes
IRPA s. 118
Human trafficking
Yes
Yes
Customs Act s. 159
Smuggling goods
Yes
Yes
Customs Act s. 12
Reporting goods
Yes
Yes*
Customs Act s. 13
Truthfully answering questions about & presenting goods
Yes
Yes*
Customs Tariff 9899.00.00
Hate or terrorist propaganda; seditious materials
Yes
Yes
PCMLTFA s. 12
Reporting of currency
Yes
Yes
PCMLTFA s. 74
General Offences
Yes
Yes
Section 20 of the Immigration and Refugee Protection Act (IRPA) concerns the requirement for foreign nationals to have the proper documentation to enter or remain in Canada. As contraventions of the IRPA where a penalty is not specified (such as section 20) are punishable by a term of imprisonment of up to two years under sections 124 and 125 of the IRPA, this contravention does not meet the definition of a serious transnational crime.
Section 40 of the IRPA indicates that a foreign national is inadmissible to Canada for misrepresentation. The link to serious transnational crime would be clearer by citing the provisions that establish misrepresentation as an offence under sections 127 and 128 of the IRPA.
Section 41 of the IRPA indicates that a foreign national is inadmissible for non-compliance with the IRPA. Non-compliance with the IRPA is not itself a terrorism offence or serious transnational crime. Further details about the enforcement concern are necessary to establish such a link.
Sections 12 and 13 of the Customs Act concern traveller requirements to report goods and truthfully answer questions; reference to the penalty provision in section 160(1)(b) indicates it is a serious offence. Reliance on these sections to justify the use of Passenger Name Record data may be problematic however, as these sections relate to future conduct, whereas section 4 of the PPIR focuses on past conduct (“have or may have” committed such acts). Concerns about prohibited goods or potential smuggling of goods may also more appropriately cite section 159 of the Customs Act and/or the Customs Tariff, Item 9899.00.00.
Examples of the CBSA’s Reliance on Indicators Relating to Protected Grounds
The figure below presents examples from both Scenario Based Targeting and Flight List Targeting of how the CBSA relies on indicators created from Advance Passenger Information and Passenger Name Record data that are or may relate closely to the grounds of “national or ethnic origin,” “age,” or “sex,” which are prohibited grounds of discrimination under the Canadian Human Rights Act and the Charter. The CBSA often relies on more than one such indicator. This is discussed in Section 6.2.2.1. The CBSA’s basis for relying on such indicators is discussed in Section 6.2.2.3.
[***Figure revised to remove injurious or privileged information. It provides statistics on the number of scenarios that rely on indicators that relate to protected grounds for “national or ethnic origin,” “age,” and “sex.”***]
NSIRA Recommendation 1: NSIRA recommends that the CBSA document its triaging practices in a manner that enables effective verification of whether all triaging decisions comply with statutory and regulatory restrictions.
GOC Response: The CBSA agrees with this recommendation. The CBSA will complete a review of its APT triaging practices to ensure practices are in place which will enable effective verification of compliance with statutory and regulatory restrictions.
NSIRA Recommendation 2: NSIRA recommends that the CBSA ensure, in an ongoing manner, that its triaging practices are based on information and/or intelligence that justifies the use of each indicator. This justification should be well-documented to enable effective internal and external verification of whether the CBSA’s triaging practices comply with its non-discrimination obligations.
GOC Response: The CBSA agrees with this recommendation. While we are satisfied that justification for triaging and targeting practices exist, the CBSA acknowledges that better documentation practices could be implemented to enable effective internal and external verification of whether the CBSA’s triaging practices comply with its non-discrimination obligations. The CBSA’s Scenario Based Targeting Governance Framework will be updated to include information and/or intelligence that justifies the use of each indicator. Annual reviews of scenarios will continue to be conducted and documented to confirm that each active scenario is supported by recent and reliable intelligence.
NSIRA Recommendation 3: NSIRA recommends that the CBSA ensure that any Air Passenger Targeting related distinctions on protected grounds that are capable of reinforcing, perpetuating, or exacerbating a disadvantage constitute a reasonable limit on travellers’ equality rights under the Charter.
GOC Response: The CBSA agrees with this recommendation. The CBSA will review its APT practices to ensure that distinctions based on protected grounds are reasonable and can be demonstrably justified in the border administration and enforcement context.
NSIRA Recommendation 4: NSIRA recommends that the CBSA develop more robust and regular oversight for Air Passenger Targeting to ensure that its practices are not discriminatory. This should include updates to the CBSA’s policies, procedures, training, and other guidance, as appropriate.
GOC Response: The CBSA agrees with this recommendation. The CBSA acknowledges that policies, procedures, training, and other guidance, as appropriate can be improved to ensure robust and regular oversight for Air Passenger Targeting to ensure that its practices are not discriminatory. The CBSA will complete a review of its policies, procedures, guidelines and training to ensure practices are not discriminatory.
NSIRA Recommendation 5: NSIRA recommends that the CBSA start gathering and assessing the necessary data to identify, analyze, and mitigate discrimination-related risks. This includes disaggregated demographic data, data on the effects of Air Passenger Targeting on secondary examinations that may be apparent from related human rights complaints, and data on a baseline comparator group.
GOC Response: The CBSA agrees with this recommendation. To that end, the CBSA is taking deliberate steps to develop its capacity to capture and analyze reliable and accurate data in non-intrusive ways. The Agency is working on developing standard and consistent positions and frameworks on the collection, use, management and governance of disaggregated data, developing metrics and indicators to measure the impact of decisions and policies on different groups; using data to build more inclusive and representative policies and strategies, and; identifying possible discrimination and bias.
This quarterly report has been prepared by management as required by section 65.1 of the Financial Administration Act and in the form and manner prescribed by the Directive on Accounting Standards, GC 4400 Departmental Quarterly Financial Report. This quarterly financial report should be read in conjunction with the 2023–24 Main Estimates.
This quarterly report has not been subject to an external audit or review.
Mandate
The National Security and Intelligence Review Agency (NSIRA) is an independent external review body that reports to Parliament. Established in July 2019, NSIRA is responsible for conducting reviews of the Government of Canada’s national security and intelligence activities to ensure that they are lawful, reasonable and necessary. NSIRA also hears public complaints regarding key national security agencies and their activities.
This quarterly report has been prepared by management using an expenditure basis of accounting. The accompanying Statement of Authorities includes the agency’s spending authorities granted by Parliament and those used by the agency, consistent with the 2023–24 Main Estimates. This quarterly report has been prepared using a special-purpose financial reporting framework (cash basis) designed to meet financial information needs with respect to the use of spending authorities.
The authority of Parliament is required before money can be spent by the government. Approvals are given in the form of annually approved limits through appropriation acts or through legislation in the form of statutory spending authorities for specific purposes.
Highlights of the fiscal quarter and fiscal year-to-date results
This section highlights the significant items that contributed to the net increase or decrease in authorities available for the year and actual expenditures for the quarter ended September 30, 2023.
NSIRA Secretariat spent approximately 33% of its authorities by the end of the second quarter, compared with 23% in the same quarter of 2022–23 (see graph 1).
Graph 1: Comparison of total authorities and total net budgetary expenditures, Q2 2023–24 and Q2 2022–23
Text version of Figure 1
Comparison of total authorities and total net budgetary expenditures, Q2 2023–24 and Q2 2022–23
2023-24
2022-23
Total Authorities
$24.3
$29.7
Q2 Expenditures
$3.8
$3.6
Year-to-Date Expenditures
$8.1
$6.9
Significant changes to authorities
As at September 30, 2023, Parliament had approved $24.3 million in total authorities for use by NSIRA Secretariat for 2023–24 compared with $29.7 million as of September 30th, 2022, for a net decrease of $5.4 million or 18.2% (see graph 2).
Graph 2: Variance in authorities as at September 30, 2023
Text version of Figure 2
Variance in authorities as at June 30, 2023 (in millions)
Fiscal year 2022-23 total available for use for the year ended March 31, 2023
Fiscal year 2023-24 total available for use for the year ended March 31, 2024
Vote 1 – Operating
28.0
22.6
Statutory
1.7
1.7
Total budgetary authorities
29.7
24.3
*Details may not sum to totals due to rounding*
The decrease of $5.4 million in authorities is mostly explained by a gradual reduction in NSIRA Secretariat’s ongoing operating funding due to an ongoing construction project nearing completion.
Significant changes to quarter expenditures
The second quarter expenditures totalled $3.8 million for an increase of $0.2 million when compared with $3.6 million spent during the same period in 2022–2023. Table 1 presents budgetary expenditures by standard object.
Table 1
Variances in expenditures by standard object(in thousands of dollars)
Fiscal year 2023–24: expended during the quarter ended September 30, 2023
Fiscal year 2022–23: expended during the quarter ended September 30, 2022
Variance $
Variance %
Personnel
3,014
2,903
111
4%
Transportation and communications
62
70
(8)
(11%)
Information
4
0
4
100%
Professional and special services
504
578
(74)
(13%)
Rentals
25
39
(14)
(36%)
Repair and maintenance
3
33
(30)
(91%)
Utilities, materials and supplies
50
12
38
317%
Acquisition of machinery and equipment
4
4
0
0%
Other subsidies and payment
118
3
115
3833%
Total gross budgetary expenditures
3,784
3,642
142
4%
Repair and maintenance
The decrease of $30,000 is due to the timing of invoicing for an ongoing capital project.
Utilities, materials and supplies
The increase of $38,000 is due to a temporarily unreconciled suspense account.
Other subsidies and payments
The increase of $115,000 is explained by an increase in payroll system overpayments which were subsequently resolved.
Significant changes to year-to-date expenditures
The year-to-date expenditures totalled $8.1 million for an increase of $1.1 million (17%) when compared with $6.9 million spent during the same period in 2022–23. Table 2 presents budgetary expenditures by standard object.
Table 2
Variances in expenditures by standard object(in thousands of dollars)
Fiscal year 2023–24: year-to-date expenditures as of September 30, 2023
Fiscal year 2022–23: year-to-date expenditures as of September 30, 2022
Variance $
Variance %
Personnel
5,900
5,248
652
12%
Transportation and communications
192
114
78
68%
Information
4
5
(1)
(20%)
Professional and special services
1,669
1,424
245
17%
Rentals
73
49
24
49%
Repair and maintenance
27
64
(37)
(58%)
Utilities, materials and supplies
57
28
29
104%
Acquisition of machinery and equipment
52
13
39
300%
Other subsidies and payment
122
1
121
12100%
Total gross budgetary expenditures
8,096
6,946
1,150
17%
Personnel
The increase of $652,000 relates to an increase in average salary and an increase in full time equivalent (FTE) positions.
Transportation and communications
The increase of $78,000 is due to the timing of invoicing for the organization’s internet connections.
Professional and special services
The increase of $245,000 is explained by an increase in IT support costs and guard services associated to a capital construction project.
Repair and maintenance
The decrease of $37,000 is due to the timing of invoicing for an ongoing capital project.
Utilities, materials and supplies
The increase of $29,000 is due to a temporarily unreconciled suspense account.
Acquisition of machinery and equipment
The increase of $39,000 is mainly explained by the one-time purchase of a specialized laptop.
Other subsidies and payments
The increase of $121,000 is explained by an increase in payroll system overpayments which were subsequently resolved.
Risks and uncertainties
The Secretariat assisted NSIRA in its work with the departments and agencies subjected to reviews to ensure a timely and unfettered access to all the information necessary for the conduct of reviews. While work remains to be done on this front, we acknowledge the improvements in cooperation and support to the independent review process demonstrated by some reviewees.
There is a risk that the funding received to offset pay increases anticipated over the coming year will be insufficient to cover the costs of such increases and the year-over-year cost of services provided by other government departments/agencies is increasing significantly.
NSIRA Secretariat is closely monitoring pay transactions to identify and address over and under payments in a timely manner and continues to apply ongoing mitigating controls.
Mitigation measures for the risks outlined above have been identified and are factored into NSIRA Secretariat’s approach and timelines for the execution of its mandated activities.
Significant changes in relation to operations, personnel and programs
There have been two new Governor-in-Council appointments during the Second quarter, Ms. Colleen Swords and Mr. Jim Chu.
There have been no changes to the NSIRA Secretariat Program.
Approved by senior officials:
John Davies Deputy Head
Marc-André Cloutier Director General, Corporate Services, Chief Financial Officer
Appendix
Statement of authorities (Unaudited)
(in thousands of dollars)
Fiscal year 2023–24
Fiscal year 2022–23
Total available for use for the year ending March 31, 2024 (note 1)
Used during the quarter ended September 30, 2023
Year to date used at quarter-end
Total available for use for the year ending March 31, 2023 (note 1)
Used during the quarter ended September 30, 2022
Year to date used at quarter-end
Vote 1 – Net operating expenditures
22,564
3,345
7,218
27,931
3,210
6,082
Budgetary statutory authorities
Contributions to employee benefit plans
1,755
439
878
1,728
432
864
Total budgetary authorities (note 2)
24,319
3,784
8,096
29,659
3,642
6,946
Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.
Note 2: Details may not sum to totals due to rounding.
Departmental budgetary expenditures by standard object (unaudited)
(in thousands of dollars)
Fiscal year 2023–24
Fiscal year 2022–23
Planned expenditures for the year ending March 31, 2024 (note 1)
Expended during the quarter ended September 30, 2023
Year to date used at quarter-end
Planned expenditures for the year ending March 31, 2023
Expended during the quarter ended September 30, 2022
Year to date used at quarter-end
Expenditures
Personnel
13,303
3,014
5,900
13,245
2,903
5,248
Transportation and communications
650
62
192
597
70
114
Information
371
4
4
372
0
5
Professional and special services
4,906
504
1,669
4,914
578
1,424
Rentals
271
25
73
271
39
49
Repair and maintenance
4,580
24
27
9,722
33
64
Utilities, materials and supplies
73
50
57
173
12
28
Acquisition of machinery and equipment
132
4
52
232
4
13
Other subsidies and payments
33
118
122
133
3
1
Total gross budgetary expenditures
(note 2)
24,319
3,784
8,096
29,659
3,642
6,946
Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.
Note 2: Details may not sum to totals due to rounding.
I am pleased to present the National Security and Intelligence Review Agency (NSIRA) Secretariat’s Departmental Results Report for 2022-23. Throughout the reporting period, the Secretariat has continued to execute its mission to support NSIRA in its focus on conducting highquality, impactful reviews and fair and efficient complaint investigations. We also worked to expand our capacity and expertise across all business lines, building on the work of previous years.
In 2022-23, NSIRA’s review work continued to expand to new areas within Canada’s national security and intelligence community and NSIRA continued to collaborate and de-conflict with like-minded accountability bodies in Canada with similar mandates. NSIRA’s work on complaint investigations was extensive and included the completion of a significant volume of referrals from the Canadian Human Rights Commission. The NSIRA Secretariat was an integral part of all of these developments which required us to remain agile, diverse and to explore all avenues of our productivity in the support of NSIRA.
Internally, we undertook a number of ambitious initiatives related to training and development, with a focus on attracting and retaining highly professional staff and offering career progression options. We continued to refine our business processes to enhance the quality of our output and strengthened our relationship with our various domestic and international counterparts to exchange on best practices in the field of national security and intelligence accountability.
I would like to thank all NSIRA Secretariat staff for their continued dedication to fulfilling our important mandate, and for ensuring that our work is held to the highest standards.
John Davies Executive Director National Security and Intelligence Review Agency
Results at a glance
In 2022-23, the National Security and Intelligence Review Agency (NSIRA) Secretariat continued to execute its mandate of assisting NSIRA in its Reviews and Investigations with the goal of improving national security and intelligence accountability and transparency in Canada. This related not only to the activities of the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), but also other federal departments and agencies engaged in such activities, including:
the Department of National Defence (DND) and the Canadian Armed Forces (CAF);
the Canada Border Services Agency (CBSA); and,
all departments and agencies engaging in national security and intelligence activities in the context of NSIRA’s yearly reviews of the Security of Canada Information Disclosure Act and the Avoiding Complicity in Mistreatment by Foreign Entities Act.
The NSIRA Secretariat’s total spending in 2022-23 amounted to $18,289,147 and its total actual full-time equivalents were 78.
Review
NSIRA’s review of national security and intelligence activities undertaken by Government of Canada institutions ensures that ministers and Canadians are informed about whether these activities were lawful, reasonable and necessary.
During 2022–23, the Secretariat assisted NSIRA in completing 7 reviews, including reviews of activities that were never previously subject to independent scrutiny. We also refined our methodology, emphasizing a stronger role for NSIRA Members in working with staff to shape reviews throughout their lifecycle.
Complaint investigations
In 2022-23 the Secretariat assisted NSIRA in the continuation of maturation and modernization of the processes underpinning the fulfillment of its investigation mandate. The jurisdiction assessment phase was regularized, incorporating a verification protocol for the three agencies for which NSIRA has complaints jurisdiction. The administration and conduct of the investigative process has increased emphasis on investigative interviews in order to enhance the relevance of the process for complainants.
COVID-19 remained a lingering feature of the investigative landscape in the first half of the year which caused continued constraints with respect to the progress of investigations, requiring inperson meetings in compliance with security protocols. The new processes reduced delays in the conduct of investigations. It is anticipated that this will continue on a forward basis as we emerge from the pandemic.
The level of investigation activities last year remained high and included the completion of a significant referral from the Canadian Human Rights Commission (CHRC). A number of initiatives were commenced relating to data management and service standards which are expected to enhance file management in the coming year.
For more information, see the “Results: what we achieved” section of this report.
Results: what we achieved
Core responsibility
Assisting NSIRA in National Security and Intelligence Reviews and Complaints Investigations
Description:
The National Security and Intelligence Review Agency reviews Government of Canada national security and intelligence activities to assess whether they are lawful, reasonable and necessary. It investigates complaints from members of the public regarding activities of CSIS, CSE or the national security activities of the RCMP, as well as certain other national security-related complaints. This independent scrutiny contributes to the strengthening of the framework of accountability for national security and intelligence activities undertaken by Government of Canada institutions and supports public confidence in this regard. The NSIRA Secretariat’s function is to assist NSIRA in the conduct of this important work.
Results:
The NSIRA Secretariat assisted NSIRA in the completion of 7 national security and intelligence reviews over the course of 2022–23. Five reviews focused mainly on an individual department or agency, while two reviews were interdepartmental by design. Organizations whose activities were the subject of specific reviews included:
Canadian Security Intelligence Service — one review
Communications Security Establishment — two reviews
Department of National Defence and the Canadian Armed Forces — one review
Canada Border Services Agency – one review
The two interdepartmental reviews by design were:
The annual review of disclosures under the Security of Canada Information Disclosure Act (SCIDA)
The annual review of the implementation of directions issued under the Avoiding Complicity in Mistreatment by Foreign Entities Act (ACA)
During the reporting period, the Secretariat continued to refine its processes and methodology to assist the NSIRA review mandate, with the goal of promoting high-quality, impactful reviews.
NSIRA Members worked closely with Secretariat staff in designing and executing individual reviews. The Secretariat supported NSIRA in the development and implementation of a “Considerations Matrix” which uses objective criteria to identify review topics in accordance with NSIRA’s core mandate and mission. In addition, the Secretariat implemented an updated process at the staff level for its Quality Assurance of review work, incorporating peer review at key stages.
NSIRA continued to place emphasis on the review of the use of technology by reviewed entities. The Secretariat’s Technology Directorate supported NSIRA’s ongoing first technology-focused review of the lifecycle of CSIS information collected by technical capabilities pursuant to a Federal Court warrant.
Investigation of national security and intelligence–related complaints
During the past year, the Secretariat continued to assist NSIRA efforts in reforming the investigative process for complaints and developing procedures and practices to ensure that the conduct of investigations is fair, timely and transparent. This included work on a streamlined jurisdictional assessment phase and increased use of investigative interviews as the principal means of fact finding. These developments enabled the Secretariat to successfully assist NSIRA in dealing with a significant volume of complaints over this reporting period.
During 2022-23, under instructions from NSIRA leadership, the Secretariat began developing service standards related to the investigation of complaints. The service standards will set internal time limits for certain investigative steps for each type of complaint, under normal circumstances. The service standards will specify the circumstances under which those time limits do not apply. The Secretariat will finalize and publish its service standards in 2023.
The Secretariat assisted NSIRA in completing sixty-seven complaint investigations during the 2022-23 reporting period, which included 58 referrals from the CHRC and 9 other complaints. Additionally, the Secretariat began the last phase of a study on race-based data and the collection of demographic information jointly commissioned with the Civilian Review and Complaints Commission for the RCMP (CRCC). The study will assess the viability of the collection of identity-based and demographic data as part of the CRCC’s ongoing anti-racism initiatives. Improved, more precise and more consistent tracking, collection and measurement of data is necessary to support anti-racism efforts in government.
Gender-based analysis plus
In 2022–23, the NSIRA Secretariat’s Diversity, Inclusion and Employment Equity Advisory Committee examined and provided recommendations to senior management on ways it can improve its internal policies, programs and procedures, as well as its external service delivery model to increase inclusion, diversity and equity.
We continue to work closely with partners to develop strategies for the collection, analysis and use of race-based and demographic data in the context of the complaints process. Improving awareness and understanding of NSIRA’s investigation process remains a core objective to ensure justice is accessible to all.
The potential for national security and intelligence activities to result in disparate outcomes for minority groups is taken into account when the Secretariat assists NSIRA to plan and conduct its reviews. Diversity is one of the elements on NSIRA’s Review Considerations Matrix, which uses objective criteria to identify review topics in accordance with NSIRA’s core mandate and mission. While NSIRA’s reviews are focused on the compliance, reasonableness, necessity and efficacy of activities, particular consideration is given to the impacts of these activities on diverse communities.
In 2022-23, the NSIRA Secretariat worked to establish a framework for the collection of employee self-identification data, in order to understand the makeup of its workforce and how it compares with the broader Canadian population. Understanding where there are gaps in representation of equity-deserving groups will help to determine where changes are needed to correct historical disadvantages and achieve equality in the workplace. This initiative will be implemented in 2023-24.
The NSIRA Secretariat also published its first accessibility plan in accordance with the Accessible Canada Act: National Security and Intelligence Review Agency Accessibility Plan 2022 – 2025. The plan was developed further to both internal and external consultations which included individuals whose lived experience as persons with a disability provided invaluable insight into barriers, potential gaps, and important considerations with respect to mitigation strategies. This inaugural plan outlines the steps that will be taken to increase accessibility within the organization and for Canadians more generally over the next three years.
Innovation
Given the Secretariat’s mandate to assist NSIRA’s functions and responsibilities, the Secretariat did not engage in any program-related innovation activities.
Key risks
During the reporting period, the Secretariat assisted NSIRA in its work with the departments and agencies subject to review, to ensure timely and unfettered access to all the information necessary for the conduct of reviews. While work remains to be done on this front, we acknowledge the improvements in cooperation and support to the independent review process demonstrated by some reviewees. Secretariat staff generally increased its level of occupancy within the departments’ offices and its access to information systems.
Physical distancing precautions established by the COVID-19 pandemic were, for the most part, lifted in 2022–23. However, the Secretariat remains ready to implement such measures if they are deemed necessary in the future. We see investments made in virtual meeting technology as beneficial for the organization as they have allowed us to gain flexibility.
Results achieved
The following table shows, for the assistance in completing National Security and Intelligence Reviews and Complaints Investigations, the results achieved, the performance indicators, the targets and the target dates for 2022–23, and the actual results for the three most recent fiscal years for which actual results are available.
Departmental results
Performance indicators
Target
Date to achieve target
2020-21 actual results
2021-22 actual results
2022-23 actual results
Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary
All mandatory reviews are completed on an annual basis
100% completion of mandatory reviews
2021-22
Not applicable (N/A)
100%
100%
Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year
At least one national security or intelligence activity is reviewed in at least five departments or agencies annually
2021-22
N/A
100%
100%
All Member-approved high priority national security or intelligence activities are reviewed over a three- year period
100% completion over three years; at least 33% completed each year
2021-22
N/A
33%
33%
National security-related complaints are independently investigated in a timely manner
Percentage of investigations completed within NSIRA service standards
90%
2022-23
N/A
N/A
Note: The NSIRA Secretariat was created on July 12, 2019. Actual results for 2020–21 are not available because the new Departmental Results Framework in the changeover from the Security Intelligence Review Committee to the NSIRA Secretariat was being developed. This new framework is for measuring and reporting on results achieved starting in 2021–22. In 2022–23, the Secretariat will finalize the development of service standards for how long it takes to complete its investigations; the results will be included in the next Departmental Results Report.
Financial, human resources and performance information for NSIRA’s Program Inventory is available in GC InfoBase.
Budgetary financial resources (dollars)
The following table shows, for internal services, budgetary spending for 2022–23, as well as actual spending for that year.
2022–23 Main Estimates
2022–23 Planned spending
2022–23 Total authorities available for use
2022–23 Actual spending (authorities used)
2022–23 Difference (Actual spending minus Planned spending)
$10,756,818
$10,756,818
$11,541,004
$7,756,271
$(3,000,547)
Financial, human resources and performance information for NSIRA Secretariat’s Program Inventory is available in GC InfoBase.
Human resources (full-time equivalents)
The following table shows, in full-time equivalents, the human resources the NSIRA Secretariat’s needed to fulfill this core responsibility for 2022–23.
2022–23 Planned full-time equivalents
2022–23 Actual full-time equivalents
2022–23 Difference (Actual full-time equivalents minus Planned full-time equivalents)
69
53
(16)
Financial, human resources and performance information for NSIRA Secretariat’s Program Inventory is available in GC InfoBase.
Internal Services
Description
Internal services are those groups of related activities and resources that the federal government considers to be services in support of programs and/or required to meet corporate obligations of an organization. Internal services refers to the activities and resources of the 10 distinct service categories that support program delivery in the organization, regardless of the internal services delivery model in a department. The 10 service categories are:
Acquisition Management Services
Communication Services
Financial Management Services
Human Resources Management Services
Information Management Services
Information Technology Services
Legal Services
Material Management Services
Management and Oversight Services
Real Property Management Services
Results
During the reporting period, the NSIRA Secretariat continued to take steps to ensure resources were deployed in the most effective and efficient manner possible and its operations and administrative structures, tools and processes continued to focus on supporting the delivery of its priorities.
The Secretariat recognizes the need to be an inclusive, healthy, and flexible employer. Over the past year, we have encouraged flexible working arrangements, such as teleworking, to achieve work–life balance and meet performance expectations.
The Secretariat initiated a project associated with the accreditation of its current space for use of classified material. Various testing, inspections and supported documents were issued to the Lead Security Agency issuing the authority to operate within the required timelines.
Work on increasing the Secretariat’s footprint with modern and flexible workstations within the classified and non-classified realm commenced in the summer of 2022. The project has, due to its complexity, supply chain challenges, and compliancy requirements, seen the delivery date pushed back to summer of 2024.
The Secretariat also completed work on refreshing two of its multifunctional meeting rooms. The Secretariat continues to implement security controls and keeps its Security Plan and the Business Impact Analysis evergreen, in order to ensure resiliency.
The Secretariat has successfully implemented an ergonomic and accessibility program. This program is a joint venture between the human resources and property management teams. In addition to this, based on the Information Management plans and strategies developed last fiscal year, the Secretariat identified the tools and resources required to execute the plans/strategies over the coming years.
Contracts awarded to Indigenous businesses
The Government of Canada is committed to reconciliation with Indigenous peoples and to improving socio-economic outcomes by increasing opportunities for First Nations, Inuit and Métis businesses through the federal procurement process.
Under the Directive on the Management of Procurement, which came into effect on May 13, 2021, departments must ensure that a minimum of 5% of the total value of the contracts they award are held by Indigenous businesses. This requirement is being phased in over three years, and full implementation is expected by 2024.
Indigenous Services Canada has set the implementation schedule:
Phase 1 departments: April 1, 2022, to March 31, 2023
Phase 2 departments: April 1, 2023, to March 31, 2024
Phase 3 departments: April 1, 2024, to March 31, 2025
The NSIRA Secretariat is a Phase 3 organization and is aiming to achieve the minimum 5% target by the end of 2025.
In order to achieve this target, the Secretariat plans to implement a strategy to create more opportunities for Indigenous businesses. Tools will be added to ensure Indigenous considerations for every contract and consideration will be given to amending internal policies.
In addition, all staff will be required to complete the mandatory course Indigenous Considerations in Procurement (COR409) from the Canada School of Public Service as well as Procurement in the Nunavut Settlement Area (COR410) from the Canada School of Public Service.
Budgetary financial resources (dollars)
The following table shows, for internal services, budgetary spending for 2021–22, as well as spending for that year.
2022–23 Main Estimates
2022–23 Planned spending
2022–23 Total authorities available for use
2022–23 Actual spending (authorities used)
2022–23 Difference (Actual spending minus Planned spending)
$17,493,858
$17,493,858
$17,822,513
$10,532,876
($6,960,982)
The difference of $6.9 million between planned and actual spending is mostly due to the lingering impacts of the pandemic on the Secretariat’s ability to progress with its facilities fit-up and expansion plans, as well as on its planned spending on internal services infrastructure and systems.
Human resources (full-time equivalents)
The following table shows, in full-time equivalents, the human resources the department needed to carry out its internal services for 2022–23.
2022–23 Planned full-time equivalents
2022–23 Actual full-time equivalents
2022–23 Difference (Actual full-time equivalents minus Planned full-time equivalents)
31
25
(6)
Spending and human resources
Spending
Spending 2020–21 to 2025–26
The following graph presents planned (voted and statutory spending) over time.
Text version of Figure 1
Departmental spending trend graph
2020-21
2021-22
2022-23
2023-24
2024-25
2025-26
Statutory
962,186
1,176,321
1,300,166
1,755,229
1,755,229
1,756,977
Voted
11,289,189
16,113,433
16,988,980
21,253,996
16,753,702
16,786,929
Total
12,251,375
17,289,754
18,289,147
23,009,225
18,508,931
18,543,906
The graph illustrates the Secretariat’s spending trends over a six-year period from 2020-21 to 2025–26. Fiscal years 2020–21 to 2022–23 reflect actual expenditures as reported in the Public Accounts. Fiscal years 2023–24 to 2025–26 represent planned spending.
The increased spending in 2023-24 is due to the expectation that the facilities fit-up and expansion is planned to be completed in this fiscal year.
The levelling of authorities in 2024–25 and 2025-26 is due to the sunsetting of funding earmarked for the completion of facilities fit-up and expansion.
Budgetary performance summary for core responsibilities and internal services (dollars)
The “Budgetary performance summary for core responsibilities and internal services” table presents the budgetary financial resources allocated for the NSIRA Secretariat’s core responsibilities and for internal services.
Core responsibilities and Internal Services
2022-23 Main Estimates
2022-23 Planned spending
2023-24 Planned spending
2024-25 Planned spending
2022-23 Total authorities available for use
2020-21 Actual spending (authorities used)
2021-22 Actual spending (authorities used)
2022-23 Actual spending (authorities used)
National Security and Intelligence Reviews and Complaints Investigations
10,756,818
10,756,818
10,757,687
10,757,687
11,541,004
3,009,066
7,394,642
7,756,271
Subtotal
10,756,818
10,756,818
10,757,687
10,757,687
11,541,004
3,009,066
7,394,642
7,756,271
Internal Services
17,493,858
17,493,858
7,701,336
7,701,042
17,822,513
6,643,579
9,895,112
10,532,876
Total
28,250,676
28,250,676
18,459,023
18,458,729
29,363,517
9,652,645
17,289,754
18,289,147
Human resources
The “Human resources summary for core responsibilities and internal services” table presents the full-time equivalents (FTEs) allocated to each of the Secretariat’s core responsibilities and to internal services.
Human resources summary for core responsibilities and internal services
Core responsibilities and Internal Services
2020-21 Actual full-time equivalents
2021-22 Actual full-time equivalents
2022-23 Planned full-time equivalents
2022-23 Actual full-time equivalents
2023-24 Planned full-time equivalents
2024-25 Planned full-time equivalents
National Security and Intelligence Reviews and Complaints Investigations
38
52
69
53
69
69
Subtotal
38
52
69
53
69
69
Internal Services
22
22
31
25
31
31
Total
29
60
100
78
100
100
Expenditures by vote
For information on the Secretariat’s organizational voted and statutory expenditures, consult the Public Accounts of Canada.
Government of Canada spending and activities
Information on the alignment of the Secretariat’s spending with Government of Canada’s spending and activities is available in GC InfoBase.
Financial statements and financial statements highlights
Financial statements
NSIRA’s financial statements (unaudited) for the year ended March 31, 2023, are available on the departmental website.
Financial statement highlights
Condensed Statement of Operations (unaudited) for the year ended March 31, 2023 (dollars)
Financial information
2022-23 Planned results
2022-23 Actual results
2021-22 Actual results
Difference (2022-23 Actual results minus 2022-23 Planned results)
Difference (2022-23 Actual results minus 2021-22 Actual results)
Total expenses
$28,250,676
$19,585,699
$16,164,825
($8,664,977)
$3,420,874
Total revenues
0
0
0
0
0
Net cost of operations before government funding and transfers
Appropriate minister: The Right Honourable Justin Trudeau, Prime Minister of Canada Institutional head: John Davies, Executive Director Ministerial portfolio: Privy Council Office Enabling instrument:National Security and Intelligence Review Agency Act Year of incorporation / commencement: 2019
Raison d’être, mandate and role: who we are and what we do
“Raison d’être, mandate and role: who we are and what we do” is available on NSIRA‘s website.
Operating context
Information on the operating context is available on NSIRA’s website.
Reporting framework
NSIRA’s Departmental Results Framework, with accompanying results and indicators, were under development in 2020–21. Additional information on key performance measures are included in the 2021–22 Departmental Plan.
Text version of Figure 2
Core Responsibility: National Security and Intelligence Reviews and Complaints Investigations
Departmental Results Framework
Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary
Indicator: All mandatory reviews are completed on an annual basis
Internal Services
Indicator: Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year
Indicator: All Member-approved high priority national security or intelligence activities are reviewed over a three-year period
National security-related complaints are independently investigated in a timely manner
Indicator: Percentage of investigations completed within NSIRA service standards
Program Inventory
Program: National security and intelligence activity reviews and complaints investigations
Supporting information on the program inventory
Financial, human resources and performance information for NSIRA’s Program Inventory is available in GC InfoBase.
Supplementary information tables
The following supplementary information table is available on NSIRA’s website:
Gender-based analysis plus
Federal tax expenditures
The tax system can be used to achieve public policy objectives through the application of special measures such as low tax rates, exemptions, deductions, deferrals and credits. The Department of Finance Canada publishes cost estimates and projections for these measures each year in the Report on Federal Tax Expenditures. This report also provides detailed background information on tax expenditures, including descriptions, objectives, historical information and references to related federal spending programs. The tax measures presented in this report are the responsibility of the Minister of Finance.
Organizational contact information
National Security and Intelligence Review Agency P.O. Box 2430, Station “D” Ottawa, Ontario K1P 5W5
Appendix: definitions
appropriation(crédit)
Any authority of Parliament to pay money out of the Consolidated Revenue Fund.
budgetary expenditures(dépenses budgétaires)
Operating and capital expenditures; transfer payments to other levels of government, organizations or individuals; and payments to Crown corporations.
core responsibility(responsabilité essentielle)
An enduring function or role performed by a department. The intentions of the department with respect to a core responsibility are reflected in one or more related departmental results that the department seeks to contribute to or influence.
Departmental Plan(plan ministériel)
A report on the plans and expected performance of an appropriated department over a 3‑year period. Departmental Plans are usually tabled in Parliament each spring.
departmental priority(priorité)
A plan or project that a department has chosen to focus and report on during the planning period. Priorities represent the things that are most important or what must be done first to support the achievement of the desired departmental results.
departmental result(résultat ministériel)
A consequence or outcome that a department seeks to achieve. A departmental result is often outside departments’ immediate control, but it should be influenced by program-level outcomes.
departmental result indicator (indicateur de résultat ministériel)
A quantitative measure of progress on a departmental result.
departmental results framework(cadre ministériel des résultats)
A framework that connects the department’s core responsibilities to its departmental results and departmental result indicators.
Departmental Results Report(rapport sur les résultats ministériels)
A report on a department’s actual accomplishments against the plans, priorities and expected results set out in the corresponding Departmental Plan.
experimentation(expérimentation)
The conducting of activities that seek to first explore, then test and compare the effects and impacts of policies and interventions in order to inform evidence-based decision-making, and improve outcomes for Canadians, by learning what works, for whom and in what circumstances. Experimentation is related to, but distinct from innovation (the trying of new things), because it involves a rigorous comparison of results. For example, using a new website to communicate with Canadians can be an innovation; systematically testing the new website against existing outreach tools or an old website to see which one leads to more engagement, is experimentation.
full‑time equivalent(équivalent temps plein)
A measure of the extent to which an employee represents a full person‑year charge against a departmental budget. For a particular position, the full‑time equivalent figure is the ratio of number of hours the person actually works divided by the standard number of hours set out in the person’s collective agreement.
gender-based analysis plus (GBA Plus)(analyse comparative entre les sexes plus [ACS Plus])
An analytical process used to assess how diverse groups of women, men and gender-diverse people experience policies, programs and services based on multiple factors including race ethnicity, religion, age, and mental or physical disability.
For the purpose of the 2022–23 Departmental Results Report, government-wide priorities are the high-level themes outlining the government’s agenda in the November 23, 2021, Speech from the Throne: building a healthier today and tomorrow; growing a more resilient economy; bolder climate action; fighter harder for safer communities; standing up for diversity and inclusion; moving faster on the path to reconciliation; and fighting for a secure, just and equitable world.
horizontal initiative(initiative horizontale)
An initiative where two or more federal organizations are given funding to pursue a shared outcome, often linked to a government priority.
non‑budgetary expenditures(dépenses non budgétaires)
Net outlays and receipts related to loans, investments and advances, which change the composition of the financial assets of the Government of Canada.
performance (rendement)
What an organization did with its resources to achieve its results, how well those results compare to what the organization intended to achieve, and how well lessons learned have been identified.
performance indicator(indicateur de rendement)
A qualitative or quantitative means of measuring an output or outcome, with the intention of gauging the performance of an organization, program, policy or initiative respecting expected results.
performance reporting(production de rapports sur le rendement)
The process of communicating evidence‑based performance information. Performance reporting supports decision making, accountability and transparency.
plan(plan)
The articulation of strategic choices, which provides information on how an organization intends to achieve its priorities and associated results. Generally, a plan will explain the logic behind the strategies chosen and tend to focus on actions that lead to the expected result.
planned spending(dépenses prévues)
For Departmental Plans and Departmental Results Reports, planned spending refers to those amounts presented in Main Estimates.
A department is expected to be aware of the authorities that it has sought and received. The determination of planned spending is a departmental responsibility, and departments must be able to defend the expenditure and accrual numbers presented in their Departmental Plans and Departmental Results Reports.
program(programme)
Individual or groups of services, activities or combinations thereof that are managed together within the department and focus on a specific set of outputs, outcomes or service levels.
program inventory(répertoire des programmes)
Identifies all the department’s programs and describes how resources are organized to contribute to the department’s core responsibilities and results.
result(résultat)
A consequence attributed, in part, to an organization, policy, program or initiative. Results are not within the control of a single organization, policy, program or initiative; instead they are within the area of the organization’s influence.
statutory expenditures(dépenses législatives)
Expenditures that Parliament has approved through legislation other than appropriation acts. The legislation sets out the purpose of the expenditures and the terms and conditions under which they may be made.
target (cible)
A measurable performance or success level that an organization, program or initiative plans to achieve within a specified time period. Targets can be either quantitative or qualitative.
voted expenditures(dépenses votées)
Expenditures that Parliament approves annually through an appropriation act. The vote wording becomes the governing conditions under which these expenditures may be made.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!