Language selection

Government of Canada / Gouvernement du Canada

Search


Review of the Canadian Security Intelligence Service’s (CSIS) use of Geolocation information – CSIS responses

Geolocation Data Tool (SIRC 2018-05)

NSIRA Recommendation: NSIRA recommends that CSIS review its use of [the geolocation tool] to date and make a determination as to which of the operational reports generated through the use of [the geolocation tool] were in breach of section 8 of the Charter. These operational reports and/or any documents related to those results should be purged from its systems.

CSIS Response: CSIS has received advice from the Department of Justice on its use of a geolocation data tool in Canada and the disposition of information derived from its use. CSIS is working to implement this advice to ensure compliance with the Charter, CSIS Act and other legal obligations.

More broadly, CSIS recognizes that keeping pace with the global threat environment and rapid technological change necessitates continuous reflection to ensure that we have the tools, authorities required of a modern intelligence agency; CSIS must be fully equipped to protect Canada’s national security. Canadians expect CSIS to leverage technology to keep them safe in a manner that is entirely in keeping with the Canadian expectation of privacy.

NSIRA Recommendation: NSIRA recommends that policy be developed or amended as appropriate that would require a documented risk assessment, including legal risks, in situations like [the geolocation tool] when information collected through new and emerging technologies may contain information in respect of which there may be a reasonable expectation of privacy. If not, NSIRA further recommends that a policy centre for this type of collection be clearly identified.

CSIS Response: CSIS is modifying its policy framework to address this recommendation. This aligns with the most recent Ministerial Direction on Accountability from September 2019. The MD requires CSIS to notify the Minister of Public Safety when a novel technology is used.

Share this page
Date Modified:

Review of the Canadian Security Intelligence Service’s (CSIS) Internal Security Branch – CSIS responses

CSIS Internal Security (SIRC 2018-15)

NSIRA Recommendation: CSIS develop an internal policy, in consultation with Treasury Board Secretariat (TBS), outlining parameters on reporting information obtained during the course of IS screening, inquiries, and investigations to law enforcement in a timely manner.

CSIS Response: CSIS has established an internal set of procedures for disclosing information obtained during the course of Internal Security screening to law enforcement, as required. CSIS will continue to review these procedures and will continue to seek legal advice from the Department of Justice regarding these disclosures, as required. CSIS and the Department of Justice have a collaborative relationship that fosters discussion and allows for robust engagement in these matters.

NSIRA Recommendation: CSIS strengthen internal governance over polygraph activities, including modifying the methodology for conducting polygraph assessments, as appropriate.

CSIS Response: CSIS considers the findings and observations in this review as an opportunity to enhance its internal processes. As such, CSIS is working to address this recommendation by strengthening internal governance. New policy and procedures will provide clarity, accountability and transparency to its polygraph program by outlining roles and the ethical and procedural responsibilities of polygraph examiners.

NSIRA Recommendation: CSIS update applicable policy and procedures on the use of the polygraph to address security and procedural fairness implications stemming from failed polygraph results.

CSIS Response: CSIS values the important work done by the National Security and Intelligence Review Agency (NSIRA). To address gaps identified by NSIRA, CSIS is currently updating the polygraph policy and procedures to ensure an enhanced degree of transparency and procedural fairness.

NSIRA Recommendation: IS further align its overarching policy suite with the assessment criteria for adverse information outlined in the Standard on Security Screening, as well as update the its Questionnaire Guidebook with clear definitions and risk indicators.

CSIS Response: CSIS continually engages in the process of updating its guides, procedures and policies. CSIS will ensure that procedures are well aligned with the Treasury Board Secretariat’s Standard on Security Screening. Providing consistency in assessments between cases remains a priority.

Share this page
Date Modified:

Review of the CSIS-RCMP relationship in a region of Canada through the lens of an ongoing investigation – NSIRA recommendations and CSIS-RCMP responses

Responses

Review of the CSIS-RCMP relationship in a region of Canada through the lens of an ongoing investigation – NSIRA recommendations and CSIS-RCMP responses


CSIS-RCMP relationship in a region of Canada through the lens of an ongoing investigation (NSIRA 2019-04)

NSIRA Recommendation: CSIS invest the resources needed to develop a broader range of sources of information in order to prevent further serious damage to the reviewed investigation.

CSIS-RCMP Response: Due to the variety of factors inherent in each investigation, CSIS always considers how best to collect information and mitigate threats, drawing on a number of tools and resources – in accordance with the CSIS Act and ministerial direction – dependent on the situation.

NSIRA Recommendation: CSIS and the RCMP prioritize the deployment of usable and compatible secure communications systems in order to make regional de-confliction more efficient.

CSIS-RCMP Response: CSIS and the RCMP are prioritizing the deployment of compatible secure communication. The CSIS Director and the RCMP Commissioner approved the development of a CSISRCMP Secure Communications Strategy, the implementation of which is already underway.

NSIRA Recommendation: CSIS and the RCMP continue to prioritize the timely implementation of recommendations from the Operational Improvement Review (OIR) in order to help address the operational shortcomings reported by the OIR and further illustrated in this review.

CSIS-RCMP Response: CSIS and the RCMP remain committed to implementing the OIR recommendations as well as the implementation of One Vision 3.0.

The OIR resulted in 76 recommendations, some of which include enhanced collaboration and information sharing in national security investigations, additional training for national security personnel, as well as the improved handling and disclosure of sensitive and classified information. Significant effort has been undertaken to ensure recommendations are adopted and implemented within both organisations. Some of the early successes include pilot projects such as the Leads Pilot that has resulted in enhanced CSISRCMP de-confliction within national security areas of focus.

The RCMP and CSIS continue to be fully supportive of implementing these needed changes to our organisations. This work, and efforts of the broader community, will ensure that the Government of Canada has a strong foundation of enhanced collaboration and the best tools available to mitigate threats and ensure public safety. This complex work however, is ongoing and challenges remain, particularly as it relates to the issue of intelligence and evidence. These significant challenges will require a whole-ofgovernment approach in order to address.

NSIRA Recommendation: CSIS and the RCMP develop a properly resourced complimentary strategy to address the threat examined in this report. In accordance with the vision set out in the Operational Improvement Review, the strategy should consider the full range of tools available to both agencies.

CSIS-RCMP Response: CSIS and the RCMP coordinate and collaborate on national security threats and use strategies and resources best suited to individual operations.

As a result of the OIR, discussions between CSIS and the RCMP are more frequent and occur earlier in the process which has reduced the duplication of efforts between both of our agencies

Share this page
Date Modified:

Review of CSIS threat reduction activities – NSIRA recommendations and CSIS responses

CSIS Threat Reductions Activities (NSIRA)

NSIRA Recommendation: CSIS create an accountability framework for information related to TRMs, and that this information be documented and retained in a central, easily retrievable location.

CSIS Response: CSIS’s robust governance framework for its TRM authorities has been the subject of review by both SIRC and NSIRA. As a result of these reviews, considerable adjustments have been made to the governance of TRMs.

CSIS is developing an improved organisational case management tool. While that work occurs, CSIS is implementing interim measures to respond to NSIRA’s recommendations. Finally, CSIS is leveraging additional communication methods to ensure awareness of the TRM specific requirements.

NSIRA Recommendation: CSIS create a formalized and documented process that ensures pertinent facts regarding TRM subjects are provided to the National Security Litigation and Advisory Group (NSLAG) to ensure that it has the information necessary to provide considered legal advice on the identification and selection of interviewees for inclusion in TRMs.

CSIS Response: CSIS and the Department of Justice have a collaborative relationship that fosters discussion and allows for continuous engagement. When parliament established CSIS’s threat reduction mandate, CSIS worked closely with the Department of Justice to develop an appropriate and robust governance framework. This framework includes a formal and documented process to seek a legal risk assessment as well as practical guidance regarding relevant information and level of detail required for TRM submissions.

CSIS engages the Department of Justice to ensure all requirements of the CSIS Act are met including consideration that measures are reasonable and proportional to the threat and warrants are obtained if required. CSIS ensures this guidance is applied so that TRMs remain lawful and respect all Canadian laws, including Charter rights and freedoms.

NSIRA Recommendation: CSIS develop an accountability framework for compliance with legal advice on TRMs, including documenting when and why legal advice was not followed.

CSIS Response: CSIS’s compliance framework provides an opportunity to report instances of potential non-compliance with Ministerial Direction, internal policies or procedures, and the law. In instances where this may occur, CSIS’s Compliance program remains well situated to complete requisite fact finding and engage with the Department of Justice.

The Department of Justice provides advice to ensure TRMs remain lawful and respect the right of Canadians. CSIS diligently applies these principles and guidance from the Department of Justice in the execution of all TRMs. While advice from the Department of Justice does not provide explicit and tactical directions on the execution of TRMs, CSIS considers all Justice advice during its operational deliberations.

NSIRA Recommendation: When considering whether a Charter right is limited by a proposed TRM, NSLAG should undertake a case-by-case analysis that assesses factors identified in our report.

CSIS Response: The Department of Justice will further consider this recommendation and factor it into its work related to TRM under the CSIS Act. CSIS and the Department of Justice will continue to build their long-established and collaborative relationship in order to improve and refine the governance of TRMs.

Share this page
Date Modified:

Departmental Plan: 2023-2024

Meta data information

Cat. Number: PS106-6E-PDF
ISSN: 2563-0334

© Her Majesty the Queen in Right of Canada, 2020

Date of Publishing:

From the Executive Director

It is my pleasure to present the National Security and Intelligence Review Agency (NSIRA) 2023–24 Departmental Plan. This report provides an overview of NSIRA’s planned activities, priorities, and targeted outcomes for the 2023–24 fiscal year.

Throughout NSIRA’s first three years of operation, we have grown our staff complement, developed expertise in alignment with our broad mandate, and completed numerous high-quality reviews and complaint investigations. NSIRA has also developed and revised the processes that guide work on both aspects of our mandate, with a view to continuously improving the quality of our final products.

In 2023–24, we will implement NSIRA’s renewed forward review plan, which will build upon and expand our subject matter expertise with respect to both the core security and intelligence agencies, and those which are newer to review. This includes further developing NSIRA’s capacity to review the technological elements of national security and intelligence activities.

Over the year ahead, NSIRA will establish new service standards for the investigation of complaints, while continuing to apply the existing rules of procedure. This will support timely and efficient investigations and promote access to justice for complainants.

Throughout the upcoming fiscal year, we will continue to focus on maintaining a safe and healthy workplace and prioritizing the well-being of our workforce. We will continue work to establish a permanent second site, place heightened emphasis on post-graduate recruitment, and continue to implement a flexible approach to hybrid work. In doing so, we will continue to advance departmental priorities related to diversity and inclusion, and to implement our agency accessibility plan.

My sincere thanks go to the staff and members of NSIRA, whose commitment and dedication to success will drive our organization forward over the coming year.

John Davies
Executive Director

Plans at a glance

Over the coming year, NSIRA will continue its ambitious review agenda. This will include:

  • mandatory reviews related to the Canadian Security Intelligence Service (CSIS), the Communications Security Establishment (CSE), the Security of Canada Information Disclosure Act and Governor in Council directions under the Avoiding Complicity in Mistreatment by Foreign Entities Act;
  • reviews prompted by previous reviews that identified high-risk activities or significant issues that require follow-up;
  • reviews of activities undertaken under the new authorities granted to government institutions under the National Security Act, 2017; and
  • reviews of activities where technology and the collection of data are central features.

NSIRA will also continue to expand its knowledge of departments and agencies not previously subject to expert review, including through the conduct of interagency reviews.

After an extensive consultation exercise with key stakeholders and the development of new rules of procedures in 2021, NSIRA will also focus on implementing its new model for investigating complaints. The agency’s goal is to continue enhancing access to justice for complainants and to ensure that NSIRA investigates complaints in a timely manner.

Employee development, health and well-being continue to be key to the agency’s success. NSIRA’s suite of initiatives to protect the physical and mental health of its employees will rely on up-to-date information from surveys and internal discussion groups. NSIRA will also continue to take action on broad federal public service objectives for pay and employment equity, as well as those relating to diversity, inclusion and accessibility.

For more information on NSIRA’s plans, see the “Core responsibilities: planned results and resources, and key risks” section of this plan.

Core responsibilities: planned results and resources, and key risks

This section contains information on the department’s planned results and resources for each of its core responsibilities. It also contains information on key risks related to achieving those results.

National Security and Intelligence Reviews and Complaints Investigations

Description

The National Security and Intelligence Review Agency reviews Government of Canada national security and intelligence activities to assess whether they are lawful, reasonable and necessary. It investigates complaints from members of the public regarding activities of the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), or the national security activities of the Royal Canadian Mounted Police (RCMP), as well as certain other national security-related complaints. This independent scrutiny contributes to the strengthening of the framework of accountability for national security and intelligence activities undertaken by Government of Canada institutions and supports public confidence in this regard.

Planning highlights

Reviews

In support of this outcome, NSIRA will continue to implement an ambitious review agenda in 2023–24. It will review the activities of CSIS and CSE to provide responsible ministers and the Canadian public with an informed assessment of these activities, including their lawfulness, reasonableness and necessity. NSIRA will also build on the knowledge it has acquired of departments and agencies, such as the RCMP, the Canada Border Services Agency, Immigration, Refugees and Citizenship Canada, and the Department of National Defence and Canadian Armed Forces. Using that knowledge, NSIRA will ensure these organizations’ national security or intelligence activities are independently reviewed. NSIRA is committed to transcending the silos that have characterized national security review, and will “follow the thread” of an activity between agencies to ensure its assessments reflect the complex and interwoven approach Canada takes to national security.

NSIRA is committed to ensuring its review agenda remains responsive and topical. In 2023–24 in order to inform the upcoming review of the National Security Act, 2017, NSIRA will focus on the review of activities performed under authorities that were granted by virtue of this legislation. For CSIS, these include the collection and use of datasets, and the implementation of a framework for justifying activities that contravene the law that are carried out by designated employees under specific circumstances in the context of their duties and functions. For CSE, this will include the conduct of active and defensive cyber operations. Other NSIRA reviews that will contribute information in this regard are the annual reviews of the Security of Canada Information Disclosure Act, of the Governor in Council directions under the Avoiding Complicity in Mistreatment by Foreign Entities Act, and of the use of measures by CSIS to reduce threats to the security of Canada.

NSIRA will continue to expand its knowledge of national security institutions by undertaking reviews in the areas of terrorist financing, foreign interference and cybersecurity. The agency will fully utilize its authorities to follow the thread of information across multiple organizations by undertaking reviews on CSIS-CSE collaboration, and the use of human sources by various departments and agencies.

Finally, NSIRA will focus on select reviews where the review of technology and data flows are central, including the collection and use of open-source intelligence at the Department of National Defence, the lifecycle of information collected under warrant by CSIS, and the retention practices of signals intelligence by CSE. NSIRA will be leveraging both internal and external technology expertise in conducting these reviews.

Outreach and collaboration

NSIRA will engage with community stakeholders to understand their concerns surrounding national security and intelligence activities. NSIRA will also continue to proactively publish unclassified versions of its reports throughout the year, as well as information on its plans and processes. The annual report will continue to summarize NSIRA’s review findings and recommendations in context, situating these elements within a broader discussion of key trends and challenges NSIRA has observed over the year.

In 2023–24, NSIRA will continue to draw on the close relationships it has established with the National Security and Intelligence Committee of Parliamentarians and the Office of the Privacy Commissioner of Canada. The agency will coordinate its activities to ensure review is efficient and comprehensive, and avoids unnecessary duplication of effort.

NSIRA is also developing close ties to its international equivalents. It will continue its participation in the Five Eyes Intelligence Oversight and Review Council (FIORC) that brings together review agency representatives from Canada, the United States, Australia, New Zealand and the United Kingdom, by hosting this annual conference in 2023. In addition, NSIRA will continue its working-level engagement with FIORC review bodies to discuss topics of common interest, such as the impacts of new technology, the investigation of complaints from the public and access to information in the possession of reviewed departments. NSIRA also intends to build on its recent efforts to foster new collaborative relationships with other international review bodies and civil society outside the Five Eyes.

Complaints investigations

In 2023–24, NSIRA will also continue to ensure institutions’ accountability and enhance public confidence by conducting consistent, and timely investigations into complaints related to national security and to denial of security clearances. The independent investigation of complaints plays a critical role in maintaining public confidence in Canada’s national security institutions.

NSIRA will apply its new rules of procedure, which were implemented in 2021, to promote accessibility, timeliness and efficiency in the investigation of complaints. This includes an informal resolution process that has proven successful in resolving complaints that do not need to proceed through the entire investigation process. Finally, NSIRA will establish new service standards for the investigation of complaints.

Gender-based analysis plus

In 2023–24, NSIRA will continue to implement its three-year action plan on human rights, accessibility, employment equity, diversity and inclusion. This plan was put into effect last fiscal year following a maturity assessment of NSIRA’s policies, programs and practices, and following the Call to Action from the Clerk of the Privy Council. It includes, among other things, incorporating a GBA+ lens into the design and implementation of policies and programs.

NSIRA’s renewed forward looking review plan is informed by considerations related to anti-racism, equity and inclusion. These considerations apply to the process of selecting reviews to undertake, as well as to the analysis that takes place within individual reviews. NSIRA reviews routinely take into account the potential for national security or intelligence activities to result in disparate outcomes for various communities and will continue to do so in the year ahead.

In the complaint investigations context, NSIRA will continue to work with the Civilian Review and Complaints Commission (CRCC) to develop strategies for the collection, analysis and use of identity-based data. Following the completion of the first phase of a joint project, focus in the year ahead will be on consultations to determine how the public perceives the collection, analysis and use of identity-based data in relation to the NSIRA and CRCC mandate. This information will enable each agency to determine the best approach to developing and implementing an identity-based data strategy.

In 2023-24, NSIRA will begin to implement its inaugural accessibility plan, which outlines the steps that will be taken to increase accessibility, both within the organization and for Canadians more generally, over the next three years. NSIRA’s Diversity, Inclusion and Employment Equity Advisory Committee will also continue to work with management and staff to build a more equitable, diverse and inclusive workplace and workforce. This will include organizing discussions and learning events with all staff, and providing advice on policy and program design

Innovation

Some high impact innovations have enriched NSIRA’s approach to investigations and reviews in the areas of project architecture, quality assurance and the promotion of timeliness in its investigations. Some examples include a horizontal and tiered Quality Assurance Framework. This framework involves a form of ‘red teaming’, in which a panel of experts highlights the weaknesses of a project approach at critical junctures, with the goal of heading off problems before they happen This will ensure the review reflects the agency’s standards for independence, consistency, clarity, objectivity, and rigour. NSIRA is also adopting a matrix management approach to assembling review project teams that will ensure internal mobility and the development of horizontal expertise. NSIRA’s overall commitment is to refrain from a static approach to workflow and project management, and to embrace new methodologies and organizational principles when they best promote the production of review reports of exceptional quality.

Key risks

Some high impact innovations have enriched NSIRA’s approach to investigations and reviews in the areas of project architecture, quality assurance and the promotion of timeliness in its investigations. Some examples include a horizontal and tiered Quality Assurance Framework. This framework involves a form of ‘red teaming’, in which a panel of experts highlights the weaknesses of a project approach at critical junctures, with the goal of heading off problems before they happen This will ensure the review reflects the agency’s standards for independence, consistency, clarity, objectivity, and rigour. NSIRA is also adopting a matrix management approach to assembling review project teams that will ensure internal mobility and the development of horizontal expertise. NSIRA’s overall commitment is to refrain from a static approach to workflow and project management, and to embrace new methodologies and organizational principles when they best promote the production of review reports of exceptional quality.

Planned results for National Security and Intelligence Activity Reviews and Complaints Investigations

The following table shows, for National Security and Intelligence Activity Reviews and Complaints Investigations, the planned results, the result indicators, the targets and the target dates for 2023–24, and the actual results for the three most recent fiscal years for which actual results are available.

Departmental results Departmental result indicator Target Date to achieve target 2019–20 actual result 2020–21 actual result 2021–22 actual result
Note: NSIRA was created on July 12, 2019. Actual results for 2019–20 and 2020–21 are not available because the new Departmental Results Framework in the changeover from the Security Intelligence Review Committee to NSIRA was being developed. This new framework is for measuring and reporting on results achieved starting in 2021–22. In 2022–23, NSIRA will finalize the development of service standards for how long it takes to complete its investigations; the results will be included in the next Departmental Results Report.
Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary All mandatory reviews are completed on an annual basis 100% completion of mandatory reviews December 2022 Not applicable (N/A) N/A 100%
Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year At least one national security or intelligence activity is reviewed in at least five departments or agencies annually December 2022 N/A N/A 100%
All Member-approved high priority national security or intelligence activities are reviewed over a three- year period 100% completion over three years; at least 33% completed each year December 2022 N/A N/A 33%
National security-related complaints are independently investigated in a timely manner Percentage of investigations completed within NSIRA service standards Between 90% and 100% March 2024 N/A N/A N/A

The financial, human resources and performance information for NSIRA’s program inventory is available on GC InfoBase.

Planned budgetary spending for National Security and Intelligence Activity Reviews and Complaints Investigations

The following table shows, for National Security and Intelligence Reviews and Complaints Investigations, budgetary spending for 2023–24, as well as planned spending for that year and for each of the next two fiscal years.

2023–24 budgetary spending (as indicated in Main Estimates) 2023–24 planned spending 2023–24 planned spending 2024–25 planned spending
10,807,324 10,807,324 10,807,324 10,806,338

Financial, human resources and performance information for NSIRA’s program inventory is available in the GC InfoBase.

Planned human resources for National Security and Intelligence Activity Reviews and Complaints Investigations

The following table shows, in full‑time equivalents, the human resources the department will need to fulfill this core responsibility for 2023–24 and for each of the next two fiscal years.

2023–24 planned full-time equivalents 2024–25 planned full-time equivalents 2025–26 planned full-time equivalents
69.0 69.0 69.0

Financial, human resources and performance information for NSIRA’s program inventory is available in the GC InfoBase.

Internal Services: planned results

Description

Internal services are the services that are provided within a department so that it can meet its corporate obligations and deliver its programs. There are 10 categories of internal services:

  • Management and Oversight Services
  • Communications Services
  • Legal Services
  • Human Resources Management Services
  • Financial Management Services
  • Information Management Services
  • Information Technology Services
  • Real Property Management Services
  • Materiel Management Services
  • Acquisition Management Services

Planning highlights

In 2023–24, NSIRA continue to take steps to ensure resources are deployed in the most effective and efficient manner possible and that its operational and administrative structures, tools and processes continue to enhance its ability to deliver on its priorities.

The tight labour market and the distinctive competencies required for NSIRA’s mandate will continue to shape NSIRA priorities in 2023–24, including employee development through seminars and increased participation in national and international forums, the use of internal centres of expertise, and improved leveraging of existing review and investigation information to accelerate and facilitate the acquisition of knowledge. NSIRA will also be able to benefit from recently released external recruitment and internal development programs undertaken within the organization.

The health and well-being of NSIRA employees is key to its success and to its ability to attract and retain talent and for the development of employees’ full potential. To that end, NSIRA has hired a dedicated resource to work with NSIRA’s Champions to accelerate the implementation of its diversity, inclusion, accessibility, mental health and employee development priorities. Using recent survey information and all staff meeting discussions, NSIRA is confident that it will be able to adapt its wellness initiatives to the need of its employees.

Lastly, the continuing impact of COVID-19 on the ability to source goods and services combined with the complexity of some projects has further delayed the completion of NSIRA’s accommodation, infrastructure and systems projects. These enabling investments are now projected to be completed by the end of fiscal year 2023–24.

Planning for contracts awarded to Indigenous businesses

NSIRA is part of the final wave of departments and agencies that are to achieve the mandatory minimum target of contract awards to Indigenous businesses by 2024–25. Efforts are already well under way in support of the Government of Canada’s commitment that a mandatory minimum target of 5% of the total value of contracts is awarded to Indigenous businesses annually. NSIRA had planned to have 2% of total contract values awarded to Indigenous business in 2021–22 and achieved 3%. Measures undertaken within NSIRA to facilitate the achievement of the mandatory minimum target by 2024–25 include a commitment to process an increasing minimum number of contracts in each of the following three fiscal years as set-asides under the Procurement Strategy for Indigenous Business.

The following table shows the percentage of actual, forecasted and planned value for the target.

5% reporting field description 2021–22 actual % achieved 2022–23 forecasted % target 2023–24 planned % target 2024–25 planned % target
Total percentage of contracts with Indigenous businesses 3% 2% 3% 5%

Planned budgetary financial resources for Internal Services

The following table shows, for internal services, budgetary spending for 2023–24, as well as planned spending for that year and for each of the next two fiscal years.

2023–24 budgetary spending (as indicated in Main Estimates) 2023–24 planned spending 2024–25 planned spending 2025–26 planned spending
12,201,901 12,201,901 7,701,607 7,737,518

Planned human resources for Internal Services

The following table shows, in full‑time equivalents, the human resources the department will need to carry out its internal services for 2023–24 and for each of the next two fiscal years.

2023–24 planned full-time equivalents 2024–25 planned full-time equivalents 2025–26 planned full-time equivalents
31.0 31.0 31.0

Planned spending and human resources

This section provides an overview of the department’s planned spending and human resources for the next three fiscal years and compares planned spending for 2023–24 with actual spending for the current year and the previous year.

Planned spending

Departmental spending 2020–21 to 2025–26

The following graph presents planned (voted and statutory) spending over time.

Departmental spending trend graph
  2020–21 2021–22 2022–23 2023–24 2024–25 2025–26
Statutory 962,186 1,176,321 1,360,985 1,755,229 1,755,229 1,756,977
Voted 11,289,189 16,113,433 19,348,025 21,253,996 16,753,702 16,786,929
Total 12,251,375 17,289.754 20,709.010 23,009,225 18,508,931 18,543,906

Fiscal years 2020–21 and 2021–22 show actual expenditures as reported in the Public Accounts, while 2022–23 presents the forecast for the current fiscal year. Fiscal years 2023–24 to 2025–26 present planned spending.

The 2021–22 spending of $17.3 million increased by $5.0 million (41%), compared with 2020–21. The increase is mainly explained by the cost of additional resources hired by NSIRA over that period, by an increase in professional services costs, and by the start of facilities fit-up and expansion projects. Forecast spending in 2022–23 is higher than 2021–22 spending by $3.4 million (20%), primarily due to continued growth in personnel and by investments in facilities, infrastructure and systems.

Spending is expected to increase by $2.3 million (11%) in 2023–24 compared with 2022–23. This planned increase is mainly due to a reprofile of funding to align with the timing of the conduct projects for facilities, infrastructure and systems that had been delayed by the pandemic. Spending is expected to decrease by $4.5 million (20%) in 2024–25, mainly due to the expected completion of the office expansion project in 2023–24. Spending in 2024–25 and 2025–26 is expected to remain relatively unchanged.

Budgetary planning summary for core responsibilities and Internal Services (dollars)

The following table shows information on spending for each of NSIRA’s core responsibilities and for its internal services for 2023–24 and other relevant fiscal years.

Core responsibilities and Internal Services 2020–21 actual expenditures 2021–22 actual expenditures 2022–23 forecast spending 2023–24 budgetary spending (as indicated in Main Estimates) 2023–24 planned spending 2024–25 planned spending 2025–26 planned spending
National Security and Intelligence Reviews and Complaints Investigations 5,607,796 7,394,642 8,472,193 10,807,324 10,807,324 10,807,324 10,806,388
Subtotal 5,607,796 7,394,642 8,472,193 10,807,324 10,807,324 10,807,324 10,806,388
Internal Services 6,643,579 9,895,112 12,236,817 12,201,901 12,201,901 7,701,607 7,737,518
Total 12,251,375 17,289,754 20,709,010 23,009,225 23,009,225 18,508,931 18,543,906

The table illustrates how NSIRA continues to grow its capacity to deliver its mandate through recruitment and the implementation of several facilities, infrastructure and systems projects. Planned accommodation, infrastructure and systems project costs are expected be reduced significantly by 2024–25.

Planned human resources

The following table shows information on human resources, in full-time equivalents, for each of NSIRA’s core responsibilities and for its internal services for 2023–24 and the other relevant years.

Human resources planning summary for core responsibilities and Internal Services

Core responsibilities and Internal Services 2020–21 Actual full-time equivalents 2021–22 Actual full-time equivalents 2022–23 Forecast full-time equivalents 2023–24 Planned full-time equivalents 2024–25 Planned full-time equivalents 2025–26 Planned full-time equivalents
National Security and Intelligence Reviews and Complaints Investigations 17.5 37.8 53.3 69.0 69.0 69.0
Subtotal 17.5 37.8 53.3 69.0 69.0 69.0
Internal Services 11.2 21.7 25.9 31.0 31.0 31.0
Total 28.7 59.5 79.2 100.0 100.0 100.0

With a tight labour market and the requirement for a significant portion of employees to work primarily from secure office space, recruitment continues to prove challenging. New recruitment and retention programs will help NSIRA in its ongoing efforts to be fully staffed.

Estimates by vote

Information on NSIRA’s organizational appropriations is available in the 2023–24 Main Estimates.

Future-oriented condensed statement of operations

The future‑oriented condensed statement of operations provides an overview of NSIRA’s operations for 2022–23 to 2023–24.

The forecast and planned amounts in this statement of operations were prepared on an accrual basis. The forecast and planned amounts presented in other sections of the Departmental Plan were prepared on an expenditure basis. Amounts may therefore differ.

A more detailed future‑oriented statement of operations and associated notes, including a reconciliation of the net cost of operations with the requested authorities, are available on NSIRA’s website.

Future-oriented condensed statement of operations for the year ending March 31, 2024 (dollars)

Financial information 2022–23 Forecast results 2023–24 Planned results Difference (2023–24 planned results minus 2022–23 Forecast results)
Total expenses 18,549,572 23,599,775 5,050,203
Total revenues
Net cost of operations before government funding and transfers 18,549,572 23,599,775 5,050,203

The difference between the 2023–24 planned results and 2022–23 forecast results is mostly explained by delayed planned accommodation, infrastructure and systems project costs.

Corporate Information

Organizational profile

Appropriate minister: The Right Honourable Justin Trudeau, Prime Minister of Canada
Institutional head: John Davies, Executive Director
Ministerial portfolio: Privy Council Office
Enabling instrument: National Security and Intelligence Review Agency Act
Year of incorporation / commencement: 2019

Raison d’être, mandate and role: who we are and what we do

Information on NSIRA’s raison d’être, mandate and role is available on NSIRA’s website.

Operating context

Information on the operating context is available on NSIRA’s website.

Reporting framework

NSIRA’s approved departmental results framework and program inventory for 2023–24 are as follows

Core Responsibility: National Security and Intelligence Reviews and Complaints Investigations
Departmental Results Framework Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary Indicator: All mandatory reviews are completed on an annual basis Internal Services
Indicator: Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year
Indicator: All Member-approved high priority national security or intelligence activities are reviewed over a three-year period
National security-related complaints are independently investigated in a timely manner Indicator: Percentage of investigations completed within NSIRA service standards
Program Inventory Program: National security and intelligence activity reviews and complaints investigations

Supporting information on the program inventory

Supporting information on planned expenditures, human resources and results related to NSIRA’s program inventory is available on GC InfoBase.

Supplementary information tables

The following supplementary information tables are available on NSIRA‘s website.

  • Gender-based analysis plus

Federal tax expenditures

NSIRA’s Departmental Plan does not include information on tax expenditures.

Tax expenditures are the responsibility of the Minister of Finance. The Department of Finance Canada publishes cost estimates and projections for government­‑wide tax expenditures each year in the Report on Federal Tax Expenditures. This report provides detailed information on tax expenditures, including objectives, historical background and references to related federal spending programs, as well as evaluations, research papers and gender-based analysis plus.

Organizational contact information

National Security and Intelligence Review Agency
P.O. Box 2430, Station “D” Ottawa, Ontario
K1P 5W5

Telephone: The phone number is temporarily disabled
Fax: The fax number is temporarily disabled.
Email: info@nsira-ossnr.gc.ca
Website: www.nsira-ossnr.gc.ca

Appendix: definitions

appropriation (crédit)

Any authority of Parliament to pay money out of the Consolidated Revenue Fund.

budgetary expenditures (dépenses budgétaires)

Operating and capital expenditures; transfer payments to other levels of government, organizations or individuals; and payments to Crown corporations.

core responsibility (responsabilité essentielle)

An enduring function or role performed by a department. The intentions of the department with respect to a core responsibility are reflected in one or more related departmental results that the department seeks to contribute to or influence.

Departmental Plan (plan ministériel)

A report on the plans and expected performance of an appropriated department over a 3‑year period. Departmental Plans are usually tabled in Parliament each spring.

departmental priority (priorité)

A plan or project that a department has chosen to focus and report on during the planning period. Priorities represent the things that are most important or what must be done first to support the achievement of the desired departmental results.

departmental result (résultat ministériel)

A consequence or outcome that a department seeks to achieve. A departmental result is often outside departments’ immediate control, but it should be influenced by program-level outcomes.

departmental result indicator (indicateur de résultat ministériel)

A quantitative measure of progress on a departmental result.

departmental results framework (cadre ministériel des résultats)

A framework that connects the department’s core responsibilities to its departmental results and departmental result indicators.

Departmental Results Report (rapport sur les résultats ministériels)

A report on a department’s actual accomplishments against the plans, priorities and expected results set out in the corresponding Departmental Plan.

experimentation (expérimentation)

The conducting of activities that seek to first explore, then test and compare the effects and impacts of policies and interventions in order to inform evidence-based decision-making, and improve outcomes for Canadians, by learning what works, for whom and in what circumstances. Experimentation is related to, but distinct from innovation (the trying of new things), because it involves a rigorous comparison of results. For example, using a new website to communicate with Canadians can be an innovation; systematically testing the new website against existing outreach tools or an old website to see which one leads to more engagement, is experimentation.

full‑time equivalent (équivalent temps plein)

A measure of the extent to which an employee represents a full person‑year charge against a departmental budget. For a particular position, the full‑time equivalent figure is the ratio of number of hours the person actually works divided by the standard number of hours set out in the person’s collective agreement.

gender-based analysis plus (GBA Plus) (analyse comparative entre les sexes plus [ACS Plus])

An analytical process used to assess how diverse groups of women, men and gender-diverse people experience policies, programs and services based on multiple factors including race ethnicity, religion, age, and mental or physical disability.

government-wide priorities (priorités pangouvernementales)

For the purpose of the 2020–21 Departmental Results Report, those high-level themes outlining the government’s agenda in the 2019 Speech from the Throne, namely: Fighting climate change; Strengthening the Middle Class; Walking the road of reconciliation; Keeping Canadians safe and healthy; and Positioning Canada for success in an uncertain world.

horizontal initiative (initiative horizontale)

An initiative where two or more federal organizations are given funding to pursue a shared outcome, often linked to a government priority.

non‑budgetary expenditures (dépenses non budgétaires)

Net outlays and receipts related to loans, investments and advances, which change the composition of the financial assets of the Government of Canada.

performance (rendement)

What an organization did with its resources to achieve its results, how well those results compare to what the organization intended to achieve, and how well lessons learned have been identified.

performance indicator (indicateur de rendement)

A qualitative or quantitative means of measuring an output or outcome, with the intention of gauging the performance of an organization, program, policy or initiative respecting expected results.

performance reporting (production de rapports sur le rendement)

The process of communicating evidence‑based performance information. Performance reporting supports decision making, accountability and transparency.

plan (plan)

The articulation of strategic choices, which provides information on how an organization intends to achieve its priorities and associated results. Generally, a plan will explain the logic behind the strategies chosen and tend to focus on actions that lead to the expected result.

planned spending (dépenses prévues)

For Departmental Plans and Departmental Results Reports, planned spending refers to those amounts presented in Main Estimates.

A department is expected to be aware of the authorities that it has sought and received. The determination of planned spending is a departmental responsibility, and departments must be able to defend the expenditure and accrual numbers presented in their Departmental Plans and Departmental Results Reports.

program (programme)

Individual or groups of services, activities or combinations thereof that are managed together within the department and focus on a specific set of outputs, outcomes or service levels.

program inventory (répertoire des programmes)

Identifies all the department’s programs and describes how resources are organized to contribute to the department’s core responsibilities and results.

result (résultat)

A consequence attributed, in part, to an organization, policy, program or initiative. Results are not within the control of a single organization, policy, program or initiative; instead they are within the area of the organization’s influence.

statutory expenditures (dépenses législatives)

Expenditures that Parliament has approved through legislation other than appropriation acts. The legislation sets out the purpose of the expenditures and the terms and conditions under which they may be made.

target (cible)

A measurable performance or success level that an organization, program or initiative plans to achieve within a specified time period. Targets can be either quantitative or qualitative.

voted expenditures (dépenses votées)

Expenditures that Parliament approves annually through an appropriation act. The vote wording becomes the governing conditions under which these expenditures may be made.

Share this page
Date Modified:

Quarterly Report: For the quarter ended December 31, 2022

Date of Publishing:

Introduction

This quarterly report has been prepared by management as required by section 65.1 of the Financial Administration Act and in the form and manner prescribed by the Directive on Accounting Standards, GC 4400 Departmental Quarterly Financial Report. This quarterly financial report should be read in conjunction with the 2022–23 Main Estimates.

This quarterly report has not been subject to an external audit or review.

Mandate

The National Security and Intelligence Review Agency (NSIRA) is an independent external review body that reports to Parliament. Established in July 2019, NSIRA is responsible for conducting reviews of the Government of Canada’s national security and intelligence activities to ensure that they are lawful, reasonable and necessary. NSIRA also hears public complaints regarding key national security agencies and their activities.

A summary description NSIRA’s program activities can be found in Part II of the Main Estimates.  Information on NSIRA’s mandate can be found on its website.

Basis of presentation

This quarterly report has been prepared by management using an expenditure basis of accounting. The accompanying Statement of Authorities includes the agency’s spending authorities granted by Parliament and those used by the agency, consistent with the 2022–23 Main Estimates. This quarterly report has been prepared using a special-purpose financial reporting framework (cash basis) designed to meet financial information needs with respect to the use of spending authorities.

The authority of Parliament is required before money can be spent by the government. Approvals are given in the form of annually approved limits through appropriation acts or through legislation in the form of statutory spending authorities for specific purposes.

Highlights of the fiscal quarter and fiscal year-to-date results

This section highlights the significant items that contributed to the net increase or decrease in authorities available for the year and actual expenditures for the quarter ended December 31st, 2022.

NSIRA spent approximately 39% of its authorities by the end of the third quarter, compared with 33% in the same quarter of 2021–22 (see graph 1).

Graph 1: Comparison of total authorities and total net budgetary expenditures, Q3 2022–23 and Q3 2021–22

Graph: Comparison of total authorities and total net budgetary expenditures - Text version follows
Comparison of total authorities and total net budgetary expenditures, Q3 2022–23 and Q3 2021–22
  2022-23 2021-22
Total Authorities $29.8 $31.3
Q3 Expenditures $4.7 $3.7
Year-to-Date Expenditures $11.6 $10.2

Significant changes to authorities

As at December 31, 2022, Parliament had approved $29.8 million in total authorities for use by NSIRA for 2022–23 compared with $31.3 million as of December 31st, 2021, for a net decrease of $1.5 million or 4.8% (see graph 2).

Graph 2: Variance in authorities as at December 31, 2022

Graph: Variance in authorities as at December 31, 2022 - Text version follows
Variance in authorities as at December 31, 2022 (in millions)
  Fiscal year 2021-22 total available for use for the year ended March 31, 2022 Fiscal year 2022-23 total available for use for the year ended March 31, 2023
Vote 1 – Operating 29.6 28.1
Statutory 1.7 1.7
Total budgetary authorities 31.3 29.8

*Details may not sum to totals due to rounding*

The decrease of $1.5 million in authorities is mostly explained by a gradual reduction in NSIRA’s ongoing operating funding.

Significant changes to quarter expenditures

The third quarter expenditures totalled $4.7 million for an increase of $1.0 million (26%) when compared with $3.7 million spent during the same period in 2021–2022.  Table 1 presents budgetary expenditures by standard object

Table 1

Variances in expenditures by standard object(in thousands of dollars) Fiscal year 2022-23: expended during the quarter ended December 31, 2022 Fiscal year 2021-22: expended during the quarter ended December 31, 2021 Variance $ Variance %
Personnel 2,503 2,654 (151) (6%)
Transportation and communications 82 93 (11) (12%)
Information 4 24 (20) (83%)
Professional and special services 1,271 404 867 215%
Rentals 83 64 19 30%
Repair and maintenance 685 398 287 72%
Utilities, materials and supplies 21 13 8 62%
Acquisition of machinery and equipment 2 72 (70) (97%)
Other subsidies and payment 17 (21) 38 (181%)
Total gross budgetary expenditures 4,668 3,701 967 26%

Information

The decrease of $20,000 is explained by a decrease in the use of communications consultants.

Professional and special services

The increase of $867,000 is explained by the timing of payment for NSIRA’s internal support services agreement with the Privy Council Office. In fiscal year 2021-2022 most of the payments went through in the fourth quarter however in fiscal year 2022-2023, most of the payments went through in the third quarter.

Repair and maintenance

The increase of $287,000 is due to fit-up costs for one large infrastructure project that ramped up in 2022-2023.

Acquisition of machinery and equipment

The decrease of $70,000 is explained by several one-time computer equipment and storage solution purchases in fiscal year 2021-2022.

Other subsidies and payments

The increase of $38,000 is explained by an increase in payroll system overpayments.

Significant changes to year-to-date expenditures

The year-to-date expenditures totalled $11.6 million for an increase of $1.4 million (14%) when compared with $10.2 million spent during the same period in 2021–22. Table 2 presents budgetary expenditures by standard object.

Table 2

Variances in expenditures by standard object(in thousands of dollars) Fiscal year 2022-23: expended during the quarter ended December 31, 2022 Fiscal year 2021-22: expended during the quarter ended December 31, 2021 Variance $ Variance %
Personnel 2,503 2,654 (151) (6%)
Transportation and communications 82 93 (11) (12%)
Information 4 24 (20) (83%)
Professional and special services 1,271 404 867 215%
Rentals 83 64 19 30%
Repair and maintenance 685 398 287 72%
Utilities, materials and supplies 21 13 8 62%
Acquisition of machinery and equipment 2 72 (70) (97%)
Other subsidies and payment 17 (21) 38 (181%)
Total gross budgetary expenditures 4,668 3,701 967 26%

Transportation and communications

The increase of $66,000 is due to increased travel, as travel restrictions due to COVID-19 are no longer in place in Canada.

Information

The decrease of $32,000 is explained by a decrease in the use of communications consultants and electronic subscriptions.

Professional and special services

The increase of $1,255,000 is mainly due to increases in information technology support services by the Communications Security Establishment ($173K), and more advanced billing for Internal Support Services by the Privy Council Office ($722K).

Rentals

The increase of $51,000 is mainly explained by the purchase of Visio Pro, Project Pro, and FoxIT software licenses in 2022-2023.

Repair and maintenance

The increase of $138,000 is due to fit-up costs for one large infrastructure project that ramped up in 2022-2023.

Acquisition of machinery and equipment

The decrease of $431,000 is mainly explained by several one-time computer equipment purchases made in the first and second quarter of 2021-2022.

Risks and uncertainties

The ability of NSIRA to access the information it needs to conduct its reviews and complaints investigations is closely tied to the capacity of the reviewed or investigated departments and agencies to respond to NSIRA’s demands. While most pandemic constraints have subsided, there continues to be recruitment challenges in a tight labour market.  To address this challenge, NSIRA is experimenting with hybrid workplace approaches, launching internal career development programs and focusing on onboarding practices to attract and retain talent.

NSIRA is closely monitoring pay transactions to identify and address over and under payments in a timely manner and continues to apply ongoing mitigating controls.

Mitigation measures for the risks outlined above have been identified and are factored into NSIRA’s approach and timelines for the execution of its mandated activities.

Significant changes in relation to operations, personnel and programs

There have been no new Governor-in-Council appointments during the third quarter.

There have been no changes to the NSIRA Program.

Approved by senior officials:

John Davies
Deputy Head

Pierre Souligny
Chief Financial Officer

Appendix

Statement of authorities (Unaudited)

(in thousands of dollars)

  Fiscal year 2022–23 Fiscal year 2021–22
  Total available for use for the year ending March 31, 2023 (note 1) Used during the quarter ended December 30, 2022 Year to date used at quarter-end Total available for use for the year ending March 31, 2022 (note 1) Used during the quarter ended December 30, 2021 Year to date used at quarter-end
Vote 1 – Net operating expenditures 28,063 4,236 10,318 29,615 3,275 8,922
Budgetary statutory authorities  
Contributions to employee benefit plans 1,728 432 1,296 1,705 426 1,278
Total budgetary authorities (note 2) 29,791 4,668 11,614 31,319 3,701 10,200

Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.

Note 2: Details may not sum to totals due to rounding.

Departmental budgetary expenditures by standard object (unaudited)

(in thousands of dollars)

  Fiscal year 2022–23 Fiscal year 2021–22
  Planned expenditures for the year ending March 31, 2022 (note 1) Expended during the quarter ended December 30, 2021 Year to date used at quarter-end Planned expenditures for the year ending March 31, 2021 Expended during the quarter ended December 30, 2020 Year to date used at quarter-end
Expenditures
Personnel 13,389 2,503 7,751 13,222 2,654 7,407
Transportation and communications 597 82 196 673 93 130
Information 372 4 9 375 24 41
Professional and special services 4,902 1,271 2,695 7,029 404 1,440
Rentals 271 83 132 188 64 81
Repair and maintenance 9,722 685 749 8,737 398 611
Utilities, materials and supplies 173 21 49 103 13 25
Acquisition of machinery and equipment 232 2 15 991 72 446
Other subsidies and payments 133 17 18 0 (21) 19
Total gross budgetary expenditures
(note 2)
29,791 4,668 11,614 31,319 3,701 10,200

Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.

Note 2: Details may not sum to totals due to rounding.

Share this page
Date Modified:

Review of CSIS threat reduction activities: A Focus on Information Disclosure to External Parties

Review Backgrounder

This is the second annual review of the Canadian Security Intelligence Service’s (CSIS) threat reduction measures (TRMs) completed by the National Security Intelligence Review Agency (NSIRA). This review sought to expand upon findings from last year’s review by examining a larger number of TRMs wherein CSIS disclosed information to external parties with their own levers of control, to reduce identified threats.

The review studied the characteristics of these particular TRMs but focused its examination upon the extent to which CSIS appropriately identified, documented and considered any plausible adverse impacts that these measures could have on affected individuals.

Date of Publishing:

1. Executive Summary

██ This is the second annual review of the Canadian Security Intelligence Service’s (CSIS) threat reduction measures (TRMs) completed by the National Security Intelligence Review Agency (NSIRA). This review sought to expand upon findings from last year’s review by examining a larger number of TRMs wherein CSIS disclosed information to external parties with their own levers of control, to reduce identified threats.

██ The review studied the characteristics of these particular TRMs but focused its examination upon the extent to which CSIS appropriately identified, documented and considered any plausible adverse impacts that these measures could have on affected individuals.

██ With respect to the TRMs studied, NSIRA observed that ███████████ of external parties were involved in these TRMs, ██████ which had varied levers of control with which they could take action against identified threats or the subjects of these measures. NSIRA also observed that CSIS disclosed different kinds of information to external parties for these TRMs. NSIRA noted that CSIS’s documentation of TRMs was uneven. CSIS did not always document ████████████████████ sometimes excluded an account of the actions taken by external parties as part of these measures. NSIRA also noted that CSIS documentation of the information it disclosed to external parties, as part of these TRMs, was inconsistent, and at times, lacked clarity and specificity.

██ An understanding of both external parties’ levers of control and the scope and breadth of information disclosed to external parties for TRMs is important and feeds into the overall risk assessment of each proposed measure. Without more robust documentation, CSIS is neither capable of assessing the efficacy of its measures nor appreciating the full impact of its actions on the subjects of its measures.

██ In 2020, NSIRA asserted that, when determining whether a warrant is required, CSIS should consider impacts on individuals resulting from the entirety of threat reduction measures: both from CSIS’s disclosure of information and from actions taken by recipient external parties, to reduce the threat. The adverse impacts on individuals observed in the TRMs examined for this year’s review underscore NSIRA’s position.

██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████.

██ The current assessment framework ████████████ to determine whether a warrant is required is overly narrow and does not sufficiently consider the full impacts of CSIS threat reduction measures. NSIRA recommends that CSIS consider plausible adverse impacts resulting not only from CSIS disclosures of information but also from the actions of external parties as part of TRMs, when determining whether a warrant is required.

██ NSIRA was able to use its direct access to CSIS information repositories to confirm information that it needed to verify and to pursue necessary additional inquiries. For that reason, NSIRA has a high level of confidence in the information on which it relied to complete this review. NSIRA would also like to recognize that CSIS was timely in responding to NSIRA’s requests for information throughout the course of this review.

2. Authorities

██ This review was conducted under the authority of subsection 8(2) of the National Security and Intelligence Review Agency Act (NSIRA Act).

3. Introduction

Background

██ This review is the second annual review of CSIS threat reduction measures (TRMs) completed by the National Security Intelligence Review Agency (NSIRA).

██ In its first review of TRMs (NSIRA’s 2020 review), NSIRA examined ███ TRMs in which CSIS disclosed information to an external party. In all cases examined, CSIS disclosed the information to an external party in order for the external party to take action in some way using its own levers of control to address the identified threat.3 This year’s review examined a larger subset of TRMs that involved CSIS disclosing information to an external party for the purpose of obtaining a desired threat reduction outcome. NSIRA focused primarily on examining how CSIS identifies and considers the plausible adverse impacts of these measures on affected individuals.

Scope

██ The review period covers June 18, 2015 to December 31, 2020, and includes ██ proposed TRMs that involved CSIS disclosing information to an external party for the purpose of using that external party as a conduit for the desired action against the subject of the TRM. Of these ██ proposed TRMs, ██ were approved and ██ were implemented.

Sources and Methodology

██ NSIRA examined information from a variety of sources, including:

Document Review

  • ██ Ministerial directions issued by the Minister of Public Safety and Emergency Preparedness to CSIS.
  • ██ CSIS’s internal governance framework for TRMs, which included policies, procedures, guidance and training material, tracking systems and cooperation agreements.
  • ██ All pertinent threat reduction measure documentation, ██████████████████████████████████████████ email communications, operational messages, and █████████████.
  • ██ Relevant █████████ , including responses to NSIRA’s Requests for Information.

Briefing

  • ██ One briefing from the Department of Justice.

Analysis of Administrative Data

  • ██ Descriptive statistics of the TRM sample.
  • ██ Cross-reference of TRM subjects in the review sample with NSIRA’s investigation files for complaints submitted to SIRC (2015 to July 2019) and NSIRA (July 2019 to 2020) in order to document any complaints investigations underpinned by a CSIS TRM.

TRM mandate

██ In June 2015, Parliament enacted the Anti-terrorism Act, 2015, which authorized CSIS, in the new section 12.1 of the CSIS Act, to take measures to reduce threats to the security of Canada, within or outside Canada. The new measures represented an unprecedented departure from CSIS’s traditional intelligence collection role.

██ In July 2019, the National Security Act, 2017, came into force and introduced amendments to CSIS’s TRM mandate that sought to clarify and further define this power. In particular, the amendments stressed the importance of compliance with the Canadian Charter of Rights and Freedoms (Charter). They included specific provisions affirming the need for all TRMs to comply with the Charter, and stipulating that measures could only limit Charter rights or freedoms if authorized by a judge under a warrant. The amendments also included an expanded list of prohibited conduct under the TRM regime: among other things, CSIS cannot engage in measures that cause death or bodily harm, subject an individual to torture, or detain or violate the sexual integrity of an individual.

██ The CSIS Act does not provide a precise definition of “measures to reduce the threat.” As such, CSIS has developed its own definition to guide its TRM activities. According to CSIS, a TRM is “[a]n operational measure undertaken by the Service, pursuant to section 12.1 of the CSIS Act, whose principal purpose is to reduce a threat to the security of Canada as defined in s. 2 of the CSIS Act.

██ Section 12.1 of the CSIS Act states that CSIS may only undertake a TRM if there are reasonable grounds to believe that the identified conduct is a threat to the security of Canada. TRMs must be reasonable and proportional in the circumstances, having regard to the nature of the threat, the nature of the measures, the reasonable availability of other means to reduce the threat, and the reasonably foreseeable effects on third parties, including on their right to privacy. CSIS must also consult with other federal departments, where appropriate, with respect to whether they may be in a position to reduce the threat. CSIS must also seek a warrant from a judge where a proposed TRM would limit a right or freedom guaranteed by the Charter or would otherwise be contrary to Canadian law.

██ The 2015 Ministerial Direction for Operations and Accountability and the 2019 Ministerial Direction for Accountability issued by the Minister of Public Safety require all TRMs to undergo a four-pillar risk assessment that examines the operational, political, foreign relations, and legal risks of proposed actions on a scale of low, medium or high. In addition, they require that, when assessing the appropriate means of reducing a threat, CSIS consider the range of other possible national security tools available to the broader community, and consult with departments and agencies of the Government of Canada with mandates or authorities closely related to the proposed TRM.

Governance

██ CSIS’s TRM unit is made up of full-time employees, and is responsible for developing and updating policies and procedures related to TRMs; it also provides support to operational units involved with TRMs.

██ Operational units must consult with the TRM unit at the planning stage, and while drafting ██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

██ CSIS’s governing policy outlines the requirements associated with planning, approving, implementing, and reporting TRMs, including their use in exigent circumstances.9 The policy replicates the relevant provisions of the CSIS Act, without adding much direction beyond citing the existing legislative regime. For example, the policy incorporates the Act’s requirement to ensure that TRMs are reasonable and proportional, having regard to the nature of the threat, the nature of the measures, the reasonable availability of other means to reduce the threat, and the reasonably foreseeable effects of the measure on third parties, including their right to privacy. ████████████████████████████████████████████████████████████████████████████████

███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

███████████████ NSIRA notes that in conducting its legal assessments, ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████.

██ CSIS has also developed internal guidelines for consultations with other government departments, ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

4. Findings and recommendations

Brief overview – TRMs, by the numbers

During the review period, CSIS proposed TRMs in total.

  • proposed measures involved an external party that had an ability to act using its own levers of control.
  • Of these proposed measures, were approved and implemented.
  • Of the approved measures, none of them, in CSIS’s view, required judicial authorization, or warrants, to proceed.

██ Comprising █████████ proposed measures, information disclosure to external parties was a common strategy that CSIS proposed as part of TRMs, to reduce perceived threats to the security of Canada.

CSIS’s information disclosures as part of TRMs

██ NSIRA examined documentation supporting the ██ proposed TRMs, including the ██ implemented TRMs where CSIS disclosed information to an external party to reduce a threat to the security of Canada. NSIRA looked to identify and assess:

  • the types of external parties involved in the proposed TRMs;
  • the nature of the information that CSIS shared as part of these measures; and
  • the extent to which CSIS identified, documented and considered the plausible adverse impacts of the measure on individuals.

Types of external parties involved in proposed TRMs

████████████ NSIRA provides examples of the types of external parties involved in proposed TRMs, as well as some of the varied actions they could take in Table 1, below.

*Completed Redacted table*

Nature of information disclosed

████████████ NSIRA examined implemented TRMs to identify the different types of information CSIS shared with external parties. NSIRA observed that the nature of the disclosures varied greatly and also often included information ███████████ linking the subject to threat-related or criminal activity:

█████████████████████████████████████████████████████████████████

█████████████████████████████████████████████████████████████████

█████████████████████████████████████████████████████████████████

███████████████████████████████████████████████████████████████████████████████████████

████████ NSIRA also observed that CSIS used ███████████████████████████████████████████████████████████████████████████████████████ For example, █████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

███████████ NSIRA observed that CSIS’s documentation of the information disclosed to the external party was uneven and, at times, lacked clarity and specificity. █████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ Where the information to be disclosed is vaguely described, the full range of plausible adverse direct and indirect impacts may be difficult to ascertain with any precision. This affects the rigour of any associated risk assessment, including the legal risk assessment.

██████████ By contrast, NSIRA noted certain instances in which CSIS provided a sufficiently detailed description of the information to be disclosed in its documented materials.

██ In NSIRA’s view, the precise content, including the scope and breadth of the information to be disclosed to an external party as part of a TRM, is important and feeds into the overall risk assessment of the proposed measure. A detailed and precise description of the information to be disclosed would allow for more considered assessments.

██ Finding 1: NSIRA finds that CSIS’s documentation of the information disclosed to external parties as part of TRMs was inconsistent and, at times, lacked clarity and specificity.

██ Recommendation 1: NSIRA recommends that when a TRM involves CSIS disclosing information to external parties, CSIS should clearly identify and document the scope and breadth of information that will be disclosed as part of the proposed measure.

Identification, documentation and consideration of impacts

██ NSIRA’s 2020 TRM review examined ██ TRMs where CSIS disclosed information to an external party in order to disrupt a ██████ threat actor. That review underlined the importance of considering all plausible adverse impacts on an affected individual as part of the TRM approval process. In this year’s review, NSIRA sought to examine a larger sample of TRMs in which CSIS disclosed information to external parties to reduce an identified security threat. This year’s review allowed NSIRA to gain greater insight into CSIS’ intended outcomes for these TRMs and how CSIS assessed their impact on the individual.

██ The following examples highlight common impacts that NSIRA identified:

████████████████████████████████████████████████████

████████████████████████████████████████████

████████████████████████████████

██████████████████████████████████████████

██ The interests engaged where measures affect ██████████████████████████████████████████████████████████████████████████████ can have significant and lasting impacts on the subjects and their families. For example, measures that impact the ████████████████████████████████████████████████ interfere with ████████████████████████████████████████████████ Moreover, the associated hardships can affect the subject’s inherent dignity. The norms of our liberal democracy dictate that people in society should be able to █████████████████████████████████████████████

When CSIS is assessing the reasonableness and proportionality of TRMs that can impact the █████████████

as well as assessing whether a warrant is required, it is important that the analysis sufficiently take these factors into consideration.

Measures affecting ███████

███████

███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

████████████████████████ In NSIRA’s view, the identification and assessment of the risks associated with ███████████████████████████████████████████████████████████ failed to fully explore the plausible adverse impacts of these actions. ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

████████████████████

████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

████████████████████

Nevertheless, NSIRA observes that CSIS approved a TRM without knowing the actions, if any, that the ██████████ was required to take under Canadian law or could take, pursuant to its ██████████ This information could have contributed to the assessment of the plausible adverse impacts of the measure upon individuals. ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

Measures affecting ██████████

████████████████████

██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

███████████████████████████ NSIRA notes that, at the time the proposed measure was assessed, CSIS did not appreciate the authority and capacity of each of the organizations to prevent the individual from ██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

Measures preventing ████████████

███████████████

████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

Measures ██████████████████████████████

█████████████

█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

██████████████████████████ While this TRM likely raises issues associated with the extraterritorial application of the Charter, NSIRA focused its assessment on the scope and nature of the plausible adverse impacts of the measure. NSIRA notes that at the time the proposed measure was assessed, CSIS did not have a developed understanding of potential harms ██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

██████████████████

███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

Identification of impacts

██ NSIRA observes that CSIS’s understanding of the scope and breadth of the potential ramifications of disclosing information to external parties varied across the reviewed sample. NSIRA expected to see that when CSIS disclosed information to an external party, CSIS had a genuine appreciation of the scope of the plausible adverse outcomes, including the actions that the external party could take. NSIRA also expected to see a consideration of, not only the impacts of the intended outcomes of the measure, but also any collateral adverse impacts.

██ For examples, █████████████████████████████████████████████████████████████████ NSIRA expected CSIS to understand the ability of the external party to take action. As noted in some of the examples above, while CSIS always had a clear desired outcome for the TRM, CSIS did not always have an adequate appreciation of the powers and authority (levers of control) of the external party receiving the information.

██████████████████████████████ NSIRA observed that CSIS had turned its mind to whether the proposed measure could have █████████████████████████████████████████████ However, the identified impacts fell short because they did not consider the foreseeable possibility that the individual could be █████████████

██ Finding 2: NSIRA finds that CSIS does not systematically identify or document the external parties’ authority and ability to take action, or plausible adverse impacts of the measure.

██ Recommendation 2: NSIRA recommends that CSIS fully identify, document and consider the authority and ability of the external party to take action, as well as the plausible adverse impacts of the measure.

Documentation of outcomes

██ NSIRA expected to obtain more certainty with respect to the outcomes of these measures by reading official outcomes reports, ██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ This suggested that CSIS’s reporting system was inadequate or that these reports were improperly filed or non-existent.

██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

██ NSIRA observes that follow-ups with the external party should be an essential
component of measures involving information disclosure whose principal purpose is to reduce a security threat. Without robust documentation and after action reports on TRMs, CSIS is incapable of assessing the efficacy of the measure as well as appreciating the full impact of its actions. An examination of well-documented afteraction reports will also enable CSIS ██████ to determine whether their initial reasonableness and proportionality assessment may have failed to consider important considerations, which can, in turn, inform the assessments of future proposed TRMs.

██ Finding 3: NSIRA finds that CSIS did not consistently document the outcomes of TRMs in accordance with its policy. Furthermore, CSIS policy doesnot require it to document the actions taken by external parties.

██ Recommendation 3: NSIRA recommends that CSIS should amend its TRM policy to include a requirement to systematically document the outcomes of TRMs, including actions taken by external parties. This practice should inform post-action assessments and future decision-making.

██ Recommendation 4: NSIRA recommends that CSIS comply with its record-keeping policies related to documenting the outcomes of TRMs.

Consideration of impacts when assessing whether a warrant is required

██ The variety of impacts observed in this year’s TRM review highlights the salience of NSIRA’s recommendation in 2020, namely that CSIS consider more comprehensively potential adverse impacts of these types of measures on the affected individuals. This recommendation underlined that all potential impacts on an affected individual, even where they are carried out by the external party and not CSIS, should be consideredwhen determining whether a warrant is required.

██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

██ This limited consideration of the impacts of TRMs was also evident in this year’s review. ████████████████████████████████████████████████████████████████████████████████

████████████████████████████████████████ In an October 2021 briefing between NSIRA and ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

██ NSIRA notes that CSIS cannot avoid responsibility just because the outcomes of an action would be effected by someone else’s hand. ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ Where there is a sufficient causal connection between CSIS’s actions and the ultimate outcomes, the principles of fundamental justice apply to deprivations of life, liberty or security effected by external parties. ████████████████████████████████████████████████████████████████████████████████████████████████████████ This is particularly so when such a foreseeable risk has been identified in the reasonableness and proportionality analysis.

██ The current structure used to determine whether CSIS should obtain a warrant for its TRMs is an insufficient implementation of the warrant requirements of the TRM provisions. Sections 12.1 (3.2) and (3.4) require CSIS to seek a warrant when the measure would limit a Charter right or otherwise be contrary to Canadian law. The current ██████████████████ by CSIS is overly narrow and should not be based on the impacts of a CSIS action alone. Rather, it should consider the full impact of the measure, including any direct and indirect impacts caused or initiated by external parties.

██ The CSIS Act is clear that when a proposed TRM would limit a Charter right or freedom, or would otherwise be contrary to Canadian law, CSIS must seek a judicial warrant. In NSIRA’s 2020 TRM Review, CSIS deemed that a warrant was not required for the reviewed TRMs, because it viewed the external party as responsible for taking action, not CSIS. NSIRA identified its concerns with this approach, and noted that consideration of the full impact of such proposed TRMs, including any downstream Charter implications resulting from the external parties’ actions could require CSIS to obtain a warrant before undertaking these types of measures.

██ CSIS’s response to this recommendation stated “the Department of Justice will further consider this recommendation and factor it into its work related to TRM under the CSIS Act.

██████████████████████ However, as noted above, ██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

██ NSIRA fundamentally disagrees with CSIS’s understanding of and approach to the legal analysis of determining whether a warrant is required for proposed TRMs.

██ Going forward, NSIRA expects that when proposing a TRM where an individual’s Charter rights would be limited, or that would otherwise be contrary to Canadian law, whether at the direct hand of CSIS or that of an external party to whom CSIS disclosed information, CSIS will seek a warrant to authorize the TRM.

██ Finding 4: NSIRA finds that when determining whether a warrant is required,CSIS’s assessment is overly narrow due to a failure to appropriately consider the impacts resulting from external party actions.

██ Recommendation 5: NSIRA recommends that CSIS appropriately consider the impacts resulting from external party actions when determiningwhether a warrant is required.

Conclusion

██ The variety of impacts observed in this year’s review, combined with the gaps identified in CSIS’s understanding and assessment of these impacts highlights the salience of a number of NSIRA’s recommendations in 2020.

██ The TRM regime was introduced in 2015 to address an evolving security and intelligence landscape. NSIRA recognizes that CSIS’ threat disruption powers can be an effective tool to diminish a national security threat. While these powers provide CSIS with additional flexibility, they also demand heightened responsibility, given their covert nature and ability to profoundly impact, not only the subject of a given TRM, but others potentially captured by its scope. As this review demonstrates, TRMs can interfere with ███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ Mindful of the need to reduce threats, but recognizing the competing values at stake, it is critical that CSIS subject its TRMs to robust and thorough analyses, both prior to and following their implementation.

██ NSIRA reiterates its recommendation that CSIS consider more comprehensively the plausible adverse impacts of these types of measures on the affected individuals, even when they are carried out by the external party and not CSIS. These impacts should be considered not only when considering the reasonableness and proportionality of a proposed measure, but also when determining whether a warrant is required.

██ In addition, this year’s review again highlighted the importance of Justice’s involvement in the TRM approval process. More specifically, the necessity for Justice to be provided sufficient information, in this case on the nature of the information to be disclosed by CSIS as well as the authority and actions (levers of control) the external party can take, to allow Justice to provide considered legal advice.

██ Finally, without robust documentation and after action reports on TRMs, CSIS is incapable of assessing the efficacy of the measures or appreciating the full impact of its actions. CSIS should systematically identify the actions that are taken by external parties for threat reduction measures that involve CSIS disclosures of information. Identifying and recording these actions and the subsequent impacts on TRM subjects will inform not only TRM risk assessments, but also enable CSIS to build upon its experience with TRMs and guide future decision-making.

██ While outside of the scope of this review, NSIRA is aware that in January 2021, CSIS launched ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ NSIRA may in the future review ████████████████████████████████ and whether it has impacted the identification and consideration of plausible adverse impacts of measures on individuals.

Annex A: Findings and Recommendations

██ Finding 1: NSIRA finds that CSIS’s documentation of the information disclosed to external parties as part of TRMs was inconsistent and, at times, lacked clarity and specificity

██ Finding 2: NSIRA finds that CSIS does not systematically identify or document the external parties’ authority and ability to take action, or plausible adverse impacts of the measure.

██ Finding 3: NSIRA finds that CSIS did not consistently document the outcomes of TRMs in accordance with its policy. Furthermore, CSIS policy does not require it to document the actions taken by external parties.

██ Finding 4: NSIRA finds that when determining whether a warrant is required, CSIS’s assessment is overly narrow due to a failure to appropriately consider the impacts resulting from external party actions.

██ Recommendation 1: NSIRA recommends that when a TRM involves CSIS disclosing information to external parties, CSIS should clearly identify and document the scope and
breadth of information that will be disclosed as part of the proposed measure.

██ Recommendation 2: NSIRA recommends that CSIS fully identify, document and consider the authority and ability of the external party to take action, as well as the plausible adverse impacts of the measure.

██ Recommendation 3: NSIRA recommends that CSIS should amend its TRM policy to include a requirement to systematically document the outcomes of TRMs, including actions taken by external parties. This practice should inform post-action assessments and future decision-making.

██ Recommendation 4: NSIRA recommends that CSIS comply with its recordkeeping policies related to documenting the outcomes of TRMs.

██ Recommendation 5: NSIRA recommends that CSIS appropriately consider the impacts resulting from external party actions when determining whether a warrant is required.

Share this page
Date Modified:

Departmental Results Report: 2021-22

Meta data information

Cat. Number: PS106-8E-PDF
ISSN: 2563-5174

© Her Majesty the Queen in Right of Canada, 2021

Date of Publishing:

From the Executive Director

The National Security and Intelligence Review Agency (NSIRA) marked its second full year of operation in 2021–22, and we continued to build institutional processes and systems throughout the period with the goal of putting the organization on a solid long-term footing.

We refined our review processes, with an emphasis on generating high-quality reviews by establishing interdisciplinary teams that incorporate subject-matter, legal and technological expertise. Throughout the year, we expanded our institutional understanding of the various departments and agencies that make up Canada’s security and intelligence community, and reviewed activities that had not previously been subject to independent scrutiny. We also developed a consistent way to assess the timeliness of departmental responses to support public reporting and transparency.

In 2021–22, we implemented new Rules of Procedure for our complaints investigation process that were based on a major consultation and reform in the year prior. These new rules are aimed at enhancing efficiency in the process, as well as access to justice for complainants. Our work on both reviews and complaints investigations was informed by our network of like-minded review and complaints investigation bodies, as well as our network of Canadian and international academics and civil society organizations.

We continued our practice of proactively redacting and releasing review reports on our website. As stated in the past, we consider this type of transparency vital to the development of an enhanced culture of accountability among departments and agencies involved in national security and intelligence activities.

We achieved much throughout the year despite the ongoing pandemic, thanks to the hard work of our talented and dedicated staff. I would like to thank our employees for their commitment during this period, and for the energy and enthusiasm that they bring to the continued growth of our organization.

John Davies
Executive Director
National Security and Intelligence Review Agency

Results at a glance

The National Security and Intelligence Review Agency (NSIRA) began operating in 2019 as a new independent accountability mechanism in Canada. Its broad review and investigations mandate covers the national security and intelligence activities of departments and agencies across the federal government. The agency’s total actual spending in 2021–22 amounted to $17,289,754 and its total actual full-time equivalents were 74.

For a significant part of the fiscal year, the pandemic required NSIRA staff to work remotely, limiting its access to classified materials that are critical to NSIRA’s work. To adjust, NSIRA revised its review plans and used innovative approaches to continue to advance its work. This included implementing strict rotating schedules to enable limited office access for classified work to continue safely and using videoconference technology where possible. This allowed NSIRA to fulfill its statutory obligations and uphold its commitments to Canadians. Despite the restrictions, NSIRA was able to enhance its scrutiny of Canada’s national security and intelligence activities.

Below are some of NSIRA’s achievements in 2021–22.

Review

NSIRA’s review of national security and intelligence activities undertaken by Government of Canada institutions ensures that ministers and Canadians are informed about whether these activities were lawful, reasonable and necessary.

During 2021–22, NSIRA completed and approved 10 reviews, including six dedicated to reviewing the activities of a specific department or agency and four interdepartmental reviews that involved more than a dozen departments and agencies. This helped to extend both the breadth and depth of NSIRA’s knowledge and experience.

NSIRA continued to develop and improve its review framework. With the creation of its Technology Directorate, for example, NSIRA boosted its capacity to do technical review. The review framework now embeds legal and technological experts in the review process at the outset of reviews and outlines a clear process to promote consistency across subject areas.

Complaint investigations

NSIRA independently investigates national security and intelligence–related complaints from members of the public and strives to do so in a timely manner.

In fiscal year 2021–22, NSIRA completed two complaints investigations and issued two final reports. NSIRA also received 58 referrals from the Canadian Human Rights Commission, pursuant to subsection 45(2) of the Canadian Human Rights Act, substantially increasing its inventory of complaint files. This high-volume caseload affected NSIRA’s overall management of its cases.

In 2021, NSIRA also finalized its major reform and modernization of its complaints investigation process, aimed at streamlining the procedural steps and promoting access to justice for self-represented complainants.

Reporting and transparency

During the reporting period, NSIRA remained committed to publishing redacted and depersonalized investigation reports to promote and enhance transparency in its investigations as set out in its January 2021 policy statement. NSIRA also turned its attention to examining appropriate ways to release declassified and depersonalized final complaints investigations reports, and consulted with parties to the complaint investigations.

For more information on NSIRA’s plans, priorities and results achieved, see the “Results: what we achieved” section of this report.

Results: what we achieved

Core responsibility

National Security and Intelligence Reviews and Complaints Investigations

Description:

The National Security and Intelligence Review Agency reviews Government of Canada national security and intelligence activities to assess whether they are lawful, reasonable and necessary. It investigates complaints from members of the public regarding activities of CSIS, CSE or the national security activities of the RCMP, as well as certain other national security-related complaints.  This independent scrutiny contributes to the strengthening of the framework of accountability for national security and intelligence activities undertaken by Government of Canada institutions and supports public confidence in this regard.

Results:

In 2021–22, NSIRA delivered on its mandate by completing reviews on federal departments and agencies involved in a wide array of national security and intelligence activities, and efficiently supported agency members in conducting several complaints investigations using a revised and improved process.

Review of national security and intelligence activities

NSIRA completed 10 national security and intelligence reviews over the course of 2021–22. Six reviews focused on an individual department or agency, while four reviews were interdepartmental by design. Organizations whose activities were the subject of specific reviews included:

  • Canadian Security Intelligence Service — two reviews
  • Communications Security Establishment — two reviews
  • Department of National Defence and the Canadian Armed Forces — two reviews

The four interdepartmental reviews were by design were:

  • Rebuilding Trust: Reforming the CSIS Warrant and Justice Legal Advisory Processes
  • Study of the Government of Canada’s Use of Biometrics in the Border Continuum
  • the annual review of disclosures under the Security of Canada Information Disclosure Act
  • the annual review of the implementation of directions issued under the Avoiding Complicity in Mistreatment by Foreign Entities Act

Six of NSIRA’s reviews resulted in recommendations to ministers on issues related to compliance and governance. One review did not result in any recommendations but had four findings. The three other reviews helped NSIRA gain a better baseline understanding of certain organizations or activities, which will help guide future reviews. As a result of NSIRA’s unclassified and publicly released reviews, as well as its annual reporting, NSIRA contributes to increased confidence among Canadians in the independent review of national security and intelligence activities carried out by Government of Canada institutions.

During the reporting period, NSIRA continued to refine its review framework to promote high quality and rigour in its work, and to ensure consistency in the way it executes reviews. This framework provides systematic guidance on NSIRA’s process and approach, and embeds legal and technological expertise in reviews from the outset. NSIRA also developed new guidelines to assess the timeliness of reviewee responses to requests for information during the review process, and will comment both privately and publicly on the outcomes. As it improves its processes, NSIRA’s aim continues to be to produce the most consistent, objective and rigorous reviews possible.

In 2021–22, NSIRA established a Technology Directorate to enhance review by incorporating the capability to examine the use and implementation of technology by security and intelligence agencies in Canada. In the coming year, NSIRA will increase the number of employees working in the Technology Directorate as it takes an increasingly active and significant role. The directorate will also lead the first technology-focused reviews of the lifecycle of CSIS information collected by technical capabilities pursuant to a Federal Court warrant.

Investigation of national security and intelligence–related complaints

During the reporting period, NSIRA continued to adapt in conducting its complaints investigations by finding procedural efficiencies and using innovative approaches whenever possible. This included proceeding in writing for certain investigative steps and using videoconference technology for case management conferences, hearings and investigative interviews. Some departments and agencies were slow to respond to requests for information and evidence, in part due to challenges inherent to the COVID-19 pandemic, which delayed NSIRA’s investigations. Consequently, in several ongoing matters, NSIRA granted adjournments and extensions of deadlines for procedural steps, including the filing of submissions and evidentiary material. The reasons provided for the adjournments and requests for extensions not only were pandemic related but also included issues surrounding the availability of witnesses and shortage of resources of federal government parties. In addition, NSIRA had to ask for further information in response to incomplete initial disclosures in more than one investigation, also creating delays.

In 2021–22, NSIRA completed two complaints investigations and issued two final reports. Ministers, complainants and the public were informed of the conclusions of investigations of national security and intelligence–related complaints. NSIRA also dealt with a substantial increase in its inventory of complaint files as a result of 58 complaints referred by the Canadian Human Rights Commission to NSIRA in April and June 2021, pursuant to subsection 45(2) of the Canadian Human Rights Act. This high-volume caseload impacted NSIRA’s overall management of its cases.

In 2021, NSIRA completed its investigation process reform initiative after extensive consultation with stakeholders in the public and private sectors. In July 2021, NSIRA launched its new investigative process, which included the implementation of new Rules of Procedure to enhance efficiency in NSIRA’s investigation mandate and provide greater access to justice for self-represented complainants.

Lastly, NSIRA will finalize in 2022–23 the service standards for how long it takes to complete its investigations. The results will be included in the next Departmental Results Report.

Gender-based analysis plus

Building from naming a Champion and establishing a committee to take action against systemic employment equity, diversity and inclusion issues in 2020, NSIRA continued to work hard to create a culture of inclusion. At an individual level, the agency held staff discussions on anti-racism and themes related to diversity. In response to the Call to Action from the Clerk of the Privy Council, NSIRA completed a maturity assessment of its policies, programs and practices related to human rights, accessibility, employment equity, diversity and inclusion, and developed a three-year action plan to guide its efforts.

When reviewing national security and intelligence activities, NSIRA analysts are prompted to examines these activities’ potential for resulting in unequal outcomes for visible minority groups. For instance, among last year’s reviews, the Study of the Government of Canada’s Use of Biometrics in the Border Continuum examined the approach of Immigration, Refugees and Citizenship Canada and of the Canada Border Services Agency to preventing bias and discrimination against some groups of people in the use of biometrics by these agencies.

In terms of investigations, complainants file with NSIRA pursuant to the National Security and Intelligence Review Agency Act and the Rules of Procedure. Following the practices and procedures systematically in all complaint matters ensures a non-discriminatory process.

Furthermore, NSIRA and another review body are finalizing a study on how to systematically collect, analyze and use race-based and other demographic data in the complaints investigation process. This study draws on academic expertise to provide NSIRA insight into: whether significant racial disparities exist among civilian complainants; whether racial differences exist with respect to the types of complaints made against members of national security organizations based on different groups; the frequency of complaints that include allegations of racial or other forms of bias; and whether complaints investigation outcomes vary by racial group. NSIRA also aims to use the study results to improve public awareness and understanding of its investigation process, as well as to guide the development of NSIRA’s outreach and public engagement priorities

Experimentation

Given NSIRA’s functions and responsibilities, the agency did not engage in any program-related experimentation activities.

Key risks

Timely access to information, and the ability to verify that it has been provided with all relevant information, are paramount to the successful execution of NSIRA’s review and complaints investigation mandates. During the reporting period, departments and agencies delayed unnecessarily in providing NSIRA information and, in some reviews, NSIRA had to ask for additional information because of incomplete initial disclosures. NSIRA eventually received all relevant information from responding government departments and agencies for its investigations. NSIRA will continue to seek direct access to systems to ensure a high degree of confidence, reliability and independence in its work. During the reporting period, NSIRA also developed clear guidelines for assessing the timeliness and responsiveness of departments and agencies for its reviews, including remedial steps to be taken to respond to delays.

Physical distancing protocols and lockdowns required by the COVID-19 pandemic limited NSIRA employees’ access to classified physical and electronic documents in 2021–22. Flexible measures that follow current public health conditions mitigate the impact of the pandemic on NSIRA’s ability to deliver on its mandate in a timely way.

The pandemic also complicated the recruitment, onboarding and training of new review staff. NSIRA mitigated these impacts by increasing and adapting its office space, investing in communications technology, and implementing novel approaches to recruitment and onboarding.

Results achieved

The following table shows, for National Security and Intelligence Reviews and Complaints Investigations, the results achieved, the performance indicators, the targets and the target dates for 2021–22, and the actual results for the three most recent fiscal years for which actual results are available.

Departmental results Performance indicators Target Date to achieve target 2019-20 actual results 2020-21 actual results 2021-22 actual results
Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary All mandatory reviews are completed on an annual basis 100% completion of mandatory reviews 2021-22 Not applicable (N/A) N/A 100%
Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year At least one national security or intelligence activity is reviewed in at least five departments or agencies annually 2021-22 N/A N/A 100%
All Member-approved high priority national security or intelligence activities are reviewed over a three- year period 100% completion over three years; at least 33% completed each year 2021-22 N/A N/A 33%
National security-related complaints are independently investigated in a timely manner Percentage of investigations completed within NSIRA service standards 90% 2022-23 N/A N/A N/A

Note: NSIRA was created on July 12, 2019. Actual results for 2019–20 and 2020–21 are not available because the new Departmental Results Framework in the changeover from the Security Intelligence Review Committee to NSIRA was being developed. This new framework is for measuring and reporting on results achieved starting in 2021–22. In 2022–23, NSIRA will finalize the development of service standards for how long it takes to complete its investigations; the results will be included in the next Departmental Results Report.

Financial, human resources and performance information for NSIRA’s Program Inventory is available in GC InfoBase.

Budgetary financial resources (dollars)

The following table shows, for National Security and Intelligence Reviews and Complaints Investigations, budgetary spending for 2021–22, as well as actual spending for that year.

2021–22 Main Estimates 2021–22 Planned spending 2021–22 Total authorities available for use 2021–22 Actual spending (authorities used) 2021–22 Difference (Actual spending minus Planned spending)
12,047,835 12,047,835 11,688,292 7,394,642 (4,653,193)

Financial, human resources and performance information for NSIRA’s Program Inventory is available in GC InfoBase.

The variance between planned and actual spending is mainly due to recruitment challenges.

Human resources (full-time equivalents)

The following table shows, in full‑time equivalents, the human resources the department needed to fulfill this core responsibility for 2021–22.

2021–22 Planned full-time equivalents 2021–22 Actual full-time equivalents 2021–22 Difference (Actual full-time equivalents minus Planned full-time equivalents)
69 52 (17)

Financial, human resources and performance information for NSIRA’s Program Inventory is available in GC InfoBase.

Internal Services

Description

Internal services are those groups of related activities and resources that the federal government considers to be services in support of programs and/or required to meet corporate obligations of an organization. Internal services refers to the activities and resources of the 10 distinct service categories that support program delivery in the organization, regardless of the internal services delivery model in a department. The 10 service categories are:

  • Acquisition Management Services
  • Communication Services
  • Financial Management Services
  • Human Resources Management Services
  • Information Management Services
  • Information Technology Services
  • Legal Services
  • Material Management Services
  • Management and Oversight Services
  • Real Property Management Services

Results

The pandemic continued to have an impact on NSIRA operations and activities throughout the year. The NSIRA Secretariat’s first priority was the safety of the agency’s employees and, as a result, it responded quickly to lockdowns by communicating COVID-19 working protocols and implementing its own vaccination policy following the Government of Canada call for mandatory vaccination for its public service employees. Furthermore, NSIRA recognized that a modern and flexible approach to work was necessary for the conduct of its mandated activities during the pandemic. As a result, NSIRA developed an evergreen COVID-19 guide where employees and managers could turn for up-to-date references on COVID-19 and on flexible work arrangements.

In light of the current and planned growth in personnel and the pandemic physical distancing requirements, NSIRA’s success depended on increasing its access to secure office space to conduct work of a classified nature. In 2021, NSIRA was able to increase its footprint by opening a temporary office site. At the same time, the plans for a permanent NSIRA site were also completed; construction of additional secure office space began in April 2022.

During the fiscal year, NSIRA focused on assessing gaps in its security and information management practices. The conduct of an agency security governance and controls assessment led to the approval and implementation of the Agency Security Plan recommendations in September 2021. NSIRA also published a policy on information management to ensure that roles, responsibilities and expectations regarding information management were defined, communicated, understood and adhered to throughout the organization. Since information and information management are critical in the conduct of NSIRA’s mandate, the agency developed a new classification plan, established information retention plans and developed strategies for the destruction, storage, digitization, transport and transfer of information.

Budgetary financial resources (dollars)

The following table shows, for internal services, budgetary spending for 2021–22, as well as spending for that year.

2021–22 Main Estimates 2021–22 Planned spending 2021–22 Total authorities available for use 2021–22 Actual spending (authorities used) 2021–22 Difference (Actual spending minus Planned spending)
18,147,084 18,147,084 20,338,994 9,895,112 (8,251,972)

The difference of $8.3 million between planned and actual spending is mainly explained by the impacts of the pandemic on NSIRA’s ability to progress with its facilities fit-up and expansion plans, as well as on its planned spending on internal services infrastructure and systems.

Human resources (full-time equivalents)

The following table shows, in full‑time equivalents, the human resources the department needed to carry out its internal services for 2021–22.

2021–22 Planned full-time equivalents 2021–22 Actual full-time equivalents 2021–22 Difference (Actual full-time equivalents minus Planned full-time equivalents)
31 22 (9)

Spending

Spending 2019–20 to 2024–25

The following graph presents planned (voted and statutory spending) over time.

Departmental spending trend graph
2019-20 2020-21 2021-22 2022-23 2023-24 2024-25
Statutory 371,057 962,186 1,176,321 1,704,632 1,704,632 1,727,668
Voted 5,254,250 11,289,189 16,113,433 24,423,008 16,731,355 16,731,061
Total 0 5,625,250 12,251,375 30,194,919 26,127,640 18,435,987

The graph illustrates NSIRA’s spending trends over a six-year period from 2019–20 to 2024–25. Fiscal years 2019–20 to 2021–22 reflect actual expenditures as reported in the Public Accounts. Fiscal years 2022–23 to 2024–25 represent planned spending.

The increase in spending from 2019–20 to 2021–22 is mainly explained by the cost of additional resources hired by NSIRA over that period, by an increase in professional services costs, and by the start of facilities fit-up and expansion.

The overall difference between actual spending in 2021–22 and planned spending in 2022–23 is due to lower spending than planned on payroll and on facilities fit-up and expansion in 2021–22 as a result of the pandemic.

The difference between the peaks in spending authorities in 2022–23 and 2023–24 with the levelling of authorities in 2024–25 is due to the sunsetting of funding earmarked for the completion of facilities fit-up and expansion.

Budgetary performance summary for core responsibilities and internal services (dollars)

The “Budgetary performance summary for core responsibilities and internal services” table presents the budgetary financial resources allocated for NSIRA’s core responsibilities and for internal services.

Core responsibilities and Internal Services 2021-22 Main Estimates 2021-22 Planned spending 2022-23 Planned spending 2023-24 Planned spending 2021-22 Total authorities available for use 2019-20 Actual spending (authorities used) 2020-21 Actual spending (authorities used) 2021-22 Actual spending (authorities used)
National Security and Intelligence Reviews and Complaints Investigations 12,047,935 12,047,835 10,740,923 10,744,262 11,688,292 3,009,066 5,607,796 7,394,642
Subtotal 12,047,835 12,047,835 10,740,923 10,744,262 11,688,292 3,009,066 5,607,796 7,394,642
Internal Services 18,147,084 18,147,084 15,386,717 7,691,725 20,338,994 2,616,241 6,643,579 9,895,112
Total 30,194,919 30,194,919 26,127,640 18,435,987 32,027,286 5,625,307 12,251,375 17,289,754

Human resources

The “Human resources summary for core responsibilities and internal services” table presents the full-time equivalents (FTEs) allocated to each of NSIRA’s core responsibilities and to internal services.

Human resources summary for core responsibilities and internal services

Core responsibilities and Internal Services 2019-20 Actual full-time equivalents 2020-21 Actual full-time equivalents 2021-22 Planned full-time equivalents 2021-22 Actual full-time equivalents 2022-23 Planned full-time equivalents 2023-24 Planned full-time equivalents
National Security and Intelligence Reviews and Complaints Investigations 18 38 69 52 69 69
Subtotal 18 38 69 52 69 69
Internal Services 11 22 31 22 31 31
Total 29 60 100 74 100 100

Expenditures by vote

For information on NSIRA’s organizational voted and statutory expenditures, consult the Public Accounts of Canada 2021.

Government of Canada spending and activities

Information on the alignment of NSIRA’s spending with Government of Canada’s spending and activities is available in GC InfoBase.

Financial statements and financial statements highlights

Financial statements

NSIRA’s financial statements (unaudited) for the year ended March 31, 2022, are available on the departmental website.

Financial statement highlights

Condensed Statement of Operations (unaudited) for the year ended March 31, 2022 (dollars)
Financial information 2021-22 Planned results 2021-22 Actual results 2020-21 Actual results Difference (2021-22 Actual results minus 2021-22 Planned results) Difference (2021-22 Actual results minus 2020-21 Actual results)
Total expenses 28,235,300 16,164,825 11,662,601 (12,070,475) 4,502,224
Total revenues 0 0 0 0 0
Net cost of operations before government funding and transfers 28,235,300 16,164,825 11,662,601 (12,070,475) 4,502,224
Condensed Statement of Financial Position (unaudited) as of March 31, 2022 (dollars)
Financial information 2021-22 2020-21 Difference (2021-22 minus 2020-21)
Total net liabilities 2,004,002 2,050,302 (46,300)
Total net financial assets 1,329,006 1,577,964 (248,958)
Departmental net debt 674,996 472,338 202,658
Total non-financial assets 4,804,002 2,240,138 2,563,864
Departmental net financial position 4,129,006 1,767,800 2,361,206

The 2021–22 planned results information is provided in NSIRA’s Future-Oriented Statement of Operations and Notes 2021–22.

Corporate Information

Organizational profile

Appropriate minister: The Right Honourable Justin Trudeau, Prime Minister of Canada
Institutional head: John Davies, Executive Director
Ministerial portfolio: Privy Council Office
Enabling instrument: National Security and Intelligence Review Agency Act
Year of incorporation / commencement: 2019

Raison d’être, mandate and role: who we are and what we do

“Raison d’être, mandate and role: who we are and what we do” is available on NSIRA‘s website.

Operating context

Information on the operating context is available on NSIRA’s website.

Reporting framework

NSIRA’s Departmental Results Framework, with accompanying results and indicators, were under development in 2020–21. Additional information on key performance measures are included in the 2021–22 Departmental Plan.

Core Responsibility: National Security and Intelligence Reviews and Complaints Investigations
Departmental Results Framework Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary Indicator: All mandatory reviews are completed on an annual basis Internal Services
Indicator: Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year
Indicator: All Member-approved high priority national security or intelligence activities are reviewed over a three-year period
National security-related complaints are independently investigated in a timely manner Indicator: Percentage of investigations completed within NSIRA service standards
Program Inventory Program: National security and intelligence activity reviews and complaints investigations

Supporting information on the program inventory

Financial, human resources and performance information for NSIRA’s Program Inventory is available in GC InfoBase.

Supplementary information tables

The following supplementary information table is available on NSIRA’s website:

  • Gender-based analysis plus

Federal tax expenditures

The tax system can be used to achieve public policy objectives through the application of special measures such as low tax rates, exemptions, deductions, deferrals and credits. The Department of Finance Canada publishes cost estimates and projections for these measures each year in the Report on Federal Tax Expenditures. This report also provides detailed background information on tax expenditures, including descriptions, objectives, historical information and references to related federal spending programs. The tax measures presented in this report are the responsibility of the Minister of Finance.

Organizational contact information

National Security and Intelligence Review Agency
P.O. Box 2430, Station “D”
Ottawa, Ontario
K1P 5W5

Appendix: definitions

appropriation (crédit)

Any authority of Parliament to pay money out of the Consolidated Revenue Fund.

budgetary expenditures (dépenses budgétaires)

Operating and capital expenditures; transfer payments to other levels of government, organizations or individuals; and payments to Crown corporations.

core responsibility (responsabilité essentielle)

An enduring function or role performed by a department. The intentions of the department with respect to a core responsibility are reflected in one or more related departmental results that the department seeks to contribute to or influence.

Departmental Plan (plan ministériel)

A report on the plans and expected performance of an appropriated department over a 3‑year period. Departmental Plans are usually tabled in Parliament each spring.

departmental priority (priorité)

A plan or project that a department has chosen to focus and report on during the planning period. Priorities represent the things that are most important or what must be done first to support the achievement of the desired departmental results.

departmental result (résultat ministériel)

A consequence or outcome that a department seeks to achieve. A departmental result is often outside departments’ immediate control, but it should be influenced by program-level outcomes.

departmental result indicator (indicateur de résultat ministériel)

A quantitative measure of progress on a departmental result.

departmental results framework (cadre ministériel des résultats)

A framework that connects the department’s core responsibilities to its departmental results and departmental result indicators.

Departmental Results Report (rapport sur les résultats ministériels)

A report on a department’s actual accomplishments against the plans, priorities and expected results set out in the corresponding Departmental Plan.

experimentation (expérimentation)

The conducting of activities that seek to first explore, then test and compare the effects and impacts of policies and interventions in order to inform evidence-based decision-making, and improve outcomes for Canadians, by learning what works, for whom and in what circumstances. Experimentation is related to, but distinct from innovation (the trying of new things), because it involves a rigorous comparison of results. For example, using a new website to communicate with Canadians can be an innovation; systematically testing the new website against existing outreach tools or an old website to see which one leads to more engagement, is experimentation.

full‑time equivalent (équivalent temps plein)

A measure of the extent to which an employee represents a full person‑year charge against a departmental budget. For a particular position, the full‑time equivalent figure is the ratio of number of hours the person actually works divided by the standard number of hours set out in the person’s collective agreement.

gender-based analysis plus (GBA Plus) (analyse comparative entre les sexes plus [ACS Plus])

An analytical process used to assess how diverse groups of women, men and gender-diverse people experience policies, programs and services based on multiple factors including race ethnicity, religion, age, and mental or physical disability.

government-wide priorities (priorités pangouvernementales)

For the purpose of the 2020–21 Departmental Results Report, those high-level themes outlining the government’s agenda in the 2019 Speech from the Throne, namely: Fighting climate change; Strengthening the Middle Class; Walking the road of reconciliation; Keeping Canadians safe and healthy; and Positioning Canada for success in an uncertain world.

horizontal initiative (initiative horizontale)

An initiative where two or more federal organizations are given funding to pursue a shared outcome, often linked to a government priority.

non‑budgetary expenditures (dépenses non budgétaires)

Net outlays and receipts related to loans, investments and advances, which change the composition of the financial assets of the Government of Canada.

performance (rendement)

What an organization did with its resources to achieve its results, how well those results compare to what the organization intended to achieve, and how well lessons learned have been identified.

performance indicator (indicateur de rendement)

A qualitative or quantitative means of measuring an output or outcome, with the intention of gauging the performance of an organization, program, policy or initiative respecting expected results.

performance reporting (production de rapports sur le rendement)

The process of communicating evidence‑based performance information. Performance reporting supports decision making, accountability and transparency.

plan (plan)

The articulation of strategic choices, which provides information on how an organization intends to achieve its priorities and associated results. Generally, a plan will explain the logic behind the strategies chosen and tend to focus on actions that lead to the expected result.

planned spending (dépenses prévues)

For Departmental Plans and Departmental Results Reports, planned spending refers to those amounts presented in Main Estimates.

A department is expected to be aware of the authorities that it has sought and received. The determination of planned spending is a departmental responsibility, and departments must be able to defend the expenditure and accrual numbers presented in their Departmental Plans and Departmental Results Reports.

program (programme)

Individual or groups of services, activities or combinations thereof that are managed together within the department and focus on a specific set of outputs, outcomes or service levels.

program inventory (répertoire des programmes)

Identifies all the department’s programs and describes how resources are organized to contribute to the department’s core responsibilities and results.

result (résultat)

A consequence attributed, in part, to an organization, policy, program or initiative. Results are not within the control of a single organization, policy, program or initiative; instead they are within the area of the organization’s influence.

statutory expenditures (dépenses législatives)

Expenditures that Parliament has approved through legislation other than appropriation acts. The legislation sets out the purpose of the expenditures and the terms and conditions under which they may be made.

target (cible)

A measurable performance or success level that an organization, program or initiative plans to achieve within a specified time period. Targets can be either quantitative or qualitative.

voted expenditures (dépenses votées)

Expenditures that Parliament approves annually through an appropriation act. The vote wording becomes the governing conditions under which these expenditures may be made.

Share this page
Date Modified:

Quarterly Report: For the quarter ended September 30th, 2022

Date of Publishing:

Introduction

This quarterly report has been prepared by management as required by section 65.1 of the Financial Administration Act and in the form and manner prescribed by the Directive on Accounting Standards, GC 4400 Departmental Quarterly Financial Report. This quarterly financial report should be read in conjunction with the 2022–23 Main Estimates.

This quarterly report has not been subject to an external audit or review.

Mandate

The National Security and Intelligence Review Agency (NSIRA) is an independent external review body that reports to Parliament. Established in July 2019, NSIRA is responsible for conducting reviews of the Government of Canada’s national security and intelligence activities to ensure that they are lawful, reasonable and necessary. NSIRA also hears public complaints regarding key national security agencies and their activities.

A summary description NSIRA’s program activities can be found in Part II of the Main Estimates.  Information on NSIRA’s mandate can be found on its website.

Basis of presentation

This quarterly report has been prepared by management using an expenditure basis of accounting. The accompanying Statement of Authorities includes the agency’s spending authorities granted by Parliament and those used by the agency, consistent with the 2022–23 Main Estimates. This quarterly report has been prepared using a special-purpose financial reporting framework (cash basis) designed to meet financial information needs with respect to the use of spending authorities.

The authority of Parliament is required before money can be spent by the government. Approvals are given in the form of annually approved limits through appropriation acts or through legislation in the form of statutory spending authorities for specific purposes.

Highlights of the fiscal quarter and fiscal year-to-date results

This section highlights the significant items that contributed to the net increase or decrease in authorities available for the year and actual expenditures for the quarter ended September 30, 2022. 

NSIRA spent approximately 23% of its authorities by the end of the second quarter, compared with 21% in the same quarter of 2021–22 (see graph 1).

Graph 1: Comparison of total authorities and total net budgetary expenditures, Q2 2022–23 and Q2 2021–22

Comparison of total authorities and total net budgetary expenditures, Q2 2022–23 and Q2 2021–22
  2022-23 2021-22
Total Authorities $29.7 $31.3
Q2 Expenditures $3.6 $3.7
Year-to-Date Expenditures $6.9 $6.5

Significant changes to authorities

As at September 30, 2022, Parliament had approved $29.7 million in total authorities for use by NSIRA for 2022–23 compared with $31.3 million as of September 30th, 2021, for a net decrease of $1.6 million or 5.1% (see graph 2).

Graph 2: Variance in authorities as at September 30, 2022

Variance in authorities as at September 30, 2022 (in millions)
  Fiscal year 2021-22 total available for use for the year ended March 31, 2022 Fiscal year 2022-23 total available for use for the year ended March 31, 2023
Vote 1 – Operating 29.6 28.0
Statutory 1.7 1.7
Total budgetary authorities 31.3 29.7

*Details may not sum to totals due to rounding*

The decrease of $1.6 million in authorities is mostly explained by a gradual reduction in NSIRA’s ongoing operating funding.

Significant changes to quarter expenditures

The second quarter expenditures totalled $3.6 million for a decrease of $0.1 million when compared with $3.7 million spent during the same period in 2021–2022.  Table 1 presents budgetary expenditures by standard object.

Table 1

Variances in expenditures by standard object(in thousands of dollars) Fiscal year 2022-23: expended during the quarter ended September 30, 2022 Fiscal year 2021-22: expended during the quarter ended September 30, 2021 Variance $ Variance %
Personnel 2,903 2,441 462 19%
Transportation and communications 70 24 46 192%
Information 0 15 (15) (100%)
Professional and special services 578 840 (262) (31%)
Rentals 39 17 22 129%
Repair and maintenance 33 205 (172) (84%)
Utilities, materials and supplies 12 9 3 33%
Acquisition of machinery and equipment 4 158 (154) (97%)
Other subsidies and payment 3 28 (25) (90%)
Total gross budgetary expenditures 3,642 3,737 (95) (3%)

Personnel

The increase of $462,000 in personnel is due to an increase in average salary and an increase of 2 full time equivalent (FTE) positions.

Transportation and communications

The increase of $46,000 relates to increased travel, as travel restrictions due to COVID-19 are no longer in place in Canada.

Information

The decrease of $15,000 is explained by a decrease in the use of communications consultants.

Professional and special services

The decrease of $262,000 is explained by the timing of payment for NSIRA’s IT support services. In fiscal year 2021-2022 most of the payments went through in the second quarter however in fiscal year 2022-2023, the majority of the payments went through in the first quarter.

Rentals

The increase of $22,000 is explained by an increase in the second quarter invoice for NSIRA’s Memorandum of Understanding with Treasury Board for support costs of our financial system.

Repair and maintenance

The decrease of $172,000 is due to fit-up costs for two projects that were completed in fiscal year 2021-2022.

Acquisition of machinery and equipment

The decrease of $154,000 is explained by a one-time computer equipment purchase in regard to a network extension in fiscal year 2021-2022.

Other subsidies and payments

The decrease of $25,000 is explained by a reduction in payroll system overpayments. 

Significant changes to year-to-date expenditures

The year-to-date expenditures totalled $6.9 million for an increase of $0.4 million (7%) when compared with $6.5 million spent during the same period in 2021–22. Table 2 presents budgetary expenditures by standard object.

Table 2

Variances in expenditures by standard object(in thousands of dollars) Fiscal year 2022-23: expended during the quarter ended September 30, 2022 Fiscal year 2021-22: expended during the quarter ended September 30, 2021 Variance $ Variance %
Personnel 5,249 4,753 495 10%
Transportation and communications 114 37 77 208%
Information 5 17 (12) (71%)
Professional and special services 1,424 1,036 388 37%
Rentals 49 17 32 188%
Repair and maintenance 64 213 (149) (70%)
Utilities, materials and supplies 28 12 16 133%
Acquisition of machinery and equipment 13 374 (361) (97%)
Other subsidies and payment 1 40 (39) (98%)
Total gross budgetary expenditures 6,946 6,499 447 7%

Personnel

The increase of $495,000 relates to an increase in average salary and an increase of 2 full time equivalent (FTE) positions.

Transportation and communications

The increase of $77,000 is due to increased travel, as travel restrictions due to COVID-19 are no longer in place in Canada.

Information

The decrease of $12,000 is explained by a decrease in the use of communications consultants and electronic subscriptions.

Professional and special services

The increase of $388,000 is mainly due to increases in information technology support services by the Communications Security Establishment ($173K), IT/Telecom consultants ($126K) and translations services ($91K).  

Rentals

The increase of $32,000 is mainly explained by an increase in the second quarter invoice for NSIRA’s Memorandum of Understanding with Treasury Board for support costs of our financial system, and the billing for the rent of our temporary office swing space.

Repair and maintenance

The decrease of $149,000 is explained by a decrease in the fit-up costs as a result of the completion of two projects in fiscal year 2021-2022.

Utilities, materials and supplies

The increase of $16,000 is due to an increase in the purchasing of office supplies and unreconciled MasterCard payments.

Acquisition of machinery and equipment

The decrease of $361,000 is mainly explained by several one-time computer equipment purchases made in the first and second quarter of 2021-2022.

Other subsidies and payments

The decrease of $39,000 is explained by a reduction in payroll system overpayments and no salary advances issued over the last year. 

Risks and uncertainties

The ability of NSIRA to access the information it needs to conduct its reviews and complaints investigations is closely tied to the capacity of the reviewed or investigated departments and agencies to respond to NSIRA’s demands. While most pandemic constraints have subsided, there continues to be recruitment challenges in a tight labour market.  To address this challenge, NSIRA is experimenting with hybrid workplace approaches, launching internal career development programs and focusing on onboarding practices to attract and retain talent.  

NSIRA is closely monitoring pay transactions to identify and address over and under payments in a timely manner and continues to apply ongoing mitigating controls.

Mitigation measures for the risks outlined above have been identified and are factored into NSIRA’s approach and timelines for the execution of its mandated activities.

Significant changes in relation to operations, personnel and programs

There have been no new Governor-in-Council appointments during the second quarter.  

There have been no changes to the NSIRA Program.

Approved by senior officials:

John Davies
Deputy Head

Pierre Souligny
Chief Financial Officer

Appendix

Statement of authorities (Unaudited)

(in thousands of dollars)

  Fiscal year 2022–23 Fiscal year 2021–22
  Total available for use for the year ending March 31, 2023 (note 1) Used during the quarter ended September 30, 2022 Year to date used at quarter-end Total available for use for the year ending March 31, 2022 (note 1) Used during the quarter ended September 30, 2021 Year to date used at quarter-end
Vote 1 – Net operating expenditures 27,931 3,210 6,082 29,615 3,311 5,647
Budgetary statutory authorities  
Contributions to employee benefit plans 1,728 432 864 1,705 426 852
Total budgetary authorities (note 2) 29,659 3,642 6,946 31,319 3,737 6,499

Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.

Note 2: Details may not sum to totals due to rounding.

Departmental budgetary expenditures by standard object (unaudited)

(in thousands of dollars)

  Fiscal year 2022–23 Fiscal year 2021–22
  Planned expenditures for the year ending March 31, 2022 (note 1) Expended during the quarter ended September 30, 2021 Year to date used at quarter-end Planned expenditures for the year ending March 31, 2021 Expended during the quarter ended September 30, 2020 Year to date used at quarter-end
Expenditures
Personnel 13,245 2,903 5,248 13,222 2,441 4,753
Transportation and communications 597 70 144 673 24 37
Information 372 0 5 375 15 17
Professional and special services 4,914 578 1,424 7,029 840 1,036
Rentals 271 39 49 188 17 17
Repair and maintenance 9,722 33 64 8,737 205 213
Utilities, materials and supplies 173 12 28 103 9 12
Acquisition of machinery and equipment 232 4 13 991 158 12
Other subsidies and payments 133 3 1 0 28 40
Total gross budgetary expenditures
(note 2)
29,659 3,642 6,946 31,319 3,737 6,499

Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.

Note 2: Details may not sum to totals due to rounding.

Share this page
Date Modified:

National Security and Intelligence Review Agency Annual Report 2021

Backgrounder

Ottawa, Ontario, October 7, 2022 – The third Annual Report of the National Security and Intelligence Review Agency (NSIRA) was tabled in Parliament today, October 7, 2022.

NSIRA’s 2021 Annual Report focuses on our progress and activities in our second full year of operation. During this time, we pursued the reform of our processes and methods for doing review and investigations, both of which helped us improve the consistency and efficiency of our work.

This report highlights key findings and recommendations. The report also presents our intention to use future annual reports to publicly assess and track the implementation of previous recommendations, in accordance with our continued commitment to transparency and public engagement. Review highlights include:

  • Four reviews of important areas of CSIS activities, notably CSIS threat reduction measures (TRMs) and technical capabilities, as well as the manner in which CSIS seeks and receives legal service from de Department of Justice and prepares and executes the warrants it needs to collect information. An annual compliance review of CSIS’s activities was also completed;
  • CSE activities, notably CSE’s governance framework that guides the conduct of active and defensive cyber operations, internal information sharing, and CSE disclosures of Canadian-identifying information (CII);
  • DND/CAF Defense Intelligence Enterprise and a follow-up review of the Canadian Forces National Counter-Intelligence Unit;
  • Two specifically mandated multi-departmental reviews with respect to the Avoiding Complicity in Mistreatment by Foreign Entities Act and sharing of information within the federal government under the Security of Canada Information Disclosure Act; and,
  • One multi-departmental review relating to the collection and use of biometrics in the “border continuum”.

In 2021, NSIRA saw its complaints investigation caseload increase significantly as a result of 58 complaints referred to NSIRA by the Canadian Human Rights Commission pursuant to subsection 45(2) of the Canadian Human Rights Act. NSIRA also completed its investigation process reform initiative after consultation with multiple stakeholders. NSIRA investigations under this new model are already showing improved efficiency.

NSIRA’s 2021 Annual Report also discusses our organization’s underlining goals and values, and highlights how the organization continued to grow in size and capacity throughout the year, and sought to enhance its technical and subject-matter expertise.

Date of Publishing:

Dear Prime Minister,

On behalf of the National Security and Intelligence Review Agency, it is my pleasure to present you with our third annual report. Consistent with subsection 38(1) of the National Security and Intelligence Review Agency Act, the report includes information about our activities in 2021, as well as our findings and recommendations.

In accordance with paragraph 52(1)(b) of the National Security and Intelligence Review Agency Act, our report was prepared after consultation with relevant deputy heads, in an effort to ensure that it does not contain information the disclosure of which would be injurious to national security, nation al defence or international relations, or is information that is subject to solicitor-client privilege, the professional secrecy of advocates and notaries, or to litigation privilege.

Yours sincerely,

The Honourable Marie Deschamps, C.C.

Chair // National Security and Intelligence Review Agency

Message from the members

The National Security and Intelligence Review Agency (NSIRA) is pursuing its mission of enhancing accountability for national security and intelligence activities in Canada. In 2021, our agency continued to grow in size and improved its ability to fully take advantage of its broad review and investigations mandate covering the national security and intelligence activities of departments and agencies across the federal government.

It is our pleasure to present to you our third annual report in which we discuss our progress and activities in our second full year of operation. Despite the recurrent challenges posed by the COVID-19 pandemic and delays caused by a cyber incident, we completed a wide array of reviews and investigations, and continued improving our processes across the agency. Indeed, we pursued the reform of our processes and methods for doing reviews and investigations, both of which helped us to improve the consistency and efficiency of our work tremendously. These reforms, in conjunction with our growing experience, have allowed us to implement and deliver on our review plan. All of this was made possible by the development of a much stronger corporate policy framework backed by a corporate group that really cares about service delivery and the health of the agency.

In accordance with our continued commitment to transparency and public engagement, this report will present our intention to use future annual reports to publicly assess and track the implementation of previous recommendations. In the same spirit of holding us and the reviewed organizations accountable, we also formalized standards that will allow us to assess the timeliness of responses. It is our hope that these initiatives, in addition to the stringent verification process to assess our confidence in each review that we are currently developing, will inspire confidence and trust in our recommendations and findings.

We would like to thank the staff of NSIRA’s Secretariat for their efforts, patience and resilience throughout this challenging year and we hope you share our enthusiasm for what we can accomplish in the year ahead.

Marie Deschamps
Craig Forcese
Ian Holloway
Faisal Mirza
Marie-Lucie Morin

Executive Summary

The National Security and Intelligence Review Agency (NSIRA) marked its second full year in operation in 2021. With the agency’s broad jurisdiction under the National Security and Intelligence Review Agency Act (NSIRA Act), it reviewed and investigated national security and intelligence matters relating to not only the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), but also several federal departments and agencies, including:

  • the Department of National Defence (DND) and the Canadian Armed Forces (CAF);
  • the Royal Canadian Mounted Police (RCMP);
  • Immigration, Refugees and Citizenship Canada (IRCC);
  • the Canada Border Services Agency (CBSA);
  • Transport Canada; and
  • all departments and agencies engaging in national security and intelligence activities in the context of NSIRA’s yearly reviews of the Security of Canada Information Disclosure Act and the Avoiding Complicity in Mistreatment by Foreign Entities Act.

In 2021, NSIRA continued to grow in capacity and sought to enhance its technical and subject-matter expertise.

Review highlights

Canadian Security Intelligence Service

Over the course of 2021, NSIRA completed four reviews that strengthened its knowledge of important areas of CSIS activity:

  • a review of the cultural, governance and systemic issues arising in the context of the manner in which CSIS seeks and receives legal services from the Department of Justice and prepares and executes the warrants it needs to collect information;
  • a survey of CSIS’s suite of technical capabilities, along with its associated governancestructure, and areas of interest or concern to which NSIRA may return in future reviews;
  • the second annual review of CSIS’s Threat Reductions Measures (TRMs) that expandson findings from the previous review by examining a larger number of TRMs; and
  • an annual compliance review of CSIS’s activities.

Communications Security Establishment

In 2021, NSIRA completed two reviews of CSE activities, and directed CSE to conduct one departmental study:

  • a review of CSE’s governance framework that guides the conduct of active and defensive cyber operations, including whether CSE appropriately considered its legal obligations and the foreign policy impacts of operations;
  • a review focused on internal information sharing within CSE between the foreign intelligence aspect and the cybersecurity and information assurance aspect of its mandate; and
  • a departmental study on whether CSE disclosures of Canadian-identifying information were conducted in a manner that complies with the Communications Security Establishment Act, and were essential to international affairs, defence, security or cybersecurity.

Department of National Defence and the Canadian Armed Forces

In 2021, NSIRA completed two reviews of the DND/CAF:

  • a scoping exercise to gain foundational knowledge of the Defence Intelligence Enterprise, where a significant part of intelligence functions of the DND/CAF are located; and
  • a follow-up review on the previous year’s examination of the Canadian Forces National Counter-Intelligence Unit, with emphasis on operational collection and privacy practices.

Multi-departmental reviews

NSIRA conducted two specifically mandated multi-departmental reviews in 2021:

  • a review of directions issued with respect to the Avoiding Complicity in Mistreatment by Foreign Entities Act; and
  • a review of information sharing within the federal government under the Security of Canada Information Disclosure Act.

NSIRA also completed a multi-departmental review under its general mandate to review any activity carried out by a department that relates to national security or intelligence:

  • to map the collection and use of biometrics across several federal government departments and agencies in security and intelligence activities related to international travel and immigration, that is, the “border continuum.”

Complaints investigations

In 2021, NSIRA saw its complaints investigation caseload increase significantly as a result of 58 complaints referred to NSIRA by the Canadian Human Rights Commission pursuant to subsection 45(2) of the Canadian Human Rights Act.

Further, the COVID-19 pandemic contributed to delays in NSIRA’s investigations by reducingparties’ responsiveness in providing access to information and evidence.

In 2021, NSIRA completed its investigation process reform initiative after consultation with multiple stakeholders. NSIRA investigations under this new model are already showing improved efficiency.

Introduction

1.1 Who we are

Established in July 2019, the National Security and Intelligence Review Agency (NSIRA) is an independent agency that reports to Parliament and conducts investigations and reviews of the federal government’s national security and intelligence activities. Prior to NSIRA’s creation, several gaps existed in Canada’s national security accountability framework. Notably, NSIRA’s predecessor review bodies did not have the ability to collaborate or share their classified information but were each limited to conducting reviews for their specified department or agency.

By contrast, NSIRA has the authority to review any Government of Canada national security or intelligence activity in an integrated manner. As noted in the 2019 annual report, with NSIRA’s expanded role, Canada now has one of the most extensive systems for independent review of national security.

1.2 Mandate

NSIRA has a dual mandate to conduct reviews and investigations of Canada’s national security and intelligence activities. Annex B contains a financial and administrative overview of NSIRA.

Reviews

NSIRA’s review mandate is broad, as outlined in subsection 8(1) of the National Security and Intelligence Review Agency Act (NSIRA Act). This mandate includes reviewing the activities of both the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), as well as the national security- or intelligence-related activities of any other federal department or agency. This includes, but is not limited to, the national security or intelligence activities of the Royal Canadian Mounted Police (RCMP), the Canada Border Services Agency (CBSA), the Department of National Defence (DND) and Canadian Armed Forces (CAF), Global Affairs Canada (GAC), and the Department of Justice.

Further, NSIRA reviews any national security or intelligence matters that a minister of the Crown refers to NSIRA. Annex C contains summaries of the reviews completed in 2021.

NSIRA reviews assess whether Canada’s national security and intelligence activities comply with relevant laws and ministerial directions, and whether they are reasonable and necessary. In conducting its reviews, NSIRA can make any findings or recommendations it considers appropriate.

Reviews of CSIS and CSE will always remain a core part of NSIRA’s work since the entire focus of these organizations is to address national security and intelligence matters. Unlike its predecessor review bodies, however, NSIRA has an all-encompassing review mandate. NSIRA will thus continue to prioritize and examine how other departments engaging in national security and intelligence activities meet their obligations. NSIRA reviews help keep Parliament and Canadians informed about the lawfulness and reasonableness of Canada’s national security and intelligence activities.

Investigations

In addition to its review mandate, NSIRA is responsible for investigating national security- or intelligence-related complaints. This duty is outlined in paragraph 8(1)(d) of the NSIRA Act, and involves investigating complaints about:

  • the activities of CSIS or CSE;
  • decisions to deny or revoke certain federal government security clearances; and
  • ministerial reports under the Citizenship Act that recommend denying certain citizenship applications.

This mandate also includes investigating national security-related complaints referred to NSIRA by the Civilian Review and Complaints Commission for the RCMP (the RCMP’s own complaints mechanism) and the Canadian Human Rights Commission.

Reviews

2.1 Canadian Security Intelligence Service reviews

Overview

NSIRA has a mandate to review any Canadian Security Intelligence Service (CSIS) activity. The NSIRA Act requires NSIRA to submit a classified annual report to the Minister of Public Safety and Emergency Preparedness on CSIS activities each year, including information related to CSIS’s compliance with the law and applicable ministerial directions, and the reasonableness and necessity of the exercise of CSIS’s powers.

In 2021, NSIRA completed four reviews of CSIS, summarized below. NSIRA also began two more reviews: one of CSIS’s Justification Framework and the other of CSIS’s Dataset Regime. Several other ongoing NSIRA reviews contain a CSIS component.

In a 2020 decision (2020 FC 616), the Federal Court recommended that a “comprehensive external review be initiated to fully identify systemic, governance and cultural shortcomings and failures that resulted in CSIS engaging in operational activity that it has conceded was illegal and the resultant breach of candour.” Based on that recommendation, the Minister of Public Safety and Minister of Justice referred the review to NSIRA pursuant to paragraph 8(1)(c) of the NSIRA Act. Acting on this reference and relying on its own jurisdiction, NSIRA therefore reviewed the manner in which CSIS seeks and receives legal services from the Department of Justice and prepares and executes the warrants it needs to collect information.

This review found an intelligence service and its counsel who struggle to organize themselves in a manner that enables them to meet their legal obligations, including to the Federal Court. NSIRA also found a failure at CSIS to fully and sustainably professionalize the warrant application process as a specialized trade requiring training, experience and investment. This review also demonstrated the need to transform the relationship between CSIS and its legal counsel.

This review was led by NSIRA members Marie Deschamps and Craig Forcese. One or both members were directly involved in every aspect of the review including review process management, briefings, interviews and document review. This included dozens of confidential interviews with Department of Justice and CSIS employees whose perspectives were essential for “ground-truthing” the knowledge NSIRA had gained from documents and formal briefings.

In organizing these interviews, NSIRA ensured robust representation covering the range of functions in the warrant and legal advice giving processes. The interviews raised issues and concerns that would have otherwise been unavailable to NSIRA. This assisted NSIRA in making recommendations on governance, systemic and cultural issues that contribute to inefficiencies threatening the ability of CSIS and the Department of Justice to fulfil their mandates.

NSIRA heard repeated concerns from interviewees that these problems put at risk the ability of the intelligence service to meet the mandate Parliament has assigned to it. Addressing these challenges urgently is in the public interest. Though CSIS and the Department of Justice have made improvements, difficulties are still evident.

NSIRA grouped its findings and recommendations into three overarching areas:

  • the Department of Justice’s provision of legal advice;
  • CSIS’s and the Department of Justice’s management of the warrant acquisition process; and investment in people.

CSIS operates in often rapidly evolving and legally challenging environments. Timely, nimble and actionable legal advice is critical. The Department of Justice provides CSIS with legal advice on national security matters via the National Security Litigation and Advisory Group (NSLAG). This review highlighted factors that prevent NSLAG from providing CSIS with the legal advice it needs.

The Department of Justice has employed a centralized “one voice” model for delivering its legal services. The one voice model reflects a desire for uniform and consistent legal advice delivered on behalf of the Attorney General of Canada. Although the premise for the one voice approach is sound, NSIRA found that NSLAG struggled to provide timely, responsive and useful legal advice in the CSIS context. The way the Department of Justice provides advice has often not been responsive to CSIS operations. For example, NSLAG presents its advice as a legal risk assessment using the Department of Justice-wide Legal Risk Management grid. This grid uses a colour-coded risk rating that can be compared to a “traffic light” system: a green risk rating represents a low legal risk to CSIS, a red risk rating represents a high legal risk, and, more ambiguously, a yellow risk rating represents an intermediate legal risk. Yellow light responses are reportedly the most common and the most frustrating for CSIS, especially when unaccompanied by discussions on how to mitigate the risk, the inclusion of which NSIRA heard is not currently common practice.

Therefore, some at CSIS perceive the Department of Justice as presenting a roadblock because of its bureaucracy, its perceived operational illiteracy and its unhelpful approach to communicating legal advice.

However, the problems with timely, responsive and useful legal advice do not stem from the Department of Justice alone. NSIRA heard that CSIS has not always shared all relevant information with the Department of Justice, prompting a degree of mistrust. The internal process for requesting legal advice at CSIS also contributes to delays and lack of relevance. The advice that sometimes comes back to operational investigators at CSIS filtered through bureaucratic hierarchies may be of limited relevance.

NSIRA heard that the laborious advice-seeking and -receiving process has sometimes caused [discussion of detrimental effects on and risks to operations].

CSIS and the Department of Justice often operate in a situation of legal doubt because of lack of clarity in the law. Clarifying legal standards often requires judicial case law. However, an unwieldy warrant process, discussed below, makes that prospect more difficult.

The Department of Justice is aware of the need for change. Broad, recent initiatives include the Vision Project, which promises client-centric strategic partnerships. New procedures have been implemented at NSLAG to address internal silos between advisory and litigation counsel, and to improve training, improve access to legal advice and facilitate consistent legal opinions. NSLAG also appears to recognize the desire for a different approach to providing legal advice, including moving toward legal advice that promotes collaborative and iterative engagement with CSIS in order to achieve its operational goals, within the bounds of the law. However, as of fall 2021, it did not appear that CSIS and the Department of Justice had systematically put this model into effect.

To facilitate proper advice-giving, CSIS needs to provide NSLAG with all the facts, and to engage NSLAG early on, at the operational level. Earlier and ongoing involvement throughout the stages of an investigation or operation would enable counsel to provide informal legal nudges that allow CSIS to course-correct before too much time has been spent. A more iterative process of incorporating legal advice over the full course of an operation could address the reported challenge of operations halted due to untimely or ambiguous legal advice.

Management of the warrant process

CSIS organizes the process of seeking a warrant around a system of internal preparation and approvals before proceeding to the statutory step of seeking ministerial approval of the warrant application. A number of legal concepts and expectations enter into the warrant process, including the “duty of candour” owed to the Court.

The Federal Court duty of candour concerns fit into two categories: disclosure of information material to the credibility of the sources who supply information used in the application; and disclosure of information material to matters of potential concern about the broader context of the warrant and how it will be executed.

Despite past attempts at reforms, the current warrant process adopted by CSIS and supported by the Department of Justice has repeatedly failed to meet these candour obligations. Many reforms appear to have contributed to the bureaucratic complexity of the warrant process, without addressing candour issues.

CSIS has especially struggled to ensure that all information material to the credibility of sources is properly included in warrant applications. NSIRA heard repeatedly that CSIS officers involved in the early stages of preparing warrant applications do not clearly understand the legal expectations surrounding the duty of candour. Deficient information management systems related to human sources at CSIS have also resulted in important omissions, violating duty of candour obligations. These challenges produce what NSIRA calls the “recurring omissions” problem.

In 2019, CSIS sought to professionalize affiant work by creating an Affiant Unit. CSIS’s establishment of the Affiant Unit is a critical development and, properly resourced and staffed, it would be well positioned to respond to long-standing problems with the duty of candour. However, when created, the Affiant Unit was placed [Name of Branch]. [Name] has a broad mandate that does not align with the Affiant Unit’s functions in preparing legally robust warrant applications. This governance anomaly may explain the Affiant Unit’s present administrative and human resource challenges. The Affiant Unit’s sustainability is in question, and indeed NSIRA heard that the unit could currently be described as being in a state of crisis. CSIS has not supported the unit with resources commensurate with the importance of this unit in fulfilling CSIS’s mission.

Warrants counsel at NSLAG have several key roles in the warrant application process and are intimately implicated in ensuring adherence to the duty of candour. Fostering a strong, collaborative and productive relationship with CSIS is key. Morale among NSLAG warrants counsel may have suffered in light of the recent Federal Court decision that prompted this review. With recent staffing increases, it appears that NSLAG currently has the requisite complement to manage the number of annual warrant applications expected from CSIS, but recruitment challenges remain an ongoing issue. NSLAG should be staffed to ensure that CSIS’s operations are not stalled due to the lack of availability of warrants counsel.

The warrant application process is meant to be strengthened through a review of the near- final affidavit by an “independent counsel” (IC) – in practice, a lawyer drawn from the Department of Justice’s National Security Group. The role was originally envisioned as performing a rigorous challenge of the warrant application. However, the primary role of the IC appears to be more clerical than substantive, designed to cite check rather than assertively perform a devil’s advocate function.

NSIRA believes that the presence of a rigorous challenge function performed by a knowledgeable, adequately supported lawyer distant from the warrant application is valuable and necessary. However, NSIRA proposes that the current IC model be abandoned in favour of a challenge function performed at Public Safety Canada, whose precise role is that of oversight of the CSIS warrant application process.

Working with the Public Safety Canada unit charged with warrant review, an experienced and specialized warrant counsel could perform a genuine challenge role to the warrant, analogous to the role a defence lawyer would play were warrants subject to an adversarial process. NSIRA believes that a testing review of this sort will help forestall duty of candour shortcomings stemming from a failure to disclose fully information material to matters of potential concern about the broader context of the warrant and how it will be executed.

Once a judge issues a warrant, CSIS may execute the warrant. That execution must comply with the scope and terms of the warrant. However, the CSIS regional warrant coordinators have not received sufficient training to enable the contents of warrants to be translated into advice on proper execution.

Investment in people

Concern about inadequate training at CSIS was a recurring theme in this review. This concern was noted in internal CSIS documents. CSIS acknowledges that it is currently not a learning organization and does not have a learning culture. There are too few training opportunities required to sustain a modern professional intelligence service operating in a complex environment.

Conclusions

This report concluded with observations on cross-cutting cultural and governance challenges that stem, at least in part, from challenges characterizing the provision of legal advice and the warrant process. NSIRA divides these broad, cross-cutting phenomena into two categories: morale and attitudes; and performing the mission.

Low morale at CSIS was a common theme throughout this review. The systemic problems in the warrant application process are likely one cause of this problem: morale is affected when a warrant acquisition system repeatedly prevents CSIS officers from performing their mandated duties and is the source of regular reputational crises stemming from failures to meet the duty of candour.

Meanwhile, a failure to correct problems with the warrant process impairs CSIS’s and the Department of Justice’s abilities to fulfil their mandates. The Department of Justice must go from being perceived as a roadblock to a frank and forthright advisor fully attuned to operational objectives.

Within CSIS, the warrant application process was sometimes likened to winning a lottery — not because the Federal Court declines to issue warrants, but because of the resources required to prepare and complete the application. The current, laborious warrant application process is preventing some collection activities from moving forward.

In sum, this review was sparked by a compliance failure in a duty of candour matter. It concludes that repeated failures in this area are both caused by, and cause, deep-seated cultural and governance patterns. This vicious cycle has compounded the challenges of reform in the warrant acquisition process.

Cherry-picked or paper-based reforms that mask without addressing the overarching systemic, cultural, and governance challenges will suffer the fate of prior reforms: the problems will continue.

NSIRA intends to launch a follow-up review within two years that will measure progress at CSIS, the Department of Justice and Public Safety Canada in resolving the systemic problem with the warrant process addressed by this review. Moreover, in other regular reviews implicating warrants, NSIRA will document recurrences of systemic problems. In the meantime, since this review originated with a decision of the Federal Court, it is vital that the Minister and CSIS share it in its full form with the designated judges of that court. NSIRA’s full redacted report can be read on its website.4

Response to NSIRA’s recommendations

NSIRA’s recommendations, the management response of CSIS, Public Safety Canada and the Department of Justice, and other details about this review are found in Annex D of this report.

Study of CSIS Technical Capabilities

Canada’s national security threat landscape is constantly evolving and changes in technology present CSIS with a variety of new investigative opportunities. Consequently, CSIS must develop and acquire new technical capabilities, as well as adapt (repurpose) existing tools to support its mandated collection activities. This process presents potential compliance risk, as CSIS’s existing governance and legal frameworks may not capture the new deployment or adaptation of these technical capabilities. Furthermore, certain personnel and supporting legal counsel may not fully understand how these tools are used operationally, impacting their ability to advise whether or not CSIS has the legal and policy framework required to support use of the technology. These risks require NSIRA to maintain up-to-date knowledge of CSIS’s technical capabilities and related warrant powers.

NSIRA’s survey of CSIS technical capabilities offers a first step in this endeavour by surveying CSIS’s suite of capabilities, along with its associated governance structure, and identifying areas of interest or concern to which NSIRA may return in future reviews.

Reality of the risks

NSIRA’s review of CSIS’s use of a geolocation tool found that the lack of “developed policies and procedures around the assessment of new and emerging collection technologies” directly contributed to the risk that CSIS had breached section 8 of the Canadian Charter of Rights and Freedoms while testing the tool.

– NSIRA Study 2018-05

The full range of technical capabilities CSIS currently employs in support of its intelligence collection operations was examined. NSIRA reviewed relevant policy and legal frameworks as communicated by CSIS but did not conduct an independent verification or audit of the claims or activities themselves. NSIRA also examined the tripartite information/knowledge sharing and support nexus that exists between CSIS’s operational branches, technological branches and CSIS’s Department of Justice counsel with regard to the deployment of capabilities in support of operations.

In addition to the foundational knowledge NSIRA gained of CSIS’s technical capabilities, NSIRA made several observations identifying areas of interest for possible future reviews. For example, NSIRA noted, and CSIS agreed, that the main policy suite related to the use of technical capabilities is outdated and under revision, though the timeline for completing this task is unclear.

In the interim, the policy suite is buttressed as required by directives from senior leadership and other relevant policies and practices. The lack of up-to-date policies and procedures may result in heightened compliance risks, an issue of interest to future NSIRA reviews.

In addition, CSIS is currently reworking the framework it uses to assess compliance and risk in this area. CSIS indicated that greater efficiencies in addressing stakeholder needs and compliance gaps could be achieved through new initiatives such as the creation of the Operational Technology Review Committee, which was created in May 2021. This committee’s objective is to review all new technologies used to collect intelligence and existing technologies that will be used in a new or different manner. The creation of the Operational Technology Review Committee suggests a positive step toward mitigating the risk of compliance breaches related to the deployment of technologies in support of operations. Most obviously, it presents a forum in which potential risks can be proactively identified and mitigated. The evolving nature of how compliance is monitored in relation to technical capabilities will be of interest to NSIRA moving forward.

Further questions exist regarding how CSIS monitors the operational value of technical capabilities. CSIS needs to strengthen its performance metrics program with regard to its deployment of technologies in support of operations. A performance measurement regime, currently under development, will become an important feature of the governance framework, with attendant compliance implications for possible future NSIRA reviews.

Overall, it will be important for NSIRA to remain up to date with respect to the technical aspects of CSIS intelligence collection operations, particularly given the speed with which technology and associated technical capabilities evolve.

As part of this effort, it may be possible to leverage existing reporting requirements already undertaken by CSIS. For example, Section 3 of the Ministerial Direction to the Canadian Security Intelligence Service: Accountability (September 10, 2019) requires CSIS to inform the Minister of Public Safety of operational activities in which “a novel authority, technique or technology is used.” These notifications could provide NSIRA with ongoing and up-to-date knowledge of CSIS’s capability suite and how/when technologies are deployed operationally. Furthermore, sharing the notifications would bolster CSIS’s efforts toward proactive transparency, which are in line with commitments to provide explanatory briefings to the Federal Court on new technologies used in warranted operations.

NSIRA has recommended that the full, unredacted, version of this technical survey be shared with the designated judges of the Federal Court.

Review of CSIS Threat Reduction Activities: A Focus on Information Disclosure to External Parties

Under the Anti-terrorism Act, 2015, CSIS was granted the authority to undertake threat reduction measures (TRMs). NSIRA is required to review, annually, at least one aspect of CSIS’s performance in the use of its threat reduction powers. NSIRA recognizes that CSIS’s threat reduction powers can be an effective tool to diminish a national security threat; however, these powers also command heightened responsibility, given their nature and ability to profoundly impact, not only the subject of a given TRM, but others potentially captured by its scope.

This year, NSIRA produced its second annual review of CSIS’s TRMs. This review sought to expand on findings from the previous review by examining a larger number of TRMs, wherein CSIS disclosed information to external parties, and in doing so, provided the external party the opportunity to take action, at their discretion and pursuant to their authorities, to reduce identified threats. This review studied the characteristics of these particular TRMs but focused its examination on the extent to which CSIS appropriately identified, documented and considered any plausible adverse impacts that these measures could have on affected individuals.

NSIRA observed that several different kinds of external parties were involved in the TRMs. These external parties had varied levers of control through which they could take action to reduce a threat.

NSIRA found that CSIS’s documentation of the information disclosed to external parties as part of TRMs was inconsistent and, at times, lacked clarity and specificity. NSIRA also found that CSIS did not systematically identify or document the authorities or abilities of external parties to take action, or the plausible adverse impacts of the TRM. NSIRA also found that CSIS did not always document the outcomes of a specific TRM, or the actions taken by external parties to reduce a threat.

Without robust documentation, CSIS is neither capable of assessing the efficacy of its measures nor appreciating the full impact of its actions related to these measures.

NSIRA recommended that when a TRM involves the disclosure of information to external parties, CSIS should clearly identify and document the scope and breadth of information that will be disclosed as part of the proposed measure. NSIRA recommended that CSIS should also fully identify, document and consider the authority and ability of the external party to take specific action to reduce a threat, as well as the plausible adverse impacts of the measure. Beyond recommending that CSIS comply with its record-keeping policies, NSIRA recommended that CSIS amend its TRM policy to include a requirement to systematically document the outcomes of TRMs, including actions taken by external parties. This practice should inform post-action assessments and future decision-making.

In addition, NSIRA found that the current assessment framework employed as part of the TRM approval process is overly narrow and does not sufficiently consider the full impact of CSIS TRMs. NSIRA recommended that CSIS consider plausible adverse impacts resulting not only from CSIS disclosures of information, but also from the actions of external parties as part of TRMs.

The variety of impacts observed in this year’s review, combined with the gaps identified in CSIS’s understanding and assessment of these impacts, highlights the salience of a number of NSIRA’s recommendations made in 2020. NSIRA reiterated its 2020 recommendation that CSIS consider more comprehensively the plausible adverse impacts of these types of measures on the affected individuals, even when they are carried out by the external party and not CSIS. These impacts should be considered not only when assessing the reasonableness and proportionality of a proposed measure, but also when determining whether a warrant is required.

The Canadian Security Intelligence Service Act (CSIS Act) is clear that when a proposed TRM would limit a right or freedom protected in the Canadian Charter of Rights and Freedoms, or would otherwise be contrary to Canadian law, CSIS must seek a judicial warrant. NSIRA fundamentally disagrees with CSIS’s understanding of and approach to the legal analysis of determining whether a warrant is required for proposed TRMs. In 2020, CSIS responded to this recommendation by stating, “the Department of Justice will consider this recommendation and factor it into its work related to TRMs under the CSIS Act.”

Going forward, NSIRA recommended that CSIS seeks a warrant when a proposed TRM could infringe on an individual’s Charter rights, or where it would otherwise be contrary to Canadian law, regardless of whether the activity would be conducted by CSIS directly, or via an external party to whom CSIS discloses information.

NSIRA was able to use its direct access to CSIS information repositories to confirm information that it needed to verify and pursue necessary additional inquiries. For that reason, NSIRA has a high level of confidence in the information used to complete this review. NSIRA would also like to recognize CSIS’s timeliness in responding to NSIRA’s requests for information throughout the course of this review.

Response to NSIRA’s recommendations

NSIRA’s recommendations, the management response of CSIS and other details about this review are found in Annex D of this report.

NSIRA’s annual review of CSIS activities

In accordance with the CSIS Act, CSIS is required to provide information to NSIRA on specific activities. In response, NSIRA has developed a process to examine this information throughout the year and highlight any significant observations as part of NSIRA’s annual reporting obligations to the Minister of Public Safety. This process aims to keep NSIRA informed of key CSIS activities so that it can identify emerging issues and compliance gaps in a timely manner, and plan reviews and annual reporting obligations. Furthermore, this process facilitates additional scrutiny of these activities, as necessary, to assess for compliance, reasonableness and necessity.

In 2021, NSIRA formalized this process and initiated an annual review pursuant to its review mandate (paragraph 8(1)(a) of the NSIRA Act). To enhance transparency, NSIRA requested additional categories of information from CSIS, including approved warrant applications, compliance reports, internal audits and evaluations, and communications between CSIS and the Federal Court and CSIS and the Minister of Public Safety. These additional categories sought to ensure that NSIRA has the benefit of specific policy and governance information beyond that which CSIS is legislatively required to provide.

NSIRA found that CSIS met its legislated reporting requirements; however, these requirements do not always translate into information that can be used for assessments by NSIRA. Notably, CSIS did not provide information on the additional categories of activities requested by NSIRA. Conversations to address these gaps will continue in 2022.

In 2022, NSIRA will continue its review of CSIS activities with the support of the information from CSIS as required under the CSIS Act and the NSIRA Act.

Statistics

NSIRA requested that CSIS provide for publication statistics and data about public interest and compliance-related aspects of its activities. NSIRA is of the opinion that the following statistics will provide the public with information related to the scope and breadth of CSIS operations, as well as display the evolution of activities from year to year.

Warrant applications

Section 21 of the CSIS Act authorizes CSIS to make an application to a judge for a warrant if CSIS believes, on reasonable grounds, that more intrusive powers are required to investigate a particular threat to the security of Canada. Warrants may be used by CSIS, for example, to intercept communications, enter a location, and/or obtain information, records or documents. Each individual warrant application could include multiple individuals or request the use of multiple intrusive powers.

NSIRA is aware that difficulties with the warrant acquisition process within CSIS persist. NSIRA’s Review on Rebuilding Trust: Reforming the CSIS Warrant and Justice Legal Advisory Process found that the current warrant process continues to be overly burdensome, despite attempts at reform. The review found a failure at CSIS to professionalize the warrant application process fully and sustainably. The lack of clear accountability and clear communication combined with excessive complexity have contributed to the problems facing this process. The review made a number of findings and recommendations related to systemic problems with CSIS’s warrant process.

Section 21 warrant applications made by CSIS, 2018 to 2021

2018201920202021
Approved warrants Total24231531
New warrant109213
Replacements1112814
Supplemental3254
Denied total0100
Threat reduction measures (TRMs)

Section 12.1 of the CSIS Act authorizes CSIS to take measures to reduce threats to the security of Canada, within or outside Canada. CSIS is authorized to seek a judicial warrant if it believes that certain intrusive measures (outlined in subsection 21 (1.1) of the CSIS Act) are required to reduce the threat. To date, CSIS has sought no judicial authorizations to undertake warranted TRMs.

NSIRA’s first two reviews of CSIS’s use of threat reduction measures found that CSIS did not sufficiently consider the full impact of the measure as part of the approval process for these activities. More specifically, these impacts were not explicitly considered when determining whether a warrant may be required. As already noted, NSIRA expects that when CSIS is proposing a TRM where an individual’s Charter rights would be limited or the TRM would otherwise be contrary to Canadian law, whether CSIS is undertaking the TRM directly or whether it will be executed by an external party, CSIS will seek a warrant to authorize the TRM.

Threat reduction measures approved, executed by CSIS and warranted, 2015 to 2021

2015201620172018201920202021
Approved TRMs1081523241123
Executed108131719817
Warranted TRMs0000000
CSIS targets

CSIS is mandated to investigate threats to the security of Canada, including espionage; foreign-influenced activities; political, religious or ideologically motivated violence; and subversion. Section 12 of the CSIS Act sets out criteria permitting CSIS to investigate an individual, group or entity for matters related to these threats. Sub jects of a CSIS investigation, whether they be individuals or groups, are called “targets.”

CSIS targets, 2018 to 2021

2018201920202021
Number of targets430467360352
Datasets

Data analytics is a key investigative tool for CSIS, providing it with the capacity to make connections and identify trends that are not possible through traditional methods of investigations. The National Security Act, 2017, which was passed by Parliament in June 2019, gave CSIS a suite of new powers including a legal framework for the collection, retention and use of datasets. The framework authorizes CSIS to collect datasets (sub- divided into Canadian, foreign and publicly available datasets) that have the ability to assist CSIS in the performance of its duties and functions. It also establishes safeguards for the protection of Canadian rights and freedoms, including privacy rights. These protections include enhanced requirements for ministerial accountability. Depending on the type of dataset, CSIS must meet different requirements before it is able to use the dataset.

The CSIS Act also requires CSIS to keep NSIRA apprised of certain dataset-related activities. Reports prepared following the handling of datasets are to be provided to NSIRA, under certain conditions and within reasonable timeframes. While CSIS is not required to advise NSIRA of judicial authorizations or ministerial approvals for the collection of Canadian and foreign datasets, CSIS has been proactively keeping NSIRA apprised of these activities.

While this new framework has provided opportunities to execute CSIS’s mandate to investigate threats, CSIS noted in its 2020 Public Annual Report that the current legislative framework is not without its challenges. NISRA is currently reviewing CSIS’s implementation of its dataset regime. The results of this review will inform Parliament’s review of the National Security Act, 2017.

Datasets evaluated by CSIS, approved or denied by the Federal Court or Intelligence Commissioner, and retained by CSIS, 2019 to 2021

201920202021
Publicly available datasets
Evaluated8114
Retained811215
Canadian datasets
Evaluated1002
Retained by CSIS00016
Denied by the Federal Court000
Foreign datasets
Evaluated800
Retained by CSIS01117
Denied by Minister000
Denied by IntelligenceCommissioner000
Justification Framework

The National Security Act, 2017, also created a legal justification framework for CSIS’s intelligence collection operations. The framework establishes a limited justification for CSIS employees, and persons acting at their direction, to carry out activities that would otherwise constitute offences under Canadian law. CSIS’s Justification Framework is modelled on those already in place for Canadian law enforcement. The Justification Framework provides needed clarity to CSIS, and to Canadians, as to what CSIS may lawfully do in the course of its activities. It recognizes that it is in the public interest to ensure that CSIS employees can effectively carry out its intelligence collection duties and functions, including by engaging in otherwise unlawful acts or omissions, in the public interest and in accordance with the rule of law. The types of otherwise unlawful acts and omissions that are authorized by the Justification Framework are determined by the Minister and approved by the Intelligence Commissioner. There remain limitations to what activities can be undertaken, and nothing in the Justification Framework permits the commission of an act or omission that would infringe a right or freedom guaranteed by the Charter.

According to subsection 20.1 (2) of the CSIS Act, employees must be designated by the Minister of Public Safety in order to be covered under the Justification Framework while committing or directing an otherwise unlawful act or omission. Designated employees are CSIS employees who require the Justification Framework as a part of their duties and functions. Designated employees are justified in committing an act or omission themselves (commissions by employees) and they may direct another person to commit an act or omission (directions to commit) as a part of their duties and functions. NSIRA is currently reviewing CSIS’s implementation of the Justification Framework. The results of this review will inform Parliament’s review of the National Security Act, 2017.

Authorizations, commissions and directions under the Justification Framework, 2019 to 2021

201920202021
Authorizations83147178
Commissions by employees173951
Directions to commit3284116
Emergency designations000
Compliance

CSIS’s internal operational compliance program leads and manages overall compliance within CSIS. The objective of this unit is to promote a “culture of compliance” within CSIS by investing in information technology (IT) to support the process around warrants, designing an approach for reporting and assessing potential non-compliance incidents, embedding experts in operational branches to provide timely advice and guidance, and producing internal policies and procedures for employees. This program is the centre for processing all instances of potential non-compliance related to operational activities.

NSIRA’s knowledge of CSIS operational non-compliance and associated violations of the Charter is limited to what is contained in the CSIS Director’s Annual Report on Operations to the Minister of Public Safety. NSIRA notes with interest that CSIS reports Charter violations as operational non-compliance. NSIRA will continue to monitor closely instances of non- compliance that relate to Canadian law and the Charter, and to work with CSIS to improve transparency around these activities.

Non-compliance incidents processed by CSIS, 2019 to 2021

201920202021
Processed compliance incidents19539985
Administrative5364
Operational40201921
Canadian law1
Canadian Charter of Rights and Freedoms6
Warrant conditions6
CSIS governance     8   

CSIS review plan

In 2022, NSIRA is commencing or conducting five reviews exclusively focused on CSIS, one review focused on CSIS and CSE operational collaboration (See 2022 CSE review plan, below), one focused on threat management by CSIS and the RCMP of ideologically motivated violent extremism, and a number of interagency reviews that contain a CSIS component.

In addition to NSIRA’s three legally mandated reviews of the Security of Canada Information Disclosure Act, the Avoiding Complicity in Mistreatment by Foreign Entities Act and CSIS’s TRMs, NSIRA has initiated or is planning the following CSIS reviews:

Justification Framework
This review will assess the implementation of CSIS’s new Justification Framework for activities that would otherwise be unlawful, authorized under the National Security Act, 2017.
Datasets
This review will examine the implementation of CSIS’s dataset regime following the coming into force of the National Security Act, 2017.
CSIS Cover Program
This review would be the first review of CSIS Cover Operations. It will survey the full range of CSIS cover activities and concentrate on building foundational knowledge to allow NSIRA to select specific activities for detailed review in future years.
Ideologically Motivated Violent Extremism
This is a joint CSIS-RCMP review of their respective and joint threat management of ideologically motivated violent extremism. The core of the review will be the interplay between CSIS and the RCMP in the context of ideologically motivatedviolent extremism, and an assessment of whether activities complied with the law, applicable ministerial directions, operational policies, and whether activitieswere necessary and reasonable.

Beyond 2022, NSIRA intends to explore reviews of CSIS on topics including, but not limited to:

  • the lifecycle of warranted information;
  • CSIS’s section 16 mandate;
  • “Strictly Necessary” retention policies; and
  • CSIS’s Internal Compliance Framework.

Access to CSIS information

Throughout 2021, NSIRA faced differing levels of access and responsiveness in relation to CSIS. COVID-19 related restrictions resulted in considerable delays with receiving requested information and briefings and impeded direct access to NSIRA’s dedicated office space within CSIS Headquarters.

In response to NSIRA’s requests for information, CSIS was transparent in its ability to respond and communicate anticipated delays. When access and staffing levels were no longer restricted, CSIS responses to formal and informal requests related to the Study of Technical Capabilities and the TRM review were timely and complete, and briefings were well administered and provided the requested information.

As mentioned above, throughout 2021, NSIRA did not have consistent access to its dedicated office space within CSIS Headquarters, which is used by NSIRA review, legal and investigation staff. As a result, NSIRA’s direct access to CSIS’s information systems was notably limited. NSIRA was provided various temporary accommodations within CSIS headquarters during this time.

CSIS was able to continue to provide NSIRA members access to its regional offices across Canada throughout 2021, however. This access supported NSIRA members not based in the National Capital Region, whose work often requires secure facilities where they can safely and securely access information relevant to reviews and investigations. NSIRA greatly appreciates the willingness and efforts of CSIS and its regional colleagues in this regard.

2.2 Communications Security Establishment reviews

Overview

NSIRA has the mandate to review any activity conducted by CSE. NSIRA must also submit a classified annual report to the Minister of National Defence on CSE activities, including information related to CSE’s compliance with the law and applicable ministerial directions, and NSIRA’s assessment of the reasonableness and necessity of the exercise of CSE’s powers.

In 2021, NSIRA completed two reviews of CSE, and directed CSE to conduct one departmental study, all of which are summarized below. NSIRA also began five new reviews focused on CSE’s activities that are scheduled for completion in 2022 (see 2022 CSE Review Plan, below). Furthermore, CSE is implicated in other NSIRA multi-departmental reviews, such as the legally mandated annual reviews of the Security of Canada Information Disclosure Act (SCIDA) and the Avoiding Complicity in Mistreatment by Foreign Entities Act (ACA), the results of which are described below (see Multi-departmental Reviews).

Although the pandemic and other priorities precluded NSIRA from advancing its previous commitments to redacting, translating and publishing reviews of the former Office of the CSE Commissioner, NSIRA remains committed to releasing this material, resources permitting.

Review of CSE’s Governance of Active and Defensive Cyber Operations

The Communications Security Establishment Act (CSE Act) provides CSE with the authority to conduct active cyber operations (ACOs) and defensive cyber operations (DCOs). As defined by the CSE Act, an ACO is designed to “degrade, disrupt, influence, respond to or interfere with the capabilities, intentions or activities of a foreign individual, state, organization or terrorist group as they relate to international affairs, defence or security.” A DCO helps protect Canadian federal government systems, or systems deemed by the Minister of National Defence to be important to Canada against foreign cyber threats. ACOs and DCOs are authorized by ministerial authorizations and, due to the potential impact on Canadian foreign policy, require the Minister of Foreign Affairs to consent to an ACO ministerial authorization or be consulted on a DCO ministerial authorization.

In this review, NSIRA assessed the governance framework that guides the conduct of ACOs and DCOs, and whether CSE appropriately considered its legal obligations and the foreign policy impacts of operations. NSIRA analyzed policies and procedures, governance and operational documentation, and correspondence within and between CSE and GAC. The review scope included the earliest available materials pertaining to ACOs and DCOs and ended concurrently with the validity period of the first ACO and DCO ministerial authorizations (2019–2020).

NSIRA incorporated GAC into this review, given the role of the Minister of Foreign Affairs in the ACO and DCO governance structure. As a result, NSIRA gained an understanding of the governance and accountability structures in place for these activities by obtaining unique perspectives from the two departments on their respective roles and responsibilities.

The novelty of these powers required CSE to develop new mechanisms and processes while also considering new legal authorities and boundaries. NSIRA found that both CSE and GAC made considerable efforts in building the ACO and DCO governance structure. In this context, NSIRA has found that some aspects of the governance of ACOs and DCOs could be improved by making them more transparent and clearer.

Specifically, NSIRA found that CSE could improve the level of detail provided to all parties involved in the decision-making and governance of ACOs and DCOs, within documents such as the ministerial authorizations authorizing these activities and the operational plans that are in place to govern their execution. Additionally, NSIRA also identified several gaps that CSE and GAC need to address, and recommended improvements relating to:

  • engaging other departments to ensure an operation’s alignment with broader
  • Government of Canada priorities;
  • demarcating an ACO from a pre-emptive DCO;
  • assessing each operation’s compliance with international law; and
  • communicating with each other any newly acquired information that is relevant to the risk level of an operation.

The gaps observed by NSIRA, if left unaddressed, could carry risks. For instance, the broad and generalized nature of the classes of activities, techniques and targets comprising ACOs and DCOs could capture unintended higher-risk activities and targets. Additionally, given the difference in the required engagement of GAC in ACOs and DCOs, misclassifying what is truly an ACO as a pre-emptive DCO could result in a heightened risk to Canada’s international relations through the insufficient engagement of GAC.

While this review focused on the governance structures at play in relation to ACOs and DCOs, of even greater importance is how these structures are implemented and followed in practice. NSIRA made several observations about the information contained within the governance documents developed to date and will subsequently assess how they are put into practice as part of NSIRA’s forthcoming review focused on the operations themselves.

Response to NSIRA’s recommendations

NSIRA’s recommendations and other details about this review are found in Annex D of this report.

Review of Information Sharing across Aspects of CSE’s Mandate

This review examined CSE’s legal authority for sharing information obtained in the course of one aspect of its mandate for the purposes of fulfilling another aspect of its mandate. Specifically, the review focused on internal information sharing within CSE between the foreign intelligence aspect and the cybersecurity and information assurance (cybersecurity) aspect of CSE’s mandate.

NSIRA examined whether CSE’s internal sharing of information relating to a Canadian or a person in Canada (IRTC) is consistent with the Privacy Act, which limits how collected personal information can be used by a federal institution, and the CSE Actwhich applies to CSE’s incidental collection and use of IRTCNSIRA concluded that from the descriptions of the aspects in sections 16 and 17 of the CSE Actsometimes information acquired under one aspect can be used for the same, or a consistent purpose, as another. This would satisfy Privacy Act requirements for sharing information internally. However, this principle cannot simply be assumed to apply as the purposes of the aspects differ within the CSE Act. CSE must conduct case-by-case compliance analysis that considers the purpose of the collection and sharing.

NSIRA considers it necessary for the Chief of CSE’s application for a ministerial authorization to fully inform the Minister of National Defence of how IRTC might be used and analyzed by CSE, including the sharing of IRTC to another aspect, and for what purpose. With one exception, the Chief’s applications for the period of review appropriately informed the Minister that retained IRTC might be used to support a different aspect. Moreover, the foreign intelligence applications appropriately informed the Minister how CSE assessed “essentiality” for IRTC collected under the foreign intelligence aspect.

Under CSE policy, an assessment of IRTC’s relevance, essentiality or necessity to each aspect is required for sharing information across the aspects. CSE policy offers definitions and criteria for assessing and applying these thresholds to the information. NSIRA found that CSE’s policy framework with regards to the internal sharing of information between the foreign intelligence and cybersecurity aspects of the mandate is compliant with the CSE Act.

Response to NSIRA’s recommendations

NSIRA’s recommendations, CSE’s management response and other details about this review are found in Annex D of this report.

CSE Departmental Study on Disclosures of Canadian Identifying Information

Following a 2020 review of CSE’s disclosures of Canadian identifying information (CII),21 NSIRA concluded that CSE’s implementation of its disclosure regime under the National Defence Act may not have been in compliance with the Privacy Act. On November 25, 2020, following the release of the review, NSIRA submitted a compliance report to the Minister of National Defence. NSIRA was of the opinion that CSE, as the custodian of incidentally collected CII, has the responsibility to assure itself and to document that both a collection and disclosure authority exist before sharing it with third-party recipients. NSIRA then directed CSE to conduct a departmental study of its disclosure of CII from August 1, 2019, to March 1, 2021.

The purpose of the departmental study was to ensure that disclosures of CII conducted by CSE were conducted in a manner that complies with the CSE Actand that all disclosures of CII were essential to international affairs, defence, security or cybersecurity.

CSE provided the completed departmental study to the Minister of National Defence on October 8, 2021, with a copy to NSIRA, on November 1, 2021. NSIRA is satisfied that CSE provided a complete accounting of its disclosure regime for the requested period of review and provided a report that meets the objectives detailed in NSIRA’s terms of reference. In doing so, CSE defined its process for assessing and disclosing CII requests to Government of Canada and foreign clients under the CSE Act while also providing an update on relevant changes that have been made to its disclosure regime based on NSIRA’s recommendations from the last CII review.

The production of the departmental study also provided an opportunity for CSE to review the CII disclosure regime from CSE’s own perspective. This process provides NSIRA with a clearer understanding of how CSE manages its program and evaluates its relevant legal authorities. In addition to contributing to NSIRA’s current understanding of CSE’s disclosure regime, the study will also assist in identifying avenues of inquiry for the planned follow-up review of CII scheduled for 2023.

Statistics

To achieve greater public accountability, NSIRA recommends that CSE publish statistics and data about public interest and compliance-related aspects of its activities. NSIRA is of the opinion that the following statistics will provide the public with information related to the scope and breadth of CSE operations, as well as display the evolution of activities from year to year.

Ministerial authorizations and ministerial orders

Ministerial authorizations are issued by the Minister of National Defence and authorize specific activities conducted by CSE pursuant to one of the aspects of the CSE mandate. The following table lists the ministerial authorizations issued between 2019 and 2021.

CSE ministerial authorizations, 2021

Type of ministerial authorizationEnabling section of the CSE ActNumber issued in 2019Number issued in 2020Number issued in 2021
Foreign intelligence26(1)333
Cybersecurity — federal and non- federal27(1) and27(2)212
Defensive cyber operations29(1)111
Active cyber operations30(1)112

Note: This table refers to ministerial authorizations that were issued in the given calendar years and may not necessarily reflect ministerial authorizations that were in effect at a given time. For example, if a ministerial authorization was issued in late 2020 and remained in effect in parts of 2021, it is counted above solely as a 2020 ministerial authorization.

Ministerial orders are issued by the Minister of National Defence and designate people or organizations with whom CSE can work and share information. For instance, a ministerial order designating non-federal information infrastructures as being of importance to the Government of Canada is required for CSE to carry out certain aspects of its cybersecurity and defensive cyber operations mandate. A ministerial order is also required to designate recipients of CII. The following table lists the three ministerial orders in effect in 2021.

CSE ministerial orders, 2021


Nameof ministerial order
In effect in 2021Enabling section of the CSE Act
Designating electronic information and information infrastructures of importance to the Government of Canada121(1)
Designating recipients of information relating to a Canadian or person in Canada acquired, used or analyzedunder the cybersecurity and information assurance aspects of the CSE mandate144(1) and45
Designating recipients of Canadian identifying information used, analyzed or retained under a foreign intelligence authorization pursuant to section45 of the CSE Act143 and 45
Foreign intelligence reporting

Pursuant to section 16 of the CSE Act, CSE is mandated to acquire information from or through the global information infrastructure, and to use, analyze and disseminate the information for the purpose of providing foreign intelligence in accordance with the Government of Canada’s intelligence priorities.

According to CSE, it released 3,050 foreign intelligence end-product reports to 1,627 clients across 28 departments or agencies of the Government of Canada in 2021.

Information relating to a Canadian or a person in Canada

As discussed in NSIRA’s Review of Information Sharing Across Aspects of CSE’s Mandate, IRTC includes information about Canadians or persons in Canada that may be incidentally collected by CSE while conducting foreign intelligence or cybersecurity activities under the authority of a ministerial authorization. According to CSE policy, IRTC is any information recognized as having reference to a Canadian or person in Canada, regardless of whether that information could be used to identify that Canadian or person in Canada.

CSE was asked to release statistics or data about the regularity with which IRTC or “Canadian-collected information” is included in CSE’s end-product reporting. CSE responded that “as this type of information has not previously been disclosed publicly, CSE is carrying out an injury assessment to determine if information can be provided for publication.” CSE subsequently advised that “The impact assessment for disclosure of information requested … is a longer-term endeavour that is unlikely to be resolved in time for the 2021 NSIRA public annual report. Please consider [CSE’s response] as ‘no releasable information’ for the purpose of this year’s report.”

Canadian identifying information

CSE is prohibited from directing its activities at Canadians or persons in Canada. However, given the nature of the global information infrastructure and CSE’s collection methodologies, such information may be incidentally acquired by CSE. When used in CSE foreign intelligence reporting, incidentally collected information potentially identifying a Canadian or a person in Canada is suppressed in order to protect the privacy of the individual(s) in question. CSE may release unsuppressed CII to designated recipients when the recipients have the legal authority and operational justification to receive it and when it is essential to international affairs, defence or security (including cybersecurity).

The following table shows the number of requests CSE received for disclosure of CII in 2021.

Number of requests for disclosure of Canadian identifying information, 2021.

Type of requestNumber
Government of Canada requests741
Five Eyes27 requests90
Non-Five Eyes requests0
Total831

CSE was also asked to release the number of instances where CII is suppressed in CSE foreign intelligence or cybersecurity reporting. CSE indicated that “as this type of information has not previously been disclosed publicly, CSE is carrying out an injury assessment to determine if information can be provided for publication.” CSE subsequently advised that “The impact assessment for disclosure of information requested … is a longer-term endeavour that is unlikely to be resolved in time for the 2021 NSIRA public annual report. Please consider [CSE’s response] as ‘no releasable information’ for the purpose of this year’s report.”

Privacy incidents and procedural errors

A privacy incident occurs when the privacy of a Canadian or a person in Canada is put at risk in a manner that runs counter to, or is not provided for, in CSE’s policies. CSE tracks such incidents via its Privacy Incidents File, Second-party Privacy Incidents File and Minor Procedural Errors File.

The following table show the number of privacy incidents and procedural errors CSE tracked in 2021.

CSE privacy incidents and procedural errors, 2021

Type of incidentNumber
Privacy incidents96
Second-party privacy incidents33
Minor procedural errors18
Cybersecurity and information assurance

Pursuant to section 17 of the CSE Act, CSE is mandated to provide advice, guidance and services to help protect electronic information and information infrastructures of federal institutions, as well as non-federal entities which are designated by the Minister as being of importance to the Government of Canada.

CSE was asked to release statistics or data characterizing CSE’s activities related to the cybersecurity and information assurance aspect of its mandate. CSE responded that:

  • Generally, the Canadian Centre for Cyber Security does not comment on specific cyber security incidents, nor do we confirm businesses or critical infrastructure partners that we work with or provide statistics on the number of reported incidents. Statistics on cyber incidents, including cybercrime, are predicated upon victims coming forward, which is not an accurate reflection of the Canadian environment.
  • CSE and its Canadian Centre for Cyber Security work every day to defend Government of Canada systems from cyber attacks. On any given day, CSE’s dynamic defence capabilities block up to seven billion reconnaissance scans on these systems.
Defensive and active cyber operations

Pursuant to section 18 of the CSE Act, CSE is mandated to conduct DCOs to help protect electronic information and information infrastructures of federal institutions, as well as non- federal entities that are designated by the Minister of Defence as being of importance to the Government of Canada from hostile cyber attacks.

Pursuant to section 19 of the CSE Act, CSE is mandated to conduct ACOs against foreign individuals, states, organizations or terrorist groups as they relate to international affairs, defence or security.

CSE was asked to release the number of DCOs and ACOs approved during 2021. CSE responded that it is “not in a position to provide this information for publication by NSIRA, as doing so would be injurious to Canada’s international relations, national defence and national security.”

Technical and operational assistance

As part of the assistance aspect of CSE’s mandate, CSE receives Requests for Assistance from Canadian law enforcement and security agencies, as well as from the DND/CAF.

The following table shows the number of requests for assistance CSE received and acted on in 2020 and 2021.

CSE requests for assistance received and acted on, 2020 and 2021

Requests for assistance20202021
Number received2435
Number acted on2332

2022 CSE review plan

In addition to NSIRA’s two legally mandated reviews of the Security of Canada Information Disclosure Act and the Avoiding Complicity in Mistreatment by Foreign Entities Act, both of which implicate CSE, NSIRA has initiated or is planning the following five reviews of CSE:

Review of CSE’s Internal Security Program (Safeguarding)
This review will examine how CSE safeguards its employees, information and assets. It will explore the ways in which CSE mitigates internal security risks through inquiries and investigations, and in particular, the use of the polygraph as a tool in the security screening process. This review will alsoassess CSE’s compliance with Treasury Board security policies and directives, as well as the adequacy of, adherence to and effectiveness of CSE’s internal processes used to address potential or actual security incidents, violations and breaches of security.
Review of Cybersecurity — Network-Based Solutions
This will be NSIRA’s first review focused on the cybersecurity and information assurance aspect of CSE’s mandate. It will explore the use of a specific tool: Network Based Solutions as outlined within the cybersecurity ministerial authorization.
Review of Active and Defensive Cyber Operations — Part 2 (Operations)
This review is the continuation of NSIRA’s examination of CSE’s active and defensive cyber operations conducted prior to July 30, 2021. The first review focused on the internal policies and procedures governing CSE’s use of active and defensive cyber operations. This review builds on NSIRA’s previous work and will focus on the implementation of these governance structures in actual operations.
Review of a Program under the Foreign Intelligence Mandate
This is a review of a classified program under the foreign intelligence aspect of CSE’s mandate. Thisprogram is authorized by a ministerial authorization, which also sets out its parameters.
Review of CSE-CSIS Operational Collaboration
This review will examine operational collaboration between CSE and CSIS, both under the assistance aspect of CSE’s mandate, but also as it relates to joint operational activities coordinated between them under each agency’s respective mandates.

Beyond 2022, NSIRA intends to review topics including, but not limited to:

  • an annual compliance review of CSE;
  • CSE’s signals intelligence(SIGINT) retention practices;
  • a CSE collection program conducted under a ministerial authorization; and
  • CSE’s Equities Management Framework.

Access to CSE information

In its 2020 Public Annual Report, NSIRA noted that it was seeking to formalize CSE’s provision of specific categories of information on a regular basis, such as ministerial authorizations, orders and directives, which would be used to ensure compliance of activities and to inform the conclusions NSIRA provides in the annual classified report to the Minister of National Defence. NSIRA will commence this review, called the annual compliance review of CSE, in 2022. NSIRA is pleased to report that CSE has already begun the process of providing the requested information.

NSIRA also previously reported that a lack of comprehensive and independently verifiable access to CSE’s information repositories posed a significant challenge to NSIRA’s ability to review CSE’s activities. In 2021, this challenge persisted.

In 2021, NSIRA sought to develop direct access to CSE information repositories, further to NSIRA’s “trust but verify” review model. With the exception of dedicated office space, which NSIRA continues to utilize at CSE’s Headquarters, NSIRA and CSE have been unable to achieve a workable trust-but-verify model for any reviews of CSE to date, despite several proposals for test cases brought forward by NSIRA throughout the year. NSIRA remains committed to developing a greater degree of verifiable access to CSE information so as to ensure the robustness of its findings and recommendations and, in turn, provide greater transparency of CSE activities to Parliament and the Canadian public.

In lieu of direct access to CSE information repositories, NSIRA has to rely on CSE External Review staff to collect relevant information held by CSE on its behalf. CSE External Review organizes briefings by subject matter experts, solicits responses to specific questions, and coordinates searches by CSE staff through information repositories for documents and other materials relevant to reviews. NSIRA recognizes the work of CSE External Review staff and thanks them for their contribution to the work of review.

However, reliance on CSE to locate, collate and curate information for NSIRA is not a proper long-term alternative to direct access. Currently, and on receipt of a request for information, CSE conducts a lengthy process to locate and collect information, followed by an internal review of this information to determine relevance prior to releasing materials to NSIRA. CSE’s predetermination of relevance of information undercuts NSIRA’s authority to decide whether information relates to its reviews and contributes to significant delays in the provision of information to NSIRA. Furthermore, this process creates a burden on CSE staff to coordinate responses to NSIRA’s information requirements. This workload could be substantially reduced by allowing NSIRA to conduct its own searches in CSE’s information repositories. Concurrently, it would serve as an element of verification that could strengthen NSIRA’s confidence in the completeness of information reviewed.

Beyond the issues related to limitations on NSIRA’s ability to trust but verify are ongoing concerns related to CSE’s responsiveness. As mentioned above, significant delays in the provision of information continued to pose a disruptive challenge to all NSIRA reviews of CSE activities in 2021. Although the COVID-19 pandemic interrupted life everywhere, it alone could not account for the extent of delays experienced during 2021. The timely provision of information required for a review not only facilitates the work of NSIRA, but is a legal requirement to which NSIRA expects CSE to adhere.

The sole exception to NSIRA’s right of access to information under the control of CSE is a confidence of the Queen’s Privy Council for Canada, otherwise known as a Cabinet confidence. Information subject to the Privacy Act, or any other act of Parliament, for that matter, as well as highly classified or Exceptionally Controlled Information (ECI) must be made available to NSIRA in a timely manner, when it relates to a review. This was not always the case in 2021.

In light of the ongoing challenges to NSIRA reviews of CSE activities, NSIRA continues to be of the opinion that the only mechanism to ensure a high degree of confidence, reliability and independence in its work is to have direct access to information relevant to its reviews. One important way by which CSE can continue to increase the level of transparency for its activities is to facilitate greater direct access for external review. For NSIRA to be able to conduct its work with a high degree of confidence, it must be able to verify the accuracy and completeness of the information on which it bases its findings and recommendations. NSIRA will continue to work with CSE to identify ways it can begin to implement additional elements of NSIRA’s trust but verify methodology in a more comprehensive and meaningful manner.

2.3 Other government departments

Overview

Beyond CSIS and CSE, NSIRA initiated reviews of the following departments and agencies in 2021:

  • the Department of National Defence / Canadian Armed Forces (DND/CAF);
  • the Royal Canadian Mounted Police (RCMP);
  • Immigration, Refugees and Citizenship Canada (IRCC);
  • the Canada Border Services Agency (CBSA); and
  • Transport Canada.

As well, through the annual reviews of the Security of Canada Information Disclosure Act and the Avoiding Complicity in Mistreatment by Foreign Entities Act, NSIRA has engaged with all departments and agencies that make up the Canadian national security and intelligence community.

The following sections outline reviews completed or initiated in 2021, by department or agency, as well as some planned future reviews.

Department of National Defence and the Canadian Armed Forces

Study of the Defence Intelligence Enterprise of the Department of National Defence and the Canadian Armed Forces

The purpose of this study was threefold. The primary objective focused on understanding the concept of the Defence Intelligence Enterprise (DIE), the umbrella under which DND/CAF conducts its intelligence activities. The second objective focused on developing an understanding of the compliance and oversight functions within the DIE, as well as the reporting of instances of non-compliance. Finally, the information gathered through the two primary objectives of this review provided NSIRA with prerequisite knowledge to help design future reviews.

Although comprising only a small percentage of the work of DND/CAF, the intelligence function is growing both in how DND/CAF perceives its importance, as well as in resource allocation. All of DND/CAF’s intelligence activities and structures fall within the DIE and without an understanding of this enterprise, NSIRA’s review plan would lack focus and organization. The DIE represents a large and complex structure with widely varied activities and functions. Successive reviews will build on NSIRA’s knowledge and experience, as well as developing the required expertise to proactively identify areas of future review. In addition, having a more complete understanding of the DIE will help NSIRA better situate DND/CAF in the broader security and intelligence community, so it can identify more opportunities for horizontal review activities.

This study also helped to highlight and identify some of the challenges NSIRA may face in reviewing DND/CAF moving forward. Notably, DND/CAF represents a large and complex structure with widely varied activities and functions. Reporting structures are complex. For example, DND senior management structures report directly to the Deputy Minister, CAF Commands report directly to the Chief of the Defence Staff, and some accountability structures require reporting to both. NSIRA also observed that information collection and storage procedures vary across the organization and that it has over 180 independent electronic repositories. The combination of these elements emphasizes the importance of maintaining strong working relationships with DND/CAF to help navigate access to timely information and assets. NSIRA is working closely with DND/CAF on how to overcome these challenges, including the possibility of providing detailed search strings and follow-up briefings to attest to the reliability, completeness and specificity of the provided documentation.

Review of the Canadian Forces National Counter-Intelligence Unit — Operational Collection and Privacy Practices

This review was a follow up to last year’s review of the Canadian Forces National Counter- Intelligence Unit (CFNCIU). This year’s review focused on how IT searches were used to support counter-intelligence investigations. NSIRA assessed whether IT searches and the collection of information in support of counter-intelligence investigations interfered with individuals’ reasonable expectation of privacy in the circumstances.

Over the course of the review, NSIRA identified three areas of concern tied to the requests for, and conduct of, counter-intelligence internal IT network searches. These are arranged under the following categories: (1) CFNCIU’s search of a subject’s email, internet and removable device activity; (2) the CFNCIU checklist used to identify and restrict search parameters, and how applicable stakeholders define search parameters; and (3) the use acquired information to expand supplementary searches.

NSIRA believes that DND employees and CAF members have a reasonable expectation of privacy when using work computers for personal use. CFNCIU requires the assistance of police or security agencies to obtain search warrants or technical intercept services, under Level II and Level III investigations. NSIRA found that CFNCIU may be inappropriately relying on DND/CAF policies as lawful authority to interfere with a subject’s reasonable expectation of privacy.

NSIRA observed that information obtained by CFNCIU via the checklist has the potential to capture intimate and personal information that touches on a subject’s biographical core. NSIRA found that the checklist risks capturing information that is protected by section 8 of the Charter. NSIRA also found that DND/CAF is applying a definition of metadata that captures information that could be subject to a reasonable expectation of privacy.

NSIRA observed that CFNCIU IT inquiries used broad search parameters, which may include information not relevant to the investigation. These parameters were applied as broad approvals with no specific internal controls or oversight at both the operational and working levels. Collection techniques, due in part to the limitations of IT audit tools and broad search parameters, resulted in a wide net being cast. NSIRA found that the investigative IT system practices observed in the context of CFNCIU’s counter-intelligence investigations have insufficient legal oversight to ensure that they are as minimally invasive as possible.

As a result of these findings, NSIRA recommended that DND/CAF suspend investigative IT system practices in the context of CFNCIU counter-intelligence investigations until a reasonable legal authority has been established. Once a reasonable legal authority has been established, DND/CAF should create a new policy framework that is reflective of the noted findings.

Response to NSIRA’s recommendations

NSIRA’s recommendations, DND/CAF’s management response and other details about this review are found in Annex D of this report.

Reviews planned or in progress

NSIRA has several reviews planned for DND/CAF and will conduct further work on two in 2022. The first one in progress is NSIRA’s review of DND/CAF’s human intelligence (HUMINT) program. This review will examine the entirety of the human source handling program used by DND/CAF.

Second, NSIRA is currently examining the domestic open-source collection activities of DND/CAF. More specifically, this review will take a closer look at legal authorities and the policy framework, program support and training, information and technology management systems, collection activities, intelligence production and dissemination, and oversight and accountability mechanisms.

Access to DND/CAF information

DND/CAF is the largest federal government department, both in terms of personnel (127,000 including regular and reserve forces) and number of physical locations occupied (42 in the National Capital Region alone). Given its domestic and international breadth, information collection and storage varies across the organization, with 180+ independent electronic repositories. NSIRA primarily accesses information through DND/CAF’s liaison body, the National Security and Intelligence Review and Oversight Coordination Secretariat (NSIROCS).

To help ensure that NSIRA receives timely and complete access to requested information, DND/CAF has formalized processes for responding to requests for information that includes a Level 1 (assistant deputy minister or equivalent) approval and attestation. Therefore, when NSIROCS receives a request for information, it coordinates with internal stakeholders to provide the requested information and submit it for Level 1 approval, after which the assistant deputy minister (or equivalent) provides a managerial attestation verifying the completeness and accuracy of the information provided.

NSIRA has also established direct access to specific DND/CAF IT systems for an ongoing review, and is working on a “proxy access” model for future reviews. Ultimately, the nature and scope of the review will dictate the access and verification model to be applied. NSIRA remains committed to working with NSIROCS to ensure that access and verification processes meet review requirements.

Royal Canadian Mounted Police

Reviews in progress or planned

NSIRA is currently working on three reviews focused exclusively on the RCMP. One of these reviews assesses the RCMP’s use of human sources in national security criminal investigations. Another review examines how the RCMP bypasses encryption when it intercepts private communications in national security criminal investigations. Lastly, NSIRA’S review of the Operational Research Unit of the RCMP will be examining the unit’s access to and use of security intelligence. The RCMP is also implicated in one multi- departmental review that is discussed below.

Access to RCMP information

NSIRA began reviewing the RCMP in 2020 and does not yet have direct access to the RCMP’s IT systems. The decentralized nature of the RCMP’s information holdings, COVID-19- related restrictions, and limitations resulting from other emergencies have resulted in delays in the RCMP providing NSIRA with requested information. NSIRA is committed to working with the RCMP’s National Security External Reviews and Compliance (NSERC) team to establish approaches for the timely provision of information.

In lieu of direct access to RCMP IT systems, NSIRA currently relies on the RCMP’s NSERC team to collect relevant information. NSIRA thanks the NSERC team for its contribution to the work of review but looks forward to working toward direct access to RCMP IT systems or alternate independent verification processes that provides NSIRA with independent confidence in the reliability and completeness of the information it has access to.

Canada Border Services Agency

In 2021, NSIRA completed its review of the Government of Canada’s use of biometrics in the border continuum that, while also examining IRCC and Transport Canada, had a strong CBSA component. The summary of this review can be found in the multi-departmental review section below.

NSIRA also made considerable progress on two CBSA -focused reviews. The first review is of air passenger targeting and examines the CBSA’s use of predictive analysis to identify inbound air travellers for further scrutiny in relation to national security threats. The second review assesses the CBSA’s use of confidential human sources, building on prior work in this area by National Security and Intelligence Committee of Parliamentarians.

Financial Transactions and Reports Analysis Centre of Canada

NSIRA is currently working on its first review of the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). NSIRA will examine FINTRAC’s existing regime for sharing information with its domestic and international partners by looking at queries and disclosures to foreign financial intelligence units.

2.4 Multi-departmental reviews

Study of the Government of Canada’s Use of Biometrics in the Border Continuum

Biometrics play a fundamental role in the border continuum, which includes the screening of foreign nationals seeking admission to Canada and the identification of passengers travelling internationally by air. In the course of this review, NSIRA examined activities conducted by the CBSA, IRCC and Transport Canada. The review also extended to the RCMP, which plays a supporting role in one of the major IRCC-led programs using biometrics.

Biometrics are sensitive personal information. The identification of persons by virtue of their biological characteristics raises privacy and human rights concerns. There is public apprehension about the government’s use of biometric analysis, as reflected in discussions regarding the use of facial recognition technology and, relatedly, its possible disparate impact on marginalized groups. At the same time, identifying individuals entering the country — and consequently determining whether they have a right to enter, or what risks they might pose — serves a national security function. In this way, the use of biometrics requires an assessment of the balance between security and privacy.

The immediate objective of this review was to map the nature and scope of biometric activities occurring in this space. This included examining the collection, retention, use and disclosure of biometric information, as well as the legal authorities under which these activities occur. This review also considered the reasonableness and necessity of these activities, studying the accuracy and reliability of biometrics.

This review identified a set of observations linked to nine overarching themes:

  • Biometrics and national security. The centrality of national security as a justification for biometric activities has waned over time relative to other objectives, such as identity management and traveller facilitation. This makes it challenging to assess biometric activities in general as national security activities. Future NSIRA reviews may focus more narrowly on biometric activities that directly engage national security.
  • The steady-state activities. The steady-state biometric activities in the border continuum are generally well-supported by current legal authorities and are consistent with international practice.
  • Expanding use of biometrics over time. The use of biometrics in the border continuum has significantly expanded over the last three decades and is likely to continue expanding in the future. New biometric activities must be justified according to the necessity and proportionality of collecting and using biometrics for particular, intended objectives.
  • Pilot projects. Pilot projects and initiatives raise more concerns than do steady-state activities, as they risk being implemented without sufficient legal analysis or policy development. Despite the temporary or experimental nature of a project, NSIRA expects that departments will conduct the analysis necessary to ensure that legal authority is in place for the conduct of the activity, and that the attendant collection, use, retention and disclosure of personal information is well-governed by policy.
  • Evolving legal and societal norms. The public debate surrounding legal authorities questions whether existing standards and protections are sufficient for regulating biometric activities or whether new standards and protections are required. The border is, comparatively, a space in which greater intrusiveness is considered reasonable — but the boundaries of those justifications are not limitless, and will require careful calibration moving forward.
  • The dual use of biometrics. NSIRA observed several instances of possible dual use of biometric information in the activities examined in this report. Even where new uses of biometrics offer demonstrable benefits, new uses must be carefully considered to ensure their reasonableness and proportionality. In addition, all new uses must be justified and well-authorized in law. The principle of “purpose limitation” may be a way of guarding against dual use in the context of biometric activities.
  • Technical systems. There is significant overlap between the technical systems and databases used across the steady-state biometric activities. The overall architecture of the systems is complex, though not necessarily problematic.
  • Visibility into algorithms. Departments and agencies have limited ability to see how the algorithms they use for biometric analysis operate. Each department and agency did, however, demonstrate that performance metrics are known and tested, and that custom thresholds are used when appropriate.
  • Preventing bias and discrimination. IRCC and the CBSA have conducted preliminary analyses to explore how their biometric activities may impact diverse groups of people, though the implementation of possible mitigation strategies was not always apparent. In some contexts, technological advancements have helped to reduce, but not eliminate, differential impacts. More work remains in terms of mitigating differential impacts on segments of the population. At the same time, the departments and agencies under review have demonstrated their awareness of possible systemic inequalities and their commitment to addressing them.

Public debate about the government’s application of biometric technology will continue to evolve, driving change in the legal and regulatory frameworks associated with such activities. As such, continued scrutiny from NSIRA is warranted, particularly in those instances where the collection and use of biometric information is justified by explicit reference to national security outcomes.

Review of Federal Institutions’ Disclosures of Information under the Security of Canada Information Disclosure Act in 2020

In November 2021, NSIRA and the Office of the Privacy Commissioner of Canada (OPC) completed a joint review of the 215 disclosures made under the Security of Canada Information Disclosure Act (SCIDA) in 2020 — NSIRA’s first joint review with another review body.

SCIDA encourages and facilitates the sharing, or disclosure, of information within the federal government to protect against activities that undermine or threaten national security, subject to certain conditions. SCIDA permits disclosures of information where the disclosing federal institution satisfies itself that the information will contribute to the exercise of the recipient federal institution’s jurisdiction or responsibilities in respect of activities that undermine the security of Canada, and will not affect any person’s privacy interest more than is reasonably necessary. This is called the disclosure test.

The review found that 212 of the 215 disclosures (approximately 99%) appeared to meet both parts of the disclosure test. In the remaining three disclosures, the information appeared speculative, with no clear connection to activities that undermine the security of Canada. All three of the disclosures of concern were proactive disclosures by the RCMP. Of particular interest was the RCMP’s disclosure of the identities and biometric information about approximately 2,900 individuals to the CAF. NSI RA and the OPC recommended that the RCMP update its policies and practices to support compliance with the disclosure test, that the institution that received the disclosure of concern from the RCMP delete or return the information unless they can demonstrate a valid reason not to,and that any institution disclosing personal information about a large number of individuals (bulk disclosure) exercise heightened due diligence.

The records reviewed also highlighted one case of a verbal disclosure made to CSIS months prior to a formal SCIDA disclosure and without an apparent source of legal authority. NSIRA and the OPC recommended that institutions with national security expertise ensure that when they request personal information for national security purposes from other federal institutions, they make it clear that their request, in and of itself, does not constitute or confer authority on the other institution to disclose personal information.

Based on CSE’s and IRCC’s information-sharing patterns under SCIDA, NSIRA and the OPC recommended that these two institutions enter into an information-sharing arrangement, and that GAC and CSIS update their information-sharing arrangement to incorporate SCIDA’s guiding principles.

Finally, the review examined the federal government’s SCIDA policies. The review found that Public Safety Canada developed a SCIDA guide for federal institutions, led an interdepartmental working group, and provided training that included all 17 of the federal institutions listed in SCIDA. The review also found that 16 of the 17 federal institutions listed in SCIDA — the exception being the Canadian Food Inspection Agency — have policies to support compliance with SCIDA. NSIRA and the OPC recommended that the Canadian Food Inspection Agency develop a similar framework to implement a SCIDA policy.

Response to NSIRA’s recommendations

NSIRA’s recommendations, the management response of reviewees and other details about this review are found in Annex D of this report.

Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2020

The Avoiding Complicity in Mistreatment by Foreign Entities Act (ACA) and directions issued according to the ACA seek to prevent the mistreatment of any individual as a result of information exchanged between a department of the Government of Canada and a foreign entity. At the heart of the directions is the consideration of substantial risk, and whether that risk, if present, can be mitigated. To do this, the ACA and the directions lay out a series of requirements that need to be met or implemented when handling information.

This review covered the implementation of the directions sent to 12 departments and agencies from January 1, 2020, to the end of the calendar year, December 31, 2020. It was conducted under subsection 8(2.2) of the NSIRA Act, which requires NSIRA to review, each calendar year, the implementation of all directions issued under the ACA.

This was the first ACA review to cover a full calendar year. Many of the reviewed departments noted that the COVID-19 pandemic impacted their information-sharing activities, such as the number of cases requiring further review as per the ACA. As such, NSIRA found that from January 1, 2020, to December 31, 2020, no cases under the ACA were issued to deputy heads in any department.

While NSIRA was pleased with the considerable efforts made by many departments new to the ACA in building their frameworks, the CBSA and Public Safety Canada had not finalized their policy frameworks in support of the directions received under the ACA within the review period.

Mitigation measures used by departments were also reviewed this time, since they are an integral part in the information-sharing process for departments.

NSIRA believes that it is now in a position to conduct in-depth case study assessments of individual departments’ adherence to the ACA and directions, irrespective of whether a department reported any cases to its deputy head. Finally, future reviews will follow up on the ongoing implementation of NSIRA’s past recommendations.

Reviews planned or in progress

In the future, NSIRA intends to continue to take advantage of its mandate to “review any activity carried out by a department that relates to national security or intelligence” by pursuing more multi-departmental reviews and avoiding examinations in siloes. In addition to the mandated annual SCIDA and ACA reviews, NSIRA plans to work on two more reviews involving multiple departments. The first one is a review of how CSIS and the RCMP manage threats posed by ideologically motivated violent extremism. The second review will study the relationship between CSE and CSIS on operational activities.

2.5 Technology in review

Integration of technology in review

Traditionally associated with the systems and software responsible for the administrative support of an organization, IT plays an increasingly large role in the operational activities of Canada’s national security and intelligence community. By taking advantage of rapid advances in cutting-edge technologies, Canada’s security and intelligence community is operationalizing advancements in technology to a degree greater than ever before. Modern national security and intelligence agencies must not only use new technologies to enhance their respective mandates, but they also do so to keep abreast of new opportunities, as well as new threats.

These advancements happen quickly, are complex and are often unique to each institution. Furthermore, emerging technologies, while ostensibly developed for one purpose, often have unforeseen implications on civil liberties and privacy, especially when used in an intelligence or security capacity. It is essential for an accountability body like NSIRA to keep pace with the use of developing technologies in Canada’s national security and intelligence community to ensure that the organizations it is responsible to review are discharging their mandates lawfully, reasonably and appropriately.

The vision for NSIRA’s Technology Directorate is to enhance the review landscape to incorporate an appropriate focus on the use and implementation of technology by security and intelligence agencies in Canada. By extending its reach into the practical applications of technology, and by entrusting this new focus to an in-house team of engineers, computer scientists and experienced review professionals, NSIRA will be well placed to ensure that the departments and agencies are held accountable for the decisions they make in leveraging the various aspects of emerging technology.

The development of this capacity at NSIRA will also provide a unique opportunity to build a review model that will put us on equal footing within the Five Eyes and the international review community. Without dedicated in-house technology expertise, NSIRA’s work will not stay current with contemporary national security legal and compliance risks or issues.

To that effect, NSIRA’s Technology Directorate will:

  • lead the review of IT systems and cutting-edge technical advancements;
  • conduct independent technical investigations;
  • support assigned NSIRA members in the investigation of complaints against CSIS, CSE or the RCMP requiring technological expertise to assess the evidence;
  • produce reports explaining and interpreting sophisticated technical subjects;
  • assess the risk of a reviewed entity’s IT compliance with applicable laws and policy;
  • recommend IT system and data safeguards to minimize the risk of legal non- compliance;
  • lead the integration of technology themes into yearly NSIRA review plans; and leverage external expertise in the understanding and assessment of IT risks.

Future of technology in review

In 2022, NSIRA will continue to increase the number of employees working in the Technology Directorate as it takes an increasingly active and significant role. It will also lead the first technology-focused reviews of the lifecycle of CSIS information collected by technical capabilities pursuant to a Federal Court warrant. NSIRA is also scheduled to review CSE’s SIGINT retention practices in 2023.

In terms of important considerations for ongoing reviews, NSIRA Technology Directorate has identified the following three technology-related topics as priorities for consideration:

  • dual-use technologies;
  • data warehousing, bulk data and data analytics; and
  • automated decision-making.

As Canada’s security and intelligence community continues to grow its technical collection and analytic capacity, NSIRA must develop its own expertise in technical review in tandem. Over the next year, NSIRA intends to establish domestic and international partnerships and develop working relationships with academics, civil society and commercial leaders to ensure key technological issues factor into its approaches. NSIRA’s Technology Directorate will also support the NSIRA complaint investigations team to understand where and when technology advancements could be applied to NSIRA investigations.

2.6 Review policies and processes

Method for assessing timeliness

Guidelines for assessing timeliness in reviews​​​​​​​

To ensure greater accountability and predictability, NSIRA will be using the following guidelines to assess the timeliness of reviewee responses to requests for information (RFIs) during the review process, and will comment both privately and publicly on the outcomes. Notably, NSIRA’s annual report will track timeliness each year. These guidelines provide clear, standardized expectations on this important aspect of the review process.

Standard request for information (RFI) timelines

Much of the information requested by NSIRA falls into two categories: “off-the-shelf,” readily available material, and material requiring additional work to compile. Off-the-shelf material may include items such as policy documents, ministerial directives, operational policies, legal opinions and standard operating procedures. Information that requires additional work to compile may include things such as material that requires data manipulation or explanations and material in certain specialized databases and emails. RFIs will clearly state which type of material they pertain to, and standard timelines of 15 or 30 days, respectively, will be provided for responses.

Non-standard RFI timelines

NSIRA may deem it necessary to provide longer response times for information requests, for example, when the review covers new subject matter, the request is expected to return a large amount of information or documentation, or the reviewee has other ongoing reviews or other operational considerations. Non-standard timelines are at NSIRA’s discretion and will be applied based on the judgment of the review team.

NSIRA recognizes that extraordinary factors and extenuating circumstances may affect responses to requests for information and documentation. To accommodate this, reviewees may present, with significant justification, an alternative RFI timeline to the one originally provided. This should be done on receipt and review of the request, if possible. The decision to grant an extension is made by the NSIRA review team, and other arrangements, such as providing the requested information in tranches, can be considered. Regardless, RFI’s will always have an associated response timeline attached to them. This timeline will determine whether subsequent remedial steps are required.

Remedial steps

NSIRA will implement a three-stage approach to engage reviewees when no response is received to an RFI within the associated timeline. When a deadline is missed with no satisfactory response, NSIRA will escalate its concerns progressively by sending a series of letters to the assistant deputy minister, deputy minister and, finally, the responsible minister.

The letters will be attached as an annex to the related review and will inform an overall assessment of timeliness of the reviewee in NSIRA’s public annual report. The above guidelines will also be reviewed annually and may be updated based on the outcome of their ongoing implementation to ensure they meet their objectives.

Implementation of recommendations

The key outcomes of the work flowing from NSIRA’s review mandate are typically captured and distilled in the recommendations NSIRA provides based on its findings. In most NSIRA reviews completed since its inception, NSIRA has issued recommendations to the departments and agencies under review. In turn, reviewees have provided responses to these recommendations, which may include a plan for implementation. With a little over two years since recommendations for the first NSIRA reviews were issued, NSIRA believes enough time has elapsed to begin seeing the results of the implementation of these recommendations reflected in reviewees’ activities and policies. Therefore, NSIRA will begin considering the most appropriate means to track and evaluate the implementation of the recommendations issued in past reviews.

NSIRA will discuss with agencies and departments that were reviewed how to evaluate the implementation of past recommendations. For example, if issues and challenges remain unaddressed, NSIRA may initiate follow-up reviews. NSIRA’s public annual report may also raise issues in the implementation of recommendations as needed.

Verification

As noted above, verification is a fundamental component of credible and professional independent review. NSIRA must be able to test the completeness or accuracy of information it may receive as a matter of course during every review. This component is key to NSIRA’s ability to assure its stakeholders that it has confidence in the information it receives during a review, and thereby in the findings and conclusions of the review.

During a review, NSIRA is entitled to receive all information it deems relevant, except for Cabinet confidences. This feature of the NSIRA Act is critical for the success of NSIRA’s mandate. For NSIRA to assure Parliament and Canadians that it has a high level of confidence in the information it receives, departments and agencies under review are expected to support processes that satisfy NSIRA’s requirement to independently verify the completeness and accuracy of information provided by the department or agency. For example:

  • provide NSIRA, in support of each review, an index of documents provided, and an indication as to whether any information has been altered or removed and why; and
  • include a record of how searches of information are conducted, including which search terms were used, and which databases were queried.

Reviewees should always expect an element of verification as a regular part of each review. In keeping with its commitment to transparency and methodological rigour, NSIRA reviews now contain a “confidence statement.” This statement reflects NSIRA’s ability to verify information during a review. The confidence statement also provides important additional context to the review, apprising readers of the extent to which NSIRA has been able to verify necessary or relevant information during the review, and whether its confidence was impacted as a result of this exercise. 

Complaints investigations

3.1 Overview

In the course of the year, NSIRA continued to adapt in conducting its complaints investigations by using innovative approaches. This included the use of videoconference technology for its hearings and investigative interviews, as well as finding procedural efficiencies such as proceeding with some investigations in writing. In part due to challenges inherent to the COVID-19 pandemic, NSIRA experienced delays in its investigations stemming from reduced responsiveness in accessing information and evidence. Annex E contains statistics for NSIRA’s complaints investigations in 2021.

Advancing the investigations and obtaining evidence presented issues for both NSIRA and the federal government parties to investigations that were obligated to provide information to NSIRA. In several ongoing matters, NSIRA granted adjournments and extensions of deadlines for procedural steps, including the filing of submissions and evidentiary material. In addition to pandemic-related delays, NSIRA notes that federal government parties to investigations cited other reasons for their requests for extensions of deadlines to file material, such as issues related to availability of witnesses and shortage of resources. Furthermore, NSIRA had to ask for additional information in response to incomplete initial disclosures in more than one investigation, which also created delays.

As to NSIRA’s investigation caseload in 2021, NSIRA dealt with a continued substantial increase in its inventory of cases. This increase resulted from 58 complaints referred in April 2021 to NSIRA for investigation by the Canadian Human Rights Commission, pursuant to subsection 45(2) of the Canadian Human Rights Act. This high-volume caseload has impacted NSIRA’s overall management of its cases.

NSIRA has also been focusing on strengthening its program delivery by working on strategies for the collection, analysis and use of race-based and demographic data in the context of the complaints investigation process. Working closely with its partner, the Civilian Review and Complaints Commission for the RCMP, NSIRA has been developing strategies of common interest in improving procedures to take into account considerations of diversity and inclusion. The specific objective is to improve access to justice by improving awareness and understanding of the investigation process. The intent is also to document the different racial groups among civilian complainants and determine:

  • whether there are significant racial disparities;
  • whether there are racial differences with respect to the types of complaints made against national security organization members based on different groups;
  • the frequency of complaints that include allegations of racial or other forms of bias; and
  • whether complaint investigation outcomes vary by racial group.

Looking to the year ahead, NSIRA will analyze procedural data with respect to the timelines of its investigations in order to inform the establishment of new service standards, continuing its efforts to ensure efficiency and transparency in the process. NSIRA is mindful that service standards are based on time commitments in normal circumstances. As the public health situation with respect to the COVID-19 pandemic continues to improve, NSIRA looks forward to the cooperation of federal government parties in increasing their responsiveness to advance investigations. In light of NSIRA’s objective of developing service standards, it will be adopting a measured approach to requests for adjournments and extensions of deadlines, which will be permitted in exceptional circumstances. Also for the year ahead, NSIRA will continue to improve its website to promote accessibility to and relevance of processes in the investigation of complaints.

3.2 Status of complaints investigation process reform

In 2021, NSIRA completed its investigation process reform initiative after a complex consultation with multiple stakeholders. In July 2021, NSIRA launched its new process that included the implementation of its new rules of procedure, aiming to provide greater accessibility as well as greater efficiency in NSIRA’s investigation mandate. Investigations under this new model show early signs of efficiency in that NSIRA has set timelier dates for the conduct of investigative interviews.

3.3 Investigations

Final report summaries

Investigation Concerning Allegations Against the Canadian Security Intelligence Service (1500-516)

Background​​​​​​​

The Complainant filed a complaint against the Canadian Security Intelligence Service (CSIS) regarding its involvement in different incidents with airport authorities while the Complainant was travelling.

In addition, the Complainant alleged harassment, possible interference with employment opportunities, interference with a passport application, intercepting and reviewing mail, and disrupting personal relationships.

Investigation

During the investigation, the Complainant raised several separate incidents that led to the filing of their complaint. NSIRA reviewed the evidence before it to determine whether CSIS’s actions were reasonable and proportionate in the circumstances; whether CSIS’s actions constituted harassment; and whether it had acted lawfully.

NSIRA considered the evidence given by witnesses, the documentation submitted by the parties, as well as other relevant material made available during the course of the investigation of the complaint. NSIRA also heard evidence provided by the Complainant.

With respect to one specific incident in dealing with airport authorities while travelling, NSIRA heard evidence by witnesses regarding section 8 of the Canadian Charter of Rights and Freedoms (Charter). Section 8 of the Charter provides that everyone has the right to be secure against unreasonable search and seizure.

Conclusion

With respect to all allegations, NSIRA determined that the complaint is unsupported. However, concerning events related to CSIS participating in a Canada Border Services Agency search of the Complainant’s cell phone at an airport on one occasion, NSIRA found that CSIS breached section 8 of the Charter.

NSIRA concluded that CSIS did not take the Complainant’s privacy interests casually and did not deliberately disregard privacy considerations in relation to the search. The breach of section 8 of the Charter was not egregious and constituted an error in judgment.

Reopened Investigation Concerning Allegations Against the Canadian Security Intelligence Service (1500-471)

Background

NSIRA issued a supplemental final report resulting from a reopened investigation that was concluded by its predecessor, the Security Intelligence Review Committee (SIRC).

The Complainant alleged that CSIS had violated his constitutional rights due to his race and religion as well as his refusal to work as a human source. He further alleged that CSIS agents were harassing him by stopping him in airports and following him. Lastly, the Complainant alleged that CSIS had disclosed false information to a foreign entity, which resulted in him being held for eight hours without food in a foreign country’s airport.

In SIRC’s final report, SIRC concluded that the Complainant’s allegations of discrimination and harassment were unsupported. SIRC also concluded that the actions of CSIS officials had violated section 12 of the CSIS Actministerial directions, policies and operational procedures, and that these actions resulted in adverse consequences for the Complainant.

NSIRA’s reopened investigation was strictly limited to two questions of law: (1) whether the reasonable grounds to suspect standard under section 12 of the CSIS Act must be met when CSIS makes initial inquiries of its operational holdings; and (2) whether CSIS was required to obtain an individual targeting authority against the Complainant.

Investigation

The investigation of the reopening was deemed to be continued before NSIRA pursuant to subsection 11(1) of the National Security Act. NSIRA considered the documentation submitted by the parties, including classified submissions and documents filed by CSIS. NSIRA also considered the submissions filed by the Complainant as well as any other relevant material made available during the course of the investigation of this reopening.

With respect to whether the reasonable grounds to suspect standard under section 12 of the CSIS Act must be met when CSIS makes initial inquiries of its operational holdings, CSIS conceded during the investigation that it requires reasonable grounds to suspect that activities constitute a threat to the security of Canada, as described in section 2 of the CSIS Act, to conduct such initial inquiries of its operational holdings.

On the facts of this case, NSIRA determined that SIRC had correctly found that CSIS did not possess objective facts about activities that met the requisite reasonable grounds to suspect standard.

With regard to whether CSIS was required to obtain an individual targeting authority against the Complainant, NSIRA concluded that SIRC’s findings of fact regarding the extent and manner in which CSIS investigated the Complainant would not be revisited by NSIRA. NSIRA found that SIRC’s conclusion that there is a point in the CSIS investigation where CSIS agents were specifically investigating the activities of the Complainant was unequivocal, and, therefore, it was clear that CSIS should have obtained an individual targeting authority against him, yet failed to do so.

Conclusion

NSIRA determined that SIRC’s report and the findings were affirmed.

Conclusion

In 2021, NSIRA delivered on its mandate by completing reviews on a wide array of federal departments and agencies involved in national security and intelligence activities. Similarly, despite the challenges of the COVID-19 pandemic for complaints investigation proceedings and a large increase in its workload, NSIRA adapted its methods and continued its efforts to improve its program delivery.

NSIRA aims to increase its capacity to review technology and its practical use in national security and intelligence activities. The ongoing growth in NSIRA’s staff complement will also help the organization review a greater variety of national security and intelligence activities and continue to progress in its investigation of a large number of complaints.

NSIRA remains committed to engage with non-government stakeholders. NSIRA took note of feedback on its prior annual report and will continue to aim to improve its usefulness.

Once again, NSIRA members are very grateful for the excellent work of the Secretariat staff and their dedication to the organization’s mission of promoting greater accountability in the Canadian security and intelligence community and improving the confidence of Canadians in their oversight institutions.

Share this page
Date Modified: