Matthew Cassar is a successful Canadian entrepreneur, businessman, and innovator in the field of information technology.
Mr. Cassar is Co-Chief Executive Officer of Sherweb, a Quebec-based cloud computing, messaging, and collaboration solutions company he co-founded in 1998. The company is a North American leader in information technology, providing services to more than 7,000 partners and 85,000 small and medium-sized enterprises and multinationals in more than 100 countries.
Mr. Cassar sits on the Board of Governors of the University of Sherbrooke’s School of Management and the Board of Directors of ACET, a Quebec-based accelerator focused on supporting emerging businesses and entrepreneurs working in technological innovation.
He holds a combined master’s degree in Law and Business Administration from the University of Sherbrooke.
Craig Forcese is a full professor at the University of Ottawa’s Faculty of Law, Common Law Section, where he also serves as the Vice Dean for Graduate Studies in Law. Mr. Forcese teaches public international law, national security law, administrative law, and constitutional law. He also teaches advanced international law and relations at the Norman Paterson School of International Affairs.
Craig was vice dean (graduate studies in law) in the Faculty of Law 2018-2021 and vice dean (JD program) in the Common Law Section 2011-2014. Prior to joining the law school faculty, he practiced law with the Washington D.C. office of Hughes Hubbard & Reed LLP for two years, specializing in international trade and commercial law. Mr. Forcese is a member in good standing of the bars of Ontario, New York, and the District of Columbia.
Mr. Forcese earned a Master of Laws from Yale University, after graduating summa cum laude from the University of Ottawa with a Bachelor of Laws. Mr. Forcese also holds a Bachelor of Arts Joint Honours in Anthropology and Geography from McGill University, and a Master of Arts in International Affairs from the Norman Paterson School of International Affairs at Carleton University.
Ian Holloway was appointed on January 30, 2015, as a Member of the Security Intelligence Review Committee.
Ian Holloway was born in Halifax, Nova Scotia, and grew up in New Brunswick. He received a Bachelor of Science and a Bachelor of Laws from Dalhousie University, a Master of Laws from the University of California at Berkeley, and a Doctorate from the Australian National University. He also completed the Advanced Executive Program at Northwestern University’s Kellogg School of Management and the Leadership 21 Program at Harvard University’s John F. Kennedy School of Government.
Before beginning his academic career, Dr. Holloway worked in private practice in Halifax with the McInnes Cooper law firm, focusing on labour and employment law. He also served as the law clerk to the Chief Justice of the Federal Court of Canada. Dr. Holloway served a term as Associate Dean at the Australian National University, as a visiting professor of law at the National University of Singapore, and also held an appointment at Cambridge University. He was the longest serving Dean of Law at the University of Western Ontario, holding the position from 2000 to 2011. He is currently the Dean of the Faculty of Law at the University of Calgary, where he has served since 2011.
Dr. Holloway is also a retired Chief Petty Officer in the Royal Canadian Navy, who spent a total of 26 years serving in the Royal Canadian and Royal Australian Navies. He has published two books, numerous book chapters, and many articles in law journals in Canada and throughout the world. In addition, he has published a book on naval history as well as 25 essays and other pieces in various legal and non-legal periodicals.
Dr. Holloway is a member of the Nova Scotia Barristers’ Society and the Law Society of Upper Canada. In 2003, he was elected a member of the American Law Institute, an honour held by only a few Canadians. He was appointed Queen’s Counsel in 2005. He is currently a Trustee of the Law School Admission Council and a member of the NALP Foundation’s National Advisory Board. Dr. Holloway serves as a Governor of the Southern Alberta Division of the Canadian Corps of Commissionaires and was a member of the Advisory Council to the Minister of Canadian Heritage on the Commemoration of the War of 1812. He also served as the legal education and training team leader for the Canadian Bar Association’s Futures project. Dr. Holloway was awarded the Canadian Forces Decoration in 1989, the Commemorative Medal for the 125th Anniversary of the Canadian Confederation in 1992, and in 2013, he was awarded the Queen Elizabeth II Diamond Jubilee Medal.
██ This is the second annual review of the Canadian Security Intelligence Service’s (CSIS) threat reduction measures (TRMs) completed by the National Security Intelligence Review Agency (NSIRA). This review sought to expand upon findings from last year’s review by examining a larger number of TRMs wherein CSIS disclosed information to external parties with their own levers of control, to reduce identified threats.
██ The review studied the characteristics of these particular TRMs but focused its examination upon the extent to which CSIS appropriately identified, documented and considered any plausible adverse impacts that these measures could have on affected individuals.
██ With respect to the TRMs studied, NSIRA observed that ███████████ of external parties were involved in these TRMs, ██████ which had varied levers of control with which they could take action against identified threats or the subjects of these measures. NSIRA also observed that CSIS disclosed different kinds of information to external parties for these TRMs. NSIRA noted that CSIS’s documentation of TRMs was uneven. CSIS did not always document ████████████████████ sometimes excluded an account of the actions taken by external parties as part of these measures. NSIRA also noted that CSIS documentation of the information it disclosed to external parties, as part of these TRMs, was inconsistent, and at times, lacked clarity and specificity.
██ An understanding of both external parties’ levers of control and the scope and breadth of information disclosed to external parties for TRMs is important and feeds into the overall risk assessment of each proposed measure. Without more robust documentation, CSIS is neither capable of assessing the efficacy of its measures nor appreciating the full impact of its actions on the subjects of its measures.
██ In 2020, NSIRA asserted that, when determining whether a warrant is required, CSIS should consider impacts on individuals resulting from the entirety of threat reduction measures: both from CSIS’s disclosure of information and from actions taken by recipient external parties, to reduce the threat. The adverse impacts on individuals observed in the TRMs examined for this year’s review underscore NSIRA’s position.
██ The current assessment framework ████████████ to determine whether a warrant is required is overly narrow and does not sufficiently consider the full impacts of CSIS threat reduction measures. NSIRA recommends that CSIS consider plausible adverse impacts resulting not only from CSIS disclosures of information but also from the actions of external parties as part of TRMs, when determining whether a warrant is required.
██ NSIRA was able to use its direct access to CSIS information repositories to confirm information that it needed to verify and to pursue necessary additional inquiries. For that reason, NSIRA has a high level of confidence in the information on which it relied to complete this review. NSIRA would also like to recognize that CSIS was timely in responding to NSIRA’s requests for information throughout the course of this review.
2. Authorities
██ This review was conducted under the authority of subsection 8(2) of the National Security and Intelligence Review Agency Act (NSIRA Act).
3. Introduction
Background
██ This review is the second annual review of CSIS threat reduction measures (TRMs) completed by the National Security Intelligence Review Agency (NSIRA).
██ In its first review of TRMs (NSIRA’s 2020 review), NSIRA examined ███ TRMs in which CSIS disclosed information to an external party. In all cases examined, CSIS disclosed the information to an external party in order for the external party to take action in some way using its own levers of control to address the identified threat.3 This year’s review examined a larger subset of TRMs that involved CSIS disclosing information to an external party for the purpose of obtaining a desired threat reduction outcome. NSIRA focused primarily on examining how CSIS identifies and considers the plausible adverse impacts of these measures on affected individuals.
Scope
██ The review period covers June 18, 2015 to December 31, 2020, and includes ██ proposed TRMs that involved CSIS disclosing information to an external party for the purpose of using that external party as a conduit for the desired action against the subject of the TRM. Of these ██ proposed TRMs, ██ were approved and ██ were implemented.
Sources and Methodology
██ NSIRA examined information from a variety of sources, including:
Document Review
██ Ministerial directions issued by the Minister of Public Safety and Emergency Preparedness to CSIS.
██ CSIS’s internal governance framework for TRMs, which included policies, procedures, guidance and training material, tracking systems and cooperation agreements.
██ All pertinent threat reduction measure documentation, ██████████████████████████████████████████ email communications, operational messages, and █████████████.
██ Relevant █████████ , including responses to NSIRA’s Requests for Information.
Briefing
██ One briefing from the Department of Justice.
Analysis of Administrative Data
██ Descriptive statistics of the TRM sample.
██ Cross-reference of TRM subjects in the review sample with NSIRA’s investigation files for complaints submitted to SIRC (2015 to July 2019) and NSIRA (July 2019 to 2020) in order to document any complaints investigations underpinned by a CSIS TRM.
TRM mandate
██ In June 2015, Parliament enacted the Anti-terrorism Act, 2015, which authorized CSIS, in the new section 12.1 of the CSIS Act, to take measures to reduce threats to the security of Canada, within or outside Canada. The new measures represented an unprecedented departure from CSIS’s traditional intelligence collection role.
██ In July 2019, the National Security Act, 2017, came into force and introduced amendments to CSIS’s TRM mandate that sought to clarify and further define this power. In particular, the amendments stressed the importance of compliance with the Canadian Charter of Rights and Freedoms (Charter). They included specific provisions affirming the need for all TRMs to comply with the Charter, and stipulating that measures could only limit Charter rights or freedoms if authorized by a judge under a warrant. The amendments also included an expanded list of prohibited conduct under the TRM regime: among other things, CSIS cannot engage in measures that cause death or bodily harm, subject an individual to torture, or detain or violate the sexual integrity of an individual.
██ The CSIS Act does not provide a precise definition of “measures to reduce the threat.” As such, CSIS has developed its own definition to guide its TRM activities. According to CSIS, a TRM is “[a]n operational measure undertaken by the Service, pursuant to section 12.1 of the CSIS Act, whose principal purpose is to reduce a threat to the security of Canada as defined in s. 2 of the CSIS Act.
██ Section 12.1 of the CSIS Act states that CSIS may only undertake a TRM if there are reasonable grounds to believe that the identified conduct is a threat to the security of Canada. TRMs must be reasonable and proportional in the circumstances, having regard to the nature of the threat, the nature of the measures, the reasonable availability of other means to reduce the threat, and the reasonably foreseeable effects on third parties, including on their right to privacy. CSIS must also consult with other federal departments, where appropriate, with respect to whether they may be in a position to reduce the threat. CSIS must also seek a warrant from a judge where a proposed TRM would limit a right or freedom guaranteed by the Charter or would otherwise be contrary to Canadian law.
██ The 2015 Ministerial Direction for Operations and Accountability and the 2019 Ministerial Direction for Accountability issued by the Minister of Public Safety require all TRMs to undergo a four-pillar risk assessment that examines the operational, political, foreign relations, and legal risks of proposed actions on a scale of low, medium or high. In addition, they require that, when assessing the appropriate means of reducing a threat, CSIS consider the range of other possible national security tools available to the broader community, and consult with departments and agencies of the Government of Canada with mandates or authorities closely related to the proposed TRM.
Governance
██ CSIS’s TRM unit is made up of full-time employees, and is responsible for developing and updating policies and procedures related to TRMs; it also provides support to operational units involved with TRMs.
██ Operational units must consult with the TRM unit at the planning stage, and while drafting ██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
██ CSIS’s governing policy outlines the requirements associated with planning, approving, implementing, and reporting TRMs, including their use in exigent circumstances.9 The policy replicates the relevant provisions of the CSIS Act, without adding much direction beyond citing the existing legislative regime. For example, the policy incorporates the Act’s requirement to ensure that TRMs are reasonable and proportional, having regard to the nature of the threat, the nature of the measures, the reasonable availability of other means to reduce the threat, and the reasonably foreseeable effects of the measure on third parties, including their right to privacy. ████████████████████████████████████████████████████████████████████████████████
███████████████ NSIRA notes that in conducting its legal assessments, ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████.
██ CSIS has also developed internal guidelines for consultations with other government departments, ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
4. Findings and recommendations
Brief overview – TRMs, by the numbers
During the review period, CSIS proposed TRMs in total.
proposed measures involved an external party that had an ability to act using its own levers of control.
Of these proposed measures, were approved and implemented.
Of the approved measures, none of them, in CSIS’s view, required judicial authorization, or warrants, to proceed.
██ Comprising █████████ proposed measures, information disclosure to external parties was a common strategy that CSIS proposed as part of TRMs, to reduce perceived threats to the security of Canada.
CSIS’s information disclosures as part of TRMs
██ NSIRA examined documentation supporting the ██ proposed TRMs, including the ██ implemented TRMs where CSIS disclosed information to an external party to reduce a threat to the security of Canada. NSIRA looked to identify and assess:
the types of external parties involved in the proposed TRMs;
the nature of the information that CSIS shared as part of these measures; and
the extent to which CSIS identified, documented and considered the plausible adverse impacts of the measure on individuals.
Types of external parties involved in proposed TRMs
████████████ NSIRA provides examples of the types of external parties involved in proposed TRMs, as well as some of the varied actions they could take in Table 1, below.
*Completed Redacted table*
Nature of information disclosed
████████████ NSIRA examined implemented TRMs to identify the different types of information CSIS shared with external parties. NSIRA observed that the nature of the disclosures varied greatly and also often included information ███████████ linking the subject to threat-related or criminal activity:
████████ NSIRA also observed that CSIS used ███████████████████████████████████████████████████████████████████████████████████████ For example, █████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
███████████ NSIRA observed that CSIS’s documentation of the information disclosed to the external party was uneven and, at times, lacked clarity and specificity. █████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ Where the information to be disclosed is vaguely described, the full range of plausible adverse direct and indirect impacts may be difficult to ascertain with any precision. This affects the rigour of any associated risk assessment, including the legal risk assessment.
██████████ By contrast, NSIRA noted certain instances in which CSIS provided a sufficiently detailed description of the information to be disclosed in its documented materials.
██ In NSIRA’s view, the precise content, including the scope and breadth of the information to be disclosed to an external party as part of a TRM, is important and feeds into the overall risk assessment of the proposed measure. A detailed and precise description of the information to be disclosed would allow for more considered assessments.
██Finding 1: NSIRA finds that CSIS’s documentation of the information disclosed to external parties as part of TRMs was inconsistent and, at times, lacked clarity and specificity.
██Recommendation 1: NSIRA recommends that when a TRM involves CSIS disclosing information to external parties, CSIS should clearly identify and document the scope and breadth of information that will be disclosed as part of the proposed measure.
Identification, documentation and consideration of impacts
██ NSIRA’s 2020 TRM review examined ██ TRMs where CSIS disclosed information to an external party in order to disrupt a ██████ threat actor. That review underlined the importance of considering all plausible adverse impacts on an affected individual as part of the TRM approval process. In this year’s review, NSIRA sought to examine a larger sample of TRMs in which CSIS disclosed information to external parties to reduce an identified security threat. This year’s review allowed NSIRA to gain greater insight into CSIS’ intended outcomes for these TRMs and how CSIS assessed their impact on the individual.
██ The following examples highlight common impacts that NSIRA identified:
██ The interests engaged where measures affect ██████████████████████████████████████████████████████████████████████████████ can have significant and lasting impacts on the subjects and their families. For example, measures that impact the ████████████████████████████████████████████████ interfere with ████████████████████████████████████████████████ Moreover, the associated hardships can affect the subject’s inherent dignity. The norms of our liberal democracy dictate that people in society should be able to █████████████████████████████████████████████
When CSIS is assessing the reasonableness and proportionality of TRMs that can impact the █████████████
as well as assessing whether a warrant is required, it is important that the analysis sufficiently take these factors into consideration.
████████████████████████ In NSIRA’s view, the identification and assessment of the risks associated with ███████████████████████████████████████████████████████████ failed to fully explore the plausible adverse impacts of these actions. ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
Nevertheless, NSIRA observes that CSIS approved a TRM without knowing the actions, if any, that the ██████████ was required to take under Canadian law or could take, pursuant to its ██████████ This information could have contributed to the assessment of the plausible adverse impacts of the measure upon individuals. ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
███████████████████████████ NSIRA notes that, at the time the proposed measure was assessed, CSIS did not appreciate the authority and capacity of each of the organizations to prevent the individual from ██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
██████████████████████████ While this TRM likely raises issues associated with the extraterritorial application of the Charter, NSIRA focused its assessment on the scope and nature of the plausible adverse impacts of the measure. NSIRA notes that at the time the proposed measure was assessed, CSIS did not have a developed understanding of potential harms ██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
██ NSIRA observes that CSIS’s understanding of the scope and breadth of the potential ramifications of disclosing information to external parties varied across the reviewed sample. NSIRA expected to see that when CSIS disclosed information to an external party, CSIS had a genuine appreciation of the scope of the plausible adverse outcomes, including the actions that the external party could take. NSIRA also expected to see a consideration of, not only the impacts of the intended outcomes of the measure, but also any collateral adverse impacts.
██ For examples, █████████████████████████████████████████████████████████████████ NSIRA expected CSIS to understand the ability of the external party to take action. As noted in some of the examples above, while CSIS always had a clear desired outcome for the TRM, CSIS did not always have an adequate appreciation of the powers and authority (levers of control) of the external party receiving the information.
██████████████████████████████ NSIRA observed that CSIS had turned its mind to whether the proposed measure could have █████████████████████████████████████████████ However, the identified impacts fell short because they did not consider the foreseeable possibility that the individual could be █████████████
██Finding 2: NSIRA finds that CSIS does not systematically identify or document the external parties’ authority and ability to take action, or plausible adverse impacts of the measure.
██Recommendation 2: NSIRA recommends that CSIS fully identify, document and consider the authority and ability of the external party to take action, as well as the plausible adverse impacts of the measure.
Documentation of outcomes
██ NSIRA expected to obtain more certainty with respect to the outcomes of these measures by reading official outcomes reports, ██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ This suggested that CSIS’s reporting system was inadequate or that these reports were improperly filed or non-existent.
██ NSIRA observes that follow-ups with the external party should be an essential component of measures involving information disclosure whose principal purpose is to reduce a security threat. Without robust documentation and after action reports on TRMs, CSIS is incapable of assessing the efficacy of the measure as well as appreciating the full impact of its actions. An examination of well-documented afteraction reports will also enable CSIS ██████ to determine whether their initial reasonableness and proportionality assessment may have failed to consider important considerations, which can, in turn, inform the assessments of future proposed TRMs.
██Finding 3: NSIRA finds that CSIS did not consistently document the outcomes of TRMs in accordance with its policy. Furthermore, CSIS policy doesnot require it to document the actions taken by external parties.
██Recommendation 3: NSIRA recommends that CSIS should amend its TRM policy to include a requirement to systematically document the outcomes of TRMs, including actions taken by external parties. This practice should inform post-action assessments and future decision-making.
██Recommendation 4: NSIRA recommends that CSIS comply with its record-keeping policies related to documenting the outcomes of TRMs.
Consideration of impacts when assessing whether a warrant is required
██ The variety of impacts observed in this year’s TRM review highlights the salience of NSIRA’s recommendation in 2020, namely that CSIS consider more comprehensively potential adverse impacts of these types of measures on the affected individuals. This recommendation underlined that all potential impacts on an affected individual, even where they are carried out by the external party and not CSIS, should be consideredwhen determining whether a warrant is required.
██ This limited consideration of the impacts of TRMs was also evident in this year’s review. ████████████████████████████████████████████████████████████████████████████████
████████████████████████████████████████ In an October 2021 briefing between NSIRA and ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
██ NSIRA notes that CSIS cannot avoid responsibility just because the outcomes of an action would be effected by someone else’s hand. ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ Where there is a sufficient causal connection between CSIS’s actions and the ultimate outcomes, the principles of fundamental justice apply to deprivations of life, liberty or security effected by external parties. ████████████████████████████████████████████████████████████████████████████████████████████████████████ This is particularly so when such a foreseeable risk has been identified in the reasonableness and proportionality analysis.
██ The current structure used to determine whether CSIS should obtain a warrant for its TRMs is an insufficient implementation of the warrant requirements of the TRM provisions. Sections 12.1 (3.2) and (3.4) require CSIS to seek a warrant when the measure would limit a Charter right or otherwise be contrary to Canadian law. The current ██████████████████ by CSIS is overly narrow and should not be based on the impacts of a CSIS action alone. Rather, it should consider the full impact of the measure, including any direct and indirect impacts caused or initiated by external parties.
██ The CSIS Act is clear that when a proposed TRM would limit a Charter right or freedom, or would otherwise be contrary to Canadian law, CSIS must seek a judicial warrant. In NSIRA’s 2020 TRM Review, CSIS deemed that a warrant was not required for the reviewed TRMs, because it viewed the external party as responsible for taking action, not CSIS. NSIRA identified its concerns with this approach, and noted that consideration of the full impact of such proposed TRMs, including any downstream Charter implications resulting from the external parties’ actions could require CSIS to obtain a warrant before undertaking these types of measures.
██ CSIS’s response to this recommendation stated “the Department of Justice will further consider this recommendation and factor it into its work related to TRM under the CSIS Act.
██████████████████████ However, as noted above, ██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
██ NSIRA fundamentally disagrees with CSIS’s understanding of and approach to the legal analysis of determining whether a warrant is required for proposed TRMs.
██ Going forward, NSIRA expects that when proposing a TRM where an individual’s Charter rights would be limited, or that would otherwise be contrary to Canadian law, whether at the direct hand of CSIS or that of an external party to whom CSIS disclosed information, CSIS will seek a warrant to authorize the TRM.
██Finding 4: NSIRA finds that when determining whether a warrant is required,CSIS’s assessment is overly narrow due to a failure to appropriately consider the impacts resulting from external party actions.
██Recommendation 5: NSIRA recommends that CSIS appropriately consider the impacts resulting from external party actions when determiningwhether a warrant is required.
Conclusion
██ The variety of impacts observed in this year’s review, combined with the gaps identified in CSIS’s understanding and assessment of these impacts highlights the salience of a number of NSIRA’s recommendations in 2020.
██ The TRM regime was introduced in 2015 to address an evolving security and intelligence landscape. NSIRA recognizes that CSIS’ threat disruption powers can be an effective tool to diminish a national security threat. While these powers provide CSIS with additional flexibility, they also demand heightened responsibility, given their covert nature and ability to profoundly impact, not only the subject of a given TRM, but others potentially captured by its scope. As this review demonstrates, TRMs can interfere with ███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ Mindful of the need to reduce threats, but recognizing the competing values at stake, it is critical that CSIS subject its TRMs to robust and thorough analyses, both prior to and following their implementation.
██ NSIRA reiterates its recommendation that CSIS consider more comprehensively the plausible adverse impacts of these types of measures on the affected individuals, even when they are carried out by the external party and not CSIS. These impacts should be considered not only when considering the reasonableness and proportionality of a proposed measure, but also when determining whether a warrant is required.
██ In addition, this year’s review again highlighted the importance of Justice’s involvement in the TRM approval process. More specifically, the necessity for Justice to be provided sufficient information, in this case on the nature of the information to be disclosed by CSIS as well as the authority and actions (levers of control) the external party can take, to allow Justice to provide considered legal advice.
██ Finally, without robust documentation and after action reports on TRMs, CSIS is incapable of assessing the efficacy of the measures or appreciating the full impact of its actions. CSIS should systematically identify the actions that are taken by external parties for threat reduction measures that involve CSIS disclosures of information. Identifying and recording these actions and the subsequent impacts on TRM subjects will inform not only TRM risk assessments, but also enable CSIS to build upon its experience with TRMs and guide future decision-making.
██ While outside of the scope of this review, NSIRA is aware that in January 2021, CSIS launched ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ NSIRA may in the future review ████████████████████████████████ and whether it has impacted the identification and consideration of plausible adverse impacts of measures on individuals.
Annex A: Findings and Recommendations
██Finding 1: NSIRA finds that CSIS’s documentation of the information disclosed to external parties as part of TRMs was inconsistent and, at times, lacked clarity and specificity
██Finding 2: NSIRA finds that CSIS does not systematically identify or document the external parties’ authority and ability to take action, or plausible adverse impacts of the measure.
██Finding 3: NSIRA finds that CSIS did not consistently document the outcomes of TRMs in accordance with its policy. Furthermore, CSIS policy does not require it to document the actions taken by external parties.
██Finding 4: NSIRA finds that when determining whether a warrant is required, CSIS’s assessment is overly narrow due to a failure to appropriately consider the impacts resulting from external party actions.
██Recommendation 1: NSIRA recommends that when a TRM involves CSIS disclosing information to external parties, CSIS should clearly identify and document the scope and breadth of information that will be disclosed as part of the proposed measure.
██Recommendation 2: NSIRA recommends that CSIS fully identify, document and consider the authority and ability of the external party to take action, as well as the plausible adverse impacts of the measure.
██Recommendation 3: NSIRA recommends that CSIS should amend its TRM policy to include a requirement to systematically document the outcomes of TRMs, including actions taken by external parties. This practice should inform post-action assessments and future decision-making.
██Recommendation 4: NSIRA recommends that CSIS comply with its recordkeeping policies related to documenting the outcomes of TRMs.
██Recommendation 5: NSIRA recommends that CSIS appropriately consider the impacts resulting from external party actions when determining whether a warrant is required.
Review of Canadian Security Intelligence Service’s threat reduction activities: A Focus on Information Disclosure to External Parties: Backgrounder
Review of Canadian Security Intelligence Service’s threat reduction activities: A Focus on Information Disclosure to External Parties
Backgrounder
Backgrounder
This is the second annual review of the Canadian Security Intelligence Service’s (CSIS) threat reduction measures (TRMs) completed by the National Security Intelligence Review Agency (NSIRA). This review sought to expand upon findings from last year’s review by examining a larger number of TRMs wherein CSIS disclosed information to external parties with their own levers of control, to reduce identified threats.
The review studied the characteristics of these particular TRMs but focused its examination upon the extent to which CSIS appropriately identified, documented and considered any plausible adverse impacts that these measures could have on affected individuals.
NSIRA’s mandate requires it to understand how Canada’s national security and intelligence agencies use technology. The responsibilities of NSIRA’s Technology Directorate include:
leading the review of information technology (IT) systems and capabilities;
assessing a reviewed entity’s IT compliance with applicable laws, ministerial direction, and policy;
conducting independent technical investigations;
recommending IT system and data safeguards to minimize the risk of legal non-compliance;
producing reports explaining and interpreting technical subjects;
leading the integration of technology themes into yearly NSIRA review plans;
leveraging external expertise in the understanding and assessment of IT risks; and
The Technology Directorate is an evolving team with a growing academic research network, fostering domestic and international partnerships in the pursuit of technical expertise.
More information about our activities can be found in NSIRA’s annual reports. Individuals who are interested in working with the Technology Directorate or elsewhere at NSIRA are encouraged to apply here.
The National Security and Intelligence Review Agency (NSIRA) is an independent and external review body that reports to Parliament.
NSIRA reviews and investigates all Government of Canada national security and intelligence activities to ensure that they are lawful, reasonable and necessary. NSIRA also investigates public complaints regarding key national security agencies and activities. What enables NSIRA to be so thorough as a review agency is the NSIRA Act granting the statutory powers to access relevant information and to conduct reviews independently.
The NSIRA Act
The NSIRA Act received royal assent as part of Bill C-59 and came into force on July 12, 2019, establishing a new federal entity, the National Security and Intelligence Review Agency (NSIRA).
NSIRA establishes independent expert review of national security and intelligence activities from all federal departments and agencies, and informs Parliament and Canadians of the lawfulness of their governments actions.
NSIRA has a statutory mandate to review the activities of the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), as well as the national security and intelligence activities of all other federal departments and agencies. This includes, but is not limited to, the national security and intelligence activities of the Royal Canadian Mounted Police (RCMP), the Canada Border Services Agency (CBSA), the Department of National Defence (DND), Global Affairs Canada (GAC), and the Department of Justice (DoJ).
To fulfill its review mandate, NSIRA has unfettered access to classified information. This includes any and all information held by, or under the control of, departments and agencies, including information subject to a legal privilege. NSIRA independently determines which information is relevant to the conduct of its reviews. The sole exception to NSIRA’s right of access is information considered to be a Cabinet confidence.
In carrying out reviews, NSIRA may make any findings and recommendations it considers appropriate. In accordance with the NSIRA Act, however, it will pay particular attention to whether Government activities are lawful and comply with Ministerial Direction, and to whether the activities are reasonable and necessary.
Expanded Complaints Mandate
NSIRA inherits the complaints investigation functions of the Security Intelligence Review Committee (SIRC) and gained several new roles. SIRC was responsible for hearing public complaints regarding the actions of CSIS. It was also responsible for complaints related to the Government of Canada security clearance process, as well as specific matters and reports referred to under the Citizenship Act and the Canadian Human Rights Act.
NSIRA now investigates complaints against CSE, and complaints against the RCMP, referred by the Civilian Review and Complaints Commission (CRCC). The CRCC will continue to review all other activities of the RCMP.
History
NSIRA replaces SIRC, which reviewed CSIS. It also replaces the Office of the CSE Commissioner (OCSEC), which reviewed CSE. The NSIRA is also assuming responsibility for reviewing the national security and intelligence-related activities of the RCMP from the CRCC.
The NSIRA Act addresses shortcomings in the national security accountability framework identified by Justice O’Connor in the 2006 report of the Commission of Inquiry into the Actions of Canadian Officials in Relation to Maher Arar, and subsequently by many others.
Prior to Bill C-59, SIRC, OCSEC and the CRCC each focussed on reviewing one specific agency, but they lacked the statutory authority to review activities beyond their agency of focus in order to obtain a complete picture of cross-cutting activities. They also could not collaborate or share classified information with other expert national security review bodies. NSIRA, by contrast, is able to review all national security and intelligence activities across the Government of Canada in an integrated manner.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
