Ottawa, Ontario, November 6, 2024 – The National Security and Intelligence Review Agency’s (NSIRA) fifth annual report has been tabled in Parliament.
This report provides an overview and discussion of NSIRA’s review and investigation work throughout 2023, including its findings and recommendations. It highlights the significant outcomes achieved through strengthened partnerships and an unwavering commitment to all Canadians to provide accountability and transparency regarding the Government of Canada’s national security and intelligence activities.
The annual report also reflects on a major milestone: NSIRA’s five-year anniversary. The agency has matured since its inception in 2019, keeping pace with emerging threats, technological advancements, and evolving security and intelligence activities. In stride, NSIRA has built an enhanced capacity to address complex issues and conduct thorough and effective reviews and investigations with a team of dedicated professionals with diverse expertise.
In 2023, in addition to its mandatory reviews, NSIRA continued executing discretionary reviews that were deemed relevant and appropriate. Of the ongoing reviews in 2023, NSIRA has since completed 12. In particular, NSIRA’s review on the Dissemination of Intelligence on People’s Republic of China Political Foreign Interference, 2018–2023 was a significant achievement. NSIRA evaluated the flow of intelligence within government from the collectors to consumers, including senior public servants and elected officials. This involved scrutinizing internal processes regarding how collected information was shared and escalated to relevant decision-makers. NSIRA determined it was in the public interest to report on this matter and produced its first special report under section 40 of the NSIRA Act, which was tabled in both houses of Parliament in May 2024.
Review highlights in the report include the following:
A review of the Communications Security Establishment’s (CSE) use of the polygraph for security screening, which examined the way CSE operated its polygraph program and the role of the Treasury Board of Canada Secretariat (TBS) in establishing the Standard on Security Screening that governs the use of the polygraph for security screening by the Government of Canada;
A review of the Canadian Security Intelligence Service’s (CSIS) current application of its dataset regime, which enables CSIS to collect and retain datasets containing personal information that are not directly and immediately related to threats but likely to assist in national security investigations;
A review of operational collaboration between CSE and CSIS, NSIRA’s first review to examine the effectiveness of the collaboration by assessing their respective mandates and associated prohibitions;
Two mandated multi-departmental reviews: a review of directions issued with respect to the Avoiding Complicity in Mistreatment by Foreign Entities Act and a review of disclosures of information under the Security of Canada Information Disclosure Act; and
Three reviews concerning human source programs: the RCMP’s Human Source Program, CBSA’s Confidential Human Source Program, and the Department of National Defence/Canadian Armed Forces’ Human Source Handling Program.
NSIRA also closed 12 investigations in 2023. Last year, the agency saw an increase in complaints against CSIS under section 16 of the NSIRA Act, alleging process delays in immigration or citizenship security screening.
This annual report demonstrates the value of expanded partnerships and how the organization leveraged its network of international oversight partners in 2023, including lessons learned and shared. NSIRA’s integration into the global community of national security and intelligence oversight has advanced the agency’s development and enhanced its capacity to carry out its mandate.
Over the past five years, NSIRA has sought to demystify the often-opaque domain of national security and intelligence agencies and empower Canadians to participate in informed discussions about their security and rights. Recently, the agency codified its approach by formalizing its vision, mission, and values statements.
Looking ahead, NSIRA is committed to continuing its vital work reporting on whether national security or intelligence activities are respectful of the rights and freedoms of all Canadians and enhancing public awareness and understanding of the critical issues at stake in national security and intelligence.
This quarterly report has been prepared by management as required by section 65.1 of the Financial Administration Act and in the form and manner prescribed by the Directive on Accounting Standards, GC 4400 Departmental Quarterly Financial Report. This quarterly financial report should be read in conjunction with the 2024–2025 Main Estimates.
This quarterly report has not been subject to an external audit or review.
Mandate
The National Security and Intelligence Review Agency (NSIRA) is an independent external review body that reports to Parliament. Established in July 2019, NSIRA is responsible for conducting reviews of the Government of Canada’s national security and intelligence activities to ensure that they are lawful, reasonable and necessary. NSIRA also hears public complaints regarding key national security agencies and their activities.
The NSIRA Secretariat supports the Agency in the delivery of its mandate. Independent scrutiny contributes to strengthening the accountability framework for national security and intelligence activities and to enhancing public confidence. Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable, and necessary
This quarterly report has been prepared by management using an expenditure basis of accounting. The accompanying Statement of Authorities includes the agency’s spending authorities granted by Parliament and those used by the agency, consistent with the 2024–2025 Main Estimates. This quarterly report has been prepared using a special-purpose financial reporting framework (cash basis) designed to meet financial information needs with respect to the use of spending authorities.
The authority of Parliament is required before money can be spent by the government. Approvals are given in the form of annually approved limits through appropriation acts or through legislation in the form of statutory spending authorities for specific purposes.
Highlights of the fiscal quarter and fiscal year-to-date results
This section highlights the significant items that contributed to the net increase or decrease in authorities available for the year and actual expenditures for the quarter ended June 30, 2024.
NSIRA Secretariat spent approximately 19% of its authorities by the end of the first quarter, compared with 19% in the same quarter of 2023–2024 (see graph 1).
Graph 1: Comparison of total authorities and total net budgetary expenditures, Q1 2024–25 and Q1 2023–24
Text version of Figure 1
Comparison of total authorities and total net budgetary expenditures, Q1 2024–25 and Q1 2023–24
2024-25
2023-24
Total Authorities
$18.4
$23.0
Q1 Expenditures
$3.5
$4.3
Significant changes to authorities
As of June 30, 2024, Parliament had approved $18.4 million in total authorities for use by NSIRA Secretariat for 2024–2025 compared with $23.0 million as of June 30, 2023, for a net decrease of $4.6 million or 20.0% (see graph 2).
Graph 2: Variance in authorities as at June 30, 2024
Text version of Figure 2
Variance in authorities as at June 30, 2024 (in millions)
Fiscal year 2023-24 total available for use for the year ended March 31, 2024
Fiscal year 2024-25 total available for use for the year ended March 31, 2025
Vote 1 – Operating
21.3
16.8.3
Statutory
1.8
1.6
Total budgetary authorities
23.0
18.4
*Details may not sum to totals due to rounding*
The decrease of $4.6 million in authorities is mostly explained by a reduction in capital funding for infrastructure projects.
Significant changes to quarter expenditures
The first quarter expenditures totalled $3.5 million for a decrease of $0.8 million when compared with $4.3 million spent during the same period in 2023–2024. Table 1 presents budgetary expenditures by standard object.
Table 1
Variances in expenditures by standard object (in thousands of dollars)
Fiscal year 2024–25: expended during the quarter ended June 30, 2024
Fiscal year 2023–24: expended during the quarter ended June 30, 2023
Variance $
Variance %
Personnel
3,008
2,886
122
4%
Transportation and communications
58
130
(72)
(55%)
Information
6
0
6
100%
Professional and special services
269
1,165
(896)
(77%)
Rentals
25
48
(23)
(48%)
Repair and maintenance
3
24
(21)
(88%)
Utilities, materials, and supplies
28
7
21
300%
Acquisition of machinery and equipment
12
48
(36)
(75%)
Other subsidies and payments
79
4
75
1875%
Total gross budgetary expenditures
3,488
4,312
(824)
(19%)
Transportation and communications
The decrease of $72,000 is explained by a change in the timing of invoicing for the internet connection.
Professional and special services
The decrease of $896,000 is mainly explained by a change in the timing of the billing for maintenance and services in support of our classified IT network infrastructure.
Rentals
The decrease of $23,000 is explained by a decrease in cost for the rent for temporary office space.
Repair and maintenance
The decrease of $21,000 is explained by a one-time maintenance contract purchased in fiscal year 2023-2024.
Utilities, materials, and supplies
The increase of $21,000 is explained by unreconciled acquisition card purchases.
Acquisition of machinery and equipment
The decrease of $36,000 is explained by a one-time purchase of a specialized laptop along with a wall mounted charging station and warranty in 2023-2024.
Other subsidies and payments
The increase of $75,000 is explained by an increase in salary overpayments.
Risks and uncertainties
There is a risk that the funding received to offset pay increases anticipated over the coming year will be insufficient to cover the costs of such increases and the year-over-year cost of services provided by other government departments/agencies is increasing significantly.
NSIRA Secretariat is closely monitoring pay transactions to identify and address over and under payments in a timely manner and continues to apply ongoing mitigating controls.
Mitigation measures for the risks outlined above have been identified and are factored into NSIRA Secretariat’s approach and timelines for the execution of its mandated activities.
Significant changes in relation to operations, personnel and programs
Mr. Charles Fugère was appointed by the Governor-in-Council to be Executive Director of the NSIRA Secretariat on an interim basis on June 3, 2024.
Mr. Marc-André Cloutier, NSIRA Secretariat’s Director General, Corporate Services and CFO since 2023, retired in Q4 of 2023-2024. He has been replaced by Mr. Martyn Turcotte.
Approved by senior officials:
Charles Fugère Executive Director
Amanda Wark A/Chief Financial Officer
Appendix
Statement of authorities (Unaudited)
(in thousands of dollars)
Fiscal year 2024–25
Fiscal year 2023–24
Total available for use for the year ending March 31, 2025 (note 1)
Used during the quarter ended June 30, 2024
Year to date used at quarter-end
Total available for use for the year ending March 31, 2024 (note 1)
Used during the quarter ended June 30, 2023
Year to date used at quarter-end
Vote 1 – Net operating expenditures
16,810
3,088
3,088
21,254
3,873
3,873
Budgetary statutory authorities
Contributions to employee benefit plans
1,601
400
400
1,755
439
439
Total budgetary authorities (note 2)
18,411
3,488
3,488
23,009
4,312
4,312
Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.
Note 2: Details may not sum to totals due to rounding.
Departmental budgetary expenditures by standard object (unaudited)
(in thousands of dollars)
Fiscal year 2024–25
Fiscal year 2023–24
Planned expenditures for the year ending March 31, 2025 (note 1)
Expended during the quarter ended June 30, 2024
Year to date used at quarter-end
Planned expenditures for the year ending March 31, 2024
Expended during the quarter ended June 30, 2023
Year to date used at quarter-end
Expenditures
Personnel
13,205
3,088
3,088
13,303
2,886
2,886
Transportation and communications
685
58
58
650
130
130
Information
76
6
6
372
0
0
Professional and special services
3,577
269
269
3,596
1,165
1,165
Rentals
309
25
25
271
48
48
Repair and maintenance
436
3
3
4,580
24
24
Utilities, materials, and supplies
58
28
28
73
7
7
Acquisition of machinery and equipment
65
12
12
132
48
48
Other subsidies and payments
0
79
79
33
4
4
Total gross budgetary expenditures
(note 2)
18,411
3,488
3,488
23,009
4,312
4,312
Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.
Note 2: Details may not sum to totals due to rounding.
A departmental plan describes a department’s priorities, plans and associated costs for the upcoming three fiscal years.
Vision, mission, raison d’etre and operating context
Minister’s mandate letter
Key priorities
In 2024–25, the NSIRA Secretariat’s top priorities are to
support NSIRA Members in undertaking professional, independent reviews of Canada’s national security and intelligence activities;
support NSIRA Members in conducting independent investigations of national security and intelligence public complaints;
provide transparency about our work; and
continue to strengthen our domestic and international partnerships.
Refocusing Government Spending
In Budget 2023, the government committed to reducing spending by $14.1 billion over the next five years, starting in 2023–24, and by $4.1 billion annually after that.
While not officially part of the government spending reduction exercise, the NSIRA Secretariat will respect the spirit of this exercise by
critically considering the need for contractors, and
identifying work that can be done in-house or deferred, if required.
NSIRA remains committed to managing spending with prudence and probity and that resources are used effectively, and efficiently to achieve organizational objectives.
Highlights
A Departmental Results Framework consists of an organization’s core responsibilities, the results it plans to achieve, and the performance indicators that measure progress toward these results.
National security and intelligence reviews and complaints investigations
Departmental results:
NSIRA reviews Government of Canada national security and intelligence activities to assess whether they are lawful, reasonable, and necessary. The Agency also investigates complaints from members of the public on the activities of the Canadian Security Intelligence Service (CSIS), the Communications Security Establishment (CSE), the Royal Canadian Mounted Police (RCMP), as well as certain other national security-related complaints, independently and in a timely manner.
The NSIRA Secretariat supports the Agency in the delivery of its mandate. Independent scrutiny contributes to strengthening the accountability framework for national security and intelligence activities and to enhancing public confidence. Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable, and necessary.
See GC InfoBase for the full framework and program inventory.
Planned spending: $10,852,987
Planned human resources: 69
Support to national security and intelligence reviews and complaints investigations: The NSIRA Secretariat will support the Agency as it ensures institutions’ accountability and enhances public confidence. This will involve conducting transparent and timely investigations into complaints related to national security or intelligence activities and the denial of security clearances.
Throughout 2024–25, the NSIRA Secretariat will support and conduct the Agency’s current reviews and initiate new reviews as per its Forward Review Plan. It will also conduct the Agency’s mandated annual reviews under the National Security and Intelligence Review Agency Act and annual reviews of CSIS and CSE activities.
For more information on the NSIRA Secretariat’s plans, see the “Plans to deliver” section of this plan.
More information about National security and intelligence reviews and complaints investigations can be found in the full departmental plan.
This Departmental Plan describes the priorities and goals for the National Security and Intelligence Review Agency (NSIRA) Secretariat in 2024–25. Our work is fundamentally anchored by our role in supporting the Agency’s mandate to undertake independent, expert review and investigation of the Government of Canada’s national security and intelligence activities.
Since the Agency’s inception in 2019, the NSIRA Secretariat has worked to establish a professional workforce and the supporting infrastructure, processes, and policies needed to carry out its mandate. Our approaches have matured as we have taken time for deep internal reflection and to consult with our domestic and international partners. Combined with the growing willingness of the national security community to genuinely accept and adjust to our mandate, we are now well positioned to leverage what we have learned and confidently advance our work as a world-recognized review body. In so doing, we will continue to work towards NSIRA’s vision of an accountable, transparent, and effective national security and intelligence community that upholds the rule of law.
In 2024–25, the Secretariat will continue to improve the quality of our working environment to attract and retain an exceptional workforce. We recognize that prioritizing the physical and mental well-being of our employees, and continuing to advance diversity and inclusion, are important aspects of becoming an employer of choice. We have taken steps to implement meaningful action in the coming year. NSIRA is well positioned to take on new and exciting challenges in the year ahead. I would like to thank both Secretariat staff and NSIRA Members, whose ongoing professionalism and dedication to our important work continues to be the force behind our past and future success.
John Davies Executive Director National Security and Intelligence Review Agency Secretariat
Plans to deliver on core responsibilities and internal services
Core responsibilities and internal services:
National security and intelligence reviews and complaints investigations
Internal services
National security and intelligence reviews and complaints investigations
Description
NSIRA reviews Government of Canada national security and intelligence activities to assess whether they are lawful, reasonable, and necessary. The Agency investigates complaints from members of the public regarding activities of CSIS, CSE, and the national security activities of the RCMP, as well as certain other national security-related complaints.
The NSIRA Secretariat supports the Agency in the delivery of this mandate. The resulting independent scrutiny contributes to the strengthening of the framework of accountability for national security and intelligence activities undertaken by Government of Canada institutions and enhancing public confidence.
Quality of life impacts
NSIRA’s core responsibility relates most closely to the indicator ‘confidence in institutions’, within the ‘democracy and institutions’ sub domain and under the overarching domain of ‘good governance’.
Results and targets
The following tables show, for each departmental result related to national security and intelligence reviews and complaints investigations, the indicators, the results from the three most recently reported fiscal years, the targets and target dates approved in 2024–25.
Table 1: Indicators, results and targets for departmental result “Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable, and necessary”
Indicator
2020–21 result
2021–22 result
2022–23 result
Target
Date to achieve
All mandatory reviews are completed on an annual basis
N/A
100%
100%
100% completion of mandatory reviews
December 2022
Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year
N/A
100%
100%
At least one national security or intelligence activity is reviewed in at least five departments or agencies annually
December 2022
All Member-approved high priority national security or intelligence activities are reviewed over a three- year period
N/A
33%
33%
100% completion over three years; at least 33% completed each year
December 2022
Table 2: Indicators, results, and targets for departmental result “National security-related complaints are independently investigated in a timely manner”
Indicator
2020–21 result
2021–22 result
2022–23 result
Target
Date to achieve
Note: NSIRA was created on July 12, 2019. Actual results for 2020–21 are not available because the new Departmental Results Framework was being developed during the transition of the Security Intelligence Review Committee into the establishment of NSIRA. The new framework is for measuring and reporting on results achieved starting in 2021–22; in 2022–23, NSIRA finalized service standards on the time required to complete its investigations (effective April 1, 2023). The results will be included in the next Departmental Results Report.
Percentage of investigations completed within NSIRA service standards
N/A
N/A
N/A
90% – 100%
March 2024
The financial, human resources and performance information for NSIRA’s program inventory is available on GC InfoBase.
Plans to achieve results
Support to NSIRA reviews
The NSIRA Secretariat will continue to support the Agency’s current, ongoing reviews and new reviews from the Forward Review Plan throughout 2024–25. This will include supporting the annual reviews of CSIS and CSE activities, to provide responsible Ministers and the Canadian public with an assessment of these institutions’ activities, including their lawfulness, reasonableness, and necessity.
In 2024–25, the NSIRA Secretariat will continue to be informed and guided by the knowledge acquired through reviews of departments and agencies (reviewees) to date. As it becomes increasingly familiar with reviewees’ organizational structures, networks, policies, and activities, and able to apply such information to subsequent reviews, it will leverage this knowledge to ensure these institutions’ national security and intelligence activities are reviewed from a strongly informed position of independence. The NSIRA Secretariat will also continue to support reviews focused on crosscutting, horizontal issues that span multiple reviewees, with a goal of fully leveraging NSIRA’s authority in this regard.
In addition to conducting its mandated annual reviews in 2024-25, the NSIRA Secretariat will lead the development of a new review plan that is timely, topical, and responsive. The Forward Review Plan involves evaluating proposals for new reviews against an established matrix of criteria. The criteria represent the considerations or aspects that NSIRA deems to be the most important and relevant to the issues and topics it addresses through its discretionary reviews. The outcome will be a prioritized list of new reviews that will be undertaken once the existing reviews are completed. In this way, the NSIRA Secretariat will continue to support NSIRA Members in executing their responsibilities and exercising their authority under the NSIRA Act.
Support to NSIRA complaints investigations
In 2024–25, the NSIRA Secretariat will support the Agency in ensuring institutions’ accountability and enhancing public confidence by conducting transparent and timely investigations into complaints related to national security and the denial of security clearances. NSIRA’s independent investigation of complaints plays a critical role in maintaining public access to justice.
In the coming year, the NSIRA Secretariat will apply its rules of procedure, which were first implemented in 2021, to promote accessibility, timeliness, and efficiency in the Agency’s investigation of complaints. This includes an informal resolution process that has proven successful in resolving complaints that do not need to proceed e to formal investigation process.
The NSIRA Secretariat will further implement the Agency’s new service standards for the investigation of complaints, which were created in 2022–23 and effective as of April 1, 2023.
Transparency
The NSIRA Secretariat will continue to proactively publish unclassified versions of all Agency review reports. It will engage reviewees in a timelier manner on release approvals and aim to publish redacted reports on the NSIRA website shortly after these reports are provided to reviewees and their respective Ministers, leveraging processes developed during the previous year.
Partnerships
Participation
In 2024–25, the NSIRA Secretariat will build on its ongoing partnership efforts from the previous year. It will continue its participation in the Five Eyes Intelligence Oversight and Review Council, which brings together review agency representatives from Canada, the United States, Australia, New Zealand, and the United Kingdom.
Engagement
The NSIRA Secretariat will also continue to support multilateral and bilateral engagement with other like-minded European and international partners. Such participation and engagement will include ongoing working-level visits and exchanges. This work will support NSIRA’s interest in benefiting from, and contributing to, the sharing of best practices with the broader review and oversight community. The NSIRA Secretariat will also continue to build on recent efforts to foster collaborative relationships with other domestic review bodies and civil society groups.
Key risks
The NSIRA Secretariat has made progress on accessing the information required to conduct reviews; however, there continues to be risks associated with reviewees’ ability to respond to, and prioritize, information requests, hindering NSIRA’s ability to deliver its review plan in a timely way. The NSIRA Secretariat will continue to mitigate this risk by providing clear communication related to information requests, tracking their timely completion within communicated timelines, and escalating issues when appropriate.
Snapshot of planned resources in 2024–25
Planned spending: $18,575,110
Planned full-time resources: 100
Related government priorities
In 2024–25, the NSIRA Secretariat will continue to implement its three-year action plan on human rights, accessibility, employment equity, diversity, and inclusion. It first put this plan into effect during fiscal year 2022–23, following a maturity assessment of its policies, programs, and practices, and the Call to Action from the Clerk of the Privy Council. It includes, among many components, incorporating a gender-based analysis plus lens into the design and implementation of the NSIRA Secretariat’s policies and programs.
Employee self-identification data, which was first collected by the NSIRA Secretariat in 2023–2024 (further to the establishment of a special program under the Canadian Human Rights Act), will continue to inform the NSIRA Secretariat’s activities in the year ahead and better position it to:
prevent, eliminate, or reduce disadvantages and barriers that are experienced by any group of individuals based on, or related to, prohibited grounds of discrimination;
identify gaps in representation, to implement recruitment and retention measures aimed at not only achieving but retaining a diverse workforce and maintaining an inclusive work environment;
leverage the value of diverse peoples and perspectives in its work; and
identify meaningful opportunities for employee engagement in keeping with its overall commitment to human rights, accessibility, employment equity, diversity, and inclusion.
NSIRA’s Forward Looking Review Plan continues to be informed by considerations related to anti-racism, equity, and inclusion. These considerations apply to the process of selecting reviews to be undertaken, as well as to the analysis that takes place during individual reviews. NSIRA reviews routinely take into account the potential for national security or intelligence activities to result in disparate outcomes for various communities, and will continue to do so in the year ahead.
In 2024–25, in the context of complaint investigations, the NSIRA Secretariat will continue to support the Agency as it works with the Civilian Review and Complaints Commission (CRCC) to develop strategies for the collection, analysis, and use of identity-based data. Following the completion of a joint study, it will focus on assessing how some recommendations can be implemented for the collection, analysis, and use of identity-based data in relation to the NSIRA and CRCC mandates.
The NSIRA Secretariat will also continue to implement its Accessibility Plan, which outlines the steps that will be taken to increase accessibility within the organization and for all Canadians over the next two years. In addition, its Diversity, Inclusion, and Employment Equity Advisory Committee will continue to work with management and staff to build a more equitable, diverse, and inclusive workplace and workforce. This will include organizing discussions and learning events with all staff and providing advice on policy and program design.
In the year ahead, the NSIRA Secretariat will also develop and implement a pay equity plan, as required by the Pay Equity Act. Closing any identified gender pay gap is essential to advancing gender equality and fostering a workplace driven by inclusivity and fairness.
Program inventory
National security and intelligence reviews and complaints investigations are supported by the following program in the program inventory:
National security and intelligence activity reviews and complaints investigations.
Supporting information on planned expenditures, human resources, and results related to NSIRA’s program inventory is available on GC Infobase.
Internal services
Description
Internal services are the services that are provided within a department so that it can meet its corporate obligations and deliver its programs. There are 10 categories of internal services:
management and oversight services
communications services
human resources management services
financial management services
information management services
information technology services
real property management services
materiel management services
acquisition management services
Plans to achieve results
In 2024–25, the NSIRA Secretariat will continue to take steps to ensure resources are deployed in the most effective and efficient manner possible, and its operations and administrative structures, tools, and processes continue to focus on supporting the delivery of its priorities.
The NSIRA Secretariat recognizes the need to be an inclusive, healthy, and flexible employer. Over the coming year, it will continue to encourage flexible working arrangements, such as teleworking, to achieve work–life balance and meet performance expectations.
In the coming year, the NSIRA Secretariat’s office footprint, with modern and flexible workstations in the classified and non-classified realm, is expected to be completed. The project has been pushed back to a summer 2024 delivery date due to its complexity, supply chain challenges, and compliance requirements.
The NSIRA Secretariat also continues to implement security controls and keeps its Security Plan and Business Impact Analysis evergreen, to ensure resiliency over time. In addition, based on the NSIRA Secretariat’s Information Management plans and strategies developed last fiscal year, it has identified the tools and resources required to execute the plans and strategies over the coming years.
Snapshot of planned resources in 2024-25
Planned spending: $7,722,123
Planned full-time resources: 31
Related government priorities
Planning for contracts awarded to Indigenous businesses
The NSIRA Secretariat is among the final wave of departments and agencies that are to achieve the mandatory minimum target of contract awards to Indigenous businesses by 2024–25. Efforts are already well underway in support of the Government of Canada’s commitment which requires that an annual, mandatory minimum target of five percent of the total value of contracts be awarded to Indigenous businesses.
In 2021-22, the NSIRA Secretariat exceeded its plan to reach two percent of total contract values awarded to Indigenous business, and achieved three percent, as shown in Table 3. Measures undertaken by the NSIRA Secretariat to facilitate the achievement of the mandatory minimum target by 2024–25 include a commitment to process an increasing minimum number of contracts in each of the following three fiscal years, as set-asides under the Procurement Strategy for Indigenous Business.
Table 3: Progress toward target for contracts with Indigenous businesses
5% reporting field description
2021–22 actual % achieved
2022–23 actual % achieved
2023–24 planned % target
2024–25 planned % target
Total percentage of contracts with Indigenous businesses
3%
3%
3%
5%
Planned spending and human resources
This section provides an overview of NSIRA’s planned spending and human resources for the next three fiscal years and compares planned spending for 2024–25 with actual spending from previous years.
Spending
Table 4: Actual spending summary for core responsibilities and internal services ($ dollars)
The following table shows information on spending for each of NSIRA’s core responsibilities and for its internal services for the previous three fiscal years. Amounts for the current fiscal year are forecasted based on spending to date.
Core responsibilities and Internal Services
2020–21 actual expenditures
2021–22 actual expenditures
2022–23 forecast spending
National Security and Intelligence Reviews and Complaints Investigations
7,394,642
7,756,271
9,516,920
Subtotal
7,394,642
7,756,271
9,516,920
Internal Services
9,895,112
10,532,876
10,799,513
Total
17,289,754
18,289,147
20,316,433
Table 5: Budgetary planning summary for core responsibilities and internal services (dollars)
The following table shows information on spending for each of NSIRA’s core responsibilities and for its internal services for the upcoming three fiscal years.
Core responsibilities and Internal Services
2024–25 budgetary spending
(as indicated in Main Estimates)
2024–25 planned spending
2025–26 planned spending
2026–27 planned spending
National Security and Intelligence Reviews and Complaints Investigations
10,852,987
10,852,987
10,852,051
10,852,051
Subtotal
10,852,987
10,852,987
10,852,051
10,852,051
Internal Services
7,722,123
7,722,123
7,758,034
7,758,034
Total
18,575,110
18,575,110
18,610,085
18,610,085
Funding
Figure 1: Departmental spending 2021–22 to 2026–27
The following graph presents planned spending (voted and statutory expenditures) over time.
Text version of Figure 1
Departmental spending trend graph
2021–22
2022–23
2023–24
2024–25
2025–26
2026–27
Statutory
1,176,321
1,300,166
1,513,580
1,764,845
1,766,593
1,766,593
Voted
16,113,433
16,988,981
18,802,853
16,810,265
16,843,492
16,843,492
Total
17,289,754
18,289,147
20,316,433
18,575,110
18,610,085
18,610,085
Peak spending was reached in 2023–24 with the inclusion of the majority of construction project expenditures. The NSIRA Secretariat will move to steadier state of spending in 2024–25.
Estimates by vote
Information on NSIRA’s organizational appropriations is available in the 2024–25 Main Estimates.
Future-oriented condensed statement of operations
The future-oriented condensed statement of operations provides an overview of NSIRA’s operations for 2023–24 to 2024–25.
The forecast and planned amounts in this statement of operations were prepared on an accrual basis. The forecast and planned amounts presented in other sections of the Departmental Plan were prepared on an expenditure basis. Amounts may therefore differ.
A more detailed future-oriented statement of operations and associated notes, including a reconciliation of the net cost of operations with the requested authorities, are available at NSIRA’s website.
Table 6: Future-oriented condensed statement of operations for the year ending March 31, 2025 (dollars)
Financial information
2023–24 Forecast results
2024–25 Planned results
Difference (2024–25 planned results minus 2023–24 Forecast results)
Total expenses
18,786,869
20,400,691
1,613,823
Total revenues
0
0
0
Net cost of operations before government funding and transfers
18,786,869
20,400,691
1,613,823
Human resources
Table 7: Actual human resources for core responsibilities and internal services
The following table shows a summary of human resources, in full-time equivalents (FTEs), for NSIRA’s core responsibilities and for its internal services for the previous three fiscal years. Human resources for the current fiscal year are forecasted based on year to date.
Core responsibilities and Internal Services
2021–22 actual full time equivalents
2022–23 actual full time equivalents
2023–24 forecast full time equivalents
National Security and Intelligence Reviews and Complaints Investigations
52
53
69
Subtotal
52
53
69
Internal Services
22
25
31
Total
74
78
100
Given the NSIRA secretariat continues to be a growing organization, the increase of 4 FTEs is reasonable year over year. The organization plans to continue to grow towards 100 FTEs through various recruitment and retention programs.
Table 8: Human resources planning summary for core responsibilities and internal services
The following table shows information on human resources, in full-time equivalents (FTEs), for each of NSIRA’s core responsibilities and for its internal services planned for 2024–25 and future years.
Core responsibilities and Internal Services
2024–25 planned full time equivalents
2025–26 planned full time equivalents
2026–27 planned full time equivalents
National Security and Intelligence Reviews and Complaints Investigations
69
69
69
Subtotal
69
69
69
Internal Services
31
31
31
Total
100
100
100
With a tight labour market and the requirement for a significant portion of employees to work primarily from secure office space, recruitment continues to prove challenging. New recruitment and retention programs will help the NSIRA secretariat in its ongoing efforts to be fully staffed.
Corporate Information
Organizational profile
Appropriate minister: The Right Honourable Justin Trudeau, Prime Minister of Canada Institutional head: John Davies, Executive Director Ministerial portfolio: Privy Council Office Enabling instrument:National Security and Intelligence Review Agency Act Year of incorporation / commencement: 2019
Organizational contact information
National Security and Intelligence Review Agency P.O. Box 2430, Station “D” Ottawa, Ontario K1P 5W5
Information on NSIRA’s departmental sustainable development strategy can be found on NSIRA’s website
Federal tax expenditures
NSIRA’s Departmental Plan does not include information on tax expenditures.
Tax expenditures are the responsibility of the Minister of Finance. The Department of Finance Canada publishes cost estimates and projections for government wide tax expenditures each year in the Report on Federal Tax Expenditures.
This report provides detailed information on tax expenditures, including objectives, historical background and references to related federal spending programs, as well as evaluations, research papers and gender-based analysis plus.
Appendix: definitions
appropriation(crédit)
Any authority of Parliament to pay money out of the Consolidated Revenue Fund.
budgetary expenditures(dépenses budgétaires)
Operating and capital expenditures; transfer payments to other levels of government, organizations or individuals; and payments to Crown corporations.
core responsibility(responsabilité essentielle)
An enduring function or role performed by a department. The intentions of the department with respect to a core responsibility are reflected in one or more related departmental results that the department seeks to contribute to or influence.
Departmental Plan(plan ministériel)
A report on the plans and expected performance of an appropriated department over a 3‑year period. Departmental Plans are usually tabled in Parliament each spring.
departmental priority(priorité)
A plan or project that a department has chosen to focus and report on during the planning period. Priorities represent the things that are most important or what must be done first to support the achievement of the desired departmental results.
departmental result(résultat ministériel)
A consequence or outcome that a department seeks to achieve. A departmental result is often outside departments’ immediate control, but it should be influenced by program-level outcomes.
departmental result indicator (indicateur de résultat ministériel)
A quantitative measure of progress on a departmental result.
departmental results framework(cadre ministériel des résultats)
A framework that connects the department’s core responsibilities to its departmental results and departmental result indicators.
Departmental Results Report(rapport sur les résultats ministériels)
A report on a department’s actual accomplishments against the plans, priorities and expected results set out in the corresponding Departmental Plan.
experimentation(expérimentation)
The conducting of activities that seek to first explore, then test and compare the effects and impacts of policies and interventions in order to inform evidence-based decision-making, and improve outcomes for Canadians, by learning what works, for whom and in what circumstances. Experimentation is related to, but distinct from innovation (the trying of new things), because it involves a rigorous comparison of results. For example, using a new website to communicate with Canadians can be an innovation; systematically testing the new website against existing outreach tools or an old website to see which one leads to more engagement, is experimentation.
full‑time equivalent(équivalent temps plein)
A measure of the extent to which an employee represents a full person‑year charge against a departmental budget. For a particular position, the full‑time equivalent figure is the ratio of number of hours the person actually works divided by the standard number of hours set out in the person’s collective agreement.
gender-based analysis plus (GBA Plus)(analyse comparative entre les sexes plus [ACS Plus])
An analytical process used to assess how diverse groups of women, men and gender-diverse people experience policies, programs and services based on multiple factors including race ethnicity, religion, age, and mental or physical disability.
For the purpose of the 2020–21 Departmental Results Report, those high-level themes outlining the government’s agenda in the 2019 Speech from the Throne, namely: Fighting climate change; Strengthening the Middle Class; Walking the road of reconciliation; Keeping Canadians safe and healthy; and Positioning Canada for success in an uncertain world.
horizontal initiative(initiative horizontale)
An initiative where two or more federal organizations are given funding to pursue a shared outcome, often linked to a government priority.
non‑budgetary expenditures(dépenses non budgétaires)
Net outlays and receipts related to loans, investments and advances, which change the composition of the financial assets of the Government of Canada.
performance (rendement)
What an organization did with its resources to achieve its results, how well those results compare to what the organization intended to achieve, and how well lessons learned have been identified.
performance indicator(indicateur de rendement)
A qualitative or quantitative means of measuring an output or outcome, with the intention of gauging the performance of an organization, program, policy or initiative respecting expected results.
performance reporting(production de rapports sur le rendement)
The process of communicating evidence‑based performance information. Performance reporting supports decision making, accountability and transparency.
plan(plan)
The articulation of strategic choices, which provides information on how an organization intends to achieve its priorities and associated results. Generally, a plan will explain the logic behind the strategies chosen and tend to focus on actions that lead to the expected result.
planned spending(dépenses prévues)
For Departmental Plans and Departmental Results Reports, planned spending refers to those amounts presented in Main Estimates.
A department is expected to be aware of the authorities that it has sought and received. The determination of planned spending is a departmental responsibility, and departments must be able to defend the expenditure and accrual numbers presented in their Departmental Plans and Departmental Results Reports.
program(programme)
Individual or groups of services, activities or combinations thereof that are managed together within the department and focus on a specific set of outputs, outcomes or service levels.
program inventory(répertoire des programmes)
Identifies all the department’s programs and describes how resources are organized to contribute to the department’s core responsibilities and results.
result(résultat)
A consequence attributed, in part, to an organization, policy, program or initiative. Results are not within the control of a single organization, policy, program or initiative; instead they are within the area of the organization’s influence.
statutory expenditures(dépenses législatives)
Expenditures that Parliament has approved through legislation other than appropriation acts. The legislation sets out the purpose of the expenditures and the terms and conditions under which they may be made.
target (cible)
A measurable performance or success level that an organization, program or initiative plans to achieve within a specified time period. Targets can be either quantitative or qualitative.
voted expenditures(dépenses votées)
Expenditures that Parliament approves annually through an appropriation act. The vote wording becomes the governing conditions under which these expenditures may be made.
This quarterly report has been prepared by management as required by section 65.1 of the Financial Administration Act and in the form and manner prescribed by the Directive on Accounting Standards, GC 4400 Departmental Quarterly Financial Report. This quarterly financial report should be read in conjunction with the 2023–24 Main Estimates.
This quarterly report has not been subject to an external audit or review.
Mandate
The National Security and Intelligence Review Agency (NSIRA) is an independent external review body that reports to Parliament. Established in July 2019, NSIRA is responsible for conducting reviews of the Government of Canada’s national security and intelligence activities to ensure that they are lawful, reasonable and necessary. NSIRA also hears public complaints regarding key national security agencies and their activities.
This quarterly report has been prepared by management using an expenditure basis of accounting. The accompanying Statement of Authorities includes the agency’s spending authorities granted by Parliament and those used by the agency, consistent with the 2023–24 Main Estimates. This quarterly report has been prepared using a special-purpose financial reporting framework (cash basis) designed to meet financial information needs with respect to the use of spending authorities.
The authority of Parliament is required before money can be spent by the government. Approvals are given in the form of annually approved limits through appropriation acts or through legislation in the form of statutory spending authorities for specific purposes.
Highlights of the fiscal quarter and fiscal year-to-date results
This section highlights the significant items that contributed to the net increase or decrease in authorities available for the year and actual expenditures for the quarter ended September 30, 2023.
NSIRA Secretariat spent approximately 52% of its authorities by the end of the third quarter, compared with 39% in the same quarter of 2022–23 (see graph 1).
Graph 1: Comparison of total authorities and total net budgetary expenditures, Q3 2023–2024 and Q3 2022–2023
Text version of Figure 1
Comparison of total authorities and total net budgetary expenditures, Q3 2023–24 and Q3 2022–23
2023-24
2022-23
Total Authorities
$24.4
$29.8
Q2 Expenditures
$4.8
$4.7
Year-to-Date Expenditures
$12.8
$11.6
Significant changes to authorities
As at December 31, 2023, Parliament had approved $24.4 million in total authorities for use by NSIRA Secretariat for 2023–24 compared with $29.8 million as of December 31, 2022, for a net decrease of $5.3 million or 18% (see graph 2).
Graph 2: Variance in authorities as at December 31, 2023
Text version of Figure 2
Variance in authorities as at June 30, 2023 (in millions)
Fiscal year 2022-23 total available for use for the year ended March 31, 2023
Fiscal year 2023-24 total available for use for the year ended March 31, 2024
Vote 1 – Operating
28.1
22.6
Statutory
1.6
1.8
Total budgetary authorities
29.7
24.4
The decrease of $5.3 million in authorities is mostly explained by a gradual reduction in NSIRA Secretariat’s ongoing operating funding due to an ongoing construction project nearing completion.
Significant changes to quarter expenditures
The third quarter expenditures totalled $4.8 million for an increase of $0.1 million when compared with $4.7 million spent during the same period in 2022–2023. Table 1 presents budgetary expenditures by standard object.
Table 1
Variances in expenditures by standard object(in thousands of dollars)
Fiscal year 2023–24: expended during the quarter ended December 31, 2023
Fiscal year 2022–23: expended during the quarter ended December 31, 2022
Variance $
Variance %
Personnel
2,866
2,503
363
15%
Transportation and communications
110
82
28
34%
Information
1
4
(3)
(75%)
Professional and special services
486
1,271
(785)
(62%)
Rentals
78
83
(5)
(6%)
Repair and maintenance
1,161
685
476
69%
Utilities, materials and supplies
(1)
21
(22)
(105%)
Acquisition of machinery and equipment
83
2
81
4050%
Other subsidies and payment
(33)
17
(50)
(294%)
Total gross budgetary expenditures
4,751
4,668
83
2%
*Details may not sum to totals due to rounding*
Professional and special services
The decrease of $785,000 is due to the timing of invoicing for our Internal Support Services agreement.
Repair and maintenance
The increase of $476,000 is due to the timing of invoicing for an ongoing capital project.
Utilities, materials and supplies
The decrease of $22,000 is due to a temporarily unreconciled acquisition card suspense account.
Acquisition of machinery and equipment
The increase of $81,000 is due to the purchase of software licenses and the corresponding support and maintenance.
Other subsidies and payments
The decrease of $50,000 is explained by a prior year refund that was deposited to NSIRA’s account in error.
Significant changes to year-to-date expenditures
The year-to-date expenditures totalled $12.8 million for an increase of $1.2 million (11%) when compared with $11.6 million spent during the same period in 2022–23. Table 2 presents budgetary expenditures by standard object.
Table 2
Variances in expenditures by standard object(in thousands of dollars)
Fiscal year 2023–24: year-to-date expenditures as of December 31, 2023
Fiscal year 2022–23: year-to-date expenditures as of December 31, 2022
Variance $
Variance %
Personnel
8,766
7,751
1,015
13%
Transportation and communications
302
196
106
54%
Information
5
9
(4)
(44%)
Professional and special services
2,155
2,695
(540)
(20%)
Rentals
151
132
19
14%
Repair and maintenance
1,188
749
439
(59%)
Utilities, materials and supplies
56
49
7
14%
Acquisition of machinery and equipment
135
15
120
800%
Other subsidies and payment
89
18
71
394%
Total gross budgetary expenditures
12,847
11,614
1,233
11%
*Details may not sum to totals due to rounding*
Personnel
The increase of $1,015,000 relates to an increase in average salary, an increase in full time equivalent (FTE) positions, and back-pay from the new collective agreement for the EC and AS occupational groups.
Transportation and communications
The increase in $106,000 is due to the timing of the invoicing for our internet connections.
Professional and special services
The decrease of $540,000 is mainly explained by the conclusion of guard services contracts associated to a capital construction project and the timing of invoicing for internal support services.
Repair and maintenance
The increase of $439,000 is due to the timing of invoicing for an ongoing capital project.
Acquisition of machinery and equipment
The increase of $120,000 is mainly explained by the one-time purchase of a specialized laptop and licenses.
Other subsidies and payments
The increase of $71,000 is due to an increase in salary overpayments.
Risks and uncertainties
The NSIRA Secretariat has made progress on accessing the information required to conduct reviews; however, there continues to be risks associated with reviewees’ ability to respond to, and prioritize, information requests, hindering NSIRA’s ability to deliver its review plan in a timely way. The NSIRA Secretariat will continue to mitigate this risk by providing clear communication related to information requests, tracking their timely completion within communicated timelines, and escalating issues when appropriate.
There is a risk that the funding received to offset pay increases anticipated over the coming year will be insufficient to cover the costs of such increases and the year-over-year cost of services provided by other government departments/agencies is increasing significantly.
Mitigation measures for the risks outlined above have been identified and are factored into NSIRA Secretariat’s approach and timelines for the execution of its mandated activities
Significant changes in relation to operations, personnel and programs
There have been no changes to the NSIRA Secretariat Program.
Approved by senior officials:
John Davies Executive Director
Martyn Turcotte Director General, Corporate Services, Chief Financial Officer
Appendix
Statement of authorities (Unaudited)
(in thousands of dollars)
Fiscal year 2023–24
Fiscal year 2022–23
Total available for use for the year ending March 31, 2024 (note 1)
Used during the quarter ended December 31, 2023
Year to date used at quarter-end
Total available for use for the year ending March 31, 2023 (note 1)
Used during the quarter ended December 31, 2022
Year to date used at quarter-end
Vote 1 – Net operating expenditures
22,633
4,313
11,531
28.063
4,236
10,318
Budgetary statutory authorities
Contributions to employee benefit plans
1,755
438
1,316
1,728
432
1,296
Total budgetary authorities (note 2)
24,388
4,751
12,847
29,791
4,668
11,614
Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.
Note 2: Details may not sum to totals due to rounding.
Departmental budgetary expenditures by standard object (unaudited)
(in thousands of dollars)
Fiscal year 2023–24
Fiscal year 2022–23
Planned expenditures for the year ending March 31, 2024 (note 1)
Expended during the quarter ended December 31, 2023
Year to date used at quarter-end
Planned expenditures for the year ending March 31, 2023
Expended during the quarter ended December 31, 2022
Year to date used at quarter-end
Expenditures
Personnel
13,372
2,866
8,766
13,389
2,503
7,751
Transportation and communications
650
110
302
597
82
196
Information
371
1
5
372
4
9
Professional and special services
4,906
486
2,155
4,902
1,271
2,695
Rentals
271
78
151
271
83
132
Repair and maintenance
4,580
1,161
1,188
9,722
685
749
Utilities, materials and supplies
73
(1)
56
173
21
49
Acquisition of machinery and equipment
132
83
135
232
2
15
Other subsidies and payments
33
(33)
89
133
17
18
Total gross budgetary expenditures (note 2)
24,388
4,751
12,847
29,791
4,668
11,614
Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.
Note 2: Details may not sum to totals due to rounding.
The Canada Border Services Agency (CBSA)’s Air Passenger Targeting program performs pre-arrival risk assessments on inbound passengers. It seeks to identify passengers that may be at higher risk of being inadmissible to Canada or of otherwise contravening the CBSA’s program legislation. It does so by using information submitted by commercial air carriers called Advanced Passenger Information and Passenger Name Record data in a multi-stage process that involves manual and automated triaging methods, referred to as Flight List Targeting and Scenario Based Targeting.
The Advance Passenger Information and/or Passenger Name Record data used to perform these prearrival risk assessments include personal information about passengers that relates to prohibited grounds of discrimination under the Canadian Human Rights Act and the Canadian Charter of Rights and Freedoms (the Charter). These grounds include age, sex, and national or ethnic origin. The CBSA relies on information and intelligence from a variety of different sources to determine which of these data elements indicate a risk in passengers’ characteristics and travel patterns in the context of specific enforcement issues, including national security-related risks. Given their potential importance for Canada’s national security and for the CBSA’s concurrent obligations to avoid discrimination, attention to the validity of the inferences underpinning the CBSA’s reliance on the particular indicators it creates from this passenger data to perform these risk assessments is warranted. These considerations also have implications for Canada’s international commitments to combat terrorism and serious transnational crime and to respect privacy and human rights in the processing of passenger information.
NSIRA conducted an in-depth assessment of the lawfulness of the CBSA’s activities in the first step of the pre-arrival risk assessment, where inbound passengers are triaged using the passenger data provided by commercial air carriers. The review examined whether the CBSA complies with restrictions established in statutes and regulations on the use of the Advance Passenger Information and Passenger Name Record data and whether the CBSA complies with its obligations pertaining to non-discrimination.
While NSIRA found that the CBSA’s use of Advance Passenger Information and Passenger Name Record data complied with the Customs Act, the CBSA does not document its triaging activities in a manner that enables effective verification of compliance with regulatory restrictions established under the Protection of Passenger Information Regulations. This was more of a weakness in the CBSA’s manual Flight List Targeting triaging method than its automated Scenario Based Targeting method.
The CBSA was also unable to consistently demonstrate that an adequate justification exists for its reliance on particular indicators it created from the Advance Passenger Information and Passenger Name Record data to triage passengers. This is important, as the CBSA’s reliance on certain indicators results in drawing distinctions between travellers based on prohibited grounds of discrimination. These distinctions may lead to adverse impacts on passengers’ time, privacy, and equal treatment, which may be capable of reinforcing, perpetuating or exacerbating a disadvantage. Adequate justification for such adverse differentiation is needed to demonstrate that such distinctions are not discriminatory and are a reasonable limit on travellers’ equality rights.
Recordkeeping is important to ensure effective verification that Air Passenger Targeting triaging activities comply with the law and respect human rights and NSIRA observed important weaknesses in this regard. These recordkeeping weaknesses stem in part from the fact that the CBSA’s policies, procedures, and training are insufficiently detailed to adequately equip CBSA staff to identify discrimination and compliance-related risks and to act appropriately in their duties. Oversight structures and practices are also not rigorous enough to identify and mitigate potential compliance and discrimination-related risks. This is compounded by lack of collection and assessment of relevant data. NSIRA recommends improved documentation practices for triaging to demonstrate compliance with statutory and regulatory restrictions and to demonstrate that an adequate justification exists for its reliance on the indicators it creates from Advance Passenger Information and Passenger Name Record data. Such documentation is essential to enable effective internal oversight as well as external review.
NSIRA also recommends more robust training and increased oversight to ensure that triaging practices are not discriminatory. This should include updates to policies as appropriate as well as the collection and analysis of the data necessary to identify, analyze and mitigate discrimination-related risks
Front matter
Lists of acronyms
API
Advance Passenger Information
APT
Air Passenger Targeting
CBSA
Canada Border Services Agency
CHRA COVID-19 EU
Canadian Human Rights ActNovel Coronavirus/Coronavirus Disease of 2019European Union
FLT
Flight List Targeting
IATA
International Air Transport Association
ICES
Integrated Customs Enforcement System
IRPA
Immigration and Refugee Protection Act
IRPR
Immigration and Refugee Protection Regulations
MOU
Memorandum of Understanding
NSIRA
National Security and Intelligence Review Agency
OAG
Office of the Auditor General of Canada
OPC
Office of the Privacy Commissioner
PAXIS
Passenger Information System
PCLMTFA
Proceeds of Crime (Money Laundering) and Terrorist Financing Act
PICR
Passenger Information (Customs) Regulations
PNR
Passenger Name Record
PPIR
Protection of Passenger Information Regulations
RFI
Request for Information
SBT
Scenario Based Targeting
SOP
Standard Operating Procedures
UNSC
United Nations Security Council
US
United States
Lists of figures
Figure 1. Advance Passenger Information and Passenger Name Record Elements
Figure 2. Steps in the Air Passenger Targeting
Figure 3. Process for Developing Scenarios for Scenario Based Targeting
Figure 4. What is a “High Risk” Flight or Passenger
Figure 5. Instances Where the Link to Serious Transnational Crime or Terrorism Offences was unclear
Figure 6. Instances Where the Potential Contravention was Unclear in Targets
Figure 7. Legal Tests under the CHRA and the Charter
Figure 8. Advance Passenger Information and Passenger Name Record Data That Relate to Protected Grounds
Figure 9. Instances Where Behavioural Indicators Were Protected Grounds or Did Not Narrow Scope
Figure 10. Impacts on Travellers Resulting from Initial Triage
Figure 11. Summary of NSIRA’s Assessment of Scenario Supporting Documentation
Figure 12. Examples of Weaknesses in Scenario Supporting Documentation
Figure 13. Example of a Well-Substantiated Scenario
Figure 14. Why the Justification for the Indicators Used in Targeting is Important
Authorities
The National Security and Intelligence Review Agency (NSIRA) conducted this review under paragraph 8(1)(b) of the NSIRA Act.
Introduction
The Canada Border Services Agency (CBSA)’s Air Passenger Targeting program is one of several programs that help the Agency fulfill its mandate of “providing integrated border services that support [Canada’s] national security and public safety priorities and facilitate the free flow of [admissible] persons and goods” into Canada. Air Passenger Targeting uses passenger data submitted by commercial air carriers called Advance Passenger Information and Passenger Name Record data to conduct pre-arrival risk assessments. The pre-arrival risk assessments are intended to identify individuals at higher risk of being inadmissible to Canada or of otherwise contravening the CBSA’s program legislation. In 2019-20, the CBSA received this information to risk assess 33.9 million inbound international travellers.
Air Passenger Targeting has become an increasingly important tool for screening passengers. The CBSA’s deployment of self-serve kiosks to process travellers arriving in Canadian airports has decreased the ability of Border Services Officers to risk assess travellers through in-person observations or interactions, increasing the CBSA’s reliance on pre-arrival risk assessments, like Air Passenger Targeting, to identify and interdict inadmissible people and goods.
The Canadian border context affords the CBSA considerable discretion in how it conducts its activities. Individuals have lower reasonable expectations of privacy at the border. Brief interruptions to passengers’ liberty and freedom of movement are reasonable, given the state’s legitimate interest in screening travellers and regulating entry. However, the activities of the CBSA must not be discriminatory, meaning that any adverse differential treatment on the basis of prohibited grounds of discrimination, such as national or ethnic origin, age, or sex must be justified. Both the Canadian Human Rights Act and the Canadian Charter of Rights and Freedoms (the Charter) create distinct obligations in this regard. The Advance Passenger Information and Passenger Name Record data that the CBSA uses to perform these pre-arrival risk assessments includes personal information about passengers that is either a prohibited ground of discrimination or that relates closely to such grounds, warranting further attention to the CBSA’s compliance with these obligations. As Air Passenger Targeting involves passenger screening to identify national security-related risks (among others), attention to the validity of the inferences underpinning the CBSA’s interpretation of passenger information also has implications for Canada’s national security.
Air Passenger Targeting also engages Canada’s international commitments to combat terrorism and serious transnational crime and to respect privacy and human rights in the processing of passenger information. The latter commitment has been of particular importance to the European Union in the context of ongoing negotiations on an updated agreement for sharing passenger information.
About the review
NSIRA’s review examined two main aspects of the lawfulness of the CBSA’s passenger triaging activities in Air Passenger Targeting and their effects on travellers. The review examined whether the CBSA’s triaging activities comply with restrictions established in statutes and regulations on the use of Advance Passenger Information and Passenger Name Record data; and whether passenger triaging activities comply with the CBSA’s obligations pertaining to non-discrimination under the Canadian Human Rights Act and the Charter.9 NSIRA expected to find that the CBSA’s triaging activities are conducted with appropriate legal authority and comply with use restrictions on the passenger data and non-discrimination obligations, namely, that any adverse differentiation among travellers based on protected grounds is supported by adequate justification.
The review focused on the CBSA’s triaging activities in Air Passenger Targeting relevant to identifying potential national security-related threats and contraventions. However, it also examined the program as a whole across the CBSA’s three main targeting categories—national security, illicit migration, and contraband—to fully appreciate the program’s governance and operations, given its reliance on intelligence analysis. The review examined the Air Passenger Targeting program as implemented by the CBSA between November 2020 and September 2021.
The review relied on information from the following sources:
Program documents and legal opinions
Information provided in response to requests for information (written answers and briefings)
[***Sentence revised to remove privileged or injurious information. It describes the number of scenarios that were active on May 26, 2021***]
Supporting documentation for a sample of 12 scenarios that were active on May 26, 2021
A sample of 83 targets issued between January and March 2021 (including 59 targets subsequent to Flight List Targeting and 24 targets subsequent to Scenario Based Targeting)
A live demonstration at the National Targeting Centre, which conducts Air Passenger Targeting
Open sources, including news articles, academic articles, and prior reviews by other agencies.
Past performance data and relevant policy developments
Confidence statement
For all reviews, NSIRA seeks to independently verify information it receives. Access to information was through requests for information and briefings by the CBSA. During this review, NSIRA corroborated the information that was received through verbal briefings by receiving copies of program files and alive demonstration of Air Passenger Targeting. NSIRA is confident in the report’s findings and recommendations.
Orientation to the Review Report
After providing essential background information on the steps and activities involved in Air Passenger Targeting and its contribution to the CBSA’s mandate in Section 5, the review’s findings and recommendations are presented in Section 6.
In Section 6.1, NSIRA’s assessed the CBSA’s compliance with statutory and regulatory restrictions on the CBSA’s use of Advance Passenger Information and Passenger Name Record data. Weaknesses in how the CBSA documents its Air Passenger Targeting program activities prevented NSIRA from verifying that all triaging activities complied with these restrictions. These weaknesses also impede the CBSA’s own ability to provide effective internal oversight.
In Section 6.2, NSIRA’s assessed the CBSA’s compliance with its obligations pertaining to nondiscrimination under the Canadian Human Rights Act and the Charter. Similar weaknesses in documentation and recordkeeping prevented the CBSA from demonstrating, in several instances, that an adequate justification exists for its reliance on the indicators it created from Advance Passenger Information and Passenger Name Record data to triage inbound travellers. Ensuring that Air Passenger Targeting triaging practices are substantiated by relevant, reliable and documented information and intelligence is important to demonstrating that travellers’ equality rights are being respected, given that some of the indicators relied on to triage passengers relate to protected grounds and given that passenger triage may lead to adverse impacts for travellers. NSIRA recommends a number of measures to improve recordkeeping and identify and mitigate discrimination-related risks.
Background and content
Air Passenger Targeting and the CBSA’s Mandate
The Air Passenger Targeting program is housed within the National Targeting Centre and is currently supported by 92 Full-Time Equivalents. Air Passenger Targeting is one of several targeting programs at the CBSA, and pre-arrival risk assessments are also performed on cargo and conveyances in other modes of travel, such as marine or rail. Pre-arrival risk assessments are currently only performed on crew and passengers for commercial-based air and marine travel. Screening and secondary examinations of travellers entering Canada through other modes of travel such as land or rail are undertaken at the border.
The Air Passenger Targeting pre-arrival risk assessments are intended to help front line Border Services Officers to identify travellers and goods with a higher risk of being inadmissible to Canada or of otherwise contravening the CBSA’s program legislation and referring them for further examination once they arrive at a Canadian Port of Entry.
Pre-arrival risk assessments are performed in relation to multiple enforcement issues, all of which are associated with ever-evolving travel patterns and traveller characteristics that may vary from one part of the world to the other. Staff at the National Targeting Centre receive training, develop on-the-job experience, and have access to a large body of information and intelligence to perform their duties.
How Air Passenger Targeting works
Key Information Relied Upon in Air Passenger Targeting
Air Passenger Targeting relies on two sets of information to triage passengers for these risk assessments. The first set consists of information about passengers that commercial air carriers submit to the CBSA under section 148(1)(d) of the Immigration and Refugee Protection Act and 107.1 of the Customs Act. This information is referred to as Advance Passenger Information and Passenger Name Record data. Advance Passenger Information comprises information about a traveller and the flight information associated with their travel to Canada; Passenger Name Record data is not standardized and refers to information about a passenger kept in the air carrier’s reservation system. The particular data elements are prescribed under section 5 of the Passenger Information(Customs) Regulations and section 269(1) of the Immigration and Refugee Protection Regulations.
For simplicity, NSIRA refers to Advance Passenger Information and Passenger Name Record Data collectively as “passenger data” in this review unless otherwise specified. Figure 1 provides an overview of common Advance Passenger Information and Passenger Name Record data elements. Once received by the CBSA, the passenger data is loaded into the CBSA’s Passenger Information System (PAXIS). This is the main system used to conduct Air Passenger Targeting.
Figure 1. Advance Passenger Information and Passenger Name Record Elements
The second set consists of information and intelligence from a variety of other sources that is used to help the CBSA determine which Advance Passenger Information and Passenger Name Record data elements may indicate risks in passengers’ characteristics and travel patterns in the context of specific enforcement issues and can therefore provide indicators for triaging passengers. Key sources include:
Recent significant interdictions that are cross-referenced with historical enforcement and intelligence information, as well as with the Advance Passenger Information and/or Passenger Name Record data for interdicted subjects
Port of entry seizures
Information from Liaison Officers overseas
International intelligence bulletins
Intelligence products shared by domestic and international partners concerning actionable indicators and trends from partner agencies based on their area of expertise.
Open sources, including news articles, op-eds, academic articles, social media.
CBSA intelligence products based on one or more of the above-mentioned sources, such as Intelligence Bulletins, Targeting Snapshots or Placemats, Country Threat Assessments, Intelligence Briefs, daily news briefings.
The quality of the information supporting the CBSA’s inferences as to who may be a high-risk traveller is important to ensure the triage is reasonable and non-discriminatory (see Section 6.2).
Step by Step Process of Air Passenger Targeting
Air Passenger Targeting involves three key steps, illustrated in Figure 2. First, CBSA officers triage passengers based on the Advance Passenger Information and Passenger Name Record data using manual or automated methods. Second, CBSA officers undertake a risk assessment of the selected passengers using different sources of information and intelligence. Third, Targeting Officers decide whether to issue a “target,” based on the results of this risk assessment.
Figure 2. Steps in the Air Passenger Targeting Process
Step 1: Passenger Triage
The CBSA uses two distinct methods to triage passengers using Advance Passenger Information and Passenger Name Record data: Flight List Targeting and Scenario-Based Targeting.
Flight List Targeting is a manual triage method that involves two main steps. The officers use their judgement to make these selections (see Figure 4 for further details).
Targeting Officers select an inbound flight from those arriving that day that they consider to be at “higher risk” of transporting passengers that may be contravening the CBSA’s program legislation.
Targeting Officers then select passengers on those flights for further assessment, based on the details displayed about them in the list of passengers.
Scenario Based Targeting is an automated triage method that relies on “scenarios,” or pre-established set of indicators created from Advance Passenger Information and Passenger Name Record data elements that the CBSA considers as risk factors for a particular enforcement issue. The data for passengers on all inbound flights are automatically compared against the parameters of each scenario. Any passengers whose data match all of the parameters of one (or more) scenario are automatically selected for a Targeting Officer to assess further.
[***Sentence revised to remove privileged or injurious information. It describes the steps involved in developing scenarios ***]
Figure 3. Process for Developing Scenarios for Scenario Based Targeting
[***Figure revised to remove privileged or injurious information. It describes the steps involved in developing scenarios. ***]
Both of these triage methods are informed by an analysis of information and intelligence in slightly different ways. In Scenario Based Targeting, the National Targeting Centre’s Targeting Intelligence unit analyses intelligence and information to identify combinations of Advance Passenger Information and Passenger Name Record data elements associated with “high risk” passengers and travel patterns for the purposes of developing scenarios, as illustrated in Step 1 of Figure 3 above. In Flight List Targeting, Targeting Officers analyze information and intelligence to develop a personal “mental model” about what constitute “high risk” flights or passengers in the context of a specific enforcement issue. Examples are provided in Figure 4.
Figure 4. What is a “High Risk” Flight or Passenger?
Based on information about past trends and intelligence about future travel, CBSA officers identify certain flights or airports that have had a higher incidence of travellers subsequently found to be in contravention of the CBSA’s program legislation. The CBSA assesses flights from these points of origin as “high risk” flights. [Sentence revised to remove privileged or injurious information. It provided examples of flight information that the CBSA indicated was associated with past contraventions.]
Based on similar analysis, CBSA officers have assessed that certain combinations of traveller characteristics and travel patterns are or may be associated with contraventions of the CBSA’s program legislation. Travellers who match these characteristics are considered to be “high risk” travellers. [Sentence revised to remove privileged or injurious information. It provided examples of flight information that the CBSA indicated was associated with past contraventions.]
Steps 2 and 3: Passenger Risk Assessments and Issuing Targets
The initial triage of passengers may result in two additional steps for those who have been selected for further assessment: further passenger risk assessments (referred to by the CBSA as a “comprehensive review”) and a decision to issue a target if risks that were initially identified remain.
The passenger risk assessment process involves requesting and analyzing the following information to determine whether risks initially identified in the passenger’s Advance Passenger Information and Passenger Name Record data are no longer of concern (referred to as “negation”), whether they continue to be of concern, or whether those concerns have increased:
Mandatory and discretionary queries of CBSA and other government databases;
Open-source searches (including social media);
Requests for information to other Government of Canada departments and to the United States Customs and Border Protection agency (mandatory for all potential contraventions related to national security, but optional for other enforcement issues).
A target is issued when the risk assessment cannot “negate” risks initially inferred about the passenger. A target is a notification to Border Services Officers at a Canadian Port of Entry (in this case, airports) to refer the passenger for “secondary examination”. It does not mean that a passenger has been found in contravention of the CBSA’s program legislation. A target includes details about the passenger and the risks identified in relation to the potential contravention (referred to as a “target narrative”).
During secondary examinations, Border Services Officers engage in a progressive line of questioning. This questioning is informed by the details contained in the target as well as all other information available to the officers, including information provided by travellers and other observations developed during the examination. This information may allow the officers to establish a reasonable suspicion about whether the passenger has contravened customs, immigration, or other requirements that are enforced by the CBSA and pursue further questioning or examination. These examinations may also involve a search of luggage and/or digital devices where required and with managerial approval. The outcome of these examinations determines the next steps for individual travellers.
Findings and Recommendations
The CBSA’s Compliance with Restrictions Established in Law and Regulations
Restrictions that Apply to Air Passenger Targeting and Why They Matter
While Air Passenger Targeting is not explicitly discussed in legislation, both the Customs Act and the Immigration and Refugee Protection Act provide the CBSA with legislative authority to collect and use Advance Passenger Information and Passenger Name Record data in Air Passenger Targeting. Such use is further supported by section 4(1)(b) of the Protection of Passenger Information Regulations, which expressly contemplates the use of Passenger Name Record data to conduct trend analysis and to develop risk indicators for the purpose of identifying certain high-risk individuals.
NSIRA is satisfied that these statutory provisions also authorize the CBSA to collect and analyze the information and intelligence necessary to support Air Passenger Targeting. These inputs are necessary to contextualize its interpretation of the Advance Passenger Information and Passenger Name Record data and determine which data elements characterize “high risk” passengers and travel patterns in the context of different enforcement issues. However, the review did not examine whether all information and intelligence collected by the CBSA was necessary to the conduct of its operations (in Air Passenger Targeting or otherwise). This related topic may be the subject of future review.
These authorizing provisions create restrictions on the CBSA’s use of Advance Passenger Information and Passenger Name Record data. Two layers of use restrictions apply: one set arises from the Customs Act or the Immigration and Refugee Protection Act as authorizing statutes, and the other set arises from section 4 of the Protection of Passenger Information Regulations.
In examining compliance with the first set, NSIRA referred to section 107(3) of the Customs Act, the broader of the two authorities. Section 107(3) authorizes the CBSA to use Advance Passenger Information and Passenger Name Record data:
To administer or enforce the Customs Act, Customs Tariff, or related legislation;
To exercise its powers, duties and functions under the Immigration and Refugee Protection Act, including establishing a person’s identity or determining their inadmissibility; and/or
For the purposes of its program legislation.
NSIRA also examined compliance with the use restrictions established by section 4 of the Protection of Passenger Information Regulations. The regulations limit the CBSA’s use of Passenger Name Record data to the identification of persons “who have or may have committed” either a terrorism offence or a serious transnational crime. The data can be used to identify such persons directly, or to enable trend analysis or the development of risk indicators for that same purpose.
The Protection of Passenger Information Regulations were enacted to fulfill Canada’s commitments respecting its use of Passenger Name Record data as part of an agreement signed with the European Union. The Agreement specifies that “[Passenger Name Record] data will be used strictly for purposes of preventing and combating: terrorism and related crimes; other serious crimes, including organized crime, that are transnational in nature.” Although the 2006 agreement expired, ongoing efforts to negotiate a new agreement place continued importance on ensuring the CBSA’s ability to demonstrate compliance with the lawful uses of Passenger Name Record data. The constraints established in the regulations also indicate the Minister’s determination of when the use of Passenger Name Record data by the CBSA will be reasonable and proportional.
As a matter of law, the Protection of Passenger Information Regulations restrictions apply only to Passenger Name Record data provided to the CBSA under the Immigration and Refugee Protection Act. However, Advance Passenger Information and Passenger Name Record data are integrated within its systems. The CBSA also uses Passenger Name Record data to issue targets for the purposes of the Customs Act and the Immigration and Refugee Protection Act simultaneously. Given the CBSA’s commitments to the European Union under the above-mentioned Agreement and these other considerations, the CBSA observes these regulatory restrictions across its Air Passenger Targeting program as a matter of policy.
Assessing compliance with the Protection of Passenger Information Regulations required NSIRA to determine whether the enforcement issue of interest in the triaging decision fell within the regulations’ definitions of a “terrorism offence” or of a “serious transnational crime.”
What NSIRA found?
NSIRA found that, in its automated Scenario Based Targeting triaging method, the CBSA’s use of Advance Passenger Information and Passenger Name Record data to identify potential threats and contraventions of the CBSA’s program legislation complied with statutory restrictions. For its manual Flight List Targeting triaging method, NSIRA was not able to assess the reasons for the CBSA’s selection of individual travellers and was therefore not able to verify compliance with section 107(3) of the Customs Act. For both methods, NSIRA was also unable to verify that all triaging complied with the regulatory restrictions imposed by the Protection of Passenger Information Regulations on the CBSA’s use of Passenger Name Record data, namely that its use served to identify potential involvement in terrorism offences or serious transnational crimes. This was due to lack of precision in Scenario Based Targeting program documentation and lack of documentation about the basis for Flight List Targeting triaging decisions.
Do Scenario Based Targeting triage practices comply with statutory and regulatory restrictions?
In Scenario Based Targeting, all scenarios complied with the statutory restrictions on the use of Advance Passenger Information and Passenger Name Record data, as all scenarios were developed for the purposes of administering or enforcing the CBSA’s program legislation. However, in several instances, the scenario documentation did not precisely identify why the CBSA considered a particular enforcement concern to be related to a terrorism offence or serious transnational crime. This lack of precision obscured whether the scenarios complied with the Protection of Passenger Information Regulations.
NSIRA reviewed the information contained within the scenario templates for [***Sentence revised to remove privileged or injurious information. It describes the number of scenarios that were active on May 26, 2021***]. The templates require information on the specific legislative provisions associated with the potential contravention the scenario seeks to identify. The templates also require a general description of the details of the scenario, including the potential contravention.
The CBSA’s use of Advance Passenger Information and Passenger Name Record data in Scenario Based Targeting complied with the first layer of legal restrictions, as all of the scenarios sought to identify contraventions of the Immigration and Refugee Protection Act, the Customs Act, the Customs Tariff, and/or the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, which are authorized purposes under section 107(3) of the Customs Act. In many instances, the scenario’s purpose also complied with the complementary restrictions under the Immigration and Refugee Protection Act.
Regarding the second layer of restrictions imposed by the Protection of Passenger Information Regulations, most scenarios cited provisions for potential contraventions that were reasonably viewed as relating to terrorism or serious transnational crime. In several instances, however, the link to terrorism or serious transnational crime was not clear. This occurred in one of two ways:
Scenarios did not establish why a potential contravention cited as the intent of the scenario was related to an offence punishable by a term of at least four years of imprisonment, which one of the criteria in the definition of a serious transnational crime. It was therefore unclear how the enforcement interest related to a serious transnational crime (observed in at least 28 scenarios).Including more precise details on how the potential contravention relates to a serious transnational crime or terrorism offence would more clearly establish this link.
Scenarios cited three or more distinct grounds for serious inadmissibility, such as sections 34, 35,36, and/or 37 of the Immigration and Refugee Protection Act without providing further details as to why all grounds were relevant to the conduct at issue in the scenario (observed in at least 20 scenarios).
This obscured how the grounds related meaningfully to the conduct at issue and why the conduct related to a terrorism offence or serious transnational crime. Including more precise details on how each ground of inadmissibility included in a scenario is relevant to the conduct at issue would help in this regard.
Illustrative examples are provided in Figure 5, and further details on NSIRA’s assessment of compliance with the Customs Act and the Protection of Passenger Information Regulations are provided in Appendix 8.3.
Figure 5. Instances Where the Link to Serious Transnational Crime or Terrorism Offences was unclear
[Figure revised to remove privileged or injurious information. It described two examples where the link to serious transnational crime or terrorism offences was unclear in scenarios.]
Do Flight List Targeting triage practices comply with statutory and regulatory restrictions?
Lack of documentation about why officers selected particular flights or passengers prevented NSIRA from verifying whether Flight List Targeting triaging practices comply with the use restrictions found in the Customs Act or the Protection of Passenger Information Regulations. This lack of documentation also impedes the CBSA’s internal verification that Flight List Targeting triaging complies with these use restrictions.
As Targeting Officers rely on their judgement to triage passengers in Flight List Targeting, record keeping about triaging decisions is important to be able to verify that triaging complies with relevant statutes and regulations and take corrective action as appropriate. Although the National Targeting Centre has a Notebook Policy, which requires officers to “record all information about the officers’ activities,” the National Targeting Policy and the Air Passenger Targeting Standard Operating Procedures do not specify what stages of Air Passenger Targeting need to be documented or what information needs to be recorded at each step. Moreover, the Air Passenger Targeting Standard Operating Procedures, the Target Narrative Guidelines, and the format for issuing targets in the CBSA’s systems do not require officers to include precise details about the potential contravention that motivated their decision to issue a target.
NSIRA was only able to infer why a passenger was first selected for further assessment in Flight List Targeting from the details of targets, even though the explanatory value of analyzing targets for insight about initial triaging is limited. Targets are not issued for all initially selected passengers : only 15 percent of the passengers that were selected for a comprehensive risk assessment led to a target being issued in 2019-20.
As well, the enforcement issue contained within targets may have changed during later stages in the Air Passenger Targeting process and may not necessarily reflect the issue that motivated the initial triaging decision.
NSIRA found that all targets in a sample of 59 targets issued subsequent to Flight List Targeting complied with the first layer of use restrictions under section 107(3) of the Customs Act, as they cited either the “IRPA” or the “Customs Act” in the details of the target. However, the targets did not always specify a particular contravention of these Acts, which created a challenge for determining why the officers’ interest in the passenger related to a terrorism offence or serious transnational crime. Based on other descriptive details about the behaviours or risk factors contained in the target, it was only possible to clearly infer the enforcement issue and determine that it was a terrorism offence or a serious transnational crime in approximately half the targets (29 of 59). Illustrative examples are provided in Figure 6.
Figure 6. Instances Where the Potential Contravention was Unclear in Targets
[***Figure revised to remove privileged or injurious information. It described two examples of targets where the potential was unclear based on the details of the target.***]
Why is precision in record keeping important?
It is important to ensure that the potential contravention at issue is clear in scenario templates and targets and to ensure that recordkeeping about the reasons animating Flight List Targeting triaging is adequate in order to allow effective verification that all triaging activities comply with statutory and regulatory restrictions.
The CBSA’s current oversight functions consist of reviewing new scenarios prior to and in parallel with their activation and of reviewing targets after the fact for quality control and performance measurement. However, the documentation weaknesses identified above prevent the CBSA from ensuring that its triaging activities comply with statutory and regulatory restrictions. The CBSA’s oversight mechanisms should include robust verification that scenarios and manual Flight List Targeting triaging practices are animated by issues relevant to the administration or enforcement of the CBSA’s program legislation. Where Passenger Name Record data is used, oversight should also verify that the enforcement issue constitutes or is indicative of a terrorism offence or serious transnational crime. More precise and consistent recordkeeping of the reasons underlying passenger triage decisions in both Scenario Based Targeting and Flight List Targeting would help in this respect.
Guidance on what the legislative and regulatory restrictions entail for targeting activities was also not clearly articulated in the National Targeting Centre’s policies, standard operating procedures, or training materials. These guidance materials should include further specifics on:
Which issues pertinent to admissibility under the Immigration and Refugee Protection Act or other contraventions of the CBSA’s program legislation constitute or relate to a serious transnational crime or terrorism offence and why; and
How to document triaging decisions on a consistent basis to enable internal and external verification that targeting activities align with these legal and regulatory restrictions.
For example, the Scenario Based Targeting Governance Framework included helpful examples of risk categories that identify associated legislative provisions. Though the examples align with the definitions of serious transnational crime and terrorism offences in the Protection of Passenger Information Regulations, no explanation linking the examples to alignment with the regulations are provided. Equivalent guidance does not exist for Flight List Targeting.
Clearly identifying the potential enforcement issue is also important to verifying that the indicators created from Advance Passenger Information and Passenger Name Record data that are used to triage passengers are relevant to the issue and reliably predictive of it. This is important for demonstrating that the triaging practices are reasonable and non-discriminatory (see Section 6.3).
Finding 1. The CBSA’s use of Advance Passenger Information and Passenger Name Record data in Scenario Based Targeting complied with section 107(3) of the Customs Act.
Finding 2. The CBSA does not document its triaging practices in a manner that enables effective verification of whether all triaging decisions comply with statutory and regulatory restrictions.
Recommendation 1. NSIRA recommends that the CBSA document its triaging practices in a manner that enables effective verification of whether all triaging decisions comply with statutory and regulatory restrictions.
The CBSA’s Compliance with Obligations Pertaining to Non-Discrimination
The CBSA’s Non-Discrimination Obligations and Why They Matter
The Canadian Human Rights Act and the Charter each establish obligations pertaining to nondiscrimination. The tests for assessing whether or not discrimination has occurred are thematically similar, though with differences in approach and terminology as illustrated in Figure 7. The analysis under both instruments begins with a factual inquiry into whether a distinction is being drawn between travellers based on prohibited grounds of discrimination, and if so, whether it has an adverse effect on the traveller or reinforces, perpetuates or exacerbates disadvantage. If so, the analysis under the CHRA examines whether there is a bona fide justification for the adverse differentiation. The corresponding analysis under the Charter examines whether the limit on travellers’ equality rights is demonstrably justified in a free and democratic society.
Figure 7. Legal Tests under the CHRA and the Charter
What NSIRA Found
Although triaging in Air Passenger Targeting typically relies on multiple indicators that are created from Advance Passenger Information and Passenger Name Record data, some of these indicators are protected grounds or relate closely to protected grounds. Air Passenger Targeting triaging results in impacts on travellers that can be considered adverse in nature and are capable of reinforcing, perpetuating, or exacerbating disadvantages. This creates a risk of prima facie discrimination. While these limits on travellers’ equality rights may be justifiable, weaknesses in the CBSA’s program documentation prevented the CBSA from demonstrating that a bona fide justification supported the adverse differentiation of travellers in several instances. A large body of information and intelligence is available to CBSA staff; however, it was not compiled and documented in a way that consistently established why certain indicators used to triage passengers related to a threat or potential contravention and did not always establish that these indicators were current and reliable. This weakness with respect to ensuring precise, well-substantiated documentation is similar to the one already highlighted in relation to the CBSA’s compliance with legal and regulatory restrictions.
Further information on the nature of the differentiations made in Air Passenger Targeting triaging practices and their impact on individuals would be required to conclusively establish whether or not triaging practices are discriminatory. However, the risk of discrimination is sufficiently apparent to warrant careful attention. In this review, NSIRA will recommend measures that could help the CBSA to assess and mitigate discrimination-related risks.
Does the CBSA make a distinction in relation to “protected grounds”?
Some of the indicators relied on to triage passengers are either protected grounds themselves or relate closely to protected grounds. NSIRA observed instances where passengers appeared to be differentiated based on protected grounds.
NSIRA examined all scenarios that were active on May 26, 2021 and a sample of targets to determine whether the CBSA’s triaging practices engage prohibited grounds of discrimination, such as age, sex, or national or ethnic origin. NSIRA refers to these as “protected grounds” in the report. The assessment considered:
How the indicators used to triage passengers relate to protected grounds;
The significance of the indicators in triage and how individual indicators were weighted in relation to each other; and
Whether these indicators created distinctions among individuals, or classes of individuals, based on protected grounds, whether in their own right or by virtue of their cumulative impact.
NSIRA found that the CBSA triages passengers based on a combination of indicators that are created from Advance Passenger Information and Passenger Name Record data. This triaging often included indicators that were either protected grounds themselves or related closely to protected grounds. Examples of these indicators are provided in Figure 8 with further details on how the CBSA relied on these indicators in Appendix 8.4.
Figure 8. Advance Passenger Information and Passenger Name Record Data That Relate to Protected Grounds
Although the CBSA took certain measures to mitigate the possibility that triaging decisions were based primarily on protected grounds, NSIRA observed that these measures did not always adequately mitigate that risk. More specifically:
[***Note revised to remove injurious or privileged information. It lists examples of scenarios that relied on single elements.***] NSIRA observed instances where scenarios continued to rely largely on indicators that related closely to protected grounds. This was because the behavioural indicators were often used in a way that related closely to a protected ground (primarily national origin) or because the parameters for the behavioural indicators were very broad (for example: passports as a travel document) and did not significantly narrow the range of passengers captured by the scenario. Examples are provided in Figure 9.
Scenario Based Targeting triaging for potential contraventions relevant to national security focused disproportionately on a certain profile of passengers: [***Sentence revised to remove injurious or privileged information. It described a combination of traveller characteristics that relates to protected grounds.***] While individual scenarios considered a variety of other indicators that differed between each scenario and that appeared to be specific to a unique set of personal characteristics and behavioural patterns for each national security risk, the overall effect of the scenarios created a differential impact largely focused on this particular profile.
Figure 9. Instances Where Behavioural Indicators Were Protected Grounds or Did Not Narrow Scope
[***Figure revised to remove privileged or injurious information. It describes two examples of scenarios where behavioural indicators were used in a way that related closely to a protected ground or because the parameters for the behavioural indicators were very broad and did not significantly narrow the range of passengers captured by the scenario***]
As the CBSA’s triaging practices engage protected grounds and resulted in a differentiation of passengers based on protected grounds in certain instances, NSIRA considered the impacts that these distinctions may produce.
Do distinctions result in adverse impacts capable of reinforcing, perpetuating, or exacerbating a disadvantage?
Distinctions made in passenger triage lead to several types of potential impacts for the passengers that are selected for further assessment. These impacts are adverse in nature and are capable of reinforcing, perpetuating, or exacerbating disadvantages.
NSIRA considered the kinds of impacts that Air Passenger Targeting has for the passengers who are selected for further assessment through the initial triage. These impacts are illustrated in Figure 10. Each may have important effects on passengers’ time, privacy, and equality, particularly as the impacts accumulate during the screening process and/or where these impacts are experienced repeatedly by the same travellers.
Figure 10. Impacts on Travellers Resulting from Initial Triage
[Figure revised to remove privileged or injurious information. It describes numbers of passengers targeted by year.]
These impacts can be adverse in nature and are reasonably understood as being capable of reinforcing, perpetuating, or exacerbating disadvantage, particularly when viewed in light of possible systemic or historical disadvantages. However, disaggregated data on the ethno-cultural, gender, or other group identity of affected passengers and their circumstances in Canadian society would be required to fully appreciate Air Passenger Targeting’s impacts on affected groups.
A risk of prima facie discrimination is established where these adverse impacts accrue to individuals based on protected grounds. These adverse impacts on protected groups will not amount to discrimination under the Canadian Human Rights Act if the CBSA can demonstrate a bona fide justification for the differentiation and will be allowed under the Charter if the CBSA can establish that the distinctions are a reasonable limit on travellers’ equality rights.
Does the CBSA have an adequate justification for the adverse differentiation?
While a large body of information and intelligence is available to CBSA’s staff for their triaging activities, weaknesses in recordkeeping, in the coherent synthesis of this information, and in data collection prevented the CBSA from demonstrating, that an adequate justification exists for its use of the indicators it created from Advance Passenger Information and Passenger Name Record data in several instances.
NSIRA examined how the CBSA relied on information and intelligence to support its triaging practices by reviewing a sample of 12 scenarios and a sample of 59 targets issued subsequent to manual triaging in Flight List Targeting. NSIRA also examined performance data for the selected scenarios. In examining the supporting documentation provided for each scenario demonstrated an adequate justification for the indicators created from Advance Passenger Information and Passenger Name Record data to triage passengers, NSIRA considered a number of factors:
Whether the information was objective and empirical;
Whether it was credible and reliable, in terms of its source and the quality of its substantiation;
Whether the information was recent and up to date;
Whether the information established a meaningful connection between the indicator(s) and the enforcement issue;
Whether the indicators were specifically indicative of the enforcement issue or were general;
Whether the indicators were based on a representative sample size; and
Whether the reliance on the particular indicators to triage passengers was effective in identifying potential contraventions in the past (i.e. whether empirical results support the reliance).
In Scenario Based Targeting, 11 out of the 12 scenarios in the sample reviewed did not provide an adequate justification for the triaging indicators, due in part to weaknesses in the supporting documentation for scenarios.
A summary of NSIRA’s assessment in relation to each of the assessment criteria is provided in Figure 11 and examples are described below.
Figure 11. Summary of NSIRA’s Assessment of Scenario Supporting Documentation
Most of the supporting documentation for the scenario sample was based on empirical information about enforcement actions or other intelligence products developed by the CBSA or its partners that were derived from clearly identified empirical sources. NSIRA considered these products to be objective and reliable sources. However, NSIRA noted three instances where it was unclear what the basis of the information was, and therefore whether it was objective and credible.
Inconsistencies in how supporting documentation for scenarios was maintained created further challenges for verifying that scenarios were based on reliable and up-to-date information, as four of the scenarios examined relied on information that was more than five years old and the CBSA could not locate one or more documents cited as supporting documentation in nine of the scenarios. While deleting older information is appropriate if it is replaced with more recent information, doing so in absence of more recent supporting information may undermine the CBSA’s the ability to justify the basis of the scenario.
In 3 of 12 scenarios examined, it was unclear how the supporting documentation related to the potential contravention identified in the scenario, which prevented further analysis as to how the indicators created from Advance Passenger Information and Passenger Name Record data were meaningfully connected to the enforcement issue. In all except one of the 12 scenarios, the supporting documentation did not mention one or more of the indicators in the scenario, making it unclear what the basis was for relying on those indicators. A number of the unsubstantiated indicators in those scenarios related closely to protected grounds. Two examples are provided in Figure 12.
Figure 12. Examples of Weaknesses in Scenario Supporting Documentation
[***Figure revised to remove privileged or injurious information. It describes issues observed in the supporting documentation for two scenarios as examples. These concerned the reliability of speculative claims made in an op-ed that was used as supporting documentation for one scenario that did not provide a clear basis for the indicators relied on in the scenario, and lack of information related to one or more of the indicators in the other scenario.***]
In 11 of the 12 scenarios, the supporting documentation did not include enough information to assess whether the indicators in the scenarios were based on a representative sample size of passengers. This prevented verification that the indicators in the scenario and their parameters reflect a pattern or trend in traveller characteristics and travel patterns rather than a single instance or handful of instances. Deriving indicators from too small a sample size also creates a risk that the indicators are not reliably associated to a potential contravention but rather simply connoted individuals who happen to have been the subject of past enforcement activity. A small sample size can also create bias and confirmation bias about stereotypes pertaining to traveller behaviour or personal characteristics.
Lack of information in 11 of the 12 scenarios on the likelihood and impact of the risk posed by the enforcement issue also prevented further assessment of the extent that the indicators and parameters were unique to the particular enforcement issue either individually or collectively. Moreover, in 4 of the 12 scenarios, the supporting documentation did not include any information to indicate that the indicators and parameters of the scenario had indeed been associated with a confirmed contravention of the CBSA’s program legislation or whether the association between the indicators and the enforcement issue was simply hypothetical. While reliable intelligence could also provide an empirical basis for passenger triage to inform the development of scenarios, information about whether scenarios have actually resulted in confirmed contraventions of the CBSA’s program legislation can be integrated into the supporting documentation of scenarios over time. This issue is examined further in relation to performance data below.
Only one of the 12 scenarios in the sample had enough information to get a sense of the enforcement issue, to understand the basis for relying on the particular indicators in the scenario in relation to the enforcement issue, and to establish that the indicators were based on a clear pattern of association with a large number of confirmed contraventions and reflected an appropriate range. Details about this scenario and why the supporting document substantiated the scenario are provided in Figure 13.
[***Figure revised to remove privileged or injurious information. It describes how the supporting documentation provided for a scenario was based on credible, empirical information that helped to establish the enforcement issue, provided a sense of the prevalence of the issue and its pertinence to the CBSA mandate, established a correlation between the specific indicators in the scenario and confirmed contraventions based on a significant sample size, and established that the parameters for each indicator were appropriately defined.***]
A large body of information and intelligence is available to CBSA staff to inform their targeting activities; however, in all except one of the scenarios, the information, intelligence, and other analytical insights were not brought together coherently to demonstrate that the basis for triaging was justified in those particular instances. The CBSA indicated that they intend to prepare standardized intelligence products that would coherently bring together this information to support the development of new scenarios. Developing such products for all active scenarios would help ensure that an adequate justification exists for all differentiation arising from triaging decisions in Air Passenger Targeting. This issue is examined further in relation to oversight practices below.
In Flight List Targeting, there was insufficient documentation to explain why particular indicators were considered valid risk factors in the context of a particular enforcement issue.
While a large body of information and intelligence exists for Targeting Officers to draw from when triaging passengers in Flight List Targeting, these sources are not necessarily documented in the course of making triaging decisions. Flight List Targeting strategies are not codified and triaging decisions are not consistently documented. This means that the sources and considerations that informed individual triaging decisions were not always apparent in the program documentation that NSIRA reviewed.
Noting the limitations of analyzing targets for insight into initial triaging decisions mentioned previously, the sparse details contained within the sample of 59 targets issued subsequent to Flight List Targeting further limited NSIRA’s assessment. Most of the targets included information specific to each passenger that was obtained through the passenger risk assessment, which reasonably supported a justification for issuing the target. However, this information would have been obtained after initial triaging decisions. Targets occasionally included a brief explanation about why certain elements of Advance Passenger Information and Passenger Name Record data were considered to be risk factors, suggesting that the Targeting Officer’s triage decision may have been informed by information and intelligence. However, it was often unclear why the passenger data cited as risk factors in the target suggested a threat or potential contravention of the CBSA’s program legislation. Assessing how the passenger data cited as risk factors in a target corresponded with the potential contravention was further complicated where the enforcement issue was also unclear. Examples in Figure 14 illustrate this challenge.
Figure 14. Why the Justification for the Indicators Used in Targeting is Important
[***Figure revised to remove privileged or injurious information. It returns to the examples of targets discussed in Figure 6 where ambiguity about the enforcement issue created further challenges for assessing how the passenger data cited as risk factors in the target corresponded with the enforcement issue.***]
Performance data for the scenario sample indicates that the indicators created from Advance Passenger Information and Passenger Name Record data to triage passengers may not be closely correlated with the particular enforcement issue.
The CBSA should be able to demonstrate at the outset that information and intelligence justify the use of particular indicators created from Advance Passenger Information and Passenger Name Record data to triage passengers for potential contraventions, particularly where those indicators relate to protected grounds. However, secondary examination results from previously issued targets can provide a source of such information. These results also provide important insight into how strongly certain indicators correlate with potential contraventions and indicate areas where inferences should be revisited and revised.
NSIRA’s analysis of the performance data for the sample of 12 scenarios revealed that the indicators may not necessarily be closely correlated with the particular enforcement issue(s) in the scenarios or predict potential contraventions of the CBSA’s program legislation with high accuracy.
In many of the scenarios, less than 5 percent of passengers that matched to the scenario—based on their Advance Passenger Information and Passenger Name Record data—resulted in an enforcement action or relevant intelligence at the end of a secondary examination, which the CBSA refers to as a “resultant” target. This is due in part to the fact that the vast majority of passengers who are risk assessed do not result in a decision to issue a target. Additionally, certain enforcement issues may have a low probability of occurring, but a high impact. However, the fact that most passengers who match to a scenario are not of concern raises questions about the accuracy of relying on Advance Passenger Information and Passenger Name Record data elements as indicators and about the proportionality of the targeting practices.
On average, a quarter of targets issued (through both Flight List Targeting and Scenario Based Targeting) led to a “resultant” secondary examination, though the scenarios in the sample ranged widely from as low as 4.8 percent to as high as 72.7 percent.
Only nine of the 12 scenarios led to at least one enforcement action or useful intelligence between 2019-20 or 2020-21. Again, this is not necessarily an issue if an enforcement issue has a low probability of occurring, but a high impact. However, it also raises questions about the empirical basis of the scenario.
Many of the scenarios led to examination results for issues other than the one that justified the initial targeting. This suggests that the indicators may not be very precise and raises questions about the underlying assumptions or inferences.
NSIRA also observed that the performance data for scenarios matched to a significantly higher proportion of travellers and yielded a higher proportion of “resultant” targets in one year, with much lower results in the next year, indicating how rapidly travel patterns may change. The CBSA indicated that COVID-19 resulted in major shift in travel and business patterns, which has presented challenges for the CBSA to understand how the indicators have evolved in relation to a diversity of enforcement issues and to adapt their targeting strategies. This emphasizes the importance of ensuring that scenarios and Flight List Targeting activities are supported by up-to-date information and intelligence. It also emphasizes the importance of analyzing performance data to rigorously to evaluate, refine, and/or deactivate scenarios in order to remain consistent with a changing risk environment.
However, the insights that can be drawn from the performance data are limited, because the CSBA does not track the results of secondary examinations arising from random referrals or instances where passengers that were not targeted were later found to have contravened the CBSA’s program legislation by other means. This prevents contextualization of Air Passenger Targeting performance against a baseline (namely, whether Air Passenger Targeting is better, on par with, or less effective at predicting a potential contravention of its program legislation than a random referral). Beyond its relevance for performance measurement, baseline data would help to protect the CBSA against confirmation biases where enforcement results in a few isolated cases may reinforce stereotypes even though they do not represent a meaningful trend. Moreover, a “resultant” secondary examination according to the National Targeting Centre’s definition does not necessarily indicate a confirmed instance of non-compliance. This makes it difficult to analyze performance data as source of empirical information to support the CBSA’s justification for using certain indicators to triage passengers, as a “resultant” search may not always signify a correlation between the indicators and the potential contravention.
In sum, the CBSA was not able to demonstrate that adequate justification consistently supported its use of particular indicators in the scenarios and targets examined by NSIRA. This creates a risk that the triaging activities were discriminatory. To avoid discrimination, the link between the indicators used to triage passengers and the potential threats and contraventions they purport to identify must be well-substantiated by recent, reliable, and documented intelligence or empirical information that demonstrates that the indicators are reasonably predictive of potential harms to Canada’s national security and public safety. The CBSA was able to document an adequate justification for passenger triaging in one scenario. Compiling relevant information and intelligence for its other triaging activities would assist in demonstrating that they are also non-discriminatory.
Are any triage-related distinctions that are capable of reinforcing, perpetuating, or exacerbating disadvantage a reasonable limit on travellers’ equality rights?
Further information would be required to determine if any distinctions arising from Air Passenger Targeting that are capable of reinforcing, perpetuating, or exacerbating a disadvantage constitute a reasonable limit on travellers’ equality rights.
The analysis above establishes that Air Passenger Targeting may infringe travellers’ equality rights under the Charter. All Charter rights are subject to reasonable limits, however. To establish that a limit is reasonable, the state must demonstrate that it is rationally connected to a pressing and substantial objective, that it is minimally impairing of the right, and that there is a proportionality between its salutary and deleterious effects. These limits must also be prescribed by law.
The analysis of whether state actions constitute a reasonable limitation of Charter rights is highly fact specific. To examine this question, further data would be required on:
Precisely how various indicators relate to protected grounds;
Whether the indicators effectively further national security and public safety;
The reasonable availability of other means to ensure similar security outcomes at the border;
The impacts of Air Passenger Targeting for affected passengers; and
The significance of the contribution of Air Passenger Targeting to national security and other government objectives.
NSIRA notes these data gaps may create challenges for the CBSA in establishing that any discrimination resulting from Air Passenger Targeting is demonstrably justified under section 1 of the Charter. Documenting the contribution of Air Passenger Targeting to national security and public safety, the breadth and nature of its impacts, and contrasting the effectiveness of Air Passenger Targeting relative to other less intrusive means of achieving the CBSA’s objectives would assist the CBSA in demonstrating that the program is reasonable and demonstrably justified in Canadian society.
Has the CBSA complied with its obligations pertaining to non-discrimination?
Air Passenger Targeting triaging practices create a risk of prima facie discrimination. This is due to two key features. First, Air Passenger Targeting relies, in part, on indicators created from Advance Passenger Information and Passenger Name Record data that are either protected grounds themselves or that relate closely to such grounds. This was particularly the case for indicators relating to passengers’ age, sex, and national or ethnic origin. Passengers were differentiated based on these grounds, as they were selected for further assessment due in part to these characteristics. NSIRA also observed that the triaging resulted in disproportionate attention to certain nationalities and sexes, when the cumulative effect of scenarios was taken into account.
Second, this differentiation has adverse effects on travellers. Air Passenger Targeting triaging affects individuals’ privacy through subsequent risk assessments and mandatory referrals for secondary examination. Such scrutiny may also erode an individual’s sense of receiving the equal protection of the law, particularly where these impacts are repeatedly experienced by the same traveller or are perceived to be animated by racial, religious, ethnic, or other biases. These impacts are also capable of reinforcing, perpetuating, or exacerbating disadvantage, especially when viewed in light of systemic or historical disadvantage.
To comply with its obligations under the Canadian Human Rights Act, the CBSA must be able to demonstrate that a bona fide justification exists for this adverse differentiation. However, the CBSA was not able to demonstrate that its choice of indicators was consistently based on recent, reliable, and documented intelligence or empirical information. This weaknesses in the link between the indicators and the potential threats or contraventions they seek to identify, creates a risk of discrimination.
To comply with its Charter obligations, the CBSA must also be able to demonstrate that any resulting discrimination is a reasonable limit on travellers’ equality rights. The same weaknesses NSIRA observed in the CBSA’s substantiation of the link between particular indicators and potential threats or contraventions they seek to identify also undermines its ability to demonstrate the rational connection between its triaging indicators and potential contraventions of its program legislation. Further information on the contribution of Air Passenger Targeting to national security and its relative value compared to other screening means would also be needed to determine whether Air Passenger Targeting can be justified as a reasonable limit under the Charter.
The weaknesses NSIRA observed stem partly from lack of precision in the CBSA’s program documentation and other recordkeeping issues. These are examined in the following section.
Finding 3. The CBSA has not consistently demonstrated that an adequate justification exists for its Air Passenger Targeting triaging practices. This weakness in the link between the indicators used to triage passengers and the potential threats or contraventions they seek to identify creates a risk that Air Passenger Targeting triaging practices may be discriminatory.
Recommendation 2. NSIRA recommends that the CBSA ensure, in an ongoing manner, that its triaging practices are based on information and/or intelligence that justifies the use of each indicator. This justification should be well-documented to enable effective internal and external verification of whether the CBSA’s triaging practices comply with its non-discrimination obligations.
Recommendation 3. NSIRA recommends that the CBSA ensure that any Air Passenger Targeting-related distinctions on protected grounds that are capable of reinforcing, perpetuating, or exacerbating a disadvantage constitute a reasonable limit on travellers’ equality rights under the Charter.
What measures are in place to mitigate the risk of discrimination?
The policies, procedures, and training materials reviewed did not adequately equip CBSA staff to identify potential discrimination or to mitigate related risks in the exercise of their duties.
The CBSA’s Air Passenger Targeting policies acknowledged responsibility to respect privacy, human rights, and civil liberties. However, policies, procedures, and training were insufficiently detailed to equip staff to identify and mitigate discrimination-related risks in the exercise of their duties.
Targeting Officers did not receive any specific training related to human rights.
The CBSA’s policies, procedures, and other program guidance were not precise enough on specific requirements or steps to equip staff to mitigate risks related to discrimination. In particular, details were lacking in how to associate supporting documentation to a scenario or a triaging decision in Flight List Targeting, and when and how to revisit and update that information on are gular basis.
No specific policies, procedures, or guidelines were developed for Flight List Targeting beyond the Air Passenger Targeting Standard Operating Procedures, particularly those that relate to record keeping.
The oversight structures and practices that were reviewed were not rigorous enough to identify and mitigate potential discrimination-risks, compounded by an absence of relevant data for this task.
While the CBSA has oversight structures and practices in place for Air Passenger Targeting, it was unclear how these oversight practices were performed. NSIRA identified several areas where they may not be rigorous enough to identify and mitigate potential risks of discrimination as appropriate.
Scenarios are reviewed for policy, legal, privacy, human rights, and civil liberties implications as part of their activation and on an ongoing basis. However, it is not clear that these oversight functions are guided by a clear understanding of what constitutes discrimination or that all relevant aspects of scenarios are examined.
Scenarios are reviewed individually on a regular basis. However, it is not clear that the collective impact of the CBSA’s targeting activities is also assessed on a regular basis.
It is not clear whether any oversight functions related to non-discrimination take place in Flight List Targeting.
Moreover, the CBSA does not gather data relevant to fully assess whether Air Passenger Targeting results in discrimination or to mitigate its impacts.
The CBSA does not gather disaggregated demographic data about the passengers affected by each stage of the Air Passenger Targeting program. This is relevant to detecting whether the program may be drawing distinctions on protected grounds and/or whether it has a disproportionate impact on members of protected groups.
The CBSA does not compare information about its triaging practices against information relevant to understanding their potential impacts on travellers and whether those impacts indicate an issue with the CBSA’s targeting practices. This includes information about whether complaints about alleged discrimination at the border relate to a person identified through Air Passenger Targeting and whether the nature of secondary examinations resulting from Air Passenger Targeting may differ from those caused by random or other referrals.
The CBSA does not gather or assess relevant performance data or data on its impacts against a baseline comparator group in order to contextualize its analysis of this information.
Finding 4. The CBSA’s policies, procedures, and training are insufficiently detailed to adequately equip CBSA staff to identify potential discrimination-related risks and to take appropriate action to mitigate these risks in the exercise of their duties.
Finding 5. The CBSA’s oversight structures and practices are not rigorous enough to identify and mitigate potential discrimination-related risks, as appropriate. This is compounded by a lack of collection and assessment of relevant data.
A number of adjustments to current policies, procedures, guidance, training, and other oversight practices for the Air Passenger Targeting program will help the CBSA mitigate discrimination-related risks by ensuring that distinctions drawn in the initial triage of passengers are based on adequate justifications that are supported by intelligence and/or empirical information. A more detailed treatment on discrimination in training, policies, guidance materials, and oversight for the Air Passenger Targeting program could also provide CSBA staff and the units and committees that perform internal oversight functions with information they may require to exercise their functions accordingly. Careful attention should be paid to the following:
Understanding the CBSA’s human rights obligations and how risks related to discrimination should be identified and assessed;
Identifying when triaging indicators may relate to protected grounds;
Ensuring that any adverse differentiation is based on a well-substantiated connection between the indicators and the potential threat or potential contravention;
Ensuring the triage of travellers is informed by recent and reliable information and intelligence, with training on how to assess whether the supporting documents meets these requirements;
Identifying and addressing impacts resulting from passenger triaging practices to ensure that they are minimized and proportional to the benefit gained for public safety or national security;
Ensuring that impacts resulting from Air Passenger Targeting do not unduly reinforce, perpetuate, or exacerbate disadvantage; and
Developing tools to detect and mitigate potential biases by gathering and assessing relevant data on targeting practices, their performance, and their impacts.
In this respect, the obligations created by the United Kingdom Public Sector Equality Duty may be instructive. The duty is procedural in nature and requires that public bodies (including customs and immigration authorities) consider how they may eliminate discrimination in the exercise of their functions. It requires departments to turn their minds to the potential impact their decisions, policies or programs have, and how these may differ based on protected grounds, such as age, sex/gender, and race, ethnic or national origin, colour, or nationality. It also creates an obligation to acquire relevant information, if it is not already available, to avoid direct or indirect discrimination.
It is important to clarify that any data collection and analysis relevant to detecting and addressing potential discrimination should be conducted by a separate unit than the National Targeting Centre. Targeting Officers should not have access to disaggregated demographic data when triaging passengers, as this might increase discrimination-related risks. The CBSA recognizes this in its commitment to removing “sensitive data” about a person’s health or sex life from the Advance Passenger Information and Passenger Name Record data that it imports into its triaging systems. This precaution should not prevent other units within the CBSA from gathering and considering depersonalized, disaggregated demographic data, including to conduct Gender Based Analysis+ that could reduce the risk of discrimination and/or mitigate its potential impacts.
Recommendation 4. NSIRA recommends that the CBSA develop more robust and regular oversight for Air Passenger Targeting to ensure that its practices are not discriminatory. This should include updates to the CBSA’s policies, procedures, training, and other guidance, as appropriate.
Recommendation 5. NSIRA recommends that the CBSA start gathering and assessing the necessary data to identify, analyze, and mitigate discrimination-related risks. This includes disaggregated demographic data, data on the effects of Air Passenger Targeting on secondary examinations that may be apparent from related human rights complaints, and data on a baseline comparator group.
Conclusion
The pre-arrival risk assessments performed as part of the CBSA’s Air Passenger Targeting program support the CBSA’s ability to screen inbound travellers in relation to a variety of enforcement issues. However, some of the information used to triage passengers relates to protected grounds. This creates a risk that passengers may be differentiated based on prohibited grounds of discrimination. Triaging may lead to adverse impacts on passengers’ time, privacy, and equal treatment, which maybe capable of reinforcing, perpetuating or exacerbating disadvantage.
Careful attention to the reliability of the information and intelligence that underpin the choice of indicators to triage passengers and their connection to the threats or potential contraventions they seek to identify is needed to verify that the CBSA respects its non-discrimination obligations. This has implications for both Canada’s national security and its international commitments related to combatting terrorism and serious transnational crime and related to privacy and human rights.
NSIRA is satisfied that the CBSA has the legal authority to conduct Air Passenger Targeting. However, NSIRA observed shortcomings in the CBSA’s documentation of its program activities that complicated verification that all triaging decisions complied with statutory and regulatory restrictions. Improvements to documentation in these respects are essential and will help lower future compliance risks by ensuring the CBSA can verify that all triaging decisions comply with the terms of the Customs Act and the Protection of Passenger Information Regulations.
Similarly, the absence of adequate justification in several instances for the CBSA’s reliance on indicators created from passengers’ Advance Passenger Information and Passenger Name Record data leads to a risk of discrimination. Improving documentation requirements and setting out further detail in the CBSA’s policies, procedures, and training would better equip CBSA staff to understand these risks and mitigate them in the conduct of their duties. More robust and regular oversight to ensure that adequate justification exists for any adverse differentiation arising from Air Passenger Targeting grounds would equip the CBSA to identify which scenarios or manual Flight List Targeting triaging practices need further support. Improving relevant data gathering and assessment will also support the identification and mitigation of discrimination-related risks in Air Passenger Targeting.
Appendices
Findings & Recommendations
Findings
Recommendations
Finding 1. The CBSA’s use of Advance Passenger
Information and Passenger Name Record data in
Scenario Based Targeting complied with section
107(3) of the Customs Act.
Recommendation 1. NSIRA recommends that the
CBSA document its triaging practices in a manner
that enables effective verification of whether all
triaging decisions comply with statutory and
regulatory restrictions.
Finding 2. The CBSA does not document its
triaging practices in a manner that enables
effective verification of whether all triaging
decisions comply with statutory and regulatory
restrictions.
Recommendation 2. NSIRA recommends that the
CBSA ensure, in an ongoing manner, that its
triaging practices are based on information and/or
intelligence that justifies the use of each indicator.
This justification should be well-documented to
enable effective internal and external verification
of whether the CBSA’s triaging practices comply
with its non-discrimination obligations.
Finding 3. The CBSA has not consistently
demonstrated that an adequate justification exists
for its Air Passenger Targeting triaging practices.
This weakness in the link between the indicators
used to triage passengers and the potential
threats or contraventions they seek to identify
creates a risk that Air Passenger Targeting triaging
practices may be discriminatory.
Recommendation 3. NSIRA recommends that the
CBSA ensure that any Air Passenger Targetingrelated distinctions on protected grounds that are
capable of reinforcing, perpetuating, or
exacerbating a disadvantage constitute a
reasonable limit on travellers’ equality rights
under the Charter.
Finding 4. The CBSA’s policies, procedures, and
training are insufficiently detailed to adequately
equip CBSA staff to identify potential
discrimination-related risks and to take
appropriate action to mitigate these risks in the
exercise of their duties.
Recommendation 4. NSIRA recommends that the
CBSA develop more robust and regular oversight
for Air Passenger Targeting to ensure that its
practices are not discriminatory. This should
include updates to the CBSA’s policies,
procedures, training, and other guidance, as
appropriate.
Finding 5. The CBSA’s oversight structures and
practices are not rigorous enough to identify and
mitigate potential discrimination-related risks, as
appropriate. This is compounded by a lack of
collection and assessment of relevant data.
Recommendation 5. NSIRA recommends that the
CBSA start gathering and assessing the necessary
data to identify, analyze, and mitigate
discrimination-related risks. This includes
disaggregated demographic data, data on the
effects of Air Passenger Targeting on secondary
examinations that may be apparent from related
human rights complaints, and data on a baseline
comparator group.
The CBSA’s Authority to Collect and Use Advance Passenger Information and Passenger Name Record data in Air Passenger Targeting
Authority to Collect the Data
Customs Act, s. 107.1 & IRPA s. 148(1)(d)
Air carriers are required to provide “prescribed
information” about any person on board, or
expected to be on board, a flight arriving into
Canada.
Passenger Information Customs Regulations, s. 5 &
Immigration and Refugee Protection Regulations, s.
269(1)
Prescribe the required information, which constitute
Advance Passenger Information and Passenger
Name Record data.
Authority to Use the Data
Customs Act, s. 107(3)
“Customs information” (including Advance
Passenger Information/Passenger Name Record
data)115 may be used for three purposes:
• Administer or enforce the Customs Act, Customs
Tariff, or related legislation;
• Exercise the powers or perform the duties and
functions of the Minister of Public Safety under
the IRPA, including establishing a person’s
identity or determining their inadmissibility;
• For the purposes of other program legislation
that the Minister of Public Safety or the CBSA is
authorized to enforce
Immigration and Refugee Protection Act, s.149(a)
Advanced Passenger Information and Passenger
Name Record data may be used for three purposes:
• for the purposes of the IRPA;
• for the purposes of the Department of
Citizenship and Immigration Act;
• to identify a person for whom a warrant of arrest
has been issued in Canada.
Protection of Passenger Information Regulations, s.
4
Passenger Name Record data provided to the CBSA
under the Immigration and Refugee Protection Act116
may be used for two purposes:
• to identify persons who have or may have
committed a terrorism offence or serious
transnational crime;
• to conduct a trend analysis or develop risk
indicators for that purpose.
Frequently Cited Provisions in Scenario Templates
The figure summarizes the main provisions cited as potential contraventions in scenario templates. [***Sentence revised to remove privileged or injurious information. It describes the number of scenarios that were active on May 26, 2021***]. Five of the provisions that were cited as potential contraventions did not clearly establish a link to a serious transnational crime or terrorism offence in compliance with the Protection of Passenger Information Regulations (PPIR). These are marked in orange and described below.
Provisions
Description
Complies with Cust Act
Complies with PPIR
IRPA s. 20
Presenting visa or other documents
Yes
Yes*
IRPA s. 34
Inadmissible, national security reasons
Yes
Yes
IRPA s. 35
Inadmissible, human rights violations
Yes
Yes
IRPA s. 36
Inadmissible, serious criminality
Yes
Yes
IRPA s. 37
Inadmissible, organized criminality
Yes
Yes
IRPA s. 40
Inadmissible, misrepresentation
Yes
Yes*
IRPA s. 41
Inadmissible, IRPA non-compliance
Yes
Yes*
IRPA s. 117
Human smuggling
Yes
Yes
IRPA s. 118
Human trafficking
Yes
Yes
Customs Act s. 159
Smuggling goods
Yes
Yes
Customs Act s. 12
Reporting goods
Yes
Yes*
Customs Act s. 13
Truthfully answering questions about & presenting goods
Yes
Yes*
Customs Tariff 9899.00.00
Hate or terrorist propaganda; seditious materials
Yes
Yes
PCMLTFA s. 12
Reporting of currency
Yes
Yes
PCMLTFA s. 74
General Offences
Yes
Yes
Section 20 of the Immigration and Refugee Protection Act (IRPA) concerns the requirement for foreign nationals to have the proper documentation to enter or remain in Canada. As contraventions of the IRPA where a penalty is not specified (such as section 20) are punishable by a term of imprisonment of up to two years under sections 124 and 125 of the IRPA, this contravention does not meet the definition of a serious transnational crime.
Section 40 of the IRPA indicates that a foreign national is inadmissible to Canada for misrepresentation. The link to serious transnational crime would be clearer by citing the provisions that establish misrepresentation as an offence under sections 127 and 128 of the IRPA.
Section 41 of the IRPA indicates that a foreign national is inadmissible for non-compliance with the IRPA. Non-compliance with the IRPA is not itself a terrorism offence or serious transnational crime. Further details about the enforcement concern are necessary to establish such a link.
Sections 12 and 13 of the Customs Act concern traveller requirements to report goods and truthfully answer questions; reference to the penalty provision in section 160(1)(b) indicates it is a serious offence. Reliance on these sections to justify the use of Passenger Name Record data may be problematic however, as these sections relate to future conduct, whereas section 4 of the PPIR focuses on past conduct (“have or may have” committed such acts). Concerns about prohibited goods or potential smuggling of goods may also more appropriately cite section 159 of the Customs Act and/or the Customs Tariff, Item 9899.00.00.
Examples of the CBSA’s Reliance on Indicators Relating to Protected Grounds
The figure below presents examples from both Scenario Based Targeting and Flight List Targeting of how the CBSA relies on indicators created from Advance Passenger Information and Passenger Name Record data that are or may relate closely to the grounds of “national or ethnic origin,” “age,” or “sex,” which are prohibited grounds of discrimination under the Canadian Human Rights Act and the Charter. The CBSA often relies on more than one such indicator. This is discussed in Section 6.2.2.1. The CBSA’s basis for relying on such indicators is discussed in Section 6.2.2.3.
[***Figure revised to remove injurious or privileged information. It provides statistics on the number of scenarios that rely on indicators that relate to protected grounds for “national or ethnic origin,” “age,” and “sex.”***]
NSIRA Recommendation 1: NSIRA recommends that the CBSA document its triaging practices in a manner that enables effective verification of whether all triaging decisions comply with statutory and regulatory restrictions.
GOC Response: The CBSA agrees with this recommendation. The CBSA will complete a review of its APT triaging practices to ensure practices are in place which will enable effective verification of compliance with statutory and regulatory restrictions.
NSIRA Recommendation 2: NSIRA recommends that the CBSA ensure, in an ongoing manner, that its triaging practices are based on information and/or intelligence that justifies the use of each indicator. This justification should be well-documented to enable effective internal and external verification of whether the CBSA’s triaging practices comply with its non-discrimination obligations.
GOC Response: The CBSA agrees with this recommendation. While we are satisfied that justification for triaging and targeting practices exist, the CBSA acknowledges that better documentation practices could be implemented to enable effective internal and external verification of whether the CBSA’s triaging practices comply with its non-discrimination obligations. The CBSA’s Scenario Based Targeting Governance Framework will be updated to include information and/or intelligence that justifies the use of each indicator. Annual reviews of scenarios will continue to be conducted and documented to confirm that each active scenario is supported by recent and reliable intelligence.
NSIRA Recommendation 3: NSIRA recommends that the CBSA ensure that any Air Passenger Targeting related distinctions on protected grounds that are capable of reinforcing, perpetuating, or exacerbating a disadvantage constitute a reasonable limit on travellers’ equality rights under the Charter.
GOC Response: The CBSA agrees with this recommendation. The CBSA will review its APT practices to ensure that distinctions based on protected grounds are reasonable and can be demonstrably justified in the border administration and enforcement context.
NSIRA Recommendation 4: NSIRA recommends that the CBSA develop more robust and regular oversight for Air Passenger Targeting to ensure that its practices are not discriminatory. This should include updates to the CBSA’s policies, procedures, training, and other guidance, as appropriate.
GOC Response: The CBSA agrees with this recommendation. The CBSA acknowledges that policies, procedures, training, and other guidance, as appropriate can be improved to ensure robust and regular oversight for Air Passenger Targeting to ensure that its practices are not discriminatory. The CBSA will complete a review of its policies, procedures, guidelines and training to ensure practices are not discriminatory.
NSIRA Recommendation 5: NSIRA recommends that the CBSA start gathering and assessing the necessary data to identify, analyze, and mitigate discrimination-related risks. This includes disaggregated demographic data, data on the effects of Air Passenger Targeting on secondary examinations that may be apparent from related human rights complaints, and data on a baseline comparator group.
GOC Response: The CBSA agrees with this recommendation. To that end, the CBSA is taking deliberate steps to develop its capacity to capture and analyze reliable and accurate data in non-intrusive ways. The Agency is working on developing standard and consistent positions and frameworks on the collection, use, management and governance of disaggregated data, developing metrics and indicators to measure the impact of decisions and policies on different groups; using data to build more inclusive and representative policies and strategies, and; identifying possible discrimination and bias.
This quarterly report has been prepared by management as required by section 65.1 of the Financial Administration Act and in the form and manner prescribed by the Directive on Accounting Standards, GC 4400 Departmental Quarterly Financial Report. This quarterly financial report should be read in conjunction with the 2023–24 Main Estimates.
This quarterly report has not been subject to an external audit or review.
Mandate
The National Security and Intelligence Review Agency (NSIRA) is an independent external review body that reports to Parliament. Established in July 2019, NSIRA is responsible for conducting reviews of the Government of Canada’s national security and intelligence activities to ensure that they are lawful, reasonable and necessary. NSIRA also hears public complaints regarding key national security agencies and their activities.
This quarterly report has been prepared by management using an expenditure basis of accounting. The accompanying Statement of Authorities includes the agency’s spending authorities granted by Parliament and those used by the agency, consistent with the 2023–24 Main Estimates. This quarterly report has been prepared using a special-purpose financial reporting framework (cash basis) designed to meet financial information needs with respect to the use of spending authorities.
The authority of Parliament is required before money can be spent by the government. Approvals are given in the form of annually approved limits through appropriation acts or through legislation in the form of statutory spending authorities for specific purposes.
Highlights of the fiscal quarter and fiscal year-to-date results
This section highlights the significant items that contributed to the net increase or decrease in authorities available for the year and actual expenditures for the quarter ended September 30, 2023.
NSIRA Secretariat spent approximately 33% of its authorities by the end of the second quarter, compared with 23% in the same quarter of 2022–23 (see graph 1).
Graph 1: Comparison of total authorities and total net budgetary expenditures, Q2 2023–24 and Q2 2022–23
Text version of Figure 1
Comparison of total authorities and total net budgetary expenditures, Q2 2023–24 and Q2 2022–23
2023-24
2022-23
Total Authorities
$24.3
$29.7
Q2 Expenditures
$3.8
$3.6
Year-to-Date Expenditures
$8.1
$6.9
Significant changes to authorities
As at September 30, 2023, Parliament had approved $24.3 million in total authorities for use by NSIRA Secretariat for 2023–24 compared with $29.7 million as of September 30th, 2022, for a net decrease of $5.4 million or 18.2% (see graph 2).
Graph 2: Variance in authorities as at September 30, 2023
Text version of Figure 2
Variance in authorities as at June 30, 2023 (in millions)
Fiscal year 2022-23 total available for use for the year ended March 31, 2023
Fiscal year 2023-24 total available for use for the year ended March 31, 2024
Vote 1 – Operating
28.0
22.6
Statutory
1.7
1.7
Total budgetary authorities
29.7
24.3
*Details may not sum to totals due to rounding*
The decrease of $5.4 million in authorities is mostly explained by a gradual reduction in NSIRA Secretariat’s ongoing operating funding due to an ongoing construction project nearing completion.
Significant changes to quarter expenditures
The second quarter expenditures totalled $3.8 million for an increase of $0.2 million when compared with $3.6 million spent during the same period in 2022–2023. Table 1 presents budgetary expenditures by standard object.
Table 1
Variances in expenditures by standard object(in thousands of dollars)
Fiscal year 2023–24: expended during the quarter ended September 30, 2023
Fiscal year 2022–23: expended during the quarter ended September 30, 2022
Variance $
Variance %
Personnel
3,014
2,903
111
4%
Transportation and communications
62
70
(8)
(11%)
Information
4
0
4
100%
Professional and special services
504
578
(74)
(13%)
Rentals
25
39
(14)
(36%)
Repair and maintenance
3
33
(30)
(91%)
Utilities, materials and supplies
50
12
38
317%
Acquisition of machinery and equipment
4
4
0
0%
Other subsidies and payment
118
3
115
3833%
Total gross budgetary expenditures
3,784
3,642
142
4%
Repair and maintenance
The decrease of $30,000 is due to the timing of invoicing for an ongoing capital project.
Utilities, materials and supplies
The increase of $38,000 is due to a temporarily unreconciled suspense account.
Other subsidies and payments
The increase of $115,000 is explained by an increase in payroll system overpayments which were subsequently resolved.
Significant changes to year-to-date expenditures
The year-to-date expenditures totalled $8.1 million for an increase of $1.1 million (17%) when compared with $6.9 million spent during the same period in 2022–23. Table 2 presents budgetary expenditures by standard object.
Table 2
Variances in expenditures by standard object(in thousands of dollars)
Fiscal year 2023–24: year-to-date expenditures as of September 30, 2023
Fiscal year 2022–23: year-to-date expenditures as of September 30, 2022
Variance $
Variance %
Personnel
5,900
5,248
652
12%
Transportation and communications
192
114
78
68%
Information
4
5
(1)
(20%)
Professional and special services
1,669
1,424
245
17%
Rentals
73
49
24
49%
Repair and maintenance
27
64
(37)
(58%)
Utilities, materials and supplies
57
28
29
104%
Acquisition of machinery and equipment
52
13
39
300%
Other subsidies and payment
122
1
121
12100%
Total gross budgetary expenditures
8,096
6,946
1,150
17%
Personnel
The increase of $652,000 relates to an increase in average salary and an increase in full time equivalent (FTE) positions.
Transportation and communications
The increase of $78,000 is due to the timing of invoicing for the organization’s internet connections.
Professional and special services
The increase of $245,000 is explained by an increase in IT support costs and guard services associated to a capital construction project.
Repair and maintenance
The decrease of $37,000 is due to the timing of invoicing for an ongoing capital project.
Utilities, materials and supplies
The increase of $29,000 is due to a temporarily unreconciled suspense account.
Acquisition of machinery and equipment
The increase of $39,000 is mainly explained by the one-time purchase of a specialized laptop.
Other subsidies and payments
The increase of $121,000 is explained by an increase in payroll system overpayments which were subsequently resolved.
Risks and uncertainties
The Secretariat assisted NSIRA in its work with the departments and agencies subjected to reviews to ensure a timely and unfettered access to all the information necessary for the conduct of reviews. While work remains to be done on this front, we acknowledge the improvements in cooperation and support to the independent review process demonstrated by some reviewees.
There is a risk that the funding received to offset pay increases anticipated over the coming year will be insufficient to cover the costs of such increases and the year-over-year cost of services provided by other government departments/agencies is increasing significantly.
NSIRA Secretariat is closely monitoring pay transactions to identify and address over and under payments in a timely manner and continues to apply ongoing mitigating controls.
Mitigation measures for the risks outlined above have been identified and are factored into NSIRA Secretariat’s approach and timelines for the execution of its mandated activities.
Significant changes in relation to operations, personnel and programs
There have been two new Governor-in-Council appointments during the Second quarter, Ms. Colleen Swords and Mr. Jim Chu.
There have been no changes to the NSIRA Secretariat Program.
Approved by senior officials:
John Davies Deputy Head
Marc-André Cloutier Director General, Corporate Services, Chief Financial Officer
Appendix
Statement of authorities (Unaudited)
(in thousands of dollars)
Fiscal year 2023–24
Fiscal year 2022–23
Total available for use for the year ending March 31, 2024 (note 1)
Used during the quarter ended September 30, 2023
Year to date used at quarter-end
Total available for use for the year ending March 31, 2023 (note 1)
Used during the quarter ended September 30, 2022
Year to date used at quarter-end
Vote 1 – Net operating expenditures
22,564
3,345
7,218
27,931
3,210
6,082
Budgetary statutory authorities
Contributions to employee benefit plans
1,755
439
878
1,728
432
864
Total budgetary authorities (note 2)
24,319
3,784
8,096
29,659
3,642
6,946
Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.
Note 2: Details may not sum to totals due to rounding.
Departmental budgetary expenditures by standard object (unaudited)
(in thousands of dollars)
Fiscal year 2023–24
Fiscal year 2022–23
Planned expenditures for the year ending March 31, 2024 (note 1)
Expended during the quarter ended September 30, 2023
Year to date used at quarter-end
Planned expenditures for the year ending March 31, 2023
Expended during the quarter ended September 30, 2022
Year to date used at quarter-end
Expenditures
Personnel
13,303
3,014
5,900
13,245
2,903
5,248
Transportation and communications
650
62
192
597
70
114
Information
371
4
4
372
0
5
Professional and special services
4,906
504
1,669
4,914
578
1,424
Rentals
271
25
73
271
39
49
Repair and maintenance
4,580
24
27
9,722
33
64
Utilities, materials and supplies
73
50
57
173
12
28
Acquisition of machinery and equipment
132
4
52
232
4
13
Other subsidies and payments
33
118
122
133
3
1
Total gross budgetary expenditures
(note 2)
24,319
3,784
8,096
29,659
3,642
6,946
Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.
Note 2: Details may not sum to totals due to rounding.
I am pleased to present the National Security and Intelligence Review Agency (NSIRA) Secretariat’s Departmental Results Report for 2022-23. Throughout the reporting period, the Secretariat has continued to execute its mission to support NSIRA in its focus on conducting highquality, impactful reviews and fair and efficient complaint investigations. We also worked to expand our capacity and expertise across all business lines, building on the work of previous years.
In 2022-23, NSIRA’s review work continued to expand to new areas within Canada’s national security and intelligence community and NSIRA continued to collaborate and de-conflict with like-minded accountability bodies in Canada with similar mandates. NSIRA’s work on complaint investigations was extensive and included the completion of a significant volume of referrals from the Canadian Human Rights Commission. The NSIRA Secretariat was an integral part of all of these developments which required us to remain agile, diverse and to explore all avenues of our productivity in the support of NSIRA.
Internally, we undertook a number of ambitious initiatives related to training and development, with a focus on attracting and retaining highly professional staff and offering career progression options. We continued to refine our business processes to enhance the quality of our output and strengthened our relationship with our various domestic and international counterparts to exchange on best practices in the field of national security and intelligence accountability.
I would like to thank all NSIRA Secretariat staff for their continued dedication to fulfilling our important mandate, and for ensuring that our work is held to the highest standards.
John Davies Executive Director National Security and Intelligence Review Agency
Results at a glance
In 2022-23, the National Security and Intelligence Review Agency (NSIRA) Secretariat continued to execute its mandate of assisting NSIRA in its Reviews and Investigations with the goal of improving national security and intelligence accountability and transparency in Canada. This related not only to the activities of the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), but also other federal departments and agencies engaged in such activities, including:
the Department of National Defence (DND) and the Canadian Armed Forces (CAF);
the Canada Border Services Agency (CBSA); and,
all departments and agencies engaging in national security and intelligence activities in the context of NSIRA’s yearly reviews of the Security of Canada Information Disclosure Act and the Avoiding Complicity in Mistreatment by Foreign Entities Act.
The NSIRA Secretariat’s total spending in 2022-23 amounted to $18,289,147 and its total actual full-time equivalents were 78.
Review
NSIRA’s review of national security and intelligence activities undertaken by Government of Canada institutions ensures that ministers and Canadians are informed about whether these activities were lawful, reasonable and necessary.
During 2022–23, the Secretariat assisted NSIRA in completing 7 reviews, including reviews of activities that were never previously subject to independent scrutiny. We also refined our methodology, emphasizing a stronger role for NSIRA Members in working with staff to shape reviews throughout their lifecycle.
Complaint investigations
In 2022-23 the Secretariat assisted NSIRA in the continuation of maturation and modernization of the processes underpinning the fulfillment of its investigation mandate. The jurisdiction assessment phase was regularized, incorporating a verification protocol for the three agencies for which NSIRA has complaints jurisdiction. The administration and conduct of the investigative process has increased emphasis on investigative interviews in order to enhance the relevance of the process for complainants.
COVID-19 remained a lingering feature of the investigative landscape in the first half of the year which caused continued constraints with respect to the progress of investigations, requiring inperson meetings in compliance with security protocols. The new processes reduced delays in the conduct of investigations. It is anticipated that this will continue on a forward basis as we emerge from the pandemic.
The level of investigation activities last year remained high and included the completion of a significant referral from the Canadian Human Rights Commission (CHRC). A number of initiatives were commenced relating to data management and service standards which are expected to enhance file management in the coming year.
For more information, see the “Results: what we achieved” section of this report.
Results: what we achieved
Core responsibility
Assisting NSIRA in National Security and Intelligence Reviews and Complaints Investigations
Description:
The National Security and Intelligence Review Agency reviews Government of Canada national security and intelligence activities to assess whether they are lawful, reasonable and necessary. It investigates complaints from members of the public regarding activities of CSIS, CSE or the national security activities of the RCMP, as well as certain other national security-related complaints. This independent scrutiny contributes to the strengthening of the framework of accountability for national security and intelligence activities undertaken by Government of Canada institutions and supports public confidence in this regard. The NSIRA Secretariat’s function is to assist NSIRA in the conduct of this important work.
Results:
The NSIRA Secretariat assisted NSIRA in the completion of 7 national security and intelligence reviews over the course of 2022–23. Five reviews focused mainly on an individual department or agency, while two reviews were interdepartmental by design. Organizations whose activities were the subject of specific reviews included:
Canadian Security Intelligence Service — one review
Communications Security Establishment — two reviews
Department of National Defence and the Canadian Armed Forces — one review
Canada Border Services Agency – one review
The two interdepartmental reviews by design were:
The annual review of disclosures under the Security of Canada Information Disclosure Act (SCIDA)
The annual review of the implementation of directions issued under the Avoiding Complicity in Mistreatment by Foreign Entities Act (ACA)
During the reporting period, the Secretariat continued to refine its processes and methodology to assist the NSIRA review mandate, with the goal of promoting high-quality, impactful reviews.
NSIRA Members worked closely with Secretariat staff in designing and executing individual reviews. The Secretariat supported NSIRA in the development and implementation of a “Considerations Matrix” which uses objective criteria to identify review topics in accordance with NSIRA’s core mandate and mission. In addition, the Secretariat implemented an updated process at the staff level for its Quality Assurance of review work, incorporating peer review at key stages.
NSIRA continued to place emphasis on the review of the use of technology by reviewed entities. The Secretariat’s Technology Directorate supported NSIRA’s ongoing first technology-focused review of the lifecycle of CSIS information collected by technical capabilities pursuant to a Federal Court warrant.
Investigation of national security and intelligence–related complaints
During the past year, the Secretariat continued to assist NSIRA efforts in reforming the investigative process for complaints and developing procedures and practices to ensure that the conduct of investigations is fair, timely and transparent. This included work on a streamlined jurisdictional assessment phase and increased use of investigative interviews as the principal means of fact finding. These developments enabled the Secretariat to successfully assist NSIRA in dealing with a significant volume of complaints over this reporting period.
During 2022-23, under instructions from NSIRA leadership, the Secretariat began developing service standards related to the investigation of complaints. The service standards will set internal time limits for certain investigative steps for each type of complaint, under normal circumstances. The service standards will specify the circumstances under which those time limits do not apply. The Secretariat will finalize and publish its service standards in 2023.
The Secretariat assisted NSIRA in completing sixty-seven complaint investigations during the 2022-23 reporting period, which included 58 referrals from the CHRC and 9 other complaints. Additionally, the Secretariat began the last phase of a study on race-based data and the collection of demographic information jointly commissioned with the Civilian Review and Complaints Commission for the RCMP (CRCC). The study will assess the viability of the collection of identity-based and demographic data as part of the CRCC’s ongoing anti-racism initiatives. Improved, more precise and more consistent tracking, collection and measurement of data is necessary to support anti-racism efforts in government.
Gender-based analysis plus
In 2022–23, the NSIRA Secretariat’s Diversity, Inclusion and Employment Equity Advisory Committee examined and provided recommendations to senior management on ways it can improve its internal policies, programs and procedures, as well as its external service delivery model to increase inclusion, diversity and equity.
We continue to work closely with partners to develop strategies for the collection, analysis and use of race-based and demographic data in the context of the complaints process. Improving awareness and understanding of NSIRA’s investigation process remains a core objective to ensure justice is accessible to all.
The potential for national security and intelligence activities to result in disparate outcomes for minority groups is taken into account when the Secretariat assists NSIRA to plan and conduct its reviews. Diversity is one of the elements on NSIRA’s Review Considerations Matrix, which uses objective criteria to identify review topics in accordance with NSIRA’s core mandate and mission. While NSIRA’s reviews are focused on the compliance, reasonableness, necessity and efficacy of activities, particular consideration is given to the impacts of these activities on diverse communities.
In 2022-23, the NSIRA Secretariat worked to establish a framework for the collection of employee self-identification data, in order to understand the makeup of its workforce and how it compares with the broader Canadian population. Understanding where there are gaps in representation of equity-deserving groups will help to determine where changes are needed to correct historical disadvantages and achieve equality in the workplace. This initiative will be implemented in 2023-24.
The NSIRA Secretariat also published its first accessibility plan in accordance with the Accessible Canada Act: National Security and Intelligence Review Agency Accessibility Plan 2022 – 2025. The plan was developed further to both internal and external consultations which included individuals whose lived experience as persons with a disability provided invaluable insight into barriers, potential gaps, and important considerations with respect to mitigation strategies. This inaugural plan outlines the steps that will be taken to increase accessibility within the organization and for Canadians more generally over the next three years.
Innovation
Given the Secretariat’s mandate to assist NSIRA’s functions and responsibilities, the Secretariat did not engage in any program-related innovation activities.
Key risks
During the reporting period, the Secretariat assisted NSIRA in its work with the departments and agencies subject to review, to ensure timely and unfettered access to all the information necessary for the conduct of reviews. While work remains to be done on this front, we acknowledge the improvements in cooperation and support to the independent review process demonstrated by some reviewees. Secretariat staff generally increased its level of occupancy within the departments’ offices and its access to information systems.
Physical distancing precautions established by the COVID-19 pandemic were, for the most part, lifted in 2022–23. However, the Secretariat remains ready to implement such measures if they are deemed necessary in the future. We see investments made in virtual meeting technology as beneficial for the organization as they have allowed us to gain flexibility.
Results achieved
The following table shows, for the assistance in completing National Security and Intelligence Reviews and Complaints Investigations, the results achieved, the performance indicators, the targets and the target dates for 2022–23, and the actual results for the three most recent fiscal years for which actual results are available.
Departmental results
Performance indicators
Target
Date to achieve target
2020-21 actual results
2021-22 actual results
2022-23 actual results
Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary
All mandatory reviews are completed on an annual basis
100% completion of mandatory reviews
2021-22
Not applicable (N/A)
100%
100%
Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year
At least one national security or intelligence activity is reviewed in at least five departments or agencies annually
2021-22
N/A
100%
100%
All Member-approved high priority national security or intelligence activities are reviewed over a three- year period
100% completion over three years; at least 33% completed each year
2021-22
N/A
33%
33%
National security-related complaints are independently investigated in a timely manner
Percentage of investigations completed within NSIRA service standards
90%
2022-23
N/A
N/A
Note: The NSIRA Secretariat was created on July 12, 2019. Actual results for 2020–21 are not available because the new Departmental Results Framework in the changeover from the Security Intelligence Review Committee to the NSIRA Secretariat was being developed. This new framework is for measuring and reporting on results achieved starting in 2021–22. In 2022–23, the Secretariat will finalize the development of service standards for how long it takes to complete its investigations; the results will be included in the next Departmental Results Report.
Financial, human resources and performance information for NSIRA’s Program Inventory is available in GC InfoBase.
Budgetary financial resources (dollars)
The following table shows, for internal services, budgetary spending for 2022–23, as well as actual spending for that year.
2022–23 Main Estimates
2022–23 Planned spending
2022–23 Total authorities available for use
2022–23 Actual spending (authorities used)
2022–23 Difference (Actual spending minus Planned spending)
$10,756,818
$10,756,818
$11,541,004
$7,756,271
$(3,000,547)
Financial, human resources and performance information for NSIRA Secretariat’s Program Inventory is available in GC InfoBase.
Human resources (full-time equivalents)
The following table shows, in full-time equivalents, the human resources the NSIRA Secretariat’s needed to fulfill this core responsibility for 2022–23.
2022–23 Planned full-time equivalents
2022–23 Actual full-time equivalents
2022–23 Difference (Actual full-time equivalents minus Planned full-time equivalents)
69
53
(16)
Financial, human resources and performance information for NSIRA Secretariat’s Program Inventory is available in GC InfoBase.
Internal Services
Description
Internal services are those groups of related activities and resources that the federal government considers to be services in support of programs and/or required to meet corporate obligations of an organization. Internal services refers to the activities and resources of the 10 distinct service categories that support program delivery in the organization, regardless of the internal services delivery model in a department. The 10 service categories are:
Acquisition Management Services
Communication Services
Financial Management Services
Human Resources Management Services
Information Management Services
Information Technology Services
Legal Services
Material Management Services
Management and Oversight Services
Real Property Management Services
Results
During the reporting period, the NSIRA Secretariat continued to take steps to ensure resources were deployed in the most effective and efficient manner possible and its operations and administrative structures, tools and processes continued to focus on supporting the delivery of its priorities.
The Secretariat recognizes the need to be an inclusive, healthy, and flexible employer. Over the past year, we have encouraged flexible working arrangements, such as teleworking, to achieve work–life balance and meet performance expectations.
The Secretariat initiated a project associated with the accreditation of its current space for use of classified material. Various testing, inspections and supported documents were issued to the Lead Security Agency issuing the authority to operate within the required timelines.
Work on increasing the Secretariat’s footprint with modern and flexible workstations within the classified and non-classified realm commenced in the summer of 2022. The project has, due to its complexity, supply chain challenges, and compliancy requirements, seen the delivery date pushed back to summer of 2024.
The Secretariat also completed work on refreshing two of its multifunctional meeting rooms. The Secretariat continues to implement security controls and keeps its Security Plan and the Business Impact Analysis evergreen, in order to ensure resiliency.
The Secretariat has successfully implemented an ergonomic and accessibility program. This program is a joint venture between the human resources and property management teams. In addition to this, based on the Information Management plans and strategies developed last fiscal year, the Secretariat identified the tools and resources required to execute the plans/strategies over the coming years.
Contracts awarded to Indigenous businesses
The Government of Canada is committed to reconciliation with Indigenous peoples and to improving socio-economic outcomes by increasing opportunities for First Nations, Inuit and Métis businesses through the federal procurement process.
Under the Directive on the Management of Procurement, which came into effect on May 13, 2021, departments must ensure that a minimum of 5% of the total value of the contracts they award are held by Indigenous businesses. This requirement is being phased in over three years, and full implementation is expected by 2024.
Indigenous Services Canada has set the implementation schedule:
Phase 1 departments: April 1, 2022, to March 31, 2023
Phase 2 departments: April 1, 2023, to March 31, 2024
Phase 3 departments: April 1, 2024, to March 31, 2025
The NSIRA Secretariat is a Phase 3 organization and is aiming to achieve the minimum 5% target by the end of 2025.
In order to achieve this target, the Secretariat plans to implement a strategy to create more opportunities for Indigenous businesses. Tools will be added to ensure Indigenous considerations for every contract and consideration will be given to amending internal policies.
In addition, all staff will be required to complete the mandatory course Indigenous Considerations in Procurement (COR409) from the Canada School of Public Service as well as Procurement in the Nunavut Settlement Area (COR410) from the Canada School of Public Service.
Budgetary financial resources (dollars)
The following table shows, for internal services, budgetary spending for 2021–22, as well as spending for that year.
2022–23 Main Estimates
2022–23 Planned spending
2022–23 Total authorities available for use
2022–23 Actual spending (authorities used)
2022–23 Difference (Actual spending minus Planned spending)
$17,493,858
$17,493,858
$17,822,513
$10,532,876
($6,960,982)
The difference of $6.9 million between planned and actual spending is mostly due to the lingering impacts of the pandemic on the Secretariat’s ability to progress with its facilities fit-up and expansion plans, as well as on its planned spending on internal services infrastructure and systems.
Human resources (full-time equivalents)
The following table shows, in full-time equivalents, the human resources the department needed to carry out its internal services for 2022–23.
2022–23 Planned full-time equivalents
2022–23 Actual full-time equivalents
2022–23 Difference (Actual full-time equivalents minus Planned full-time equivalents)
31
25
(6)
Spending and human resources
Spending
Spending 2020–21 to 2025–26
The following graph presents planned (voted and statutory spending) over time.
Text version of Figure 1
Departmental spending trend graph
2020-21
2021-22
2022-23
2023-24
2024-25
2025-26
Statutory
962,186
1,176,321
1,300,166
1,755,229
1,755,229
1,756,977
Voted
11,289,189
16,113,433
16,988,980
21,253,996
16,753,702
16,786,929
Total
12,251,375
17,289,754
18,289,147
23,009,225
18,508,931
18,543,906
The graph illustrates the Secretariat’s spending trends over a six-year period from 2020-21 to 2025–26. Fiscal years 2020–21 to 2022–23 reflect actual expenditures as reported in the Public Accounts. Fiscal years 2023–24 to 2025–26 represent planned spending.
The increased spending in 2023-24 is due to the expectation that the facilities fit-up and expansion is planned to be completed in this fiscal year.
The levelling of authorities in 2024–25 and 2025-26 is due to the sunsetting of funding earmarked for the completion of facilities fit-up and expansion.
Budgetary performance summary for core responsibilities and internal services (dollars)
The “Budgetary performance summary for core responsibilities and internal services” table presents the budgetary financial resources allocated for the NSIRA Secretariat’s core responsibilities and for internal services.
Core responsibilities and Internal Services
2022-23 Main Estimates
2022-23 Planned spending
2023-24 Planned spending
2024-25 Planned spending
2022-23 Total authorities available for use
2020-21 Actual spending (authorities used)
2021-22 Actual spending (authorities used)
2022-23 Actual spending (authorities used)
National Security and Intelligence Reviews and Complaints Investigations
10,756,818
10,756,818
10,757,687
10,757,687
11,541,004
3,009,066
7,394,642
7,756,271
Subtotal
10,756,818
10,756,818
10,757,687
10,757,687
11,541,004
3,009,066
7,394,642
7,756,271
Internal Services
17,493,858
17,493,858
7,701,336
7,701,042
17,822,513
6,643,579
9,895,112
10,532,876
Total
28,250,676
28,250,676
18,459,023
18,458,729
29,363,517
9,652,645
17,289,754
18,289,147
Human resources
The “Human resources summary for core responsibilities and internal services” table presents the full-time equivalents (FTEs) allocated to each of the Secretariat’s core responsibilities and to internal services.
Human resources summary for core responsibilities and internal services
Core responsibilities and Internal Services
2020-21 Actual full-time equivalents
2021-22 Actual full-time equivalents
2022-23 Planned full-time equivalents
2022-23 Actual full-time equivalents
2023-24 Planned full-time equivalents
2024-25 Planned full-time equivalents
National Security and Intelligence Reviews and Complaints Investigations
38
52
69
53
69
69
Subtotal
38
52
69
53
69
69
Internal Services
22
22
31
25
31
31
Total
29
60
100
78
100
100
Expenditures by vote
For information on the Secretariat’s organizational voted and statutory expenditures, consult the Public Accounts of Canada.
Government of Canada spending and activities
Information on the alignment of the Secretariat’s spending with Government of Canada’s spending and activities is available in GC InfoBase.
Financial statements and financial statements highlights
Financial statements
NSIRA’s financial statements (unaudited) for the year ended March 31, 2023, are available on the departmental website.
Financial statement highlights
Condensed Statement of Operations (unaudited) for the year ended March 31, 2023 (dollars)
Financial information
2022-23 Planned results
2022-23 Actual results
2021-22 Actual results
Difference (2022-23 Actual results minus 2022-23 Planned results)
Difference (2022-23 Actual results minus 2021-22 Actual results)
Total expenses
$28,250,676
$19,585,699
$16,164,825
($8,664,977)
$3,420,874
Total revenues
0
0
0
0
0
Net cost of operations before government funding and transfers
Appropriate minister: The Right Honourable Justin Trudeau, Prime Minister of Canada Institutional head: John Davies, Executive Director Ministerial portfolio: Privy Council Office Enabling instrument:National Security and Intelligence Review Agency Act Year of incorporation / commencement: 2019
Raison d’être, mandate and role: who we are and what we do
“Raison d’être, mandate and role: who we are and what we do” is available on NSIRA‘s website.
Operating context
Information on the operating context is available on NSIRA’s website.
Reporting framework
NSIRA’s Departmental Results Framework, with accompanying results and indicators, were under development in 2020–21. Additional information on key performance measures are included in the 2021–22 Departmental Plan.
Text version of Figure 2
Core Responsibility: National Security and Intelligence Reviews and Complaints Investigations
Departmental Results Framework
Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary
Indicator: All mandatory reviews are completed on an annual basis
Internal Services
Indicator: Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year
Indicator: All Member-approved high priority national security or intelligence activities are reviewed over a three-year period
National security-related complaints are independently investigated in a timely manner
Indicator: Percentage of investigations completed within NSIRA service standards
Program Inventory
Program: National security and intelligence activity reviews and complaints investigations
Supporting information on the program inventory
Financial, human resources and performance information for NSIRA’s Program Inventory is available in GC InfoBase.
Supplementary information tables
The following supplementary information table is available on NSIRA’s website:
Gender-based analysis plus
Federal tax expenditures
The tax system can be used to achieve public policy objectives through the application of special measures such as low tax rates, exemptions, deductions, deferrals and credits. The Department of Finance Canada publishes cost estimates and projections for these measures each year in the Report on Federal Tax Expenditures. This report also provides detailed background information on tax expenditures, including descriptions, objectives, historical information and references to related federal spending programs. The tax measures presented in this report are the responsibility of the Minister of Finance.
Organizational contact information
National Security and Intelligence Review Agency P.O. Box 2430, Station “D” Ottawa, Ontario K1P 5W5
Appendix: definitions
appropriation(crédit)
Any authority of Parliament to pay money out of the Consolidated Revenue Fund.
budgetary expenditures(dépenses budgétaires)
Operating and capital expenditures; transfer payments to other levels of government, organizations or individuals; and payments to Crown corporations.
core responsibility(responsabilité essentielle)
An enduring function or role performed by a department. The intentions of the department with respect to a core responsibility are reflected in one or more related departmental results that the department seeks to contribute to or influence.
Departmental Plan(plan ministériel)
A report on the plans and expected performance of an appropriated department over a 3‑year period. Departmental Plans are usually tabled in Parliament each spring.
departmental priority(priorité)
A plan or project that a department has chosen to focus and report on during the planning period. Priorities represent the things that are most important or what must be done first to support the achievement of the desired departmental results.
departmental result(résultat ministériel)
A consequence or outcome that a department seeks to achieve. A departmental result is often outside departments’ immediate control, but it should be influenced by program-level outcomes.
departmental result indicator (indicateur de résultat ministériel)
A quantitative measure of progress on a departmental result.
departmental results framework(cadre ministériel des résultats)
A framework that connects the department’s core responsibilities to its departmental results and departmental result indicators.
Departmental Results Report(rapport sur les résultats ministériels)
A report on a department’s actual accomplishments against the plans, priorities and expected results set out in the corresponding Departmental Plan.
experimentation(expérimentation)
The conducting of activities that seek to first explore, then test and compare the effects and impacts of policies and interventions in order to inform evidence-based decision-making, and improve outcomes for Canadians, by learning what works, for whom and in what circumstances. Experimentation is related to, but distinct from innovation (the trying of new things), because it involves a rigorous comparison of results. For example, using a new website to communicate with Canadians can be an innovation; systematically testing the new website against existing outreach tools or an old website to see which one leads to more engagement, is experimentation.
full‑time equivalent(équivalent temps plein)
A measure of the extent to which an employee represents a full person‑year charge against a departmental budget. For a particular position, the full‑time equivalent figure is the ratio of number of hours the person actually works divided by the standard number of hours set out in the person’s collective agreement.
gender-based analysis plus (GBA Plus)(analyse comparative entre les sexes plus [ACS Plus])
An analytical process used to assess how diverse groups of women, men and gender-diverse people experience policies, programs and services based on multiple factors including race ethnicity, religion, age, and mental or physical disability.
For the purpose of the 2022–23 Departmental Results Report, government-wide priorities are the high-level themes outlining the government’s agenda in the November 23, 2021, Speech from the Throne: building a healthier today and tomorrow; growing a more resilient economy; bolder climate action; fighter harder for safer communities; standing up for diversity and inclusion; moving faster on the path to reconciliation; and fighting for a secure, just and equitable world.
horizontal initiative(initiative horizontale)
An initiative where two or more federal organizations are given funding to pursue a shared outcome, often linked to a government priority.
non‑budgetary expenditures(dépenses non budgétaires)
Net outlays and receipts related to loans, investments and advances, which change the composition of the financial assets of the Government of Canada.
performance (rendement)
What an organization did with its resources to achieve its results, how well those results compare to what the organization intended to achieve, and how well lessons learned have been identified.
performance indicator(indicateur de rendement)
A qualitative or quantitative means of measuring an output or outcome, with the intention of gauging the performance of an organization, program, policy or initiative respecting expected results.
performance reporting(production de rapports sur le rendement)
The process of communicating evidence‑based performance information. Performance reporting supports decision making, accountability and transparency.
plan(plan)
The articulation of strategic choices, which provides information on how an organization intends to achieve its priorities and associated results. Generally, a plan will explain the logic behind the strategies chosen and tend to focus on actions that lead to the expected result.
planned spending(dépenses prévues)
For Departmental Plans and Departmental Results Reports, planned spending refers to those amounts presented in Main Estimates.
A department is expected to be aware of the authorities that it has sought and received. The determination of planned spending is a departmental responsibility, and departments must be able to defend the expenditure and accrual numbers presented in their Departmental Plans and Departmental Results Reports.
program(programme)
Individual or groups of services, activities or combinations thereof that are managed together within the department and focus on a specific set of outputs, outcomes or service levels.
program inventory(répertoire des programmes)
Identifies all the department’s programs and describes how resources are organized to contribute to the department’s core responsibilities and results.
result(résultat)
A consequence attributed, in part, to an organization, policy, program or initiative. Results are not within the control of a single organization, policy, program or initiative; instead they are within the area of the organization’s influence.
statutory expenditures(dépenses législatives)
Expenditures that Parliament has approved through legislation other than appropriation acts. The legislation sets out the purpose of the expenditures and the terms and conditions under which they may be made.
target (cible)
A measurable performance or success level that an organization, program or initiative plans to achieve within a specified time period. Targets can be either quantitative or qualitative.
voted expenditures(dépenses votées)
Expenditures that Parliament approves annually through an appropriation act. The vote wording becomes the governing conditions under which these expenditures may be made.
Ottawa, Ontario, October 30, 2023 – The National Security and Intelligence Review Agency’s (NSIRA) fourth annual report was tabled in Parliament on October 30, 2023.
This report provides an overview and discussion of NSIRA’s activities throughout 2022, including our findings and recommendations. Our growth and evolution as an agency, including our continued efforts to refine our approaches and processes, both in our reviews and investigations, allowed us to take on new and challenging work. The report also assesses our review work to date, highlighting important themes and trends that have emerged.
Our report summarizes review and investigations work during the 2022 period and highlights our continued effort to enhance transparency by evaluating important aspects of our engagement with reviewed departments and agencies. Review highlights in the report include the following:
The annual review of the Canadian Security Intelligence Service’s (CSIS) threat reduction measures (TRMs), and the annual review of CSIS’s activities to inform our report to the Minister of Public Safety;
Reviews of the Communications Security Establishment’s (CSE) active and defensive cyber operations, a foreign intelligence collection program, as well as the annual review of CSE activities to inform our report to the Minister of National Defence;
A review submitted to the Minister of National Defence under s. 35 of the NSIRA Act on particular human source handling activities undertaken by the Canadian Armed Forces that may not have been in compliance with the law;
A review of the Canada Border Services Agency’s Air Passenger Targeting program; and
Our mandated multi-departmental reviews with respect to the Avoiding Complicity in Mistreatment by Foreign Entities Act and sharing of information within the federal government under the Security of Canada Information Disclosure Act.
During 2022, NSIRA continued modernizing its complaints investigations process, which helped us improve the consistency and efficiency of our work. While the pandemic continued to impact the investigative landscape, processes introduced will reduce delays moving forward. In addition to its other investigations work, NSIRA completed its investigation in relation to a group of 58 complaints referred by the Canadian Human Rights Commission.
This annual report also highlights how the organization pursued greater engagement with partners, seeking and sharing best practices with like-minded review and oversight bodies. In addition, it discusses our organization’s corporate initiatives, including efforts to increase our capacity across our business lines, including technology and information management.
NSIRA’s Members continue to be proud of the work of NSIRA’s Secretariat and the dedication and professionalism of its staff.
On behalf of the National Security and Intelligence Review Agency, it is my pleasure to present you with our third annual report. Consistent with subsection 38(1) of the National Security and Intelligence Review Agency Act, the report includes information about our activities in 2021, as well as our findings and recommendations.
In accordance with paragraph 52(1)(b) of the National Security and Intelligence Review Agency Act, our report was prepared after consultation with relevant deputy heads, in an effort to ensure that it does not contain information the disclosure of which would be injurious to national security, national defence or international relations, or is information that is subject to solicitor-client privilege, the professional secrecy of advocates and notaries, or to litigation privilege.
Yours sincerely,
The Honourable Marie Deschamps, C.C.
Chair // National Security and Intelligence Review Agency
Message from the members
As we reflect on this past year’s work, the National Security and Intelligence Review Agency (NSIRA) is proud of what it has accomplished. We pushed past the challenges of the pandemic and pursued our mission with renewed energy and innovation, understanding that we can adapt and even thrive in this new environment. In 2022, our agency focused on building out and refining its processes as we empowered our review and complaints professionals in their work. These efforts enhanced our ability to meet the challenges of our review and investigations mandates, and thereby improve the transparency and accountability of the national security and intelligence activities across the federal government.
In addition to completing a wide array of reviews and investigations, we have stepped back to reflect on our work and activities over the first few years of our mandate. Despite being a relatively new agency, we are now in the position to make broader observations on the themes and trends in our work, and on the community we review. Indeed, as our experience grows, our approaches in our reviews and investigations mature and evolve. We meet our goals of increased efficiency and expertise through a commitment to address the challenges we face, and by seeking out best practices through expanded partnerships with like-minded domestic and international institutions.
During NSIRA’s brief history, ministers of the Crown have referred certain matters to us for review, as provided for in the National Security and Intelligence Review Agency Act. At the time of writing, we are in the process of such a referral. As this important review progresses, we will ensure that our commitment to independent and professional review is reflected in all our activities.
This report continues themes from previous annual reports by presenting an overview of our work, a discussion on our engagement with reviewees, and an account of the initiatives we undertook to ensure that our products are complete, thorough and professional. It is our belief that as we grow, we bring confidence to the Canadian public with each review and investigation we conduct.
We would like to thank our previous members, Ian Holloway and Faisal Mirza, for their commitment and contribution to advancing the important work of NSIRA during their tenure, and we wish them well in their future endeavours. Finally, we thank the staff of NSIRA’s Secretariat for their professionalism and dedication to fulfilling the agency’s mandate, and we have no doubt that the year ahead will bring further success for NSIRA
Marie Deschamps Craig Forcese Ian Holloway Faisal Mirza Marie-Lucie Morin
Executive Summary
In 2022, the National Security and Intelligence Review Agency (NSIRA) continued to execute its review and investigations mandates with the goal of improving national security and intelligence accountability and transparency in Canada. This related not only to the activities of the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), but also to other federal departments and agencies engaged in such activities, including:
the Department of National Defence (DND) and the Canadian Armed Forces (CAF);
the Canada Border Services Agency (CBSA); and
all departments and agencies engaging in national security or intelligence activities in the context of NSIRA’s yearly reviews of the Security of Canada Information Disclosure Act and the Avoiding Complicity in Mistreatment by Foreign Entities Act.
NSIRA has reflected on its work to date and found that a horizontal view of all its findings and recommendations over the past three years reveals the emergence of three major themes: governance; propriety; and information management and sharing. NSIRA observes that there is an interconnected and overlapping aspect to these issues, and as a result believes that improvements to governance could result in broader improvements across all themes.
Reviews
Canadian Security Intelligence Service
The following are highlights of the reviews completed in 2022 along with key outcomes. The number of reviews defined as completed does not include any ongoing reviews, or reviews completed in previous years but that went through or are in the process of going through consultations for their release to the public. Annex C lists all the findings and recommendations associated with reviews completed in 2022, along with the corresponding responses from reviewees, if provided.
In addition to the reviews discussed below, NSIRA determined that a number of ongoing reviews would be closed or terminated. These decisions, based on a variety of considerations, allow NSIRA to redirect its efforts and resources towards other important issues.
Canadian Security Intelligence Service
In 2022, NSIRA completed the following reviews on CSIS activities:
the third annual review of CSIS’s threat reduction measures, which provided an overview of all such measures conducted in 2021, and also focused on a subset of these measures to consider the implementation of each measure, how what happened aligned with what was originally proposed, and, relatedly, the role of legal risk; and
an annual review of CSIS’s activities, which informed, in part, NSIRA’s 2022 annual report to the Minister of Public Safety.
Communications Security Establishment
In 2022, NSIRA completed two dedicated reviews of CSE, and commenced an annual review of CSE activities:
a review of CSE’s active and defensive cyber operations (ACO/DCO), which is a continuation of NSIRA’s 2021 review of the governance of ACO/DCO by CSE and Global Affairs Canada;
a review of a sensitive CSE foreign intelligence collection program, which assistedNSIRA in better informing the Minister of National Defence about CSE’s activities; and
an annual review of CSE activities similar to that for CSIS, begun for the first time in 2022 and that informed, in part, NSIRA’s 2022 annual report to the Minister of National Defence.
Department of National Defence and the Canadian Armed Forces
In the course of a review of the Department of National Defence and Canadian Armed Forces (DND/CAF) human source handling activities, NSIRA issued to the Minister of National Defence a report on December 9, 2022, under section 35 of the National Security and Intelligence Review Agency Act in relation to a specific operation. Section 35 requires that NSIRA submit to the appropriate Minister a report with respect to any activity that is related to national security or intelligence that, in NSIRA’s opinion, may not be in compliance with the law. NSIRA will complete the broader review of DND/CAF’s human source handling activities in 2023.
Canada Border Services Agency
NSIRA completed its first in-depth review of national security or intelligence activities of the Canada Border Services Agency (CBSA) in 2022: a review of air passenger targeting. This review examined the CBSA’s pre-arrival risk assessment of passengers based on data collected by commercial air carriers. It evaluated whether the CBSA’s activities complied with legislative requirements and Canada’s non-discrimination obligations.
Multi-departmental reviews
NSIRA conducted two mandated multi-departmental reviews in 2022:
a review of directions issued with respect to the Avoiding Complicity in Mistreatment by Foreign Entities Act; and
a review of disclosures of information under the Security of Canada Information Disclosure Act.
Review work not resulting in a final report
During the past year NSIRA determined that certain ongoing review work would be closed or not result in a final report to a Minister. These decisions allow NSIRA to remain nimble and to pivot its work plan. Multiple considerations can lead to the decision to close a review, and doing so allows NSIRA to redirect efforts and resources.
Technology in review
In 2022, NSIRA expanded its Technology Directorate to keep pace with the national security and intelligence community’s evolving use of digital technologies. The team comprises technical experts and review professionals, who are supported by academic researchers. This expanded team launched NSIRA’s first technology-led review, focusing on the lifecycle of warranted CSIS information. In addition to directly supporting NSIRA’s reviews, the Technology Directorate also began hosting learning sessions and discussion forums designed to enhance NSIRA employees’ knowledge of broader technical issues.
Engagement with reviewees
NSIRA continues to address and improve on aspects of its interaction with reviewees during the review process. It saw both improvements and ongoing challenges, and seeks to provide full and transparent assessments in this regard. Updated criteria will be used to evaluate engagement. These criteria are critical for supporting NSIRA’s efforts during a review. This approach builds on the agency’s previous confidence statements and provides a more consistent and complete assessment on engagement.
NSIRA continues to optimize its methods for accessing, receiving and tracking the information required to complete reviews. This involves ongoing discussions and support from reviewees. Limitations and challenges to this process are addressed directly and are communicated publicly where possible.
Complaints investigations
As NSIRA marked its third year of existence in 2022 it continued maturing and modernizing the processes for fulfilling its investigations mandate. The jurisdiction assessment phase was standardized, incorporating a verification protocol for the three agencies for which NSIRA has complaints jurisdiction. To speed up the investigative process, investigative interviews are being used more often, taking over from the formal hearings NSIRA previously relied on.
The pandemic continued to impact the investigative landscape in the first half of 2022. COVID protocols conflicted with security protocols for investigations, which require in-person meetings. Processes introduced in 2022 are expected to reduce delays in the conduct of investigations on a forward basis.
The number of investigation activities last year remained high and included the completion of a referral of a group of 58 complaints by the Canadian Human Rights Commission.
Data management and service standards initiatives that were launched are expected to enhance complaint file management in the coming year.
Partnerships
During the past year, NSIRA expanded its engagement with valuable partners, both domestically and internationally, and has already reaped the benefits through the exchange of best practices. As a relatively new agency, NSIRA sees such relationships as a priority for its institutional development. NSIRA had the privilege of visiting many international partners as an active participant in the Five Eyes Intelligence Oversight and Review Council, and also engaged other European partners through various forums that bring together like-minded oversight, review and data protection agencies from all over the world.
Introduction
1.1 Who we are
Established in July 2019, the National Security and Intelligence Review Agency (NSIRA) is an independent agency that reports to Parliament. Canadian review bodies before NSIRA did not have the ability to collaborate or share their classified information but were each limited to conducting reviews on a specified department or agency. By contrast, NSIRA has the authority to conduct an integrated review of Government of Canada national security and intelligence activities, and Canada now has one of the world’s most extensive systems for independent review of national security.
1.2 Mandate
NSIRA has a dual mandate to conduct reviews on and carry out investigations of complaints related to Canada’s national security or intelligence activities.
Reviews
NSIRA’s review mandate is broad, as outlined in subsection 8(1) of the National Security and Intelligence Review Agency Act (NSIRA Act). This mandate includes reviewing the activities of both the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), as well as the activities of any other federal department or agency that are related to national security or intelligence. Further, NSIRA reviews any national security or intelligence matters that a minister of the Crown refers to NSIRA.
Investigations
In addition to its review mandate, NSIRA is responsible for investigating complaints related to national security or intelligence. This duty is outlined in paragraph 8(1)(d) of the NSIRA Act, and involves investigating complaints about:
the activities of CSIS or CSE;
decisions to deny or revoke certain federal government security clearances; and
ministerial reports under the Citizenship Act that recommend denying certain citizenship applications.
This mandate also includes investigating national security-related complaints referred to NSIRA by the Civilian Review and Complaints Commission for the RCMP (the RCMP’s own complaints mechanism) and the Canadian Human Rights Commission.
Observations and themes
NSIRA has a horizontal, in-depth view of the Canadian national security landscape that allows for an assessment of Canada’s complex, interwoven approach to national security. NSIRA annual reports discuss its activities within that framework. This annual report provides an opportunity to reflect on NSIRA’s body of work horizontally, and consider what broad trends or themes emerge.
NSIRA findings and recommendations touch on many aspects of government activities and operations. Grouping all findings and recommendations according to topics that fall under three broad themes helps simplify a horizontal assessment of trends to date. This categorization and the terminology used may evolve over time.
The themes that emerge are governance; propriety; and information management and sharing. These themes appear year after year in NSIRA annual reports. The following topics are included in these themes:
Theme
Topics
Governance
Policies, procedures, framework and other authorities
Internal oversight
Risk management, assessment and practices
Decision-making and accountability, including ministerial accountability and direction
Training, tools and staffing resources
Propriety
Reasonableness, necessity, efficacy and proportionality
Legal thresholds and advice, compliance and privacy interests
Information management and sharing
Collection, documentation, tracking, implementing, reporting, monitoring and safeguarding
Information sharing and disclosure
Keeping and providing accurate and up-to-date information, timeliness
These themes can be found in every NSIRA annual report, and this year’s is no exception. In this year’s annual report, the following examples illustrate the three themes:
Governance:
the review of disclosures under the Security of Canada Information Disclosure Act for 2021 identified that employees did not receive adequate guidance to fulfill their obligations, and recommended improvements to training;
the review of a CSE foreign intelligence activity identified several instances where the program’s activities were not adequately captured within CSE’s applications for certain ministerial authorizations, resulting in recommendations that CSE more effectively inform the Minister of National Defence about aspects of its bilateral relationships with certain partners, the extent of its participation in certain types of activities, and the testing and evaluation of products.
Propriety:
in a report issued to the Minister of National Defence under s.35 of the NSIRA Act, NSIRA explained that, in its opinion, certain activities undertaken by the Canadian Armed Forces may not have been in compliance with the law;
the review of the threat reduction measures of the Canadian Security Intelligence Service found that this agency did not meet its internal policy requirements regarding the timelines to submit threat reduction measure implementation reports.
Information management and sharing:
the Canada Border Services Agency air passenger targeting review noted that this agency does not document its triaging practices that use passenger data in a manner that enables effective verification of whether all triaging decisions comply with statutory and regulatory restrictions.
A high-level overview of the past three annual reports shows the number of NSIRA findings and recommendations each year, broken down by theme. Over the three years, governance related findings and recommendations constituted 43% of the overall total. The comparable figures for propriety and information management (IM) and sharing categories were 26% and 31% respectively. The breakdown by year is captured in the following table:
Figure 1: Trends in findings and recommendations
Text version of Figure 1
Trends in findings and recommendations
2020 annual report
2021 annual report
2022 annual report
Governance
45%
41%
44%
Propriety
26%
27%
24%
Information Management and Sharing
29%
32%
32%
The interconnected nature of the problems identified in NSIRA reviews, along with the balance of themes illustrated in the graphic above, reveals a narrative. Indeed, issues rarely stand-alone – governance and IM and sharing issues may, for example, culminate in propriety challenges. The number of findings and recommendations over three years that touch on governance, propriety and IM and sharing matters suggest that these are issues deserving close attention. Employees are expected to succeed in meeting intelligence and national security service missions while adhering to policy and legal requirements. Here, improvements to staff training and development are likely to have the most significant impacts.
Review
Details provided on individual reviews are a high-level summary of their content and outcomes. Full versions of each review are available once they have been redacted for public release.
3.1 Canadian Security Intelligence Service reviews
Overview
NSIRA has a mandate to review any Canadian Security Intelligence Service (CSIS) activity. The NSIRA Act requires NSIRA to submit an annual report on CSIS activities each year to the Minister of Public Safety and Emergency Preparedness (with these responsibilities now divided into two portfolios, NSIRA currently submits these reports to the Minister of Public Safety). These classified reports include information related to CSIS’s compliance with the law and applicable ministerial directions, and the reasonableness and necessity of the exercise of CSIS’s powers.
In 2022, NSIRA completed one dedicated review of CSIS, and its annual review of CSIS activities, both summarized below. Furthermore, CSIS is implicated in other NSIRA multi- departmental reviews, such as the legally mandated annual reviews of the Security of Canada Information Disclosure Act and the Avoiding Complicity in Mistreatment by Foreign Entities Act, the results of which are described in Multi-departmental reviews.
Threat reduction measures review
This is NSIRA’s third annual review of CSIS threat reduction measures (TRMs), which are measures to reduce threats to the security of Canada, within or outside Canada. Section 12.1 of the Canadian Security Intelligence Service Act (CSIS Act) authorizes CSIS to take these measures.
NSIRA found that CSIS’s activities under its TRM mandate in 2021 were broadly consistent with these activities in preceding years. NSIRA observed that 2018 was an inflection point for CSIS’s use of the TRM mandate. In that year, CSIS proposed nearly as many TRMs as were proposed in total in the preceding three years — the first three of the mandate. In the following year, however, the number dropped slightly, before a more significant reduction in 2020. The number of proposed TRMs in 2021 went up slightly compared with the previous year, as did both approvals and implementations.
NSIRA selected three TRMs implemented in 2021 for a more intensive review, assessing the measures for compliance with applicable law, ministerial direction and policy. At the same time, NSIRA considered the implementation of each measure, including the alignment between what was proposed and what occurred, and the role of legal risk assessments for guiding CSIS activity, as well as the documentation of outcomes.
For all the measures reviewed, NSIRA found that CSIS met its obligations under the law, specifically the Canadian Charter of Rights and Freedoms and sections 12.1 and 12.2 of the CSIS Act. In addition to general legal compliance, NSIRA found that CSIS sufficiently established a “rational link” between the proposed measure and the identified threat.
In one case, NSIRA found that CSIS did not meet its obligations under the 2015 Ministerial Direction for Operations and Accountability and the 2019 Ministerial Direction for Accountability issued by the Minister of Public Safety.
The TRM in question involved certain sensitive factors. NSIRA believes that the presence of these factors ought to have factored into the overall risk assessment of the measure. CSIS argued that risks associated with these factors relate primarily to reputational risk to CSIS, which it assessed in this case. Certain risks related to the sensitive factors, however, are not, and in this instance were not, captured by CSIS’s reputational risk assessment.
Similarly, the legal risk assessment for this TRM did not comply with ministerial direction. NSIRA recommended that legal risk assessments be conducted for TRMs involving these sensitive factors, and further, that CSIS consider and evaluate whether the current process for legal risk assessments complies with applicable ministerial direction.
A comparative analysis of the two legal risk assessments provided for the other TRMs under review underscored the practical utility of clear and specific legal direction for CSIS personnel. Clear direction allows investigators to be aware of, and understand, the legal parameters within which CSIS personnel can operate; it also permits reporting after an action is completed to document how implementation stayed within those legal parameters.
With respect to documenting outcomes, NSIRA further noted issues with how quickly CSIS produces certain reports after a TRM is implemented. Although NSIRA recognizes that overly burdensome documentation requirements can unduly inhibit CSIS activities, NSIRA nonetheless believes that the recommendations provided are prudent and reasonable. Relevant information, available in a timely manner, benefits CSIS operations.
Annual review of Canadian Security Intelligence Service activities
In 2022, NSIRA completed its annual review of CSIS activities, which aims to identify compliance-related challenges, general trends and emerging issues using CSIS documents in 12 categories (legislatively required and supplementary) from January 1, 2022, to December 31, 2022. Besides contributing to NSIRA’s Annual Report to the Minister of Public Safety on CSIS activities, the review may identify areas that merit new NSIRA reviews and may produce a briefing or report with its own observations, findings and recommendations. NSIRA provided its report on CSIS activities in 2021 to the Minister of Public Safety on October 12, 2022, and the Chair subsequently met with the Minister to discuss its contents as well as ongoing issues and challenges related to NSIRA review of CSIS.
Statistics and data
To achieve greater public accountability, NSIRA has requested that CSIS publish statistics and data about public interest and compliance-related aspects of its activities. NSIRA is of the opinion that the following statistics will provide the public with information related to the scope and breadth of CSIS operations, as well as display the evolution of activities from year to year.
Warrant applications
Section 21 of the CSIS Act authorizes CSIS to make an application to a judge for a warrant if it believes, on reasonable grounds, that more intrusive powers are required to investigate a particular threat to the security of Canada. Warrants may be used by CSIS, for example, to intercept communications, enter a location, or obtain information, records or documents. Each individual warrant application could include multiple individuals or request the use of multiple intrusive powers.
Table 1: Section 21 warrant applications made by the Canadian Security Intelligence Service, 2018 to 2022
2018
2019
2020
2021
2022
Total section 21 applications
24
24
15
31
28
Total approved warrants
24
23
15
31
28
New warrants
10
9
2
13
6
Replacements
11
12
8
14
14
Supplemental
3
2
5
4
8
Total denied warrants
0
1
0
0
0
Threat reduction measures
CSIS is authorized to seek a judicial warrant for a TRM if it believes that certain intrusive measures, outlined in section 21 (1.1) of the CSIS Act, are required to reduce the threat. The CSIS Act is clear that when a proposed TRM would limit a right or freedom protected by the Canadian Charter of Rights and Freedoms or would otherwise be contrary to Canadian law, a judicial warrant authorizing the measure is required. To date, CSIS has sought no judicial authorizations to undertake warranted TRMs. TRMs approved in one year may be executed in future years. Operational reasons may also prevent an approved TRM from being executed.
Table 2: Total number of approved and executed threat reduction measures, 2015 to 2022
2015
2016
2017
2018
2019
2020
2021
2022
Approved threat reduction measures
10
8
15
23
24
11
23
16
Executed
10
8
13
17
19
8
17
12
Warranted threat reduction measures
0
0
0
0
0
0
0
0
Canadian Security Intelligence Service targets
CSIS is mandated to investigate threats to the security of Canada, including espionage, foreign influenced activities, political, religious or ideologically motivated violence, and subversion.6 Section 12 of the CSIS Act sets out criteria permitting CSIS to investigate an individual, group or entity for matters related to these threats. Subjects of a CSIS investigation, whether they be individuals or groups, are called “targets.”
Table 3: Number of Canadian Security Intelligence Service targets, 2018 to 2022
2018
2019
2020
2021
2022
Number of targets
430
467
360
352
340
Datasets
Data analytics is a key investigative tool for CSIS, providing it with the capacity to make connections and identify trends that are not possible through traditional methods of investigation. The National Security Act, 2017, which came into force in 2019, gave CSIS new powers, including a legal framework for it to collect, retain and use datasets. The framework authorizes CSIS to collect datasets (divided into Canadian, foreign and publicly available datasets) that have the ability to assist CSIS in the performance of its duties and functions. It also establishes safeguards for the protection of Canadian rights and freedoms, including privacy rights. These protections include enhanced requirements for ministerial accountability. Depending on the type of dataset, CSIS must meet different requirements before it is able to use a dataset.
The CSIS Act also requires that NSIRA be kept apprised of certain dataset-related activities. Reports prepared following the handling of datasets are to be provided to NSIRA, under certain conditions and within reasonable timeframes. While CSIS is not required to advise NSIRA of judicial authorizations or ministerial approvals for the collection of Canadian and foreign datasets, CSIS has been proactively keeping NSIRA apprised of these activities.
Table 4: Evaluation and retention of publicly available, Canadian and foreign datasets by the Canadian Security Intelligence Service, 2019 to 2022
2019
2020
2021
2022
Publicly available datasets
Evaluated
9
6
4
4
Retained
9
6
2
4
Canadian datasets
Evaluated
0
0
2
0
Retained (approved by Federal Court)
0
0
0
2
Denied by Federal Court
0
0
0
0
Foreign datasets
Evaluated
10
0
0
1
Retained (approved by the Minister and Intelligence Commissioner
0
1
1
1
Denied by the Minister
0
0
0
0
Denied by the Intelligence Commissioner
0
0
0
0
Justification Framework
The National Security Act, 2017, also created a legal justification framework for CSIS’s intelligence collection operations. The framework establishes a limited justification for CSIS employees, and persons acting at their direction, to carry out activities that would otherwise constitute offences under Canadian law. CSIS’s Justification Framework is modelled on those already in place for Canadian law enforcement. The Justification Framework provides needed clarity to CSIS, and to Canadians, as to what CSIS may lawfully do in the course of its activities. It recognizes that it is in the public interest to ensure that CSIS employees can effectively carry out its intelligence collection duties and functions, including by engaging in otherwise unlawful acts or omissions, in the public interest and in accordance with the rule of law. The types of otherwise unlawful acts and omissions that are authorized by the Justification Framework are determined by the Minister and approved by the Intelligence Commissioner. There remain limitations to what activities can be undertaken, and nothing in the Justification Framework permits the commission of an act or omission that would infringe a right or freedom guaranteed by the Charter.
According to section 20.1 (2) of the CSIS Act, employees must be designated by the Minister of Public Safety and Emergency Preparedness to be covered under the Justification Framework while committing or directing an otherwise unlawful act or omission. Designated employees are CSIS employees who require the justification framework as part of their duties and functions. Designated employees are justified in committing an act or omission themselves (commissions by employees) and they may direct another person to commit an act or omission (directions to commit) as a part of their duties and functions.
Table 5: Authorizations, commissions and directions under the Justification Framework, 2019 to 2022
2019
2020
2021
2022
Authorizations
83
147
178
172
Commissions by employees
17
39
51
61
Directions to commit
32
84
116
131
Emergency designations
0
0
0
0
Compliance
CSIS’s internal operational compliance program unit leads and manages overall compliance within CSIS. The objective of this unit is to promote a culture of compliance within CSIS by leading an approach for reporting and assessing potential non-compliance incidents to provide timely advice and guidance related to internal policies and procedures for employees. This program is the centre for processing all instances of potential non-compliance related to operational activities.
NSIRA notes that CSIS reports Charter violations as operational non-compliance. NSIRA will continue to monitor closely instances of non-compliance that relate to Canadian law and the Charter, and work with CSIS to improve transparency around these activities.
Table 6: Total number of non-compliance incidents processed by CSIS, 2019 to 2022
2019
2020
2021
2022
Processed compliance incidents
53
99
85
59
Administrative
53
64
42
Operational
40
19
21
17
Canadian law
–
–
1
2
Charter
–
–
6
5
Warrant conditions
–
–
6
3
CSIS governance
–
–
8
15
3.2 Communications Security Establishment reviews
Overview
NSIRA has the mandate to review any activity conducted by the Communications Security Establishment (CSE). NSIRA must also submit an annual report to the Minister of National Defence on CSE activities, including information related to CSE’s compliance with the law and applicable ministerial directions, and NSIRA’s assessment of the reasonableness and necessity of the exercise of CSE’s powers.
In 2022, NSIRA completed two dedicated reviews of CSE and commenced an annual review of CSE activities, all summarized below. Furthermore, CSE is implicated in other NSIRA multi- departmental reviews, such as the legally mandated annual reviews of the Security of Canada Information Disclosure Act and the Avoiding Complicity in Mistreatment by Foreign Entities Act, the results of which are described in Multi-departmental reviews.
Review of the Communications Security Establishment’s active and defensive cyber operations
The Communications Security Establishment Act (CSE Act) grants CSE the authority to conduct active cyber operations and defensive cyber operations (ACOs and DCOs). CSE ACOs and DCOs have become a tool of Government of Canada foreign and security policy. In 2021, NSIRA reviewed CSE’s governance of and the general planning and approval process for ACO and DCO activities. The governance review made several observations about the governance of ACOs and DCOs by CSE — and to a lesser extent, by Global Affairs Canada (GAC). Some of these observations identified gaps that resulted in recommendations. Building on the governance review, the report focused on CSE’s ACOs and DCOs themselves:
the operations;
the implementation of CSE’s governance; and
the legal framework in the context of specific ACOs and DCOs.
NSIRA incorporated GAC, CSIS, the Royal Canadian Mounted Police (RCMP) and DND/CAF into this review, given these organizations’ varying degrees of coordination or involvement in these CSE activities. NSIRA also inspected some technical elements of a case study ACO to verify aspects of the operation independently, as well as to deepen NSIRA’s understanding of how an ACO works. While NSIRA reviewed all ACOs and DCOs planned or conducted by CSE until mid-2021, this review focused on a sample of such ACOs or DCOs, each presenting unique characteristics.
Overall, NSIRA found that ACOs and DCOs that CSE planned or conducted during the period of review were lawful and noted improvements in GAC’s assessments for foreign policy risk and international law. NSIRA further observed that CSE developed and improved its processes for the planning and conduct of ACOs and DCOs in a way that reflected some of NSIRA’s observations from the governance review.
NSIRA also made findings pertaining to how CSE could improve aspects of ACO and DCO planning, as well as communication to the Minister of National Defence and coordination with other Government of Canada entities. More specifically, NSIRA identified areas of potential risk:
GAC’s capability to independently assess potential risks resulting from CSE ACOs and DCOs;
the accuracy of information provided, and issues related to delegation, within some of the applications for authorizations for ACOs and DCOs;
the degree to which CSE engaged with CSIS and the RCMP on ACOs and DCOs, and CSE explanations of how it determined whether the objective of an ACO or DCO could not reasonably be achieved by other means;
the extent to which CSE described the intelligence collection that may occur alongside or as a result of ACOs or DCOs in applications for ACO and DCO authorizations and in operational documentation; and
overlap between activities conducted under the ACO and DCO aspects of CSE’s mandate as well as under all four aspects of CSE’s mandate.
It should be noted that NSIRA faced significant challenges in accessing CSE information on this review. These access challenges had a negative impact on the review. As a result, NSIRA could not be confident in the completeness of information provided by CSE.
Review of a foreign intelligence activity
In 2022, NSIRA completed a review of a sensitive CSE foreign intelligence collection program. As part of this review, NSIRA made several findings and observations regarding the activities carried out as part of this program. Notably, NSIRA identified several instances where the program’s activities were not adequately captured within CSE’s applications for certain ministerial authorizations. As such, NSIRA recommended that CSE more effectively inform the Minister of National Defence about aspects of its bilateral relationships with certain partners, the extent of its participation in certain types of activities, and the testing and evaluation of products.
NSIRA also found several areas where the program lacked adequate governance structures, resulting in improper application of key policy and procedural requirements related to information sharing, confirmation of foreignness, and CSE’s mistreatment risk assessment process. NSIRA made recommendations to strengthen these processes, to establish governance structures specific to the program, and to improve other governance structures with broader applicability throughout CSE.
Annual review of Communications Security Establishment activities
In 2022, NSIRA launched the annual review of CSE activities, which aimed to identify compliance-related challenges, general trends and emerging issues using CSE documents in 11 categories (legislatively required and supplementary) from January 1, 2022, to December 31, 2022. Besides contributing to NSIRA’s Annual Report to the Minister of National Defence on CSE activities, the review may identify areas that merit new NSIRA reviews and may produce a briefing or report with its own observations, findings and recommendations. It is based largely on the structure of the annual review of CSIS activities but has been adapted to CSE. NSIRA’s Chair met with the Minister of National Defence on December 15, 2022 to discuss ongoing issues and challenges related to NSIRA reviews of CSE activities.
Statistics and data
To achieve greater accountability and transparency, NSIRA has requested statistics and data from CSE about public interest and compliance-related aspects of its activities. NSIRA is of the opinion these statistics will provide the public with important information related to the scope and breadth of CSE operations, as well as display the evolution of activities from year to year.
Ministerial authorizations and ministerial orders
Ministerial authorizations are issued to CSE by the Minister of National Defence. Those authorizations support specific foreign intelligence or cybersecurity activities or defensive or active cyber operations conducted by CSE pursuant to those aspects of the CSE mandate. Authorizations are issued when these activities could otherwise contravene an Act of Parliament or interfere with a reasonable expectation of privacy of a Canadian or a person in Canada.
Table 7: Ministerial authorizations issued, 2019 to 2022
Type of ministerial authorization
Enabling section of the CSE Act
Issued in 2019
Issued in 2020
Issued in 2021
Issued in 2022
Foreign intelligence
26(1)
3
3
3
3
Cybersecurity — federal and non-federal
27(1) and 27(2)
2
1
2
3
Defensive cyber operations
29(1)
1
1
1
1
Active cyber operations
30(1)
1
1
2
3
Note: This table lists ministerial authorizations that were issued in a given calendar year and may not necessarily reflect ministerial authorizations that were in effect at a given time. For example, if a ministerial authorization was issued in late 2021 and remained in effect in parts of 2022, it is counted solely as a 2021 ministerial authorization.
Ministerial orders are issued by the Minister for the purpose of (1) designating any electronic information, any information infrastructures or any class of electronic information or information infrastructures as electronic information or information infrastructures of importance to the Government of Canada (section 21(1) of the CSE Act); or (2) designating recipients of information related to Canadians or persons in Canada, that is, Canadian- identifying information (sections 45 and 44(1) of the CSE Act).
Table 8: Ministerial orders in effect as of 2022
Name of ministerial order
Enabling section of the CSE Act
Designating electronic information and information infrastructures of importance to the Government of Canada
21(1)
Designating recipients of information relating to a Canadian or person in Canada acquired, used or analyzed under the cybersecurity and information assurance aspects of the CSE mandate
45 and 44(1)
Designating recipients of Canadian identifying information used, analyzed or retained under a foreign intelligence authorization pursuant to section 45 of the CSE Act
45 and 43
Designating electronic information and infrastructures of Ukraine as Systems of Importance
21(1)
Designating electronic information and infrastructures of Latvia as Systems of Importance
21(1)
Note: Ministerial orders remain in effect until rescinded by the Minister.
Foreign intelligence reporting
Under section 16 of the CSE Act, CSE is mandated to acquire information from or through the global information infrastructure. The CSE Act defines the global information infrastructure as including electromagnetic emissions, any equipment producing such emissions, communications systems, information technology systems and networks, and any data or technical information carried on, contained in or relating to those emissions, that equipment, those systems or those networks. CSE uses, analyzes and disseminates the information for providing foreign intelligence in accordance with the Government of Canada’s intelligence priorities.
Table 9: Number of foreign intelligence reports issued, 2019 to 2022
CSE foreign intelligence reporting
2019
2020
2021
2022
Number of reports released
N/A
N/A
3,050
3,185
Number of departments/agencies
N/A
>25
28
26
Number of specific clients within departments/agencies
N/A
>2,100
1,627
1,761
Note: NSIRA did not ask CSE for statistics related to foreign intelligence reporting for its 2019 public annual report. In 2020, statistics were requested, but were provided in general terms due to the classification of the data at the time, and CSE indicated that release of further detail, would be injurious to national security.
Information relating to a Canadian or a person in Canada
Information relating to a Canadian or a person in Canada (IRTC) is the information about Canadians or persons in Canada that may be incidentally collected by CSE while conducting foreign intelligence or cybersecurity activities under the authority of a ministerial authorization. Incidental collection refers to information acquired that CSE was not deliberately seeking, and where the activity that enabled the acquisition of this information was not directed at a Canadian or a person in Canada. According to CSE policy, IRTC is defined as any information recognized as having reference to a Canadian or person in Canada, regardless of whether that information could be used to identify that Canadian or person in Canada.
CSE was asked to release statistics or data about the regularity with which IRTC or “Canadian- collected information” is included in CSE’s end-product reporting. CSE responded that “this information remains at a classified level. We have determined that the release of thisinformation would be injurious to Canada’s international relations, national defence and security. Furthermore, the sharing of this information would provide an additional level of detail on the success of Canadian collection programs, our level of reliance on information from Five- Eye partners to produce intelligence, as well as a level of detail on Five-Eye use and reporting from Canadian collection that has not been previously made public.”
Canadian identifying information
CSE is prohibited from directing its activities at Canadians or persons in Canada. However, CSE’s collection methodologies sometimes result in incidentally acquiring such information. When such incidentally collected information is used in CSE’s foreign intelligence reporting, any part potentially identifying a Canadian or a person in Canada is suppressed to protect the privacy of the individual(s) in question. CSE may release unsuppressed Canadian-identifying information (CII) to designated recipients when the recipients have the legal authority and operational justification to receive it and when it is essential to international affairs, defence or security (including cyber security).
Table 10: Number of requests for disclosure of CII, 2021 and 2022
Type of request
2021
2022
Government of Canada requests
741
657
Five Eyes requests
90
62
Non-Five Eyes requests
0
0
Total
831
719
In 2022, of the 719 requests received, CSE reported having denied 65 requests. By the end of the year, 51 were still being processed.
CSE was asked to release the number of instances where CII is suppressed in CSE foreign intelligence or cyber security reporting. It indicated that “[d]isclosure of the number of instances where [CII] is suppressed in CSE intelligence reporting would be injurious to CSE’scapabilities. Such a disclosure would reveal information about CSE’s capabilities including theirlimitations. Thus, this information could be used by hostile security threats to counter CSE’s capabilities impeding CSE’s ability to protect Canada and its citizens.”
Privacy incidents and procedural errors
A privacy incident occurs when the privacy of a Canadian or a person in Canada is put at risk in a manner that runs counter to, or is not provided for, in CSE’s policies. CSE tracks such incidents via its Privacy Incidents File and, for privacy incidents that are attributable to a second-party partner or a domestic partner, its Second-party Privacy Incidents File.
Table 11: Number of privacy incidents recorded by CSE, 2021 and 2022
Type of incident
2021
2022
Privacy incidents
96
114
Second-party privacy incidents
33
23
Cyber security and information assurance
Under section 17 of the CSE Act, CSE is mandated to provide advice, guidance and services to help protect electronic information and information infrastructures of federal institutions, as well as those of non-federal entities that are designated by the Minister as being of importance to the Government of Canada.
The Canadian Centre for Cyber Security (Cyber Centre) is Canada’s unified authority on cybersecurity. The Cyber Centre, which is a part of CSE, provides expert guidance, services and education, while working in collaboration with stakeholders in the private and public sectors. The Cyber Centre handles incidents in government and designated institutions that include:
reconnaissance activity by sophisticated threat actors;
phishing incidents, that is, email containing malware;
unauthorized access to corporate information technology (IT) environments;
imminent ransomware attacks; and
zero-day exploits, which involves exploration of critical vulnerabilities in unpatched software.
Table 12: Number of cyber incident cases opened by CSE, 2022
Type of incident
2022
Federal institutions
1,070
Critical infrastructure
1,575
Total
2,645
Defensive and active cyber operations
Under section 18 of the CSE Act, CSE is mandated to conduct DCOs to help protect electronic information and information infrastructures of federal institutions, as well as those of non- federal entities that are designated by the Minister as being of importance to the Government of Canada from hostile cyber attacks.
Under section 19 of the CSE Act, CSE is mandated to conduct ACOs against foreign individuals, states, organizations or terrorist groups as they relate to international affairs, defence or security.
CSE was asked to release the number of DCOs and ACOs approved, and the number carried out, during 2022. CSE responded that it is “not in a position to provide this information for publication by NSIRA, as doing so would be injurious to Canada’s international relations,national defence, and national security.”
Technical and operational assistance
As part of the assistance aspect of CSE’s mandate, CSE receives requests for assistance from Canadian law enforcement and security agencies, as well as from the Department of National Defence and the Canadian Forces (DND/CAF).
Table 13: Number of requests for assistance received and actioned by CSE, 2020 to 2022
2020
2021
2022
Approved
23
32
59
Not approved
1
3
Not applicable
Cancelled
Not available
Not available
1
Denied
Not available
Not available
2
Total received
24
35
62
3.3 Other departments
Overview
In addition to the CSIS and CSE reviews above, NSIRA completed the following reviews of departments and agencies in 2022:
A review of the Department of National Defence and the Canadian Armed Forces;
A review of the Canada Border Services Agency; and
NSIRA’s annual reviews of both the Security of Canada Information Disclosure Act and the Avoiding Complicity in Mistreatment by Foreign Entities Act, both of which involve a broader set of departments and agencies that make up the Canadian national security and intelligence community.
Department of National Defence and the Canadian Armed Forces
Report issued pursuant to section 35 of the NSIRA Act
In the course of a review of the Department of National Defence and the Canadian Armed Forces (DND/CAF) human source handling activities, which was still ongoing at the time of writing, NSIRA issued on December 9, 2022, a report under section 35 of the NSIRA Act to the Minister of National Defence. According to section 35, NSIRA must submit to the appropriate minister a report with respect to any activity that is related to national security or intelligence that, in NSIRA’s opinion, may not be in compliance with the law. The Minister of National Defence submitted a copy of this report to the Attorney General of Canada and included her comments indicating that her interpretation of the facts and law differs from NSIRA’s. NSIRA stands by its position and is of the view that the Minister’s position is based on a narrow interpretation of the facts and the law. NSIRA will complete the larger review of DND/CAF’s human source handling activities in 2023. While the section 35 report does not include recommendations, the broader review will examine accountability and oversight of the program, its risk framework, and DND/CAF’s discharge of its duty of care with respect to human sources. The review also assesses the lawfulness of the program and its related activities, as well as the sufficiency of its legal and policy foundations. In doing so, the report may include recommendations addressing the observations made in the section 35 report.
Canada Border Services Agency
Air passenger targeting review
The Canada Border Services Agency (CBSA) air passenger targeting program uses pre-arrival risk assessments to identify inbound air travellers at higher risk of being inadmissible to Canada or whose entry, or that of their goods, may otherwise contravene the CBSA’s program legislation.
The first step in these multi-stage assessments is to triage travellers based on the characteristics and travel patterns conveyed to the CBSA by commercial air carriers in AdvancePassenger Information and Passenger Name Record data. This triage may be manual (flight list targeting) or automated (scenario-based targeting). In both methods, the CBSA relies on information and intelligence from a variety of sources to determine which data elements to treat as indicators of risk in relation to particular enforcement issues, including those related to national security. Use of these indicators may lead the CBSA to differentiate among travellers in subsequent stages of targeting or at the border, with impacts on passengers’ time, privacy and equal treatment.
The review of air passenger targeting was NSIRA’s first in-depth assessment of the CBSA’s compliance with relevant law. It focused, first, on whether the CBSA complies with restrictions on the use of passenger data established by the Customs Act and the Protection of Passenger Information Regulations. Next, the review examined whether the CBSA’s use of these types of passenger data was discriminatory under the Canadian Human Rights Act and the Canadian Charter of Rights and Freedoms.
NSIRA found that the CBSA’s use of both types of passenger data in scenario-based targeting was for a purpose authorized by the Customs Act. For flight list targeting, however, the CBSA does not document the reasons underpinning its triage decisions. NSIRA was therefore unable to verify compliance of flight list targeting with the purpose limitations set out in the Customs Act. As well, the documentation did not allow NSIRA to verify that the CBSA’s use of Passenger Name Record data in either triage method complied with the Protection of Passenger Information Regulations, which require that access to retained data be for a purpose related to the identification of persons who have or may have committed a terrorism offence or serious transnational crime.
NSIRA also found that the CBSA did not consistently demonstrate an adequate justification for its selection of particular indicators as signals of increased risk. When adequate justification is not present, differentiating among passengers on the basis of prohibited grounds of discrimination (such as age, national or ethnic origin, or sex) creates a risk of discrimination.
NSIRA recommended that the CBSA document its triage practices in a manner that demonstrates compliance with the Customs Act and, where applicable, the Protection of Passenger Information Regulations. It recommended that the CBSA ensure, in an ongoing manner, that its selection of risk indicators be adequately justified based on well-documented information or intelligence. NSIRA further recommended that the CBSA develop more robust and regular oversight of air passenger targeting, including updates to policies, procedures, training and other guidance. NSIRA also recommended that the CBSA begin collecting the data necessary to identify, analyze and mitigate discrimination-related risks stemming from air passenger targeting.
3.4 Multi-departmental reviews
Review of federal institutions’ disclosures of information under the Security of Canada Information Disclosure Act in 2021
The review of federal institutions’ disclosures of information under the Security of Canada Information Disclosure Act (SCIDA) in 2021 describes the results of a review of the 2021 disclosures made by federal institutions under this legislation. In 2022, NSIRA focused the review on Global Affairs Canada (GAC)’s proactive disclosures.
The SCIDA encourages and facilitates the disclosure of information between federal institutions to protect Canada against activities that undermine or threaten national security, subject to certain conditions. The SCIDA provides a two-part threshold that must be met before an institution can make a disclosure:
that the information will contribute to the exercise of the recipient institution’s jurisdiction or responsibilities in respect of activities that undermine the security of Canada (paragraph 5(1)(a)); and
that the information will not affect any person’s privacy interest more than reasonably necessary in the circumstances (paragraph 5(1)(b)).
The SCIDA also includes provisions and guiding principles related to the management of disclosures, including accuracy and reliability statements and record keeping obligations.
NSIRA identified concerns that demonstrate the need for GAC to improve its training. NSIRA found that there is potential for confusion on whether the SCIDA is the appropriate mechanism for certain disclosures of national security–related information. For some disclosures, GAC did not meet the two-part threshold requirements of the SCIDA before disclosing the information, which was not compliant with the SCIDA. Two disclosures did not contain accuracy and reliability statements, as required under the SCIDA. With respect to record keeping, NSIRA recommended that departments document, at the same time as they are deciding to disclose information under the SCIDA, the information they are relying on to satisfy themselves that the disclosure is authorized under the Act (paragraph 9(1)(e)).
Review of departmental implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2021
This review focused on departmental implementation of directions received through orders in council issued under the Avoiding Complicity in Mistreatment by Foreign Entities Act (ACA). This was NSIRA’s third annual statutorily mandated review of the implementation of all directions issued under the ACA. It assessed departments’ implementation of the directives received under the ACA and their operationalization of frameworks to address ACA requirements. As such, this review constitutes the first in-depth examination of the ACA within individual departments.
This year’s review covered the 2021 calendar year and was split into three sections. Section one addressed the statutory obligations of all departments. Sections two and three were an in- depth analysis of how the Royal Canadian Mounted Police (RCMP) and Global Affairs Canada (GAC) have implemented the directions under the ACA. NSIRA used case studies, where possible, to examine these departments’ implementation of their ACA framework.
This was the third consecutive year where no cases were referred to the deputy head level in any department. This is a requirement of the orders in council when officials are unable to determine if the substantial risk can be mitigated. Future reviews will be attuned to the issue of case escalation and departmental processes for decision-making.
In the 2019 NSIRA Review of Departmental Frameworks for Avoiding Complicity in Mistreatment by Foreign Entities14, NSIRA recommended that “the definition of substantial risk should be codified in law or public direction.” NSIRA noted that some departments have accounted for this gap by relying on the definition of substantial risk in the 2017 ministerial directions. In light of the pending statutorily mandated review of the National Security Act, 2017 and the importance of the concept of substantial risk to the ACA regime, NSIRA reiterated its 2019 recommendation that the definition of substantial risk be codified in law.
In the review of departmental implementation of ACA in 2020, NSIRA identified the Canada Border Services Agency (CBSA) and Public Safety Canada as not yet having finalized their ACA policies. While the CBSA and Public Safety Canada continue to make advancements, these departments have not fully implemented an ACA framework and supporting policies and procedures.
The RCMP has a robust framework in place for the triage and processing of cases pertaining to the ACA. The in-depth analysis portion of this review found that the RCMP does not have a centralized system of documenting assurances and does not regularly monitor and update the assessment of the reliability of assurances. The RCMP has also not developed mechanisms to update country and entity profiles in a timely manner, and the information collected throughthe liaison officer during an operation is not centrally documented such that it can inform future assessments.
In the analysis of one of the RCMP’s Foreign Information Risk Advisory Committee case files, NSIRA found that the RCMP’s Assistant Commissioner’s rationale for rejecting the risk advisory committee’s advice did not adequately address concerns consistent with the provisions of the orders in council. In particular, NSIRA found that the Assistant Commissioner erroneously considered the importance of the potential future strategic relationship with a foreign entity in the assessment of potential risk of mistreatment of the individual.
NSIRA found that GAC is now strongly dependent on operational staff and heads of mission for decision-making and accountability under the ACA. This is a marked change from the findings of the 2019 review that found decision-making was done by the Ministerial Direction Compliance Committee at Headquarters.
GAC has also not conducted an internal mapping exercise to determine which business lines are most likely to be implicated by the ACA. Considering the low number of cases this year and the size of GAC, and that ACA training is not mandatory for staff, NSIRA has concerns that not all areas involved in information sharing within Global Affairs Canada are being properly informed of their ACA obligations.
NSIRA also notes that GAC has no formalized tracking or documentation mechanism for the follow-up of caveats and assurances. This is problematic as mission staff are rotational and may therefore have no knowledge of previous caveats and assurances related to prior information sharing instances.
3.5 Closed review work
This past year NSIRA determined that certain ongoing review work would be closed or not result in a final report to a Minister. These decisions allow NSIRA to remain nimble and to pivot its work plan. Considerations such as shifting priorities, resourcing demands, ongoing work taking place within the reviewed department, and deconfliction with partner review agencies can all be factors that lead to a decision to close a review. Such decisions allow NSIRA to redirect its efforts and resources towards other important issues, and thereby maximize the value of its work.
For example, a review of the Royal Canadian Mounted Police’s (RCMP) Operations Research Branch was closed. A contributing factor in this decision was that the RCMP branch in question ceased to operate. Another example is the decision to cease an ongoing review of how the RCMP handles encryption in the interception of private communications in national security criminal investigations. This review was cancelled to support deconfliction efforts with the National Security and Intelligence Committee of Parliamentarians (NSICOP), who were conducting a similar review. Finally, a review of the Financial Transactions and Reports Analysis Centre’s (FINTRAC) terrorist financing and information sharing regime, which was in its early stages, was cancelled at the same time that NSIRA decided to initiate a review of the Canada Revenue Agency’s (CRA) Review and Analysis Division, which delivers the CRA’s anti- terrorism mandate.
3.6 Technology in review
Integration of technology in review
Digital technologies continue to play a crucial role in the operational activities of Canada’s national security and intelligence community as agencies increasingly use new technologies to meet their mandates, propose new avenues for activities, and monitor new threats.
It remains essential for an accountability body like NSIRA to keep pace with the use of digital technologies in Canada’s national security and intelligence community. By staying apprised of rapidly changing technology ecosystems, NSIRA can ensure that the organizations it reviews are pursuing their mandates lawfully, reasonably and appropriately.
NSIRA’s Technology Directorate is a team of engineers, computer scientists, technologists andtechnology review professionals. The mandate of NSIRA’s Technology Directorate is to:
lead the review of Information Technology (IT) systems and capabilities;
assess a reviewed entity’s IT compliance with applicable laws, ministerial direction andpolicy;
conduct independent technical investigations;
recommend IT system and data safeguards to minimize the risk of legal non-compliance;
produce reports explaining and interpreting technical subjects;
lead the integration of technology themes into yearly NSIRA review plans;
leverage external expertise in the understanding and assessment of IT risks; and
support assigned NSIRA members in the investigation of complaints against CSIS, CSE or the RCMP when technical expertise is required to assess the evidence.
In 2022, the Technology Directorate grew from one full-time employee to three and welcomed a cooperative education student and two external researchers. With its increased capacity, the Technology Directorate expanded its analysis of technologies in many NSIRA reviews, started formalizing its research methodology, and began hosting micro-learning sessions and discussion forums focused on relevant technical issues, including dark patterns, open-source intelligence and encryption.
The Technology Directorate also began establishing an academic research network with the goal of supporting NSIRA reviews. To date, contributors to the research network have produced valuable internal memos, reports, and discussion forums, which have enhanced NSIRA’s knowledge of a broad set of technical issues.
During the last year, the Technology Directorate also launched NSIRA’s first technology-led review, which focuses on the lifecycle of CSIS information collected by technical capabilities under a Federal Court warrant. This review presents an opportunity for NSIRA to draw on technical standards and review processes used by its Five Eyes peers and the international review and oversight community. NSIRA has been using this review to develop a risk assessment model and technical inspection plan, expanding NSIRA’s broader review toolkit.
Future of technology in review
During the next year, NSIRA will continue to hire more full-time employees in the Technology Directorate, support cooperative education and use external researchers to add capacity. Doing so will augment NSIRA’s ability to keep pace with the rapidly changing and expanding use of digital technologies in Canada’s national security and intelligence ecosystem.
Building on the successes of its budding academic research network, the Technology Directorate intends to prioritize unclassified research on a number of topics, including open- source intelligence, advertising technologies and metadata (content versus non-content data).
NSIRA’s Technology Directorate will also support NSIRA’s complaint investigations team to understand where and when technology factors into their processes and pursuits.
3.7 Engagement with reviewees
Improvements and ongoing challenges
As discussed in previous annual reports, as a new review body, NSIRA experienced initial challenges in its interactions with departments and agencies being reviewed. These challenges are continually being addressed and NSIRA’s relationship with reviewees has matured. While work on this front is not done, reviewees have demonstrated improvements in cooperation and support to the independent review process. The following discussion captures general commentary on the overall engagement with reviewees that were the focus of the past year’s reviews. These overviews cover 2022 and up to the date of writing of this report. Related review-specific commentary or issues, where available, are discussed within each review’s overview above.
Canadian Security Intelligence Service
After temporary restrictions and adjustments related to COVID-19 were lifted, NSIRA returned to its pre-pandemic level of occupancy within CSIS headquarters for CSIS-related reviews. This includes dedicated workspace and building passes for NSIRA employees reviewing CSIS activities. NSIRA employees have direct access to CSIS databases, and CSIS provides any training necessary, when requested, to navigate and access those systems. Generally, CSIS responds to NSIRA requests for information in a reasonably timely manner. Delays and challenges occur on occasion, but communication between NSIRA and CSIS is constructive in resolving issues.
Communications Security Establishment
NSIRA continued to use the space it procured within CSE’s headquarters in the Edward Drake Building to conduct review-related business. There was little improvement in 2022 to NSIRA’s access requirements at CSE. However, as of 2023, NSIRA is piloting limited direct access to CSE’s primary corporate document repository, GCDOCS. Issues remain and NSIRA is not in a position to assess the pilot project’s utility. In some instances, CSE has improved its responsiveness to NSIRA information requests in terms of timeliness, although some challenges remain with the quality of responses. NSIRA continues to work diligently with CSE to address these concerns.
Department of National Defence
Discussions continue with respect to developing dedicated office space and access to networks. While there has been little advancement on longer-term solutions, DND/CAF has worked with NSIRA to provide access to relevant documents, including sensitive files. DND/CAF has provided good access to facilities and people. Generally, responses to requests for information have been timely; however, a lack of proactiveness in DND/CAF disclosures has required NSIRA to send additional requests to ensure completeness and accuracy of information. Overall, the communication between NSIRA and DND/CAF has been constructive.
Royal Canadian Mounted Police
The past year was marked by inconsistencies in the RCMP’s responsiveness to NSIRA’s requests for information. The RCMP has taken steps to add to its capacity to respond to NSIRA, and this has yielded positive results. NSIRA does not have direct access to information systems but has been granted access to the files relevant to the matters under review. NSIRA has, on multiple occasions, had to send additional requests to ensure the completeness of files provided. In most cases, materials are reviewed on site in the dedicated NSIRA office space that has been provided within RCMP Headquarters. Despite challenges earlier in the year, NSIRA generally had access to people, including RCMP regular members who are experts in the areas under review. Overall, the engagement between NSIRA and the RCMP has seen improvements.
Global Affairs Canada
GAC has been responsive to NSIRA’s requests, made effort to clarify requests, and facilitated all meetings requested. During the review of departmental implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2021, GAC provided NSIRA with documents requested within a reasonable time frame. NSIRA did not have direct access to GAC systems, however this did not have an impact on NSIRA’s ability to verify information or access sensitive files as GAC was able to transfer all materials requested either by email or through their secure portal.
Canada Border Services Agency
The CBSA has provided NSIRA with adequate access to information and people. Some challenges in terms of timeliness were resolved promptly after NSIRA sent notice of a pending advisory letter. These challenges appear to be related to the CBSA’s lengthy approval process for the release of documents to NSIRA. NSIRA does not have direct access to CBSA systems, but this has not impeded NSIRA’s access to sensitive files. Overall, the CBSA has been responsive to NSIRA requests, ensuring that CBSA employees are available to answer NSIRA’s questions.
Refining NSIRA’s confidence statements
Assessing responsiveness and verification
NSIRA continues to place importance on assessing the overall quality and efficiency of its interactions with reviewees. Previously, NSIRA captured this assessment in a “confidence statement,” which provided important additional context to the review, apprising readers of the extent to which NSIRA was able to verify necessary or relevant information, and therefore whether its confidence in the information was impacted. These statements were also informed by aspects such as access to information systems and delays in receiving requested information.
NSIRA has further refined and standardized its approach for evaluating the key aspects of its interactions with reviewees and going forward will evaluate the following criteria during each review:
timeliness of responses to requests for information;
quality of responses to requests for information;
access to systems;
access to people;
access to facilities;
professionalism; and
proactiveness.
Follow-up on timeliness and advisory letters
NSIRA’s 2021 public annual report committed to addressing the ongoing struggle for timely responses from reviewees for requested information. During the past year, all delays have been captured by a request for information tracking system. The results inform one of the criteria discussed above. Additionally, NSIRA continues to leverage its three-staged approach to address continued delays by sending advisory letters to senior officials and ultimately respective Ministers should delays persist. This advisory tool was used at five occasions in 2022, three of which were sent to CSE, and two to the RCMP.
Advisory letters sent to a reviewee during a review may be appended to the final report for both the appropriate minister’s and the public’s awareness of such delays. Combined with the updated assessment criteria discussed above, NSIRA works to provide transparency and awareness of both the challenges and successes on interactions with those reviewed.
Complaints investigations
4.1 Overview
In the three years since its establishment, NSIRA has focused on reforming the investigative process for complaints and developing procedures and practices to ensure the conduct of investigations is fair, timely and transparent. NSIRA previously reported on the creation of its Rules of Procedure, on its policy to commit to the publishing of redacted investigation reports, and on the implementation of the use of video technology. In the past year, NSIRA streamlined its jurisdictional assessment phase and its investigative process through the increased use of investigative interviews as the principal means of fact finding. These developments enabled NSIRA to deal with a significant volume of complaints over this reporting period.
After receiving a complaint, NSIRA must evaluate whether it is within NSIRA’s jurisdiction to investigate based on conditions stated in the National Security and Intelligence Review Agency Act (NSIRA Act). For complaints against the Canadian Security Intelligence Service (CSIS) or the Communications Security Establishment (CSE), NSIRA must be satisfied that the complaint against the respondent organization refers to an activity carried out by the organization and that the complaint is not trivial, frivolous or vexatious. For complaints referred from the Civilian Review and Complaints Commission (CRCC) of the Royal Canadian Mounted Police (RCMP), NSIRA must receive and investigate a complaint referred to it under subsection 45.53(4.1) or 45.67(2.1) of the Royal Canadian Mounted Police Act if satisfied that the complaint is not trivial, frivolous or vexatious or made in bad faith. For security clearance denials, with impacts upon individuals as set out in the NSIRA Act, NSIRA must receive and investigate the complaint.
NSIRA has developed a robust process to review and independently verify respondent organization information, mindful of the interests of the complainant and the security imperatives of the organization.
In the past, the Security Intelligence Review Committee routinely dealt with complaints related to CSIS by recourse to formal hearings. While NSIRA retains this statutory power, it has sought to make increasing use of interviews to ascertain the evidence required to fully investigate and consider complaints. Considering the security constraints that limit the disclosure of information to complainants during formal hearings, investigative interviews permit NSIRA access to information in a timely manner and are expected to decrease the length of time toresolve complaints. This will be important as NSIRA deals with an increased complaint case load owing to its mandate (which includes complaints related to CSIS, CSE, RCMP and security clearances), as well as delays resulting from COVID-19 impacts over the last three years.
4.2 Ongoing initiatives
NSIRA has committed to establishing service standards for the investigation of complaints, with the goal of completing 90% of investigations within NSIRA service standards by March 2024. During 2022, NSIRA began developing these service standards, which also aim to encourage prompt and efficient administrative decision-making. The service standards will set internal time limits for certain investigative steps for each type of complaint, under normal circumstances. The service standards will specify the circumstances under which those time limits do not apply. The development of the service standards includes tracking and data collection on whether NSIRA is meeting its own service standards in the investigation of complaints. NSIRA will finalize and publish its service standards in 2023 and is committed to reporting on whether they were met.
For the year ahead, NSIRA will continue to improve its website to promote accessibility to the investigation of complaints. More specifically, NSIRA will develop an online password-protected portal through which complainants will be able to submit complaints and receive updates on the status of their file.
NSIRA began the last phase of the study on race-based data and the collection of demographic information jointly commissioned with the CRCC. The study is assessing the viability of the collection of identity-based and demographic data as part of the CRCC’s ongoing anti-racism initiatives. Improved, more precise and more consistent tracking, collection and measurement of data is necessary to support anti-racism efforts in government. In completing the study, the CRCC and NSIRA will be informed on:
meaningful and purposeful data collection;
challenges with the collection of data;
perspective on how the data collected can be applied to address any potential systemic barriers in NSIRA’s investigations process and its anti-racism initiatives; and
public sentiment of the retention of identity-based data.
Observations on areas for legal reform
NSIRA notes that some reforms to its legislation would make it easier to fulfill its investigations mandate. Among these would include an allowance for NSIRA members to have jurisdiction to complete any complaint investigation files they have begun, even if their appointment term expires. Broadened rights of access to individuals and premises of reviewed organizations would enhance verification activities.
4.3 Investigation report summaries
Allegations against CSIS’s role in delaying security assessments regarding permanent resident and temporary resident visa applications (07-403-30)
Background
The complainants filed a complaint against CSIS alleging that it caused delays in their permanent resident and temporary resident visa applications.
Investigations
During NSIRA’s investigation, CSIS provided its advice in relation to the complainants’ permanent resident applications. In light of this information, NSIRA requested confirmation from the complainants regarding whether they still wished to proceed with their complaint. The complainants clarified that they wanted to either receive monetary compensation or an explanation for the delay that occurred in relation to their file.
Conclusion
NSIRA informed the complainants that it does not have the authority to make remedial orders such as requiring CSIS to make monetary compensation to a complainant. However, NSIRA inquired whether CSIS was interested in participating in an informal resolution process to resolve some of or all the issues in the complaint. In the context of NSIRA’s informal resolution process, information was provided to the complainants regarding CSIS’s involvement in their permanent resident and temporary resident visa applications. NSIRA attempted to communicate with the complainants on several occasions to determine whether they had any questions that would assist in clarifying the circumstances of their complaint.
NSIRA determined that reasonable attempts had been made to communicate with the complainants and issued reasons deeming the complaint abandoned as per NSIRA’s Rules of Procedure. The complaint investigation file was closed.
Allegations against CSIS, Immigration, Refugees and Citizenship Canada, the Canada Border Services Agency, and Public Safety Canada in relation to their role in processing immigration applications (07-405-1 et al.)
Background
Under subsection 45(2) of the Canadian Human Rights Act, the Canadian Human Rights Commission (CHRC) referred 58 individual and group complaints to NSIRA. This matter constituted the first time NSIRA had received a section 45 referral from the CHRC.
The complainants, Iranian nationals, alleged that the Government of Canada discriminated against them on the basis of national or ethnic origin or race due to the delays in the processing of their temporary or permanent residency visa, or Canadian citizenship.
Under section 46 of the Canadian Human Rights Act, NSIRA is obliged to conduct an investigation and return a report to the CHRC. It further provides that on NSIRA’s report, the CHRC may dismiss the complaint or proceed to deal with the complaint.
NSIRA’s role in section 45 referrals is confined to scrutinizing the components of a matter that are based on considerations relating to the security of Canada and report findings of its investigation into classified information to the CHRC in an unclassified manner. NSIRA does not possess the authority to exercise the CHRC’s statutory discretion to refer the matter to the Canadian Human Rights Tribunal.
Investigation
During its investigation, NSIRA considered the evidence given by witnesses and submissions of their counsel during an investigative interview, and the documentation and submissions submitted by the government parties, including classified documents disclosed to NSIRA by CSIS, Immigration, Refugees and Citizenship Canada (IRCC), the Canada Border Services Agency (CBSA) and Public Safety Canada.
Importantly, NSIRA heard evidence from the government parties in relation to a particular mandatory indicator developed by the CBSA and used by IRCC officers in deciding referrals for security screening of Iranian immigration applications. Prior to reforms made by August 2018, one indicator was based entirely on Iranian nationality, coupled only with the age and sex of the applicant. Where an applicant met the criteria, IRCC officers would automatically refer the file to the CBSA and CSIS for security screening. The evidence showed that the government abandoned mandatory indicators in 2018 because of efficacy concerns and because it contributed to delays.
NSIRA further noted that IRCC did not keep a record of the particular indicator on which the referral was based. This hindered NSIRA’s ability to investigate the other indicators that may have affected the processing of a complainant’s immigration application. That being said, NSIRA acknowledged that an indicator tracking code system was being piloted at the time of the investigative interview. This technical solution would allow for the tracking of the IRCC officers’ decisions to refer immigration applications for security screening through a coding system identifying the reason for the referral.
Conclusion
NSIRA found that:
the mandatory age and sex indicator used by IRCC in processing immigration applications until May 2018 relied exclusively on nationality, age and sex, which are listed as prohibited grounds of discrimination in section 5 of the Canadian Human Rights Act;
the mandatory age and sex indicator produced a disadvantage (including in terms of delays) to those Iranians who were subjected to security screening and to those whose own files were linked to these applicants;
at the material times at issue in this matter, the application of that mandatory indicator was not justifiable on national security grounds; and
the security screening process applicable to citizenship applications in this matter did not produce a disadvantage based on grounds enumerated in the Canadian Human Rights Act, as citizenship applications received by IRCC are sent to CSIS for security screening, regardless of the applicant’s country of birth.
NSIRA submitted its report to the CHRC so that it can assess whether there is a reasonable basis in the evidence for a referral to the Canadian Human Rights Tribunal or whether to dismiss the complaints.
Investigation of a complaint regarding the revocation of a security clearance by the Chief of the Defence Staff (1170-17-7)
Background
The complainant was a regular force soldier who held a Top-Secret security clearance. The results of the complainant’s polygraph examination, although not exclusively relied on, were the primary influence in the security assessments of the complainant prepared by CSIS and the DND Departmental Security Officer. As a result of those assessments, the Chief of the Defence Staff (CDS) revoked the complainant’s security clearance. The complainant filed a complaint with NSIRA against the CDS over the revocation of the security clearance.
Investigation
During the Investigation, NSIRA heard from government witnesses from DND and CSIS about the polygraph examination, the investigation into the complainant, and the process leading to the revocation of the complainant’s security clearance. In addition to the oral evidence, the government parties filed documents and made submissions. NSIRA also considered the oral evidence and written submissions provided by the complainant.
NSIRA reviewed all of the evidence it received to determine whether there were reasonable grounds for the CDS to revoke the complainant’s security clearance and to ensure the accuracy of the information the CDS used to reach the decision to revoke.
NSIRA found several deficiencies in the way the complainant’s polygraph was handled, reported and disseminated. In addition, NSIRA found that exculpatory facts were not contextualized nor placed before the CDS prior to the decision to revoke.
Conclusion
NSIRA found that the information the CDS relied on to make the decision to revoke was not accurate. As a result, the decision to revoke the clearance was not reasonable.
NSIRA recommended that CSIS apologize to the complainant for the manner in which the polygraph was handled, reported and disseminated and that the CDS revisit the decision to revoke the complainant’s security clearance.
Review of the Royal Canadian Mounted Police’s report regarding a public complaint (07-407-3)
Background
The complainant filed a complaint with the CRCC related to the conduct of members of the RCMP. The complainant alleged that the RCMP carried out an unjustified and arbitrary arrest of their minor son, conducted a zealous and abusive search of the family home, and publicized the arrest.
In addition, the complainant alleged that the RCMP disclosed information to U.S. authorities, stated that the complainant’s son’s arrest form would be forgotten and destroyed, and violated the son’s safety and that of his family, their constitutional rights and their whistleblower rights.
The RCMP concluded, in a report sent to the complainant pursuant to section 45.64 of the Royal Canadian Mounted Police Act (RCMP Act), that the members had acted appropriately and consequently did not support any of the complainant’s allegations.
The complainant referred their complaint to the CRCC for review as they were not satisfied with the RCMP’s findings. The CRCC referred the complaint to NSIRA pursuant to subsection 45.53(4.1) of the RCMP Act.
Investigation
NSIRA determined that it had jurisdiction to review the request for review of the RCMP’s report under section 19 of the NSIRA Act.
NSIRA’s investigation included a review of:
the complaint;
the complainant’s request for review filed with the CRCC;
the RCMP investigation file related to the complaint, including documents provided by the complainant during the investigation; and
the RCMP’s operational file related to the complaint, including numerous audio and video recordings, as well as relevant policies and legislation.
Conclusion
NSIRA found that the RCMP’s conclusions in its report were reasonable.
Notwithstanding the foregoing, NSIRA pointed out to the RCMP the importance of the decision- maker and signatory of an RCMP report having no prior involvement with the file that is the subject of the complaint, in addition to the importance of complete and contemporaneous notetaking.
4.4 Statistics on complaints investigations
Investigation activity continued at significant levels in 2022 (see Annex D). One noteworthy difference in activity from 2021 to 2022 was the significant decline in the number of active investigations: from 81 in 2021 to 19 in this reporting period. This decrease is largely attributed to a referral of close to 60 related files from the CHRC, which were dealt with during this reporting period.
Under section 16 of the NSIRA Act, any person may make a complaint to NSIRA with respect to any activity carried out by CSIS; section 17 covers complaints related to CSE activities. However, for NSIRA to be able to accept a complaint, the complainant to CSIS must first send a letter of complaint to the Director of CSIS; for CSE complaints, a letter must first be sent to the CSE Chief. NSIRA will investigate the complaint if the complainant has not received a response within a period of time that NSIRA considers reasonable or if the complainant is dissatisfied with the response given. In that regard, NSIRA observed that in 2022, 53% of complainants did not receive a letter from CSIS in response to their letter of complaint to the Director of CSIS.
There is a need to increase awareness and understanding on the part of members of the public and complainants on NSIRA’s investigative mandate and process. For example, NSIRA members do not have the ability to make remedial orders, such as compensation, or to order a government department to pay damages to complainants. NSIRA continues to make improvements to its public website to raise this awareness and better inform the public and complainants on the investigations mandate and investigative procedures it follows.
Expanding NSIRA partnerships
NSIRA believes that establishing a community of practice in the business of independent review and oversight is essential and is actively contributing to this effort. During the past year, it resumed and expanded its engagement with valuable partners, both domestically and internationally, and has already reaped the benefits of these efforts.
International partnerships
NSIRA has identified international relationships with counterparts as a priority for its institutional development. During the past year, NSIRA benefited from excellent free-flowing and extensive interactions with its closest international partners. A better understanding of the parameters of the review and oversight activities of NSIRA’s international counterparts, and sharing best practices, are vital to the agency’s growth.
Five Eyes Intelligence Oversight and Review Council
Since its inception, NSIRA has been an active participant in the Five Eyes Intelligence Oversight and Review Council. The council comprises agencies with an oversight and review mandate concerning the national security activities in their respective countries (Canada, Australia, New Zealand, the United Kingdom and the United States). NSIRA participates alongside the Office of the Intelligence Commissioner as Canada’s delegation to the council. The group meets annually, and NSIRA participated in the Five Eyes Intelligence Oversight and Review Council conference in Washington D.C. in 2022. NSIRA has the distinct pleasure of hosting council partners in Ottawa in fall 2023.
NSIRA also frequently engages bilaterally with council partners at the working level. These exchanges allow NSIRA to better understand critical issues impacting its work, compare challenges and best practices in review and oversight methodology, and discuss views on subjects of mutual interest and concern. For instance, learning about council partners’ information access rights, and the legal framework enabling such access, has helped to contextualize some of NSIRA’s own access challenges.
NSIRA met with one of its council partners, the Investigatory Powers Commissioner’s Office in London, U.K. The Commissioner’s office has a broad mandate of activities that includes, among others, approving warrants authorized by the Secretary of State and the independent oversight of the use of the powers by the U.K.’s security and intelligence community. The multi-day meetings provided an opportunity to better understand each other’s respective organizations, exchange ideas and share best practices. NSIRA met with a number of departments with whom the Commissioner’s office engages and shadowed a day-long inspection carried out by the Commissioner’s office. Of particular interest was the Commissioner’s office’s approach for following up on the implementation of recommendations it provides and its insights on the production of annual reports. Support for this important partnership continues, and NSIRA has further engaged with Commissioner’s office staff to cement this strong relationship.
NSIRA was also able to complete working-level visits to the office of Australia’s Inspector- General of Intelligence and Security and to offices of some members of the U.S. inspector general community in Washington.
Additional European engagement
NSIRA also participated in the International Intelligence Oversight Forum, which brings together oversight, review and data protection agencies from all over the world. The event was productive and NSIRA had the additional benefit of constructive bilateral exchanges with participating institutions.
As part of its efforts to build strong relationships with continental European counterparts in like- minded jurisdictions with strong accountability mechanisms, NSIRA visited the Norwegian Parliamentary Oversight Committee on Intelligence and Security Services, the Danish Intelligence Oversight Board, the Netherlands’ Review Committee on the Intelligence and Security Services, and the Swiss Independent Oversight Authority for Intelligence Activities.
Each of these highly productive visits allowed NSIRA to learn from these partners and make its work more visible within this review community.
Stronger domestic coordination
NSIRA continued to invest in strengthening relationships with key domestic partners — the National Security and Intelligence Committee of Parliamentarians (NSICOP), the Civilian Review and Complaints Commission for the RCMP and the Office of the Intelligence Commissioner, as well as the various agents of Parliament who play a key role in government accountability.
NSIRA and NSICOP have complementary roles in enhancing accountability for federal national security and intelligence activities and are required by law to cooperate in the fulfillment of their respective mandates. Regular cooperation meetings are held at various levels and the two agencies continue to refine ways to cooperate and coordinate. NSIRA and NSICOP have supported each other’s work by communicating regularly on review plans to avoid duplication and to make adjustments where required. These coordination efforts contributed to NSIRA’s decision to cease work on an RCMP encryption review. NSIRA has also provided, after ministerial consultation, many of its final reports to NSICOP. For its part, NSICOP has provided NSIRA with its classified reports and background briefings. These exchanges have allowed both organizations to refine their review topics and methodologies. NSICOP’s and NSIRA’s legal teams have also engaged productively, with a view to working through common access challenges, among other things. These frequent and in-depth exchanges serve as an important foundation for a cohesive and robust national security and intelligence review apparatus, and NSIRA and NSICOP enjoy a level of cooperation that is among the strongest of their international counterparts.
As discussed under Ongoing initiatives, NSIRA and the Civilian Review and Complaints Commission for the RCMP have jointly commissioned a study on race-based data and the collection of demographic information. This study will inform each organization’s approach to developing and implementing an identity-based data strategy in the context of its complaints investigations. The study is currently in its last phase and is expected to be completed in fiscal year 2023–2024.
In 2022, the NSIRA Secretariat joined a network of legal professionals from across the various agents of Parliament. As a separate agency and separate employer mandated with supporting independent oversight, NSIRA’s Secretariat benefits from collaborating with this community of practice through discussions on legal issues of common interest, professional development and knowledge transfer initiatives.
Emerging cooperation in technology
Building partnerships allows NSIRA’s growing Technology Directorate to gather diverse perspectives, collaborate on common goals, refine methodologies, and build on established best practices. In 2022, the team focused on building relationships with peers who share mandates on technical topics, such as privacy-enhancing technologies, automated decision- making and service design. Within Canada, this included collaboration with the Office of the Privacy Commissioner’s Technology Analysis Directorate, the artificial intelligence team at the Treasury Board Secretariat’s Office of the Chief Information Officer, and the Canadian Digital Service.
International and academic collaborations offered access to rich technical knowledge and expertise of other review and oversight bodies. Knowledge management, talent retention and evolving technical capabilities became the focal point of regular engagement with teams at the Investigatory Powers Commissioner’s Office, Australia’s Inspector-General of Intelligence and Security, and the Norwegian Parliamentary Oversight Committee on Intelligence and Security Services. Finally, 2022 gave rise to NSIRA’s external research program aimed at informing and supporting reviews already in progress with relevant and timely technical expertise. Building on the past year’s efforts, the Technology Directorate intends to continue developing domestic and international partnerships, including expanding its network with academics, civil society and commercial leaders to ensure key technological issues factor into its approaches.
Conclusions
As NSIRA fulfills its role within Canada’s security and intelligence landscape, it is continually motivated by the vital importance of its mandate. This is expressed through each review and complaint investigation completed. In executing its mission in 2022, NSIRA continued to build best practices across the agency. This ongoing growth and evolution position it well to take on new challenges.
As the agency’s experience grows so too does its knowledge, and it is confident in its ability to be a leading voice in the review and investigations discourse. Partnerships and engagement with reviewees are maturing, and NSIRA is already reaping the benefits of significant effort on both fronts. Applying lessons learned from these partnerships allows NSIRA to iterate and improve its processes and approaches. While there is there is still much work ahead, the results are encouraging.
As NSIRA’s members consider the agency’s accomplishments this past year, they are proud of the diligence and enthusiasm that Secretariat staff have demonstrated. NSIRA has risen to the challenge of changing circumstances and growth and have done so with an outstanding professionalism. The agency looks forward to the year ahead as it carries on with its important work.
Annexes
Annex A: Abbreviations
Abbreviation
Full Name
ACA
Avoiding Complicity in Mistreatment by Foreign Entities Act
ACO
active cyber operations
CAF
Canadian Armed Forces
CBSA
Canada Border Services Agency
Cyber Centre
Canadian Centre for Cyber Security
CDS
Chief of the Defence Staff
CHRC
Canadian Human Rights Commission
CII
Canadian-identifying information
CRA
Canada Revenue Agency
CRCC
Civilian Review and Complaints Commission for the RCMP
CSE
Communications Security Establishment
CSIS
Canadian Security Intelligence Service
DCO
defensive cyber operations
DLS
Directorate of Legal Services
DND
Department of National Defence
DOJ
Department of Justice
FINTRAC
Financial Transactions and Reports Analysis Centre
FIRAC
Foreign Information Risk Advisory Committee
GAC
Global Affairs Canada
IRCC
Immigration, Refugees and Citizenship Canada
IRTC
Information relating to a Canadian or a person in Canada
IT
Information technology
JPAF
Joint Planning and Authorities Framework
MA
Ministerial Authorization
NSICOP
National Security and Intelligence Committee of Parliamentarians
NSIRA
National Security and Intelligence Review Agency
NSLAG
National Security Litigation and Advisory Group (Justice)
PS
Public Safety Canada
RCMP
Royal Canadian Mounted Police
SCIDA
Security of Canada Information Disclosure Act
SIGINT
Signals intelligence
TRM
Threat reduction measure
Annex B: Financial overview, staffing, achievements and priorities
Financial overview
The NSIRA Secretariat is organized according to two main business lines: Mandate Management and Internal Services. The table below presents a comparison of spending between 2021 and 2022 for each of these two business lines.
(In dollars)
Expenditures (2022)
Expenditures (2021)
Mandate Management
7,679,950
7,523,552
Internal Services
11,033,465
8,926,178
Total
18,713,415
16,449,730
In the 2022 calendar year, the Secretariat spent $18.7 million, a $2.3 million (14%) increase from the $16.4 million spent in 2021. This spending increase is mainly attributed to the ramping up of a large infrastructure project and an increased use of external services for corporate activities.
Staffing
As of June 30, 2023, NSIRA Secretariat staff complement stood at 76. In an attempt to address hiring and retention challenges, the Secretariat implemented several initiatives including the introduction of an internal development program for its mandate management sector employees. The Program aims at promoting existing employees once they acquire the level of knowledge and competencies required to be promoted. The program is individualized, informed by regular review of progress in the achievement of core knowledge and competencies expectations. The Secretariat has also launched a program to hire recent Ph D. graduates in fields of expertise that are of interests to NSIRA’s mandate.
The Secretariat also continues to use modern and flexible staffing strategies, procedures and practices. It has adapted its operations and activities to allow, to the extent possible, a flexible hybrid work model.
Clearer articulation of its core competency profiles, operational methodologies and practices also enabled a more effective integration and onboarding of employees into the organization.
Having hired a dedicated employee responsible for the implementation of an employee wellness agenda combined with an active Mental Health and Wellness Committee, several initiatives have been delivered in an aim to foster workplace well-being and increased interactions between employees.
Progress on foundational initiatives
Accessibility, employment equity, diversity, and inclusion
Informed by its three-year action plan and its commitments to the Clerk of the Privy Council, the Secretariat’s internal committee responsible for accessibility, employment equity, diversity and inclusion invited guests and led discussions aimed at increasing awareness, celebrating the Secretariat’s diverse workforce, and identifying barriers and solutions with respect to these themes.
NSIRA also took concrete steps as part of its mandated activities to include, among other things, a Gender-based Analysis Plus lens into the design and implementation of its policies and programs. As a result, NSIRA’s renewed forward-looking review plan is informed by considerations related to anti-racism, equity and inclusion. These considerations apply to the process of selecting reviews to undertake, as well as to the analysis that takes place within individual reviews. NSIRA reviews routinely consider the potential for national security or intelligence activities to result in disparate outcomes for various communities and will continue to do so in the year ahead.
In 2022, NSIRA also continued to work with another review body to develop strategies for the collection, analysis and use of identity-based data. The goal of the exercise is to rely on public consultations to determine how the public perceives the collection, analysis and use of identity- based data in relation to mandate.
Finally, the Secretariat also developed and posted its inaugural accessibility plan on NSIRA’s external website. The plan outlines the steps that will be taken over the next three years to increase physical and information accessibility, both for employees within the organization as well as for Canadians more generally.
Facilities projects, technology and security
The Secretariat is in the process of retrofitting additional workspace to enable it to accommodate all its employees within the confines of one building. The construction phase is expected to be completed late in 2023. Over the course of 2022, the Secretariat worked closely with lead security agencies to ensure the fit-up meets best practices and established standards.
Transparency and privacy
The Secretariat continues to promote transparency by dedicating resources to redact, declassify and release previous reports from the Security Intelligence Review Committee, in addition to proactively releasing NSIRA’s reviews. In 2022, a major upgrade to NSIRA’s external website was initiated with the goal of increasing access to information including access to redacted review reports and recommendations. It is expected that the website will be released in 2023.
From a privacy perspective, the NSIRA Secretariat continued to make progress further to the privacy impact assessment exercise conducted in fiscal year 2021-2022 in relation to review activities and internal services. It also initiated a privacy impact assessment for the investigations function. This work is expected to be completed in fiscal year 2023-2024.
Considering the importance of privacy as part of its activities, NSIRA took concrete steps to implement best practices to protect the privacy of individuals as part of complaints investigations and as part of the conduct of reviews.
Annex C: Review findings and recommendations
This annex lists the full findings and recommendations for the National Security and Intelligence Review Agency (NSIRA) reviews completed in 2022, as well as reviewees’ management responses to NSIRA’s recommendations, to the fullest extent possible at the time of publication. NSIRA will update such information from all reviews when they are published on its website.
Canadian Security Intelligence Service review
Threat Reduction Measures Annual Review
NSIRA’s findings
NSIRA finds that the Canadian Security Intelligence Service’s (CSIS’s) use of its TRM mandate in 2021 was broadly consistent with its use in preceding years.
For all the cases reviewed, NSIRA finds that CSIS met its obligations under the law, specifically the Canadian Charter of Rights and Freedoms and sections 12.1 and 12.2 of the CSIS Act.
For all the cases reviewed, NSIRA finds that CSIS sufficiently established a “rational link”between the proposed measure and the identified threat.
For Case 1 and Case 2, NSIRA finds that CSIS met its obligations under the 2015 Ministerial Direction for Operations and Accountability and the 2019 Ministerial Direction for Accountability issued by the Minister of Public Safety.
For Case 3, NSIRA finds that CSIS did not meet its obligations under the 2015 Ministerial Direction for Operations and Accountability and the 2019 Ministerial Direction for Accountability issued by the Minister of Public Safety.
With respect to legal risk assessments, NSIRA finds that greater specificity regarding legal risks, and direction as to how said risks could be mitigated and/or avoided, resulted in more detailed outcome reporting vis-à-vis legal compliance.
For Case 2 and Case 3, NSIRA finds that CSIS did not meet its obligations with respect to one requirement of its Conduct of Operations, Section 12.1 Threat Reduction Measures, Version 4. CSIS did not meet its internal policy requirements regarding the timelines to submit TRM implementation reports.
For Case 3, NSIRA finds that the Intended Outcome Report was not completed in a timely manner.
NSIRA finds that current policy for the completion of Strategic Impact Reports may inhibit the timely production of important information.
NSIRA’s recommendations
Recommendation
Recommendation 1: NSIRA recommends that formal legal risk assessments be conducted for TRMs involving [*sensitive factors*].
Recommendation 2: NSIRA recommends that CSIS consider and evaluate whether legal risk assessments under TRM Modernization comply with applicable ministerial direction.
Recommendation 3: NSIRA recommends that CSIS work with the Department of Justice to ensure that legal risk assessments include clear and specific direction regarding possible legal risks and how they can be avoided/mitigated during implementation of the TRM.
Recommendation 4: NSIRA recommends that Implementation Reports specify how the legal risks identified in the legal risk assessment were avoided/mitigated during implementation of the TRM.
Recommendation 5: NSIRA recommends that CSIS specify in its Conduct of Operations, Section 12.1 Threat Reduction Measures when the Intended Outcome Report is required, as it does for the Strategic Impact Report.
Recommendation 6: NSIRA recommends that CSIS integrate in policy a requirement that the Strategic Impact Report be completed at the expiry of the TRM authority.
Communications Security Establishment reviews
Review of the Communications Security Establishment’s Governance of Active and Defensive Cyber Operations — Part 2
NSIRA’s recommendations
NSIRA finds that the Global Affairs Canada Foreign Policy Risk Assessment process, as well as the related international legal assessment, improved since the Governance Review, for Communications Security Establishment (CSE) active cyber operations (ACOs) and defensive cyber operations (DCOs).
NSIRA finds that Global Affairs Canada does not have capability to independently assess potential risks resulting from the techniques used in CSE ACOs and DCOs.
NSIRA finds that CSE and the Department of Justice demonstrated a thorough understanding of section 32 of the CSE Act. However, CSE does not appropriately consult with the Department of Justice at the [*specific step*]15 stage to ensure that the assessment of legal compliance remains valid.
NSIRA finds that CSE’s applications for authorizations issued under subsections 29(1) and 30(1) of the CSE Act for [*description*] activities did not include all the available information relevant to a meaningful assessment of the requirements in subsections 34(1) and (4) of the CSE Act.
NSIRA finds that there is potential for overlap between CSE and CSIS activities in the context of capabilities used by CSE to conduct its ACOs and DCOs. However, CSE did not consistentlyconsult with CSIS about CSE’s cyber operations.
NSIRA finds that despite close collaboration with Global Affairs Canada, and the Department of National Defence and Canadian Armed Forces on ACOs and DCOs, CSE did not demonstrate consistent engagement with CSIS or the Royal Canadian Mounted Police (RCMP) to determine whether the objective of an ACO or DCO could not reasonably be achieved by other means.
NSIRA finds that the Chief’s applications for active and defensive cyber operations activities for the period of review did not accurately describe the relationship between a cyber operation, and intelligence collection.
NSIRA finds that, in its [*a specific document*], CSE did not always provide clarity pertaining to foreign intelligence missions.
NSIRA finds that CSE’s ACOs and DCOs that were planned or conducted prior to July 30, 2021,including the case studies analyzed in this report, were lawful.
NSIRA finds that there is significant overlap between activities conducted under the ACO and DCO aspects of CSE’s mandate, as well as between all four aspects of CSE’s mandate.
NSIRA’s recommendations, and CSE response
Recommendation
CSE and GAC Response (June 21st , 2023)
Recommendation 1: NSIRA recommends that Global Affairs Canada develop or otherwise leverage capability to enable it to independently assess potential risks resulting from the techniques used in CSE ACOs and DCOs.
Disagree. CSE and GAC disagree with this recommendation.
In accordance with the CSE-GAC Governance Framework, GAC assesses CSE cyber operations for foreign policy risks and compliance with international law. CSE’s internal risk assessment process assesses the cyber operation for technical risks based on the techniques used.
Just as CSE relies upon GAC to provide expertise in foreign policy and international law, GAC relies upon CSE to provide expertise on technologies and techniques at the forefront of development.
Accurate assessment of all risks from a cyber operation relies on the continuation of open and honest dialogue and trust between GAC and CSE. As such, CSE will continue to share information with GAC on techniques, whenever their use may have an impact on GAC’s foreign policy risk assessment.
Recommendation 2: NSIRA recommends that the Department Justice be fully consulted at all stages of an ACO or DCO, particularly prior to operational execution.
Agree in principle. CSE agrees with this recommendation in principle.
CSE believes that the advice and guidance provided by the Department of Justice (DOJ) representatives embedded in CSE's Directorate of Legal Services (DLS) is integral to CSE's success. CSE consults with DLS at all relevant stages of a cyber operation. As a matter of practice, CSE consults DLS throughout the Joint Planning and Authorities Framework (JPAF) process and at a key stage, and more consultation is conducted when an activity is new or novel.
Internal tools developed by DLS are used to ensure that activities do not contravene the prohibitions set out in the CSE Act and assist analysts in identifying when a higher risk necessitates further legal review. Additionally, CSE's internal operational policy team is consulted on all key stages.
Recommendation 3: NSIRA recommends that CSE abandon the practice of generic ACO and DCO applications to the Minister of National Defence, and instead submit individual applications.
Disagree. CSE and GAC disagree with this recommendation.
When submitting an application for these particular ACO and DCO Ministerial Authorizations (MAs), CSE and GAC always ensure that the Minister of National Defence and the Minister of foreign Affairs are provided with a sufficient amount of information to make an informed decision as to whether CSE’s proposed activities are reasonable and proportionate against a specific set of objectives. To that end, these particular ACO and DCO MAs are structured around key objectives in countering a number of well-defined threats globally. In that sense, they are not “generic”, but their scope is broad enough to give CSE the flexibility to act against a wide range of targets, when the identity of threat actor or the location and context is unknown at the time of application.
For any operations assessed as falling under the authority of these MAs, the current governance framework allows for appropriate risk management of operations. CSE provides GAC with detailed mission plans for each operation, which allows for a proper assessment of foreign policy risks associated with CSE’s cyber operations.
Following Recommendation no. 1 from the Governance review (FCO 1), CSE and GAC increased the amount of information included in the 2021 application for this MA. The level of detail was improved further in the 2022 application. Moreover, CSE and GAC work collaboratively on any new MAs to both ensure that relevant foreign policy objectives are reflected and that authorized operations are sufficiently scoped. Whenever an activity does not fit within the category covered by these MAs, CSE will submit a new application specific to that circumstance.
Recommendation 4: NSIRA recommends that CSE always engage with CSIS, the RCMP, and any other federal departments or agencies as to whether those departments are in a position to reasonably achieve the objective of a cyber operation.
Agree. CSE agrees with this recommendation.
CSE values the importance of consulting with all relevant Government of Canada stakeholders. During the planning of operations, CSE has and will continue to strengthen its collaborative relationships with its partners, including engaging with CSIS, RCMP, and other relevant federal departments or agencies whose mandates may intersect with a planned ACO or DCO.
Recommendation 5: NSIRA recommends that the Chief’s applications for active and defensive cyber operations inform the Minister of National Defence that acquisition of information under a valid foreign intelligence, cybersecurity, or emergency authorization, [*description*].
Agree. CSE and GAC agree with this recommendation.
This recommendation has already been addressed in the applications for the 2022-23 ACO and DCO Ministerial Authorizations.
Recommendation 6: NSIRA recommends that documentation prepared as part of the CSE’s cyber operations framework provide clear links to all known applicable foreign intelligence (or cybersecurity) missions.
Agree. CSE agrees with this recommendation.
Since the period under review, and partially stemming from NSIRA recommendations issued in the Governance review (FCO 1), CSE has implemented this change into its cyber operations framework. Under the current framework, the documentation now includes links to s.16 or s.17 operations that are directly relevant to a s.18 or s.19 cyber operation.
Recommendation 7: NSIRA recommends that CSE continue to refine, and to define, the distinctions between activities conducted under different aspects of its mandate, particularly between ACO and DCO activities, but also with regard to foreign intelligence and cybersecurity activities.
Agree in principle. CSE agrees with this recommendation in principle.
CSE agrees with the principle of understanding the nuances of its mandate. The CSE Act (ss.15-20) expressly distinguishes between the five aspects of the mandate. Operations are planned with an understanding of the scope and boundaries of the authorizing aspect of the mandate. CSE works closely with the Directorate of Legal Services (DLS) and its Operational Policy team to ensure that operations are planned and conducted under the appropriate authorities.
In the body of its report, NSIRA acknowledges both the clarity of the Act and of CSE’s ability to explain why an operation should be authorized under a particular aspect of the mandate. CSE’s policies and procedures governing the planning and conduct of operations rely on the distinction between aspects of the mandate. CSE’s Mission Policy Suite addresses each aspect of the mandate and provides a distinction between ACOs and DCOs. The cyber operations framework provides for planning documentation that sets out why the objectives and nature of the planned operation align with the authorities of an ACO versus a DCO, notwithstanding the techniques being applied. Finally, CSE is in the process of launching updated legal and policy training to its operational staff.
Foreign intelligence review
NSIRA’s findings
NSIRA finds that CSE has not updated the Minister of National Defence since [*year*] on its relationship with a foreign partner.
NSIRA finds that in the context of a joint operation, CSE’s analytic exchanges with a partner did not comply with all of CSE’s internal policy requirements relating to such exchanges with its partners.
NSIRA finds that CSE’s applications to the Minister of National Defence for Foreign Intelligence Authorizations did not describe the full extent of CSE’s involvement in [*specific activity*].
NSIRA finds that CSE did not appropriately apply its Mistreatment Risk Assessment process to information shared with a foreign partner. CSE conducted a mistreatment risk assessment only after having already shared substantial information with the partner.
NSIRA finds that CSE did not appropriately justify its mistreatment risk for targets of an operation.
[*Finding not releasable in public report*]
NSIRA finds that CSE does not have a mechanism to obtain timely and concrete verification ofa person’s Canadian status in order to verify that it is not directing its activities at Canadians.
NSIRA finds that CSE has not developed policies and procedures to govern its participation in [*specific activity*].
NSIRA finds that CSE’s contributions to operations with its partners are not governed by any written arrangements with operational activities.
NSIRA finds that CSE’s contributions to operations led by a partner have not been accompanied with the operational planning and risk assessment as described by CSE to the Minister of National Defence.
NSIRA finds that CSE does not obtain operational plans or risk assessments developed by its partners leading the operations, nor contributes to the development of these plans or their associated parameters.
NSIRA finds that CSE’s application for the Authorization did not inform the Minister of National Defence that it intends to conduct testing and evaluation activities under the authority of the Authorization.
NSIRA’s recommendations, and CSE response
Recommendation
CSE and GAC Response (March 14th , 2023)
Recommendation 1: CSE should update the Minister of National Defence on of its relationship with a foreign partner.
Agree. CSE agrees with this recommendation.
CSE concurs and regularly updates the minister on topics of importance, including the status of relationships with international partners.
CSE plans to continue providing comprehensive updates to the Minister on its international engagements and relationships with foreign partners, including the named foreign partner.
Recommendation 2: CSE should comply with the Releasable SIGINT Products requirements pursuant to the Foreign Intelligence Mission Policy Suite when conducting analytic exchanges with its partners in the performance of all operational activities.
Agree. CSE agrees with this recommendation.
CSE recognizes that despite having robust policies, practices, and procedures, improvements can still be made in outreach and training to mission staff. CSE is working on a comprehensive revision of its operational legal and policy training, and will consider this recommendation when developing its compliance plans for 2023–2024.
Recommendation 3: CSE should describe to the Minister of National Defence the full extent of its participation in any activities when applying for Foreign Intelligence Authorizations.
Agree. CSE agrees with this recommendation.
CSE will include relevant details to clarify [specific activities] in its next Ministerial Authorization application at a level of detail consistent with Ministerial Authorization applications.
Recommendation 4: CSE must perform a Mistreatment Risk Assessment prior to sharing information with [*country*] in accordance with parameters established with the Minister of National Defence, Minister of Foreign Affairs, and the Privy Council Office in the development of CSE’s working arrangement with this partner.
Agree in principle. CSE agrees with this recommendation in principle.
CSE is of the view that its policy instruments are already clear and that there are already established best practices when sharing information with foreign entities about identifiable individuals. CSE continually seeks to improve both the implementation of internal policies, and the training and internal outreach programs for its analysts.
Additionally, it is important to note that there exists a strong mitigating factor in the overarching agreements with [*country*] which contain explicit language regarding how SIGINT may be used, and with explicit prohibitions for purposes that could result in mistreatment.
Recommendation 5: When performing a Mistreatment Risk Assessment, CSE should specify why and how its risk rating applies to each individual implicated in the sharing of information with a foreign partner.
Agree in principle. CSE agrees with this recommendation in principle.
Since 2011, CSE has continually refined its mistreatment risk assessment process and documentation. In certain cases where an initial assessment has determined that all of the conditions of information sharing will be identical across a category of individuals in an activity, CSE has determined that a group mistreatment risk assessment appropriately documents the risk profiles for all individuals associated with that activity. In the event that the information sharing conditions change, or specific characteristics related to an individual associated with the activity may change the risk, a separate assessment is conducted.
CSE has continued to improve our documentation to ensure that it better reflects the analysis behind the risk assessment and why a rationale would apply to a group of individuals under a single activity. As CSE’s operational activities continue to evolve, the mistreatment risk assessment process grows to reflect the requirements of those activities.
Recommendation 6: CSE should ensure that a foreignness assessment is completed prior to commencing collection and reporting on individuals. CSE should also develop policy requirements for the documentation, tracking, and management review of foreignness assessments.
Agree in principle. CSE agrees with this recommendation in principle.
As part of the SIGINT process, and relying on a combination of policy, administrative, and technological means, CSE already documents a targeting justification demonstrating reasonable grounds to believe that a target is a foreign entity outside Canada. This auditable justification crystallizes the current state of knowledge about the foreignness of a target, at the time of targeting.
In addition, as analysts perform their duties and build knowledge about a target, a foreignness assessment persists throughout SIGINT analysis in a process that is guided by the Mission Policy Suite. Each new fragment of information acquired about a target increases the body of knowledge evaluated by an analyst, including more information about a target’s foreignness that may not have been available at the time of targeting.
If at any point the analyst no longer has reasonable grounds to believe that the target is a foreign entity outside Canada, the analyst must de-target the associated selectors and register a privacy incident with CSE’s Program for Operational Compliance team, who will guide internal processes through any additional required remedial steps, such as purging any collected information. In addition, a citizenship check can also be requested from Immigration, Refugees, and Citizenship Canada (IRCC) if sufficient information is available.
Recommendation 7: CSE should develop a mechanism with Immigration, Refugees and Citizenship Canada, or other federal institutions as appropriate, to facilitate timely and concrete confirmation of the Canadian status of individuals implicated in CSE’s operational activities.
Agree. CSE agrees with this recommendation.
This recommendation was previously put forward in the SCIDA 2020 final report. CSE continues to pursue discussions with IRCC for an information sharing agreement. CSE is reengaging at both working and executive levels to facilitate progress.
It should be recognized that in order to produce more accurate results, a citizenship check needs to include specific information regarding an individual target, which is not always available to CSE. In the absence of that information, a citizenship check is not guaranteed to produce conclusive results, and cannot be considered as a concrete confirmation of citizenship status. In addition, it is CSE’s understanding that IRCC databases may not capture Canadians born with Canadian citizenship. The citizenship check process and associated timelines are fully within the jurisdiction of IRCC.
Recommendation 8: CSE should develop policies and procedures to govern its participation in [*specific activities*] within the program.
Agree. CSE agrees with this recommendation.
CSE remains committed to building robust policy frameworks to govern its activities and ensure that its work continues at the highest level of integrity.
While at the time of review, policies and procedures specific to the program were still in development, CSE’s existing policies and procedures include principles that govern all foreign intelligence activities conducted under CSE authorities, including [*program*].
Recommendation 9: CSE should develop written arrangements with its partners implicated in activities, to set the parameters for collaborating on these activities.
Disagree. CSE disagrees with this recommendation.
CSE has enjoyed a uniquely strong relationship with partners for [*amount of time*]. By leveraging shared capabilities, Canada benefits greatly, magnifying its ability to provide quality information exponentially. The cooperation with our partners means that we [*description*], with procedures in place to manage our interactions. CSE’s operations with partners are based on bilateral information sharing and technical cooperation arrangements.
Recommendation 10: When collaborating on an operation with a partner, CSE should prepare an operational plan and conduct a risk assessment associated with the activity with a view to ensuring an operation’s alignment with CSE’s priorities and risk tolerance levels. CSE should also ensure that parameters and any caveats for the partner’s [*specific activity*] be outlined and acknowledged.
Agree. CSE agrees with this recommendation.
CSE policy outlines that, when conducting SIGINT operations, including joint operations with a partner, the activity be approved via an operational plan and risk assessment in order to exercise an aspect of the CSE mandate.
Collaboration that involves [*specific activity*] without participating in the resulting operation does not require operational plans or risk assessments to be created at CSE, but rather at the partner agency conducting the operation and adopting the risk. CSE will, however, ensure that the partner agency is aware of and acknowledges any caveats or parameters.
Recommendation 11: When applying for a Ministerial Authorization, CSE should disclose to the Minister any related testing or evaluation activities that it intends to undertake pursuant to paragraph 23(1)(c) of the CSE Act.
Disagree. CSE disagrees with this recommendation.
The purpose of a ministerial authorization is to seek authorities for activities that would contravene an Act of Parliament or involve the acquisition of information that interferes with the reasonable expectation of privacy (REP) of a Canadian or any person in Canada. Testing activities, as per s.23(1)(c) of the CSE Act, are not carried out under the authorities of a ministerial authorization if they do not risk contravening an Act of Parliament or do not involve the acquisition of information that interferes with the REP of a Canadian or any person in Canada. In such cases, it is not required to request authorities to conduct testing activities from the Minister through a ministerial authorization. However, at the Chief’s discretion, CSE will inform the Minister of non- ministerial authorization activities through other means.
Paragraph 23(1)(c) provides an exception to CSE’s prohibition on directing its activities at a Canadian or any person in Canada when conducting testing or evaluating products, software and systems. This means that CSE may conduct these activities which will not be considered directed at a Canadian or any person in Canada.
Any foreign intelligence activities, including testing activities, that contravene an Act of Parliament or involve the acquisition of information that interferes with the REP of a Canadian or any person in Canada can only be conducted under the authorities of a ministerial authorization. In such cases, the activities must be conducted under the authorities of an existing ministerial authorization or will require that the Minister issue a new ministerial authorization, and the Minister would be fully informed of the activities being considered before being in a position to approve them.
Department of National Defence and the Canadian Armed Forces Review
Report issued pursuant to section 35 of the NSIRA Act
NSIRA’s finding
The report contained a finding that, in NSIRA’s opinion, certain activities undertaken by the Canadian Armed Forces may not have been in compliance with the law.
Department of National Defence and the Canadian Armed Forces (DND/CAF’s) response
DND/CAF recognize the importance of independent, external reviews of the Government of Canada’s national security and intelligence activities. We fully support NSIRA’s review mandate and take all of its reports seriously.
Upon receipt of NSIRA’s section 35 compliance report, DND/CAF conducted a comprehensive analysis and do not agree with NSIRA’s opinion. Our analysis supports that the reviewed activities were conducted in accordance with the law within a robust system of oversight and accountability. Furthermore, an earlier independent external review was consistent with our analysis and supported a number of recommendations that were implemented to strengthen the governance framework. The Minister is following the steps in order to meet all the requirements outlined in section 35 of the Act.
Canada Border Services Agency review
Air Passenger Targeting Review
NSIRA’s findings
The use of Advance Passenger Information and Passenger Name Record data by the Canada Border Services Agency (CBSA) in scenario-based targeting complied with section 107(3) of the Customs Act.
The CBSA does not document its triaging practices in a manner that enables effective verification of whether all triaging decisions comply with statutory and regulatory restrictions.
The CBSA has not consistently demonstrated that an adequate justification exists for its Air Passenger Targeting triaging practices. This weakness in the link between the indicators used to triage passengers and the potential threats or contraventions they seek to identify creates a risk that Air Passenger Targeting triaging practices may be discriminatory.
The CBSA’s policies, procedures, and training are insufficiently detailed to adequately equip CBSA staff to identify potential discrimination-related risks and to take appropriate action to mitigate these risks in the exercise of their duties.
The CBSA’s oversight structures and practices are not rigorous enough to identify and mitigate potential discrimination-related risks, as appropriate. This is compounded by a lack of collection and assessment of relevant data.
NSIRA’s recommendations, and the CBSA’s responses
Recommendation
Response (July 2022)
Recommendation 1: NSIRA recommends that the CBSA document its triaging practices in a manner that enables effective verification of whether all triaging decisions comply with statutory and regulatory restrictions.
Agree. The CBSA will complete a review of its air passenger targeting triaging practices to ensure practices are in place which will enable effective verification of compliance with statutory and regulatory restrictions.
Recommendation 2: NSIRA recommends that the CBSA ensure, in an ongoing manner, that its triaging practices are based on information and/or intelligence that justifies the use of each indicator. This justification should be well-documented to enable effective internal and external verification of whether the CBSA’s triaging practices comply with its non-discrimination obligations.
Agree. While we are satisfied that justification for triaging and targeting practices exist, the CBSA acknowledges that better documentation practices could be implemented to enable effective internal and external verification of whether the CBSA’s triaging practices comply with its non- discrimination obligations.
The CBSA’s Scenario Based Targeting Governance Framework will be updated to include information and/or intelligence that justifies the use of each indicator.
Annual reviews of scenarios will continue to be conducted and documented to confirm that each active scenario is supported by recent and reliable intelligence.
Recommendation 3: NSIRA recommends that the CBSA ensure that any Air Passenger Targeting- related distinctions on protected grounds that are capable of reinforcing, perpetuating, or exacerbating a disadvantage constitute a reasonable limit on travellers’ equality rights under the Charter.
Agree. The CBSA will review its air passenger targeting practices to ensure that distinctions based on protected grounds are reasonable and can be demonstrably justified in the border administration and enforcement context.
Recommendation 4: NSIRA recommends that the CBSA develop more robust and regular oversight for Air Passenger Targeting to ensure that its practices are not discriminatory. This should include updates to the CBSA’s policies, procedures, training, and other guidance, as appropriate.
Agree. The CBSA acknowledges that policies, procedures, training, and other guidance, as appropriate can be improved to ensure robust and regular oversight for Air Passenger Targeting to ensure that its practices are not discriminatory.
The CBSA will complete a review of its policies, procedures, guidelines and training to ensure practices are not discriminatory.
Recommendation 5: NSIRA recommends that the CBSA start gathering and assessing the necessary data to identify, analyze, and mitigate discrimination-related risks. This includes disaggregated demographic data, data on the effects of Air Passenger Targeting on secondary examinations that may be apparent from related human rights complaints, and data on a baseline comparator group.
Agree. To that end, the CBSA is taking deliberate steps to develop its capacity to capture and analyze reliable and accurate data in non-intrusive ways. The Agency is working on developing standard and consistent positions and frameworks on the collection, use, management and governance of disaggregated data, developing metrics and indicators to measure the impact of decisions and policies on different groups; using data to build more inclusive and representative policies and strategies, and; identifying possible discrimination and bias.
Multi-departmental reviews
Review of Federal Institutions’ Disclosures of Information under the Security of Canada Information Disclosure Act in 2021
NSIRA’s findings
NSIRA finds that, in 12 out of 13 disclosures, Global Affairs Canada demonstrated that it satisfied itself as to the contribution of the information to the recipient institution’s responsibilities in respect of activities that undermine the security of Canada, as required under paragraph 5(1)(a) of the SCIDA.
NSIRA finds that, without first conducting the analysis under paragraph 5(1)(a) of the SCIDA, departments risk disclosing information that does not pertain to the national security mandate of the recipient institution or to activities that undermine the security of Canada.
NSIRA finds that, in 1 of 13 disclosures, Global Affairs Canada consulted on more information than necessary to obtain confirmation from CSIS that the disclosure contributed to its mandate and was linked to activities that undermine the security of Canada.
NSIRA finds that, in 10 out of 13 disclosures, Global Affairs Canada demonstrated that it satisfied itself that the disclosure will not affect any person’s privacy interest more than reasonably necessary in the circumstances, as required under paragraph 5(1)(b) of the SCIDA.
NSIRA finds that 2 of 13 disclosures did not contain the accuracy and reliability statements as required by subsection 5(2) of the SCIDA.
NSIRA finds that Global Affairs Canada training on the SCIDA lacks sufficient illustrative examples required to provide employees with adequate guidance to fulfill their obligations under the SCIDA.
NSIRA’s recommendations, and government response
Recommendation
Response (February 14th, 2023)
Recommendation 1: NSIRA recommends that consultations be limited to the information necessary to obtain confirmation from the potential recipient that the information contributes to its mandate and is linked to activities that undermine the security of Canada.
Agree. Public Safety’s Step-by-Step SCIDA Guide 2022 (“SCIDA Guide 2022”) was updated and distributed to federal institutions in October 2022. Many of the updates to the SCIDA Guide 2022, that were based on practitioner feedback, directly address this recommendation. The updated SCIDA Guide 2022 specifies that preliminary consultations prior to a disclosure should only include general information to ensure that SCIDA thresholds are met before the disclosing institution proceeds with the disclosure. In addition, SCIDA training material was updated in September 2022 with a renewed emphasis on the need for disclosing institutions to strictly limit the information communicated with recipient institutions during preliminary consultations.
Multiple SCIDA trainings have been delivered to federal institutions using the new material. Public Safety will continue to work with federal institutions to provide them with access to training, guidance and other useful resources on the use of the SCIDA. Given the focus of this review, Public Safety will work closely with Global Affairs Canada to address this recommendation.
Recommendation 2: NSIRA recommends that in order to provide the most valuable and meaningful context for the recipient institution, accuracy and reliability statements should be clear and specific to the circumstances of the disclosure.
Agree. Statements regarding the accuracy of the information and the reliability of the manner in which it was obtained are an essential part of the disclosure process. To ensure greater compliance with this requirement, the SCIDA Guide 2022 and its related templates, as well as the updated SCIDA training material, emphasize the importance of providing statements on the accuracy of the information and reliability of the manner in which it was obtained that are clear and specific to the circumstances of the disclosure.
Public Safety will continue to provide SCIDA training and guidance to federal institutions to highlight the requirement for statements of accuracy and reliability that are clear, complete, accurate and do not include formulaic language in support of disclosures under the SCIDA.
Recommendation 3: NSIRA recommends that all disclosing departments contemporaneously prepare descriptions of the information that was relied on to satisfy themselves that disclosures were authorized under the SCIDA.
Agree. Record keeping is an essential component of the SCIDA, and records of disclosures must include an appropriately robust description of the information relied upon to satisfy the disclosing institution that the disclosure meets the thresholds of the SCIDA. The SCIDA Guide 2022 includes templates that support federal institutions with their record-keeping requirements. This includes sections where disclosing institutions must prepare and maintain records that set out a description of the information that was relied on to satisfy the disclosing institution that the disclosure was authorized under the SCIDA. While paragraph 9(1)(e) of the SCIDA does not explicitly require departments to contemporaneously prepare descriptions of the information related to SCIDA disclosures, Public Safety takes note of NSIRA’s recommendation to do so in a timely manner.
Public Safety will continue to provide SCIDA training and guidance to federal institutions to highlight their recordkeeping obligations to ensure that all disclosures are authorized under the SCIDA and assist them in understanding their authorities for requesting and disclosing information under the Act.
Recommendation 4: NSIRA recommends that additional illustrative examples and scenarios be included in the SCIDA training, including for disclosure threshold requirements, accuracy and reliability statements and record-keeping requirements.
Agree. SCIDA training material was updated in September 2022 with multiple illustrative examples and case studies that provide further details on how to apply the disclosure threshold requirements, accuracy and reliability statements and record-keeping requirements. SCIDA training sessions have been delivered to federal institutions using the new material. Given the focus of this review, Public Safety will work closely with Global Affairs Canada to address this recommendation.
Review of departmental implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2021
NSIRA’s findings
NSIRA finds that the Canada Border Services Agency and Public Safety Canada still have not fully implemented an ACA framework and supporting policies and procedures are still under development.
NSIRA finds that from January 1, 2021, to December 31, 2021, no cases under the ACA were escalated to deputy heads in any department.
NSIRA finds that the RCMP has a robust framework in place for the triage of cases pertaining to the ACA.
NSIRA finds that the RCMP’s Foreign Information Risk Advisory Committee (FIRAC) risk assessments include objectives external to the requirements of the Orders in Council, such as the risk of not exchanging information.
NSIRA finds that the RCMP use of a two-part risk assessment, that of the country profile and that of the individual to determine if there is a substantial risk, including the particular circumstances of the individual in question within the risk assessment is a best practice.
NSIRA finds that the RCMP does not have a centralized system of documenting assurances and does not regularly monitor and update the assessment of the reliability of assurances.
NSIRA finds that the RCMP does not regularly update or have a schedule to update its Country and Entity Assessments. In many cases these assessments are more than four years old and are heavily dependent on an aggregation of open-source reporting.
NSIRA finds that information collected through the Liaison Officer in the course of an operation is not centrally documented such that it can inform future assessments.
NSIRA finds that FIRAC members concluded that the information sharing would result in a substantial risk of mistreatment that could not be mitigated. The Assistant Commissioner determined that it may be mitigated. This amounts to a disagreement between officials or a situation where “officials are unable to determine whether the risk can be mitigated”.
NSIRA finds that the Assistant Commissioner’s rationale for rejecting FIRAC’s advice did not adequately address concerns consistent with the provisions of the Orders in Council. In particular, NSIRA finds that the Assistant Commissioner erroneously considered the importance of the potential future strategic relationship with a foreign entity in the assessment of potential risk of mistreatment of the individual.
NSIRA finds that Global Affairs Canada is now strongly dependent on operational staff and Heads of Mission for decision-making and accountability under the ACA.
NSIRA finds that Global Affairs Canada has not demonstrated that all of its business lines are integrated into its framework under the ACA.
NSIRA finds that Global Affairs Canada has not made ACA training mandatory for all staff across relevant business lines. This could result in staff being involved in information exchanges without the proper training and knowledge of the implications of the ACA.
NSIRA finds that Global Affairs Canada has not regularly updated its Human Rights Reports. While many were updated during the 2021 review year, more than half have not been updated since 2019. This is particularly problematic when departments and agencies rely on these reports as a key source in assessing risk related to the ACA.
NSIRA finds that Global Affairs Canada does not have a standardized centralized approach for the tracking and documentation of assurances.
NSIRA’s recommendations
Recommendation
Recommendation 1: NSIRA recommends that the RCMP establish a centralized system to track caveats and assurances provided by foreign entities and where possible to monitor and document whether said caveats and assurances were respected.
Recommendation 2: NSIRA recommends that in cases where the RCMP Assistant Commissioner disagrees with FIRAC’s recommendation not to share the information, the case be automatically referred to the Commissioner.
Recommendation 3: NSIRA recommends that the assessment of substantial risk be limited to the provisions of the Orders in Council – namely the substantial risk of mistreatment and whether the risk may be mitigated – and external objectives such as fostering strategic relationships should not factor into this decision-making.
Recommendation 4: NSIRA recommends that FIRAC recommendations are referred to an Assistant Commissioner who is not responsible for the branch from which the case originates.
Recommendation 5: NSIRA recommends that GAC ensure that accountability for compliance with the ACA clearly rests with the Avoiding Mistreatment Compliance Committee.
Recommendation 6: NSIRA recommends that GAC conduct a formal internal mapping exercise of other possibly implicated business lines to ensure it is meeting its obligations set out in the ACA.
Recommendation 7: NSIRA recommends that GAC make ACA training mandatory for all rotational staff.
Recommendation 8: NSIRA recommends that GAC ensure countries’ Human Rights Reports are updated more regularly to ensure evolving human rights related issues are captured.
Recommendation 9: NSIRA recommends that GAC establish a centralized system to track caveats and assurances provided by foreign entities and document any instances of non-compliance for use in future risk assessments.
Review arising from the Federal Court’s decision in 2020 FC 616, rebuilding trust: reforming the CSIS warrant and Department of Justice legal advisory processes
This review was approved in 2022. Under section 38 (1) of the NSIRA Act, NSIRA is therefore obliged to report on its findings and recommendations as part of its annual report for the calendar year 2022. A summary of this review is available in NSIRA’s Annual Report 2021.
NSIRA’s findings
NSIRA finds that the legal advice-seeking and giving process, and resource constraints at the Department of Justice’s National Security Litigation and Advisory Group (NSLAG) contribute to considerable delays, [*description of timeline*].
NSIRA finds that Justice legal opinions have sometimes been prepared without sufficient attention to the audience that needs to understand and act on them. Opinions have been focused on assessing legal risk, often late in the development of a CSIS activity, with limited effort made to propose alternative and legally sustainable means of arriving at the intended objective.
NSIRA finds that the Justice Legal Risk Management Framework is misunderstood at the working level at CSIS and further that it does not provide an appropriate framework for the unequivocal communication of unlawful conduct to CSIS.
NSIRA finds that difficulties in acquiring prompt and relevant legal advice have contributed to [*discussion of the detrimental effects on and risks to operations*] that may require legal advice. In consequence, the manner in which NSLAG has provided legal advice to CSIS has often not met the needs of CSIS operations.
NSIRA finds that Justice does not generate the necessary business analytics to track its service delivery performance to CSIS.
NSIRA finds that Justice has acknowledged that internal silos at NSLAG between the advisory and litigation wings have sometimes left warrant counsel unaware of emerging legal issues and that Justice has taken steps to resolve these issues.
NSIRA finds that Justice has committed to improve its advice-giving to CSIS, including moving toward “road map” style legal advice that involves working collaboratively and iteratively with CSIS to achieve operational goals within the bounds of the law.
NSIRA finds that CSIS has not always shared all relevant information with NSLAG, prompting a degree of mistrust and limiting Justice’s ability to provide responsive legal advice.
NSIRA finds that CSIS has a history of quick reforms, followed by neglect, high turnover of personnel leading to a loss of institutional knowledge, and resourcing that did not match stated priorities. CSIS does not track or measure the outcome of past reforms adequately and has no performance metrics for assessing success.
NSIRA finds that CSIS policies have not kept pace with operational reality, as they are often vague, dated, overlapping and contradictory. The absence of clear policy creates legal doubt or concerns, and gives rise to disparate interpretations of legal and operational standards.
NSIRA finds that there is little common understanding regarding the process or basis on which a warrant is prioritized. Frequent shifts in this process of prioritization have added to operational uncertainty. The prioritization process has made it very difficult to bring novel issues to the Court with the goal of addressing legal ambiguities through court decisions.
NSIRA finds that the actors involved in the warrant process do not have a common understanding of the rationale for each of the [*multiple*] of steps in the overarching warrant application scheme and are not always sure what role each approval step plays.
NSIRA finds that the proliferation of process in seeking warrants has created a system of diluted accountability widely regarded as slow and unwieldy, with delays caused by multiple levels of approval.
NSIRA finds there is no regular feedback process in which explanations for warrant-related decisions made at one level filter back to other levels. The absence of feedback is especially acute for the regional investigators.
NSIRA finds that often, the sole means to address legal uncertainty is to bring legal questions to the Federal Court through warrant applications. In consequence, an unwieldy warrant process makes resolution of legal doubt more difficult.
NSIRA finds that CSIS has struggled to ensure that all information material to the credibility of sources is properly contained in warrant applications. This “recurring omissions” problem stems from a misunderstanding of the Federal Court’s role in assessing the credibility of sources and from the presence of multiple, siloed information management systems. CSIS has undertaken reforms, but work remains to implement long-term sustainable solutions.
NSIRA finds that the Affiant Unit constitutes a vital and laudable reform within CSIS. However, the Affiant Unit is currently at risk of collapse. CSIS has not supported the unit with resources commensurate with the importance of this unit in fulfilling CSIS’s mission. The benefits of the Affiant Unit are currently in jeopardy because of governance, human resource, and training deficiencies.
NSIRA finds that the Affiant Unit’s placement in the [*Name*] branch is not commensurate with its functions and importance. This governance anomaly most likely contributes to administrative hurdles and resource challenges faced by the Affiant Unit.
NSIRA finds that without a functional Affiant Unit able to produce timely and accurate warrant applications, CSIS puts at risk access to warrants and the information collected under them.
NSIRA finds that the “independent counsel” role falls short of creating a thorough challenge function.
NSIRA finds that the CSIS regional warrants coordinators have not received sufficient training enabling them to translate the contents of the warrants into advice on proper warrant execution.
NSIRA finds that CSIS lacks long-term training programs for Intelligence Officers.
NSIRA finds that CSIS has failed to provide systematic training programs for “non-Intelligence Officers.”
NSIRA finds that the CSIS’s Learning and Development Branch has not been sufficiently resourced to develop and administer comprehensive training programs, especially in specialized areas not covered by the training offered for Intelligence Officers early in their career.
NSIRA finds that CSIS and Justice are at risk of not being able to fulfill their respective mandates. No one reform is likely to succeed unless each is pursued as part of a coherent package. No package will succeed unless backed by prioritization at senior levels, and the stable provision of resources, including people with the means and institutional knowledge to see reforms through. And no reform initiative will succeed unless accompanied by clear performance indicators, measured and analyzed regularly to track progress.
NSIRA’s recommendations and departmental responses
Recommendation
Departmental response (March 29, 2022)
Recommendation 1: NSIRA recommends that Justice pursue its commitment to reforming the manner of providing legal advice to CSIS, and its stated commitment to “road map”-style advice as a best practice. In support of this objective and the provision of timely, operationally relevant advice, NSIRA further recommends that Justice implement the following:
Whether through an expanded “office hours” and liaison counsel program or otherwise, NSLAG must develop a legal support service operating full time, staffed by experienced lawyers empowered to provide operational advice in real time on which CSIS officers can rely, on the basis of settled Justice positions on recurring legal issues, accessible directly to CSIS officers across all regional offices and at all levels.
NSLAG develop a concise reference tool with its position on recurring issues and most common legal authorities invoked and make the tool accessible to counsel to support their real-time advice.
To minimize the need to resort to the formalized legal advice-seeking process, NSLAG (in coordination with CSIS) must involve counsel with CSIS officers at the early stage of the planning of key or novel operations and throughout their entire operational lifecycle to case-manage an iterative legal guidance process.
Agree. Prior to NSIRA issuing its report, Justice Canada has been working on a number of measures concerning policies and practices in the provision of legal services to CSIS. These measures include activities related to the duty of candour and the warrant acquisition process, best practices in the delivery of legal services, advising CSIS on legal risks associated with its operations, the sharing of information in the national security context, and tracking and responding to key performance indicators related to the delivery of legal services.
Justice is committed to improving the manner of providing legal services and ensuring practical and timely legal services. The measures undertaken to date and further measures underway support a coordinated approach for legal services, striking the right balance of resources across corporate and operational priorities. This includes providing legal advice in a more accessible, iterative manner, and supporting Counsel through interactive training to better understand and support their work in a proactive manner.
Justice and CSIS working together in an integrated fashion ensures that counsel are involved throughout an operation’s life-cycle, including the early stages. Early integration into operational planning supports the provision of timely and relevant legal advice as operations progress.
Justice has already modified its liaison counsel model. Liaison counsel are experienced counsel designated to support CSIS officers across regional offices and particular operations.
Enhancements to the role have resulted in liaison counsel providing timely and focused advice, supporting operational imperatives, and identifying trends and issues of concern to develop guidance documents and other practical tools.
Justice is developing a suite of practical tools and legal service delivery mechanisms to support CSIS. These include:
a user-friendly blog that describes relevant legal issues and concepts in plain-language and with a practical application to CSIS’s work;
a field guide for the practical application of legal concerns to CSIS’s operations that can be used by officers in the field and in real time;
interpretation and guidance documents; and,
knowledge management tools ensuring counsel can access legal precedents and interpretations.
Recommendation 2: NSIRA recommends that NSLAG (in coordination with CSIS) develop Key Performance Indicators to measure the delivery of legal services to CSIS.
Agree. Justice has developed business metrics to measure service delivery performance. Justice will continue to work with CSIS to invest in resources to conduct detailed business analytics to enhance the provision of legal services and make improvements to the existing system. Client feedback surveys are undertaken regularly.
Recommendation 3: NSIRA recommends that CSIS and Justice should include in their training programs interactive scenario-based training developing the operational intelligence activities expertise of NSLAG counsel and the legal knowledge of CSIS operational staff.
Agree. Justice has worked with CSIS to develop and deliver interactive scenario-based training and is committed to continuing that involvement.
Recommendation 4: To ensure Justice is able to give meaningful and responsive legal advice as recommended in recommendation #1, NSIRA recommends that CSIS invite Justice counsel to sit at the table at all stages of the lifecycle of key and novel operations, and that it fully and frankly brief counsel on operational objectives, intent, and details.
Agree. As set out above, Justice is working with CSIS to be involved sooner and more continuously across the lifecycle of operations to provide timely, focused and iterative legal services.
Recommendation 5: NSIRA recommends that Justice’s advice-giving must clearly and unequivocally communicate advice on the unlawfulness of client conduct, whether criminal or otherwise.
Agree. Justice is currently undertaking a review of its legal risk framework in order to improve both how legal risk is assessed, and also how risks are communicated to clients.
Recommendation 6: NSIRA recommends that CSIS adopt, and share internally, clear criteria for the warrant prioritization process.
Agree. CSIS will further refine the warrant prioritization process and work to set clear criteria.
Recommendation 7: NSIRA recommends that CSIS establish a new warrant process eliminating steps that do not make a significant contribution to a more accurate application. The process should assign clear lines of responsibility for the production of accurate applications. The reformed system should ensure that delays associated with managerial approvals are minimized, and that time is reallocated to those steps contributing to the preparation of the accurate applications.
Agree. Work on implementation is underway. CSIS and Justice are committed to streamlining warrant applications, templates, and requests as part of broader modernisation objectives.
Recommendation 8: NSIRA recommends that CSIS integrate the regional stakeholders (including the implicated investigators) at every key milestone of the warrants process.
Agree. CSIS has already undertaken related improvements to address this recommendation, including through the updated Affiant Unit business approach to warrant acquisition, which now includes regional stakeholders.
Recommendation 9: NSIRA recommends that CSIS adopt policies and procedures governing the reformed warrant process that clearly outlines the roles and responsibilities of each participant and the objective of each step in the warrant process and that these policies be kept current as the process evolves.
Agree. The revised CSIS Justice Joint Policy on Duty of Candour and the associated guidance document outline the role of all CSIS employees (not just the affiants) in ensuring that disclosure obligations to the Court are met. In addition, CSIS has developed a s.21 warrant policy and the drafting of the related procedure is underway. In 2020 and 2021, CSIS provided Duty of Candour training to all operational employees through a special project.
Recommendation 10: To address the seeming inevitability of “recurring omissions”, NSIRA recommends that CSIS prioritize the development of [*an improved*] system for human source information management. CSIS should also continue initiatives meant to ensure that source handlers are assiduous in documenting and then reporting in source precis information going to credibility. Even with these reforms, the Affiant Unit should adopt procedures for verifying the information prepared by the regions.
Agree. The recommendation endorses a CSIS initiative already underway. An Action Plan approved by the Executive in January 2021 identified the requirement, and CSIS stakeholders are advancing this initiative. CSIS developed a comprehensive requirements package, and identified a potential technical solution. The complexity of the technical development process means this will be a long process.
Recommendation 11: NSIRA recommends that CSIS recognize the importance of the Affiant Unit by assigning affiants and analysts an employment classification congruent with their responsibilities.
Agree. CSIS has addressed this recommendation by classifying affiants at one level above the Intelligence Officer working level to recognize the complexity of their work and to attract/retain candidates. A competitive competition process is underway to staff the affiant positions and is anticipated to be completed by the end of March 2022.
Recommendation 12: NSIRA recommends that CSIS should create an Affiant Branch reporting directly to the CSIS Director.
Disagree. The Service notes the concerns raised by the committee in its report regarding the Affiant’s Unit current placement in the organization’s hierarchy. This said, throughout the course of this review, CSIS has invested heavily in the Affiant Unit and its employees and has made significant changes to the warrant process and its governance. The Service is confident that these changes will be sufficient to address the concerns that resulted in this finding and recommendation, particularly as it relates to observations related to administrative and human resource challenges. In addition, the current placement of the Affiant Unit with other units with corresponding responsibilities for warrant acquisition best facilitates the provision of ongoing guidance and advice throughout the warrant lifecycle to ensure compliance and duty of candour obligations are met. Given its importance, CSIS commits to ongoing monitoring and evaluation of the Affiant Unit to ensure the concerns highlighted in the report do not re-occur.
Recommendation 13: NSIRA recommends that CSIS urgently resource the Affiant Unit to meet its responsibilities and ensure its sustainability. In deciding the size of the Affiant Unit, CSIS should assess how many warrants an affiant team might reasonably complete every year.
Agree. In line with the recommendation, CSIS already increased the resourcing of the Affiant Unit and approved changes to the organizational chart in March 2021. As noted above, a staffing action is currently underway that aims to create a pool of qualified candidates which can be leveraged to help increase the Affiant Unit’s capacity.
Recommendation 14: NSIRA recommends that CSIS, in consultation with Justice, develop a comprehensive training course for all affiants and analysts, codifying best practices and methods for members of the Affiant Unit.
Agree. CSIS intends to provide fulsome training to the affiant unit, as recommended. In late 2021, initial consultations were held to identify appropriate training. Unfortunately, the pandemic has disrupted training efforts.
Justice is supporting CSIS in the development and delivery of all comprehensive and practical training for all those working on warrant applications. Cross-reference recommendations 3 and 18.
Recommendation 15: NSIRA recommends that NSLAG be staffed by a complement of counsel and support personnel sufficient to ensure that CSIS operations are not impeded by resource limitations at NSLAG.
Agree. Justice and CSIS will continue to work together on resources and staffing issues.
Recommendation 16: NSIRA recommends that the function of the Independent Counsel as performed by National Security Group counsel at the Department of Justice should be eliminated, in favour of a new challenge function, analogous to the role a defence lawyer would play were warrants subject to an adversarial process, situated at Public Safety and supported by the Public Safety vetting team, and performed by a knowledgeable lawyer from the Public Prosecution Service of Canada, the private sector, or elsewhere, who is independent from Justice management and not otherwise involved in CSIS warrant applications.
Agree. Public Safety will develop an enhanced vetting function, housed in Public Safety Canada, that reflects the principles and objectives set out by NSIRA. Public Safety Canada will develop the enhanced vetting function as part of the CSIS warrant acquisition process such that it provides a meaningful challenge function without adding undue complexity or delay. While this work is underway, Public Safety Canada will take steps to strengthen warrant vetting on an interim basis.
Recommendation 17: NSIRA recommends that CSIS regional warrants coordinator positions receive adequate training, and that CSIS professionalize the position and enable warrant coordinators to more effectively translate the content of warrants into advice on warrant execution.
Agree. CSIS acknowledges the importance of training and of centers of expertise. CSIS is determining training requirements.
Recommendation 18: NSIRA recommends that CSIS adequately resource and regularly deliver evergreen scenario-based training programs for all CSIS employees, including;
annual, comprehensive, warrant training for all operational employees;
specialized onboarding training for all employees not part of the Intelligence Officer program; and
continued long-term training for all specialized personnel.
Agree. CSIS is committed to improving the training offered to all of its employees, as recommended. Scenario-based training, which helps employees understand the application of policies and procedures, is now an integral part of operational training, which includes the development of an annual operational workshop. A recently approved business case will significantly increase staffing in Learning & Development to further enable training of CSIS employees. This business case includes the creation of a new position responsible for developing an enhanced onboarding for all newly hired employees, as well as the creation of new positions to create and deliver additional learning opportunities for all operational employees. Cross- reference recommendations 3 and 14.
Recommendation 19: The recommendations within this review should be treated as a coherent package and that progress and outcomes in implementing these recommendations be tracked, allowing management, the Ministers of Public Safety and of Justice, and NSIRA, to assess the efficacy of reforms and course-correct if necessary.
Agree. PS, CSIS, and Justice are committed to taking a holistic approach to the implementation of the recommendations and will track and course correct as required in this complex operating environment.
Recommendation 20: The full classified version of this report be shared with the designated judges of the Federal Court.
Partially agree. The Attorney General of Canada has shared the full report, redacted for solicitor- client privilege, with the designated judges of the Federal Court of Canada.
Annex D: Statistics on complaints investigations
January 1, 2022, to December 31, 2022
INTAKE INQUIRIES
75
New complaints filed
75
National Security and Intelligence Review Agency Act (NSIRA Act), section 16, Canadian Security and Intelligence Service (CSIS) complaints
This quarterly report has been prepared by management as required by section 65.1 of the Financial Administration Act and in the form and manner prescribed by the Directive on Accounting Standards, GC 4400 Departmental Quarterly Financial Report. This quarterly financial report should be read in conjunction with the 2023–24 Main Estimates.
This quarterly report has not been subject to an external audit or review.
Mandate
The National Security and Intelligence Review Agency (NSIRA) is an independent external review body that reports to Parliament. Established in July 2019, NSIRA is responsible for conducting reviews of the Government of Canada’s national security and intelligence activities to ensure that they are lawful, reasonable and necessary. NSIRA also hears public complaints regarding key national security agencies and their activities.
This quarterly report has been prepared by management using an expenditure basis of accounting. The accompanying Statement of Authorities includes the agency’s spending authorities granted by Parliament and those used by the agency, consistent with the 2023–24 Main Estimates. This quarterly report has been prepared using a special-purpose financial reporting framework (cash basis) designed to meet financial information needs with respect to the use of spending authorities.
The authority of Parliament is required before money can be spent by the government. Approvals are given in the form of annually approved limits through appropriation acts or through legislation in the form of statutory spending authorities for specific purposes.
Highlights of the fiscal quarter and fiscal year-to-date results
This section highlights the significant items that contributed to the net increase or decrease in authorities available for the year and actual expenditures for the quarter ended June 30, 2023.
NSIRA spent approximately 19% of its authorities by the end of the first quarter, compared with 12% in the same quarter of 2022–23 (see graph 1).
Graph 1: Comparison of total authorities and total net budgetary expenditures, Q1 2023–24 and Q1 2022–23
Text version of Figure 1
Comparison of total authorities and total net budgetary expenditures, Q1 2023–24 and Q1 2022–23
2023-24
2022-23
Total Authorities
$23.0
$28.3
Q1 Expenditures
$4.3
$3.3
Significant changes to authorities
As of June 30, 2023, Parliament had approved $23.0 million in total authorities for use by NSIRA for 2023–24 compared with $28.3 million as of June 30th, 2022, for a net decrease of $5.3 million or 8.1% (see graph 2).
Graph 2: Variance in authorities as at June 30, 2023
Text version of Figure 2
Variance in authorities as at June 30, 2023 (in millions)
Fiscal year 2022-23 total available for use for the year ended March 31, 2023
Fiscal year 2023-24 total available for use for the year ended March 31, 2024
Vote 1 – Operating
26.5
21.3
Statutory
1.7
1.8
Total budgetary authorities
28.2
23.0
*Details may not sum to totals due to rounding*
The decrease of $5.3 million in authorities is mostly explained by a reduction in capital funding for infrastructure projects.
Significant changes to quarter expenditures
The first quarter expenditures totalled $4.3 million for an increase of $1 million when compared with $3.3 million spent during the same period in 2022–23. Table 1 presents budgetary expenditures by standard object.
Table 1
Variances in expenditures by standard object(in thousands of dollars)
Fiscal year 2023–24: expended during the quarter ended June 30, 2023
Fiscal year 2022–23: expended during the quarter ended June 30, 2022
Variance $
Variance %
Personnel
2,886
2,345
541
23%
Transportation and communications
130
44
86
195%
Information
0
5
(5)
100%
Professional and special services
1,165
846
319
38%
Rentals
48
10
38
380%
Repair and maintenance
24
31
(7)
(23%)
Utilities, materials and supplies
7
16
(9)
(56%)%
Acquisition of machinery and equipment
48
9
39
433%
Other subsidies and payment
4
(2)
(6)
(300%)
Total gross budgetary expenditures
4,312
3,304
1,008
31%
Personnel
The increase of $541,000 is largely caused by an increase in cost per FTE and change in the timing of Member’s pay.
Transportation and communications
The increase of $86,000 is explained by a change in the timing of invoicing for the internet connection.
Professional and special services
The increase of $319,000 is mainly explained by an increase in the cost of the maintenance and services in support of our classified IT network infrastructure. It also relates to the use of guard services for office accommodation fit-up.
Rentals
The increase of $38,000 is explained by a change in the timing of invoicing for the rent for temporary office space.
Acquisition of machinery and equipment
The increase of $39,000 is explained by a one-time purchase of a specialized laptop along with a wall mounted charging station and warranty.
Risks and uncertainties
The Secretariat assisted NSIRA in its work with the departments and agencies subjected to reviews to ensure a timely and unfettered access to all the information necessary for the conduct of reviews. While work remains to be done on this front, we acknowledge the improvements in cooperation and support to the independent review process demonstrated by some reviewees.
There is a risk that the funding received to offset pay increases anticipated over the coming year will be insufficient to cover the costs of such increases and the year-over-year cost of services provided by other government departments/agencies is increasing significantly.
NSIRA is closely monitoring pay transactions to identify and address over and under payments in a timely manner and continues to apply ongoing mitigating controls.
Mitigation measures for the risks outlined above have been identified and are factored into NSIRA’s approach and timelines for the execution of its mandated activities.
Significant changes in relation to operations, personnel and programs
There have been no new Governor-in-Council appointments during the first quarter.
Mr. Pierre Souligny, NSIRA’s Senior Director, Corporate Services and CFO since 2020, has retired. He has been replaced by Mr. Marc-André Cloutier.
Approved by senior officials:
John Davies Deputy Head
Pierre Souligny Chief Financial Officer
Appendix
Statement of authorities (Unaudited)
(in thousands of dollars)
Fiscal year 2023–24
Fiscal year 2022–23
Total available for use for the year ending March 31, 2024 (note 1)
Used during the quarter ended June 30, 2023
Year to date used at quarter-end
Total available for use for the year ending March 31, 2023 (note 1)
Used during the quarter ended June 30, 2022
Year to date used at quarter-end
Vote 1 – Net operating expenditures
21,254
3,873
3,873
26,523
2,872
2,872
Budgetary statutory authorities
Contributions to employee benefit plans
1,728
439
439
1,728
432
432
Total budgetary authorities (note 2)
23,009
4,312
4,312
28,251
3,304
3,304
Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.
Note 2: Details may not sum to totals due to rounding.
Departmental budgetary expenditures by standard object (unaudited)
(in thousands of dollars)
Fiscal year 2023–24
Fiscal year 2022–23
Planned expenditures for the year ending March 31, 2024 (note 1)
Expended during the quarter ended June 30, 2023
Year to date used at quarter-end
Planned expenditures for the year ending March 31, 2023
Expended during the quarter ended June 30, 2022
Year to date used at quarter-end
Expenditures
Personnel
13,303
2,886
2,886
13,245
2,345
2,345
Transportation and communications
650
130
130
597
44
44
Information
372
0
0
372
5
5
Professional and special services
3,596
1,165
1,165
3,506
846
846
Rentals
271
48
48
271
10
10
Repair and maintenance
4,580
24
24
9,722
31
31
Utilities, materials and supplies
73
7
7
103
3
3
Acquisition of machinery and equipment
132
48
48
232
9
9
Other subsidies and payments
33
4
4
133
(2)
(2)
Total gross budgetary expenditures
(note 2)
23,009
4,312
4,312
28,251
3,304
3,304
Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.
Note 2: Details may not sum to totals due to rounding.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!