July 12, 2024, Ottawa, ON – The National Security and Intelligence Review Agency (NSIRA) is proud to celebrate its fifth anniversary, marking half a decade of a new model for reviewing Canada’s national security and intelligence activities.
Since its inception in 2019, NSIRA has conducted dozens of independent reviews and investigations, assessing whether the actions of Canada’s national security and intelligence agencies are lawful, reasonable, and necessary. In all its work, NSIRA has maintained its mission to serve as the trusted eyes and ears of Canadians.
“I am motivated by NSIRA’s independence and respect for the rule of law, two fundamental values that have guided me throughout my career,” said Marie Deschamps, NSIRA’s Chair. “Through these values and a commitment to rigorous, high-level reviews, the Agency’s impact on strengthening national safety and security cannot be overstated.”
NSIRA’s reviews have resulted in valuable insights and recommendations to enhance the accountability of Canada’s national security and intelligence agencies. By publishing declassified versions of its review reports, NSIRA has made strides in fostering public transparency.
“Wise intelligence community leaders know that review makes their services better, often by identifying problem areas that otherwise risk going unaddressed,” said Craig Forcese, NSIRA’s Vice-Chair. “Over its first five years, NSIRA had embraced a robust review professionalism facilitating progressive improvement in the services it reviews.”
NSIRA’s investigations have also underscored the importance of an independent investigative process to deal with complaints about the activities of the Canadian Security Intelligence Service (CSIS), the Communications Security Establishment (CSE), and the Royal Canadian Mounted Police (RCMP).
Over the past five years, NSIRA’s array of work has included launching a review arising from a 2020 Federal Court decision that found institutional failings by CSIS and Justice Canada, investigating 58 complaints referred by the Canadian Human Rights Commission, and earlier this year, publishing its first-ever Section 40 public interest report, Review of the dissemination of intelligence on People’s Republic of China political foreign interference, 2018-2023.
NSIRA has also hosted the Five Eyes Intelligence Oversight and Review Council and established strong working relationships with international and domestic partners with whom the Agency continues to exchange best practices.
Tabling of the National Security and Intelligence Review Agency’s Special Report on its Review of the Dissemination of Intelligence on People’s Republic of China Political Foreign Interference, 2018-2023
Public Statements
Tabling of the National Security and Intelligence Review Agency’s Special Report on its Review of the Dissemination of Intelligence on People’s Republic of China Political Foreign Interference, 2018-2023
The National Security and Intelligence Review Agency’s (NSIRA) Special Report on its Review of the Dissemination of Intelligence on People’s Republic of China Political Foreign Interference, 2018-2023 was tabled in Parliament.
NSIRA’s first section 40 Special Report is a revised version of the classified report provided to the Prime Minister on March 5, 2024. In accordance with section 52(1)(b) of the NSIRA Act, NSIRA determined and implemented revisions necessary to remove information that could be injurious to national security, international relations or national defence.
This report is the culmination of a review that began on March 9, 2023, that focused on the production and dissemination of intelligence concerning political foreign interference in federal democratic institutions and processes from 2018 to 2023, including the 43rd and 44th federal general elections.
NSIRA evaluated the flow of this intelligence within government from the collectors of intelligence to consumers of intelligence, including senior public servants and elected officials. This work involved scrutinizing internal processes regarding how collected information was shared and escalated to relevant decision-makers.
The report includes 10 findings and eight recommendations, concerning three principal areas:
The Canadian Security Intelligence Service’s (CSIS) collection and dissemination of intelligence on People’s Republic of China (PRC) foreign interference in the 2019 and 2021 federal elections
The role of the Security and Intelligence Threats to Elections (SITE) Task Force and the Critical Election Incident Public Protocol (CEIPP) Panel
The broader flow of intelligence on PRC political foreign interference across the security and intelligence community between 2018 and 2023
NSIRA’s review involved direct access to CSIS and Communications Security Establishment (CSE) systems, as well as direct contact with CSIS intelligence officers working in the field. Overall, NSIRA reviewed thousands of documents, conducted numerous briefings and interviews, and received multiple written submissions from reviewed departments and agencies.
NSIRA will respond in writing to media inquiries about the contents of the review.
Statement from the National Security and Intelligence Review Agency on its Review of the Government of Canada’s Production and Dissemination of Intelligence on Foreign Interference in the 43rd and 44th Canadian Federal Elections
Public Statements
Statement from the National Security and Intelligence Review Agency on its Review of the Government of Canada’s Production and Dissemination of Intelligence on Foreign Interference in the 43rd and 44th Canadian Federal Elections
On March 5th, NSIRA provided its classified report on the dissemination of intelligence on political foreign interference to the Prime Minister, and the Ministers of Public Safety, National Defence, and Foreign Affairs.
NSIRA believes that it is in the public interest to report on this matter and will therefore issue a Special Report to the Prime Minister to be tabled in Parliament. The Special Report will further inform Canadians as to how the government is handling information about the threat of foreign interference in our democratic institutions and processes.
As required by the NSIRA Act, NSIRA is consulting with the government to ensure that this report does not contain injurious or privileged information. NSIRA looks forward to this process being concluded in a timely manner.
NSIRA will not be speaking publicly about the results of its review until such time as the Special Report is tabled in Parliament owing to parliamentary privilege.
The National Security and Intelligence Review Agency (NSIRA) is currently reviewing certain Canadian Security Intelligence Service (CSIS) activities in relation to foreign interference, especially the risk framework used for these activities. Building on current reviews, NSIRA will review the process by which intelligence related to foreign interference was assessed by the security and intelligence community prior to, and following, the 43rd and 44th federal general elections, including how various assessment products were shared and escalated to relevant decision-makers. As provided for in the NSIRA Act, NSIRA will take all reasonable steps to cooperate with the National Security and Intelligence Committee of Parliamentarians (NSICOP) to avoid duplication of work in relation to the fulfilment of our respective mandates.
NSIRA values transparency and implements best practices to share as much information as possible through its review reports. NSIRA considers independence as the most fundamental value at the core of its mandate. As with all its reviews and investigations, NSIRA will carry out this work with resolute commitment to independence and impartiality.
OTTAWA, February 22, 2022 – A review of information sharing related to national security under the Security of Canada Disclosure Act (SCIDA) has found the vast majority of disclosures by federal organizations to be in compliance with the requirements of the Act. There were, however, a few cases that raised significant concerns, particularly one disclosure by the Royal Canadian Mounted Police (RCMP) that involved the personal information of thousands of people.
This was the first-ever joint review by the National Security and Intelligence Review Agency (NSIRA) and the Office of the Privacy Commissioner of Canada (OPC).
The joint report on disclosures under SCIDA has been tabled in Parliament. NSIRA earlier carried out a review of 2019 disclosures.
Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment were the primary recipients of information under SCIDA in 2020. The RCMP was also one of the top recipients of information and made a number of disclosures itself.
The primary disclosers of information included Immigration, Refugees and Citizenship Canada, which was responsible for 159 disclosures, or approximately 74% of all disclosures in 2020, many of which related to information contained in passport applications, primarily confirming citizenship status or to provide biographical information.
Global Affairs Canada was responsible for 40 disclosures (approximately 19%), many of which contained information gathered by diplomatic missions regarding the movements of individuals in foreign countries.
The review found that 212 of 215 disclosures of information in 2020 met the requirements of a disclosure test set out under SCIDA.
The review found that most of the disclosures involved one or a few individuals. A handful involved larger numbers of people, including one of particular concern, which accounted for the vast majority of individuals affected by SCIDA disclosures in 2020.
In that case, the RCMP disclosed to the Department of National Defence and the Canadian Armed Forces the biometric information of thousands of men, women and children detained by a foreign entity on suspicion of being members or supporters of a terrorist organization.
The review raised concerns about that instance because it involved the RCMP disclosing highly sensitive information based on incomplete data. The missing information would have been necessary to properly assess both the effect on privacy interests and the reasonable necessity of the disclosure, as required by SCIDA.
Following their review, NSIRA and the OPC made 11 recommendations aimed at improving compliance with SCIDA. These related to, for example, record keeping, governance and measures to ensure SCIDA’s disclosure test is met.
NSIRA and the OPC are calling on institutions to implement the recommendations within six months.
I am writing in response to your correspondence of June 28, 2021, in which you requested that deputy heads across the public service provide you with open letters outlining steps taken in response to the Call to Action on Anti-Racism, Equity and Inclusion in the Federal Public Service, which was issued on January 22, 2021.
As a new organization, established in July 2019, the National Security and Intelligence Review Agency (NSIRA) has taken a number of steps to incorporate anti-racism, equity and inclusion into systems and practices, across all of our business lines. As your guidance letter recognized, organizations in the federal public service are at different stages of implementation. While NSIRA has made a lot of progress, we recognize that as a new organization we still have much work to do to advance the goals outlined in the Call to Action.
Below is a summary of progress made to date in implementing the Call to Action, including a description of successes and ongoing challenges. My hope is that it contributes meaningfully to a shared body of knowledge and practices across the federal public service, and that other organizations are able to benefit from understanding NSIRA’s work to-date on these issues. Likewise, I look forward to learning about the successes and challenges of other organizations in implementing the Call to Action, and to incorporating best practices as we continue to advance on issues of anti-racism, equity and inclusion.
Yours sincerely,
John Davies Executive Director National Security and Intelligence Review Agency Secretariat
Corporate Services and Human Resources
Successes
2020-2021 was NSIRA’s first full year in operation. During that time, the NSIRA Secretariat put its human resources infrastructure in place, including introducing policies with respect to staffing and recruitment, learning and development, performance and talent management, employment equity, duty to accommodate and flexible work arrangements, among others. The timing was such that the Secretariat was able to take a deliberate, thoughtful approach to issues such as anti-racism, discrimination, equity and inclusion, and to pay careful attention to existing or potential systemic barriers as it developed its policy suite and terms and conditions of employment.
Although the NSIRA Secretariat is not subject to the Treasury Board Policy on People Management, it nevertheless designated a senior official for employment equity, diversity and inclusion (EE, D&I).
The NSIRA Secretariat developed a maturity model to assess its current situation with respect to anti-racism, anti-discrimination, accessibility, employment equity, diversity and inclusion. The maturity model will be used to evaluate progress and the extent to which various initiatives are helping to achieve the desired outcomes.
The Secretariat adopted a name-blind approach for appointments to management and executive positions. This was in an effort to mitigate against potential bias in selection processes.
The NSIRA Secretariat deliberately advertised job opportunities to a wide candidate pool, including both within and outside the public service, in Canada and abroad. This attracted a number of individuals who self-identified as members of an employment equity designated group.
NSIRA Secretariat has only six (6) executive positions, two of which are classified in the Law Manager (LC) group. Since April 1, 2020, five positions were staffed, of which 60% of the appointees self-identified as a member of an employment equity designated group. As well, four management positions (e.g. EC-07, FI-04, etc.) were staffed in 2020-2021, all with members of an employment equity designated group.
Challenges
As a separate agency of fewer than 100 FTES, the NSIRA Secretariat is not required to gather self-ID data. Despite this, the Secretariat explored with Treasury Board Secretariat (TBS) the possibility of using their self-ID tool and system. Unfortunately, TBS advised that this was not possible because of legal considerations. NSIRA has nevertheless been closely following TBS’ work on redesigning the self-ID tool and is planning to introduce its own self-ID tool to measure representation in 2021-2022. In the meantime, the Secretariat is relying on PSES data to provide a baseline with respect to both representation and the workplace experience.
Being a micro-agency outside the core public administration is perhaps the most significant challenge. The Call to Action calls on public service leaders to appoint, sponsor and support Indigenous employees and Black and other racialized employees, through the use of talent management, leadership develop and career development programs and services. Micro-agencies neither have the same resources, nor access to the same infrastructure as departments and agencies in the core public administration including job opportunities, inclusion in system-wide talent management exercises, or the programs, tools or systems developed and led by the Office of the Chief Human Resources Officer (OCHRO) at TBS.
Creating an Environment for Dialogue on Anti-Racism and Social Justice
Successes
In its first year, NSIRA Secretariat put the emphasis on developing inclusive leadership skills and in establishing a sense of belonging and trust, for example, through education and learning events, discussions aimed at increasing awareness, understanding and the link to reviews and investigations.
With the support of staff volunteers, NSIRA’s Champion for Employment Equity, Diversity and Inclusion led numerous all-staff discussions on themes related to anti-racism, diversity and inclusion, including: the impact of the murder of George Floyd, the conviction of Derek Chauvin, in which staff had the opportunity to discuss the trial, and unconscious bias. Staff also watched a number of documentaries about residential school survivors, which served as a platform for an educational discussion. In addition, all-staff events were held to mark Black History Month, International Women’s Day, Asian Heritage Month and National Indigenous History Month.
The impact of these all-staff discussions are borne out in the Public Service Employee Survey data, which found that:
68% of NSIRA respondents would feel free to speak about racism in the workplace without fear of reprisal (public service average is 48%);
87% of NSIRA respondents agree or strongly agree that their agency implements initiatives that promote anti-racism in the workplace (public service average is 75%);
85% of NSIRA respondents agree or strongly agree that they would feel comfortable sharing concerns about issues related to racism in the workplace with a person of authority (public service average is 79%).
Priorities
An important priority in the year ahead will be to continue to create an environment in which all employees feel comfortable participating in discussions on issues related to anti-racism, diversity and inclusion. Seeking input and participation through different means can help to reach people who shy away from larger conversations.
Another key challenge will be to continue to promote an environment of open and inclusive dialogue, while leveraging staff engagement to create a well-defined work plan for the year ahead.
Outreach and Stakeholder Engagement
Successes
NSIRA has broadened its stakeholder network over the past year, to include a more diverse range of perspectives that can help to improve how we undertake our core business of reviews and complaint investigations. Some of this engagement looked at the intersection of race and national security, and the positive role that NSIRA can play in promoting equity through its review program.
NSIRA undertook a consultation on the reform of its complaint investigation process, with the goal of ensuring efficiency and transparency of its investigations, which often involve complainants from racialized groups.
Challenges
Demystifying the complaint process and informing a broad cross-section of society of its availability.
Making materials available in languages beyond English and French, so that linguistic minorities and members of ethnic groups who perceive themselves as having been unfairly targeted by security services can make use of the complaint mechanism.
Reviews and Complaint Investigations
Successes
NSIRA has initiated work on a trend analysis for complaints, which will involve a broad initiative to appropriately collect race-based and other demographic information. The objectives of this initiative are to improve access to justice by improving awareness and understanding of the investigation process. The overall aim is to document the different racial groups among civilian complainants and determine whether there are significant racial disparities; whether there are racial differences with respect to the types of complaints made against national security agency members based on different groups; the frequency of complaints that include allegations of racial or other forms of bias; whether complaint investigation outcomes vary by racial group; and whether civilian satisfaction with NSIRA’s investigation process varies by racial group.
NSIRA’s program of planned and ongoing reviews also takes into account the potential for national security and intelligence activities to result in disparate outcomes for visible minority groups. Ongoing reviews of the Canada Border Services Agency’s targeting practices, as well as the use of biometrics in the national security and intelligence context, focus specifically on understanding the impacts of these activities on diverse communities.
Challenges
How to better integrate Gender-Based Analysis Plus (GBA+) into NSIRA’s review methodology.
It is an honour to be appointed Chair of the National Security and Intelligence Review Agency (NSIRA).
As Chair, my priorities are to support NSIRA’s objectivity and independence in its review mandate, with a focus on the “trust but verify” principle, and, for its investigative mandate, to enhance access to justice, particularly through the new process put in place in July 2021 (see new process here).
In addition, I will continue to build the trust that Canadians have towards their system of national security and intelligence review and to strengthen NSIRA’s relationships with the departments and agencies that fall under its review mandate. At the same time, I will underscore NSIRA’s commitment to collaborate with other review bodies, its engagement with community stakeholders, and will work to increase transparency and accountability for national security and intelligence activities in Canada.
I am grateful for the support that I receive from NSIRA’s specialized and diversified team and I look forward to continuing to work with my NSIRA colleagues to build on NSIRA’s accomplishments in the years ahead.
The Honourable Marie Deschamps, C.C.
Chair, National Security and Intelligence Review Agency
The Prime Minister, Justin Trudeau, today announced the following appointment:
The Honourable Marie Deschamps, C.C. becomes a member of the National Security and Intelligence Review Agency (NSIRA), effective September 30, 2019.
With full and independent authority, the NSIRA works to ensure that Canada’s national security agencies are complying with the law and that their actions are reasonable and necessary.
The National Security and Intelligence Review Agency (NSIRA) experienced a cyber security breach this past spring linked to the exploitation of Microsoft Exchange vulnerabilities. Between March 9 and March 19, 2021, a third party gained sporadic, unauthorized access to NSIRA’s externally-facing network (the “Protected B” network). The information below provides potentially affected individuals with more information about the breach.
The incident did not affect NSIRA’s classified systems.
What information was compromised?
The compromise resulted in the theft of two files: the first, a file containing system and software configuration settings for one of NSIRA’s servers, and the second comprising NSIRA’s active directory database. NSIRA’s active directory database contained basic information on NSIRA’s network users to facilitate their connection to the IT network. This information generally consisted of an individual’s first and last name, their office and/or personal phone numbers, and their NSIRA email addresses, as well as a hash of current and previously used passwords. Individuals affected by the theft of the active directory database have been directly notified by NSIRA, with a few exceptions. If you are a former employee, contractor or Member who has not heard from us, please contact NSIRA at privacy-vieprivee@nsira-ossnr.gc.ca for further information. The active directory database did not contain information about employees of other Government of Canada agencies nor about members of the public.
Did the third party access other information on the Protected B network?
The Canadian Centre for Cyber Security (the “Cyber Centre”) examined NSIRA’s IT infrastructure following the cyber security incident and found no evidence suggesting that the threat actor improperly accessed, or exfiltrated, other information stored on NSIRA’s Protected B network. We cannot fully exclude the possibility, however, that the threat actor may have improperly accessed other information stored on the Protected B network.
What types of personal information are found on NSIRA’s Protected B Network?
NSIRA’s Protected B network hosts a variety of unclassified, Protected A and Protected B documents created by our corporate, review and legal directorates. In addition, the network contained a variety of personal information related to both NSIRA employees and other individuals. The Protected B network also held NSIRA’s email server, which included both encrypted and unencrypted communications.
NSIRA has discussed the contents of its Protected B network with its employees and familiarized them with the type of personal information stored in their regard on NSIRA’s servers. In addition, the Protected B server would have included the following types of personal information on the listed groups:
Employees of Government of Canada departments and agencies, with whom NSIRA engages in its review, complaint or corporate mandates, particularly their email addresses, signature blocks and the content of email exchanges;
Information provided by individuals when submitting complaints for investigation by NSIRA, including a summary of their allegations;
Recent job or contract applicants, whose c.v. and attendant personal information (e.g. work history, residential address and contact information) remained on file;
On rare occasions, individuals referenced in security clearance forms submitted by employees or job applicants, such as family members and character references, if saved locally by employees on the network or if temporarily retained by NSIRA on the network at the time of the breach;
Individuals in academic and civil society groups engaged by NSIRA’s outreach efforts, namely their contact information and the contents of e-mail correspondence, and
Similarly, members of the public, including ATIP requestors, media representatives, and other individuals who have emailed NSIRA.
How did NSIRA respond to the breach?
Upon discovery of the compromise in March, NSIRA worked closely with Shared Services Canada (SSC) and the Cyber Centre to contain the breach and restore the integrity of its systems. Acting on a recommendation from the Cyber Centre, NSIRA has permanently decommissioned its Protected B network and related IT infrastructure. We also reported the matter to the RCMP, who are conducting a law enforcement investigation into the cyber incident.
NSIRA has also reported the privacy breach to the Office of the Privacy Commissioner of Canada (OPC) and the Treasury Board Secretariat. We have worked closely with the OPC to assess the privacy implications of the breach and notify affected individuals. Under the Privacy Act, individuals are entitled to register a complaint with the OPC with respect to the treatment of their personal information. Further information about their complaints process, and access to the form, may be found online here.
NSIRA is committed to ensuring that its IT infrastructure reflects best-in-class IT security measures. We continue to collaborate with the Privy Council Office (PCO), the Communications Security Establishment (CSE) and SSC in this regard.
Useful Resources
We wish to emphasize that NSIRA has no evidence that any of the broader personal information referred to above was accessed or exfiltrated by the threat actor. We are cognizant of the risks that can arise from breaches of cyber security and recommend the resources below:
Both credit monitoring bureaus in Canada offer a selection of free and fee-based services:
Certain companies also offer services related to monitoring the Internet for the presence of an individual’s personal information, such as Telus’ Norton LifeLock.
In addition, the Government of Canada and the Office of the Privacy Commissioner have dedicated privacy and cybersecurity webpages, see:
The National Security and Intelligence Review Agency (NSIRA) and the Office of the Privacy Commissioner (OPC) recognize the benefits of coordinating their efforts to ensure efficient and effective review. As such, NSIRA and the Office of the Privacy Commissioner (OPC) have implemented a Memorandum of Understanding (MOU), setting out the parameters for future coordination between them.
NSIRA has the legal authority to coordinate its activities with those of the Privacy Commissioner under s.15.1 of the NSIRA Act, and to this end, may provide the Privacy Commissioner with information concerning its reviews. The Privacy Commissioner has the corresponding legal authority to coordinate his activities with those of NSIRA under s. 37(5) of the Privacy Act and may provide information to NSIRA pursuant to subsection 64(3) of the Privacy Act.
The MOU clearly defines the objectives and procedures for ongoing coordination, defines roles and responsibilities for joint reviews and investigations, and sets out the parameters for information management, reporting and administration. Implementing this MOU will enable NSIRA and the OPC to benefit from each other’s expertise and provide transparency on their coordination efforts.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
