Language selection

Government of Canada / Gouvernement du Canada

Search

Category: Policies and Procedures

NSIRA – Expectations for Responsiveness in Reviews

Context

NSIRA is an integral part of the national security and intelligence accountability structure created by Parliament to increase public confidence that federal national security and intelligence activities are subject to rigorous scrutiny. NSIRA has a duty to deliver on its mandate and report to Parliament, and all Canadians, with resolute independence, transparency, and timeliness. The NSIRA Act gives NSIRA the authority to determine its processes and procedure. For reviews, the NSIRA Act also grants NSIRA rights of timely access to any information in the possession or under the control of a department (except for cabinet confidences) and to receive from the department any documents and explanations NSIRA deems necessary. When reviewed entities fail to facilitate the full implementation of these rights, they are responsible for shortcomings in their accountability and may be in breach of their legal obligations. NSIRA intends to publicly report on each department’s cooperation with access requests, timeliness of disclosures, and overall responsiveness to review. The following principles highlight NSIRA’s expectations.

Date of Publishing:

Access

Unimpeded access to information in a timely way is critical to review. NSIRA’s statutory powers must be implemented to their full extent in practice.

NSIRA expects that reviewed entities:

  • Provide NSIRA with complete and unfettered access to the information holdings NSIRA identifies as required to conduct its reviews, including access to any physical records, digital repositories, or information systems.
  • Facilitate and implement the level of access required by NSIRA, up to and including full independent direct access to systems, documents and repositories, as determined solely by NSIRA.

Disclosures

For efficiency, NSIRA sends tailored requests for information to the reviewed entities to obtain records to support reviews. Because only NSIRA is entitled to determine what is relevant to its reviews, the response process for the disclosure of information must be transparent and candid to ensure that NSIRA is not beholden to relevance determinations made by the reviewed entity. NSIRA must also be advised as to the existence of documents or repositories to support further requests.

NSIRA expects that reviewed entities:

  • Ensure complete, accurate and candid disclosure of all information in response to any NSIRA request for information on a continued basis until the completion of the review in question.
  • When unsure as to the specific connection of a record to an NSIRA request, shall either err on the side of inclusion or seek instructions from NSIRA by describing the nature of the uncertainty and the context of the record in question.
  • Disclose records in their unaltered original form, unless agreed or requested otherwise by NSIRA.
  • Disclose in a way that is organized, searchable, capable of identification, and in a format that enables analysis and reporting.
  • Consult with the Privy Council Office before refusing to disclose any information on the ground that it is a confidence of the Queen’s Privy Council and provide NSIRA with PCO’s written confirmation of the status of that information.
  • Disclose the information within NSIRA’s requested timelines. When the reviewed entity is unable to meet a timeline, NSIRA expects to receive a written submission outlining the grounds on which a time extension is requested. NSIRA will then determine whether the extension is to be granted.

Verification

The verification of information integrity is a fundamental prerequisite of independent review. NSIRA must verify the completeness of information disclosed in the context of any review and will comment accordingly in a confidence statement to be published within the review.

NSIRA expects that reviewed entities:

  • Provide on request a list of the search terms used and repositories searched in the collection of information provided in support of a review.
  • Collaborate with NSIRA to implement processes that will enable NSIRA to independently verify the completeness and accuracy of information provided in support of a review, including the ability to test the completeness of searches for information, to NSIRA’s satisfaction.

Share this page

No endorsement of any products or services is expressed or implied.

Share this page
Date Modified:

NSIRA Review Considerations Matrix

Table of Contents
No header Tag found

Date of Publishing:

Considerations for Selecting Review Topic
Categories Considerations
The Considerations Matrix uses objective criteria to identify review topics in accordance with NSIRA’s core mandate and mission. The prioritization of reviews is informed by additional strategic factors, including resourcing, ongoing reviews, and public commitments.
Non-Discretionary Reviews and Reports Annual Canadian Security Intelligence Service's Threat Reduction Measures (TRM). NSIRA will review at least one aspect of CSIS's performance in taking measures to reduce threats to the security of Canada. 
Avoiding Complicity in Mistreatment by Foreign Entities Act (ACA). NSIRA will review the implementation of all directions issued under the ACA.
Security of Information Disclosure Act (SCIDA). NSIRA will submit to the Minister of Public Safety a report respecting the disclosure of information under the SCIDA during the previous calendar year. 
As Required Ministerial Directions. NSIRA will review the implementation of significant aspects of every new or modified ministerial direction issued to CSIS, CSE, and any other organization if it relates to national security or intelligence.
Core Considerations for Discretionary Reviews Referrals from Ministers. NSIRA may review any matter that relates to national security or intelligence that is referred to it by a minister of the Crown. 
History repeats itself. Reviews of activities or programs with histories of non-compliance. 
High-Risk. Reviews of activities where the impact of compliance issues are vast. 
Circle Back. Reviews that follow up on findings or recommendations made by previous NSIRA reviews or emerging from NSIRA complaint investigations. 
Rules of the Road. Reviews that examine significant changes in the legal landscape governing  national security or intelligence organizations or activities.  
Making Good. Reviews that fulfil a commitment or objective outlined in public fora, for example in NSIRA's Public Annual Report.  
Following up. Reviews which address issue(s) raised during previous NSIRA reviews.  
Wide Lens. Reviews with a focus on horizontal themes and/or topics pertaining to multiple organizations across the national security and intelligence landscape.
New and Novel. Reviews of activities or programs that NSIRA has yet to examine.
Happening Now. Reviews that examine current or emerging national security activities or issues.  
Building Blocks. Reviews with links to previously completed reviews.
We're On It. Reviews that examine an issue or concern, or recommendation originating from another organization in the review or oversight community or concern matters of public controversy.
Working With Others. Reviews that involve cooperation with other review bodies, for example the National Security and Intelligence Committee of Parliamentarians and the Civilian Review and Complaints Commission for the RCMP.
Diversity. Reviews that relate to the government’s policies on anti-racism, equity, and inclusion. 
Technology Considerations Dual-Use. Reviews of activities involving technology(ies) that can be used for more than one purpose.
New and Novel. Reviews of activities involving technology(ies) that NSIRA has yet to examine.
Big Data. Reviews of activities involving data warehousing, bulk data and/or data analytics.
Artificial Intelligence & Algorithms. Reviews of activities involving automated decision-making.
Bycatch. Reviews of activities that may involve the collection of personal information from non-threat actors.

Share this page

No endorsement of any products or services is expressed or implied.

Share this page
Date Modified:

Definition of Review as referenced in s.8(1) (a-c) of the NSIRA Act

Table of Contents
No header Tag found

Date of Publishing:

Review by NSIRA is the independent and expert scrutiny of national security and intelligence activities conducted by any department or agency of the Government of Canada. The criteria for assessment can include, but need not be limited to, compliance (with law, ministerial direction, and policy), reasonableness, necessity, and efficacy. Additional criteria or lines of assessment may be determined at NSIRA’s discretion. Review can reach findings and issue recommendations with respect to the activities under consideration, as well as the broader context (e.g., governance, policy, organizational structure) in which they occur. Recommendations are non-binding on the departments and agencies to which they are issued.

Review occurs outside of the decision-making and operational process by which activities are conducted. That is, review is not connected to control or management of the activities being examined. In this way, NSIRA maintains its independence, as it is not implicated in the activities it reviews. Review is not bound by any temporal limitations. It may apply to past (completed) and present (ongoing) activities. It may also consider future activities by assessing the policies and procedures guiding a prospective activity, and highlighting potential issues before they occur.

The purpose of review is to ascertain facts after careful examination to develop findings and recommendations that inform accountability. NSIRA’s findings and recommendations are provided to the implicated departments and agencies as well as the responsible minister. NSIRA’s Annual Report, summarizing and contextualizing its review work from the previous year (including all findings and recommendations), is provided to the Prime Minister and tabled in parliament. Unclassified versions of each review report and the Annual Report are published on NSIRA’s website. In this way, review by NSIRA informs the broader deliberation – fundamental in a free and democratic society – regarding the means, lengths, and laws by which national security or intelligence activities are carried out. Crucially, NSIRA enjoys unfettered access (with the exception of cabinet confidences) to the sensitive and classified information of relevant departments and agencies, ensuring a level of scrutiny unavailable to other entities (such as civil society groups, academia, the media, etc.).

Share this page

No endorsement of any products or services is expressed or implied.

Share this page
Date Modified:

Agency Application of Sections 35 and 40 of the NSIRA Act

Context

Section 35 of the NSIRA Act governs the issuance of NSIRA compliance reports in relation to an activity that, in NSIRA’s opinion, may not be in compliance with the law. Such reports are submitted to the appropriate Minister and ultimately provided to the Attorney General of Canada (AG). NSIRA has articulated compliance reporting obligations in such a way as to encourage consistency in the reporting of possible non-compliance with the law. NSIRA has also adopted an approach to section 40 public interest reporting which is guided by consistent practice.

With regards to section 35 and determining when an activity “may not be in compliance with the law”, NSIRA’s position is that:

  1. The threshold captures possible as well as probable non-compliance but requires an objective basis for a finding of a possibility of non-compliance based on compelling and credible information.
  2. “Law” includes common law, statutory law, international law and constitutional law.
  3. NSIRA tailors each section 35 report to the relevant situation and indicates to the appropriate Minister and the AG its assessment of the incident’s degree of severity.

With regards to section 40, NSIRA has outlined a non-exhaustive list of scenarios where a public interest report would be issued:

  1. Where a section 35 compliance report relates to an illegality amounting to an offence;
  2. Where a section 35 compliance report relates to conduct that may cause grievous bodily harm or death;
  3. Where a section 35 compliance report relates to conduct amounting to a human rights violation;
  4. Where a report finds conduct implicating the duties and functions of another review or oversight body, or branch of the state (e.g. the Courts), and NSIRA is not able to communicate the substance of the report directly to that entity; and
  5. In any other instance where NSIRA concludes that the public interest requires the release of the report or its conclusions to Parliament

Date of Publishing:

Section 35 Reporting

Threshold

Section 35 of the NSIRA Act reads:

35 (1) The Review Agency must submit to the appropriate Minister a report with respect to any activity that is related to national security or intelligence and carried out by a department if, in the Agency’s opinion, the activity may not be in compliance with the law. The Agency must give a copy of the report to the deputy head concerned.
(2) As soon as feasible after the Minister receives a report under subsection (1), he or she must give a copy of the report to the Attorney General of Canada, together with any comment that he or she considers appropriate in the circumstances
(3) The Minister must give a copy of anything given to the Attorney General of Canada under subsection (2) to the Review Agency at the same time.

NSIRA has refined its understanding of the evidentiary threshold to determine when an activity “may not be in compliance with the law”. NSIRA understands this threshold to capture possible as well as probable non-compliance but requires an objective basis for a finding of a possibility of non-compliance based on compelling and credible information.

NSIRA’s compliance reporting obligations must be seen in light of the Agency’s broader purpose and the intent of Parliament in creating NSIRA. Rigorous reporting is compatible with NSIRA’s role and commitment to ensuring transparency and accountability. Independence in section 35 reporting is paramount. A broad and inclusive understanding of the word “law” has been adopted by NSIRA to include common law, statutory law, international law and constitutional law. Every finding involving possible non-compliance with the law must lead to a section 35 report.

Format

NSIRA uses its expertise to situate section 35 reports in their proper context. This ensures that NSIRA communicates where the non-compliance in question fits into the broader scheme of the operations reviewed or investigated. NSIRA is thus able to contextualize its section 35 reporting within the larger spectrum of its findings and offer its unique perspective to characterize the given incident. Therefore, NSIRA tailors the narrative of each section 35 report to the unique circumstances relevant to the non-compliance.

Section 35 reports need not be a copy of an entire review or investigation final report. Although in some circumstances, such as systemic non-compliance, the entire review or investigation final report can be adopted as the section 35 report, this is the exception. More often, section 35 compliance reports are shorter reports or letters containing only the particular instances of noncompliance associated with the relevant finding discussed in context. In such cases, the language for the proposed section 35 compliance reports is included as a tear line annexed to the relevant report.

As stated above, section 35 compliance reports provide all the necessary contextual information to put incidents of possible non-compliance into perspective and highlight the steps taken by departments to mitigate the risk of recurring non-compliance where applicable. In this way, NSIRA indicates to the appropriate Minister and to the AG its appreciation and assessment of the degree of severity of the incident. This attenuates concerns that minor incidents of noncompliance are excessively amplified with a section 35 report.

When reporting on non-compliance that appears outside of the AG’s role, NSIRA includes an explicit acknowledgement that it is reporting under the legal obligation to do so and, in this way, demonstrates its recognition that the AG may not be in a position to act upon the report.

Compliance reporting may become a source of valuable information in the aggregate. In isolation, a violation may look exceptional or otherwise of minimal significance. However, within the broader spectrum of NSIRA’s work over time, a seemingly innocuous incident of noncompliance may reveal a broader pattern of non-compliant conduct. For this reason, the comprehensive body of compliance reports is monitored for trends.

Timing of the Threshold’s Application and Approval of the Section 35 Report

NSIRA ensures a consistent approach across business lines by applying the same compliance threshold for its reviews as well as its investigations. However, the timing of applying the threshold and the process of approving the section 35 report differs between reviews and investigations.

For reviews, subsection 8(3) of the NSIRA Act reads:

8(3) In the course of its reviews, the Review Agency may make any finding or recommendation that it considers appropriate, including findings and recommendations relating to

(a) a department’s compliance with the law and any applicable ministerial directions; and

(b) the reasonableness and necessity of a department’s exercise of its powers.

The section 35 compliance threshold should be applied at the point at which findings regarding compliance with the law are made pursuant to subsection 8(3), which is at the member approval stage of a review final product when the members meet with quorum as the Review Agency. This timing ensures consistency in the application of section 35 and any findings under subsection 8(3). This approach enables the members to approve the review findings, the full review report to be finalized under section 34, and the annexed language for the section 35 compliance report tear line in one meeting.

For investigations conducted under paragraph 8(1)(d) of the NSIRA Act, section 29 of the NSIRA Act, subsection 19(6) of the Citizenship Act, and subsection 46(1) of the Canadian Human Rights Act govern the reporting of findings. Section 35 is nonetheless triggered where a member finds possible non-compliance with the law in the course of an investigation. Pursuant to section 30 of the NSIRA Act and NSIRA practice, individual NSIRA members are assigned to investigate complaints. The assigned member applies the compliance threshold at the conclusion of an investigation when they finalize their report. To support consistency in the use of section 35 language while respecting the requirements of procedural fairness, plenary meetings with other NSIRA members are available to the assigned member, though neither imposed nor mandatory. If an assigned member has decided a matter and has found that an activity has met the noncompliance threshold, they may draft their section 35 language and then invite the other members to discuss the contextualization and language of the finding. At such a meeting, the assigned member may present a draft decision to the membership. No factual issues are discussed at this meeting, no voting or any other procedure to determine consensus is used, and no minutes or attendance are taken. If a new argument or policy arises in the meeting that may affect the ultimate decision, the parties must be given an opportunity to respond to it. The assigned members at all times must be able to decide the final outcome of an investigation according to their own conscience and opinion.

Section 40 Reporting

The threshold

Subsection 40(1) of the NSIRA Act provides that:

40 (1) If the Review Agency is of the opinion that it is in the public interest to report on any matter related to its mandate, it may submit a special report to the appropriate Minister.

Section 40 public interest reports may be used to highlight findings of possible non-compliance that NSIRA views as significant. When a finding of possible non-compliance is made in a review or in a complaint investigation, a tailored and contextualized compliance report is issued under section 35. When a particularly egregious incident of possible non-compliance is found, a section 40 report may be submitted for tabling. Section 40 also extends beyond issues of non-compliance. For this reason, NSIRA has outlined a non-exhaustive list of scenarios where a public interest report would be issued, which includes, but is not limited to:

  1. Where a section 35 compliance report relates to an illegality amounting to an offence;
  2. Where a section 35 compliance report relates to conduct that may cause grievous bodily harm or death;
  3. Where a section 35 compliance report relates to conduct amounting to a human rights violation;
  4. Where a report finds conduct implicating the duties and functions of another review or oversight body, or branch of the state (e.g. the Courts), and NSIRA is not able to communicate the substance of the report directly to that entity; and
  5. Any other instance where NSIRA concludes that the public interest requires the release of the report or its conclusions to Parliament.

As with section 35, a section 40 public interest report can arise from a review or a complaint investigation. The timing of the application of the threshold, the format and the procedure are the same as for the section 35 compliance report, with any necessary modifications.

Share this page

No endorsement of any products or services is expressed or implied.

Share this page
Date Modified: