Language selection

Government of Canada / Gouvernement du Canada

Search


Quarterly Report: For the quarter ended June 30, 2022

Date of Publishing:

Introduction

This quarterly report has been prepared by management as required by section 65.1 of the Financial Administration Act and in the form and manner prescribed by the Directive on Accounting Standards, GC 4400 Departmental Quarterly Financial Report. This quarterly financial report should be read in conjunction with the 2022โ€“23 Main Estimates.

This quarterly report has not been subject to an external audit or review.

Mandate

The National Security and Intelligence Review Agency (NSIRA) is an independent external review body that reports to Parliament. Established in July 2019, NSIRA is responsible for conducting reviews of the Government of Canadaโ€™s national security and intelligence activities to ensure that they are lawful, reasonable and necessary. NSIRA also hears public complaints regarding key national security agencies and their activities.

A summary description NSIRAโ€™s program activities can be found in Part II of the Main Estimates. Information on NSIRAโ€™s mandate can be found on its website.

Basis of presentation

This quarterly report has been prepared by management using an expenditure basis of accounting. The accompanying Statement of Authorities includes the agencyโ€™s spending authorities granted by Parliament and those used by the agency, consistent with the 2022โ€“23 Main Estimates. This quarterly report has been prepared using a special-purpose financial reporting framework (cash basis) designed to meet financial information needs with respect to the use of spending authorities.

The authority of Parliament is required before money can be spent by the government. Approvals are given in the form of annually approved limits through appropriation acts or through legislation in the form of statutory spending authorities for specific purposes.

Highlights of the fiscal quarter and fiscal year-to-date results

This section highlights the significant items that contributed to the net increase or decrease in authorities available for the year and actual expenditures for the quarter ended June 30, 2022.

NSIRA spent approximately 12% of its authorities by the end of the first quarter, compared with 9% in the same quarter of 2021โ€“22 (see graph 1).

Graph 1: Comparison of total authorities and total net budgetary expenditures, Q1 2022โ€“23 and Q1 2021โ€“22

Graph: Variance in authorities as at June 30, 2022 - Text version follows
Comparison of total authorities and total net budgetary expenditures, Q1 2022โ€“23 and Q1 2021โ€“22
  2022-23 2021-22
Total Authorities $28.3 $30.2
Q1 Expenditures $3.3 $2.8

Significant changes to authorities

As at June 30, 2022, Parliament had approved $28.3 million in total authorities for use by NSIRA for 2022โ€“23 compared with $30.2 million as of June 30th, 2021, for a net decrease of $1.9 million or 6.3% (see graph 2).

Graph 2: Variance in authorities as at June 30, 2022

Graph: Variance in authorities as at June 30, 2022 - Text version follows
Variance in authorities as at June 30, 2022 (in millions)
  Fiscal year 2021-22 total available for use for the year ended March 31, 2022 Fiscal year 2022-23 total available for use for the year ended March 31, 2023
Vote 1 – Operating 28.5 26.5
Statutory 1.7 1.7
Total budgetary authorities 30.2 28.3

*Details may not sum to totals due to rounding*

The decrease of $1.9 million in authorities is mostly explained by a gradual reduction in NSIRAโ€™s ongoing operating funding.

Significant changes to quarter expenditures

The first quarter expenditures totaled $3.3 million for an increase of $0.5 million when compared with $2.8 million spent during the same period in 2021โ€“22. Table 1 presents budgetary expenditures by standard object.

Table 1

Variances in expenditures by standard object(in thousands of dollars) Fiscal year 2022โ€“23: expended during the quarter ended June 30, 2022 Fiscal year 2021โ€“22: expended during the quarter ended June 30, 2021     Variance $ Variance %
Personnel 2,345 2,312 33 1%
Transportation and communications 44 13 31 23*
Information 5 2 3 150%
Professional and special services 846 196 650 332%
Rentals 10 0 10
Repair and maintenance 31 8 23 288%
Utilities, materials and supplies 16 3 13 433%
Acquisition of machinery and equipment 9 216 (207) (96%)
Other subsidies and payment (2) 12 (14) (117%)
Total gross budgetary expenditures 3,304 2,762 541 20%

Transportation and communications

The increase of $31,000 relates to increased travel, as travel restrictions due to COVID-19 are no longer in place in Canada.

Professional and special services

The increase of $650,000 is explained by a change in the timing of invoicing for the maintenance and services in support of our classified IT network infrastructure.

Rentals

The increase of $10,000 is explained by rent for temporary office space and software support licenses.

Repair and maintenance

The increase of $23,000 is explained by office accommodation fit-up costs.

Utilities, materials and supplies

The increase of $13,000 is explained by the acquisition office supplies.

Acquisition of machinery and equipment

The decrease of $207,000 is explained by a one-time bulk purchase of monitors and other computer equipment made in the first quarter of 2021-22.

Other subsidies and payments

The decrease of $14,000 is explained by a reduction in emergency salary advances and payroll system overpayments. NSIRA is showing a negative balance here because of the acquisition card rebates.

Risks and uncertainties

The ability of NSIRA to access the information it needs to conduct its reviews and complaints investigations is closely tied to the capacity of the reviewed or investigated departments and agencies to respond to NSIRAโ€™s demands. While most pandemic constraints have subsided, there continues to be recruitment challenges in a tight labour market. To address this challenge, NSIRA is experimenting with hybrid workplace approaches, launching internal career development programs and focusing on onboarding practices to attract and retain talent.

NSIRA is closely monitoring pay transactions to identify and address over and under payments in a timely manner and continues to apply ongoing mitigating controls.

Mitigation measures for the risks outlined above have been identified and are factored into NSIRAโ€™s approach and timelines for the execution of its mandated activities.

Significant changes in relation to operations, personnel and programs

There have been two new Governor-in-Council appointments during the first quarter, Dr. Foluke Laosebikan and Mr. Matthew Cassar. Existing member, Mr. Craig Forcese, has been named Vice Chair of NSIRA.

There have been no changes to the NSIRA Program.

Approved by senior officials:

John Davies
Deputy Head

Pierre Souligny
Chief Financial Officer

Appendix

Statement of authorities (Unaudited)

(in thousands of dollars)

  Fiscal year 2022โ€“23 Fiscal year 2021โ€“22
  Total available for use for the year ending March 31, 2023 (note 1) Used during the quarter ended June 30, 2022 Year to date used at quarter-end Total available for use for the year ending March 31, 2022 (note 1) Used during the quarter ended June 30, 2021 Year to date used at quarter-end
Vote 1 โ€“ Net operating expenditures 26,523 2,872 2,872 28,490 2,3 5,647
Budgetary statutory authorities
Contributions to employee benefit plans 1,728 432 432 1,705 426 426
Total budgetary authorities (note 2) 28,251 3,304 3,304 30,195 2,762 2,762

Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.

Note 2: Details may not sum to totals due to rounding.

Departmental budgetary expenditures by standard object (unaudited)

(in thousands of dollars)

  Fiscal year 2022โ€“23 Fiscal year 2021โ€“22
  Planned expenditures for the year ending March 31, 2023 (note 1) Expended during the quarter ended June 30, 2022 Year to date used at quarter-end Planned expenditures for the year ending March 31, 2022 Expended during the quarter ended June 30, 2021 Year to date used at quarter-end
Expenditures
Personnel 13,245 2,345 2,345 13,222 2,312 2,312
Transportation and communications 597 44 44 673 13 13
Information 372 5 5 375 2 2
Professional and special services 3,506 846 846 5,904 196 196
Rentals 271 10 10 188 0 0
Repair and maintenance 9,722 31 31 8,737 8 8
Utilities, materials and supplies 173 16 16 103 3 3
Acquisition of machinery and equipment 232 9 9 991 216 216
Other subsidies and payments 133 (2) (2) 0 12 12
Total gross budgetary expenditures
(note 2)
28,251 3,304 3,304 30,195 2,762 2,762

Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.

Note 2: Details may not sum to totals due to rounding.

Share this page
Date Modified:

Quarterly Report: For the quarter ended December 31, 2021

Date of Publishing:

Introduction

This quarterly report has been prepared by management as required by section 65.1 of the Financial Administration Act and in the form and manner prescribed by the Directive on Accounting Standards, GC 4400 Departmental Quarterly Financial Report. This quarterly financial report should be read in conjunction with the 2021โ€“22 Main Estimates.

This quarterly report has not been subject to an external audit or review.

Mandate

The National Security and Intelligence Review Agency (NSIRA) is an independent external review body that reports to Parliament. Established in July 2019, NSIRA is responsible for conducting reviews of the Government of Canadaโ€™s national security and intelligence activities to ensure that they are lawful, reasonable and necessary. NSIRA also hears public complaints regarding key national security agencies and their activities.

A summary description NSIRAโ€™s program activities can be found in Part II of the Main Estimates. Information on NSIRAโ€™s mandate can be found on its website.

Basis of presentation

This quarterly report has been prepared by management using an expenditure basis of accounting. The accompanying Statement of Authorities includes the agencyโ€™s spending authorities granted by Parliament and those used by the agency, consistent with the 2021โ€“22 Main Estimates. This quarterly report has been prepared using a special-purpose financial reporting framework (cash basis) designed to meet financial information needs with respect to the use of spending authorities.

The authority of Parliament is required before money can be spent by the government. Approvals are given in the form of annually approved limits through appropriation acts or through legislation in the form of statutory spending authorities for specific purposes.

Highlights of the fiscal quarter and fiscal year-to-date results

This section highlights the significant items that contributed to the net increase or decrease in authorities available for the year and actual expenditures for the quarter ended December 31, 2021.

NSIRA spent approximately 33% of its authorities by the end of the third quarter, compared with 28% in the same quarter of 2020โ€“21 (see graph 1).

Graph 1: Comparison of total authorities and total net budgetary expenditures, Q3 2021โ€“22 and Q3 2020โ€“21

Graph: Comparison of total authorities and total net budgetary expenditures - Text version follows
Comparison of total authorities and total net budgetary expenditures, Q3 2021โ€“22 and Q3 2020โ€“21
  2021-22 2020-21
Total Authorities $31.3 $24.0
Q3 Expenditures $3.7 $2.7
Year-to-Date Expenditures $10.2 $6.6

Significant changes to authorities

As at December 31, 2021, Parliament had approved $31.3 million in total authorities for use by NSIRA for 2021โ€“22 compared with $24.0 million as of December 31, 2020, for a net increase of $7.3 million or 30.4% (see graph 2).

Graph 2: Variance in authorities as at December 31, 2021

Graph: Variance in authorities as at December 31, 2021 - Text version follows
Variance in authorities as at December 31, 2021 (in millions)
  Fiscal year 2020-21 total available for use for the year ended March 31, 2021 Fiscal year 2021-22 total available for use for the year ended March 31, 2022
Vote 1 – Operating $22.6 $29.6
Statutory $1.4 $1.7
Total budgetary authorities $24.0 $31.3

The increase of $7.3 million in authorities is mostly explained by the ramp-up of approved funding for the mandate of NSIRA and the approval of a funding re-profile into fiscal year 2021โ€“22 for accommodation and infrastructure projects.

Significant changes to quarter expenditures

The third quarter expenditures totaled $3.7 million for an increase of $1.0 million when compared with $2.7 million spent during the same period in 2020โ€“21. Table 1 presents budgetary expenditures by standard object.

Table 1

Variances in expenditures by standard object (in thousands of dollars) Fiscal year 2021-22: expended during the quarter ended December 31, 2021 Fiscal year 2020-21: expended during the quarter ended December 31, 2020 Variance $ Variance %
Personnel 2,654 1,732 922 53%
Transportation and communications 93 19 74 389%
Information 24 37 (13) (35%)
Professional and special services 404 389 15 4%
Rentals 64 41 23 56%
Repair and maintenance 398 189 209 111%
Utilities, materials and supplies 13 21 (8) (38%)
Acquisition of machinery and equipment 72 258 (185) (72%)
Other subsidies and payment (22) (13) (9) 69%
Total gross budgetary expenditures 3,700 2,671 1,029 39%

Details may not sum to totals due to rounding

Personnel

The increase of $922,000 relates to additional staffing to support NSIRAโ€™s mandate.

Transportation and communications

The increase of $74,000 relates to new internet connections as part of the office accommodation fit-up costs.

Repair and maintenance

The increase of $209,000 is explained by office accommodation fit-up costs.

Acquisition of machinery and equipment

The decrease of $185,000 is mainly explained by capital costs not needed in 2021โ€“22 because they were ramp-up and pandemic-related expenditures in 2020โ€“21: buying furniture acquisitions, redesigning office space to accommodate more employees, and equipping NSRIA personnel to work from home.

Significant changes to year-to-date expenditures

The year-to-date expenditures totaled $10.2 million for an increase of $3.6 million (54%) when compared with $6.6 million spent during the same period in 2020โ€“21. Table 2 presents budgetary expenditures by standard object.

Table 2

Variances in expenditures by standard object(in thousands of dollars) Fiscal year 2021-22: expended during the quarter ended December 31, 2021 Fiscal year 2020-21: expended during the quarter ended December 31, 2020 Variance $ Variance %
Personnel 7,407 5,072 2,335 46%
Transportation and communications 130 37 93 251%
Information 41 78 (37) (47%)
Professional and special services 1,440 731 709 97%
Rentals 81 104 (23) (22%)
Repair and maintenance 611 247 364 147%
Utilities, materials and supplies 25 28 (3) (11%)
Acquisition of machinery and equipment 446 300 146 49%
Other subsidies and payment 18 28 (10) (36%)
Total gross budgetary expenditures 10,199 6,626 3,573 54%

Details may not sum to totals due to rounding

Personnel

The increase of $2,335,000 relates to additional staffing to support NSIRAโ€™s mandate.

Transportation and communications

The increase of $93,000 is mainly explained by the installation of new internet connections as part of the office accommodation fit-up costs, and some relocation and travel expenses.

Professional and special services

The increase of $709,000 is mainly due to information technology support services by the Communications Security Establishment and an increased use of procurement advisory services.

Repair and maintenance

The increase of $364,000 is explained by office accommodation fit-up costs.

Acquisition of machinery and equipment

The increase of $146,000 is mainly explained by informatics equipment acquisitions.

Risks and uncertainties

The ability of NSIRA to access the information it needs to conduct its reviews and complaints investigations is closely tied to the capacity of the reviewed or investigated departments and agencies to respond to NSIRAโ€™s demands. The pandemic continues to hinder the agencyโ€™s ability to conduct classified work in the workplace. When combined with existing resource constraints of the reviewed departments and agencies, the conduct of reviews continues to be delayed.

NSIRA is closely monitoring pay transactions to identify and address over and under payments in a timely manner and continues to apply ongoing mitigating controls.

Mitigation measures for the risks outlined above have been identified and are factored into NSIRAโ€™s approach and timelines for the execution of its mandated activities.

Significant changes in relation to operations, personnel and programs

There have been no new Governor-in-Council appointments during the third quarter.

There have been no changes to the NSIRA Program.

Approved by senior officials:

John Davies
Deputy Head

Pierre Souligny
Chief Financial Officer

Appendix

Statement of authorities (Unaudited)

(in thousands of dollars)

  Fiscal year 2022–23 Fiscal year 2021–22
  Total available for use for the year ending March 31, 2022 (note 1) Used during the quarter ended December 31, 2021 Year to date used at quarter-end Total available for use for the year ending March 31, 2021 (note 1) Used during the quarter ended December 31, 2020 Year to date used at quarter-end
Vote 1 – Net operating expenditures 29,615 3,274 8,921 22,565 2,300 5,513
Budgetary statutory authorities
Contributions to employee benefit plans 1,705 426 1,278 1,484 371 1,113
Total budgetary authorities (note 2) 31,319 3,700 10,199 24,049 2,671 6,626

Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.

Note 2: Details may not sum to totals due to rounding.

Departmental budgetary expenditures by standard object (unaudited)

(in thousands of dollars)

  Fiscal year 2021–22 Fiscal year 2020–21
  Planned expenditures for the year ending March 31, 2022 (note 1) Expended during the quarter ended December 31, 2021 Year to date used at quarter-end Planned expenditures for the year ending March 31, 2021 Expended during the quarter ended December 30, 2020 Year to date used at quarter-end
Expenditures
Personnel 13,222 2,654 7,407 11,510 1,732 5,072
Transportation and communications 673 93 130 1,162 19 37
Information 375 24 41 364 37 78
Professional and special services 7,029 404 1,440 3,250 389 731
Rentals 188 64 81 237 41 104
Repair and maintenance 8,737 398 611 6,681 189 247
Utilities, materials and supplies 103 13 25 173 21 28
Acquisition of machinery and equipment 991 72 446 393 257 300
Other subsidies and payments 0 (22) 18 278 (13) 28
Total gross budgetary expenditures
(note 2)
31,319 3,700 10,199 24,049 2,671 6,626

Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.

Note 2: Details may not sum to totals due to rounding.

Share this page
Date Modified:

Departmental Plan: 2022-2023

Meta data information

Cat. Number: PS106-6E-PDF
ISSN: 2563-0334

ยฉ Her Majesty the Queen in Right of Canada, 2020

Date of Publishing:

From the Executive Director

I am pleased to present the National Security and Intelligence Review Agency (NSIRA) 2022โ€“23 Departmental Plan. This report outlines our planned activities, priorities and targeted outcomes for the 2022โ€“23 fiscal year.

Over the past two years, NSIRA has focused on ensuring a successful and efficient transition to a much larger organization with a much broader mandate, while working on standardization and modernizing the processes that underpin our work. The agency has also increased its size and strengthened its technical and subject matter expertise.

In 2022โ€“23, we will be implementing NSIRAโ€™s renewed three-year review plan, which continues to emphasize reviews of increasing scale and complexity as we become familiar with the operations of departments and agencies that have only recently become subject to review. This includes reviewing activities taken under authorities granted by the National Security Act, 2017, and those that are technology- and data-collectionโ€“centric.

In the upcoming year, we will continue implementing our new process launched in 2021 for taking in and investigating complaints from members of the public. NSIRA consulted multiple key stakeholders in shaping this new process, which aims to provide greater accessibility and greater timeliness to our complaints investigation function.

As we continue to scale up our operations in 2022โ€“2023, our priority will remain the health and safety of our staff. Some of our planned initiatives include expanding to a second site, recruiting staff across all business lines, and supporting staff and NSIRA members. Moreover, while building on our successes and pursuing ambitious organizational goals, we will maintain our focus on diversity and inclusion in the workplace, including developing an employment equity strategy.

I would like to thank the staff and members of NSIRA. They are dedicated, resilient and committed to excellence. I look forward to continuing to work with them to develop and grow the NSIRA of the future.

John Davies
Executive Director

Plans at a glance

Over the coming year, NSIRA will continue its ambitious review agenda. This will include:

  • mandatory reviews related to the Canadian Security Intelligence Service (CSIS), the Communications Security Establishment (CSE), the Security of Canada Information Disclosure Act and Governor in Council directions under the Avoiding Complicity in Mistreatment by Foreign Entities Act;
  • reviews of activities undertaken under the new authorities granted to government institutions under the National Security Act, 2017; and
  • reviews of activities where technology and the collection of data are central features.

NSIRA will also continue to expand its knowledge of departments and agencies not previously subject to expert review, including through the conduct of interagency reviews.

After an extensive consultation exercise with key stakeholders and the development of new rules of procedures in 2021, NSIRA will also focus on implementing its new model for investigating complaints. Our goal is to enhance access to justice for complainants and to ensure that NSIRA investigates complaints in a timely manner.

Employee health and well-being are key to the agencyโ€™s success. In that regard, NSIRA will continue to take steps to protect the physical and mental health of its employees and help address stresses caused by the pandemic. NSIRA will focus on the implementation of initiatives aimed at improving workplace and employee well-being as well as meeting federal public service objectives for employment equity, diversity and inclusion.

For more information on NSIRAโ€™s plans, see the โ€œCore responsibilities: planned results and resources, and key risksโ€ section of this plan.

Core responsibilities: planned results and resources, and key risks

This section contains information on the departmentโ€™s planned results and resources for each of its core responsibilities. It also contains information on key risks related to achieving those results.

National Security and Intelligence Reviews and Complaints Investigations

Description

NSIRA reviews Government of Canada national security and intelligence activities to assess whether they are lawful, reasonable and necessary. It investigates complaints from members of the public regarding activities of CSIS, CSE or the national security activities of the Royal Canadian Mounted Police (RCMP), as well as certain other national security-related complaints. This independent scrutiny contributes to the strengthening of the framework of accountability for national security and intelligence activities undertaken by Government of Canada institutions and supports public confidence in this regard.

Planning highlights

Reviews

In support of this outcome, NSIRA will continue to implement an ambitious review agenda in 2022โ€“23. It will review the activities of CSIS and CSE to provide responsible ministers and the Canadian public with an informed assessment of these activities, including their lawfulness, reasonableness and necessity. NSIRA will also build on the knowledge it has acquired of departments and agencies, such as the RCMP, the Canada Border Services Agency, Immigration, Refugees and Citizenship Canada, and the Department of National Defence and Canadian Armed Forces. Using that knowledge, NSIRA will ensure these organizationsโ€™ national security or intelligence activities are independently reviewed. NSIRA is committed to transcending the silos that have characterized national security review , and will โ€œfollow the threadโ€ of an activity between agencies to ensure its assessments reflect the complex and interwoven approach Canada takes to national security.

NSIRA is committed to ensuring its review agenda remains responsive and topical. In 2022โ€“23, in order to inform the upcoming review of the National Security Act, 2017, NSIRA will focus on the review of activities performed under authorities that were granted by virtue of this legislation. For CSIS, these include the collection and use of datasets, and the implementation of a framework for justifying activities that contravene the law that are carried out by designated employees under specific circumstances in the context of their duties and functions. For CSE, this will include the conduct of active and defensive cyber operations. Other NSIRA reviews that will contribute information in this regard are the annual reviews of the Security of Canada Information Disclosure Act, of the Governor in Council directions under the Avoiding Complicity in Mistreatment by Foreign Entities Act, and of the use of measures by CSIS to reduce threats to the security of Canada.

NSIRA will continue to expand its knowledge of national security institutions by undertaking reviews in the areas of terrorist financing, foreign interference and cybersecurity. The agency will fully utilize its authorities to follow the thread of information across multiple organizations by undertaking reviews on CSIS-CSE collaboration, the efforts of both CSIS and the RCMP to address threats posed by ideologically motivated violent extremists, and the use of human sources by various departments and agencies.

Finally, NSIRA will focus on select reviews where the review of technology and data flows are central, including the collection and use of open-source intelligence at the Department of National Defence, the lifecycle of information collected under warrant by CSIS, and the retention practices of signals intelligence by CSE. NSIRA will be leveraging both internal and external technology expertise in conducting these reviews.

Outreach and collaboration

NSIRA will continue to engage with community stakeholders to understand their concerns surrounding national security and intelligence activities. NSIRA will also continue to proactively publish unclassified versions of its reports throughout the year, as well as information on its plans and processes. The annual report will continue to summarize NSIRAโ€™s review findings and recommendations in context, situating these elements within a broader discussion of key trends and challenges NSIRA has observed over the year. NSIRA will finish a full update of its review process and procedures, and work with reviewed entities in applying them to all reviews that are starting or in early stages.

In 2022โ€“23, NSIRA will continue to draw on the close relationships it has established with the National Security and Intelligence Committee of Parliamentarians and the Office of the Privacy Commissioner. The agency will coordinate its activities to ensure review is efficient and comprehensive, and avoids unnecessary duplication of effort.

NSIRA is also developing close ties to its international equivalents. It will continue its participation in the Five Eyes Intelligence Oversight and Review Council (FIORC) that brings together review agency representatives from Canada, the United States, Australia, New Zealand and the United Kingdom. NSIRA will participate in the FIORC annual conference in the fall of 2022. In addition, NSIRA will participate in FIORC working groups, which aim to meet regularly at the working level to discuss topics of common interest, such as the impacts of new technology, the investigation of complaints from the public and access to information in the possession of reviewed departments. NSIRA also intends to renew its efforts to foster new collaborative relationships with other international review bodies.

Complaints investigations

In 2022โ€“23, NSIRA will also strengthen institutionsโ€™ accountability and enhance public confidence by ensuring consistency, quality and timeliness in investigating national securityโ€“related complaints. The independent investigation of complaints plays a critical role in maintaining public confidence in Canadaโ€™s national security institutions. In 2022โ€“23, NSIRA will continue to offer an informal resolution process to complement the investigative process to respond to complaints. NSIRA will apply its new rules of procedure to promote accessibility, timeliness and efficiency in the investigation of complaints. Finally, NSIRA will establish new service standards for the investigation of complaints.

Gender-based analysis plus

In 2022โ€“23, NSIRAโ€™s Diversity, Inclusion and Employment Equity Advisory Committee will examine and provide advice on its internal policies, programs and procedures, as well as its external service delivery model through the lens of inclusion, diversity and equity.

From a program delivery perspective, NSIRA is working closely with its partner, the Civilian Review and Complaints Commission for the RCMP, to develop strategies for the collection, analysis and use of race-based and demographic data in the context of the complaints process. The objectives of this initiative are to improve access to justice by improving awareness and understanding of the investigation process. The intent is also to document the different racial groups among civilian complainants and determine:

  • whether there are significant racial disparities;
  • whether there are racial differences with respect to the types of complaints made against national security agency members based on different groups;
  • the frequency of complaints that include allegations of racial or other forms of bias;
  • whether complaint investigation outcomes vary by racial group; and
  • whether civilian satisfaction with NSIRAโ€™s investigation process also varies by racial group.

NSIRAโ€™s program of planned and ongoing reviews also takes into account the potential for national security and intelligence activities to result in disparate outcomes for minority groups. Ongoing reviews of the Canada Border Services Agencyโ€™s targeting practices, as well as the use of biometrics in a national security and intelligence context, include specific considerations of the impacts of these activities on diverse communities.

From a corporate perspective, the Diversity, Inclusion and Employment Equity Advisory Committee will also continue to engage with NSIRAโ€™s personnel on issues related to systemic discrimination and racism through seminars and learning events. The intent is to continue to create an environment in which all employees feel comfortable and will not shy away from participating in discussions on issues related to anti-racism, diversity and inclusion.

As well, NSIRA is developing a self-identification process for its employees that will allow it to shape its staffing and employment equity strategies to increase representation and to ensure it reflects the diversity of the Canadian public, which it serves.

Experimentation

Given the functions and responsibilities of NSIRA, the organization does not engage in experimentation activities.

Key risks

NSIRAโ€™s ability to access the information it needs to do its work and speak to the relevant stakeholders to understand policies, operations and ongoing issues is closely tied to the capacity of the organizations being reviewed to respond to NSIRAโ€™s demands. The resource constraints of those organizations might continue to be compounded next year by disruptions stemming from the COVID-19 pandemic. This presents a risk of hindering NSIRAโ€™s ability to deliver on its mandate in a timely way. NSIRA is mitigating this risk by ensuring clear communication about information requests and by setting review priorities.

The physical distancing precautions established by the COVID-19 pandemic will likely continue to be needed in 2022โ€“23. While NSIRA invested in technology and adapted and expanded its office space to accommodate these requirements, the pandemic may still affect NSIRAโ€™s ability to deliver on its mandate in a timely way and limit the frequency and type of outreach NSIRA can accomplish. The agency will continue to innovate and adapt to conduct its operations and, as necessary, engage virtually with stakeholders, departments and agencies.

Planned results for National Security and Intelligence Activity Reviews and Complaints Investigations

The following table shows, for National Security and Intelligence Activity Reviews and Complaints Investigations, the planned results, the result indicators, the targets and the target dates for 2022โ€“23, and the actual results for the three most recent fiscal years for which actual results are available.

Departmental results Departmental result indicator Target Date to achieve target 2018โ€“19 actual result 2019โ€“20 actual result 2020โ€“21 actual result
Note: Because NSIRA was created on July 12, 2019, there is no comparative information to provide for 2018โ€“19. Actual results for 2019โ€“20 are not available as the new Departmental Results Framework in the changeover from the Security Intelligence Review Committee to NSIRA was being developed. This new framework is for measuring and reporting on results achieved starting in 2021โ€“22, thus no actual results can be reported for 2020โ€“21 either.
Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary All mandatory reviews are completed on an annual basis 100% completion of mandatory reviews December 2022 Not applicable (N/A) N/A N/A
Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year At least one national security or intelligence activity is reviewed in at least five departments or agencies annually December 2022 N/A N/A N/A
All Member-approved high priority national security or intelligence activities are reviewed over a three- year period 100% completion over three years; at least 33% completed each year December 2022 N/A N/A N/A
National security-related complaints are independently investigated in a timely manner Percentage of investigations completed within NSIRA service standards 90% March 2023 N/A N/A N/A

Financial, human resources and performance information for NSIRA’s program inventory is available in the GC InfoBase.

Planned budgetary financial resources for assisting the National Security and Intelligence Review Agency

2022โ€“23 budgetary spending (as indicated in Main Estimates) 2022โ€“23 planned spending 2023โ€“24 planned spending 2024โ€“25 planned spending
10,756,818 10,756,818 10,757,687 10,757,687

Financial, human resources and performance information for NSIRA’s program inventory is available in the GC InfoBase.

Planned human resources for assisting the National Security and Intelligence Review Agency

2022โ€“23 planned full-time equivalents 2023โ€“24 planned full-time equivalents 2024โ€“25 planned full-time equivalents
69.0 69.0 69.0

Financial, human resources and performance information for NSIRA’s program inventory is available in the GC InfoBase.

Internal Services: planned results

Description

Internal services are the services that are provided within a department so that it can meet its corporate obligations and deliver its programs. There are 10 categories of internal services:

  • Management and Oversight Services
  • Communications Services
  • Legal Services
  • Human Resources Management Services
  • Financial Management Services
  • Information Management Services
  • Information Technology Services
  • Real Property Management Services
  • Materiel Management Services
  • Acquisition Management Services

Planning highlights

As it enters a third full year of operation, NSIRA will continue to take steps to ensure resources are deployed in the most effective and efficient manner possible and that its operational and administrative structures, tools and processes will continue to focus on supporting the delivery of its priorities.

NSIRAโ€™s employees are the backbone of its operations. Because their health and well-being are key to the agencyโ€™s success, several initiatives geared toward improving workplace health and employee well-being will be an ongoing priority.

In an effort to attract and retain talent, NSIRA will further initiatives aimed at articulating NSIRAโ€™s vision, values, culture and brand. The agency will work with employees to establish a hybrid workplace framework and talent/career management programs.

NSIRA has identified and publicly shared an action plan aimed at supporting the federal public service objectives for employment equity, diversity and inclusion. In 2022โ€“23, the agency will accelerate its efforts on this front.

If not further delayed by the pandemic, NSIRA aims to complete its accommodation, infrastructure and systems investments in 2022โ€“23 and initiate self-assessments of its compliance with central agenciesโ€™ policies and directives.

Planned budgetary financial resources for Internal Services

2022โ€“23 budgetary spending (as indicated in Main Estimates) 2022โ€“23 planned spending 2023โ€“24 planned spending 2024โ€“25 planned spending
17,493,858 17,493,858 7,701,336 7,701,042

Planned human resources for Internal Services

2022โ€“23 planned full-time equivalents 2023โ€“24 planned full-time equivalents 2024โ€“25 planned full-time equivalents
31.0 31.0 31.0

Planned spending and human resources

This section provides an overview of the departmentโ€™s planned spending and human resources for the next three fiscal years and compares planned spending for 2022โ€“23 with actual spending for the current year and the previous year.

Planned spending

Departmental spending 2019โ€“20 to 2024โ€“24

The following graph presents planned (voted and statutory) spending over time.

Departmental spending trend graph
  2019โ€“20 2020โ€“21 2021โ€“22 2022โ€“23 2023โ€“24 2024โ€“25
Statutory 371,057 962,186 1,295,290 1,727,668 1,727,668 1,727,668
Voted 5,254,250 11,289,189 19,137,337 26,523,008 16,731,355 16,731,061
Total 5,625,250 12,251,375 20,432,627 28,250,676 18,435,987 18,458,729

Fiscal years 2019โ€“20 and 2020โ€“21 show actual expenditures as reported in the Public Accounts, while 2021โ€“2022 presents the forecast for the current fiscal year. Fiscal years 2022โ€“23 to 2024โ€“25 present planned spending.

The 2020โ€“21 spending of $12.2 million increased by $6.6 million (118%), compared to 2019โ€“20. The increase is due to the fact that NSIRA was created in July 2019, which resulted in the actual expenditures for fiscal year 2019โ€“20 reflecting only a partial year of spending. Forecast spending in 2021โ€“22 is higher than 2020โ€“21 spending by $8.2 million (67%), primarily due to growth in personnel and limited investments in accommodation, infrastructure and systems.

Spending is expected to increase by $7.8 million (38%) in 2022โ€“23 compared to 2021โ€“22. This planned increase is mainly due to a re-profile of funding to align to the conduct of projects delayed by the pandemic. Spending is expected to decrease by $9.8 million (35%) in 2023โ€“24, mainly due to the expected completion of the office expansion project in 2022โ€“23. Spending is expected to remain relatively unchanged in 2024โ€“25 from 2023โ€“4.

Budgetary planning summary for core responsibilities and Internal Services (dollars)

The following table shows information on spending for each of NSIRAโ€™s core responsibilities and for its internal services for 2022โ€“23 and other relevant fiscal years.

Core responsibilities and Internal Services 2019โ€“20 actual expenditures 2020โ€“21 actual expenditures 2021โ€“22 forecast spending 2022โ€“23 budgetary spending (as indicated in Main Estimates) 2022โ€“23 planned spending 2023โ€“24 planned spending 2024โ€“25 planned spending
National Security and Intelligence Reviews and Complaints Investigations 3,009,066 5,607,796 8,074,229 10,756,818 10,756,818 10,757,687 10,757,687
Subtotal 3,009,066 5,607,796 8,074,229 10,756,818 10,756,818 10,757,687 10,757,687
Internal Services 2,616,241 6,643,579 12,358,398 17,493,858 17,493,858 7,701,336 7,701,042
Total 5,625,307 12,251,375 20,432,627 28,250,676 28,250,676 18,459,023 18,458,729

As NSIRA was created on July 12, 2019, the numbers for 2019โ€“20 are for the reporting period of July 12, 2019, to March 31, 2020.

Planned human resources

The following table shows information on human resources, in full-time equivalents, for each of NSIRAโ€™s core responsibilities and for its internal services for 2022โ€“23 and the other relevant years.

Human resources planning summary for core responsibilities and Internal Services

Core responsibilities and Internal Services 2019โ€“20 Actual full-time equivalents 2020โ€“21 Actual full-time equivalents 2021โ€“22 Forecast full-time equivalents 2022โ€“23 Planned full-time equivalents 2023โ€“24 Planned full-time equivalents 2024โ€“25 Planned full-time equivalents
National Security and Intelligence Reviews and Complaints Investigations 17.5 37.8 53.3 69.0 69.0 69.0
Subtotal 17.5 37.8 53.3 69.0 69.0 69.0
Internal Services 11.2 21.7 25.9 31.0 31.0 31.0
Total 28.7 59.5 79.2 100.0 100.0 100.0

Over the course of 2019โ€“20, funding for an additional 26 FTEs was received to account for NSIRA’s expanded mandate. It is expected that NSIRA will be at full capacity by the close of 2021โ€“22 to fulfil its new mandate.

Estimates by vote

Information on NSIRAโ€™s organizational appropriations is available in the 2022โ€“23 Main Estimates.

Condensed future-oriented statement of operations

The future-oriented condensed statement of operations provides an overview of NSIRAโ€™s operations for 2021โ€“22 to 2022โ€“23.

The forecast and planned amounts in this statement of operations were prepared on an accrual basis. The forecast and planned amounts presented in other sections of the Departmental Plan were prepared on an expenditure basis. Amounts may therefore differ.

A more detailed future-oriented statement of operations and associated notes, including a reconciliation of the net cost of operations with the requested authorities, are available on NSIRAโ€™s website.

Future-oriented Condensed statement of operations for the year ending March 31, 2022 (dollars)

Financial information 2021โ€“22 Forecast results 2022โ€“23 Planned results Difference (2022โ€“23 planned results minus 2021โ€“22 Forecast results)
Total expenses 21,850,048 28,625,397 6,775,349
Total revenues
Net cost of operations before government funding and transfers 21,850,048 28,625,397 6,775,349

The difference between the 2022โ€“23 planned results and 2021โ€“22 forecast results is mostly explained by planned accommodation, infrastructure and systems project costs.

Corporate Information

Organizational profile

Appropriate minister: The Right Honourable Justin Trudeau, Prime Minister of Canada
Institutional head: John Davies, Executive Director
Ministerial portfolio: Privy Council Office
Enabling instrument: National Security and Intelligence Review Agency Act
Year of incorporation / commencement: 2019

Raison d’รชtre, mandate and role: who we are and what we do

“Raison d’รชtre, mandate and role: who we are and what we do” is available on NSIRA‘s website.

Operating context

Information on the operating context is available on NSIRAโ€™s website.

Reporting framework

NSIRAโ€™s Departmental Results Framework, with accompanying results and indicators, is under development. Additional information on key performance measures will be included in the 2021- 22 Departmental Plan.

Graph: Reporting Framework - Text version follows
Core Responsibility: National Security and Intelligence Reviews and Complaints Investigations
Departmental Results Framework Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary Indicator: All mandatory reviews are completed on an annual basis Internal Services
Indicator: Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year
Indicator: All Member-approved high priority national security or intelligence activities are reviewed over a three-year period
National security-related complaints are independently investigated in a timely manner Indicator: Percentage of investigations completed within NSIRA service standards
Program Inventory Program: National security and intelligence activity reviews and complaints investigations

The changeover of the Security Intelligence Review Committee (SIRC) to NSIRA required significant changes to the Departmental Results Framework, expected results and indicators. With NSIRA’s broader mandate, these changes now provide a framework for measuring and reporting on results achieved starting in 2021โ€“22 and beyond.

Changes to the approved reporting framework since 2020-21

Structure 2020-21 2021-22 Change Reason for change
Total expenses Investigations of Canadian Security Intelligence Service’s (CSIS’s) operational activities National Security and Intelligence Reviews and Complaints Investigations New Core responsibility New Departmental Results Framework
Programs Review of CSIS’s operations National security and intelligence activity reviews and complaints investigations New Program New Departmental Results Framework
Investigation of complaints against CSIS

Supporting information on the program inventory

Supporting information on planned expenditures, human resources, and results related to NSIRAโ€™s program inventory is available in the GC InfoBase.

Supplementary information tables

The following supplementary information tables are available on NSIRA‘s website.

  • Gender-based analysis plus

Federal tax expenditures

NSIRAโ€™s Departmental Plan does not include information on tax expenditures.

Tax expenditures are the responsibility of the Minister of Finance. The Department of Finance Canada publishes cost estimates and projections for governmentยญโ€‘wide tax expenditures each year in the Report on Federal Tax Expenditures. This report provides detailed information on tax expenditures, including objectives, historical background and references to related federal spending programs, as well as evaluations, research papers and gender-based analysis plus.

Organizational contact information

National Security and Intelligence Review Agency
P.O. Box 2430, Station “D” Ottawa, Ontario
K1P 5W5

Telephone: The phone number is temporarily disabled
Fax: The fax number is temporarily disabled.
Email: info@nsira-ossnr.gc.ca
Website: www.nsira-ossnr.gc.ca

Appendix: definitions

appropriation (crรฉdit)

Any authority of Parliament to pay money out of the Consolidated Revenue Fund.

budgetary expenditures (dรฉpenses budgรฉtaires)

Operating and capital expenditures; transfer payments to other levels of government, organizations or individuals; and payments to Crown corporations.

core responsibility (responsabilitรฉ essentielle)

An enduring function or role performed by a department. The intentions of the department with respect to a core responsibility are reflected in one or more related departmental results that the department seeks to contribute to or influence.

Departmental Plan (plan ministรฉriel)

A report on the plans and expected performance of an appropriated department over a 3โ€‘year period. Departmental Plans are usually tabled in Parliament each spring.

departmental priority (prioritรฉ)

A plan or project that a department has chosen to focus and report on during the planning period. Priorities represent the things that are most important or what must be done first to support the achievement of the desired departmental results.

departmental result (rรฉsultat ministรฉriel)

A consequence or outcome that a department seeks to achieve. A departmental result is often outside departmentsโ€™ immediate control, but it should be influenced by program-level outcomes.

departmental result indicator (indicateur de rรฉsultat ministรฉriel)

A quantitative measure of progress on a departmental result.

departmental results framework (cadre ministรฉriel des rรฉsultats)

A framework that connects the departmentโ€™s core responsibilities to its departmental results and departmental result indicators.

Departmental Results Report (rapport sur les rรฉsultats ministรฉriels)

A report on a departmentโ€™s actual accomplishments against the plans, priorities and expected results set out in the corresponding Departmental Plan.

experimentation (expรฉrimentation)

The conducting of activities that seek to first explore, then test and compare the effects and impacts of policies and interventions in order to inform evidence-based decision-making, and improve outcomes for Canadians, by learning what works, for whom and in what circumstances. Experimentation is related to, but distinct from innovation (the trying of new things), because it involves a rigorous comparison of results. For example, using a new website to communicate with Canadians can be an innovation; systematically testing the new website against existing outreach tools or an old website to see which one leads to more engagement, is experimentation.

fullโ€‘time equivalent (รฉquivalent temps plein)

A measure of the extent to which an employee represents a full personโ€‘year charge against a departmental budget. For a particular position, the fullโ€‘time equivalent figure is the ratio of number of hours the person actually works divided by the standard number of hours set out in the personโ€™s collective agreement.

gender-based analysis plus (GBA Plus) (analyse comparative entre les sexes plus [ACS Plus])

An analytical process used to assess how diverse groups of women, men and gender-diverse people experience policies, programs and services based on multiple factors including race ethnicity, religion, age, and mental or physical disability.

government-wide priorities (prioritรฉs pangouvernementales)

For the purpose of the 2020โ€“21 Departmental Results Report, those high-level themes outlining the governmentโ€™s agenda in the 2019 Speech from the Throne, namely: Fighting climate change; Strengthening the Middle Class; Walking the road of reconciliation; Keeping Canadians safe and healthy; and Positioning Canada for success in an uncertain world.

horizontal initiative (initiative horizontale)

An initiative where two or more federal organizations are given funding to pursue a shared outcome, often linked to a government priority.

nonโ€‘budgetary expenditures (dรฉpenses non budgรฉtaires)

Net outlays and receipts related to loans, investments and advances, which change the composition of the financial assets of the Government of Canada.

performance (rendement)

What an organization did with its resources to achieve its results, how well those results compare to what the organization intended to achieve, and how well lessons learned have been identified.

performance indicator (indicateur de rendement)

A qualitative or quantitative means of measuring an output or outcome, with the intention of gauging the performance of an organization, program, policy or initiative respecting expected results.

performance reporting (production de rapports sur le rendement)

The process of communicating evidenceโ€‘based performance information. Performance reporting supports decision making, accountability and transparency.

plan (plan)

The articulation of strategic choices, which provides information on how an organization intends to achieve its priorities and associated results. Generally, a plan will explain the logic behind the strategies chosen and tend to focus on actions that lead to the expected result.

planned spending (dรฉpenses prรฉvues)

For Departmental Plans and Departmental Results Reports, planned spending refers to those amounts presented in Main Estimates.

A department is expected to be aware of the authorities that it has sought and received. The determination of planned spending is a departmental responsibility, and departments must be able to defend the expenditure and accrual numbers presented in their Departmental Plans and Departmental Results Reports.

program (programme)

Individual or groups of services, activities or combinations thereof that are managed together within the department and focus on a specific set of outputs, outcomes or service levels.

program inventory (rรฉpertoire des programmes)

Identifies all the departmentโ€™s programs and describes how resources are organized to contribute to the departmentโ€™s core responsibilities and results.

result (rรฉsultat)

A consequence attributed, in part, to an organization, policy, program or initiative. Results are not within the control of a single organization, policy, program or initiative; instead they are within the area of the organizationโ€™s influence.

statutory expenditures (dรฉpenses lรฉgislatives)

Expenditures that Parliament has approved through legislation other than appropriation acts. The legislation sets out the purpose of the expenditures and the terms and conditions under which they may be made.

target (cible)

A measurable performance or success level that an organization, program or initiative plans to achieve within a specified time period. Targets can be either quantitative or qualitative.

voted expenditures (dรฉpenses votรฉes)

Expenditures that Parliament approves annually through an appropriation act. The vote wording becomes the governing conditions under which these expenditures may be made.

Share this page
Date Modified:

Financial Statements: NSIRA 2020โ€“21

Date of Publishing:

Statement of Management Responsibility Including Internal Control over Financial Reporting

Responsibility for the integrity and objectivity of the accompanying financial statements for the year ended March 31, 2021, and all information contained in these financial statements rests with the management of the National Security and Intelligence Review Agency (NSIRA). These financial statements have been prepared by management using the Government of Canadaโ€™s accounting policies, which are based on Canadian public sector accounting standards.

Management is responsible for the integrity and objectivity of the information in these financial statements. Some of the information in the financial statements is based on managementโ€™s best estimates and judgment, and gives due consideration to materiality. To fulfill its accounting and reporting responsibilities, management maintains a set of accounts that provides a centralized record of NSIRAโ€™s financial transactions. Financial information submitted in the preparation of the Public Accounts of Canada, and included in NSIRAโ€™s Departmental Results Report, is consistent with these financial statements.

Management is also responsible for maintaining an effective system of internal control over financial reporting (ICFR) designed to provide reasonable assurance that financial information is reliable, that assets are safeguarded and that transactions are properly authorized and recorded in accordance with the Financial Administration Act and other applicable legislation, regulations, authorities and policies.

Management seeks to ensure the objectivity and integrity of data in its financial statements through careful selection, training and development of qualified staff; through organizational arrangements that provide appropriate divisions of responsibility; through communication programs aimed at ensuring that regulations, policies, standards, and managerial authorities are understood throughout the NSIRA and through conducting an annual risk-based assessment of the effectiveness of the system of ICFR.

The system of ICFR is designed to mitigate risks to a reasonable level based on an ongoing process to identify key risks, to assess effectiveness of associated key controls, and to make any necessary adjustments.

A risk-based assessment of the system of ICFR for the year ended March 31, 2021 was completed in accordance with the Treasury Board Policy on Financial Management and the results and action plans are summarized in the Annex.

The financial statements of the National Security Intelligence Review Agency have not been audited.

John Davies
Deputy Head

Pierre Souligny
Chief Financial Officer

Ottawa, Canada
December 10, 2021

Statement of Financial Position (Unaudited)

As of March 31 (in thousands of dollars)

  2021 For the Period July 12, 2019 through March 31, 2020
Liabilities
Accounts payable and accrued liabilities (Note 5) 1,519 1,560
Vacation pay and compensatory leave 215 323
Employee future benefits (Note 6b) 316 146
Total liabilities 2,050 2,029
Financial assets
Due from Consolidated Revenue Fund 946 1,536
Accounts receivable and advances (Note 7) 632 90
Total net financial assets 1,578 1,626
Departmental net debt 472 403
Non-financial assets
Prepaid expenses 92 109
Tangible capital assets (Note 8) 2,149 967
Total non-financial assets 2,241 1,076
Departmental net financial position 1,769 673

Contractual obligations (note 9)

The accompanying notes form an integral part of these financial statements.

John Davies
Deputy Head

Pierre Souligny
Chief Financial Officer

Ottawa, Canada
December 10, 2021

Statement of Operations and Departmental Net Financial Position (Unaudited)

For the Year Ended March 31 (in thousands of dollars)

  Planned Results 2021 2021 For the period July 12, 2019 through March 31, 2020
Expenses
Assist the National Security Intelligence Review Agency 12,056 5,769 3,671
Internal Service 13,724 5,893 2,659
Total expenses 25,780 11,662 6,330
Net cost from continuing operations 25,780 11,662 6,330
Net cost of operations before government funding and transfers 25,780 11,662 6,330
Government funding and transfers
Net cash provided by Government of Canada   12,401 3,919
Change in due from Consolidated Revenue Fund   (590) 1,536
Services provided without charge by other government departments (Note 10a)   1,007 611
Transfer of overpayments   (60)
Transfer of assets and liabilities from other government departments   937
Net cost of operations after government funding and transfers   (1,096) (673)
Departmental net financial position โ€“ Beginning of year   673
Departmental net financial position โ€“ End of year   1,769 673

Segmented information (note 11)

The accompanying notes form an integral part of these financial statements.

Statement of Change in Departmental Net Debt (Unaudited)

For the Year Ended March 31 (in thousands of dollars)

  2021 For the period July 12, 2019 through March 31, 2020
Net cost of operations after government funding and transfers (1,096) (673)
Change due to tangible capital assets
Acquisition of tangible capital assets 1,353 14
Amortization of tangible capital assets (171)
Transfer of tangible capital asset to/from other government department 953
Total change due to tangible capital assets 1,182 967
Change due to prepaid expenses (17) 109
Net increase (decrease) in departmental net debt 69 403
Departmental net debt โ€“ Beginning of year 403
Departmental net debt โ€“ End of year 472 403

The accompanying notes form an integral part of these financial statements.

Statement of Cash Flows (Unaudited)

For the Year Ended March 31 (in thousands of dollars)

  2021 For the Period July 12, 2019 through March 31, 2020
Operating activities
Net cost of operations before government funding and transfers 11,662 6,330
Non-cash items:
Amortization of tangible capital assets (171)
Transfer of tangible capital assets to/from other government department 953
Services provided without charge by other government departments (Note 9a) (1,007) (611)
Transfer of overpayments 60
Variations in Statement of Financial Position:
Increase (decrease) in accounts receivable and advances 542 90
Increase (decrease) in prepaid expenses (17) 109
Decrease (increase) in accounts payable and accrued liabilities 41 (1,560)
Decrease (increase) in vacation pay and compensatory leave 108 (323)
Decrease (increase) in future employee benefits (170) (146)
Transfer of liabilities to other government departments (937)
Cash used in operating activities 11,048 3,905
Capital ingesting activities
Acquisitions of tangible capital assets (Note 8) 1,353 14
Cash used in capital investing activities 1,353 14
Net cash provided by Government of Canada 12,401 3,919

The accompanying notes form an integral part of these financial statements.

Notes to the Financial Statements (Unaudited)

1. Authority and objectives

On July 12, 2019 Bill C-59 enacted the National Security and Intelligence Review Agency Act (NSIRA Act), and repealed the provisions of the Canadian Security Intelligence Service Act (CSIS Act) which governed the activities of Security Intelligence Review Committee (SIRC). The National Security Intelligence Review Agency (NSIRA) has a statutory mandate to review the activities of the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), as well as the national security and intelligence activities of all other federal departments and agencies. To fulfill its review mandate, NSIRA has unfettered access to classified information other than Cabinet confidences. In addition, NSIRA inherited the complaints investigation functions of the SIRC, which was responsible for hearing complaints from members of the public regarding the actions of CSIS, as well as those related to the revocation or denial of security clearances. Going forward, it will also hear complaints regarding the CSE, as well as national security-related complaints regarding the Royal Canadian Mounted Police (RCMP).

To achieve its strategic outcome and deliver results for Canadians, NSIRA articulates its plans and priorities based on the core responsibility and program inventory included below:

Assist the NSIRA

Support the Conduct of Reviews and Investigations, and the Development of Reports

The secretariat will assist NSIRA members in fulfilling the agencyโ€™s mandate. The Secretariat will conduct a range of activities to support the agency, including accessing relevant information and providing strategic and expert advice in the conduct of reviews, quasi-judicial investigation of complaints and the development of reports. It will also provide administrative support in arranging for briefings, hearings and consultations with stakeholders and international counterparts, and support to ensure compliance with security requirements.

Internal Services

Internal support services are groups of related activities and resources that are administered to support the needs of programs and other corporate obligations of an organization. These groups are: Management and Oversight Services; Communications Services; Legal Services; Human Resources Management Services; Financial Management Services; Information Management Services; Information Technology Services; Real Property Services; Materiel Services; Acquisition Services; and Other Administrative Services. Internal Services include only those activities and resources that apply across an organization and not to those provided specifically to a program.

2. Comparative Information

The comparative information (2019-20) included in these financial statements represent the partial year results of operations for the period July 12, 2019 through March 31, 2021, and the financial position of the NSIRA as at March 31, 2020, including all transferred assets and liabilities.

3. Summary of significant accounting policies

These financial statements are prepared using NSIRAโ€™s accounting policies stated below, which are based on Canadian public sector accounting standards. The presentation and results using the stated accounting policies do not result in any significant differences from Canadian public sector accounting standards.

Significant accounting policies are as follows:

(a) Parliamentary authorities

NSIRA is financed by the Government of Canada through Parliamentary authorities. Financial reporting of authorities provided to NSIRA do not parallel financial reporting according to generally accepted accounting principles since authorities are primarily based on cash flow requirements. Consequently, items recognized in the Statement of Operations and Departmental Net Financial Position and in the Statement of Financial Position are not necessarily the same as those provided through authorities from Parliament. Note 4 provides a reconciliation between the bases of reporting. The planned results amounts in the โ€Expensesโ€ and โ€Revenuesโ€ sections of the Statement of Operations and Departmental Net Financial Position are the amounts reported in the Future-Oriented Statement of Operations included in the 2020-2021 Departmental Plan. The planned results amounts in the โ€œGovernment funding and transfersโ€ section of the Statement of Operations and Departmental Net Financial Position and in the Statement of Change in Departmental Net Debt were prepared for internal management purposes and have not been previously published.

(b) Net cash provided by Government of Canada

NSIRA operates within the Consolidated Revenue Fund (CRF), which is administered by the Receiver General for Canada. All cash received by NSIRA is deposited to the CRF, and all cash disbursements made by NSIRA are paid from the CRF. The net cash provided by Government is the difference between all cash receipts and all cash disbursements, including transactions between departments of the Government.

(c) Amounts due from or to the CRF

Amounts due from or to the CRF are the result of timing differences at year-end between when a transaction affects authorities and when it is processed through the CRF. Amounts due from the CRF represent the net amount of cash that NSIRA is entitled to draw from the CRF without further authorities to discharge its liabilities.

(d) Expenses

  • Vacation pay and compensatory leave are accrued as the benefits are earned by employees under their respective terms of employment.
  • Services provided without charge by other government departments for accommodation, employer contributions to the health and dental insurance plans and workersโ€™ compensation are recorded as operating expenses at their carrying value.

(e) Employee future benefits

  • Pension benefits: Eligible employees participate in the Public Service Pension Plan, a pension plan administered by the Government. NSIRAโ€™s contributions to the Plan are charged to expenses in the year incurred and represent the total departmental obligation to the Plan. NSIRAโ€™s responsibility with regard to the Plan is limited to its contributions. Actuarial surpluses or deficiencies are recognized in the financial statements of the Government of Canada, as the Planโ€™s sponsor.
  • Severance benefits: The accumulation of severance benefits for voluntary departures ceased for applicable employee groups. The remaining obligation for employees who did not withdraw benefits is calculated using information derived from the results of the actuarially determined liability for employee severance benefits for the Government as a whole.

(f) Accounts receivable

Accounts receivable are initially recorded at cost and when necessary, an allowance for valuation is recorded to reduce the carrying value of accounts receivable to amounts that approximate their net recoverable value.

(g) Non-financial assets

All tangible capital assets having an initial cost of $5,000 or more are recorded at their acquisition cost. Tangible capital assets do not include immovable assets located on reserves as defined in the Indian Act, works of art, museum collection and Crown land to which no acquisition cost is attributable; and intangible assets.

Inventories are valued at cost and are comprised of spare parts and supplies held for future program delivery and are not primarily intended for resale. Inventories that no longer have service potential are valued at the lower of cost or net realizable value.

(h) Measurement uncertainty

The preparation of these financial statements requires management to make estimates and assumptions that affect the reported and disclosed amounts of assets, liabilities, revenues and expenses reported in the financial statements and accompanying notes at March 31. The estimates are based on facts and circumstances, historical experience, general economic conditions and reflect the Governmentโ€™s best estimate of the related amount at the end of the reporting period. The most significant items where estimates are used are contingent liabilities, the liability for employee future benefits and the useful life of tangible capital assets. Actual results could significantly differ from those estimated. Managementโ€™s estimates are reviewed periodically and, as adjustments become necessary, they are recorded in the financial statements in the year they become known.

4. Parliamentary authorities

NSIRA receives most of its funding through annual Parliamentary authorities. Items recognized in the Statement of Operations and Departmental Net Financial Position and the Statement of Financial Position in one year may be funded through Parliamentary authorities in prior, current or future years. Accordingly, NSIRA has different net results of operations for the year on a government funding basis than on an accrual accounting basis. The differences are reconciled in the following tables:

(a) Reconciliation of net cost of operations to current year authorities used

(in thousands of dollars)

  2021 For the Period July 12, 2019 to March 31, 2020
Net cost of operations before government funding and transfers 11,662 6,330
Adjustments for items affecting net cost of operations but not affecting authorities:
Amortization of tangible capital assets (171)
Services provided without charge by other government departments (1,007) (611)
Increase / (decrease) in vacation pay and compensatory leave (108) (76)
Increase / (decrease) in employee future benefits (170) (72)
Refund of prior years’ expenditures 481 (1)
Total items affecting net cost of operations but not affecting authorities (759) (760)
Adjustments for items not affecting net cost of operations but affecting authorities
Acquisition of tangible capital assets 1,353 14
Amortization of tangible capital assets (17) 28
Accounts receivable and advances 12 13
Total items not affecting net cost of operations but affecting authorities 1,348 55
Current year authorities used 12,251 5,625

(b) Authorities provided and used

(in thousands of dollars)

  2021 For the Period July 12, 2019 to March 31, 2020
Authorities provided:
Vote 1 – Operating expenditures 22,592 22,468
Statutory amounts 962 371
Less:
Lapsed: Operating (11,303) (17,214)
Current year authorities used 12,251 5,625

5. Accounts payable and accrued liabilities

The following table presents details of NSIRAโ€™s accounts payable and accrued liabilities.

  2021 For the Period July 12, 2019 to March 31, 2020
Authorities provided:
Accounts payable – Other government departments and agencies 444 306
Accounts payable – External parties 1,075 (8)
Accounts payable and accrued liabilities transferred in from other government department 1,262
Total accounts payable 1,519 1,560
Total accounts payable and accrued liabilities 1,519 1,560

6. Employee future benefits

(a) Pension benefits

NSIRAโ€™s employees participate in the Public Service Pension Plan (the โ€Planโ€), which is sponsored and administered by the Government of Canada. Pension benefits accrue up to a maximum period of 35 years at a rate of two percent per year of pensionable service, times the average of the best five consecutive years of earnings. The benefits are integrated with Canada/Quรฉbec Pension Plan benefits and they are indexed to inflation.

Both the employees and the Agency contribute to the cost of the Plan. Due to the amendment of the Public Service Superannuation Act following the implementation of provisions related to Economic Action Plan 2012, employee contributors have been divided into two groups โ€“ Group 1 related to existing plan members as of December 31, 2012 and Group 2 relates to members joining the Plan as of January 1, 2013. Each group has a distinct contribution rate.

The 2020-21 expense amounts to $877,610 ($325,594 in 2019-20). For Group 1 members, the expense represents approximately 1.01 times (1.01 times in 2019-20) the employee contributions and, for Group 2 members, approximately 1.00 times (1.00 times in 2019-20) the employee contributions.

NSIRAโ€™s responsibility with regard to the Plan is limited to its contributions. Actuarial surpluses or deficiencies are recognized in the Consolidated Financial Statements of the Government of Canada, as the Planโ€™s sponsor.

(b) Severance benefits

Severance benefits provided to NSIRAโ€™s employees were previously based on an employeeโ€™s eligibility, years of service and salary at termination of employment. However, since 2011 the accumulation of severance benefits for voluntary departures progressively ceased for substantially all employees. Employees subject to these changes were given the option to be paid the full or partial value of benefits earned to date or collect the full or remaining value of benefits upon departure from the public service. By March 31, 2018, substantially all settlements for immediate cash out were completed. Severance benefits are unfunded and, consequently, the outstanding obligation will be paid from future authorities.

The changes in the obligations during the year were as follows:

(in thousands of dollars)

  2021 For the Period July 12, 2019 to March 31, 2020
Accrued benefit obligation – Beginning of year 146
Accrued benefit obligation transferred in from other government department 74
Expense for the year 170 72
Accrued benefit obligation – End of year 316 146

7. Accounts receivable and advances

The following table presents details of NSIRAโ€™s accounts receivable and advances balances:

  2021 For the Period July 12, 2019 to March 31, 2020
Receivables – Other government departments and agencies 581 (21)
Receivables – External parties 51 11
Employee advances 2
Accounts receivable and advances transferred in from other government department 98
Net accounts receivable 632 90

8. Tangible capital assets

Amortization of tangible capital assets is done on a straight-line basis over the estimated useful life of the asset as follows:

Asset Class Amortization Period
Informatics hardware 3 to 10 years
Other equipment 3 to 30 years

(in thousands of dollars)

  Cost Accumulated Amortization Net Book Value
Capital Asset Class Opening Balance Acquisitions Adjustments (1) Disposal and Write- Offs Closing Balance Opening Balance Amortization Adjustments (1) Disposals and Write- Offs Closing Balance 2021 For the period July 12, 2019 to March 31, 2020
Informatics hardware 279 279 120 69 189 90 159
Other equipment 1,012 84 1,096 205 102 307 789 808
Assets under construction 1,269 1 1,270 1,270
Total 1,291 1,353 1 2,645 325 171 496 2,149 967

9. Contractual obligations

The nature of NSIRAโ€™s activities may result in some large multi-year contracts and obligations whereby NSIRA will be obligated to make future payments in order to carry out its programs or when the services/goods are received. Significant contractual obligations that can be reasonably estimated are summarized as follows:

  2022 2023 2024 2025 2026 2027 and subsequent Total
Professional and special services 1,019 462 1,481
Information 88 88
Repair and maintenance 6,195 6,195
Rental 117 117
Transportation and communications 111 111
Aquisition of machinery and equipment 376 376
Total 7,906 462 8,368

NSIRA is related as a result of common ownership to all government departments, agencies, and Crown Corporations. Related parties also include individuals who are members of key management personnel or close family members of those individuals, and entities controlled by, or under shared control of, a member of key management personnel or a close family member of that individual. NSIRA enters into transactions with these entities in the normal course of business and on normal trade terms.

During the year, NSIRA received common services which were obtained without charge from other government departments as disclosed below.

(a) Common services provided without charge by other government departments

During the year, NSIRA received services without charge from certain common service organizations, related to accommodation, the employerโ€™s contribution to the health and dental insurance plans and workersโ€™ compensation coverage. These services provided without charge have been recorded at the carrying value in NSIRAโ€™s Statement of Operations and Departmental Net Financial Position as follows:

(in thousands of dollars)

  2021 For the Period July 12, 2019 t0 March 31, 2020
Accommodation 451 316
Employer’s contribution to the health and dental insurance plans 556 295
Total 1,007 611

The Government has centralized some of its administrative activities for efficiency, cost-effectiveness purposes and economic delivery of programs to the public. As a result, the Government uses central agencies and common service organizations so that one department performs services for all other departments and agencies without charge. The costs of these services, such as the payroll and cheque issuance services provided by Public Services and Procurement Canada are not included in NSIRAโ€™s Statement of Operations and Departmental Net Financial Position. The costs of information technology infrastructure services provided by Shared Services Canada, following the transfer of responsibilities in November 2011 are also not included in NSIRAโ€™s Statement of Operations and Departmental Net Financial Position.

(b) Other transactions with other government departments and agencies

  2021 For the Period July 12, 2019 to March 31, 2020
Expenses 5,595 2,325

11. Segmented information

Presentation by segment is based on NSIRAโ€™s Departmental Results Framework. The presentation by segment is based on the same accounting policies as described in the Summary of significant accounting policies in note 3. The following table presents the expenses incurred and revenues generated for the main program alignments, by major object of expense and by major type of revenue. The segment results for the period are as follows:

  Assist the NSIRA Internal Services 2021 For the period July 12, 2019 to March 31, 2020
Expenses
Salaries and employee benefits 5,380 2,614 7,994 3,996
Professional and special services 302 1,543 1,845 1,361
Accommodation 451 451 316
Transportation and communications 15 73 88 225
Information 109 82 192 78
Acquisition of machinery and equipment 694 694 73
Repair and maintenance (49) 1,307 1,258 115
Amortization of tangible capital assets 171 171
Rental 152 152 51
Utilities, materials and supplies 2 6 8 40
Other 10 (1,201) (1,191) 75
Total expenses 5,769 5,893 11,662 6,330
Net cost from continuing operations 5,769 5,893 11,662 6,330

Annex to the Statement of Management Responsibility Including Internal Control over Financial Reporting for Fiscal Year 2021-22 (unaudited)

1. Introduction

This document provides summary information on measures taken by the National Security Intelligence Review Agency (NSIRA) to maintain an effective system of internal control over financial reporting (ICFR) including information on internal control management, assessment results and related action plans.

Detailed information on NSIRA authority, mandate, and programs can be found in our Departmental Plan and Departmental Results Report.

2. Departmental system of internal control over financial reporting

2.1  Internal Control Management

NSIRA recognizes the importance of setting the tone from the top to help ensure that staff at all levels understand their roles in maintaining effective financial systems of ICFR and are well equipped to exercise these responsibilities effectively. NSIRAโ€™s financial transactions can be processed within the financial system by both NSIRA and the Privy Council Office (PCO), in accordance with a Memorandum of Understanding (MOU), and are subject to the same control framework and monitoring activities undertaken at PCO.

NSIRA relies on PCO control measures to a large extent, but also recognizes the importance of ensuring that it implements its own complementary measures. To this end, NSIRA ensures that all managers with financial delegation have completed the appropriate training course prior to exercising their delegation. NSIRA has implemented a rigourous governance and accountability structure to support the oversight of its system of internal control, which includes:

  • Values and ethics framework;
  • Organizational accountability structures as they relate to internal control management to support sound financial management including roles and responsibilities for senior managers in their areas of responsibility;
  • Evidence of effective planning and reporting activities which includes multiple financial reviews and regular financial reporting to all managers including senior management;
  • Integrated risk management and on-going quality assurance and monitoring activities;
  • On-going communication and training on statutory requirements, policies, and procedures for sound financial management and control; and
  • Monitoring and regular updates as needed on internal control management plus assessment results and action.

2.2  Service Arrangements relevant to financial statements

NSIRA relies on other organizations for the processing of certain transactions that are recorded in its financial statements, and relies on these service providers to ensure an adequate system of ICFR is maintained over services provided to NSIRA.

Common Arrangements:
  • Public Services and Procurement Canada, which administers the payment of salaries and the procurement of goods and services, and provides accommodation services
  • Shared Services Canada, which provides IT infrastructure services
  • Treasury Board of Canada Secretariat, which provides information on public service insurance and centrally administers payment of the employerโ€™s share of contributions toward statutory employee benefit plans
Specific Arrangements:
  • As aforementioned, NSIRAโ€™s financial transactions are processed within the financial system by both NSIRA and the Privy Council Office (PCO), in accordance with a Memorandum of Understanding (MOU), and are subject to the same control framework and monitoring activities undertaken at PCO.

3. Departmental assessments results during fiscal year 2021-22

Progress during the 2021-22 fiscal year

NSIRAโ€™s management team has maintained a financial system and an internal control mechanism that ensures that financial information is understandable, relevant, reliable and comparable in concert with the Privy Council Officeโ€™s support as per our MOU.  Progress is disclosed in the Annex of PCOโ€™s Statement of Management Responsibility.

New or significantly amended key controls

NSIRA relies on the system of internal control implemented at PCO for the above noted business processes.  New or significantly modified internal controls are disclosed in the Annex of PCOโ€™s statement of management responsibility.

On-going monitoring program

NSIRAโ€™s monitoring program for the above noted business processes leverages PCOโ€™s rotational on-going monitoring plan disclosed in the Annex of PCOโ€™s statement of management responsibility.

4. Departmental action plan

4.1  Progress during fiscal year 2020-21

We understand our responsibility in terms of appropriate financial comptrollership and communication with the public, and we will continue to ensure that financial controls and a rigorous reporting process continue to be in place going forward. Action plans are disclosed in the Annex of PCOโ€™s Statement of Management Responsibility.

Share this page
Date Modified:

National Security and Intelligence Review Agency Annual Report 2020

Backgrounder

NSIRAโ€™s 2020 Annual Report focuses on review and investigation work carried out during our first full year of operation. In 2020, NSIRA completed reviews covering the national security and intelligence activities of departments and agencies across Canadaโ€™s federal government.

This report highlights key findings and recommendations, as well as our efforts to standardize and modernize our review processes. The report also discusses our new approach to information verification in reviews (our โ€œtrust but verifyโ€ approach) as well as NSIRAโ€™s review plan for the coming years. Review highlights include:

  • CSIS threat reduction measures (TRM) and intelligence-sharing activities;
  • CSE activities, notably the disclosure of Canadian identifying information (CII) to Government of Canada departments, ministerial authorizations (MAs) and ministerial orders (MOs) under the CSE Act, and CSEโ€™s signals intelligence (SIGINT) data retention policies and procedures;
  • DND/CAF counter-intelligence gathering activities;
  • A review of a GAC program; and,
  • Two cross-departmental reviews with respect to the Avoiding Complicity in Mistreatment by Foreign Entities Act and disclosures of information under the Security of Canada Information Disclosure Act.

NSIRAโ€™s mandate includes the investigation of complaints related to national security made by members of the public. In 2020, we completed one investigation and modernized our complaints investigation model to ensure efficiency and transparency. Two priorities guided the modernization of the process, namely, access to justice for self-represented complainants and the creation of streamlined and less formal procedural steps. This was achieved through the creation of new Rules of Procedure as well as the implementation of our new declassified, de-personalized policy on final investigations reports.

NSIRAโ€™s 2020 Annual Report also discusses our organizationโ€™s underlining goals and values, and highlights how the organization grew in size and capacity throughout the 2020, as it continued efforts to enhance its technical and subject matter expertise.

Date of Publishing:

Dear Prime Minister,

On behalf of the National Security and Intelligence Review Agency, it is my pleasure to present you with our second annual report. Consistent with subsection 38(1) of the National Security and Intelligence Review Agency Act, the report includes information about our activities in 2020, as well as our findings and recommendations.

In accordance with paragraph 52(1)(b) of the National Security and Intelligence Review Agency Act, our report was prepared after consultation with the deputy heads concerned in an effort to ensure that it does not contain information the disclosure of which would be injurious to national security, national defence or international relations, or is information that is subject to solicitorclient privilege, the professional secrecy of advocates and notaries or to litigation privilege.

Yours sincerely,

The Honourable Marie Deschamps, C.C.

Chair // National Security and Intelligence Review Agency

Message from the members

The National Security and Intelligence Review Agency (NSIRA) began operating in 2019 as a new independent accountability mechanism in Canada. Our broad review and investigations mandate covers the national security and intelligence activities of departments and agencies across the federal government. In our first annual report, released in 2020, we discussed our initial activities from our inception in July 2019 to December 2019.

We are pleased to now present our second annual report, covering our activities in our first full year of operation. In 2020, we completed numerous reviews and investigations, engaged with stakeholders in the national security and intelligence community, including our international counterparts, launched an ambitious review plan for the coming years, initiated a comprehensive reform of our complaints investigation process, developed a uniform approach to information verification in reviews (our โ€œtrust but verifyโ€ approach), began standardizing our review processes, and made strides in formalizing efforts to coordinate and collaborate with various partner organizations. NSIRAโ€™s Secretariat also continued to grow steadily in size, expertise, and administrative, technical, and substantive capacity. We achieved all of this within the considerable constraints presented by the COVID-19 pandemic.

We are committed to transparency and public engagement, striving to keep Canadians informed about national security and intelligence activities, and ensure our plans reflect the priorities of all Canadians. Our annual report is one way among many of achieving this. We also aim to achieve this through regularly engaging with stakeholders, members of diverse communities, and parallel review bodies internationally, including those that comprise the Five Eyes Intelligence Oversight and Review Council (FIORC). We are likewise committed, and have began to, releasing public versions of our reports as they are completed (our โ€œwrite for releaseโ€ initiative), and to provide timely updates via our website and social media platforms.

After the release of our inaugural annual report, we sought and received feedback from academic and community stakeholders. As a result of these consultations, we have reorganized how we present some of the material in our 2020 annual report. In particular, we have grouped our review summaries, including any findings and recommendations, according to the institutions to which they pertain. We also discuss the outcomes and themes of interagency reviews. As well, this report sets out a framework for more robust statistical reporting on certain aspects of the activities of the Canadian Security Intelligence Service and the Communications Security Establishment activities, to enable year-to-year comparisons.

The pandemic delayed our plans and progress on reviews, investigations, and corporate initiatives in 2020, as was the case for many industries and sectors around the world. As of writing, our staff has begun to have more regular access to our offices and to the classified material critical to our work. More frequent and sustained access will help us conduct our work in a more timely and efficient manner. We look forward to carrying out an ambitious agenda in the year ahead.

We wish to extend our sincere thanks to our NSIRA staff for their dedication and diligence over the past challenging year, and for their continued efforts to build a strong organization.

Marie Deschamps
Craig Forcese
Ian Holloway
Faisal Mirza
Marie-Lucie Morin

Executive Summary

The National Security and Intelligence Review Agency (NSIRA) marked its first full year in operation in 2020. With the agencyโ€™s broad jurisdiction under the National Security and Intelligence Review Agency Act (NSIRA Act), it reviewed and investigated national security and intelligence matters relating to not only the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), but also several federal departments and agencies, including:

  • the Department of National Defence (DND) and the Canadian Armed Forces (CAF);
  • Global Affairs Canada (GAC);
  • the Royal Canadian Mounted Police (RCMP);
  • Immigration, Refugees and Citizenship Canada (IRCC);
  • the Canada Border Services Agency (CBSA);
  • Transport Canada;
  • the Public Health Agency of Canada; and,
  • all departments and agencies engaging in national security and intelligence activities in the context of NSIRAโ€™s yearly reviews of the Security of Canada Information Disclosure Act and the Avoiding Complicity in Mistreatment by Foreign Entities Act.

The agency also focused on standardizing and modernizing the processes that govern the two main functions under NSIRAโ€™s mandateโ€”reviews and investigationsโ€”to ensure that our processes are robust, clear, and transparent.

The year 2020 also saw the organization grow in size and capacity, as it continues efforts to enhance its technical and subject-matter expertise.

Review highlights

Canadian Security Intelligence Service

Over the course of 2020, NSIRA completed two reviews that strengthened its knowledge of important areas of CSIS activity:

  • The review of CSISโ€™s threat reduction measures (TRM) found that CSIS met its obligations under ministerial direction. However, in a limited number of cases, CSISโ€™s TRMs were not โ€œreasonable and proportional.โ€
  • The review of CSIS and RCMP intelligence-sharing through the lens of an ongoing investigation shed light on an important unresolved issue in Canadaโ€™s national security framework: the limitations on the use of CSIS intelligence to support RCMP criminal investigations, also known as the โ€œintelligence-to-evidenceโ€ dilemma.

Communications Security Establishment

NSIRA completed three reviews of CSE activities in 2020, including of:

  • CSEโ€™s disclosure of Canadian identifying information (CII) to Government of Canada (GC) departments, which found that 28% of requests for disclosure were insufficiently justified to warrant the release of CII;
  • ministerial authorizations (MAs) and ministerial orders (MOs) under the CSE Act, which allow CSE to engage in activities that would otherwise be unlawful, to support its mandate; and
  • CSEโ€™s signals intelligence (SIGINT) data retention policies and procedures, to better understand the SIGINT lifecycle management process and compliance with legal data retention limits and related government and internal policies.

Department of National Defence and the Canadian Armed Forces

In 2020, NSIRA completed a review of DND/CAF, which examined how the Canadian Forces National Counter-Intelligence Unit (CFNCIU) conducted its counter-intelligence gathering activitiesโ€”focusing particularly on how the unitโ€™s activities corresponded with legal and governance frameworks.

Global Affairs Canada

In 2020, NSIRA completed its first dedicated review of Global Affairs Canada (GAC) focusing on one of its programs.

Other departmental reviews

NSIRA also began reviews regarding a specialized RCMP intelligence unit, to better understand the national security role and responsibilities of Immigration, Refugees and Citizenship Canada, and a review of air passenger targeting at the Canada Border Services Agency.

Cross departmental reviews

NSIRA conducted two mandated cross-departmental reviews in 2020:

  • a review of directions issued with respect to the Avoiding Complicity in Mistreatment by Foreign Entities Act; and
  • a review of disclosures of information under the Security of Canada Information Disclosure Act (SCIDA); and

NSIRA also began another cross-departmental review in 2020:

  • a review to map the collection and use of biometrics across the federal government in security and intelligence activities.

Investigation highlights:

In 2020, NSIRA reformed and modernized its complaints process to promote efficiency and transparency. Two priorities guided this process of modernization, namely, promoting access to justice for self-represented complainants, and putting in place more streamlined and less formal procedural steps.

As part of this reform process, NSIRA created new Rules of Procedures, completing an extensive consultation exercise with stakeholders in the public and private sectors to ensure the most effective and considered final product. The new rules have come into force on July 19, 2021.

NSIRA also developed a new policy statement in 2020 that commits to publishing redacted and de-personalized investigation reports to promote and enhance transparency in its investigations.

Introduction

1.1 Who we are

Established in July 2019, the National Security and Intelligence Review Agency (NSIRA) is an independent agency that reports to Parliament. Prior to NSIRAโ€™s creation, several gaps existed in Canadaโ€™s national security accountability framework. Notably, NSIRAโ€™s predecessor review bodies did not have the ability to collaborate or share their classified information, but were each limited to conducting reviews for a specified department or agency.

By contrast, NSIRA has the authority to review all Government of Canada national security and intelligence activities in an integrated manner. As noted in the 2019 annual report, with NSIRAโ€™s expanded role, Canada now has one of the worldโ€™s most extensive systems for independent review of national security in the world.

1.2 Mandate

NSIRA has a dual mandate to conduct reviews and investigations on Canadaโ€™s national security and intelligence activities. Annex B contains a financial and administrative overview of NSIRA.

Reviews

NSIRAโ€™s review mandate is broad, as outlined in subsection 8(1) of the National Security and Intelligence Review Agency Act (NSIRA Act).2 This mandate includes reviewing the activities of both the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), as well as the national security- or intelligence-related activities of any other federal department or agency. This includes, but is not limited to, the national security or intelligence activities of the Royal Canadian Mounted Police (RCMP), the Canada Border Services Agency, the Department of National Defence (DND) and Canadian Armed Forces (CAF), Global Affairs Canada, and the Department of Justice. Further, NSIRA reviews any national security or intelligence matters that a minister of the Crown refers to NSIRA. Annex C describes NSIRAโ€™s review framework.

NSIRAโ€™s reviews assess whether Canadaโ€™s national security and intelligence activities comply with relevant laws and ministerial directions, and whether they are reasonable and necessary. In conducting its reviews, NSIRA can make any findings or recommendations it considers appropriate.

Reviews of CSIS and CSE will always remain a core part of NSIRAโ€™s efforts, since the entire focus of these organizations is to address national security and intelligence matters. Unlike its predecessor review bodies, however, NSIRA has an all- encompassing review mandate. NSIRA will also continue to prioritize and examine how other departments engaging in national security and intelligence activities meet their obligations. NSIRAโ€™s reviews help keep Parliament and Canadians informed about the lawfulness and reasonableness of Canadaโ€™s national security and intelligence activities.

Investigations

In addition to its review mandate, NSIRA is responsible for investigating national security- or intelligence-related complaints. This duty is outlined in paragraph 8(1)(d) of the NSIRA Act, and involves investigating complaints about:

  • the activities of CSIS or CSE;
  • decisions to deny or revoke certain federal government security clearances; and,
  • ministerial reports under the Citizenship Act that recommend denying certain citizenship applications.

This mandate also includes investigating national security-related complaints referred to NSIRA by the Civilian Review and Complaints Commission for the RCMP (the RCMPโ€™s own complaints mechanism)3 and the Canadian Human Rights Commission.

1.3 Annual Reports to Parliament

Each calendar year, NSIRA has a statutory obligation to submit to the Prime Minister a report on its activities in the preceding year, along with its findings and recommendations.

2019 Annual Report

NSIRAโ€™s first annual report (2019 Annual Report) covered the six-month period from July 2019 when NSIRA was established, through to the end of 2019. In that report, the agency discussed the reviews and investigations that it had either completed or launched in 2019, with the accompanying findings and recommendations. It also published the results of reviews that had not yet been made public by its predecessor organizations, the Security Intelligence Review Committee (SIRC) and the Office of the Communications Security Establishment Commissioner (OCSEC).

The 2019 Annual Report also presented NSIRAโ€™s review findings through a novel framework called the โ€œinformation continuum.โ€ Given the agencyโ€™s comprehensive, overarching review mandate, this framework offers a lens for understanding key national security- and intelligence-related themes, trends and challenges that are common to departments and agencies across the federal government. This lens allows for discussing shared concerns in Canadaโ€™s overall security and intelligence architecture, and informs future review priorities and the recommendations for addressing them. The information continuum is discussed further in section 2.1 below.

2020 Annual Report

In response to feedback received from stakeholders, NSIRAโ€™s second annual report groups the review summaries according to government department, including for CSIS and CSE. Nevertheless, NSIRA continues to be committed to presenting broader themes and observations on national security and intelligence accountability across Canada.

In the 2020 Annual Report, NSIRA therefore presents:

  • its โ€œtrust but verifyโ€ approach, developed to ensure it has timely access to all relevant information when conducting department and agency reviews;
  • an update on the agencyโ€™s plans to continue presenting review analyses through the information continuum lens;
  • summaries of NSIRAโ€™s completed and ongoing reviews of CSIS, CSE, and other government departments and agencies in 2020, with background in the next section and summarized in Annex D, as well as detailed findings and recommendations listed in Annex E;7
  • data on CSE and its compliance-related activities, to promote greater transparency in these matters;
  • NSIRAโ€™s plans for upcoming department and agency reviews, including to inform the three-year mandated parliamentary review of the National Security Act, 2017, that is expected to begin in 2022;
  • summaries of complaints investigations completed and ongoing in 2020;
  • an outline of the agencyโ€™s new, modernized complaints process, the result of an extensive reform initiative; and,
  • statistics on NSIRAโ€™s complaints investigations in 2020 in Annex F.

1.4 Values and goals

NSIRA is committed to:

  • being open and transparent, to keep Canadians informed about the lawfulness and reasonableness of our countryโ€™s national security and intelligence activities;
  • anticipating the various risks that are part of each of the reviewed entities’
  • mandate;
  • being, as well as being seen to be, objective and independent;
  • maintaining methodological excellence, to ensure the rigour and quality of NSIRAโ€™s approach;
  • engaging regularly with partners, stakeholders, and community members; and,
  • fostering forward- and innovative-thinking, to keep abreast and, ideally, stay ahead of new technology and an ever-changing national security environment.

As part of a commitment to methodological excellence, NSIRA developed its โ€œtrust but verifyโ€ approach (highlighted below) to provide an important measure of confidence in the completeness of information received from departments and agencies.

In 2020 the NSIRA Secretariat also began work to develop a Code of Conduct for all employees, which was finalized in June 2021. The Code sets out the organizational values that guide the workforceโ€™s activities and functions and the expected standards that must be observed during and after a personโ€™s employment with the NSIRA Secretariat.8

Additional details on NSIRAโ€™s values and goals related to transparency, anticipation of risk, objectivity and independence, methodological excellence, stakeholder and community engagement, and forward- and innovative-thinking can be found in Annex G.

1.5 Trust but verify

The NSIRA Act grants the agency extensive access rights to information: with the exception of Cabinet confidences, NSIRA is entitled to have access in a timely manner to any information in the possession or under the control of any department. In conducting reviews and investigations, it requires timely access to a wide range of information, people, and assets. This, in turn, requires regular support from expert liaison units that can provide documentation, arrange briefings, answer questions, and generally guide and implement NSIRAโ€™s access requirements. NSIRAโ€™s ability to fulfil its mandate can be challenged when it faces delays in receiving information.

As a review agency, NSIRA must be able to assure Parliament โ€” and through it, Canadians โ€” that it has a high level of confidence in the completeness of the information received from departments and agencies, and hence, in the robustness of its findings. The โ€˜โ€™trust but verifyโ€ approach is a critical tool for reaching this objective.

NSIRA recognizes, on the one hand, that the principle of trust requires each party to understand and appreciate the mandate, and feel confident in the integrity, of the other. Of course, in a review relationship there will necessarily be healthy tensions stemming from differences in perspective.

On the other hand, verification is a fundamental prerequisite of any credible review. NSIRA must be able to independently test the completeness of the information it receives.

Moving forward, NSIRA will implement a โ€œtailored accessโ€ process for conducting verification. Tailored access involves identifying its information access needs in response to the specific review or investigation and collaborating with departments and agencies in determining the various types of access that will constitute the best manner in which to obtain that information. The tailored access process may include targeted access of computer networks and information, proxy access, dedicated office space, and access to training materials.

  • Targeted access constitutes direct access to a departmentโ€™s or agencyโ€™s computer networks and/or sensitive information. Targeted access is the gold standard for ensuring a robust verification of information received as part of the trust but verify approach.
  • Proxy access involves a departmental or agency intermediary who accesses
  • information repositories in the presence of NSIRA staff, and who can review relevant information as it appears on the system.
  • Allocated office space at departments or agencies, either temporary or permanent, enables more expedient and secure exchanges of information.
  • Access to training requires access to departmental or agency training modules relating to relevant corporate policies and other matters, to allow NSIRA to build specific knowledge.

The tailored access processes can place logistical and resource strains on departments and agencies having to implement them, and may require a shift in culture. Overall, however, tailored access provides mutual benefits. Tailored access processes can increase transparency and accountability on all sides, allow information to be accessed in a more secure and timely manner, foster positive professional interactions, improve overall expertise, and strengthen evidence-based findings and recommendations. Moreover, NSIRA believes that tailored access will, over time, result in a reduced workload for liaison staff at departments and agencies under review.

The trust but verify approach is not new. Both NSIRA and its predecessor, SIRC, have already had long-standing tailored access arrangements with CSIS that include targeted (direct) access to CSISโ€™s computer networks and sensitive information.

The trust but verify principle is a key aspect of maintaining the integrity and credibility of NSIRAโ€™s reviews. In keeping with the commitment to transparency and methodological rigour, its reviews will contain a โ€œconfidence statementโ€ to report NSIRAโ€™s confidence level in the completeness of the information on which the findings rely, given agencyโ€™s ability to verify. The confidence statement is an important tool for apprising ministers, Parliament, and members of the public on the extent to which NSIRA has been able to access all relevant information.

Review

2.1 The information continuum

As previously mentioned, NSIRAโ€™s review mandate extends throughout the federal government. NSIRAโ€™s broader jurisdiction allows it not only to examine the national security and intelligence activities of a specific organization, but also to identify common themes that emerge across government.

In the 2019 Annual Report, NSIRA introduced a framework to assist in discussing and analyzing such trends. The โ€œinformation continuumโ€ identifies four main stages in the lifecycle of national security and intelligence information where problems can arise, including in information collection, safeguarding, sharing, and use in real-world actions.

In an environment that is constantly changing, including the rapid development of new technologies, each stage presents potential challenges for departments and agencies engaging in national security and intelligence activities. Despite the challenges, all national security and intelligence activities must comply with the law and applicable ministerial directions, and meet the tests of reasonableness and necessity.

The 2019 Annual Report also identified a number of future priorities that would benefit from analysis through the lens of the information continuum. To achieve these goals, NSIRA promised to invest in building in-house technological expertise, collaborate with allied accountability bodies through the Five Eyes Intelligence Oversight and Review Council, and seek to stay current with new and emerging technologies such as artificial intelligence, machine learning, quantum computing, and โ€œbig data.โ€

NSIRA also pledged to continue to work with the Office of the Privacy Commissioner (OPC) and the National Security and Intelligence Committee of Parliamentarians (NSICOP) on matters of joint concern to ensure the broadest range of perspectives are addressed.

NSIRA continues to examine national security and intelligence activities through the lens of the information continuum, and plans on presenting work on its website using the continuum approach to help situate horizontal themes for national security review. For 2020, however, this report builds on some feedback NSIRA received on last yearโ€™s annual report and uses a more institutional approach as a narrative device.10

2.2 Reality of review during a pandemic

As noted in the 2019 Annual Report, NSIRA staff continued to work remotely in 2020, which meant limited office access and, therefore, minimal access to the classified physical and electronic documents that must be protected in a secure environment, and that are critical to NSIRAโ€™s work. Just as all organizations have had to adapt to the realities of the pandemic, so has NSIRA. It revised its review plans, and implemented strict rotating schedules to enable limited office access for classified work to safely continue to fulfill its statutory obligations and uphold its commitments to Canadians.

2.3 Parliamentary review of the National Security Act, 2017

The omnibus National Security Act, 2017, which established NSIRA and made major changes to Canadaโ€™s national security framework, contains provisions mandating a review by Parliament during NSIRAโ€™s fourth year of operation, which will be in 2022.

This comprehensive review will require Parliament to assess the effects of the National Security Act, 2017, on the operations of the Canadian Security Intelligence Service (CSIS), the Royal Canadian Mounted Police (RCMP) and the Communications Security Establishment (CSE) that relate to national security, information sharing, and the interaction of those organizations with NSIRA, the Office of the Intelligence Commissioner and NSICOP.11

NSIRA has structured and sequenced its review plan in order to inform Parliamentโ€™s examination of new powers granted to security agencies through the National Security Act, 2017. Reviews of these new powers will take place over the course of 2021 and into early 2022, to determine whether they were exercised in compliance with the law and ministerial direction, and whether they were reasonable and necessary.

2.4 CSIS reviews

Overview

Under the NSIRA Act, NSIRA has a mandate to review any CSIS activity. The Act requires NSIRA to submit an annual report to the Minister of Public Safety and Emergency Preparedness on CSIS activities each year, including information related to CSISโ€™s compliance with the law and applicable ministerial directions, and the reasonableness and necessity of the exercise of CSISโ€™s powers.12

In 2020, NSIRA completed two CSIS reviews, summarized below. NSIRA also began two more reviews: a review of CSISโ€™s technology programs and intelligence collection techniques, and a review of the duty of candour owed by both CSIS and the Department of Justice in warrant proceedings before the Federal Court. Other NSIRA ongoing reviews, including multiple agency reviews, have a CSIS component.

Threat reduction measures

Under the Anti-terrorism Act, 2015, CSIS was granted the authority to undertake threat reduction measures (TRMs). NSIRA is required to review, annually, at least one aspect of CSISโ€™s performance in using its threat reduction powers.13

This was NSIRAโ€™s first review of CSISโ€™s threat reduction mandate. It included a detailed compliance review of a sample of TRMs from 2019. The review also included a high- level analysis of CSISโ€™s use of TRMs over the past five years to identify trends and to inform NSIRAโ€™s choice of future review topics.

The sample reviewed by NSIRA consisted of TRMs that were employed to disrupt threats to Canadian democratic institutions in relation to the 2019 federal election. NSIRA assessed the measures against legislative and policy requirements, as well as ministerial direction.

For all the measures reviewed, NSIRA found that CSIS met its obligations under ministerial direction, namely that CSIS consulted with its government partners and completed an assessment of the operational, political, foreign relations and legal risks of each TRM.

For most of the measures taken by CSIS, NSIRA noted that the measures satisfied the requirements of the Canadian Security Intelligence Service Act (CSIS Act). NSIRA also noted, however, that in a limited number of cases, CSIS selected individuals for inclusion in the TRM without a rational link between the selection of the individual and the threat. As a result, these measures were not โ€œreasonable and proportionalโ€ as required under the CSIS Act.14

For one type of TRM reviewed by NSIRA, CSIS deemed that a warrant was not required. NSIRA identified concerns about factors which would require CSIS to consider fully the implications of the Canadian Charter of Rights and Freedoms for its measures, and could require CSIS to obtain warrants before taking certain measures.

Finally, NSIRA noted some inconsistencies in the type of information provided to CSIS decision-makers in its internal requests for approval. NSIRA also found gaps and inconsistencies in CSISโ€™s documentation, which had the effect of hindering NSIRAโ€™s compliance review. As a result, NSIRA recommended that formalized and documented processes be developed for the management of all TRM-related information. In addition, NSIRA recommended that all pertinent facts relating to the TRM be formally provided to the National Security Litigation and Advisory Group (NSLAG), which is part of the Department of Justice, to ensure that the NSLAG has the information necessary to provide considered legal advice.

The legal issues and questions raised in this review, as well as the analysis of trends across the last five years, point the way to further reviews by NSIRA. In particular, NSIRA was struck by the potential for a class of TRMs to affect rights and freedoms protected under the Charter. In future, NSIRA will pay particular attention to this class of TRMs and the associated legal risks. NSIRA also notes that CSIS has yet to undertake a TRM under the authority of a court warrant. If and when CSIS obtains a TRM warrant, NSIRA will prioritize it for review.

Response to NSIRAโ€™s recommendations

NSIRAโ€™s recommendations, CSISโ€™ management responses, and other details about this review, are found in Annex E of this report.

CSIS-RCMP relationship in a region of Canada through the lens of an ongoing investigation

CSIS and the RCMP must work together and share intelligence to effectively counter national security threats.15 NSIRA examined the state of the relationship between CSIS and the RCMP through the lens of an ongoing investigation in a specific region of Canada. NSIRA undertook an in-depth study of both agenciesโ€™ operations, with particular attention to how the two agencies collaborated on this investigation in recent years, both in this region and at headquarters. Although the findings of this review are specific to the given investigation, NSIRA has no reason to believe that the investigation in question is atypical, and thus this review provides insight into the more general state of the two agenciesโ€™ relationship.

With respect to CSISโ€™s investigation specifically, NSIRA found that CSIS was reliant on a narrow set of information and was thus vulnerable; NSIRA observed how external factors arose that sharply limited CSISโ€™s ability to collect intelligence on the threat in question, resulting in collection gaps.

NSIRA found that in the specific region in question, CSIS and the RCMP had developed a strong relationship that has fostered effective tactical de-confliction of operational activities. Nonetheless, technological constraints made CSIS-RCMP de-confliction in the region excessively burdensome and time-consuming.

The RCMPโ€™s use of CSIS information in support of criminal prosecutions has long been limited by perceived risks of involving CSIS or CSIS information in a prosecution. As an element of this, NSIRA observed a general reluctance on the parts of both CSIS and the RCMP to connect CSIS information to an RCMP investigation. In the case of the regional investigation in question, CSIS intelligence had not been shared or used in a way that significantly advanced the RCMPโ€™s investigations.

On the whole, NSIRA found that CSIS and the RCMP had made little progress in addressing the threat under investigation. Moreover, CSIS and the RCMP did not have a complementary strategy to address the threat.

NSIRA has the legal authority to assess CSIS-RCMP activities from the perspective of both parties, and is not limited to the standpoint of CSIS, as was the case for the Security Intelligence Review Committee (SIRC). This regional review exposed an important, yet unresolved, issue in Canadaโ€™s national security framework: the limitations on the use of CSIS intelligence to support RCMP criminal investigations, often termed the โ€œintelligence-to-evidenceโ€ dilemma. Given the centrality of the CSIS- RCMP relationship to Canadaโ€™s national security architecture, NSIRA will return to this topic in future years.

Response to NSIRAโ€™s recommendations

NSIRAโ€™s recommendations, CSISโ€™ management responses, and other details about this review, are found in Annex E of this report.

Statistics and data

To achieve greater public accountability, NSIRA is requesting that CSIS publish statistics and data about public interest and compliance-related aspects of its activities. NSIRA is of the opinion that the following statistics will provide the public with information related to the scope and breadth of CSIS operations, as well as display the evolution of activities from year to year.

The number of section 21 warrant applications (a) approved, and (b) denied; each further broken down as either new or replacement/supplemental.

  • Number of section 21 warrant applications approved: 15
  • New: 2
  • Replacement: 8
  • Supplemental: 5
  • Number of section 21 warrant applications denied: 0

The number of section 21.1 warrant applications (a) approved, and (b) denied; each further broken down as either new or replacement/supplemental.

  • There were no warrant applications under section 21.1.

The number of CSIS targets

  • 360 targets

The number of publicly available datasets (a) evaluated, and (b) retained.

  • Six section 11 PADs were evaluated and retained.

*Note that one had been collected in late 2019 but was evaluated in 2020.

The number of Canadian datasets (a) evaluated, and (b) retained after authorization by the Court, and the number of such requests denied.

  • There were zero Canadian datasets evaluated, subject to a request, or retained in calendar year 2020.

The number of foreign datasets (a) evaluated, and (b) retained after approval by the Minister and Intelligence Commissioner, and the number of such requests denied (by either the Minister or Intelligence Commissioner).

  • There were zero foreign datasets evaluated in calendar year 2020. (All pending submissions were evaluated in 2019.)
  • There was one foreign dataset retained after authorization by the Minister (Director as designate, November 18, 2020) and approval by the Intelligence Commissioner (December, 16, 2020) in calendar year 2020. (It was evaluated in 2019.)
  • There were no requests for foreign datasets denied by the Minister or Intelligence Commissioner in calendar year 2020.

The number of TRMs (a) approved, and (b) executed.

  • Approved: 11
  • Executed: 8

The number of Justification Framework (a) approvals, and (b) invocations.

  • Emergency designations made under section 20.1(8): 0
  • Authorizations given under section 20.1(12): 147
  • Written reports submitted under section 20.1(23): 123 (this includes 39 commissions by employees and 84 directions)

The number of internal CSIS compliance incidents.

In 2020, External Review and Compliance processed 50 compliance incidents. Of these, 29 were considered to be administrative, 14 related to warrant terms and conditions, and 7 related to internal policies, procedures or directives.

General compliance challenges: Outdated operational policies

As legal and operational environments have evolved over the years, the suite of internal policies and procedures governing CSIS operations has drifted out of date. These operational policies and procedures translate the limits imposed by law and ministerial directions into everyday practice for CSIS activities.

NSIRA, and previously SIRC, noted concerns with out-of-date policies and procedures in reports and reviews over the years. CSIS also recognizes these concerns, but has struggled to adequately resource and prioritize the renewal of its operational policy suite. The result is a confusing collection of old and new policies, and ad hoc directives that have not yet been incorporated into policy. Over the past two years, CSIS has reported that more than 150 of its operational policy related documents need to be developed, updated, or significantly revised.

Written policies and procedures that do not reflect current operational realities and legal requirementsโ€”or are simply not internally consistentโ€”elevate the risk that CSIS will not comply with the law and ministerial directions. CSIS employees should always have a clear, consistent and up-to-date suite of policies and procedures that makes compliance easy.

NSIRA is aware of CSISโ€™ ongoing efforts to overhaul and organize its full range of operational policies and procedures. Since the backlog has persisted for years, it remains unclear whether the latest efforts at renewal are sufficiently well-resourced to truly remedy the situation in a timely manner.

Internal compliance and proactive disclosure to NSIRA

In 2020, CSIS proactively disclosed to NSIRA a compliance issue related to certain operational activities. After CSIS employees raised concerns about an operational program, CSIS conducted an internal compliance review. The initial review focused on compliance with CSIS policies and procedures, but as the issue was explored CSIS opted to conduct a legal assessment as well. CSIS has since taken a number of steps to address the shortcomings it identified, including improved operational governance and management accountability. NSIRA received a comprehensive briefing on the matter in early 2021; CSIS is also providing, and has committed to continue to provide, NSIRA with the full range of relevant internal documents. NSIRA is examining this material with interest and will follow up with CSIS as appropriate.

This incident illustrates how departmental compliance mechanisms and NSIRAโ€™s external review mandate can complement each other. NSIRA encourage CSIS to continue to engage the agency when internal compliance issues of note are uncovered.

2021 CSIS review plan

In 2021, NSIRA is commencing or conducting three reviews exclusively focused on CSIS, one review focused on CSIS and the Department of Justice and a number of interagency reviews with a CSIS component. The reviews are summarized below.

In addition to NSIRAโ€™s two legally mandated reviews of the Security of Canada Information Disclosure Act and the Avoiding Complicity in Mistreatment by Foreign Entities Act, NSIRA has initiated or is planning the following CSIS reviews, for completion in 2021:

Survey of new technology programs and intelligence collection techniques

This review, initiated in 2020, involves a broad survey of CSISโ€™s technology programs and intelligence collection techniques, with a particular focus on those that require authorization by court warrant. The review will help to identify specific technologies or investigative techniques that merit future review due to their novelty, potential intrusiveness, or potential for posing risks to compliance. Once identified, these technologies or techniques will be reviewed over subsequent years to ensure legal compliance.

Review arising from the Federal Courtโ€™s judgment in 2020 FC 616

This review arises from the Federal Courtโ€™s judgement in 2020 FC 616.16 To fully identify systemic, governance and cultural shortcomings and failures that may have led to the breach noted by the Court, NSIRA has undertaken an extensive program of document review and briefings involving both CSIS and the Department of Justice. NSIRA is also conducting confidential interviews with CSIS and Department of Justice employees, at various levels, to better understand the dynamics shaping decision-making in both departments and the interactions between the departments. In addition, NSIRA has consulted with external experts where possible. This review is distinct from other reviews NSIRA has conducted, as it is led by two NSIRA members: Marie Deschamps and Craig Forcese. The final report is expected to be completed in late 2021 or early 2022.

Beyond 2021, NSIRA intends to explore CSIS reviews of topics including, but not limited to:

  • ministerial direction issued to CSIS;
  • CSIS intelligence collection relating to foreign interference;
  • CSIS datasets; and
  • CSISโ€™s justification regime for intelligence collection activities.

Access

The range of information that CSIS must proactively inform NSIRA about has expanded under amendments to the CSIS Act. NSIRA must be informed about matters that include CSISโ€™s use of datasets, threat reduction measures, disclosures of information, and the new justification framework for otherwise unlawful activities. Since these requirements are embedded in the CSIS Act, it is NSIRAโ€™s understanding that Parliament intended that NSIRA keep itself continuously apprised of these activities. To this end, NSIRA will systematically monitor the information received from CSIS for its compliance with the law, and the reasonableness and necessity of those activities.

However, NSIRA considers it vital that CSIS also keep NSIRA informed of those activities beyond those that CSIS is explicitly required to bring to NSIRAโ€™s attention. NSIRA is working with CSIS to establish a process that builds on NSIRAโ€™s existing direct access to CSISโ€™s main databases. This process will enable NSIRA to obtain additional information that complements the information that CSIS is required to report to NSIRA.

This endeavour will not only strengthen the content of NSIRAโ€™s public annual reporting, but will also better inform the annual classified report on CSIS that NSIRA must provide to the Minister of Public Safety and Emergency Preparedness.

CSIS has been subject to independent review since its creation in 1984. To manage its relationship with external review bodies, CSIS has long maintained a dedicated review secretariat, which is currently housed within its External Review and Compliance branch. CSISโ€™s review secretariat has enhanced its ability to meet its statutory obligations to provide NSIRA with timely access to the information NSIRA deems relevant. In 2020, NSIRA was generally satisfied with its access to CSIS.

During this reporting period, CSIS personnel have remained supportive and available to the extent possible, and in several instances in 2020, went to exceptional lengths to assist NSIRA is completing reviews whose timelines had themselves been disrupted by COVID-19. Although CSIS and NSIRA may disagree on specific issues โ€” as is to be expected with regard to an external accountability body โ€” NSIRA is of the view that the continued cooperation of CSIS personnel under difficult circumstances reflects an underlying understanding of and respect for the role of independent review at CSIS.

2.5 CSE reviews

Overview

As set out in the NSIRA Act, NSIRA has a mandate to review any CSE activity. Under the NSIRA Act, NSIRA must also submit an annual report to the Minister of National Defence on CSE activities each year, including information related to CSEโ€™s compliance with the law and applicable ministerial directions, and the reasonableness and necessity of the exercise of CSEโ€™s powers.

In 2020, NSIRA completed three CSE reviews. This annual report also presents results from a 2019 review that NSIRA was unable to share in the 2019 Annual Report. NSIRA also initiated three reviews, as discussed below.

In meetings with representatives from Canadian civil society and academia, some stakeholders expressed an interest in receiving follow-up information pertaining to reviews conducted under the former Office of the CSE Commissioner (OCSEC).20 NSIRA remain committed to redacting, translating, and publishing OCSEC historical reviews as resources permit. However, many of OCSECโ€™s reviews are no longer relevant in light of the legislative amendments introduced in 2019 by the National Security Act, 2017. Many of OCSECโ€™s recommendations have also been implemented, since they called for changes to the law that were subsequently captured in the National Security Act, 2017. As well, any ministerial directions and other instruments issued under the previous legal framework for CSE (National Defence Act) are now obsolete, having been reissued under the new authorities.

Disclosure of Canadian identifying information to Canadian partners

On June 18, 2021, NSIRA released a public summary of its review of CSEโ€™s disclosures of Canadian Identifying information (CII).21 When CSE conducts foreign signals intelligence (SIGINT) collection, it suppresses any incidentally collected CII in its intelligence reporting to protect the privacy of Canadians and persons in Canada. 22 Nevertheless, the Government of Canada and foreign recipients of these intelligence reports can request the details of this informationโ€”including names, email addresses, and IP addressesโ€”if they have the legal authority and operational justification to receive it.

In 2020, NSIRA reviewed the lawfulness and appropriateness of CSEโ€™s disclosure of CII, focusing on CSEโ€™s disclosure of CII to other Government of Canada departments.

This review examined a sample of CSEโ€™s CII disclosures from July 1, 2015 to July 31, 2019 containing 2,351 Canadian identifiers, including in the context of assisting CSISโ€™s foreign intelligence collection under section 16 of the CSIS Act.

NSIRA found that although CSE approved 99% of requests for CII disclosure from its domestic partners, 28% of all requests were not sufficiently justified to warrant the release of CII. As a result, NSIRA concluded that CSEโ€™s implementation of the CII disclosure regime lacked rigour, and may not have complied with its responsibilities under the Privacy Act. This report therefore constituted a compliance report pursuant to section 35 of the NSIRA Act, and was presented to the Minister of National Defence on November 25, 2020.

NSIRA also found that CSEโ€™s releases of CII collected under section 16 of the CSIS Act were conducted in a manner that was unlikely to have been communicated to the Federal Court by CSIS. CSIS had provided the Federal Court with testimony about its treatment of information about Canadians collected through section 16 of the CSIS Act. Yet, when NSIRA compared this testimony with how CSE handled information about Canadians collected when assisting CSIS in relation to section 16, NSIRA found notable discrepancies in the standards communicated to the Federal Court. CSIS was not involved in assessing or releasing the disclosures about which NSIRA had concerns; these disclosures were handled solely by CSE.

Response to NSIRAโ€™s recommendations:

As detailed in Annex E of this report, CSE accepted all 11 of NSIRAโ€™s recommendations. CSE initiated a privacy impact assessment of its CII disclosure regime, and has informed NSIRA that it is in the final stages of implementing an updated version of its CII request software, which is intended to ensure that all necessary information related to operational justification, and legal authority is captured prior to a disclosure taking place. CSE has also ceased releasing CII collected under section 16 of the CSIS Act until the Federal Court is fully informed about CSEโ€™s sharing of information derived from collection under section 16 warrants.

Ministerial authorizations and ministerial orders under the CSE Act

After the CSE Act came into force in 2019, CSE received a new set of ministerial authorizations (MAs). These documents, issued by the Minister of National Defence, authorize CSE to engage in activity that risks contravening an โ€œAct of Parliament or interfering with a reasonable expectation of privacy of a Canadian or person in Canada.โ€ For example, such activities might include the incidental interception of private communications during CSEโ€™s foreign SIGINT collection activities.

The CSE Act also created the legislative authority for the Minister to โ€œdesignate electronic information or information infrastructures or classes of electronic information or information infrastructures as being of importance to the Government of Canadaโ€ through a ministerial order (MO). Designating infrastructures as being of importance to the Government of Canada enables CSE to share certain kinds of information, and provide direct assistance.

In 2019, the Minister of National Defence issued seven MAs and three MOs under the CSE Act. NSIRA received comprehensive briefings on the activities authorized by each MA and MO. Based on the records that CSE provided, NSIRA believes that CSE employed considerable rigour in the MA application process. NSIRA found that CSEโ€™s MA application requests contained sufficient information, and provided more information than previous applications under CSEโ€™s pre-CSE Act governing legislation, National Defence Act, thereby allowing for greater transparency of CSEโ€™s activities.

NSIRA found, however, that CSE has not fully assessed the legal implications of certain activities enabled since the CSE Act, which have not yet occurred, but which are permissible under a specific type of MA. NSIRA also found that CSE was unable to provide an assessment of its obligations under international law regarding the conduct of active cyber operations.

CSEโ€™s briefings on these matters have informed NSIRAโ€™s three-year review plan. In particular, this review highlighted the immediate need for NSIRA to focus on CSEโ€™s active cyber operations (ACOs) and defensive cyber operations (DCOs), given that the Intelligence Commissioner does not provide approval for these activities and that CSE has no statutory obligation to notify NSIRA when it undertakes these activities. Active and defensive cyber operations represent a new aspect of CSEโ€™s mandate, and NSIRA will closely examine both the governance policies and procedures for these activities, as well as the operations themselves.

Response to NSIRAโ€™s recommendations

As detailed in Annex E, CSE generally accepted NSIRAโ€™s recommendations in relation to this review. CSE agrees that its operations should be assessed with respect to compliance with international law, but continues to dispute NSIRAโ€™s assertion that it was unable to provide an assessment of its obligations under international law.

Signals Intelligence data retention policies and procedures

Inspired by a similar review by the U.S. Inspector General for the National Security Agency, NSIRA completed a review of CSEโ€™s SIGINT data retention policies and procedures in December 2020. The purpose of the review was to understand the SIGINT data lifecycle management process and learn about compliance with legal data retention limits, and with government and internal policy. Non-compliance with these limits could potentially adversely affect civil liberties and privacy protections. NSIRA completed its review and will use the information learned as a foundation for a future review.

Privacy Incidents File (2019)

On March 4, 2021, NSIRA publicly released its first review of CSE, which was a 2019 review of CSEโ€™s Privacy Incidents File (PIF).29 A privacy incident occurs when the privacy of a Canadian or a person in Canada is put at risk in a manner that runs counter to, or is not provided for, in CSEโ€™s policies. NSIRAโ€™s 2019 PIF review, including findings and recommendations, was discussed in Annex A of the 2019 Annual Report. NSIRA was unable to publish CSEโ€™s responses to NSIRAโ€™s recommendations in time for that report, and so these responses are now included in Annex E to the present annual report.

Response to NSIRAโ€™s recommendations

CSE accepted all five of NSIRAโ€™s recommendations regarding the 2019 PIF review. CSE is pursuing a standardized mechanism for identifying and reporting on incidents with privacy interests, and is investigating ways to reach more streamlined and uniform reporting between operational compliance teams. CSE committed to standardizing its policy on how to assess whether a privacy incident constitutes a material privacy breach, and re-examining its assessment methods to ensure they are effective and reasonable. In November 2019, CSE also abolished a specific practice that NSIRA had raised concerns about.

Statistics and data

To achieve greater public accountability, NSIRA is requesting that CSE publish more statistics and data about public interest and compliance-related aspects of its activities. This section presents some of this CSE data.

NSIRA intends to provide data on an annual basis to provide benchmarks and enable comparison. It cautions, however, that some CSE data are difficult to interpret without significant analysis and full context, and may not necessarily indicate particular practices or developments.

In 2020, CSE provided foreign intelligence reports to more than 2100 clients in over 25 departments and agencies within the Government of Canada in response to a range of priorities related to international affairs, defence, and security. As examples, CSE believes that its own intelligence reporting helped thwart or respond to foreign cyber threats, supported Canadaโ€™s military operations, protected deployed forces, identified hostile state activities, and provided insight into global events and crises to help inform Government of Canada policies and decision making.

In calendar year 2020, CSE received 24 requests for assistance from CSIS, the RCMP, and the Department of National Defence, and actioned 23 of these requests.

Also in 2020, CSE recorded a total of 81 incidents in its PIF, second party privacy incidents file (SPIF), and minor procedural errors file.

In calendar year 2020, CSE was issued six MAs. The table below provides a breakdown of these MAs, as well as of MAs from calendar year 2019, which NSIRA was unable to publish in its 2019 annual report. NSIRA will continue to benchmark and compare these, and other statistics, each year.

* Note that the above tables refer to ministerial authorizations (MAs) that were issued in the given calendar years, and may not necessarily reflect MAs that were in effect. For example, if an MA was issued in late 2019 and remained in effect in parts of 2020, it is counted above solely as a 2019 MA.

In June 2021, in CSEโ€™s 2020-2021 public annual report, CSE confirmed that it has conducted foreign cyber operations.32 CSE informed NSIRA that it is not prepared to release specific information related to foreign cyber operations, as it would constitute special operational information that, if disclosed, could be injurious to Canadaโ€™s international relations, national defence or national security.

Internal compliance programs

In addition to NSIRAโ€™s independent expert review, CSEโ€™s functions are also subject to its own internal compliance programs. For this annual report, NSIRA asked CSE to provide information on some of its internal compliance programs. CSEโ€™s Internal Program for Operation Compliance is responsible for activities of the Canadian Centre for Cyber Security (Cyber Centre), while compliance of SIGINT activities is overseen by the SIGINT Compliance section.

Unlike some of its international counterparts, NSIRA does not currently assess the effectiveness of department and agency internal compliance programs. However, NSIRA recognizes that assessing such programs would be an important component of its review mandate, and it intends to build capacity in this area. In the interim, there is nevertheless value in publishing the information available on internal compliance, to provide a greater understanding of CSEโ€™s policies in this regard. The information provided in this section should not be considered an independent assessment or evaluation.

Internal program for operation compliance

The Internal Program for Operation Compliance (IPOC) is responsible for providing mission management support and operationalizing the Cyber Centreโ€™s Internal Compliance Program, which encompasses three fundamental accountability pillars:

  • Enabling Compliance (education, prevention, and collaboration);
  • Compliance Verification and Assurance (monitoring, review, and audit); and
  • Compliance Incident Management (analysis, mitigation, and reporting).

According to CSE, the Cyber Centreโ€™s ability to demonstrate compliance with legal, ministerial, and policy obligations while conducting cybersecurity activities is โ€œa key component of its โ€˜licence to operateโ€™.โ€ CSE considers these accountability and transparency values to be at the core of Cyber Centre operations; they are seen as constituting the foundation for maintaining Canadiansโ€™ trust and confidence in the Cyber Centreโ€™s activities.

CSE also stated that, in addition to conducting annual compliance monitoring of cybersecurity and information assurance activities, IPOC works with Cyber Centre operational areas to promote โ€œcompliance by design,โ€ whereby control mechanisms and privacy protection measures are intended to be proactively built into systems, tools, and operational business processes.

SIGINT compliance

Ensuring compliance of activities is, according to CSE, โ€œof utmost importance to SIGINT, as it is critical to CSEโ€™s continued lawfulness.โ€ The SIGINT Compliance section works with employees to clarify their roles in compliance, for example through employee engagement, incident handling, annual compliance accreditation training, and compliance advice on new and established SIGINT initiatives. The section works to build and maintain a compliance review framework based on the CSE Act and other appropriate legislation, as well as CSEโ€™s internal policy instruments.

According to CSE, this compliance review framework dictates internal compliance reviews that the group must complete annually over a three-year cycle. Moreover, the SIGINT Compliance group is meant to review SIGINT activities across the entire lifecycle of intelligence production, from data acquisition to processing, analysis and end-product dissemination. When necessary, these reviews contain required actions that employees in certain activity areas must complete to maintain or improve compliance. These required actions must be tracked and updated regularly by both the compliance group, as well as senior management.

NSIRA understands that transparency related to compliance is not achieved overnight, and that CSEโ€™s transparency efforts are, as CSE told NSIRA, โ€œstill a work in progress.โ€ NSIRA can assist CSE in such efforts, for example by providing information to the Canadian public about CSEโ€™s lawfulness, compliance, and its functions more broadly.

Internal compliance errors reported to NSIRA

CSE states that it promotes a culture of compliance and encourages the self-reporting of potential compliance incidents. In 2019-20, CSE had concerns that it may have received information outside of a valid MA period, in relation to cybersecurity activities on a certain type of infrastructure.

CSE ultimately notified the infrastructure owner, purged the inadvertently received information from its systems in accordance with standard privacy safeguards, and launched a review of the incident for the purpose of identifying and implementing additional privacy protection measures. CSE also proactively engaged the Minister of National Defence and NSIRA for transparency and accountability purposes.

NSIRA appreciates that CSE brought this incident to its attention. NSIRA did not consider the incident to be of major concern, but view CSEโ€™s proactive and voluntary notification of the incident as a key success in the NSIRA-CSE relationship. NSIRA feels that CSEโ€™s response to this incident bodes well for effective and honest communication and collaboration moving forward.

2021 CSE review plan

In general, NSIRA prioritizes its reviews of CSE based on legislative requirements, as well as risk. In the case of risk, NSIRA seeks to identify those activities that may potentially pose higher risks of legal non-compliance, often because these activities are new and untested, or operate under the updated authorities of the CSE Act. NSIRA also engages with various stakeholders, both internal and external to the Government of Canada, to consider CSE-related concerns that should be reviewed.

Over the coming years, NSIRA will focus on newer aspects of CSEโ€™s mandate, as well as on CSEโ€™s use of certain emerging technologies, including artificial intelligence. In particular, NSIRA has heard various concerns from Canadian stakeholders about CSEโ€™s novel foreign cyber operations mandate. NSIRA is closely examining CSEโ€™s foreign cyber operations, including in two ongoing reviews, and NSIRA will continue to review these kinds of operations in future. NSIRA will also continue to review discrete CSE activities in cybersecurity and SIGINT based on their associated risks.

In addition to NSIRAโ€™s two legally mandated reviews of the Security of Canada Information Disclosure Act (SCIDA) and the Avoiding Complicity in Mistreatment by Foreign Entities Act, NSIRA has initiated or is planning the following CSE reviews, for completion in 2021:

Review of information use and sharing between aspects of CSEโ€™s mandates

This review examines how CSE ensures compliance with its lawful authorities and restrictions when exchanging information between aspects of its mandates. An exchange of information between aspects occurs, for example, if CSE collects information under the foreign intelligence aspect and then shares this information with those operating under the cybersecurity aspect. The review examines how CSE uses such cross-aspect information, in order to ensure compliance with the CSE Act. This review was initiated in January 2020, but has been delayed.

Review of CSEโ€™s active cyber operations and defensive cyber operations, Part 1: Governance

This review examines CSE’s new active cyber operation / defensive cyber operation powers under the CSE Act to ensure legal compliance. It looks at the policy and legal framework for conducting these activities for the 2019-20 MAs. This review was initiated in August 2020, but has been delayed.

Review of an activity conducted under CSEโ€™s foreign intelligence Ministerial Authorizations

This review studies an activity conducted under CSEโ€™s Foreign Intelligence Ministerial Authorizations to examine CSEโ€™s policies and procedures. This activity has not been subject to any external or internal assessment, audit, or compliance review, and as such presents an opportunity for NSIRA to conduct the first-ever review of this CSE activity. CSE provided a preliminary briefing to NSIRA on this topic in early 2021, but this review has been delayed.

Departmental study under section 31 of the NSIRA Act

Under section 31 of the NSIRA Act, NSIRA can direct CSE to conduct a study of its activities that relate to national security and intelligence, to ensure that these activities are carried out in compliance with the law and any applicable ministerial directions, and that they are reasonable and necessary. On completion of the study, CSE must provide a copy of the report to the Minister of National Defence and to NSIRA. Following NSIRAโ€™s review of CSEโ€™s CII disclosures, NSIRA concluded that CSEโ€™s implementation of its disclosure regime under the National Defence Act may not have complied with requirements under the Privacy Act. Given the change in CSEโ€™s governing legislation in 2019, NSIRA has directed CSE to review its disclosures to Government of Canada partners as well as foreign partners to ensure that these disclosures comply with section 43 of the CSE Act.

Beyond 2021, NSIRA intends to explore CSE reviews of topics including, but not limited to:

  • Active Cyber Operations and Defensive Cyber Operations, Part 2: Operations;
  • Safeguarding of sensitive information, including use of the polygraph;
  • Assistance to CSIS;
  • A specific cybersecurity activity as outlined within an MA;
  • The Vulnerabilities Equities Management Framework (VEMF);
  • The use of emerging technologies, including Artificial Intelligence;
  • A foreign SIGINT collection program conducted under an MA; and
  • SIGINT retention practices.

NSIRAโ€™s mandate allows it to conduct inter-departmental reviews (also known as โ€˜follow-the-threadโ€™ reviews), and it intends to do so for several ongoing and planned CSE reviews. In engaging with a range of federal departments and agencies, NSIRAโ€™s CII review was its first follow-the-thread review.

Access

In 2020, NSIRAโ€™s CSE Review Team established office space in CSEโ€™s headquarters. This office space, which began partial operations in 2020, includes nine workstations and provides NSIRA with greater access to its CSE counterparts. Access to NSIRAโ€™s CSE office is restricted, and appropriate safeguards are in place to ensure NSIRAโ€™s independence.

A significant challenge to NSIRAโ€™s CSE review is the lack of comprehensive and independently verifiable access to CSEโ€™s information repository.37 As one component of addressing challenges, NSIRA is exploring options to have CSE proactively disclose specific categories of information on a regular basis, which would be used to both ensure compliance of activities and inform the conclusions NSIRA provides in the annual classified report to the Minister.

As another component of addressing access challenges, NSIRA is also exploring some options with CSE to implement the โ€œtailored accessโ€ approach described under section 1.5 of this Report. Implementing tailored access will result in trust being maintained between the two organizations, while ensuring that NSIRA has the ability to independently verify the information received in the context of its review. It should also be noted that the speed at which NSIRA receives information before the verifications stage remains important, as any delays in receiving information has the potential to impede NSIRAโ€™s ability to fulfill its mandate.

To encourage greater accountability in the year ahead, NSIRA intends to establish more formal guidelines for the provision of information by departments and agencies, including targets for the timeliness of responses to requests for information, and a framework for reporting publicly on the above.

Conclusion

As a new organization, NSIRA continued to staff its CSE Review Team in 2020,39 in addition to improving its overall understanding of CSEโ€™s remit. NSIRA acknowledges the need to continue consolidating its familiarity and expertise with CSE and various aspects related to CSEโ€™s functions. Similarly, CSEโ€”which built a close relationship with OCSEC over some 23 years of review โ€” is in the process of building its own familiarity with NSIRA and its mandate. NSIRA also acknowledges that reviews of CSEโ€™s functions can be particularly sensitive, for example, because of the high volume of highly classified special information content.

NSIRA thanks CSE for timely assistance in providing publicly-releasable information for this annual report, much of which has not previously been made public. NSIRA feels that this reflects steps by CSE toward increased transparency to Canadians. Further, NSIRA is grateful for regular support from CSEโ€™s Information Technology services in helping with secure communications.

2.6 Other government departments

Overview

One key reason for creating NSIRA was to ensure scrutiny of Canadian national security and intelligence departments and agencies that did not already have dedicated review bodies. To this end, the NSIRA Act provides the legal foundation to โ€œreview any activity carried out by a department that relates to national security or intelligence.โ€40 As would be expected, selecting which departments and agencies outside of CSIS and CSE that require examination is complex and must be continuously updated in tandem with the ever-changing national security landscape.

In addition to selecting specific departments for review, NSIRA is developing an integrated review framework that addresses broad-based national security and intelligence issues both horizontally and vertically across departments and agencies. This is in addition to the yearly reviews of the Security of Canada Information Disclosure Act and the Avoiding Complicity in Mistreatment by Foreign Entities Act, which when considered cumulatively, provide the opportunity to cover the entire community.

As previously mentioned in section 1 of this report, NSIRA is working with departments and agencies across government to design a process where the information provided for a review is corroborated and verified for completeness. NSIRA calls this the trust but verify principle: NSIRA trusts departments to provide access to information, people and assets in a timely manner, while having mechanisms in place to allow the agency to independently verify the completeness of the access.

It is also important to note that NSIRA works closely with the NSICOP and the OPC to share review plans and de-conflict when reviews touch on similar subjects.

Beyond CSIS and CSE, NSIRA initiated reviews with the following departments and agencies in 2020:

  • Department of National Defence / Canadian Armed Forces (DND/CAF);
  • Global Affairs Canada;
  • the RCMP;
  • Immigration, Refugee and Citizenship Canada;
  • the Canada Border Services Agency;
  • Transport Canada; and
  • the Public Health Agency of Canada.
  • the following sections outline reviews completed or initiated in 2020, by department/agency, as well as some planned future reviews.

As well, through the yearly reviews of the Security of Canada Information Disclosure Act and the Avoiding Complicity in Mistreatment by Foreign Entities Act, NSIRA has engaged with all departments and agencies that make up the Canadian national security and intelligence community.

The following sections outline reviews completed or initiated in 2020, by department or agency, as well as some planned future reviews.

Department of National Defence and the Canadian Armed Forces

The Canadian Forces National Counter-Intelligence Unit

The Canadian Forces National Counter-Intelligence Unit (CFNCIU) falls under the Canadian Forces Intelligence Group within Canadian Forces Intelligence Command and is organized along Regional Detachments. CFNCIUโ€™s activities involve investigating and reporting counter-intelligence threats that pose a security risk to DND/CAF, supporting CAF operations to enhance force posture and operational security, coordinating exchanges of threat information with security partners, and providing early warning. CFNCIUโ€™s primary responsibility is the collection of security intelligence for integration into national or local threat assessments.

The investigative framework for CFNCIU is unique insofar as it covers a broad range of security intelligence concerns similar to those of CSIS, yet is limited in investigative scope to DND/CAF information, people and assets (i.e. nexus to DND/CAF). Unlike CSIS, CFNCIU does not collect expansively on threats given the need for a nexus; and unlike a Departmental Security Officer, CFNCIU does not conduct investigations on issues regarding policy compliance, or security issues involving inappropriate behavior by employees that do not point to an obvious threat. Furthermore, CFNCIU does not have responsibility for security screening or criminal investigations. The investigative scope of CFNCIU is therefore best understood as occupying a very narrow space above those related to discipline and security screening, yet falling below criminal thresholds.

This review examined CFNCIUโ€™s domestic efforts at investigating counter-intelligence threats posed to DND/CAF, the rationale used by CFNCIU for justifying investigations, and the associated investigative activities that follow. In this context, the review specifically sought to provide an initial understanding of the DND/CAF governance framework, as well as how CFNCIU views threats, collects intelligence, engages in cooperation and applies analysis. Particular attention was paid to CFNCIUโ€™s legal foundations, processes and procedures, and how they contribute to safeguarding against insider-threat scenarios. NSIRA also reviewed how intelligence derived from investigations was conveyed to DND/CAF decision-makers. The full review is currently being redacted and should be released on NSIRAโ€™s website soon.

NSIRA found that CFNCIU and other DND/CAF security components have been organized into narrowly focused vertical silos that do not work in an integrated manner. While CFNCIU adhered to internal policies used to initiate investigations, it did not have a formalized process to help guide investigation prioritization based on relevant criteria. It was also evident that CFNCIU required clarity on its legal authorities, to ensure the proper sharing of information in support of administrative and criminal processes.

NSIRA further identified the need for DND/CAF to empower CFNCIU to make full use of its investigative capabilities to reduce investigative durations, an issue that NSIRA found runs contrary to the sound safeguarding practices of DND/CAF information, people, and assets.

Moreover, NSIRAโ€™s review found that CFNCIU did not adequately consider the cumulative effect of its counter-intelligence activities in relation to an investigation subjectโ€™s privacy, raising questions about the adequacy of CFNCIUโ€™s efforts to ensure procedural fairness and prompting NSIRA to recommend that CFNCIU seek advice from the OPC. NSIRA also observed that CFNCIUโ€™s information sharing regime was not compliant with Government of Canada policies for safeguarding information, people, and assets.

The presence of white supremacy within the Canadian military has been well documented. White supremacist groups actively seek individuals with prior military training and experience, or conversely, encourage individuals to enlist in order to gain access to specialized training, tactics and equipment. Although NSIRA acknowledges that the responsibility for addressing this threat cannot fall uniquely on the shoulders of CFNCIU, the reviewโ€™s multiple findings lead to concern that CFNCIU may not be fully utilized to proactively identify white supremacists across DND/CAF. After examination of case studies and interviews with CFNCIU investigators, the review found that white supremacy poses an active counter-intelligence threat to DND/CAF, and that the CFNCIUโ€™s mandate to proactively identify this threat is limited.

Finally, following some concerns identified in the later stages of this review, NSIRA will carry out a case study of CFNCIU computer searches and interview processes in 2021 to assess whether these activities were Charter-compliant.

DND/CAF response to NSIRAโ€™s recommendations

DND/CAF agreed with NSIRAโ€™s recommendations, and stated that they welcome the review report. DND/CAF agreed that action will be taken at the appropriate levels in conjunction with required expertise and offices, noting that work in this regard has commenced, and that some of NSIRAโ€™s recommendations are already being addressed. For example, DND/CAF are working to complete a Privacy Impact Assessment of Defence Intelligence activities, and will engage the OPC for further input once this assessment is completed.

Reviews in progress

NSIRA launched a review of the Defence Intelligence Enterprise to map intelligence collection, and obtain information on the governance frameworks, authorities and structures of defence intelligence with a view towards assisting future review planning. This information was further supplemented by a corollary review of Intelligence Oversight, Review and Compliance within DND/CAFโ€™s defence intelligence system. Although there are no findings or recommendations stemming from these inquiries, NSIRA members will receive a briefing note and presentation from NSIRA staff on key observations gained through this process. The expected completion is fall of 2021.

NSIRA has also begun to follow-up on issues identified during last yearโ€™s CFNCIU review. NSIRAโ€™s Counter-Intelligence Operational Collection and Privacy Review will further examine CFNCIUโ€™s practices concerning subject interview and database access to information management/information technology systems; this latter assessment will require access by NSIRA staff to DND/CAF computer networks to validate how these systems are used when conducting counter-intelligence inquiries.

NSIRA has also initiated an examination of DND/CAFโ€™s human intelligence (HUMINT) capabilities, primarily through review of the governance of this specialized collection activity. The review will cover the evolution of HUMINT within DND/CAF, including consideration of recent internal initiatives aimed at improving governance and guidance for HUMINT. In the fall of 2021 NSIRA staff will travel to DND/CAFโ€™s HUMINT training centre, and will conduct wide-ranging interviews of HUMINT senior leadership, trainers, and practitioners. The review will lay the foundation for a full operational review of HUMINT sources in various theatres of operation.

As a result of recent disclosures from DND/CAF through the Scoping Review of the Defence Intelligence Enterprise, NSIRA will also examine DND/CAFโ€™s Open Source Intelligence and Medical Intelligence collection activities beginning at the end of 2021. This review will assess the governance and compliance of these activities.

COVID-19 has affected timelines and scheduling significantly, resulting in delays of up to six months. While COVID presented challenges affecting timelines and impacting review work, both DND/CAF and the National Security and Intelligence Review and Oversight Coordination Secretariat were attentive to NSIRA requests, providing access to information, people and assets when required.

Global Affairs Canada

NSIRA completed its first dedicated review of a Global Affairs Canada program. The review period was January 1, 2017 to December 31, 2019, although information from outside this period was used to conduct a full assessment of specific aspects of this program. Challenges related to COVID-19 resulted in methodological adjustments such as the use of secure video-teleconferencing in place of in-person interviews for some of the employees.

While clients of the program find it both unique and valuable to the Government of Canada, the review identified several areas of improvement. NSIRA made a number of recommendations aimed at improving this program. Global Affairs Canada has agreed to โ€œpositively address all of the recommendationsโ€ and has committed to responding to NSIRA in the near future. Due to the highly sensitive nature of this review, NSIRA will not be publishing anything further at this time.

Royal Canadian Mounted Police

In 2021, NSIRA will finish a review of a specialized RCMP intelligence unit, and it will launch a review of the RCMPโ€™s National Security Programโ€™s human source activities. Going forward, NSIRA plans to increase the number of reviews involving the RCMP. For example, the agency will review how the RCMP and CSIS have responded to the threat posed by ideologically motivated violent extremism.

Immigration, Refugees and Citizenship Canada

NSIRA is currently conducting a scoping review of Immigration, Refugees and Citizenship Canada in order to delineate its national security role and responsibilities. While the department has no intelligence collection programs, Immigration, Refugees and Citizenship Canada has an intricate mandate with shared legal authorities and operational responsibilities for ensuring the integrity of the immigration system and mitigating threats to national security from abroad.

Canada Border Services Agency

NSIRA has initiated its plan to conduct in-depth reviews of the most sensitive security and intelligence activities of the Canada Border Services Agency (CBSA), as identified by NSICOP: scenario-based targeting, surveillance, confidential human sources, lookouts and joint force operations. A review of air passenger targeting is currently underway, focusing on how the CBSA uses predictive analyses, including what is termed โ€œscenario-based targeting,โ€ to identify inbound air travellers for further scrutiny in relation to national security threats. Reviews of the CBSAโ€™s use of confidential human sources and surveillance activities are slated for completion in 2022.

Cross departmental reviews

Avoiding complicity in mistreatment by Foreign Entities Act

On September 4, 2019, the Governor in Council issued written directions to the Deputy Heads of 12 departments and agencies under the new Avoiding Complicity in Mistreatment by Foreign Entities Act (Avoiding Complicity Act). The Avoiding Complicity Act and its associated directions seek to prevent the mistreatment of any individual as a result of information exchanged between a Government of Canada department and a foreign entity. At the heart of the directions is the consideration of substantial risk, and whether that risk, if present, can be mitigated or not. To do this, the Avoiding Complicity Act and the directions lay out a series of requirements that need to be met or implemented by departments when handling information. Under subsection 8(2.2) of the NSIRA Act, NSIRA is required to annually review implementation of all directions sent to departments and agencies.

While this was the inaugural annual review under the NSIRA Act, it builds on previous work in this area undertaken by NSIRA and its predecessor SIRC. NSIRAโ€™s review on the 2017 Ministerial Direction on Information Sharing with Foreign Entities is an example. NSIRA is building on this previous review and strongly supports that reviewโ€™s findings and recommendations. It was essential to ensure that both NSIRA and the departments being reviewed met their obligations under the Avoiding Complicity Act and the NSIRA Act. The approach used to gather information during a global pandemic was purposely designed for this first and unique review period. The full 2019 review of the Avoiding Complicity Act has been redacted and released on its website.

To capture a complete view on the departmental implementation, NSIRA requested information that related directly to every departmentโ€™s specific obligations under the Avoiding Complicity Act and the directions. The responses and associated information captured departmental activities related to the Avoiding Complicity Act during the review period, and what procedures, policies, tools, etc. (frameworks) were leveraged to support these activities. No case studies were undertaken for this review. However, the information gathered has helped establish a baseline for overarching issues the community is facing. Building on this, future reviews will begin to examine specific sharing framework challenges and questions, and look closely at specific cases and departmental legal opinions to guide review findings.

While NSIRA was pleased with the considerable efforts made by many departments new to the Avoiding Complicity Act in building up their supporting frameworks, it was clear during this review that departments were employing very different approaches to guide their information handling activities. The responses received demonstrate various inconsistencies across the departments. Having a consistent and coordinated approach when addressing the concerns related the Avoiding Complicity Act is not a requirement for implementation, however, NSIRA believes that there is value in such an approach.

Additionally, as the directives received under the Avoiding Complicity Act do not describe the specific means by which departments โ€˜implementโ€™ them, it is incumbent on the departments and agencies to ensure that they have sufficiently robust frameworks and programs in place to fully support an assertion of implementation. Therefore, the information gathered during this review went beyond a strict assessment of implementation, and also considered the aspects required to better support this implementation. Going forward, this approach will help establish the foundation for subsequent reviews. Drawing on the findings and concerns identified here, NSIRA will continue to consider aspects that will ultimately improve underlying frameworks, thereby supporting an improved implementation of the Avoiding Complicity Act across the community.

Disclosure of information under the Security of Canada Information Disclosure Act

Enacted in 2019, the purpose of the Security of Canada Information Disclosure Act (SCIDA) is to encourage and facilitate the disclosure of information between Government of Canada institutions in order to protect Canada against activities that undermine the security of Canada. NSIRA has a statutory requirement to conduct an annual review of disclosures made under the SCIDA.

In 2020, NSIRA completed the 2019 Annual Report on the Disclosure of Information under the Security of Canada Information Disclosure Act. The report covers the period from when SCIDA came into force on June 21, 2019 to December 31 of that year. During the reporting period, federal institutions made 114 disclosures of information under SCIDA. The report notes that institutions made good progress in institutionalizing this new legislation. The report provides historical and contextual information on SCIDA and how it fits alongside other legal mechanisms for the sharing of information. The report also includes anonymized scenario examples of SCIDA disclosures, and criteria for future assessment. NSIRA intends to work closely with the OPC for future iterations of this report. Outcomes of NSIRAโ€™s subsequent review of disclosures under SCIDA will be discussed in the 2020 report on the disclosure of information under this SCIDA.

Biometrics

NSIRA has advanced its commitment made last year to map the collection and use of biometrics across the government in relation to its security and intelligence activities. A horizontal review of biometrics in the border continuum is currently underway, focusing on activities conducted by the CBSA, Immigration, Refugees and Citizenship Canada and Transport Canada. The activities under review include the issuance and verification of travel documents โ€” with an emphasis on air travel โ€” and the screening of foreign nationals seeking admission to Canada. A subsequent review will examine the use of biometrics in security intelligence and national security related policing activities.

Conclusion

Given the ongoing pandemic and lessons emerging from current reviews, in some instances NSIRA have modified the plan put forward in NSIRAโ€™s 2019 Annual Report. Its work on economic security, for example, benefited from a scoping exercise involving several departments to help it better understand the authorities in this area, and to help it determine whether to pursue further work on this issue. Similarly, following a scoping exercise, a decision on whether to review public health intelligence awaited considerations of the conclusions of an independent report commissioned by the Minister of Health in this area that has now been released.

Over the next year, NSIRA will continue to engage with departments and agencies through focused reviews. Some of these will be organized around broad horizontal themes that may include multiple departments, requiring a coordinated approach. NSIRA is committed to working collaboratively with departments, particularly on the establishment of an access regime that supports independent verification and accountability.

Complaints investigations

3.1 2020 challenges

The pandemic has had an adverse impact on the timely conduct of NSIRAโ€™s investigations. As of March 2020, inevitable delays resulted from the provincial stay- at-home orders and public health guidelines that were issued. Just as NSIRA was affected by limited access to classified documents as a result, so too were the for federal government parties to investigations that are obliged to provide information to NSIRA. Consequently, in several ongoing matters, NSIRA granted adjournments and extensions of deadlines for procedural steps, including the filing of submissions and evidentiary material. While this was regrettable, NSIRA adapted to the challenging circumstances of the pandemic as best as possible and advanced investigative procedures in an innovative manner whenever possible, such as conducting some proceedings in writing and holding case management conferences and meetings virtually.

Despite the procedural setbacks in 2020, NSIRA was able to complete one complaint investigation and issue a final report. NSIRA also issued formal decisions to close three other files. In addition, it succeeded in completing a complex process reform initiative that will see the modernization and streamlining of the investigative process.

3.2 Complaints investigation process: Reform and next steps

While the pandemic affected complaints investigations, NSIRA made considerable progress on reforming the processes governing such investigations. In the course of the year, NSIRA undertook a process reform initiative to modernize the complaints investigation model to meet its goal of ensuring efficiency and transparency. Two priorities guided the modernization of the process, namely, access to justice for self-represented complainants and the creation of streamlined and less formal procedural steps.

NSIRA created new Rules of Procedures to reflect this new model and completed an extensive consultation exercise with stakeholders in the public and private sectors to achieve the most effective and considered final product. These new Rules of Procedure have been in effect since July 2021.

NSIRA also implemented a new policy statement that provides a commitment to the public to increase transparency in its investigations by publishing redacted and de- personalized complaints investigation reports.

In the year ahead, NSIRA will update its website to include improved procedural guidance to inform members of the public on how to make complaints and navigate the investigative process. Part of the update to NSIRAโ€™s website will involve implementing a secure portal for the online filing of complaints and for protected communications to assist in effectively managing NSIRAโ€™s complaints case load.

In the future, NSIRA also plans on conducting a trend analysis for complaints, which will involve a broad initiative to appropriately collect race-based and other demographic information. The objectives of this initiative are to improve access to justice by improving awareness and understanding of the investigation process. The overall aim is to document the different groups among civilian complainants and identify the frequency of complaints that include allegations of racial or other forms of bias, and to determine whether there are disparities; whether there are differences with respect to the types of complaints made against national security and intelligence organizations based on different groups; whether complaints investigation outcomes vary by group; and whether civilian satisfaction with NSIRAโ€™s investigation process varies by group.

NSIRAโ€™s investigation case load: The year ahead

On concluding efforts to case manage NSIRAโ€™s ongoing investigations in the context of the challenges presented by the pandemic in 2020, NSIRA will look ahead to the coming year with a reformed investigation process that will assist in implementing modern and fair procedures to advance these cases, complemented by an improved website that will promote access and transparency in the investigations process.

NSIRA will also see a substantial increase in its caseload in 2021 as a result of close to 60 new investigations added to its existing inventory. These complaints were referred to NSIRA in April 2021 by the Canadian Human Rights Commission pursuant to subsection 45(2) of the Canadian Human Rights Act. This high-volume caseload will significantly challenge NSIRAโ€™s case management. NSIRA will be implementing procedural efficiencies as much as possible while meeting procedural fairness requirements.

3.3 2020 complaints

Summary of final report

Allegations against CSISโ€™s role in cancellation/denial of site access clearance

Background

The Complainant filed a complaint against CSIS requesting an investigation of CSISโ€™s role or involvement in the cancellation and/or denial of site access screening requests for employment with a private company at a government building.

Allegation

The Complainant alleged CSIS improperly used information collected and made an improper inference of a security threat which led to the denial of a site access clearance.

Investigation

NSIRA considered the evidence given by summoned witnesses, the documentation submitted by the parties as well as other relevant material made available during the course of the investigation of the complaint, including classified documents disclosed to NSIRA by CSIS. NSIRA also heard evidence provided by the Complainant.

Sections 13 and 15 of the CSIS Act give CSIS the authority to provide security assessments to departments of the Government of Canada and to conduct investigations as required. CSIS receives applications from government departments for persons seeking a security clearance or site access clearance and their role is defined in section 2 of the CSIS Act. CSIS presented evidence on the steps that are followed in CSISโ€™s process, the Treasury Board Secretariatโ€™s Standard on Security Screening, and the fact that the client department decides whether to grant a clearance. As such, CSIS only provides background information and an assessment from a national security perspective so that government departments have the information it needs to make an informed decision.

NSIRA also heard evidence from CSIS with respect to some information shared with the client department that requested the site access clearance and how it pertained to both reliability and loyalty. CSIS acknowledged that some information shared with the client department took place in an informal setting and that it should not have occurred in such way. It was noted that after open source information was shared, the client department cancelled its request and CSIS closed its file.

The Complainant expressed a belief that CSIS was responsible for denying his application for a site access clearance.

NSIRA acknowledged the Complainantโ€™s perception that CSIS denied his request for a site access clearance, but the evidence demonstrated that CSIS did not make the decision. The decision was made by the government department and CSIS had no further involvement in the matter.

Findings

NSIRA found that:

  • CSIS did not improperly use the open source information that was shared;
  • CSIS acknowledges that the sharing of information would not have been approved by management; and
  • CSIS did not deny the Complainantโ€™s request for a site access clearance, but rather it was the government department that made the decision to cancel the request.

Conclusion

NSIRA determined that the complaint is unsupported.

Summaries of complaints deemed abandoned

Allegations against CSIS for sharing information with foreign authorities and impact on border crossing

The Complainant filed a complaint against CSIS about the sharing of information with foreign authorities that led to having difficulty with border crossings. NSIRA commenced its investigation and had an informal case management conference with the parties for the purposes of resolving the complaint. As a result of this resolution meeting, the Complainant undertook to take steps to resolve any ongoing issues. NSIRA attempted to communicate with the Complainant on several occasions to determine whether the ongoing issues were resolved. NSIRA determined that reasonable attempts had been made to communicate with the Complainant and issued reasons deeming the complaint abandoned as per NSIRAโ€™s Rules of Procedure. The complaint investigation file was closed.

Allegations against CSISโ€™s role in delaying security assessment regarding a permanent residency application

The Complainant filed a complaint against CSIS alleging that it caused a significant delay in submitting the security assessment for a permanent residency application. During the investigation, NSIRA attempted to communicate with the Complainant on several occasions regarding the possibility of engaging in informal resolution discussions with CSIS. NSIRA determined that reasonable attempts had been made to communicate with the Complainant and issued reasons deeming that the complaint had been abandoned as per NSIRAโ€™s Rules of Procedure. The complaint investigation file was closed.

Allegations against the RCMP for improper conduct during arrest

This complaint was referred to NSIRA by the Civilian Review and Complaints Commission for the RCMP, pursuant to subsection 45.53(4.1) of the RCMP Act. The complaint alleged that members of the Royal Canadian Mounted Police (RCMP) failed to inform the Complainant of the Complainantโ€™s rights and obligations during an interaction that occurred the day before an arrest for a terrorism hoax and public mischief, use of excessive force and other allegations. During the course of launching its investigation, NSIRA attempted to establish contact with the Complainant on several occasions. NSIRA found that reasonable attempts had been made to communicate with the Complainant and had exhausted all options. Accordingly, NSIRA issued reasons deeming the complaint had been abandoned as per NSIRAโ€™s Rules of Procedure. The complaint investigation file was closed.

Conclusion

In 2020, NSIRAโ€™s teams worked under exigent conditions and yet were able to outperform. NSIRA is grateful to them for having conducted the reviews in an efficient manner. As mentioned in this annual report, NSIRA have ambitious plans for ongoing and future work, all while continuing to grow its own capacity and to strengthen its relationships with the departments and agencies under its review. In 2020, NSIRAโ€™s staff complement grew from 30 to 58 individuals, its CSE Review Team began operations in offices on site at CSE, and NSIRA neared completion of a new facility for staff, all while carefully and responsibly adapting to the challenges of the pandemic.

In the spirit of coordinating and complementing other review and oversight entities, NSIRA continued to strengthen its relationships with various counterparts, including the Five Eyes Intelligence Oversight and Review Council, the National Security and Intelligence Committee of Parliamentarians, and the Office of the Privacy Commissioner of Canada. NSIRA also remains dedicated to robust and mutually- beneficial engagement with non-governmental stakeholders. NSIRA hopes both to raise awareness of its mandate amongst various communities โ€” including students โ€” as well as to receive input to help us further its work and refine its agenda. NSIRA strongly encourages feedback and input and hopes you found this report useful and helpful. No matter your background, please reach out to us and share your thoughts about this report, as well as NSIRAโ€™s review and complaints work.

NSIRA is very grateful for the perseverance, diligence, and passion of its staff for continuing to produce meaningful work and achieve important results despite the challenges of the pandemic in 2020. As NSIRA grows as an organization, including in staff numbers, it looks forward to continuing to promote accountability in the Canadian security and intelligence community.

Share this page
Date Modified:

Review of CSIS threat reduction activities

Review Backgrounder

On February 15, 2021, the National Security and Intelligence Review Agency (NSIRA) presented the Minister of Public Safety and Emergency Preparedness with a classified report on its review of CSIS threat reduction activities. This was NSIRAโ€™s first review of CSISโ€™s threat reduction mandate. The report contains a detailed compliance review of a sample of TRMs from 2019.

NSIRAโ€™s review found that all of the measures reviewed met the obligations under Ministerial Direction. For the most part, the measures taken by CSIS also satisfied the requirements of the CSIS Act. NSIRA also noted, however, that in a limited number of cases, CSIS selected individuals for inclusion in the TRM without a rational link between the selection of the individual and the threat. As a result, these measures were not โ€œreasonable and proportionalโ€ as required under the CSIS Act.

For one type of TRM reviewed, NSIRA is of the view that more consideration needs to be given to the way in which CSIS engages third parties. This would require CSIS to consider fully the Canadian Charter of Rights and Freedoms (Charter) implications of its measures, and could require CSIS to obtain warrants before taking certain measures.

As 2020 marked five years since CSIS obtained threat reductions powers as part of the Anti-terrorism Act, 2015, NSIRA conducted high-level analysis of all TRM activities over the past five years to identify trends and to inform NSIRAโ€™s choice of future review topics. Overall, NSIRA noted that while CSISโ€™s use of TRM powers has not been extensive, CSIS has been applying TRM powers to the full spectrum of national security threats mandated under the CSIS Act.

Publishing this summary aligns with NSIRAโ€™s efforts at increasing transparency and being more accessible to Canadians through its work. Going forward, NSIRA will continue to examine CSISโ€™s threat reduction activities annually as required by section 8(2) of the NSIRA Act.

Table of Contents

Date of Publishing:

Share this page
Date Modified:

Quarterly Report: For the quarter ended September 30th, 2021

Date of Publishing:

Introduction

This quarterly report has been prepared by management as required by section 65.1 of the Financial Administration Act and in the form and manner prescribed by the Directive on Accounting Standards, GC 4400 Departmental Quarterly Financial Report. This quarterly financial report should be read in conjunction with the 2021-22 Main Estimates.

This quarterly report has not been subject to an external audit or review. 

Mandate

The National Security and Intelligence Review Agency (NSIRA) is an independent external review body, which reports to Parliament. Established in July 2019, NSIRA is responsible for conducting reviews of the Government of Canadaโ€™s national security and intelligence activities to ensure that they are lawful, reasonable and necessary. NSIRA also hears public complaints regarding key national security agencies and their activities.

A summary description of the program activities of NSIRA can be found in Part II of the Main Estimates. For more information on NSIRAโ€™s mandate, please visit its website at https://nsira-ossnr.gc.ca.

Basis of presentation

This quarterly report has been prepared by management using an expenditure basis of accounting. The accompanying Statement of Authorities includes the departmentโ€™s spending authorities granted by Parliament and those used by the department, consistent with the 2021-22 Main Estimates. This quarterly report has been prepared using a special purpose financial reporting framework (cash basis) designed to meet financial information needs with respect to the use of spending authorities.

The authority of Parliament is required before money can be spent by the government. Approvals are given in the form of annually approved limits through appropriation acts or through legislation in the form of statutory spending authorities for specific purposes.

Highlights of the fiscal quarter and fiscal year-to-date results

This section highlights the significant items that contributed to the net increase or decrease in authorities available for the year and actual expenditures for the quarter ended September 30, 2021.

NSIRA spent approximately 21% of its authorities by the end of the second quarter, compared with 20% in the same quarter of 2020-21 (see graph 1, below).

Graph 1: Comparison of total authorities and total net budgetary expenditures, Q2 2021โ€“22 and Q2 2020โ€“21

Graph: Comparison of total authorities and total net budgetary expenditures - Text version follows
Comparison of total authorities and total net budgetary expenditures, Q2 2021โ€“22 and Q2 2020โ€“21
  2021-22 2020-21
Total Authorities $31.3 $20.5
Q2 Expenditures $3.7 $2.7
Year-to-Date Expenditures $6.5 $4.0

Significant changes to authorities

As at September 30, 2021, Parliament had approved $31.3 million in total authorities for use by NSIRA 2021-22 compared with $20.4 million as of September 30, 2020, for a net increase of $10.9 million or 53.4% (see graph 2, below).

Graph 2: Variance in authorities as at September 30, 2021

Graph: Variance in authorities as at September 30, 2021 - Text version follows
Variance in authorities as at September 30, 2021 (in millions)
  Fiscal year 2020-21 total available for use for the year ended March 31, 2021 Fiscal year 2021-22 total available for use for the year ended March 31, 2022
Vote 1 – Operating $19.2 $29.6
Statutory $1.2 $1.7
Total budgetary authorities $20.4 $31.3

The increase of $10.9 million in authorities is mostly explained by the ramp-up of approved funding for the mandate of NSIRA and the approval of a funding reprofile into fiscal year 2021-22 for accommodation and infrastructure projects. 

Significant changes to quarter expenditures

The second quarter expenditures totalled $3.7 million for an increase of $1.0 million when compared with $2.7 million spent during the same period in 2020- 21. Table 1 below presents budgetary expenditures by standard object.

Table 1

Variances in expenditures by standard object(in thousands of dollars) Fiscal year 2021-22: expended during the quarter ended September 30, 2021 Fiscal year 2020-21: expended during the quarter ended September 30, 2020 Variance $ Variance %
Personnel 2,441 2,229 212 10%
Transportation and communications 24 12 12 100%
Information 15 (9) 24 (267%)
Professional and special services 840 275 565 205%
Rentals 17 64 (47) (73%)
Repair and maintenance 205 4 201 100%
Utilities, materials and supplies 9 (3) 12 (400%)
Acquisition of machinery and equipment 158 43 115 100%
Other subsidies and payment 28 42 (14) 100%
Total gross budgetary expenditures 3,737 2,658 1,079 41%

Personnel

The increase of $0.2 million relates to additional staffing to support NSIRAโ€™s departmental mandate. 

Professional and special services

The increase of $0.6 million is mainly due to an agreement for ongoing information technology (IT) support services with a partnering federal organization.

Repair and maintenance

The increase of $0.2 million is explained by office accommodation fit-up costs. 

Acquisition of machinery and equipment

The increase of $0.1 million is mainly explained by the acquisitions of informatics hardware.  

Risks and uncertainties

The COVID-19 pandemic had a significant impact on NSIRAโ€™s ability to grow the organization in a way as would be expected under its new mandate. The physical distancing requirements decreased the ability of staff to concurrently work with departments and agencies subject to reviews.

The ability to hire a sufficient number of qualified personnel within relevant timelines remains a short- and medium-term risk for NSIRA, particularly given the specialized knowledge and skillset that many positions require. This is further compounded by the requirement for candidates to obtain a Top Secret security clearance, which can incur significant delays, especially during the pandemic.

While NSIRA has been able to secure temporary space to address its immediate space requirements, the pandemic caused significant delays for the fit-up of this space. NSIRA is working closely with Public Services and Procurement Canada and Shared Services Canada to expedite the office expansion plans.

The ability of NSIRA to access the information it needs to do its work and speak to the relevant stakeholders to understand policies, operations and ongoing issues is closely tied to the capacity of the reviewed departments and agencies to respond to the demands of NSIRA. The pandemic impacts including the ability to conduct classified work in the workplace combined with existing resource constraints of the reviewed departments and agencies continue to delay the conduct of reviews.

NSIRA is closely monitoring pay transactions to identify and address over and under payments in a timely manner and continues to apply ongoing mitigating controls.

Mitigation measures for the risks outlined above have been identified and are factored into NSIRAโ€™s approach to the execution of its mandate.  

Significant changes in relation to operations, personnel and programs

The pandemic forced changes in the way NSIRA conducts operations. The requirement for physical distancing and the existing challenge with respect to the high security zone accommodation has led NSIRA to authorize staff to work with non-sensitive files from home.

In late March 2021, NSIRA was a victim of a cyber attack on its public network. The attack did not affect its classified networks. That attack led NSIRA to change its IT operating model; since then, NSIRA has been using the Privy Council Office IT infrastructure to conduct activities that are unclassified and up to protected B activities.

The Honourable Marie Deschamps, C.C., currently a member of the National Security and Intelligence Review Agency (NSIRA), became the chair of the NSIRA, effective August 11, 2021.

There have been no new Governor-in-Council appointments during the second quarter.

There have been no changes to the NSIRA Program.

Approved by senior officials:

John Davies
Deputy Head

Pierre Souligny
Senior Director, Corporate Services, Chief Financial Officer

Appendix

Statement of authorities (Unaudited)

(in thousands of dollars)

  Fiscal year 2021–22 Fiscal year 2020–21
  Total available for use for the year ending March 31, 2022 (note 1) Used during the quarter ended September 30, 2021 Year to date used at quarter-end Total available for use for the year ending March 31, 2021 (note 1) Used during the quarter ended September 30, 2020 Year to date used at quarter-end
Vote 1 – Net operating expenditures 29,615 3,311 5,647 19,217 2,285 3,213
Budgetary statutory authorities
Contributions to employee benefit plans 1,705 426 852 1,237 371 742
Total budgetary authorities 31,319 3,737 6,499 20,453 2,656 3,955

Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.

Departmental budgetary expenditures by standard object (unaudited)

(in thousands of dollars)

  Fiscal year 2021–22 Fiscal year 2020–21
  Planned expenditures for the year ending March 31, 2022 (note 1) Expended during the quarter ended September 30, 2021 Year to date used at quarter-end Planned expenditures for the year ending March 31, 2021 Expended during the quarter ended September 30, 2020 Year to date used at quarter-end
Expenditures
Personnel 13,222 2,441 4,753 9,592 2,229 3,340
Transportation and communications 673 24 37 968 12 19
Information 375 15 17 303 (9) 41
Professional and special services 7,029 840 1,036 2,708 275 343
Rentals 188 17 17 197 64 64
Repair and maintenance 8,737 205 213 5,945 4 57
Utilities, materials and supplies 103 9 12 144 (3) 7
Acquisition of machinery and equipment 991 158 374 327 43 43
Other subsidies and payments 0 28 40 268 42 42
Total gross budgetary expenditures
(note 2)
31,319 3,737 6,499 20,453 2,656 3,955

Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.

Note 2: Details may not sum to totals due to rounding.

Share this page
Date Modified:

Review of the CSIS-RCMP relationship in a region of Canada through the lens of an ongoing investigation

Review Backgrounder

On February 10, 2021, the National Security and Intelligence Review Agency (NSIRA) presented the Minister of Public Safety and Emergency Preparedness with a classified report on its review of the CSIS-RCMP relationship in a region of Canada through the lens of an ongoing investigation.

NSIRAโ€™s review found that in the specific region, the agencies have developed a strong relationship that has fostered effective tactical de-confliction of operational activities. Nonetheless, technological constraints are making CSIS-RCMP de-confliction excessively burdensome and time-consuming. Furthermore, NSIRA observed a general reluctance on the part of both agencies to connect CSIS information to an RCMP investigation.

NSIRA found that the current framework guiding the CSIS-RCMP relationship sets out principals and guidelines to manage the risks of interaction and information sharing between the two agencies; however, it left fundamental issues related to the โ€œintelligence-to-evidenceโ€ problem unresolved.

On the whole, NSIRA found that CSIS and the RCMP have made little progress in addressing the threat under investigation. Moreover, CSIS and the RCMP do not have a shared vision or complementary strategy to address the threat.

Publishing this summary aligns with NSIRAโ€™s efforts at increasing transparency and being more accessible to Canadians through its work. Going forward, NSIRA will review CSIS and the RCMPโ€™s implementation of the Operational Improvement Review which set out ambitious recommendations to improve the way in which CSIS and the RCMP jointly manage threats.

Table of Contents

Date of Publishing:

Share this page
Date Modified:

Review of the Canadian Security Intelligence Serviceโ€™s (CSIS) Internal Security Branch

Review Backgrounder

On August 14, 2019, the National Security and Intelligence Review Agency (NSIRA) presented the Minister of Public Safety and Emergency Preparedness with a classified report on its review of the Canadian Security Intelligence Serviceโ€™s (CSIS) Internal Security Branch. This review is a follow-up to the 2013 study conducted by NSIRAโ€™s predecessor, the Security Intelligence Review Committee (SIRC) of CSISโ€™s Internal Security (IS) Branch. SIRC found a number of serious shortcomings related to CSISโ€™s handling of sensitive case files, access lists and their practices and management of internal investigations.

NSIRAโ€™s latest review found that while significant improvements have been made with respect to internal security at CSIS since the 2013 review (The โ€œInsider Threatโ€ and Its Effect on Information Management โ€” Section 54 Report (TOP SECRET) (PDF of Review) (SIRC 2013-06)), further improvements to internal security policies could strengthen the consistency of decision-making on personnel security files and investigations. It could also improve the procedural fairness of these processes writ large.

NSIRAโ€™s review also examined the use of the polygraph, and sought justification for its use and the extent to which such determinations are reasonable and necessary. Several key observations were derived from this analysis. It also raised a much broader consideration: namely, the extent to which the governmentโ€™s overarching policy document, the Standard on Security Screening, provides adequate guidance for departments and agencies when they implement this safeguarding measure.

Going forward, NSIRA will continue to examine the Governmentโ€™s use of the polygraph as a security screening tool.

Table of Contents

Date of Publishing:

Share this page
Date Modified:

Review of the Canadian Security Intelligence Serviceโ€™s (CSIS) use of Geolocation information

Review Backgrounder

On August 23rd, 2019, the National Security and Intelligence Review Agency (NSIRA) presented the Minister of Public Safety and Emergency Preparedness with a classified report on its review of CSISโ€™s use of geolocation information.

In this review, NSIRA found that CSISโ€™s use of this geolocation data without a warrant risked breaching section 8 of the Canadian Charter of Rights and Freedoms (Charter), which protects against unreasonable search and seizure. On March 16, 2020, NSIRA submitted a report under section 35 of the NSIRA Act, to the Minister of Public Safety regarding the possible unlawful activity.

This review raised pressing questions regarding the use of publically available data, but that nevertheless engages a personโ€™s reasonable expectation of privacy. NSIRAโ€™s review examined the decision-making process that led CSIS to use this data without a warrant, and found that CSIS lacked the policies or procedures to ensure that, prior to using the data, CSIS sought legal advice to avoid its unlawful use.

The review was also an opportunity to note more broadly that, in this environment, ongoing legal support to CSISโ€™s data exploitation activities is essential in allowing CSIS to operate at an acceptable level of risk. It also noted that CSIS and the Department of Justice are expected to demonstrate institutional leadership in this regard.

Going forward, NSIRA will prioritize the scrutiny of CSISโ€™s use of technology, particularly new or emerging technologies that pose the greatest risks.

Date of Publishing:

1. Authorities

This review began under the authority of the Security Intelligence Review Committee (SIRC) articulated in subsection 38(1 ) of the Canadian Security Intelligence Serviceโ€™s (CSIS Act), which provided SIRC the mandate to review CSIS’s operations in the performance of its duties and functions.

During the course of the review. Bill C-59 -An Act Respecting National Security Matters received Royal Assent on June 21, 2019. Part 1 of Bill C-59 enacted the National Security and Intelligence Review Agency Act (NSIRA Act), which came into force by order of the Governor in Council on July 12, 2019. The NSIRA Act repeals the provisions of the CSIS Act that established and governed SIRC and establishes in its place the National Security and Intelligence Review Agency (NSIRA). The NSIRA Act sets out the composition, mandate and powers of NSIRA and amends the CSIS Act, and other Acts, in order to transfer certain powers, duties and functions to NSIRA.

This review continued under the authority described in subsections 8(1 )(a) and 8(3) of the NSIRA Act to review any activity carried out by CSIS and to make any finding and recommendation that NSIRA considers appropriate.

2. Introduction

In its review function, NSIRA expects CSIS’s activities to be lawful and comply with ministerial direction. This review focused on CSIS’ s non-warranted collection of geolocation information and is part of NSIRAโ€™s ongoing interest in CSIS’s collection and exploitation of both warranted and unwarranted data. Past reviews have assessed CSISโ€™s warranted collection and retention of metadata and CSIS’s unwarranted collection and exploitation of bulk personal datasets. This is NSIRAโ€™s first dedicated look at CSISโ€™s collection of geolocation data.

The review takes place in the context of Federal Court decisions, most particularly the IMSI decision of September 27. 2017, that impact on CSISโ€™s collection, use and retention of data, including geolocation data. The IMSI decision found that, though CSISโ€™s authority under section 12 does authorize it to obtain geolocation information for which there is a low expectation of privacy, anything beyond that, such as geolocating an individual, would require a warrant.

It is worth noting that the scope of the review was broader at the outset and was intended to include a more comprehensive examination of the collection of different types of geolocation information, both warranted and unwarranted. Although the scope was reduced in the course of the review, NSIRA will be mindful of this for future reviews.

3. Objectives

The objective of this review is to assess whether CSISโ€™s collection of unwarranted geolocation information used by CSIS in support of its operations is compliant with applicable sources of law, including the Canadian Charter of Rights and Freedoms (Charter) and the CSIS Act, as well as ministerial direction and operational policy. A related objective is to determine whether CSIS has sufficient safeguards in the form of formal procedures and policies to ensure that it is able to comply with its legal obligations amid a period of rapid change in technology and a correspondingly fluid legal environment.

4. Scope and Methodology

The scope and direction of the review was identified through a preliminary investigation of available documentation and a briefing with the โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ Further, NSIRA requested that CSIS identify all activities undertaken by the โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ that may result in geographic information collected against non-warranted targets within the review period. This information was used as a foundation to
request specific documents from CSIS.

NSIRA examined all documents provided by CSIS and sought, retrieved and reviewed documents through CSISโ€™s various computer and email systems to ensure a clear record of activity. Documents reviewed included: โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ taskings from the regions, responses to these taskings, briefing notes, planning documents, legal assessments and internal correspondence.

To conduct a compliance assessment of CSIS’ s use of geolocation information, NSIRA chose to conduct an in-depth case study of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ geolocation information. NSIRA reviewed all instances when โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ was used by CSIS during the period under review. As this review consists of a single case study. NSIRA is mindful of generalizing the findings and conclusions to other types of geolocation data.

The core review period for this study was from January 1, 2017 to June 30, 2018, although NSIRA examined documentation that fell outside this period in order to provide a complete assessment of relevant issues.

5. Criteria

NSIRA expects CSIS to conduct its activities in accordance with relevant sources of law. including the CSIS Act. the Charter. the Privacy Act. and case law. NSIRA also expects CSIS to conduct its activities in accordance with ministerial direction. Most relevant in this review given the subject matter was an analysis of the Charter, which, in section 8, provides everyone with the right to be secure against unreasonable search and seizure.
In this case, at issue was whether the use of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ to collect information about an individual’s location information constitutes a search for the purposes of section 8 such that a warrant would be required.

Policies and Procedures

NSIRA’s expectation was that there would be policies and procedures in place to guide the collection, use and retention of data from โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ despite its uniqueness, and that those policies and procedures would support compliance with CSIS’s legal obligations, including the Charter, as well as its obligations stemming from ministerial direction.

For reference, the relevant policies that pertain to the collection of information โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ

  • โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ In principle, this allows collection of this nature on a very broad cross-section of individuals;
  • The collection of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ policies, including the DDO Memorandum of 2015 that request the establishment of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ as the National Policy Centre for โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ. Additionally there is the procedure on โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ that allows โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ to conduct โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ defined as a non-warranted collection tool or technique, against a โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ.

6. Background

The Investigative Technique – โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ

โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ from users across the world.

โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ contains three months of data. The information is not available in real-time; however, there is a delay of only 24-48 hours between the collection of the โ–ˆโ–ˆโ–ˆโ–ˆ and it becoming available in โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ.

โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ

See Annex A for an example of the use of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ against a CSIS target.

A chronology of CSIS’s use of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ

a. From introduction to the beginning of the pilot: July 2015 – January 2018

โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ

โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ echoed those same governance-related issues; specifically, it questioned whether there were legal issues associated with โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ that needed to be addressed prior to the trial period. โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ asked for “the rules of engagement so that we can plan accordingly and get the most of this evaluation.”โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ further noted that, although the data seemed “wonderfulโ€ฆ.there must be some legal/governance rules that apply to this when in the hands of a government agency. These questions were raised in an email to both โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ and the โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ

โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ Nevertheless, by September 2017 โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ was anticipating an evaluation of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ that would involve using โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ for a trial period of two months with a limited โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ.

โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆconvened a meeting in October with โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ The objective of the meeting was to prepare for a โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ evaluation and, for that purpose, โ€œto make decisions on a few details to ensure compliance with
legal and policy.

The questions to be covered in the agenda were:

  • 1 ) Does existing โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ policy cover the use of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ or does the policy need to be adapted?
  • 2) Is the information contained in โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ subject to a reasonable expectation of privacy?
  • 3) Is there anything else that needs to be considered before CSIS can use โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ? For example, additional โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ procedures or tests?

According to a written summary of discussions circulated by โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ following the meeting, it was agreed that โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ would be compliant with collection under the โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ which allows โ–ˆโ–ˆโ–ˆโ–ˆ to “research and use open informationโ€ in support of investigations, it was further decided that the use of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ would align with โ–ˆโ–ˆโ–ˆโ–ˆ policies as it would constitute threat related queries โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ and would be used only with the โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ authorities in place. Finally, it was assessed that the โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ data invested would meet the โ€œstrictly necessaryโ€ threshold for collection and retention as set out in the CSIS Act as it would be based on a specific threat.

โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ

Following the meeting, approval was granted for the trial use of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ by Deputy Chief โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ. Documentation of the approval consists of an email from the Deputy Chief to โ–ˆโ–ˆโ–ˆ and โ–ˆโ–ˆโ–ˆ with the understanding that, โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ.

b. CSIS’s trial period – March 2018 – July 2018

CSIS began its pilot of โ–ˆโ–ˆโ–ˆโ–ˆ on January 14. 2018. It was initially to be for two months; but because of technical issues at the beginning that delayed its full use, and due to โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ

During that time, โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ was tasked a total of approximately โ–ˆโ–ˆโ–ˆโ–ˆ times, resulting in โ–ˆโ–ˆโ–ˆโ–ˆ operational messages. As noted, efforts were made by โ–ˆโ–ˆโ–ˆ to ensure that its use of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ was compliant with CSIS’s โ–ˆโ–ˆโ–ˆโ–ˆ policies on collection โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ as well as the CSIS Act provision that collection and retention be done only to the extent that is “strictly necessary.”

โ–ˆโ–ˆโ–ˆโ–ˆ completed its evaluation of โ–ˆโ–ˆโ–ˆโ–ˆ by the end of April 2018. โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ.

The first version of a briefing note to gain approval for the โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ was drafted jointly by โ–ˆโ–ˆโ–ˆโ–ˆ and โ–ˆโ–ˆโ–ˆ in April 2018. The briefing note stated that the pilot for โ–ˆโ–ˆโ–ˆโ–ˆ was “conducted operational policies.” The briefing note also โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ one was a restricted amount of information that would meet the strictly necessary threshold; and the other was a situation in which โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ in which case it would be โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ.

A subsequent version of the briefing note was prepared, also jointly by โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ. This one was dated May 15, 2018 and was sent to the Director General of โ–ˆโ–ˆโ–ˆโ–ˆ. In contrast to the first version of the briefing note, this one was the dual purpose of obtaining a legal opinion and โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ. This version was ultimately sent to the DG โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ and also included that โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ had been assessed as compliant with โ–ˆโ–ˆโ–ˆโ–ˆ authorities, following discussion with CSIS’s External Review and Compliance (ERC). โ–ˆโ–ˆโ–ˆโ–ˆ as well as informally with a representatives of the DLS. The briefing note stated that โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ fall within existing authorities and directives” and, further that “although โ–ˆโ–ˆโ–ˆโ–ˆ has assessed that โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ a formal legal opinion has not yet been conducted and suggest this briefing note be used as a mechanism to obtain one.”

NSIRA inquired as to the substance of the ERC and DLS discussion, as well as documentation of those meetings. NSIRA was advised that the ERC compliance officer embedded within โ–ˆโ–ˆโ–ˆโ–ˆ was aware of โ–ˆโ–ˆโ–ˆโ–ˆ which was presented at a town hall, but that it was not discussed with her beyond that. NSIRA asked for documentation to substantiate the DLS discussions but non was provided.

c. Legal advice: July 2018 – February 2019

Following the May briefing note, on July 20th, the DG โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ

By July 31, preliminary legal advice was received:

โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ

A formal legal opinion was provided on December 7, 2018, that called into question CSIS’s use of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ without a warrant except in very narrow circumstances, โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ.

A further legal opinion was requested by CSIS to determine whether โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ. The resulting legal opinion, dated February 19 2019, โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ. Accordingly, section 8 of the CHarter would not be engaed in this narrow circumstance.

based in part on the February 2019 legal opinion, CSIS subsequently took the decision to โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ. It is NSIRA’s understanding that, presently, โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ being used only in very specific circumstances and according to the guidelines set out in the legal opinions.

7. Findings

Finding no. 1 Compliance with the CSIS Act and the Charter NSIRA finds that there was a risk that CSIS breached section 8 of the Charter during the trial period in which it used โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ without a warrant.

DLS was asked to provide a legal opinion to CSIS on this investigative technique; in particular, to address the question of the “legal risk of using โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ (i) with respect to Canadians or persons in Canada; and (ii) human sources and employees, with their informed consent”. CSIS was advised in a Legal Memorandum dated December 7,2018 that:

โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ

NSIRA’s own review of the file, which is meant to provide the Committee with independent legal advice, supports DLS’s opinion in that regard. In particular, NSIRA believes that the use of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ. NSIRA observes that it is very unlikely that a court would find that section 12 of CSIS Act was sufficient legal authority to render warrantless use of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ reasonable” for the purposes of section 8 of the Charter. Accordingly, CSIS would be required to obtain a warrant pursuant to section 21 of the CSIS Act for such searches. Of note, NSIRA’s legal analysis was based on the same set of facts as DLS used for its opinion.

In reaching this conclusion. NSIRA interprets section 12 of the CSIS Act as only providing authority for collection activities of minimal intrusiveness. In that regard, NSIRA concurs with the DLS opinion that, โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ

At the time of writing, CSIS is pursuing options for how โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ may be used under the authority of a warrant in the future.

NSIRA recommends that CSIS review its use of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ to date and make a determination as to which of the operational reports generated through the use of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ were in breach of section 8 of the Charter. These operational reports and/or any documents related to those results should be purged from its systems.

Findings no. 2 Governance related to piloting โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ

NSIRA finds that there was no policy centre clearly responsible for the use of the data contained in โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ.

NSIRA asked about the policies and procedures that guided the decision to authorize the trial period, as well as which unit within the โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ branch would have been responsible for assessing and authorizing the use of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ As described above, the record suggests there were three discrete units involved in the โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ for the trial period.

โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ was involved in the โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ As the policy centre with respect to the โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ the role and mandate of โ–ˆโ–ˆโ–ˆโ–ˆ is to coordinate, manage and โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ. In this capacity, โ–ˆโ–ˆโ–ˆโ–ˆ would have been responsible for assessing โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ for privacy impacts, among other things, had โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ been assessed as a โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ. However, โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ was not โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ but rather, as โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ. Therefore, โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ did not officially assess โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ. That said, the briefing note of May 15 2018, clearly indicates that โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ assessed that the use of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ fall within existing authorities and directives.” Given the lack of a formal record, NSIRA was unable to assess the content of, or the rationale for, this assessment.

โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ is the unit responsible for providing operational support for โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ intelligence through the use of covert โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ and it was to โ–ˆโ–ˆโ–ˆโ–ˆ that the first demonstration of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ was given, โ–ˆโ–ˆโ–ˆ authorities were eventually identified as those under which โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ would operate. However โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ was not the primary user of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ. Neither did it participate in the formal evaluation of the data contained in โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ.

Responsibility for developing a means of formally evaluating โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ fell to the โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ given its expertise in geolocation information. However, โ–ˆโ–ˆโ–ˆโ–ˆ does not generally collect data, but is merely the user of data provided to it. As such, โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ thorough preliminary evaluation to determine whether there were legal or other issues that needed to be addressed, even at the pilot stage. Nevertheless, โ–ˆโ–ˆโ–ˆโ–ˆ prepared, on its own initiative, a formal document to guide its evaluation of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ during the trial period. NSIRA also notes that โ–ˆโ–ˆโ–ˆโ–ˆ followed existing policy in using โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ only in instances when a valid targeting authority was in place.

NSIRA was not provided any formal documentation on the decision to authorize the pilot period. The record of decision to pilot โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ consisted of an email, which contained the following:

I donโ€™t see any reason not to start an evaluation – โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ In addition, โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ are not provided until after we can determine that they are โ€œstrictly necessaryโ€ and of relevance to the investigation -just until we find something of relevance.

Ultimately, NSIRA was unable to identify which of the three policy areas within โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ should have had, according to existing policies and procedures, responsibility for the assessment of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ.

Finding no. 3 Record of decision

NSIRA finds that the record of approval to pilot โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ consisted of an email and that this email was not โ€œput-awayโ€ as part of the official record, as it should have been.

As noted, the closest thing to a record of decision to pilot โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ was an email from a Deputy Chief of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ the full text of which is cited above.

NSIRA notes that this email was not โ€œput-awayโ€ as is should have been given that it represents, de facto, the approval for acquiring โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ for the purposes of evaluation and is required for robust records management and for accountability purposes. Instead, it was saved on a โ€œpersonal” drive and only produced as part of the review process.

Findings no. 4-5 Assessment of risk in the case of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ

NSIRA finds that there are no developed policies or procedures around the assessment and handling of new and emerging collection technologies, such that a formal evaluation of the legal risks of using โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ would have been required.

NSIRA finds that CSIS overlooked multiple indicators that using โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ might raise legal issues.

Ministerial Direction requires that the risk of operational activities be assessed across four pillars (operational, political, foreign policy and legal ). In particular, the Direction states that CSIS should “consider its ow n level of experience and novelty of the operational activity in assessing risk”.

NSIRA was told that there is no formal process for the evaluation of risk in cases like โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ given that it was assessed as โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ. This is consistent with NSIRA’s reading of the relevant policies, cited earlier, pertaining to โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ of which require an assessment of legal risk prior to the use of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ for collection purposes.

โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ

It was suggested to NSIRA that it would not have been possible to conduct a thorough assessment of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ before the pilot based on the reasoning that a risk assessment is only possible with full โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ. NSIRA accepts in principle that there are situations when it would be difficult to appreciate the legal risks until such time โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ and fully evaluated. Notwithstanding the difficulties, it is the responsibility of CSIS to mitigate these risks to the extent possible.

In this case, moreover. NSIRA notes that there were indications of a need for caution with respect to the โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ in the period before the trial was even begun, including the IMSI decision of the Federal Court, which found that geolocating an individual would require a warrant.

Internally, there were multiple indications to the effect that there may be reason for particular attention, including:

two emails sent prior to the pilot, one by โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ on June 28. 2017. and the other by โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ September 27. 2017, both containing legal and governance questions;

the meeting convened by โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ for the purpose of discussing whether there existed a reasonable expectation of privacy in the โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ data;

the examples provided by โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ and the evaluation of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ in April 2018. which indicated that there were privacy concerns with this tool given its ability to generate โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ and to โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ

There were other indications of a need for caution, โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ

Despite these signs, no formal action was taken to assess the question of legal risk until the briefing note in May 2018 requested a formal legal opinion.

NSIRA recommends that policy be developed or amended as appropriate that would require a documented risk assessment, including legal risks, in situations like โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ when information collected through new and emerging technologies may contain information in respect of which there may be a reasonable expectation of privacy. If not โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ NSIRA further recommends that a policy centre for this type of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ collection be clearlv identified.

Conclusion

At the outset โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ was characterized as making use of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ. This is made clear from the approval email, โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ would consider, it is not clear that the data exploited through โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ represents genuinely โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ at least as defined in plain language, as was asserted.

Assessing โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ in this way was not without its consequences in that it appears to have justified the lack of a more thorough legal assessment. This assumption proved to be problematic; the consequence was that CSIS placed itself at risk of having violated the Charter. Throughout this review. NSIRA has been mindful of the length of time it took for CSIS to obtain the final legal opinion, which was requested in July but finalized only in December, a full five months later.

NSIRA is aware that there have been discussions within โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ on the need to have ongoing legal support. In particular โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ has requested the establishment of a policy and legal operating envelope to ensure that policy and legal questions related to data exploitation are properly covered, including a resource from DLS who would provide ongoing, even weekly, legal assistance. NSIRA understands that this request was made in part due to the difficulties associated with obtaining legal advice on an as needed basis. NSIRA has been advised that โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ request to have weekly legal support has not yet been actioned.

The combination of an expanding scope in the type, volume and sources of data collected by CSIS and a fluid legal situation makes this an area of persistent high legal risk. CSIS has publicly affirmed that the concept of a reasonable expectation of privacy is evolving over time and committed to ensuring that CSISโ€™s approach to a reasonable expectation of privacy โ€œis kept consistentโ€.

NSIRA is of the view that, in this environment, legal support to โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ is essential to operate at an acceptable level of risk. NSIRA expects CSIS and the Department of Justice ( DOJ) to demonstrate institutional leadership that would allow responsible decision-making in an environment of uncertainty by making available legal support to โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ as required on a priority basis.

Share this page
Date Modified: