Language selection

Government of Canada / Gouvernement du Canada

Search


Departmental Results Report: 2022-23

Meta data information

Cat. Number: PS106-8E-PDF
ISSN: 2563-5174

© His Majesty the King in Right of Canada, 2023

Date of Publishing:

From the Executive Director

I am pleased to present the National Security and Intelligence Review Agency (NSIRA) Secretariat’s Departmental Results Report for 2022-23. Throughout the reporting period, the Secretariat has continued to execute its mission to support NSIRA in its focus on conducting highquality, impactful reviews and fair and efficient complaint investigations. We also worked to expand our capacity and expertise across all business lines, building on the work of previous years.

In 2022-23, NSIRA’s review work continued to expand to new areas within Canada’s national security and intelligence community and NSIRA continued to collaborate and de-conflict with like-minded accountability bodies in Canada with similar mandates. NSIRA’s work on complaint investigations was extensive and included the completion of a significant volume of referrals from the Canadian Human Rights Commission. The NSIRA Secretariat was an integral part of all of these developments which required us to remain agile, diverse and to explore all avenues of our productivity in the support of NSIRA.

Internally, we undertook a number of ambitious initiatives related to training and development, with a focus on attracting and retaining highly professional staff and offering career progression options. We continued to refine our business processes to enhance the quality of our output and strengthened our relationship with our various domestic and international counterparts to exchange on best practices in the field of national security and intelligence accountability.

I would like to thank all NSIRA Secretariat staff for their continued dedication to fulfilling our important mandate, and for ensuring that our work is held to the highest standards.

John Davies
Executive Director
National Security and Intelligence Review Agency

Results at a glance

In 2022-23, the National Security and Intelligence Review Agency (NSIRA) Secretariat continued to execute its mandate of assisting NSIRA in its Reviews and Investigations with the goal of improving national security and intelligence accountability and transparency in Canada. This related not only to the activities of the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), but also other federal departments and agencies engaged in such activities, including:

  • the Department of National Defence (DND) and the Canadian Armed Forces (CAF);
  • the Canada Border Services Agency (CBSA); and,
  • all departments and agencies engaging in national security and intelligence activities in the context of NSIRA’s yearly reviews of the Security of Canada Information Disclosure Act and the Avoiding Complicity in Mistreatment by Foreign Entities Act.

The NSIRA Secretariat’s total spending in 2022-23 amounted to $18,289,147 and its total actual full-time equivalents were 78.

Review

NSIRA’s review of national security and intelligence activities undertaken by Government of Canada institutions ensures that ministers and Canadians are informed about whether these activities were lawful, reasonable and necessary.

During 2022–23, the Secretariat assisted NSIRA in completing 7 reviews, including reviews of activities that were never previously subject to independent scrutiny. We also refined our methodology, emphasizing a stronger role for NSIRA Members in working with staff to shape reviews throughout their lifecycle.

Complaint investigations

In 2022-23 the Secretariat assisted NSIRA in the continuation of maturation and modernization of the processes underpinning the fulfillment of its investigation mandate. The jurisdiction assessment phase was regularized, incorporating a verification protocol for the three agencies for which NSIRA has complaints jurisdiction. The administration and conduct of the investigative process has increased emphasis on investigative interviews in order to enhance the relevance of the process for complainants.

COVID-19 remained a lingering feature of the investigative landscape in the first half of the year which caused continued constraints with respect to the progress of investigations, requiring inperson meetings in compliance with security protocols. The new processes reduced delays in the conduct of investigations. It is anticipated that this will continue on a forward basis as we emerge from the pandemic.

The level of investigation activities last year remained high and included the completion of a significant referral from the Canadian Human Rights Commission (CHRC). A number of initiatives were commenced relating to data management and service standards which are expected to enhance file management in the coming year.

For more information, see the “Results: what we achieved” section of this report.

Results: what we achieved

Core responsibility

Assisting NSIRA in National Security and Intelligence Reviews and Complaints Investigations

Description:

The National Security and Intelligence Review Agency reviews Government of Canada national security and intelligence activities to assess whether they are lawful, reasonable and necessary. It investigates complaints from members of the public regarding activities of CSIS, CSE or the national security activities of the RCMP, as well as certain other national security-related complaints. This independent scrutiny contributes to the strengthening of the framework of accountability for national security and intelligence activities undertaken by Government of Canada institutions and supports public confidence in this regard. The NSIRA Secretariat’s function is to assist NSIRA in the conduct of this important work.

Results:

The NSIRA Secretariat assisted NSIRA in the completion of 7 national security and intelligence reviews over the course of 2022–23. Five reviews focused mainly on an individual department or agency, while two reviews were interdepartmental by design. Organizations whose activities were the subject of specific reviews included:

  • Canadian Security Intelligence Service — one review
  • Communications Security Establishment — two reviews
  • Department of National Defence and the Canadian Armed Forces — one review
  • Canada Border Services Agency – one review

The two interdepartmental reviews by design were:

  • The annual review of disclosures under the Security of Canada Information Disclosure Act (SCIDA)
  • The annual review of the implementation of directions issued under the Avoiding Complicity in Mistreatment by Foreign Entities Act (ACA)

During the reporting period, the Secretariat continued to refine its processes and methodology to assist the NSIRA review mandate, with the goal of promoting high-quality, impactful reviews.

NSIRA Members worked closely with Secretariat staff in designing and executing individual reviews. The Secretariat supported NSIRA in the development and implementation of a “Considerations Matrix” which uses objective criteria to identify review topics in accordance with NSIRA’s core mandate and mission. In addition, the Secretariat implemented an updated process at the staff level for its Quality Assurance of review work, incorporating peer review at key stages.

NSIRA continued to place emphasis on the review of the use of technology by reviewed entities. The Secretariat’s Technology Directorate supported NSIRA’s ongoing first technology-focused review of the lifecycle of CSIS information collected by technical capabilities pursuant to a Federal Court warrant.

Investigation of national security and intelligence–related complaints

During the past year, the Secretariat continued to assist NSIRA efforts in reforming the investigative process for complaints and developing procedures and practices to ensure that the conduct of investigations is fair, timely and transparent. This included work on a streamlined jurisdictional assessment phase and increased use of investigative interviews as the principal means of fact finding. These developments enabled the Secretariat to successfully assist NSIRA in dealing with a significant volume of complaints over this reporting period.

During 2022-23, under instructions from NSIRA leadership, the Secretariat began developing service standards related to the investigation of complaints. The service standards will set internal time limits for certain investigative steps for each type of complaint, under normal circumstances. The service standards will specify the circumstances under which those time limits do not apply. The Secretariat will finalize and publish its service standards in 2023.

The Secretariat assisted NSIRA in completing sixty-seven complaint investigations during the 2022-23 reporting period, which included 58 referrals from the CHRC and 9 other complaints. Additionally, the Secretariat began the last phase of a study on race-based data and the collection of demographic information jointly commissioned with the Civilian Review and Complaints Commission for the RCMP (CRCC). The study will assess the viability of the collection of identity-based and demographic data as part of the CRCC’s ongoing anti-racism initiatives. Improved, more precise and more consistent tracking, collection and measurement of data is necessary to support anti-racism efforts in government.

Gender-based analysis plus

In 2022–23, the NSIRA Secretariat’s Diversity, Inclusion and Employment Equity Advisory Committee examined and provided recommendations to senior management on ways it can improve its internal policies, programs and procedures, as well as its external service delivery model to increase inclusion, diversity and equity.

We continue to work closely with partners to develop strategies for the collection, analysis and use of race-based and demographic data in the context of the complaints process. Improving awareness and understanding of NSIRA’s investigation process remains a core objective to ensure justice is accessible to all.

The potential for national security and intelligence activities to result in disparate outcomes for minority groups is taken into account when the Secretariat assists NSIRA to plan and conduct its reviews. Diversity is one of the elements on NSIRA’s Review Considerations Matrix, which uses objective criteria to identify review topics in accordance with NSIRA’s core mandate and mission. While NSIRA’s reviews are focused on the compliance, reasonableness, necessity and efficacy of activities, particular consideration is given to the impacts of these activities on diverse communities.

In 2022-23, the NSIRA Secretariat worked to establish a framework for the collection of employee self-identification data, in order to understand the makeup of its workforce and how it compares with the broader Canadian population. Understanding where there are gaps in representation of equity-deserving groups will help to determine where changes are needed to correct historical disadvantages and achieve equality in the workplace. This initiative will be implemented in 2023-24.

The NSIRA Secretariat also published its first accessibility plan in accordance with the Accessible Canada Act: National Security and Intelligence Review Agency Accessibility Plan 2022 – 2025. The plan was developed further to both internal and external consultations which included individuals whose lived experience as persons with a disability provided invaluable insight into barriers, potential gaps, and important considerations with respect to mitigation strategies. This inaugural plan outlines the steps that will be taken to increase accessibility within the organization and for Canadians more generally over the next three years.

Innovation

Given the Secretariat’s mandate to assist NSIRA’s functions and responsibilities, the Secretariat did not engage in any program-related innovation activities.

Key risks

During the reporting period, the Secretariat assisted NSIRA in its work with the departments and agencies subject to review, to ensure timely and unfettered access to all the information necessary for the conduct of reviews. While work remains to be done on this front, we acknowledge the improvements in cooperation and support to the independent review process demonstrated by some reviewees. Secretariat staff generally increased its level of occupancy within the departments’ offices and its access to information systems.

Physical distancing precautions established by the COVID-19 pandemic were, for the most part, lifted in 2022–23. However, the Secretariat remains ready to implement such measures if they are deemed necessary in the future. We see investments made in virtual meeting technology as beneficial for the organization as they have allowed us to gain flexibility.

Results achieved

The following table shows, for the assistance in completing National Security and Intelligence Reviews and Complaints Investigations, the results achieved, the performance indicators, the targets and the target dates for 2022–23, and the actual results for the three most recent fiscal years for which actual results are available.

Departmental results Performance indicators Target Date to achieve target 2020-21 actual results 2021-22 actual results 2022-23 actual results
Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary All mandatory reviews are completed on an annual basis 100% completion of mandatory reviews 2021-22 Not applicable (N/A) 100% 100%
Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year At least one national security or intelligence activity is reviewed in at least five departments or agencies annually 2021-22 N/A 100% 100%
All Member-approved high priority national security or intelligence activities are reviewed over a three- year period 100% completion over three years; at least 33% completed each year 2021-22 N/A 33% 33%
National security-related complaints are independently investigated in a timely manner Percentage of investigations completed within NSIRA service standards 90% 2022-23 N/A N/A

Note: The NSIRA Secretariat was created on July 12, 2019. Actual results for 2020–21 are not available because the new Departmental Results Framework in the changeover from the Security Intelligence Review Committee to the NSIRA Secretariat was being developed. This new framework is for measuring and reporting on results achieved starting in 2021–22. In 2022–23, the Secretariat will finalize the development of service standards for how long it takes to complete its investigations; the results will be included in the next Departmental Results Report.

Financial, human resources and performance information for NSIRA’s Program Inventory is available in GC InfoBase.

Budgetary financial resources (dollars)

The following table shows, for internal services, budgetary spending for 2022–23, as well as actual spending for that year.

2022–23 Main Estimates 2022–23 Planned spending 2022–23 Total authorities available for use 2022–23 Actual spending (authorities used) 2022–23 Difference (Actual spending minus Planned spending)
$10,756,818 $10,756,818 $11,541,004 $7,756,271 $(3,000,547)

Financial, human resources and performance information for NSIRA Secretariat’s Program Inventory is available in GC InfoBase.

Human resources (full-time equivalents)

The following table shows, in full-time equivalents, the human resources the NSIRA Secretariat’s needed to fulfill this core responsibility for 2022–23.

2022–23 Planned full-time equivalents 2022–23 Actual full-time equivalents 2022–23 Difference (Actual full-time equivalents minus Planned full-time equivalents)
69 53 (16)

Financial, human resources and performance information for NSIRA Secretariat’s Program Inventory is available in GC InfoBase.

Internal Services

Description

Internal services are those groups of related activities and resources that the federal government considers to be services in support of programs and/or required to meet corporate obligations of an organization. Internal services refers to the activities and resources of the 10 distinct service categories that support program delivery in the organization, regardless of the internal services delivery model in a department. The 10 service categories are:

  • Acquisition Management Services
  • Communication Services
  • Financial Management Services
  • Human Resources Management Services
  • Information Management Services
  • Information Technology Services
  • Legal Services
  • Material Management Services
  • Management and Oversight Services
  • Real Property Management Services

Results

During the reporting period, the NSIRA Secretariat continued to take steps to ensure resources were deployed in the most effective and efficient manner possible and its operations and administrative structures, tools and processes continued to focus on supporting the delivery of its priorities.

The Secretariat recognizes the need to be an inclusive, healthy, and flexible employer. Over the past year, we have encouraged flexible working arrangements, such as teleworking, to achieve work–life balance and meet performance expectations.

The Secretariat initiated a project associated with the accreditation of its current space for use of classified material. Various testing, inspections and supported documents were issued to the Lead Security Agency issuing the authority to operate within the required timelines.

Work on increasing the Secretariat’s footprint with modern and flexible workstations within the classified and non-classified realm commenced in the summer of 2022. The project has, due to its complexity, supply chain challenges, and compliancy requirements, seen the delivery date pushed back to summer of 2024.

The Secretariat also completed work on refreshing two of its multifunctional meeting rooms. The Secretariat continues to implement security controls and keeps its Security Plan and the Business Impact Analysis evergreen, in order to ensure resiliency.

The Secretariat has successfully implemented an ergonomic and accessibility program. This program is a joint venture between the human resources and property management teams. In addition to this, based on the Information Management plans and strategies developed last fiscal year, the Secretariat identified the tools and resources required to execute the plans/strategies over the coming years.

Contracts awarded to Indigenous businesses

The Government of Canada is committed to reconciliation with Indigenous peoples and to improving socio-economic outcomes by increasing opportunities for First Nations, Inuit and Métis businesses through the federal procurement process.

Under the Directive on the Management of Procurement, which came into effect on May 13, 2021, departments must ensure that a minimum of 5% of the total value of the contracts they award are held by Indigenous businesses. This requirement is being phased in over three years, and full implementation is expected by 2024.

Indigenous Services Canada has set the implementation schedule:

  • Phase 1 departments: April 1, 2022, to March 31, 2023
  • Phase 2 departments: April 1, 2023, to March 31, 2024
  • Phase 3 departments: April 1, 2024, to March 31, 2025

The NSIRA Secretariat is a Phase 3 organization and is aiming to achieve the minimum 5% target by the end of 2025.

In order to achieve this target, the Secretariat plans to implement a strategy to create more opportunities for Indigenous businesses. Tools will be added to ensure Indigenous considerations for every contract and consideration will be given to amending internal policies.

In addition, all staff will be required to complete the mandatory course Indigenous Considerations in Procurement (COR409) from the Canada School of Public Service as well as Procurement in the Nunavut Settlement Area (COR410) from the Canada School of Public Service.

Budgetary financial resources (dollars)

The following table shows, for internal services, budgetary spending for 2021–22, as well as spending for that year.

2022–23 Main Estimates 2022–23 Planned spending 2022–23 Total authorities available for use 2022–23 Actual spending (authorities used) 2022–23 Difference (Actual spending minus Planned spending)
$17,493,858 $17,493,858 $17,822,513 $10,532,876 ($6,960,982)

The difference of $6.9 million between planned and actual spending is mostly due to the lingering impacts of the pandemic on the Secretariat’s ability to progress with its facilities fit-up and expansion plans, as well as on its planned spending on internal services infrastructure and systems.

Human resources (full-time equivalents)

The following table shows, in full-time equivalents, the human resources the department needed to carry out its internal services for 2022–23.

2022–23 Planned full-time equivalents 2022–23 Actual full-time equivalents 2022–23 Difference (Actual full-time equivalents minus Planned full-time equivalents)
31 25 (6)

Spending

Spending 2020–21 to 2025–26

The following graph presents planned (voted and statutory spending) over time.

Graph: Departmental spending trend - Text version follows
Departmental spending trend graph
2020-21 2021-22 2022-23 2023-24 2024-25 2025-26
Statutory 962,186 1,176,321 1,300,166 1,755,229 1,755,229 1,756,977
Voted 11,289,189 16,113,433 16,988,980 21,253,996 16,753,702 16,786,929
Total 12,251,375 17,289,754 18,289,147 23,009,225 18,508,931 18,543,906

The graph illustrates the Secretariat’s spending trends over a six-year period from 2020-21 to 2025–26. Fiscal years 2020–21 to 2022–23 reflect actual expenditures as reported in the Public Accounts. Fiscal years 2023–24 to 2025–26 represent planned spending.

The increased spending in 2023-24 is due to the expectation that the facilities fit-up and expansion is planned to be completed in this fiscal year.

The levelling of authorities in 2024–25 and 2025-26 is due to the sunsetting of funding earmarked for the completion of facilities fit-up and expansion.

Budgetary performance summary for core responsibilities and internal services (dollars)

The “Budgetary performance summary for core responsibilities and internal services” table presents the budgetary financial resources allocated for the NSIRA Secretariat’s core responsibilities and for internal services.

Core responsibilities and Internal Services 2022-23 Main Estimates 2022-23 Planned spending 2023-24 Planned spending 2024-25 Planned spending 2022-23 Total authorities available for use 2020-21 Actual spending (authorities used) 2021-22 Actual spending (authorities used) 2022-23 Actual spending (authorities used)
National Security and Intelligence Reviews and Complaints Investigations 10,756,818 10,756,818 10,757,687 10,757,687 11,541,004 3,009,066 7,394,642 7,756,271
Subtotal 10,756,818 10,756,818 10,757,687 10,757,687 11,541,004 3,009,066 7,394,642 7,756,271
Internal Services 17,493,858 17,493,858 7,701,336 7,701,042 17,822,513 6,643,579 9,895,112 10,532,876
Total 28,250,676 28,250,676 18,459,023 18,458,729 29,363,517 9,652,645 17,289,754 18,289,147

Human resources

The “Human resources summary for core responsibilities and internal services” table presents the full-time equivalents (FTEs) allocated to each of the Secretariat’s core responsibilities and to internal services.

Human resources summary for core responsibilities and internal services

Core responsibilities and Internal Services 2020-21 Actual full-time equivalents 2021-22 Actual full-time equivalents 2022-23 Planned full-time equivalents 2022-23 Actual full-time equivalents 2023-24 Planned full-time equivalents 2024-25 Planned full-time equivalents
National Security and Intelligence Reviews and Complaints Investigations 38 52 69 53 69 69
Subtotal 38 52 69 53 69 69
Internal Services 22 22 31 25 31 31
Total 29 60 100 78 100 100

Expenditures by vote

For information on the Secretariat’s organizational voted and statutory expenditures, consult the Public Accounts of Canada.

Government of Canada spending and activities

Information on the alignment of the Secretariat’s spending with Government of Canada’s spending and activities is available in GC InfoBase.

Financial statements and financial statements highlights

Financial statements

NSIRA’s financial statements (unaudited) for the year ended March 31, 2023, are available on the departmental website.

Financial statement highlights

Condensed Statement of Operations (unaudited) for the year ended March 31, 2023 (dollars)
Financial information 2022-23 Planned results 2022-23 Actual results 2021-22 Actual results Difference (2022-23 Actual results minus 2022-23 Planned results) Difference (2022-23 Actual results minus 2021-22 Actual results)
Total expenses $28,250,676 $19,585,699 $16,164,825 ($8,664,977) $3,420,874
Total revenues 0 0 0 0 0
Net cost of operations before government funding and transfers $28,250,676 $19,585,699 $16,164,825 ($8,664,977) $3,420,874

The 2022–23 planned results information is provided in the Secretariat’s Future-Oriented Statement of Operations and Notes 2022–23. Future-Oriented Statement of Operations and Notes 2022–23

Condensed Statement of Financial Position (unaudited) as of March 31, 2023 (dollars)
Financial information 2022-23 2021-22 Difference (2022-23 minus 2021-22)
Total net liabilities $2,293,538 $2,050,302 $243,236
Total net financial assets $1,518,277 $1,577,964 ($59,687)
Departmental net debt $775,261 $$472,338 $302,923
Total non-financial assets $4,829,722 $2,240,138 $2,589,584
Departmental net financial position $4,054,461 $1,767,800 $2,286,661

The 2022–23 planned results information is provided in the Secretariat’s Future-Oriented Statement of Operations and Notes 2022–23.

Corporate Information

Organizational profile

Appropriate minister: The Right Honourable Justin Trudeau, Prime Minister of Canada
Institutional head: John Davies, Executive Director
Ministerial portfolio: Privy Council Office
Enabling instrument: National Security and Intelligence Review Agency Act
Year of incorporation / commencement: 2019

Raison d’être, mandate and role: who we are and what we do

“Raison d’être, mandate and role: who we are and what we do” is available on NSIRA‘s website.

Operating context

Information on the operating context is available on NSIRA’s website.

Reporting framework

NSIRA’s Departmental Results Framework, with accompanying results and indicators, were under development in 2020–21. Additional information on key performance measures are included in the 2021–22 Departmental Plan.

Core Responsibility: National Security and Intelligence Reviews and Complaints Investigations
Departmental Results Framework Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary Indicator: All mandatory reviews are completed on an annual basis Internal Services
Indicator: Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year
Indicator: All Member-approved high priority national security or intelligence activities are reviewed over a three-year period
National security-related complaints are independently investigated in a timely manner Indicator: Percentage of investigations completed within NSIRA service standards
Program Inventory Program: National security and intelligence activity reviews and complaints investigations

Supporting information on the program inventory

Financial, human resources and performance information for NSIRA’s Program Inventory is available in GC InfoBase.

Supplementary information tables

The following supplementary information table is available on NSIRA’s website:

  • Gender-based analysis plus

Federal tax expenditures

The tax system can be used to achieve public policy objectives through the application of special measures such as low tax rates, exemptions, deductions, deferrals and credits. The Department of Finance Canada publishes cost estimates and projections for these measures each year in the Report on Federal Tax Expenditures. This report also provides detailed background information on tax expenditures, including descriptions, objectives, historical information and references to related federal spending programs. The tax measures presented in this report are the responsibility of the Minister of Finance.

Organizational contact information

National Security and Intelligence Review Agency
P.O. Box 2430, Station “D”
Ottawa, Ontario
K1P 5W5

Appendix: definitions

appropriation (crédit)

Any authority of Parliament to pay money out of the Consolidated Revenue Fund.

budgetary expenditures (dépenses budgétaires)

Operating and capital expenditures; transfer payments to other levels of government, organizations or individuals; and payments to Crown corporations.

core responsibility (responsabilité essentielle)

An enduring function or role performed by a department. The intentions of the department with respect to a core responsibility are reflected in one or more related departmental results that the department seeks to contribute to or influence.

Departmental Plan (plan ministériel)

A report on the plans and expected performance of an appropriated department over a 3‑year period. Departmental Plans are usually tabled in Parliament each spring.

departmental priority (priorité)

A plan or project that a department has chosen to focus and report on during the planning period. Priorities represent the things that are most important or what must be done first to support the achievement of the desired departmental results.

departmental result (résultat ministériel)

A consequence or outcome that a department seeks to achieve. A departmental result is often outside departments’ immediate control, but it should be influenced by program-level outcomes.

departmental result indicator (indicateur de résultat ministériel)

A quantitative measure of progress on a departmental result.

departmental results framework (cadre ministériel des résultats)

A framework that connects the department’s core responsibilities to its departmental results and departmental result indicators.

Departmental Results Report (rapport sur les résultats ministériels)

A report on a department’s actual accomplishments against the plans, priorities and expected results set out in the corresponding Departmental Plan.

experimentation (expérimentation)

The conducting of activities that seek to first explore, then test and compare the effects and impacts of policies and interventions in order to inform evidence-based decision-making, and improve outcomes for Canadians, by learning what works, for whom and in what circumstances. Experimentation is related to, but distinct from innovation (the trying of new things), because it involves a rigorous comparison of results. For example, using a new website to communicate with Canadians can be an innovation; systematically testing the new website against existing outreach tools or an old website to see which one leads to more engagement, is experimentation.

full‑time equivalent (équivalent temps plein)

A measure of the extent to which an employee represents a full person‑year charge against a departmental budget. For a particular position, the full‑time equivalent figure is the ratio of number of hours the person actually works divided by the standard number of hours set out in the person’s collective agreement.

gender-based analysis plus (GBA Plus) (analyse comparative entre les sexes plus [ACS Plus])

An analytical process used to assess how diverse groups of women, men and gender-diverse people experience policies, programs and services based on multiple factors including race ethnicity, religion, age, and mental or physical disability.

government-wide priorities (priorités pangouvernementales)

For the purpose of the 2022–23 Departmental Results Report, government-wide priorities are the high-level themes outlining the government’s agenda in the November 23, 2021, Speech from the Throne: building a healthier today and tomorrow; growing a more resilient economy; bolder climate action; fighter harder for safer communities; standing up for diversity and inclusion; moving faster on the path to reconciliation; and fighting for a secure, just and equitable world.

horizontal initiative (initiative horizontale)

An initiative where two or more federal organizations are given funding to pursue a shared outcome, often linked to a government priority.

non‑budgetary expenditures (dépenses non budgétaires)

Net outlays and receipts related to loans, investments and advances, which change the composition of the financial assets of the Government of Canada.

performance (rendement)

What an organization did with its resources to achieve its results, how well those results compare to what the organization intended to achieve, and how well lessons learned have been identified.

performance indicator (indicateur de rendement)

A qualitative or quantitative means of measuring an output or outcome, with the intention of gauging the performance of an organization, program, policy or initiative respecting expected results.

performance reporting (production de rapports sur le rendement)

The process of communicating evidence‑based performance information. Performance reporting supports decision making, accountability and transparency.

plan (plan)

The articulation of strategic choices, which provides information on how an organization intends to achieve its priorities and associated results. Generally, a plan will explain the logic behind the strategies chosen and tend to focus on actions that lead to the expected result.

planned spending (dépenses prévues)

For Departmental Plans and Departmental Results Reports, planned spending refers to those amounts presented in Main Estimates.

A department is expected to be aware of the authorities that it has sought and received. The determination of planned spending is a departmental responsibility, and departments must be able to defend the expenditure and accrual numbers presented in their Departmental Plans and Departmental Results Reports.

program (programme)

Individual or groups of services, activities or combinations thereof that are managed together within the department and focus on a specific set of outputs, outcomes or service levels.

program inventory (répertoire des programmes)

Identifies all the department’s programs and describes how resources are organized to contribute to the department’s core responsibilities and results.

result (résultat)

A consequence attributed, in part, to an organization, policy, program or initiative. Results are not within the control of a single organization, policy, program or initiative; instead they are within the area of the organization’s influence.

statutory expenditures (dépenses législatives)

Expenditures that Parliament has approved through legislation other than appropriation acts. The legislation sets out the purpose of the expenditures and the terms and conditions under which they may be made.

target (cible)

A measurable performance or success level that an organization, program or initiative plans to achieve within a specified time period. Targets can be either quantitative or qualitative.

voted expenditures (dépenses votées)

Expenditures that Parliament approves annually through an appropriation act. The vote wording becomes the governing conditions under which these expenditures may be made.

Share this page
Date Modified:

Review of Government of Canada Institutions’ Disclosures of Information Under the Security of Canada Information Disclosure Act in 2022

Annual Reports

Review of Government of Canada Institutions’ Disclosures of Information Under the Security of Canada Information Disclosure Act in 2022


Backgrounder

ISSN: 2817-7525

This report presents findings and recommendations made in NSIRA’s annual review of disclosures of information under the Security of Canada Information Disclosure Act (SCIDA)It was tabled in Parliament by the Minister of Public Safety, as required under subsection 39(2) of the NSIRA Act, on November 1st, 2023.

The SCIDA provides an explicit, stand-alone authority to disclose information between Government of Canada institutions in order to protect Canada against activities that undermine its security. Its stated purpose is to encourage and facilitate such disclosures.

This report provides an overview of the SCIDA’s use in 2022. In doing so, it:

  • documents the volume and nature of information disclosures made under the SCIDA;
  • assesses compliance with the SCIDA; and
  • highlights patterns in the SCIDA’s use across Government of Canada institutions and over time.

The report contains six recommendations designed to increase standardization across the Government of Canada in a manner that is consistent with institutions’ demonstrated best practices and the SCIDA’s guiding principles.

Date of Publishing:

List of Acronyms

CBSA Canada Border Services Agency
CFIA Canadian Food Inspection Agency
CNSC Canadian Nuclear Safety Commission
CRA Canada Revenue Agency
CSE Communications Security Establishment
CSIS Canadian Security Intelligence Service
DND/CAF Department of National Defence/Canadian Armed Forces
FINTRAC Financial Transactions and Reports Analysis Centre of Canada
GAC Global Affairs Canada
GC Government of Canada
IRCC Immigration, Refugees and Citizenship Canada
NSIRA National Security and Intelligence Review Agency
PHAC Public Health Agency of Canada
PS Public Safety Canada
RCMP Royal Canadian Mounted Police
SCIDA Security of Canada Information Disclosure Act
TC Transport Canada

Glossary of Terms

Contribution test The first part of the two-part threshold that must be met before an institution can make a disclosure under the SCIDA: it must be satisfied that the information will contribute to the exercise of the recipient institution’s jurisdiction or responsibilities in respect of activities that undermine the security of Canada (paragraph 5(1)(a)).
Proportionality test The second part of the two-part threshold that must be met before an institution can make a disclosure under the SCIDA: it must be satisfied that the information will not affect any person’s privacy interest more than reasonably necessary in the circumstances (paragraph 5(1)(b)).

Executive summary

This review provides an overview of the Security of Canada Information Disclosure Act (SCIDA)’s use in 2022. In doing so, it documents the volume and nature of information disclosures made under the SCIDA; assesses compliance with the SCIDA; and highlights patterns in the SCIDA’s use across Government of Canada (GC) institutions and over time.

In 2022, four disclosing institutions made a total of 173 disclosures to five recipient institutions. The National Security and Intelligence Review Agency (NSIRA) found that institutions complied with the SCIDA’s requirements for disclosure and record keeping in relation to the majority of these disclosures. Instances of non-compliance related to subsection 9(3), regarding the timeliness of records copied to NSIRA; subsection 5.1(1), regarding the timeliness of destruction or return of personal information; and subsection 5(2), regarding the provision of a statement on accuracy and reliability. The observed non-compliance did not point to any systemic failures in GC institutions’ implementation of the SCIDA.

NSIRA also made findings in relation to practices that, although compliant with the SCIDA, left room for improvement. These findings related to:

  • the use of information sharing arrangements;
  • the format of records prepared by institutions and copied to NSIRA, including the characteristics of effective records;
  • the nature of information provided under paragraph 9(1)(e) and relied upon in the conduct of assessments under subsection 5(1);
  • the provision of statements regarding accuracy and reliability prepared under subsection 5(2); and
  • the timeliness of administrative processes supporting information disclosure.

NSIRA made six recommendations designed to increase standardization across the GC in a manner that is consistent with institutions’ demonstrated best practices and the SCIDA’s guiding principles.

Overall, NSIRA observed improvements in reviewee performance as compared with findings from prior years’ reports and over the course of the review. These improvements include corrective actions taken by reviewees in response to NSIRA’s requests for information in support of this review.

1. Introduction

Authority

This review was conducted pursuant to paragraph 8(1)(b) and subsection 39(1) of the National Security and Intelligence Review Agency Act (NSIRA Act).

Scope of the Review

This review provides an overview of the Security of Canada Information Disclosure Act (SCIDA)’s use in 2022. In doing so, it:

  1. Documents the volume and nature of information disclosures made under the SCIDA;
  2. Assesses Government of Canada (GC) institutions’ compliance with the SCIDA’s requirements for record keeping;
  3. Assesses GC institutions’ compliance with the SCIDA’s requirements for disclosure, including the destruction or return of personal information, as appropriate; and
  4. Highlights patterns in the SCIDA’s use across GC institutions and over time.

The review’s scope was defined by records provided to NSIRA under the SCIDA, subsection 9(3) (see Annex A for a copy of institutions’ section 9 obligations under the Act). As such, the review’s assessment of compliance was limited to the seven GC institutions identified within these records as either disclosers or recipients (Canada Border Services Agency [CBSA], Communications Security Establishment [CSE], Canadian Security Intelligence Service [CSIS], Department of National Defence/Canadian Armed Forces [DND/CAF], Global Affairs Canada [GAC], Immigration, Refugees and Citizenship Canada [IRCC], and the Royal Canadian Mounted Police [RCMP]); and to instances of information disclosure where the SCIDA was identified by these institutions as an authority for disclosure. The review also included Public Safety Canada (PS) in its capacity as manager of the Strategic Coordination Centre on Information Sharing, which provides SCIDA-related policy guidance and training across the GC. 

The review satisfies the NSIRA Act’s section 39 requirement for NSIRA to report to the Minister of Public Safety on disclosures made under the SCIDA during the previous calendar year.

Methodology

The review’s primary source of information was records provided to NSIRA by disclosing and recipient institutions under the SCIDA, subsection 9(3). NSIRA also identified a targeted sample of disclosures for which it requested and assessed all associated documents provided by both the disclosing and recipient institution. This information was supplemented by a document review of institutions’ SCIDA policies and procedures, and related explanations.

NSIRA assessed administrative compliance with the SCIDA’s record-keeping obligations in relation to all disclosures identified in the records provided to NSIRA under subsection 9(3) (N=173). Where these records were incomplete, NSIRA provided an opportunity for institutions to supply the missing records. NSIRA accounted for such late submissions in its assessment of compliance with subsections 9(1) and 9(2).

NSIRA assessed substantive compliance with the SCIDA’s disclosure requirements in relation to the sample of disclosures (n=19). The sample was designed to reflect a non-representative cross-section of the SCIDA’s use, with particular attention to areas at higher risk of non-compliance. Disclosures were selected for the sample based on the content of records provided to NSIRA under subsection 9(3), according to defined parameters (see Annex B, Sample of Disclosures).

Review Statements

NSIRA found that, overall, its expectations for responsiveness by CSE, CSIS, DND/CAF, GAC, IRCC, PS, and RCMP during this review were met. Its expectations for responsiveness by CBSA were partially met, as CBSA required repeated follow-up to provide the requested information.

NSIRA was able to verify information for this review in a manner that met NSIRA’s expectations.

2. Backgrounder

The SCIDA provides an explicit, stand-alone authority to disclose information between GC institutions in order to protect Canada against activities that undermine its security. Its stated purpose is to encourage and facilitate such disclosures.

Section 9 of the SCIDA prescribes record-keeping obligations for all institutions who (1) disclose or (2) receive information under the Act. Each paragraph under subsections 9(1) and 9(2) identifies particular elements that must be set out in the records prepared and kept by each institution (see Annex A). Subsection 9(3) requires that these records be provided to NSIRA within 30 days after the end of each calendar year.

Subsection 5(1) of the SCIDA authorizes GC institutions to disclose information – subject to any prohibitions or restrictions in other legislation or regulations – to designated recipient institutions, if the disclosing institution is satisfied that (a) the information will contribute to the exercise of the recipient institution’s jurisdiction or responsibilities in respect of activities that undermine the security of Canada (the “contribution test”); and (b) the information will not affect any person’s privacy interest more than is reasonably necessary in the circumstances (the “proportionality test”).

Subsection 5(2) requires institutions that disclose information under subsection (1) to, at the time of the disclosure, also provide information regarding its accuracy and the reliability of the manner in which it was obtained.

When a GC institution receives information under the Act, subsection 5.1(1) requires that the institution destroy or return any unnecessary personal information as soon as feasible after receiving it.

The Act’s guiding principles underscore the importance of effectiveness and responsibility across disclosure activities. Of note, subsection 4(c) sets out that information sharing arrangements are appropriate in particular circumstances.

3. Findings, Analysis, and recommendations

Volume and Nature of Disclosures

In 2022, four disclosing institutions made a total of 173 disclosures to five recipient institutions (see Table 1). 79% (n=136) of these disclosures were requested by the recipient institution. The other 21% of disclosures (n=37) were sent proactively by the disclosing institution.

Table 1: Number of SCIDA disclosures made in 2022, by disclosing and recipient institution [all disclosures (proactive disclosures)]

    Designated Recipient Institutions
Disclosing Institution   CBSA CFIA CNSC CRA CSE CSIS DND/CAF Finance FINTRAC GAC Health IRCC PHAC PSC RCMP TC TOTAL (proactive)
CBSA 4
(3)
4
(3)
GAC 39
(18)

2
(2)

12
(12)
53
(32)
IRCC 59
(0)
56
(2)
115
(2)
RCMP 1
(0)
1
(0)
TOTAL (proactive) 59
(0)
95
(20)
2
(2)
1
(0)
16
(15)
173
(37)

The total number of disclosures made under the SCIDA since its implementation reflects a slight downward trend, with a generally constant proportion of requested versus proactive disclosures for the years in which this data was collected (see Figure 1).

Figure 1: Number of SCIDA disclosures over time

In 2022, these disclosures were made and received by institutions that had each disclosed or received information, as the case may be, in at least two prior review years (see Annex C, Overview of SCIDA Disclosures in Prior Years).

Finding 1: NSIRA found that CSE, CSIS, GAC, and IRCC regularly use the SCIDA in a manner that warrants information sharing arrangements, as encouraged by subsection 4(c) of the SCIDA.

CSE, CSIS, GAC, and IRCC were the most frequent users of the SCIDA in 2022. The number of disclosures between these institutions was comparable to those observed by NSIRA in prior years (see Annex C), indicating the occurrence of regular exchange over time.

NSIRA also observed regular patterns in the purpose and nature of the information exchanged between these institutions in 2022, as described in Table 2. These information exchanges were not governed by up-to-date information sharing arrangements.

Table 2: Nature of disclosures between the SCIDA’s most frequent users

GAC-to-CSIS (N=39) IRCC-to-CSIS (N=56) IRCC-to-CSE (N=59)
  • GAC information holdings relevant to threats to the security of Canada
  • Often (85%) made in direct response, or as a follow-up, to CSIS requests
  • IRCC information holdings relevant to threats to the security of Canada
  • Almost always (96%) made in response to CSIS requests
  • IRCC confirmation of Canadian status of named individuals of interest, required to ensure lawfulness of CSE operational activities
  • All (100%) made in response to CSE requests

NSIRA has previously recommended that information sharing arrangements be updated (for GAC and CSIS) or created (for IRCC and CSE) to govern certain information exchanges made under the SCIDA.

Recommendation 1: NSIRA recommends that information sharing arrangements be used to govern regular SCIDA disclosures between GAC and CSIS; IRCC and CSIS; as well as IRCC and CSE.

Record Keeping

Copy to NSIRA: Subsection 9(3)

Finding 2: NSIRA found that CBSA, DND/CAF, and IRCC were non-compliant with subsection 9(3) of the SCIDA, as they failed to provide all records created under subsections 9(1) or 9(2) to NSIRA within the legislated timeframe.

Requests for information from NSIRA during the course of this review prompted the late production of additional records relating to paragraphs under subsections 9(1) or 9(2) from each of CBSA, DND/CAF, and IRCC (see Table 3).

Table 3: Number [and associated subsection 9(1) or 9(2) paragraph] of late records leading to non-compliance with subsection 9(3), by cause

Administrative Error Delayed Preparation of Records
CBSA 2 [paragraph 9(1)(e)]
DND/CAF 2 [paragraphs 9(2)(e-g)]
IRCC 6 [paragraph 9(1)(e)] 1 [paragraphs 9(2)(e-g)]

CBSA and IRCC were non-compliant with subsection 9(3) due to administrative error; the records they eventually supplied had existed at the time of the reporting deadline, but were not copied to NSIRA as required.

NSIRA expected that all records would be prepared within 30 days after the end of the calendar year, in order to meet the subsection 9(3) requirement to provide a copy of those records to NSIRA within that timeframe.

DND/CAF and IRCC were non-compliant with subsection 9(3) on account of delayed preparation of records; they did not prepare the records referred to in Table 3 within 30 days after the end of the calendar year, and therefore did not provide a copy of them to NSIRA within the legislated timeframe.

NSIRA underscores the importance of administrative precision and timeliness in preparing records and copying them to NSIRA.

Format of Records

Finding 3: NSIRA found improved compliance outcomes in instances where departments prepared record overview spreadsheets under subsections 9(1) and 9(2) of the SCIDA that displayed the following characteristics:

  • a row for each disclosure made or received;
  • columns explicitly tied to each individual paragraph under section 9; and
  • additional columns to capture relevant administrative details, such as whether the disclosure was requested or proactive; the date of the request (if applicable); and any applicable file reference numbers.

The SCIDA does not specify a format for records prepared under section 9. Accordingly, in 2022, GC institutions fulfilled their record-keeping obligations in different ways.

Most institutions provided NSIRA with an overview of each disclosure made or received. These overviews were submitted to NSIRA as spreadsheets that generally captured the information required in records under subsections 9(1) and 9(2).

Most institutions also provided NSIRA with a copy of the disclosure itself and a selection of related documents. These documents often included email consultations with legal services, disclosure request letters, and other correspondence between disclosing and recipient institutions. The scope of requests for information in the course of the review was minimized in cases where institutions provided such documents.

DND/CAF and IRCC (for its one disclosure receipt) were the only institutions that originally provided NSIRA with a copy of the raw disclosure, including transmittal details, in the absence of a record overview or other related documents.[1] 

NSIRA observed that DND/CAF and IRCC’s choice in records format for these disclosures contributed to their non-compliance with subsection 9(3), described in Table 3. The information elicited under paragraphs 9(2)(e-g) cannot by definition be found within a copy of the disclosure itself, as it relates to action taken by recipient institutions following the disclosure’s receipt. A copy of the disclosure on its own is therefore insufficient to comply with all requirements under subsection 9(2).

Both DND/CAF and IRCC were infrequent recipients of disclosures under the SCIDA in 2022, accounting for only two and one disclosures, respectively. Each of the more frequent recipients of information (CSE, CSIS, and RCMP) included express columns in their record overview spreadsheets to capture whether and, if applicable, when personal information was destroyed or returned, per the requirements of paragraphs 9(2)(e-g).

NSIRA also observed that CBSA and IRCC’s choice in records format contributed to their non-compliance with subsection 9(3) due to administrative error. These institutions did not account for the full scope of information required under paragraph 9(1)(e) in their record overview spreadsheets.

The information relied upon to satisfy the disclosing institution that a disclosure is authorized under the Act is not required to be conveyed within the disclosure itself. Completing an appropriately-specified record overview spreadsheet is therefore an effective way to ensure that the corresponding information is documented and conveyed to NSIRA ahead of the legislated deadline.

The RCMP’s record overview spreadsheet was particularly effective in demonstrating compliance with the Act. The spreadsheet included columns that were explicitly tied to individual paragraphs under section 9, with additional fields limited to RCMP administrative information such as file and database reference numbers.

Spreadsheets designed in this way enable institutions’ efficient self-assessment against the requirements of the Act. They also facilitate the task of review by clearly matching the information provided with its corresponding requirement under the SCIDA, and by organizing disclosures and receipts of information in a manner that supports cross-verification.

Recommendation 2: NSIRA recommends that all GC institutions prepare record overviews to clearly address the requirements of subsections 9(1) and 9(2) of the SCIDA; and provide them to NSIRA along with a copy of the disclosure itself and, where relevant, a copy of the request.

Preparing and Keeping Records: Subsections 9(1) and 9(2)

Finding 4: NSIRA found that all GC institutions complied with their obligation to prepare and keep records that set out the information prescribed under subsections 9(1) and 9(2) of the SCIDA.

Finding 5: NSIRA found that more than half of the descriptions provided by CBSA and IRCC under paragraph 9(1)(e) of the SCIDA did not explicitly address their satisfaction that the disclosure was authorized under paragraph 5(1)(b), the proportionality test.

Même s’il s’attendait à une déclaration expresse décrivant les renseignements sur lesquels l’institution qui communiquait l’information s’était appuyée pour conclure que la communication était autorisée en vertu de la LCISC, l’OSSNR a tenu compte, dans le cadre de son examen, de tous les documents qui démontraient qu’une telle évaluation avait été effectuée.

IRCC n’a pas fait de déclaration expresse précisant que les communications demandées par le SCRS, qui représentent 57 % (n=54) de l’ensemble de ses communications, lui semblaient satisfaisantes du point de vue du critère de proportionnalité. En revanche, IRCC a fourni des copies des lettres de demande et de l’information communiquée en guise de réponse, ce qui confirme que la communication était manifestement conforme aux besoins précis de la demande (et donc témoigne d’une évaluation de la proportionnalité).

L’ASFC n’a pas fourni de déclaration expresse concernant sa satisfaction au regard du critère de proportionnalité pour 75 % (n=3) de ses communications. Elle a plutôt démontré qu’elle tenait compte du principe de proportionnalité en fournissant divers documents justificatifs, y compris de la correspondance interne.

La feuille de calcul utilisée par AMC pour donner une vue d’ensemble de ses documents a été particulièrement efficace pour répondre aux exigences de l’alinéa 9(1)e). L’analyse détaillée qu’elle a consignée en ce qui concerne les critères de contribution et de proportionnalité lui a permis de remplir ses obligations en matière de conservation des dossiers et de démontrer qu’elle respectait en substance le paragraphe 5(1).

Recommendation 3: NSIRA recommends that disclosing institutions explicitly address the requirements of both paragraphs 5(1)(a) and 5(1)(b) in the records that they prepare under paragraph 9(1)(e) of the SCIDA.

Disclosure of Information

Contribution and Proportionality Tests: Paragraphs 5(1)(a) and 5(1)(b)

Finding 6: NSIRA found, within the sample of disclosures reviewed, that disclosing institutions demonstrated they had satisfied themselves of both the contribution and proportionality tests, in compliance with subsection 5(1) of the SCIDA.

Finding 7: NSIRA found that GAC satisfied itself under the SCIDA’s paragraph 5(1)(a) contribution test based on an incorrect understanding of the recipient’s national security mandate in two cases.

The threshold for compliance with subsection 5(1) is that the disclosing institution has satisfied itself of the contribution and proportionality tests, and that it has done so prior to having made the disclosure.

In relation to the two disclosures that it made proactively to DND/CAF, GAC provided a rationale for the information’s contribution to DND/CAF’s mandate in respect of national security. Upon receipt of the information, however, DND/CAF did not agree with GAC’s assessment and therefore assessed that the SCIDA was not an appropriate disclosure mechanism in the circumstances.

Informal communication between the two institutions may have allowed DND/CAF and GAC to resolve this issue prior to the disclosure. When such communications occur, it is important that they be limited to the information necessary to confirm that the information contributes to the recipient’s mandate in respect of activities that undermine the security of Canada.

Recommendation 4: NSIRA recommends that GC institutions contemplating the use of proactive disclosures under the SCIDA communicate with the recipient institution, ahead of making the disclosure, to inform their assessments under subsection 5(1).

Statement Regarding Accuracy and Reliability: Subsection 5(2)

Finding 8: NSIRA found, within the sample of disclosures reviewed, that CBSA and GAC (in one and two disclosures, respectively) were non-compliant with the SCIDA’s subsection 5(2) requirement to provide a statement regarding accuracy and reliability.

Finding 9: NSIRA found, in relation to the remaining disclosures within the sample, that GAC, IRCC, and RCMP included their statements regarding accuracy and reliability within the disclosures themselves, whereas CBSA provided its statements in the disclosures’ cover letters.

Providing the statement on accuracy and reliability in a cover letter for the disclosure satisfies the Act’s requirement to provide the statement at the time of disclosure. However, separating the statement from the information disclosed increases the risk that the information may be subsequently used without awareness of relevant qualifiers. The location of the statement on accuracy and reliability – and not just its contemporaneous provision to the recipient – is therefore relevant to its value added.

Recommendation 5: NSIRA recommends that all disclosing institutions include statements regarding accuracy and reliability within the same document as the disclosed information.

Requirement to Destroy or Return Personal Information: Subsection 5.1(1)

Finding 10: NSIRA found that DND/CAF destroyed information under the SCIDA subsection 5.1(1), but they were non-compliant with the requirement to do so “as soon as feasible after receiving it.”

DND/CAF determined, upon receipt of the two disclosures it received from GAC, that the personal information contained within the disclosures should not be retained. The information, however, was not destroyed until April 2023 – 12 days following a request for information from NSIRA to provide a copy of records that set out whether and when the information had been destroyed or returned. The date of destruction was 299 and 336 days following DND/CAF’s receipt of each disclosure.

Taking into consideration the elapsed time between receipt of the information and its destruction, as well as DND/CAF’s timely conclusion that the information should not be retained, DND/CAF’s ultimate destruction of the information was non-compliant with the requirement to destroy the information “as soon as feasible after receiving it.” Its delay in this respect was also inconsistent with the responsible use and management of the information.

DND/CAF was the only institution to identify any disclosures as containing information that was destroyed or returned under subsection 5.1(1) in 2022. NSIRA did not identify any other disclosures within the sample for which personal information disclosed should have been destroyed or returned.

Purpose and Principles: Effective and responsible disclosure of information

Finding 11: NSIRA found delays between when a disclosure was authorized for sending and when it was received by the individual designated by the head of the recipient institution to receive it in at least 20% (n=34) of disclosures.

These 34 disclosures include 29 for which there was a delay between the dates provided by disclosing and recipient institutions in their section 9 records, as well as an additional five for which CSIS reported both the date of administrative receipt within the institution and the subsequent date of receipt by the person designated by the head to receive it (i.e., the relevant operational unit).

NSIRA attributes most of these delays to expected dynamics in classified information sharing: the individual authorizing the disclosure is not always the same individual who administratively sends it to the recipient, and the person who administratively receives the disclosure is not always the same person who is designated by the head to receive it.

In the majority of cases, the observed delays were shorter than one week. In nine cases, however, the delay ranged from 30 to 233 days.

Such delays mean that information is not processed and actioned within the recipient institution until long after it was sent – or intended to be sent – by the individual authorizing the disclosure. While these delays do not amount to non-compliance with the SCIDA, they are inconsistent with the Act’s purpose and guiding principles.

Recommendation 6: NSIRA recommends that GC institutions review their administrative processes for sending and receiving disclosures under the SCIDA, and correct practices that cause delays.

4. Conclusion

The SCIDA’s requirements for disclosure and record keeping apply to both disclosing and recipient institutions in all cases where the SCIDA is invoked as a mechanism for disclosure. This review assessed GC institutions’ compliance with requirements for record keeping in respect of all 173 disclosures that were made and received in 2022. It assessed their compliance with requirements for disclosure in relation to a targeted sample of 19 disclosures.

NSIRA found that institutions complied with the SCIDA’s requirements for disclosure and record keeping in relation to the majority of disclosures. GC institutions’ non-compliance with subsection 9(3) was driven by irregularities in the reporting of 11 disclosures. Observed non-compliance with substantive requirements under subsection 5(2) related to three disclosures; and non-compliance with subsection 5.1(1) related to two disclosures. These instances of non-compliance do not point to any systemic failures in GC institutions’ implementation of the SCIDA.

Within this context, NSIRA observed improvements in reviewee performance as compared with findings from prior years’ reports and over the course of the review. Of note, NSIRA’s requests for information in support of this review prompted corrective action by CBSA, DND/CAF, and IRCC that would have otherwise amounted to non-compliance with requirements under section 9.

NSIRA also observed several practices that, although compliant with the SCIDA, leave room for improvement. NSIRA’s recommendations in this review are designed to increase standardization across the GC in a manner that is consistent with institutions’ demonstrated best practices and the SCIDA’s guiding principles.

Annex A. Record Keeping Obligations for Disclosing and Recipient Institutions

Obligation – disclosing institution Obligation — recipient institution 
9 (1) Every Government of Canada institution that discloses information under this Act must prepare and keep records that set out (2) Every Government of Canada institution that receives information under this Act must prepare and keep records that set out
(a) a description of the information; (a) a description of the information;
(b) the name of the individual who authorized its disclosure; (b) the name of the institution that disclosed it;
(c) the name of the recipient Government of Canada institution; (c) the name or position of the head of the recipient institution — or of the person designated by the head — who received the information;
(d) the date on which it was disclosed; (d) the date on which it was received by the recipient institution;
(e) a description of the information that was relied on to satisfy the disclosing institution that the disclosure was authorized under this Act; and (e) whether the information has been destroyed or returned under subsection 5.1(1);
(f) if the information has been destroyed under subsection 5.1(1), the date on which it was destroyed;
(g) if the information was returned under subsection 5.1(1) to the institution that disclosed it, the date on which it was returned; and
(f) any other information specified by the regulations. (h) any other information specified by the regulations.

Copy to National Security and Intelligence Review Agency

Within 30 days after the end of each calendar year, every Government of Canada institution that disclosed information under section 5 during the year and every Government of Canada institution that received such information must provide the National Security and Intelligence Review Agency with a copy of every record it prepared under subsection (1) or (2), as the case may be, with respect to the information.

Annex B. Sample of Disclosures

Disclosures were selected for the sample based on the content of records provided to NSIRA under subsection 9(3), according to the following parameters:

  • At least two disclosures per discloser-recipient pair, if available;
  • At least one proactive disclosure per discloser, if available;
  • At least one requested disclosure per recipient, if available;
  • All disclosures identified by recipient institutions as including personal information that was destroyed or returned under the SCIDA, subsection 5.1(1);
  • All disclosures for which there is a high-level discrepancy in the discloser and recipient records (i.e., a record of receipt, but no record of disclosure; a substantive misalignment in the description of the information; greater than seven days’ discrepancy in the date sent and received; date of receipt earlier than the date of sending);
  • All disclosures made by an institution that is not listed in Schedule 3 of the SCIDA; and
  • All disclosures received by institutions added to Schedule 3 in the preceding year.

Annex C. Overview of SCIDA Disclosures in Prior Years

Drawing on information published in previous NSIRA reports, Table 5 summarizes the number and distribution of disclosures made under the SCIDA in prior years.

Table 5: Number of SCIDA disclosures, by disclosing and recipient institution, 2019-2021

    Designated Recipient Institutions
  Disclosing Institution CBSA CFIA CNSC CRA CSE CSIS DND/CAF Finance FINTRAC GAC Health IRCC PHAC PSC RCMP TC TOTAL (proactive)
2021 DND/CAF 2 2
GAC 41 1 2 44
IRCC 68 79 2 149
TOTAL 68 122 2 1 2 195
2020 CBSA 1 3 4
GAC 1 25 1 13 40
IRCC 60 61 37 1 159
RCMP 1 3 5 9
TC 2 2
Other 1 1
TOTAL 61 88 1 3 6 55 1 215
2019 CBSA 1 2 3
GAC 23 3 1 15 42
IRCC 5 17 1 36 59
RCMP 4 1 3 1 9
TC 1 1
TOTAL 4 5 41 1 1 3 4 1 54 114

Annex D. Findings and Recommendations

Findings

NSIRA found that CSE, CSIS, GAC, and IRCC regularly use the SCIDA in a manner that warrants information sharing arrangements, as encouraged by subsection 4(c) of the SCIDA.

NSIRA found that CBSA, DND/CAF, and IRCC were non-compliant with subsection 9(3) of the SCIDA, as they failed to provide all records created under subsections 9(1) or 9(2) to NSIRA within the legislated timeframe.

NSIRA found improved compliance outcomes in instances where departments prepared record overview spreadsheets under subsections 9(1) and 9(2) of the SCIDA that displayed the following characteristics:

  • a row for each disclosure made or received;
  • columns explicitly tied to each individual paragraph under section 9; and
  • additional columns to capture relevant administrative details, such as whether the disclosure was requested or proactive; the date of the request (if applicable); and any applicable file reference numbers.

NSIRA found that all GC institutions complied with their obligation to prepare and keep records that set out the information prescribed under subsections 9(1) and 9(2) of the SCIDA.

NSIRA found that more than half of the descriptions provided by CBSA and IRCC under paragraph 9(1)(e) of the SCIDA did not explicitly address their satisfaction that the disclosure was authorized under paragraph 5(1)(b), the proportionality test.

NSIRA found, within the sample of disclosures reviewed, that disclosing institutions demonstrated they had satisfied themselves of both the contribution and proportionality tests, in compliance with subsection 5(1) of the SCIDA.

NSIRA found that GAC satisfied itself under the SCIDA’s paragraph 5(1)(a) contribution test based on an incorrect understanding of the recipient’s national security mandate in two cases.

NSIRA found, within the sample of disclosures reviewed, that CBSA and GAC (in one and two disclosures, respectively) were non-compliant with the SCIDA’s subsection 5(2) requirement to provide a statement regarding accuracy and reliability.

NSIRA found, in relation to the remaining disclosures within the sample, that GAC, IRCC, and RCMP included their statements regarding accuracy and reliability within the disclosures themselves, whereas CBSA provided its statements in the disclosures’ cover letters.

NSIRA found that DND/CAF destroyed information under the SCIDA subsection 5.1(1), but they were non-compliant with the requirement to do so “as soon as feasible after receiving it.”

NSIRA found delays between when a disclosure was authorized for sending and when it was received by the individual designated by the head of the recipient institution to receive it in at least 20% (n=34) of disclosures.

Recommendations

  1. NSIRA recommends that information sharing arrangements be used to govern regular SCIDA disclosures between GAC and CSIS; IRCC and CSIS; as well as IRCC and CSE.
  2. NSIRA recommends that all GC institutions prepare record overviews to clearly address the requirements of subsections 9(1) and 9(2) of the SCIDA; and provide them to NSIRA along with a copy of the disclosure itself and, where relevant, a copy of the request.
  3. NSIRA recommends that disclosing institutions explicitly address the requirements of both paragraphs 5(1)(a) and 5(1)(b) in the records that they prepare under paragraph 9(1)(e) of the SCIDA.
  4. NSIRA recommends that GC institutions contemplating the use of proactive disclosures under the SCIDA communicate with the recipient institution, ahead of making the disclosure, to inform their assessments under subsection 5(1).
  5. NSIRA recommends that all disclosing institutions include statements regarding accuracy and reliability within the same document as the disclosed information.
  6. NSIRA recommends that GC institutions review their administrative processes for sending and receiving disclosures under the SCIDA, and correct practices that cause delays.
Share this page
Date Modified:

National Security and Intelligence Review Agency Annual Report 2022

Backgrounder

Ottawa, Ontario, October 30, 2023 – The National Security and Intelligence Review Agency’s (NSIRA) fourth annual report was tabled in Parliament on October 30, 2023. 

This report provides an overview and discussion of NSIRA’s activities throughout 2022, including our findings and recommendations. Our growth and evolution as an agency, including our continued efforts to refine our approaches and processes, both in our reviews and investigations, allowed us to take on new and challenging work. The report also assesses our review work to date, highlighting important themes and trends that have emerged.  

Our report summarizes review and investigations work during the 2022 period and highlights our continued effort to enhance transparency by evaluating important aspects of our engagement with reviewed departments and agencies. Review highlights in the report include the following: 

  • The annual review of the Canadian Security Intelligence Service’s (CSIS) threat reduction measures (TRMs), and the annual review of CSIS’s activities to inform our report to the Minister of Public Safety; 
  • Reviews of the Communications Security Establishment’s (CSE) active and defensive cyber operations, a foreign intelligence collection program, as well as the annual review of CSE activities to inform our report to the Minister of National Defence;  
  • A review submitted to the Minister of National Defence under s. 35 of the NSIRA Act on particular human source handling activities undertaken by the Canadian Armed Forces that may not have been in compliance with the law; 
  • A review of the Canada Border Services Agency’s Air Passenger Targeting program; and 
  • Our mandated multi-departmental reviews with respect to the Avoiding Complicity in Mistreatment by Foreign Entities Act and sharing of information within the federal government under the Security of Canada Information Disclosure Act. 

During 2022, NSIRA continued modernizing its complaints investigations process, which helped us improve the consistency and efficiency of our work. While the pandemic continued to impact the investigative landscape, processes introduced will reduce delays moving forward. In addition to its other investigations work, NSIRA completed its investigation in relation to a group of 58 complaints referred by the Canadian Human Rights Commission.  

This annual report also highlights how the organization pursued greater engagement with partners, seeking and sharing best practices with like-minded review and oversight bodies. In addition, it discusses our organization’s corporate initiatives, including efforts to increase our capacity across our business lines, including technology and information management. 

NSIRA’s Members continue to be proud of the work of NSIRA’s Secretariat and the dedication and professionalism of its staff. 

Date of Publishing:

Dear Prime Minister,

On behalf of the National Security and Intelligence Review Agency, it is my pleasure to present you with our third annual report. Consistent with subsection 38(1) of the National Security and Intelligence Review Agency Act, the report includes information about our activities in 2021, as well as our findings and recommendations.

In accordance with paragraph 52(1)(b) of the National Security and Intelligence Review Agency Act, our report was prepared after consultation with relevant deputy heads, in an effort to ensure that it does not contain information the disclosure of which would be injurious to national security, national defence or international relations, or is information that is subject to solicitor-client privilege, the professional secrecy of advocates and notaries, or to litigation privilege.

Yours sincerely,

The Honourable Marie Deschamps, C.C.

Chair // National Security and Intelligence Review Agency

Message from the members

As we reflect on this past year’s work, the National Security and Intelligence Review Agency (NSIRA) is proud of what it has accomplished. We pushed past the challenges of the pandemic and pursued our mission with renewed energy and innovation, understanding that we can adapt and even thrive in this new environment. In 2022, our agency focused on building out and refining its processes as we empowered our review and complaints professionals in their work. These efforts enhanced our ability to meet the challenges of our review and investigations mandates, and thereby improve the transparency and accountability of the national security and intelligence activities across the federal government.

In addition to completing a wide array of reviews and investigations, we have stepped back to reflect on our work and activities over the first few years of our mandate. Despite being a relatively new agency, we are now in the position to make broader observations on the themes and trends in our work, and on the community we review. Indeed, as our experience grows, our approaches in our reviews and investigations mature and evolve. We meet our goals of increased efficiency and expertise through a commitment to address the challenges we face, and by seeking out best practices through expanded partnerships with like-minded domestic and international institutions.

During NSIRA’s brief history, ministers of the Crown have referred certain matters to us for review, as provided for in the National Security and Intelligence Review Agency Act. At the time of writing, we are in the process of such a referral. As this important review progresses, we will ensure that our commitment to independent and professional review is reflected in all our activities.

This report continues themes from previous annual reports by presenting an overview of our work, a discussion on our engagement with reviewees, and an account of the initiatives we undertook to ensure that our products are complete, thorough and professional. It is our belief that as we grow, we bring confidence to the Canadian public with each review and investigation we conduct.

We would like to thank our previous members, Ian Holloway and Faisal Mirza, for their commitment and contribution to advancing the important work of NSIRA during their tenure, and we wish them well in their future endeavours. Finally, we thank the staff of NSIRA’s Secretariat for their professionalism and dedication to fulfilling the agency’s mandate, and we have no doubt that the year ahead will bring further success for NSIRA

Marie Deschamps
Craig Forcese
Ian Holloway
Faisal Mirza
Marie-Lucie Morin

Executive Summary

In 2022, the National Security and Intelligence Review Agency (NSIRA) continued to execute its review and investigations mandates with the goal of improving national security and intelligence accountability and transparency in Canada. This related not only to the activities of the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), but also to other federal departments and agencies engaged in such activities, including:

  • the Department of National Defence (DND) and the Canadian Armed Forces (CAF);
  • the Canada Border Services Agency (CBSA); and
  • all departments and agencies engaging in national security or intelligence activities in the context of NSIRA’s yearly reviews of the Security of Canada Information Disclosure Act and the Avoiding Complicity in Mistreatment by Foreign Entities Act.

NSIRA has reflected on its work to date and found that a horizontal view of all its findings and recommendations over the past three years reveals the emergence of three major themes: governance; propriety; and information management and sharing. NSIRA observes that there is an interconnected and overlapping aspect to these issues, and as a result believes that improvements to governance could result in broader improvements across all themes.

Reviews

Canadian Security Intelligence Service

The following are highlights of the reviews completed in 2022 along with key outcomes. The number of reviews defined as completed does not include any ongoing reviews, or reviews completed in previous years but that went through or are in the process of going through consultations for their release to the public. Annex C lists all the findings and recommendations associated with reviews completed in 2022, along with the corresponding responses from reviewees, if provided.

In addition to the reviews discussed below, NSIRA determined that a number of ongoing reviews would be closed or terminated. These decisions, based on a variety of considerations, allow NSIRA to redirect its efforts and resources towards other important issues.

Canadian Security Intelligence Service

In 2022, NSIRA completed the following reviews on CSIS activities:

  • the third annual review of CSIS’s threat reduction measures, which provided an overview of all such measures conducted in 2021, and also focused on a subset of these measures to consider the implementation of each measure, how what happened aligned with what was originally proposed, and, relatedly, the role of legal risk; and
  • an annual review of CSIS’s activities, which informed, in part, NSIRA’s 2022 annual report to the Minister of Public Safety.

Communications Security Establishment

In 2022, NSIRA completed two dedicated reviews of CSE, and commenced an annual review of CSE activities:

  • a review of CSE’s active and defensive cyber operations (ACO/DCO), which is a continuation of NSIRA’s 2021 review of the governance of ACO/DCO by CSE and Global Affairs Canada;
  • a review of a sensitive CSE foreign intelligence collection program, which assistedNSIRA in better informing the Minister of National Defence about CSE’s activities; and
  • an annual review of CSE activities similar to that for CSIS, begun for the first time in 2022 and that informed, in part, NSIRA’s 2022 annual report to the Minister of National Defence.

Department of National Defence and the Canadian Armed Forces

In the course of a review of the Department of National Defence and Canadian Armed Forces (DND/CAF) human source handling activities, NSIRA issued to the Minister of National Defence a report on December 9, 2022, under section 35 of the National Security and Intelligence Review Agency Act in relation to a specific operation. Section 35 requires that NSIRA submit to the appropriate Minister a report with respect to any activity that is related to national security or intelligence that, in NSIRA’s opinion, may not be in compliance with the law. NSIRA will complete the broader review of DND/CAF’s human source handling activities in 2023.

Canada Border Services Agency

NSIRA completed its first in-depth review of national security or intelligence activities of the Canada Border Services Agency (CBSA) in 2022: a review of air passenger targeting. This review examined the CBSA’s pre-arrival risk assessment of passengers based on data collected by commercial air carriers. It evaluated whether the CBSA’s activities complied with legislative requirements and Canada’s non-discrimination obligations.

Multi-departmental reviews

NSIRA conducted two mandated multi-departmental reviews in 2022:

  • a review of directions issued with respect to the Avoiding Complicity in Mistreatment by Foreign Entities Act; and
  • a review of disclosures of information under the Security of Canada Information Disclosure Act.

Review work not resulting in a final report

During the past year NSIRA determined that certain ongoing review work would be closed or not result in a final report to a Minister. These decisions allow NSIRA to remain nimble and to pivot its work plan. Multiple considerations can lead to the decision to close a review, and doing so allows NSIRA to redirect efforts and resources.

Technology in review

In 2022, NSIRA expanded its Technology Directorate to keep pace with the national security and intelligence community’s evolving use of digital technologies. The team comprises technical experts and review professionals, who are supported by academic researchers. This expanded team launched NSIRA’s first technology-led review, focusing on the lifecycle of warranted CSIS information. In addition to directly supporting NSIRA’s reviews, the Technology Directorate also began hosting learning sessions and discussion forums designed to enhance NSIRA employees’ knowledge of broader technical issues.

Engagement with reviewees

NSIRA continues to address and improve on aspects of its interaction with reviewees during the review process. It saw both improvements and ongoing challenges, and seeks to provide full and transparent assessments in this regard. Updated criteria will be used to evaluate engagement. These criteria are critical for supporting NSIRA’s efforts during a review. This approach builds on the agency’s previous confidence statements and provides a more consistent and complete assessment on engagement.

NSIRA continues to optimize its methods for accessing, receiving and tracking the information required to complete reviews. This involves ongoing discussions and support from reviewees. Limitations and challenges to this process are addressed directly and are communicated publicly where possible.

Complaints investigations

As NSIRA marked its third year of existence in 2022 it continued maturing and modernizing the processes for fulfilling its investigations mandate. The jurisdiction assessment phase was standardized, incorporating a verification protocol for the three agencies for which NSIRA has complaints jurisdiction. To speed up the investigative process, investigative interviews are being used more often, taking over from the formal hearings NSIRA previously relied on.

The pandemic continued to impact the investigative landscape in the first half of 2022. COVID protocols conflicted with security protocols for investigations, which require in-person meetings. Processes introduced in 2022 are expected to reduce delays in the conduct of investigations on a forward basis.

The number of investigation activities last year remained high and included the completion of a referral of a group of 58 complaints by the Canadian Human Rights Commission.

Data management and service standards initiatives that were launched are expected to enhance complaint file management in the coming year.

Partnerships

During the past year, NSIRA expanded its engagement with valuable partners, both domestically and internationally, and has already reaped the benefits through the exchange of best practices. As a relatively new agency, NSIRA sees such relationships as a priority for its institutional development. NSIRA had the privilege of visiting many international partners as an active participant in the Five Eyes Intelligence Oversight and Review Council, and also engaged other European partners through various forums that bring together like-minded oversight, review and data protection agencies from all over the world.

Introduction

1.1 Who we are

Established in July 2019, the National Security and Intelligence Review Agency (NSIRA) is an independent agency that reports to Parliament. Canadian review bodies before NSIRA did not have the ability to collaborate or share their classified information but were each limited to conducting reviews on a specified department or agency. By contrast, NSIRA has the authority to conduct an integrated review of Government of Canada national security and intelligence activities, and Canada now has one of the world’s most extensive systems for independent review of national security.

1.2 Mandate

NSIRA has a dual mandate to conduct reviews on and carry out investigations of complaints related to Canada’s national security or intelligence activities.

Reviews

NSIRA’s review mandate is broad, as outlined in subsection 8(1) of the National Security and Intelligence Review Agency Act (NSIRA Act). This mandate includes reviewing the activities of both the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), as well as the activities of any other federal department or agency that are related to national security or intelligence. Further, NSIRA reviews any national security or intelligence matters that a minister of the Crown refers to NSIRA.

Investigations

In addition to its review mandate, NSIRA is responsible for investigating complaints related to national security or intelligence. This duty is outlined in paragraph 8(1)(d) of the NSIRA Act, and involves investigating complaints about:

  • the activities of CSIS or CSE;
  • decisions to deny or revoke certain federal government security clearances; and
  • ministerial reports under the Citizenship Act that recommend denying certain citizenship applications.

This mandate also includes investigating national security-related complaints referred to NSIRA by the Civilian Review and Complaints Commission for the RCMP (the RCMP’s own complaints mechanism) and the Canadian Human Rights Commission.

Observations and themes

NSIRA has a horizontal, in-depth view of the Canadian national security landscape that allows for an assessment of Canada’s complex, interwoven approach to national security. NSIRA annual reports discuss its activities within that framework. This annual report provides an opportunity to reflect on NSIRA’s body of work horizontally, and consider what broad trends or themes emerge.

NSIRA findings and recommendations touch on many aspects of government activities and operations. Grouping all findings and recommendations according to topics that fall under three broad themes helps simplify a horizontal assessment of trends to date. This categorization and the terminology used may evolve over time.

The themes that emerge are governance; propriety; and information management and sharing. These themes appear year after year in NSIRA annual reports. The following topics are included in these themes:

Theme Topics
Governance
  • Policies, procedures, framework and other authorities
  • Internal oversight
  • Risk management, assessment and practices
  • Decision-making and accountability, including ministerial accountability and direction
  • Training, tools and staffing resources
Propriety
  • Reasonableness, necessity, efficacy and proportionality
  • Legal thresholds and advice, compliance and privacy interests
Information management and sharing
  • Collection, documentation, tracking, implementing, reporting, monitoring and safeguarding
  • Information sharing and disclosure
  • Keeping and providing accurate and up-to-date information, timeliness

These themes can be found in every NSIRA annual report, and this year’s is no exception. In this year’s annual report, the following examples illustrate the three themes:

Governance:

  • the review of disclosures under the Security of Canada Information Disclosure Act for 2021 identified that employees did not receive adequate guidance to fulfill their obligations, and recommended improvements to training;
  • the review of a CSE foreign intelligence activity identified several instances where the program’s activities were not adequately captured within CSE’s applications for certain ministerial authorizations, resulting in recommendations that CSE more effectively inform the Minister of National Defence about aspects of its bilateral relationships with certain partners, the extent of its participation in certain types of activities, and the testing and evaluation of products.

Propriety:

  • in a report issued to the Minister of National Defence under s.35 of the NSIRA Act, NSIRA explained that, in its opinion, certain activities undertaken by the Canadian Armed Forces may not have been in compliance with the law;
  • the review of the threat reduction measures of the Canadian Security Intelligence Service found that this agency did not meet its internal policy requirements regarding the timelines to submit threat reduction measure implementation reports.

Information management and sharing:

  • the Canada Border Services Agency air passenger targeting review noted that this agency does not document its triaging practices that use passenger data in a manner that enables effective verification of whether all triaging decisions comply with statutory and regulatory restrictions.

A high-level overview of the past three annual reports shows the number of NSIRA findings and recommendations each year, broken down by theme. Over the three years, governance related findings and recommendations constituted 43% of the overall total. The comparable figures for propriety and information management (IM) and sharing categories were 26% and 31% respectively. The breakdown by year is captured in the following table:

Figure 1: Trends in findings and recommendations

Graph image: Trends in finding and recommendations - Text version follows
Trends in findings and recommendations
  2020 annual report 2021 annual report 2022 annual report
Governance 45% 41% 44%
Propriety 26% 27% 24%
Information Management and Sharing 29% 32% 32%

The interconnected nature of the problems identified in NSIRA reviews, along with the balance of themes illustrated in the graphic above, reveals a narrative. Indeed, issues rarely stand-alone – governance and IM and sharing issues may, for example, culminate in propriety challenges. The number of findings and recommendations over three years that touch on governance, propriety and IM and sharing matters suggest that these are issues deserving close attention. Employees are expected to succeed in meeting intelligence and national security service missions while adhering to policy and legal requirements. Here, improvements to staff training and development are likely to have the most significant impacts.

Review

Details provided on individual reviews are a high-level summary of their content and outcomes. Full versions of each review are available once they have been redacted for public release.

3.1 Canadian Security Intelligence Service reviews

NSIRA has a mandate to review any Canadian Security Intelligence Service (CSIS) activity. The NSIRA Act requires NSIRA to submit an annual report on CSIS activities each year to the Minister of Public Safety and Emergency Preparedness (with these responsibilities now divided into two portfolios, NSIRA currently submits these reports to the Minister of Public Safety). These classified reports include information related to CSIS’s compliance with the law and applicable ministerial directions, and the reasonableness and necessity of the exercise of CSIS’s powers.

In 2022, NSIRA completed one dedicated review of CSIS, and its annual review of CSIS activities, both summarized below. Furthermore, CSIS is implicated in other NSIRA multi- departmental reviews, such as the legally mandated annual reviews of the Security of Canada Information Disclosure Act and the Avoiding Complicity in Mistreatment by Foreign Entities Act, the results of which are described in Multi-departmental reviews.

Threat reduction measures review

This is NSIRA’s third annual review of CSIS threat reduction measures (TRMs), which are measures to reduce threats to the security of Canada, within or outside Canada. Section 12.1 of the Canadian Security Intelligence Service Act (CSIS Act) authorizes CSIS to take these measures.

NSIRA found that CSIS’s activities under its TRM mandate in 2021 were broadly consistent with these activities in preceding years. NSIRA observed that 2018 was an inflection point for CSIS’s use of the TRM mandate. In that year, CSIS proposed nearly as many TRMs as were proposed in total in the preceding three years — the first three of the mandate. In the following year, however, the number dropped slightly, before a more significant reduction in 2020. The number of proposed TRMs in 2021 went up slightly compared with the previous year, as did both approvals and implementations.

NSIRA selected three TRMs implemented in 2021 for a more intensive review, assessing the measures for compliance with applicable law, ministerial direction and policy. At the same time, NSIRA considered the implementation of each measure, including the alignment between what was proposed and what occurred, and the role of legal risk assessments for guiding CSIS activity, as well as the documentation of outcomes.

For all the measures reviewed, NSIRA found that CSIS met its obligations under the law, specifically the Canadian Charter of Rights and Freedoms and sections 12.1 and 12.2 of the CSIS Act. In addition to general legal compliance, NSIRA found that CSIS sufficiently established a “rational link” between the proposed measure and the identified threat.

In one case, NSIRA found that CSIS did not meet its obligations under the 2015 Ministerial Direction for Operations and Accountability and the 2019 Ministerial Direction for Accountability issued by the Minister of Public Safety.

The TRM in question involved certain sensitive factors. NSIRA believes that the presence of these factors ought to have factored into the overall risk assessment of the measure. CSIS argued that risks associated with these factors relate primarily to reputational risk to CSIS, which it assessed in this case. Certain risks related to the sensitive factors, however, are not, and in this instance were not, captured by CSIS’s reputational risk assessment.

Similarly, the legal risk assessment for this TRM did not comply with ministerial direction. NSIRA recommended that legal risk assessments be conducted for TRMs involving these sensitive factors, and further, that CSIS consider and evaluate whether the current process for legal risk assessments complies with applicable ministerial direction.

A comparative analysis of the two legal risk assessments provided for the other TRMs under review underscored the practical utility of clear and specific legal direction for CSIS personnel. Clear direction allows investigators to be aware of, and understand, the legal parameters within which CSIS personnel can operate; it also permits reporting after an action is completed to document how implementation stayed within those legal parameters.

With respect to documenting outcomes, NSIRA further noted issues with how quickly CSIS produces certain reports after a TRM is implemented. Although NSIRA recognizes that overly burdensome documentation requirements can unduly inhibit CSIS activities, NSIRA nonetheless believes that the recommendations provided are prudent and reasonable. Relevant information, available in a timely manner, benefits CSIS operations.

Annual review of Canadian Security Intelligence Service activities

In 2022, NSIRA completed its annual review of CSIS activities, which aims to identify compliance-related challenges, general trends and emerging issues using CSIS documents in 12 categories (legislatively required and supplementary) from January 1, 2022, to December 31, 2022. Besides contributing to NSIRA’s Annual Report to the Minister of Public Safety on CSIS activities, the review may identify areas that merit new NSIRA reviews and may produce a briefing or report with its own observations, findings and recommendations. NSIRA provided its report on CSIS activities in 2021 to the Minister of Public Safety on October 12, 2022, and the Chair subsequently met with the Minister to discuss its contents as well as ongoing issues and challenges related to NSIRA review of CSIS.

Statistics and data

To achieve greater public accountability, NSIRA has requested that CSIS publish statistics and data about public interest and compliance-related aspects of its activities. NSIRA is of the opinion that the following statistics will provide the public with information related to the scope and breadth of CSIS operations, as well as display the evolution of activities from year to year.

Warrant applications

Section 21 of the CSIS Act authorizes CSIS to make an application to a judge for a warrant if it believes, on reasonable grounds, that more intrusive powers are required to investigate a particular threat to the security of Canada. Warrants may be used by CSIS, for example, to intercept communications, enter a location, or obtain information, records or documents. Each individual warrant application could include multiple individuals or request the use of multiple intrusive powers.

Table 1: Section 21 warrant applications made by the Canadian Security Intelligence Service, 2018 to 2022
  2018 2019 2020 2021 2022
Total section 21 applications 24 24 15 31 28
Total approved warrants 24 23 15 31 28
New warrants 10 9 2 13 6
Replacements 11 12 8 14 14
Supplemental 3 2 5 4 8
Total denied warrants 0 1 0 0 0

Threat reduction measures

CSIS is authorized to seek a judicial warrant for a TRM if it believes that certain intrusive measures, outlined in section 21 (1.1) of the CSIS Act, are required to reduce the threat. The CSIS Act is clear that when a proposed TRM would limit a right or freedom protected by the Canadian Charter of Rights and Freedoms or would otherwise be contrary to Canadian law, a judicial warrant authorizing the measure is required. To date, CSIS has sought no judicial authorizations to undertake warranted TRMs. TRMs approved in one year may be executed in future years. Operational reasons may also prevent an approved TRM from being executed.

Table 2: Total number of approved and executed threat reduction measures, 2015 to 2022
  2015 2016 2017 2018 2019 2020 2021 2022

Approved threat reduction measures

10 8 15 23 24 11 23 16
Executed 10 8 13 17 19 8 17 12

Warranted threat reduction measures

0 0 0 0 0 0 0 0

Canadian Security Intelligence Service targets

CSIS is mandated to investigate threats to the security of Canada, including espionage, foreign influenced activities, political, religious or ideologically motivated violence, and subversion.6 Section 12 of the CSIS Act sets out criteria permitting CSIS to investigate an individual, group or entity for matters related to these threats. Subjects of a CSIS investigation, whether they be individuals or groups, are called “targets.”

Table 3: Number of Canadian Security Intelligence Service targets, 2018 to 2022
  2018 2019 2020 2021 2022
Number of targets 430 467 360 352 340

Datasets

Data analytics is a key investigative tool for CSIS, providing it with the capacity to make connections and identify trends that are not possible through traditional methods of investigation. The National Security Act, 2017, which came into force in 2019, gave CSIS new powers, including a legal framework for it to collect, retain and use datasets. The framework authorizes CSIS to collect datasets (divided into Canadian, foreign and publicly available datasets) that have the ability to assist CSIS in the performance of its duties and functions. It also establishes safeguards for the protection of Canadian rights and freedoms, including privacy rights. These protections include enhanced requirements for ministerial accountability. Depending on the type of dataset, CSIS must meet different requirements before it is able to use a dataset.

The CSIS Act also requires that NSIRA be kept apprised of certain dataset-related activities. Reports prepared following the handling of datasets are to be provided to NSIRA, under certain conditions and within reasonable timeframes. While CSIS is not required to advise NSIRA of judicial authorizations or ministerial approvals for the collection of Canadian and foreign datasets, CSIS has been proactively keeping NSIRA apprised of these activities.

Table 4: Evaluation and retention of publicly available, Canadian and foreign datasets by the Canadian Security Intelligence Service, 2019 to 2022
  2019 2020 2021 2022
Publicly available datasets
   
Evaluated 9 6 4 4
Retained 9 6 2 4
Canadian datasets    
Evaluated 0 0 2 0
Retained (approved by Federal Court) 0 0 0 2
Denied by Federal Court 0 0 0 0
Foreign datasets    
Evaluated 10 0 0 1
Retained (approved by the Minister and Intelligence Commissioner 0 1 1 1
Denied by the Minister 0 0 0 0
Denied by the Intelligence Commissioner 0 0 0 0

Justification Framework

The National Security Act, 2017, also created a legal justification framework for CSIS’s intelligence collection operations. The framework establishes a limited justification for CSIS employees, and persons acting at their direction, to carry out activities that would otherwise constitute offences under Canadian law. CSIS’s Justification Framework is modelled on those already in place for Canadian law enforcement. The Justification Framework provides needed clarity to CSIS, and to Canadians, as to what CSIS may lawfully do in the course of its activities. It recognizes that it is in the public interest to ensure that CSIS employees can effectively carry out its intelligence collection duties and functions, including by engaging in otherwise unlawful acts or omissions, in the public interest and in accordance with the rule of law. The types of otherwise unlawful acts and omissions that are authorized by the Justification Framework are determined by the Minister and approved by the Intelligence Commissioner. There remain limitations to what activities can be undertaken, and nothing in the Justification Framework permits the commission of an act or omission that would infringe a right or freedom guaranteed by the Charter.

According to section 20.1 (2) of the CSIS Act, employees must be designated by the Minister of Public Safety and Emergency Preparedness to be covered under the Justification Framework while committing or directing an otherwise unlawful act or omission. Designated employees are CSIS employees who require the justification framework as part of their duties and functions. Designated employees are justified in committing an act or omission themselves (commissions by employees) and they may direct another person to commit an act or omission (directions to commit) as a part of their duties and functions.

Table 5: Authorizations, commissions and directions under the Justification Framework, 2019 to 2022
  2019 2020 2021 2022
Authorizations 83 147 178 172

Commissions by employees

17 39 51 61
Directions to commit 32 84 116 131
Emergency designations 0 0 0 0

Compliance

CSIS’s internal operational compliance program unit leads and manages overall compliance within CSIS. The objective of this unit is to promote a culture of compliance within CSIS by leading an approach for reporting and assessing potential non-compliance incidents to provide timely advice and guidance related to internal policies and procedures for employees. This program is the centre for processing all instances of potential non-compliance related to operational activities.

NSIRA notes that CSIS reports Charter violations as operational non-compliance. NSIRA will continue to monitor closely instances of non-compliance that relate to Canadian law and the Charter, and work with CSIS to improve transparency around these activities.

Table 6: Total number of non-compliance incidents processed by CSIS, 2019 to 2022
  2019 2020 2021 2022

Processed compliance incidents

53 99 85 59

Administrative

  53 64 42
Operational 40 19 21 17
Canadian law
1 2
Charter 6 5
Warrant conditions 6 3
CSIS governance 8 15

3.2 Communications Security Establishment reviews

Overview

NSIRA has the mandate to review any activity conducted by the Communications Security Establishment (CSE). NSIRA must also submit an annual report to the Minister of National Defence on CSE activities, including information related to CSE’s compliance with the law and applicable ministerial directions, and NSIRA’s assessment of the reasonableness and necessity of the exercise of CSE’s powers.

In 2022, NSIRA completed two dedicated reviews of CSE and commenced an annual review of CSE activities, all summarized below. Furthermore, CSE is implicated in other NSIRA multi- departmental reviews, such as the legally mandated annual reviews of the Security of Canada Information Disclosure Act and the Avoiding Complicity in Mistreatment by Foreign Entities Act, the results of which are described in Multi-departmental reviews.

Review of the Communications Security Establishment’s active and defensive cyber operations

The Communications Security Establishment Act (CSE Act) grants CSE the authority to conduct active cyber operations and defensive cyber operations (ACOs and DCOs). CSE ACOs and DCOs have become a tool of Government of Canada foreign and security policy. In 2021, NSIRA reviewed CSE’s governance of and the general planning and approval process for ACO and DCO activities. The governance review made several observations about the governance of ACOs and DCOs by CSE — and to a lesser extent, by Global Affairs Canada (GAC). Some of these observations identified gaps that resulted in recommendations. Building on the governance review, the report focused on CSE’s ACOs and DCOs themselves:

  • the operations;
  • the implementation of CSE’s governance; and
  • the legal framework in the context of specific ACOs and DCOs.

NSIRA incorporated GAC, CSIS, the Royal Canadian Mounted Police (RCMP) and DND/CAF into this review, given these organizations’ varying degrees of coordination or involvement in these CSE activities. NSIRA also inspected some technical elements of a case study ACO to verify aspects of the operation independently, as well as to deepen NSIRA’s understanding of how an ACO works. While NSIRA reviewed all ACOs and DCOs planned or conducted by CSE until mid-2021, this review focused on a sample of such ACOs or DCOs, each presenting unique characteristics.

Overall, NSIRA found that ACOs and DCOs that CSE planned or conducted during the period of review were lawful and noted improvements in GAC’s assessments for foreign policy risk and international law. NSIRA further observed that CSE developed and improved its processes for the planning and conduct of ACOs and DCOs in a way that reflected some of NSIRA’s observations from the governance review.

NSIRA also made findings pertaining to how CSE could improve aspects of ACO and DCO planning, as well as communication to the Minister of National Defence and coordination with other Government of Canada entities. More specifically, NSIRA identified areas of potential risk:

  • GAC’s capability to independently assess potential risks resulting from CSE ACOs and DCOs;
  • the accuracy of information provided, and issues related to delegation, within some of the applications for authorizations for ACOs and DCOs;
  • the degree to which CSE engaged with CSIS and the RCMP on ACOs and DCOs, and CSE explanations of how it determined whether the objective of an ACO or DCO could not reasonably be achieved by other means;
  • the extent to which CSE described the intelligence collection that may occur alongside or as a result of ACOs or DCOs in applications for ACO and DCO authorizations and in operational documentation; and
  • overlap between activities conducted under the ACO and DCO aspects of CSE’s mandate as well as under all four aspects of CSE’s mandate.

It should be noted that NSIRA faced significant challenges in accessing CSE information on this review. These access challenges had a negative impact on the review. As a result, NSIRA could not be confident in the completeness of information provided by CSE.

Review of a foreign intelligence activity

In 2022, NSIRA completed a review of a sensitive CSE foreign intelligence collection program. As part of this review, NSIRA made several findings and observations regarding the activities carried out as part of this program. Notably, NSIRA identified several instances where the program’s activities were not adequately captured within CSE’s applications for certain ministerial authorizations. As such, NSIRA recommended that CSE more effectively inform the Minister of National Defence about aspects of its bilateral relationships with certain partners, the extent of its participation in certain types of activities, and the testing and evaluation of products.

NSIRA also found several areas where the program lacked adequate governance structures, resulting in improper application of key policy and procedural requirements related to information sharing, confirmation of foreignness, and CSE’s mistreatment risk assessment process. NSIRA made recommendations to strengthen these processes, to establish governance structures specific to the program, and to improve other governance structures with broader applicability throughout CSE.

Annual review of Communications Security Establishment activities

In 2022, NSIRA launched the annual review of CSE activities, which aimed to identify compliance-related challenges, general trends and emerging issues using CSE documents in 11 categories (legislatively required and supplementary) from January 1, 2022, to December 31, 2022. Besides contributing to NSIRA’s Annual Report to the Minister of National Defence on CSE activities, the review may identify areas that merit new NSIRA reviews and may produce a briefing or report with its own observations, findings and recommendations. It is based largely on the structure of the annual review of CSIS activities but has been adapted to CSE. NSIRA’s Chair met with the Minister of National Defence on December 15, 2022 to discuss ongoing issues and challenges related to NSIRA reviews of CSE activities.

Statistics and data

To achieve greater accountability and transparency, NSIRA has requested statistics and data from CSE about public interest and compliance-related aspects of its activities. NSIRA is of the opinion these statistics will provide the public with important information related to the scope and breadth of CSE operations, as well as display the evolution of activities from year to year.

Ministerial authorizations and ministerial orders

Ministerial authorizations are issued to CSE by the Minister of National Defence. Those authorizations support specific foreign intelligence or cybersecurity activities or defensive or active cyber operations conducted by CSE pursuant to those aspects of the CSE mandate. Authorizations are issued when these activities could otherwise contravene an Act of Parliament or interfere with a reasonable expectation of privacy of a Canadian or a person in Canada.

Table 7: Ministerial authorizations issued, 2019 to 2022
Type of ministerial authorization Enabling section of the CSE Act Issued in 2019 Issued in 2020 Issued in 2021 Issued in 2022

Foreign intelligence

26(1)
3 3 3 3

Cybersecurity — federal and non-federal

27(1) and 27(2) 2 1 2 3
Defensive cyber operations 29(1) 1 1 1 1
Active cyber operations 30(1) 1 1 2 3

Note: This table lists ministerial authorizations that were issued in a given calendar year and may not necessarily reflect ministerial authorizations that were in effect at a given time. For example, if a ministerial authorization was issued in late 2021 and remained in effect in parts of 2022, it is counted solely as a 2021 ministerial authorization.

Ministerial orders are issued by the Minister for the purpose of (1) designating any electronic information, any information infrastructures or any class of electronic information or information infrastructures as electronic information or information infrastructures of importance to the Government of Canada (section 21(1) of the CSE Act); or (2) designating recipients of information related to Canadians or persons in Canada, that is, Canadian- identifying information (sections 45 and 44(1) of the CSE Act).

Table 8: Ministerial orders in effect as of 2022
Name of ministerial order Enabling section of the CSE Act

Designating electronic information and information infrastructures of importance to the Government of Canada

21(1)

Designating recipients of information relating to a Canadian or person in Canada acquired, used or analyzed under the cybersecurity and information assurance aspects of the CSE mandate

45 and 44(1)
Designating recipients of Canadian identifying information used, analyzed or retained under a foreign intelligence authorization pursuant to section 45 of the CSE Act
45 and 43

Designating electronic information and infrastructures of Ukraine as Systems of Importance

21(1)
Designating electronic information and infrastructures of Latvia as Systems of Importance 21(1)

Note: Ministerial orders remain in effect until rescinded by the Minister.

Foreign intelligence reporting

Under section 16 of the CSE Act, CSE is mandated to acquire information from or through the global information infrastructure. The CSE Act defines the global information infrastructure as including electromagnetic emissions, any equipment producing such emissions, communications systems, information technology systems and networks, and any data or technical information carried on, contained in or relating to those emissions, that equipment, those systems or those networks. CSE uses, analyzes and disseminates the information for providing foreign intelligence in accordance with the Government of Canada’s intelligence priorities.

Table 9: Number of foreign intelligence reports issued, 2019 to 2022
CSE foreign intelligence reporting 2019 2020 2021 2022

Number of reports released

N/A N/A 3,050 3,185

Number of departments/agencies

N/A >25 28 26
Number of specific clients within departments/agencies N/A >2,100 1,627 1,761

Note: NSIRA did not ask CSE for statistics related to foreign intelligence reporting for its 2019 public annual report. In 2020, statistics were requested, but were provided in general terms due to the classification of the data at the time, and CSE indicated that release of further detail, would be injurious to national security.

Information relating to a Canadian or a person in Canada

Information relating to a Canadian or a person in Canada (IRTC) is the information about Canadians or persons in Canada that may be incidentally collected by CSE while conducting foreign intelligence or cybersecurity activities under the authority of a ministerial authorization. Incidental collection refers to information acquired that CSE was not deliberately seeking, and where the activity that enabled the acquisition of this information was not directed at a Canadian or a person in Canada. According to CSE policy, IRTC is defined as any information recognized as having reference to a Canadian or person in Canada, regardless of whether that information could be used to identify that Canadian or person in Canada.

CSE was asked to release statistics or data about the regularity with which IRTC or “Canadian- collected information” is included in CSE’s end-product reporting. CSE responded that “this information remains at a classified level. We have determined that the release of thisinformation would be injurious to Canada’s international relations, national defence and security. Furthermore, the sharing of this information would provide an additional level of detail on the success of Canadian collection programs, our level of reliance on information from Five- Eye partners to produce intelligence, as well as a level of detail on Five-Eye use and reporting from Canadian collection that has not been previously made public.”

Canadian identifying information

CSE is prohibited from directing its activities at Canadians or persons in Canada. However, CSE’s collection methodologies sometimes result in incidentally acquiring such information. When such incidentally collected information is used in CSE’s foreign intelligence reporting, any part potentially identifying a Canadian or a person in Canada is suppressed to protect the privacy of the individual(s) in question. CSE may release unsuppressed Canadian-identifying information (CII) to designated recipients when the recipients have the legal authority and operational justification to receive it and when it is essential to international affairs, defence or security (including cyber security).

Table 10: Number of requests for disclosure of CII, 2021 and 2022
Type of request 2021 2022

Government of Canada requests

741 657

Five Eyes requests

90 62
Non-Five Eyes requests
0 0
Total 831 719

In 2022, of the 719 requests received, CSE reported having denied 65 requests. By the end of the year, 51 were still being processed.

CSE was asked to release the number of instances where CII is suppressed in CSE foreign intelligence or cyber security reporting. It indicated that “[d]isclosure of the number of instances where [CII] is suppressed in CSE intelligence reporting would be injurious to CSE’scapabilities. Such a disclosure would reveal information about CSE’s capabilities including theirlimitations. Thus, this information could be used by hostile security threats to counter CSE’s capabilities impeding CSE’s ability to protect Canada and its citizens.”

Privacy incidents and procedural errors

A privacy incident occurs when the privacy of a Canadian or a person in Canada is put at risk in a manner that runs counter to, or is not provided for, in CSE’s policies. CSE tracks such incidents via its Privacy Incidents File and, for privacy incidents that are attributable to a second-party partner or a domestic partner, its Second-party Privacy Incidents File.

Table 11: Number of privacy incidents recorded by CSE, 2021 and 2022
Type of incident 2021 2022
Privacy incidents 96 114
Second-party privacy incidents 33 23

Cyber security and information assurance

Under section 17 of the CSE Act, CSE is mandated to provide advice, guidance and services to help protect electronic information and information infrastructures of federal institutions, as well as those of non-federal entities that are designated by the Minister as being of importance to the Government of Canada.

The Canadian Centre for Cyber Security (Cyber Centre) is Canada’s unified authority on cybersecurity. The Cyber Centre, which is a part of CSE, provides expert guidance, services and education, while working in collaboration with stakeholders in the private and public sectors. The Cyber Centre handles incidents in government and designated institutions that include:

  • reconnaissance activity by sophisticated threat actors;
  • phishing incidents, that is, email containing malware;
  • unauthorized access to corporate information technology (IT) environments;
  • imminent ransomware attacks; and
  • zero-day exploits, which involves exploration of critical vulnerabilities in unpatched software.
Table 12: Number of cyber incident cases opened by CSE, 2022
Type of incident 2022
Federal institutions 1,070
Critical infrastructure 1,575
Total 2,645

Defensive and active cyber operations

Under section 18 of the CSE Act, CSE is mandated to conduct DCOs to help protect electronic information and information infrastructures of federal institutions, as well as those of non- federal entities that are designated by the Minister as being of importance to the Government of Canada from hostile cyber attacks.

Under section 19 of the CSE Act, CSE is mandated to conduct ACOs against foreign individuals, states, organizations or terrorist groups as they relate to international affairs, defence or security.

CSE was asked to release the number of DCOs and ACOs approved, and the number carried out, during 2022. CSE responded that it is “not in a position to provide this information for publication by NSIRA, as doing so would be injurious to Canada’s international relations,national defence, and national security.”

Technical and operational assistance

As part of the assistance aspect of CSE’s mandate, CSE receives requests for assistance from Canadian law enforcement and security agencies, as well as from the Department of National Defence and the Canadian Forces (DND/CAF).

Table 13: Number of requests for assistance received and actioned by CSE, 2020 to 2022
  2020 2021 2022
Approved 23 32 59
Not approved 1 3 Not applicable
Cancelled Not available Not available 1
Denied Not available Not available 2
Total received 24 35 62

3.3 Other departments

Overview

In addition to the CSIS and CSE reviews above, NSIRA completed the following reviews of departments and agencies in 2022:

  • A review of the Department of National Defence and the Canadian Armed Forces;
  • A review of the Canada Border Services Agency; and
  • NSIRA’s annual reviews of both the Security of Canada Information Disclosure Act and the Avoiding Complicity in Mistreatment by Foreign Entities Act, both of which involve a broader set of departments and agencies that make up the Canadian national security and intelligence community.

Department of National Defence and the Canadian Armed Forces

Report issued pursuant to section 35 of the NSIRA Act

In the course of a review of the Department of National Defence and the Canadian Armed Forces (DND/CAF) human source handling activities, which was still ongoing at the time of writing, NSIRA issued on December 9, 2022, a report under section 35 of the NSIRA Act to the Minister of National Defence. According to section 35, NSIRA must submit to the appropriate minister a report with respect to any activity that is related to national security or intelligence that, in NSIRA’s opinion, may not be in compliance with the law. The Minister of National Defence submitted a copy of this report to the Attorney General of Canada and included her comments indicating that her interpretation of the facts and law differs from NSIRA’s. NSIRA stands by its position and is of the view that the Minister’s position is based on a narrow interpretation of the facts and the law. NSIRA will complete the larger review of DND/CAF’s human source handling activities in 2023. While the section 35 report does not include recommendations, the broader review will examine accountability and oversight of the program, its risk framework, and DND/CAF’s discharge of its duty of care with respect to human sources. The review also assesses the lawfulness of the program and its related activities, as well as the sufficiency of its legal and policy foundations. In doing so, the report may include recommendations addressing the observations made in the section 35 report.

Canada Border Services Agency

Air passenger targeting review

The Canada Border Services Agency (CBSA) air passenger targeting program uses pre-arrival risk assessments to identify inbound air travellers at higher risk of being inadmissible to Canada or whose entry, or that of their goods, may otherwise contravene the CBSA’s program legislation.

The first step in these multi-stage assessments is to triage travellers based on the characteristics and travel patterns conveyed to the CBSA by commercial air carriers in AdvancePassenger Information and Passenger Name Record data. This triage may be manual (flight list targeting) or automated (scenario-based targeting). In both methods, the CBSA relies on information and intelligence from a variety of sources to determine which data elements to treat as indicators of risk in relation to particular enforcement issues, including those related to national security. Use of these indicators may lead the CBSA to differentiate among travellers in subsequent stages of targeting or at the border, with impacts on passengers’ time, privacy and equal treatment.

The review of air passenger targeting was NSIRA’s first in-depth assessment of the CBSA’s compliance with relevant law. It focused, first, on whether the CBSA complies with restrictions on the use of passenger data established by the Customs Act and the Protection of Passenger Information Regulations. Next, the review examined whether the CBSA’s use of these types of passenger data was discriminatory under the Canadian Human Rights Act and the Canadian Charter of Rights and Freedoms.

NSIRA found that the CBSA’s use of both types of passenger data in scenario-based targeting was for a purpose authorized by the Customs Act. For flight list targeting, however, the CBSA does not document the reasons underpinning its triage decisions. NSIRA was therefore unable to verify compliance of flight list targeting with the purpose limitations set out in the Customs Act. As well, the documentation did not allow NSIRA to verify that the CBSA’s use of Passenger Name Record data in either triage method complied with the Protection of Passenger Information Regulations, which require that access to retained data be for a purpose related to the identification of persons who have or may have committed a terrorism offence or serious transnational crime.

NSIRA also found that the CBSA did not consistently demonstrate an adequate justification for its selection of particular indicators as signals of increased risk. When adequate justification is not present, differentiating among passengers on the basis of prohibited grounds of discrimination (such as age, national or ethnic origin, or sex) creates a risk of discrimination.

NSIRA recommended that the CBSA document its triage practices in a manner that demonstrates compliance with the Customs Act and, where applicable, the Protection of Passenger Information Regulations. It recommended that the CBSA ensure, in an ongoing manner, that its selection of risk indicators be adequately justified based on well-documented information or intelligence. NSIRA further recommended that the CBSA develop more robust and regular oversight of air passenger targeting, including updates to policies, procedures, training and other guidance. NSIRA also recommended that the CBSA begin collecting the data necessary to identify, analyze and mitigate discrimination-related risks stemming from air passenger targeting.

3.4 Multi-departmental reviews

Review of federal institutions’ disclosures of information under the Security of Canada Information Disclosure Act in 2021

The review of federal institutions’ disclosures of information under the Security of Canada Information Disclosure Act (SCIDA) in 2021 describes the results of a review of the 2021 disclosures made by federal institutions under this legislation. In 2022, NSIRA focused the review on Global Affairs Canada (GAC)’s proactive disclosures.

The SCIDA encourages and facilitates the disclosure of information between federal institutions to protect Canada against activities that undermine or threaten national security, subject to certain conditions. The SCIDA provides a two-part threshold that must be met before an institution can make a disclosure:

  • that the information will contribute to the exercise of the recipient institution’s jurisdiction or responsibilities in respect of activities that undermine the security of Canada (paragraph 5(1)(a)); and
  • that the information will not affect any person’s privacy interest more than reasonably necessary in the circumstances (paragraph 5(1)(b)).

The SCIDA also includes provisions and guiding principles related to the management of disclosures, including accuracy and reliability statements and record keeping obligations.

NSIRA identified concerns that demonstrate the need for GAC to improve its training. NSIRA found that there is potential for confusion on whether the SCIDA is the appropriate mechanism for certain disclosures of national security–related information. For some disclosures, GAC did not meet the two-part threshold requirements of the SCIDA before disclosing the information, which was not compliant with the SCIDA. Two disclosures did not contain accuracy and reliability statements, as required under the SCIDA. With respect to record keeping, NSIRA recommended that departments document, at the same time as they are deciding to disclose information under the SCIDA, the information they are relying on to satisfy themselves that the disclosure is authorized under the Act (paragraph 9(1)(e)).

Review of departmental implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2021

This review focused on departmental implementation of directions received through orders in council issued under the Avoiding Complicity in Mistreatment by Foreign Entities Act (ACA). This was NSIRA’s third annual statutorily mandated review of the implementation of all directions issued under the ACA. It assessed departments’ implementation of the directives received under the ACA and their operationalization of frameworks to address ACA requirements. As such, this review constitutes the first in-depth examination of the ACA within individual departments.

This year’s review covered the 2021 calendar year and was split into three sections. Section one addressed the statutory obligations of all departments. Sections two and three were an in- depth analysis of how the Royal Canadian Mounted Police (RCMP) and Global Affairs Canada (GAC) have implemented the directions under the ACA. NSIRA used case studies, where possible, to examine these departments’ implementation of their ACA framework.

This was the third consecutive year where no cases were referred to the deputy head level in any department. This is a requirement of the orders in council when officials are unable to determine if the substantial risk can be mitigated. Future reviews will be attuned to the issue of case escalation and departmental processes for decision-making.

In the 2019 NSIRA Review of Departmental Frameworks for Avoiding Complicity in Mistreatment by Foreign Entities14, NSIRA recommended that “the definition of substantial risk should be codified in law or public direction.” NSIRA noted that some departments have accounted for this gap by relying on the definition of substantial risk in the 2017 ministerial directions. In light of the pending statutorily mandated review of the National Security Act, 2017 and the importance of the concept of substantial risk to the ACA regime, NSIRA reiterated its 2019 recommendation that the definition of substantial risk be codified in law.

In the review of departmental implementation of ACA in 2020, NSIRA identified the Canada Border Services Agency (CBSA) and Public Safety Canada as not yet having finalized their ACA policies. While the CBSA and Public Safety Canada continue to make advancements, these departments have not fully implemented an ACA framework and supporting policies and procedures.

The RCMP has a robust framework in place for the triage and processing of cases pertaining to the ACA. The in-depth analysis portion of this review found that the RCMP does not have a centralized system of documenting assurances and does not regularly monitor and update the assessment of the reliability of assurances. The RCMP has also not developed mechanisms to update country and entity profiles in a timely manner, and the information collected throughthe liaison officer during an operation is not centrally documented such that it can inform future assessments.

In the analysis of one of the RCMP’s Foreign Information Risk Advisory Committee case files, NSIRA found that the RCMP’s Assistant Commissioner’s rationale for rejecting the risk advisory committee’s advice did not adequately address concerns consistent with the provisions of the orders in council. In particular, NSIRA found that the Assistant Commissioner erroneously considered the importance of the potential future strategic relationship with a foreign entity in the assessment of potential risk of mistreatment of the individual.

NSIRA found that GAC is now strongly dependent on operational staff and heads of mission for decision-making and accountability under the ACA. This is a marked change from the findings of the 2019 review that found decision-making was done by the Ministerial Direction Compliance Committee at Headquarters.

GAC has also not conducted an internal mapping exercise to determine which business lines are most likely to be implicated by the ACA. Considering the low number of cases this year and the size of GAC, and that ACA training is not mandatory for staff, NSIRA has concerns that not all areas involved in information sharing within Global Affairs Canada are being properly informed of their ACA obligations.

NSIRA also notes that GAC has no formalized tracking or documentation mechanism for the follow-up of caveats and assurances. This is problematic as mission staff are rotational and may therefore have no knowledge of previous caveats and assurances related to prior information sharing instances.

3.5 Closed review work

This past year NSIRA determined that certain ongoing review work would be closed or not result in a final report to a Minister. These decisions allow NSIRA to remain nimble and to pivot its work plan. Considerations such as shifting priorities, resourcing demands, ongoing work taking place within the reviewed department, and deconfliction with partner review agencies can all be factors that lead to a decision to close a review. Such decisions allow NSIRA to redirect its efforts and resources towards other important issues, and thereby maximize the value of its work.

For example, a review of the Royal Canadian Mounted Police’s (RCMP) Operations Research Branch was closed. A contributing factor in this decision was that the RCMP branch in question ceased to operate. Another example is the decision to cease an ongoing review of how the RCMP handles encryption in the interception of private communications in national security criminal investigations. This review was cancelled to support deconfliction efforts with the National Security and Intelligence Committee of Parliamentarians (NSICOP), who were conducting a similar review. Finally, a review of the Financial Transactions and Reports Analysis Centre’s (FINTRAC) terrorist financing and information sharing regime, which was in its early stages, was cancelled at the same time that NSIRA decided to initiate a review of the Canada Revenue Agency’s (CRA) Review and Analysis Division, which delivers the CRA’s anti- terrorism mandate.

3.6 Technology in review

Integration of technology in review

Digital technologies continue to play a crucial role in the operational activities of Canada’s national security and intelligence community as agencies increasingly use new technologies to meet their mandates, propose new avenues for activities, and monitor new threats.

It remains essential for an accountability body like NSIRA to keep pace with the use of digital technologies in Canada’s national security and intelligence community. By staying apprised of rapidly changing technology ecosystems, NSIRA can ensure that the organizations it reviews are pursuing their mandates lawfully, reasonably and appropriately.

NSIRA’s Technology Directorate is a team of engineers, computer scientists, technologists andtechnology review professionals. The mandate of NSIRA’s Technology Directorate is to:

  • lead the review of Information Technology (IT) systems and capabilities;
  • assess a reviewed entity’s IT compliance with applicable laws, ministerial direction andpolicy;
  • conduct independent technical investigations;
  • recommend IT system and data safeguards to minimize the risk of legal non-compliance;
  • produce reports explaining and interpreting technical subjects;
  • lead the integration of technology themes into yearly NSIRA review plans;
  • leverage external expertise in the understanding and assessment of IT risks; and
  • support assigned NSIRA members in the investigation of complaints against CSIS, CSE or the RCMP when technical expertise is required to assess the evidence.

In 2022, the Technology Directorate grew from one full-time employee to three and welcomed a cooperative education student and two external researchers. With its increased capacity, the Technology Directorate expanded its analysis of technologies in many NSIRA reviews, started formalizing its research methodology, and began hosting micro-learning sessions and discussion forums focused on relevant technical issues, including dark patterns, open-source intelligence and encryption.

The Technology Directorate also began establishing an academic research network with the goal of supporting NSIRA reviews. To date, contributors to the research network have produced valuable internal memos, reports, and discussion forums, which have enhanced NSIRA’s knowledge of a broad set of technical issues.

During the last year, the Technology Directorate also launched NSIRA’s first technology-led review, which focuses on the lifecycle of CSIS information collected by technical capabilities under a Federal Court warrant. This review presents an opportunity for NSIRA to draw on technical standards and review processes used by its Five Eyes peers and the international review and oversight community. NSIRA has been using this review to develop a risk assessment model and technical inspection plan, expanding NSIRA’s broader review toolkit.

Future of technology in review

During the next year, NSIRA will continue to hire more full-time employees in the Technology Directorate, support cooperative education and use external researchers to add capacity. Doing so will augment NSIRA’s ability to keep pace with the rapidly changing and expanding use of digital technologies in Canada’s national security and intelligence ecosystem.

Building on the successes of its budding academic research network, the Technology Directorate intends to prioritize unclassified research on a number of topics, including open- source intelligence, advertising technologies and metadata (content versus non-content data).

NSIRA’s Technology Directorate will also support NSIRA’s complaint investigations team to understand where and when technology factors into their processes and pursuits.

3.7 Engagement with reviewees

Improvements and ongoing challenges

As discussed in previous annual reports, as a new review body, NSIRA experienced initial challenges in its interactions with departments and agencies being reviewed. These challenges are continually being addressed and NSIRA’s relationship with reviewees has matured. While work on this front is not done, reviewees have demonstrated improvements in cooperation and support to the independent review process. The following discussion captures general commentary on the overall engagement with reviewees that were the focus of the past year’s reviews. These overviews cover 2022 and up to the date of writing of this report. Related review-specific commentary or issues, where available, are discussed within each review’s overview above.

Canadian Security Intelligence Service

After temporary restrictions and adjustments related to COVID-19 were lifted, NSIRA returned to its pre-pandemic level of occupancy within CSIS headquarters for CSIS-related reviews. This includes dedicated workspace and building passes for NSIRA employees reviewing CSIS activities. NSIRA employees have direct access to CSIS databases, and CSIS provides any training necessary, when requested, to navigate and access those systems. Generally, CSIS responds to NSIRA requests for information in a reasonably timely manner. Delays and challenges occur on occasion, but communication between NSIRA and CSIS is constructive in resolving issues.

Communications Security Establishment

NSIRA continued to use the space it procured within CSE’s headquarters in the Edward Drake Building to conduct review-related business. There was little improvement in 2022 to NSIRA’s access requirements at CSE. However, as of 2023, NSIRA is piloting limited direct access to CSE’s primary corporate document repository, GCDOCS. Issues remain and NSIRA is not in a position to assess the pilot project’s utility. In some instances, CSE has improved its responsiveness to NSIRA information requests in terms of timeliness, although some challenges remain with the quality of responses. NSIRA continues to work diligently with CSE to address these concerns.

Department of National Defence

Discussions continue with respect to developing dedicated office space and access to networks. While there has been little advancement on longer-term solutions, DND/CAF has worked with NSIRA to provide access to relevant documents, including sensitive files. DND/CAF has provided good access to facilities and people. Generally, responses to requests for information have been timely; however, a lack of proactiveness in DND/CAF disclosures has required NSIRA to send additional requests to ensure completeness and accuracy of information. Overall, the communication between NSIRA and DND/CAF has been constructive.

Royal Canadian Mounted Police

The past year was marked by inconsistencies in the RCMP’s responsiveness to NSIRA’s requests for information. The RCMP has taken steps to add to its capacity to respond to NSIRA, and this has yielded positive results. NSIRA does not have direct access to information systems but has been granted access to the files relevant to the matters under review. NSIRA has, on multiple occasions, had to send additional requests to ensure the completeness of files provided. In most cases, materials are reviewed on site in the dedicated NSIRA office space that has been provided within RCMP Headquarters. Despite challenges earlier in the year, NSIRA generally had access to people, including RCMP regular members who are experts in the areas under review. Overall, the engagement between NSIRA and the RCMP has seen improvements.

Global Affairs Canada

GAC has been responsive to NSIRA’s requests, made effort to clarify requests, and facilitated all meetings requested. During the review of departmental implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2021, GAC provided NSIRA with documents requested within a reasonable time frame. NSIRA did not have direct access to GAC systems, however this did not have an impact on NSIRA’s ability to verify information or access sensitive files as GAC was able to transfer all materials requested either by email or through their secure portal.

Canada Border Services Agency

The CBSA has provided NSIRA with adequate access to information and people. Some challenges in terms of timeliness were resolved promptly after NSIRA sent notice of a pending advisory letter. These challenges appear to be related to the CBSA’s lengthy approval process for the release of documents to NSIRA. NSIRA does not have direct access to CBSA systems, but this has not impeded NSIRA’s access to sensitive files. Overall, the CBSA has been responsive to NSIRA requests, ensuring that CBSA employees are available to answer NSIRA’s questions.

Refining NSIRA’s confidence statements

Assessing responsiveness and verification

NSIRA continues to place importance on assessing the overall quality and efficiency of its interactions with reviewees. Previously, NSIRA captured this assessment in a “confidence statement,” which provided important additional context to the review, apprising readers of the extent to which NSIRA was able to verify necessary or relevant information, and therefore whether its confidence in the information was impacted. These statements were also informed by aspects such as access to information systems and delays in receiving requested information.

NSIRA has further refined and standardized its approach for evaluating the key aspects of its interactions with reviewees and going forward will evaluate the following criteria during each review:

  • timeliness of responses to requests for information;
  • quality of responses to requests for information;
  • access to systems;
  • access to people;
  • access to facilities;
  • professionalism; and
  • proactiveness.
Follow-up on timeliness and advisory letters

NSIRA’s 2021 public annual report committed to addressing the ongoing struggle for timely responses from reviewees for requested information. During the past year, all delays have been captured by a request for information tracking system. The results inform one of the criteria discussed above. Additionally, NSIRA continues to leverage its three-staged approach to address continued delays by sending advisory letters to senior officials and ultimately respective Ministers should delays persist. This advisory tool was used at five occasions in 2022, three of which were sent to CSE, and two to the RCMP.

Advisory letters sent to a reviewee during a review may be appended to the final report for both the appropriate minister’s and the public’s awareness of such delays. Combined with the updated assessment criteria discussed above, NSIRA works to provide transparency and awareness of both the challenges and successes on interactions with those reviewed.

Complaints investigations

4.1 Overview

In the three years since its establishment, NSIRA has focused on reforming the investigative process for complaints and developing procedures and practices to ensure the conduct of investigations is fair, timely and transparent. NSIRA previously reported on the creation of its Rules of Procedure, on its policy to commit to the publishing of redacted investigation reports, and on the implementation of the use of video technology. In the past year, NSIRA streamlined its jurisdictional assessment phase and its investigative process through the increased use of investigative interviews as the principal means of fact finding. These developments enabled NSIRA to deal with a significant volume of complaints over this reporting period.

After receiving a complaint, NSIRA must evaluate whether it is within NSIRA’s jurisdiction to investigate based on conditions stated in the National Security and Intelligence Review Agency Act (NSIRA Act). For complaints against the Canadian Security Intelligence Service (CSIS) or the Communications Security Establishment (CSE), NSIRA must be satisfied that the complaint against the respondent organization refers to an activity carried out by the organization and that the complaint is not trivial, frivolous or vexatious. For complaints referred from the Civilian Review and Complaints Commission (CRCC) of the Royal Canadian Mounted Police (RCMP), NSIRA must receive and investigate a complaint referred to it under subsection 45.53(4.1) or 45.67(2.1) of the Royal Canadian Mounted Police Act if satisfied that the complaint is not trivial, frivolous or vexatious or made in bad faith. For security clearance denials, with impacts upon individuals as set out in the NSIRA Act, NSIRA must receive and investigate the complaint.

NSIRA has developed a robust process to review and independently verify respondent organization information, mindful of the interests of the complainant and the security imperatives of the organization.

In the past, the Security Intelligence Review Committee routinely dealt with complaints related to CSIS by recourse to formal hearings. While NSIRA retains this statutory power, it has sought to make increasing use of interviews to ascertain the evidence required to fully investigate and consider complaints. Considering the security constraints that limit the disclosure of information to complainants during formal hearings, investigative interviews permit NSIRA access to information in a timely manner and are expected to decrease the length of time toresolve complaints. This will be important as NSIRA deals with an increased complaint case load owing to its mandate (which includes complaints related to CSIS, CSE, RCMP and security clearances), as well as delays resulting from COVID-19 impacts over the last three years.

4.2 Ongoing initiatives

NSIRA has committed to establishing service standards for the investigation of complaints, with the goal of completing 90% of investigations within NSIRA service standards by March 2024. During 2022, NSIRA began developing these service standards, which also aim to encourage prompt and efficient administrative decision-making. The service standards will set internal time limits for certain investigative steps for each type of complaint, under normal circumstances. The service standards will specify the circumstances under which those time limits do not apply. The development of the service standards includes tracking and data collection on whether NSIRA is meeting its own service standards in the investigation of complaints. NSIRA will finalize and publish its service standards in 2023 and is committed to reporting on whether they were met.

For the year ahead, NSIRA will continue to improve its website to promote accessibility to the investigation of complaints. More specifically, NSIRA will develop an online password-protected portal through which complainants will be able to submit complaints and receive updates on the status of their file.

NSIRA began the last phase of the study on race-based data and the collection of demographic information jointly commissioned with the CRCC. The study is assessing the viability of the collection of identity-based and demographic data as part of the CRCC’s ongoing anti-racism initiatives. Improved, more precise and more consistent tracking, collection and measurement of data is necessary to support anti-racism efforts in government. In completing the study, the CRCC and NSIRA will be informed on:

  • meaningful and purposeful data collection;
  • challenges with the collection of data;
  • perspective on how the data collected can be applied to address any potential systemic barriers in NSIRA’s investigations process and its anti-racism initiatives; and
  • public sentiment of the retention of identity-based data.

NSIRA notes that some reforms to its legislation would make it easier to fulfill its investigations mandate. Among these would include an allowance for NSIRA members to have jurisdiction to complete any complaint investigation files they have begun, even if their appointment term expires. Broadened rights of access to individuals and premises of reviewed organizations would enhance verification activities.

4.3 Investigation report summaries

Allegations against CSIS’s role in delaying security assessments regarding permanent resident and temporary resident visa applications (07-403-30)

Background

The complainants filed a complaint against CSIS alleging that it caused delays in their permanent resident and temporary resident visa applications.

Investigations

During NSIRA’s investigation, CSIS provided its advice in relation to the complainants’ permanent resident applications. In light of this information, NSIRA requested confirmation from the complainants regarding whether they still wished to proceed with their complaint. The complainants clarified that they wanted to either receive monetary compensation or an explanation for the delay that occurred in relation to their file.

Conclusion

NSIRA informed the complainants that it does not have the authority to make remedial orders such as requiring CSIS to make monetary compensation to a complainant. However, NSIRA inquired whether CSIS was interested in participating in an informal resolution process to resolve some of or all the issues in the complaint. In the context of NSIRA’s informal resolution process, information was provided to the complainants regarding CSIS’s involvement in their permanent resident and temporary resident visa applications. NSIRA attempted to communicate with the complainants on several occasions to determine whether they had any questions that would assist in clarifying the circumstances of their complaint.

NSIRA determined that reasonable attempts had been made to communicate with the complainants and issued reasons deeming the complaint abandoned as per NSIRA’s Rules of Procedure. The complaint investigation file was closed.

Allegations against CSIS, Immigration, Refugees and Citizenship Canada, the Canada Border Services Agency, and Public Safety Canada in relation to their role in processing immigration applications (07-405-1 et al.)

Background

Under subsection 45(2) of the Canadian Human Rights Act, the Canadian Human Rights Commission (CHRC) referred 58 individual and group complaints to NSIRA. This matter constituted the first time NSIRA had received a section 45 referral from the CHRC.

The complainants, Iranian nationals, alleged that the Government of Canada discriminated against them on the basis of national or ethnic origin or race due to the delays in the processing of their temporary or permanent residency visa, or Canadian citizenship.

Under section 46 of the Canadian Human Rights Act, NSIRA is obliged to conduct an investigation and return a report to the CHRC. It further provides that on NSIRA’s report, the CHRC may dismiss the complaint or proceed to deal with the complaint.

NSIRA’s role in section 45 referrals is confined to scrutinizing the components of a matter that are based on considerations relating to the security of Canada and report findings of its investigation into classified information to the CHRC in an unclassified manner. NSIRA does not possess the authority to exercise the CHRC’s statutory discretion to refer the matter to the Canadian Human Rights Tribunal.

Investigation

During its investigation, NSIRA considered the evidence given by witnesses and submissions of their counsel during an investigative interview, and the documentation and submissions submitted by the government parties, including classified documents disclosed to NSIRA by CSIS, Immigration, Refugees and Citizenship Canada (IRCC), the Canada Border Services Agency (CBSA) and Public Safety Canada.

Importantly, NSIRA heard evidence from the government parties in relation to a particular mandatory indicator developed by the CBSA and used by IRCC officers in deciding referrals for security screening of Iranian immigration applications. Prior to reforms made by August 2018, one indicator was based entirely on Iranian nationality, coupled only with the age and sex of the applicant. Where an applicant met the criteria, IRCC officers would automatically refer the file to the CBSA and CSIS for security screening. The evidence showed that the government abandoned mandatory indicators in 2018 because of efficacy concerns and because it contributed to delays.

NSIRA further noted that IRCC did not keep a record of the particular indicator on which the referral was based. This hindered NSIRA’s ability to investigate the other indicators that may have affected the processing of a complainant’s immigration application. That being said, NSIRA acknowledged that an indicator tracking code system was being piloted at the time of the investigative interview. This technical solution would allow for the tracking of the IRCC officers’ decisions to refer immigration applications for security screening through a coding system identifying the reason for the referral.

Conclusion

NSIRA found that:

  • the mandatory age and sex indicator used by IRCC in processing immigration applications until May 2018 relied exclusively on nationality, age and sex, which are listed as prohibited grounds of discrimination in section 5 of the Canadian Human Rights Act;
  • the mandatory age and sex indicator produced a disadvantage (including in terms of delays) to those Iranians who were subjected to security screening and to those whose own files were linked to these applicants;
  • at the material times at issue in this matter, the application of that mandatory indicator was not justifiable on national security grounds; and
  • the security screening process applicable to citizenship applications in this matter did not produce a disadvantage based on grounds enumerated in the Canadian Human Rights Act, as citizenship applications received by IRCC are sent to CSIS for security screening, regardless of the applicant’s country of birth.

NSIRA submitted its report to the CHRC so that it can assess whether there is a reasonable basis in the evidence for a referral to the Canadian Human Rights Tribunal or whether to dismiss the complaints.

Investigation of a complaint regarding the revocation of a security clearance by the Chief of the Defence Staff (1170-17-7)

Background

The complainant was a regular force soldier who held a Top-Secret security clearance. The results of the complainant’s polygraph examination, although not exclusively relied on, were the primary influence in the security assessments of the complainant prepared by CSIS and the DND Departmental Security Officer. As a result of those assessments, the Chief of the Defence Staff (CDS) revoked the complainant’s security clearance. The complainant filed a complaint with NSIRA against the CDS over the revocation of the security clearance.

Investigation

During the Investigation, NSIRA heard from government witnesses from DND and CSIS about the polygraph examination, the investigation into the complainant, and the process leading to the revocation of the complainant’s security clearance. In addition to the oral evidence, the government parties filed documents and made submissions. NSIRA also considered the oral evidence and written submissions provided by the complainant.

NSIRA reviewed all of the evidence it received to determine whether there were reasonable grounds for the CDS to revoke the complainant’s security clearance and to ensure the accuracy of the information the CDS used to reach the decision to revoke.

NSIRA found several deficiencies in the way the complainant’s polygraph was handled, reported and disseminated. In addition, NSIRA found that exculpatory facts were not contextualized nor placed before the CDS prior to the decision to revoke.

Conclusion

NSIRA found that the information the CDS relied on to make the decision to revoke was not accurate. As a result, the decision to revoke the clearance was not reasonable.

NSIRA recommended that CSIS apologize to the complainant for the manner in which the polygraph was handled, reported and disseminated and that the CDS revisit the decision to revoke the complainant’s security clearance.

Review of the Royal Canadian Mounted Police’s report regarding a public complaint (07-407-3)

Background

The complainant filed a complaint with the CRCC related to the conduct of members of the RCMP. The complainant alleged that the RCMP carried out an unjustified and arbitrary arrest of their minor son, conducted a zealous and abusive search of the family home, and publicized the arrest.

In addition, the complainant alleged that the RCMP disclosed information to U.S. authorities, stated that the complainant’s son’s arrest form would be forgotten and destroyed, and violated the son’s safety and that of his family, their constitutional rights and their whistleblower rights.

The RCMP concluded, in a report sent to the complainant pursuant to section 45.64 of the Royal Canadian Mounted Police Act (RCMP Act), that the members had acted appropriately and consequently did not support any of the complainant’s allegations.

The complainant referred their complaint to the CRCC for review as they were not satisfied with the RCMP’s findings. The CRCC referred the complaint to NSIRA pursuant to subsection 45.53(4.1) of the RCMP Act.

Investigation

NSIRA determined that it had jurisdiction to review the request for review of the RCMP’s report under section 19 of the NSIRA Act.

NSIRA’s investigation included a review of:

  • the complaint;
  • the complainant’s request for review filed with the CRCC;
  • the RCMP investigation file related to the complaint, including documents provided by the complainant during the investigation; and
  • the RCMP’s operational file related to the complaint, including numerous audio and video recordings, as well as relevant policies and legislation.
Conclusion

NSIRA found that the RCMP’s conclusions in its report were reasonable.

Notwithstanding the foregoing, NSIRA pointed out to the RCMP the importance of the decision- maker and signatory of an RCMP report having no prior involvement with the file that is the subject of the complaint, in addition to the importance of complete and contemporaneous notetaking.

4.4 Statistics on complaints investigations

Investigation activity continued at significant levels in 2022 (see Annex D). One noteworthy difference in activity from 2021 to 2022 was the significant decline in the number of active investigations: from 81 in 2021 to 19 in this reporting period. This decrease is largely attributed to a referral of close to 60 related files from the CHRC, which were dealt with during this reporting period.

Under section 16 of the NSIRA Act, any person may make a complaint to NSIRA with respect to any activity carried out by CSIS; section 17 covers complaints related to CSE activities. However, for NSIRA to be able to accept a complaint, the complainant to CSIS must first send a letter of complaint to the Director of CSIS; for CSE complaints, a letter must first be sent to the CSE Chief. NSIRA will investigate the complaint if the complainant has not received a response within a period of time that NSIRA considers reasonable or if the complainant is dissatisfied with the response given. In that regard, NSIRA observed that in 2022, 53% of complainants did not receive a letter from CSIS in response to their letter of complaint to the Director of CSIS.

There is a need to increase awareness and understanding on the part of members of the public and complainants on NSIRA’s investigative mandate and process. For example, NSIRA members do not have the ability to make remedial orders, such as compensation, or to order a government department to pay damages to complainants. NSIRA continues to make improvements to its public website to raise this awareness and better inform the public and complainants on the investigations mandate and investigative procedures it follows.

Expanding NSIRA partnerships

NSIRA believes that establishing a community of practice in the business of independent review and oversight is essential and is actively contributing to this effort. During the past year, it resumed and expanded its engagement with valuable partners, both domestically and internationally, and has already reaped the benefits of these efforts.

International partnerships

NSIRA has identified international relationships with counterparts as a priority for its institutional development. During the past year, NSIRA benefited from excellent free-flowing and extensive interactions with its closest international partners. A better understanding of the parameters of the review and oversight activities of NSIRA’s international counterparts, and sharing best practices, are vital to the agency’s growth.

Five Eyes Intelligence Oversight and Review Council

Since its inception, NSIRA has been an active participant in the Five Eyes Intelligence Oversight and Review Council. The council comprises agencies with an oversight and review mandate concerning the national security activities in their respective countries (Canada, Australia, New Zealand, the United Kingdom and the United States). NSIRA participates alongside the Office of the Intelligence Commissioner as Canada’s delegation to the council. The group meets annually, and NSIRA participated in the Five Eyes Intelligence Oversight and Review Council conference in Washington D.C. in 2022. NSIRA has the distinct pleasure of hosting council partners in Ottawa in fall 2023.

NSIRA also frequently engages bilaterally with council partners at the working level. These exchanges allow NSIRA to better understand critical issues impacting its work, compare challenges and best practices in review and oversight methodology, and discuss views on subjects of mutual interest and concern. For instance, learning about council partners’ information access rights, and the legal framework enabling such access, has helped to contextualize some of NSIRA’s own access challenges.

NSIRA met with one of its council partners, the Investigatory Powers Commissioner’s Office in London, U.K. The Commissioner’s office has a broad mandate of activities that includes, among others, approving warrants authorized by the Secretary of State and the independent oversight of the use of the powers by the U.K.’s security and intelligence community. The multi-day meetings provided an opportunity to better understand each other’s respective organizations, exchange ideas and share best practices. NSIRA met with a number of departments with whom the Commissioner’s office engages and shadowed a day-long inspection carried out by the Commissioner’s office. Of particular interest was the Commissioner’s office’s approach for following up on the implementation of recommendations it provides and its insights on the production of annual reports. Support for this important partnership continues, and NSIRA has further engaged with Commissioner’s office staff to cement this strong relationship.

NSIRA was also able to complete working-level visits to the office of Australia’s Inspector- General of Intelligence and Security and to offices of some members of the U.S. inspector general community in Washington.

Additional European engagement

NSIRA also participated in the International Intelligence Oversight Forum, which brings together oversight, review and data protection agencies from all over the world. The event was productive and NSIRA had the additional benefit of constructive bilateral exchanges with participating institutions.

As part of its efforts to build strong relationships with continental European counterparts in like- minded jurisdictions with strong accountability mechanisms, NSIRA visited the Norwegian Parliamentary Oversight Committee on Intelligence and Security Services, the Danish Intelligence Oversight Board, the Netherlands’ Review Committee on the Intelligence and Security Services, and the Swiss Independent Oversight Authority for Intelligence Activities.

Each of these highly productive visits allowed NSIRA to learn from these partners and make its work more visible within this review community.

Stronger domestic coordination

NSIRA continued to invest in strengthening relationships with key domestic partners — the National Security and Intelligence Committee of Parliamentarians (NSICOP), the Civilian Review and Complaints Commission for the RCMP and the Office of the Intelligence Commissioner, as well as the various agents of Parliament who play a key role in government accountability.

NSIRA and NSICOP have complementary roles in enhancing accountability for federal national security and intelligence activities and are required by law to cooperate in the fulfillment of their respective mandates. Regular cooperation meetings are held at various levels and the two agencies continue to refine ways to cooperate and coordinate. NSIRA and NSICOP have supported each other’s work by communicating regularly on review plans to avoid duplication and to make adjustments where required. These coordination efforts contributed to NSIRA’s decision to cease work on an RCMP encryption review. NSIRA has also provided, after ministerial consultation, many of its final reports to NSICOP. For its part, NSICOP has provided NSIRA with its classified reports and background briefings. These exchanges have allowed both organizations to refine their review topics and methodologies. NSICOP’s and NSIRA’s legal teams have also engaged productively, with a view to working through common access challenges, among other things. These frequent and in-depth exchanges serve as an important foundation for a cohesive and robust national security and intelligence review apparatus, and NSIRA and NSICOP enjoy a level of cooperation that is among the strongest of their international counterparts.

As discussed under Ongoing initiatives, NSIRA and the Civilian Review and Complaints Commission for the RCMP have jointly commissioned a study on race-based data and the collection of demographic information. This study will inform each organization’s approach to developing and implementing an identity-based data strategy in the context of its complaints investigations. The study is currently in its last phase and is expected to be completed in fiscal year 2023–2024.

In 2022, the NSIRA Secretariat joined a network of legal professionals from across the various agents of Parliament. As a separate agency and separate employer mandated with supporting independent oversight, NSIRA’s Secretariat benefits from collaborating with this community of practice through discussions on legal issues of common interest, professional development and knowledge transfer initiatives.

Emerging cooperation in technology

Building partnerships allows NSIRA’s growing Technology Directorate to gather diverse perspectives, collaborate on common goals, refine methodologies, and build on established best practices. In 2022, the team focused on building relationships with peers who share mandates on technical topics, such as privacy-enhancing technologies, automated decision- making and service design. Within Canada, this included collaboration with the Office of the Privacy Commissioner’s Technology Analysis Directorate, the artificial intelligence team at the Treasury Board Secretariat’s Office of the Chief Information Officer, and the Canadian Digital Service.

International and academic collaborations offered access to rich technical knowledge and expertise of other review and oversight bodies. Knowledge management, talent retention and evolving technical capabilities became the focal point of regular engagement with teams at the Investigatory Powers Commissioner’s Office, Australia’s Inspector-General of Intelligence and Security, and the Norwegian Parliamentary Oversight Committee on Intelligence and Security Services. Finally, 2022 gave rise to NSIRA’s external research program aimed at informing and supporting reviews already in progress with relevant and timely technical expertise. Building on the past year’s efforts, the Technology Directorate intends to continue developing domestic and international partnerships, including expanding its network with academics, civil society and commercial leaders to ensure key technological issues factor into its approaches.

Conclusions

As NSIRA fulfills its role within Canada’s security and intelligence landscape, it is continually motivated by the vital importance of its mandate. This is expressed through each review and complaint investigation completed. In executing its mission in 2022, NSIRA continued to build best practices across the agency. This ongoing growth and evolution position it well to take on new challenges.

As the agency’s experience grows so too does its knowledge, and it is confident in its ability to be a leading voice in the review and investigations discourse. Partnerships and engagement with reviewees are maturing, and NSIRA is already reaping the benefits of significant effort on both fronts. Applying lessons learned from these partnerships allows NSIRA to iterate and improve its processes and approaches. While there is there is still much work ahead, the results are encouraging.

As NSIRA’s members consider the agency’s accomplishments this past year, they are proud of the diligence and enthusiasm that Secretariat staff have demonstrated. NSIRA has risen to the challenge of changing circumstances and growth and have done so with an outstanding professionalism. The agency looks forward to the year ahead as it carries on with its important work.

Annexes

Annex A: Abbreviations

Abbreviation Full Name
ACA Avoiding Complicity in Mistreatment by Foreign Entities Act
ACO active cyber operations
CAF Canadian Armed Forces
CBSA Canada Border Services Agency
Cyber Centre Canadian Centre for Cyber Security
CDS Chief of the Defence Staff
CHRC Canadian Human Rights Commission
CII Canadian-identifying information
CRA Canada Revenue Agency
CRCC Civilian Review and Complaints Commission for the RCMP
CSE Communications Security Establishment
CSIS Canadian Security Intelligence Service
DCO defensive cyber operations
DLS Directorate of Legal Services
DND Department of National Defence
DOJ Department of Justice
FINTRAC Financial Transactions and Reports Analysis Centre
FIRAC Foreign Information Risk Advisory Committee
GAC Global Affairs Canada
IRCC Immigration, Refugees and Citizenship Canada
IRTC Information relating to a Canadian or a person in Canada
IT Information technology
JPAF Joint Planning and Authorities Framework
MA Ministerial Authorization
NSICOP National Security and Intelligence Committee of Parliamentarians
NSIRA National Security and Intelligence Review Agency
NSLAG National Security Litigation and Advisory Group (Justice)
PS Public Safety Canada
RCMP Royal Canadian Mounted Police
SCIDA Security of Canada Information Disclosure Act
SIGINT Signals intelligence
TRM Threat reduction measure

Annex B: Financial overview, staffing, achievements and priorities

Financial overview

The NSIRA Secretariat is organized according to two main business lines: Mandate Management and Internal Services. The table below presents a comparison of spending between 2021 and 2022 for each of these two business lines.

(In dollars) Expenditures (2022) Expenditures (2021)
Mandate Management 7,679,950 7,523,552
Internal Services 11,033,465
8,926,178
Total 18,713,415 16,449,730

In the 2022 calendar year, the Secretariat spent $18.7 million, a $2.3 million (14%) increase from the $16.4 million spent in 2021. This spending increase is mainly attributed to the ramping up of a large infrastructure project and an increased use of external services for corporate activities.

Staffing

As of June 30, 2023, NSIRA Secretariat staff complement stood at 76. In an attempt to address hiring and retention challenges, the Secretariat implemented several initiatives including the introduction of an internal development program for its mandate management sector employees. The Program aims at promoting existing employees once they acquire the level of knowledge and competencies required to be promoted. The program is individualized, informed by regular review of progress in the achievement of core knowledge and competencies expectations. The Secretariat has also launched a program to hire recent Ph D. graduates in fields of expertise that are of interests to NSIRA’s mandate.

The Secretariat also continues to use modern and flexible staffing strategies, procedures and practices. It has adapted its operations and activities to allow, to the extent possible, a flexible hybrid work model.

Clearer articulation of its core competency profiles, operational methodologies and practices also enabled a more effective integration and onboarding of employees into the organization.

Having hired a dedicated employee responsible for the implementation of an employee wellness agenda combined with an active Mental Health and Wellness Committee, several initiatives have been delivered in an aim to foster workplace well-being and increased interactions between employees.

Progress on foundational initiatives

Accessibility, employment equity, diversity, and inclusion

Informed by its three-year action plan and its commitments to the Clerk of the Privy Council, the Secretariat’s internal committee responsible for accessibility, employment equity, diversity and inclusion invited guests and led discussions aimed at increasing awareness, celebrating the Secretariat’s diverse workforce, and identifying barriers and solutions with respect to these themes.

NSIRA also took concrete steps as part of its mandated activities to include, among other things, a Gender-based Analysis Plus lens into the design and implementation of its policies and programs. As a result, NSIRA’s renewed forward-looking review plan is informed by considerations related to anti-racism, equity and inclusion. These considerations apply to the process of selecting reviews to undertake, as well as to the analysis that takes place within individual reviews. NSIRA reviews routinely consider the potential for national security or intelligence activities to result in disparate outcomes for various communities and will continue to do so in the year ahead.

In 2022, NSIRA also continued to work with another review body to develop strategies for the collection, analysis and use of identity-based data. The goal of the exercise is to rely on public consultations to determine how the public perceives the collection, analysis and use of identity- based data in relation to mandate.

Finally, the Secretariat also developed and posted its inaugural accessibility plan on NSIRA’s external website. The plan outlines the steps that will be taken over the next three years to increase physical and information accessibility, both for employees within the organization as well as for Canadians more generally.

Facilities projects, technology and security

The Secretariat is in the process of retrofitting additional workspace to enable it to accommodate all its employees within the confines of one building. The construction phase is expected to be completed late in 2023. Over the course of 2022, the Secretariat worked closely with lead security agencies to ensure the fit-up meets best practices and established standards.

Transparency and privacy

The Secretariat continues to promote transparency by dedicating resources to redact, declassify and release previous reports from the Security Intelligence Review Committee, in addition to proactively releasing NSIRA’s reviews. In 2022, a major upgrade to NSIRA’s external website was initiated with the goal of increasing access to information including access to redacted review reports and recommendations. It is expected that the website will be released in 2023.

From a privacy perspective, the NSIRA Secretariat continued to make progress further to the privacy impact assessment exercise conducted in fiscal year 2021-2022 in relation to review activities and internal services. It also initiated a privacy impact assessment for the investigations function. This work is expected to be completed in fiscal year 2023-2024.

Considering the importance of privacy as part of its activities, NSIRA took concrete steps to implement best practices to protect the privacy of individuals as part of complaints investigations and as part of the conduct of reviews.

Annex C: Review findings and recommendations

This annex lists the full findings and recommendations for the National Security and Intelligence Review Agency (NSIRA) reviews completed in 2022, as well as reviewees’ management responses to NSIRA’s recommendations, to the fullest extent possible at the time of publication. NSIRA will update such information from all reviews when they are published on its website.

Canadian Security Intelligence Service review

Threat Reduction Measures Annual Review

NSIRA’s findings

NSIRA finds that the Canadian Security Intelligence Service’s (CSIS’s) use of its TRM mandate in 2021 was broadly consistent with its use in preceding years.

For all the cases reviewed, NSIRA finds that CSIS met its obligations under the law, specifically the Canadian Charter of Rights and Freedoms and sections 12.1 and 12.2 of the CSIS Act.

For all the cases reviewed, NSIRA finds that CSIS sufficiently established a “rational link”between the proposed measure and the identified threat.

For Case 1 and Case 2, NSIRA finds that CSIS met its obligations under the 2015 Ministerial Direction for Operations and Accountability and the 2019 Ministerial Direction for Accountability issued by the Minister of Public Safety.

For Case 3, NSIRA finds that CSIS did not meet its obligations under the 2015 Ministerial Direction for Operations and Accountability and the 2019 Ministerial Direction for Accountability issued by the Minister of Public Safety.

With respect to legal risk assessments, NSIRA finds that greater specificity regarding legal risks, and direction as to how said risks could be mitigated and/or avoided, resulted in more detailed outcome reporting vis-à-vis legal compliance.

For Case 2 and Case 3, NSIRA finds that CSIS did not meet its obligations with respect to one requirement of its Conduct of Operations, Section 12.1 Threat Reduction Measures, Version 4. CSIS did not meet its internal policy requirements regarding the timelines to submit TRM implementation reports.

For Case 3, NSIRA finds that the Intended Outcome Report was not completed in a timely manner.

NSIRA finds that current policy for the completion of Strategic Impact Reports may inhibit the timely production of important information.

NSIRA’s recommendations

Recommendation
Recommendation 1: NSIRA recommends that formal legal risk assessments be conducted for TRMs involving [*sensitive factors*].
Recommendation 2: NSIRA recommends that CSIS consider and evaluate whether legal risk assessments under TRM Modernization comply with applicable ministerial direction.
Recommendation 3: NSIRA recommends that CSIS work with the Department of Justice to ensure that legal risk assessments include clear and specific direction regarding possible legal risks and how they can be avoided/mitigated during implementation of the TRM.

Recommendation 4: NSIRA recommends that Implementation Reports specify how the legal risks identified in the legal risk assessment were avoided/mitigated during implementation of the TRM.

Recommendation 5: NSIRA recommends that CSIS specify in its Conduct of Operations, Section 12.1 Threat Reduction Measures when the Intended Outcome Report is required, as it does for the Strategic Impact Report.
Recommendation 6: NSIRA recommends that CSIS integrate in policy a requirement that the Strategic Impact Report be completed at the expiry of the TRM authority.

Communications Security Establishment reviews

Review of the Communications Security Establishment’s Governance of Active and Defensive Cyber Operations — Part 2

NSIRA’s recommendations

NSIRA finds that the Global Affairs Canada Foreign Policy Risk Assessment process, as well as the related international legal assessment, improved since the Governance Review, for Communications Security Establishment (CSE) active cyber operations (ACOs) and defensive cyber operations (DCOs).

NSIRA finds that Global Affairs Canada does not have capability to independently assess potential risks resulting from the techniques used in CSE ACOs and DCOs.

NSIRA finds that CSE and the Department of Justice demonstrated a thorough understanding of section 32 of the CSE Act. However, CSE does not appropriately consult with the Department of Justice at the [*specific step*]15 stage to ensure that the assessment of legal compliance remains valid.

NSIRA finds that CSE’s applications for authorizations issued under subsections 29(1) and 30(1) of the CSE Act for [*description*] activities did not include all the available information relevant to a meaningful assessment of the requirements in subsections 34(1) and (4) of the CSE Act.

NSIRA finds that there is potential for overlap between CSE and CSIS activities in the context of capabilities used by CSE to conduct its ACOs and DCOs. However, CSE did not consistentlyconsult with CSIS about CSE’s cyber operations.

NSIRA finds that despite close collaboration with Global Affairs Canada, and the Department of National Defence and Canadian Armed Forces on ACOs and DCOs, CSE did not demonstrate consistent engagement with CSIS or the Royal Canadian Mounted Police (RCMP) to determine whether the objective of an ACO or DCO could not reasonably be achieved by other means.

NSIRA finds that the Chief’s applications for active and defensive cyber operations activities for the period of review did not accurately describe the relationship between a cyber operation, and intelligence collection.

NSIRA finds that, in its [*a specific document*], CSE did not always provide clarity pertaining to foreign intelligence missions.

NSIRA finds that CSE’s ACOs and DCOs that were planned or conducted prior to July 30, 2021,including the case studies analyzed in this report, were lawful.

NSIRA finds that there is significant overlap between activities conducted under the ACO and DCO aspects of CSE’s mandate, as well as between all four aspects of CSE’s mandate.

NSIRA’s recommendations, and CSE response

Recommendation CSE and GAC Response (June 21st , 2023)
Recommendation 1: NSIRA recommends that Global Affairs Canada develop or otherwise leverage capability to enable it to independently assess potential risks resulting from the techniques used in CSE ACOs and DCOs. Disagree. CSE and GAC disagree with this recommendation.
In accordance with the CSE-GAC Governance Framework, GAC assesses CSE cyber operations for foreign policy risks and compliance with international law. CSE’s internal risk assessment process assesses the cyber operation for technical risks based on the techniques used.
Just as CSE relies upon GAC to provide expertise in foreign policy and international law, GAC relies upon CSE to provide expertise on technologies and techniques at the forefront of development.
Accurate assessment of all risks from a cyber operation relies on the continuation of open and honest dialogue and trust between GAC and CSE. As such, CSE will continue to share information with GAC on techniques, whenever their use may have an impact on GAC’s foreign policy risk assessment.
Recommendation 2: NSIRA recommends that the Department Justice be fully consulted at all stages of an ACO or DCO, particularly prior to operational execution. Agree in principle. CSE agrees with this recommendation in principle.
CSE believes that the advice and guidance provided by the Department of Justice (DOJ) representatives embedded in CSE's Directorate of Legal Services (DLS) is integral to CSE's success. CSE consults with DLS at all relevant stages of a cyber operation. As a matter of practice, CSE consults DLS throughout the Joint Planning and Authorities Framework (JPAF) process and at a key stage, and more consultation is conducted when an activity is new or novel.
Internal tools developed by DLS are used to ensure that activities do not contravene the prohibitions set out in the CSE Act and assist analysts in identifying when a higher risk necessitates further legal review. Additionally, CSE's internal operational policy team is consulted on all key stages.
Recommendation 3: NSIRA recommends that CSE abandon the practice of generic ACO and DCO applications to the Minister of National Defence, and instead submit individual applications. Disagree. CSE and GAC disagree with this recommendation.
When submitting an application for these particular ACO and DCO Ministerial Authorizations (MAs), CSE and GAC always ensure that the Minister of National Defence and the Minister of foreign Affairs are provided with a sufficient amount of information to make an informed decision as to whether CSE’s proposed activities are reasonable and proportionate against a specific set of objectives. To that end, these particular ACO and DCO MAs are structured around key objectives in countering a number of well-defined threats globally. In that sense, they are not “generic”, but their scope is broad enough to give CSE the flexibility to act against a wide range of targets, when the identity of threat actor or the location and context is unknown at the time of application.
For any operations assessed as falling under the authority of these MAs, the current governance framework allows for appropriate risk management of operations. CSE provides GAC with detailed mission plans for each operation, which allows for a proper assessment of foreign policy risks associated with CSE’s cyber operations.
Following Recommendation no. 1 from the Governance review (FCO 1), CSE and GAC increased the amount of information included in the 2021 application for this MA. The level of detail was improved further in the 2022 application. Moreover, CSE and GAC work collaboratively on any new MAs to both ensure that relevant foreign policy objectives are reflected and that authorized operations are sufficiently scoped. Whenever an activity does not fit within the category covered by these MAs, CSE will submit a new application specific to that circumstance.
Recommendation 4: NSIRA recommends that CSE always engage with CSIS, the RCMP, and any other federal departments or agencies as to whether those departments are in a position to reasonably achieve the objective of a cyber operation.
Agree. CSE agrees with this recommendation.
CSE values the importance of consulting with all relevant Government of Canada stakeholders. During the planning of operations, CSE has and will continue to strengthen its collaborative relationships with its partners, including engaging with CSIS, RCMP, and other relevant federal departments or agencies whose mandates may intersect with a planned ACO or DCO.
Recommendation 5: NSIRA recommends that the Chief’s applications for active and defensive cyber operations inform the Minister of National Defence that acquisition of information under a valid foreign intelligence, cybersecurity, or emergency authorization, [*description*]. Agree. CSE and GAC agree with this recommendation.
This recommendation has already been addressed in the applications for the 2022-23 ACO and DCO Ministerial Authorizations.
Recommendation 6: NSIRA recommends that documentation prepared as part of the CSE’s cyber operations framework provide clear links to all known applicable foreign intelligence (or cybersecurity) missions. Agree. CSE agrees with this recommendation.
Since the period under review, and partially stemming from NSIRA recommendations issued in the Governance review (FCO 1), CSE has implemented this change into its cyber operations framework. Under the current framework, the documentation now includes links to s.16 or s.17 operations that are directly relevant to a s.18 or s.19 cyber operation.
Recommendation 7: NSIRA recommends that CSE continue to refine, and to define, the distinctions between activities conducted under different aspects of its mandate, particularly between ACO and DCO activities, but also with regard to foreign intelligence and cybersecurity activities. Agree in principle. CSE agrees with this recommendation in principle.
CSE agrees with the principle of understanding the nuances of its mandate. The CSE Act (ss.15-20) expressly distinguishes between the five aspects of the mandate. Operations are planned with an understanding of the scope and boundaries of the authorizing aspect of the mandate. CSE works closely with the Directorate of Legal Services (DLS) and its Operational Policy team to ensure that operations are planned and conducted under the appropriate authorities.
In the body of its report, NSIRA acknowledges both the clarity of the Act and of CSE’s ability to explain why an operation should be authorized under a particular aspect of the mandate. CSE’s policies and procedures governing the planning and conduct of operations rely on the distinction between aspects of the mandate. CSE’s Mission Policy Suite addresses each aspect of the mandate and provides a distinction between ACOs and DCOs. The cyber operations framework provides for planning documentation that sets out why the objectives and nature of the planned operation align with the authorities of an ACO versus a DCO, notwithstanding the techniques being applied. Finally, CSE is in the process of launching updated legal and policy training to its operational staff.

Foreign intelligence review

NSIRA’s findings

NSIRA finds that CSE has not updated the Minister of National Defence since [*year*] on its relationship with a foreign partner.

NSIRA finds that in the context of a joint operation, CSE’s analytic exchanges with a partner did not comply with all of CSE’s internal policy requirements relating to such exchanges with its partners.

NSIRA finds that CSE’s applications to the Minister of National Defence for Foreign Intelligence Authorizations did not describe the full extent of CSE’s involvement in [*specific activity*].

NSIRA finds that CSE did not appropriately apply its Mistreatment Risk Assessment process to information shared with a foreign partner. CSE conducted a mistreatment risk assessment only after having already shared substantial information with the partner.

NSIRA finds that CSE did not appropriately justify its mistreatment risk for targets of an operation.

[*Finding not releasable in public report*]

NSIRA finds that CSE does not have a mechanism to obtain timely and concrete verification ofa person’s Canadian status in order to verify that it is not directing its activities at Canadians.

NSIRA finds that CSE has not developed policies and procedures to govern its participation in [*specific activity*].

NSIRA finds that CSE’s contributions to operations with its partners are not governed by any written arrangements with operational activities.

NSIRA finds that CSE’s contributions to operations led by a partner have not been accompanied with the operational planning and risk assessment as described by CSE to the Minister of National Defence.

NSIRA finds that CSE does not obtain operational plans or risk assessments developed by its partners leading the operations, nor contributes to the development of these plans or their associated parameters.

NSIRA finds that CSE’s application for the Authorization did not inform the Minister of National Defence that it intends to conduct testing and evaluation activities under the authority of the Authorization.

NSIRA’s recommendations, and CSE response

Recommendation CSE and GAC Response (March 14th , 2023)
Recommendation 1: CSE should update the Minister of National Defence on of its relationship with a foreign partner. Agree. CSE agrees with this recommendation.

CSE concurs and regularly updates the minister on topics of importance, including the status of relationships with international partners.

CSE plans to continue providing comprehensive updates to the Minister on its international engagements and relationships with foreign partners, including the named foreign partner.

Recommendation 2: CSE should comply with the Releasable SIGINT Products requirements pursuant to the Foreign Intelligence Mission Policy Suite when conducting analytic exchanges with its partners in the performance of all operational activities. Agree. CSE agrees with this recommendation.

CSE recognizes that despite having robust policies, practices, and procedures, improvements can still be made in outreach and training to mission staff. CSE is working on a comprehensive revision of its operational legal and policy training, and will consider this recommendation when developing its compliance plans for 2023–2024.

Recommendation 3: CSE should describe to the Minister of National Defence the full extent of its participation in any activities when applying for Foreign Intelligence Authorizations. Agree. CSE agrees with this recommendation.

CSE will include relevant details to clarify [specific activities] in its next Ministerial Authorization application at a level of detail consistent with Ministerial Authorization applications.

Recommendation 4: CSE must perform a Mistreatment Risk Assessment prior to sharing information with [*country*] in accordance with parameters established with the Minister of National Defence, Minister of Foreign Affairs, and the Privy Council Office in the development of CSE’s working arrangement with this partner. Agree in principle. CSE agrees with this recommendation in principle.

CSE is of the view that its policy instruments are already clear and that there are already established best practices when sharing information with foreign entities about identifiable individuals. CSE continually seeks to improve both the implementation of internal policies, and the training and internal outreach programs for its analysts.

Additionally, it is important to note that there exists a strong mitigating factor in the overarching agreements with [*country*] which contain explicit language regarding how SIGINT may be used, and with explicit prohibitions for purposes that could result in mistreatment.

Recommendation 5: When performing a Mistreatment Risk Assessment, CSE should specify why and how its risk rating applies to each individual implicated in the sharing of information with a foreign partner. Agree in principle. CSE agrees with this recommendation in principle.

Since 2011, CSE has continually refined its mistreatment risk assessment process and documentation. In certain cases where an initial assessment has determined that all of the conditions of information sharing will be identical across a category of individuals in an activity, CSE has determined that a group mistreatment risk assessment appropriately documents the risk profiles for all individuals associated with that activity. In the event that the information sharing conditions change, or specific characteristics related to an individual associated with the activity may change the risk, a separate assessment is conducted.

CSE has continued to improve our documentation to ensure that it better reflects the analysis behind the risk assessment and why a rationale would apply to a group of individuals under a single activity. As CSE’s operational activities continue to evolve, the mistreatment risk assessment process grows to reflect the requirements of those activities.

Recommendation 6: CSE should ensure that a foreignness assessment is completed prior to commencing collection and reporting on individuals. CSE should also develop policy requirements for the documentation, tracking, and management review of foreignness assessments. Agree in principle. CSE agrees with this recommendation in principle.

As part of the SIGINT process, and relying on a combination of policy, administrative, and technological means, CSE already documents a targeting justification demonstrating reasonable grounds to believe that a target is a foreign entity outside Canada. This auditable justification crystallizes the current state of knowledge about the foreignness of a target, at the time of targeting.

In addition, as analysts perform their duties and build knowledge about a target, a foreignness assessment persists throughout SIGINT analysis in a process that is guided by the Mission Policy Suite. Each new fragment of information acquired about a target increases the body of knowledge evaluated by an analyst, including more information about a target’s foreignness that may not have been available at the time of targeting.

If at any point the analyst no longer has reasonable grounds to believe that the target is a foreign entity outside Canada, the analyst must de-target the associated selectors and register a privacy incident with CSE’s Program for Operational Compliance team, who will guide internal processes through any additional required remedial steps, such as purging any collected information. In addition, a citizenship check can also be requested from Immigration, Refugees, and Citizenship Canada (IRCC) if sufficient information is available.

Recommendation 7: CSE should develop a mechanism with Immigration, Refugees and Citizenship Canada, or other federal institutions as appropriate, to facilitate timely and concrete confirmation of the Canadian status of individuals implicated in CSE’s operational activities. Agree. CSE agrees with this recommendation.

This recommendation was previously put forward in the SCIDA 2020 final report. CSE continues to pursue discussions with IRCC for an information sharing agreement. CSE is reengaging at both working and executive levels to facilitate progress.

It should be recognized that in order to produce more accurate results, a citizenship check needs to include specific information regarding an individual target, which is not always available to CSE. In the absence of that information, a citizenship check is not guaranteed to produce conclusive results, and cannot be considered as a concrete confirmation of citizenship status. In addition, it is CSE’s understanding that IRCC databases may not capture Canadians born with Canadian citizenship. The citizenship check process and associated timelines are fully within the jurisdiction of IRCC.

Recommendation 8: CSE should develop policies and procedures to govern its participation in [*specific activities*] within the program. Agree. CSE agrees with this recommendation.

CSE remains committed to building robust policy frameworks to govern its activities and ensure that its work continues at the highest level of integrity.

While at the time of review, policies and procedures specific to the program were still in development, CSE’s existing policies and procedures include principles that govern all foreign intelligence activities conducted under CSE authorities, including [*program*].

Recommendation 9: CSE should develop written arrangements with its partners implicated in activities, to set the parameters for collaborating on these activities. Disagree. CSE disagrees with this recommendation.

CSE has enjoyed a uniquely strong relationship with partners for [*amount of time*]. By leveraging shared capabilities, Canada benefits greatly, magnifying its ability to provide quality information exponentially. The cooperation with our partners means that we [*description*], with procedures in place to manage our interactions. CSE’s operations with partners are based on bilateral information sharing and technical cooperation arrangements.

Recommendation 10: When collaborating on an operation with a partner, CSE should prepare an operational plan and conduct a risk assessment associated with the activity with a view to ensuring an operation’s alignment with CSE’s priorities and risk tolerance levels. CSE should also ensure that parameters and any caveats for the partner’s [*specific activity*] be outlined and acknowledged. Agree. CSE agrees with this recommendation.

CSE policy outlines that, when conducting SIGINT operations, including joint operations with a partner, the activity be approved via an operational plan and risk assessment in order to exercise an aspect of the CSE mandate.

Collaboration that involves [*specific activity*] without participating in the resulting operation does not require operational plans or risk assessments to be created at CSE, but rather at the partner agency conducting the operation and adopting the risk. CSE will, however, ensure that the partner agency is aware of and acknowledges any caveats or parameters.

Recommendation 11: When applying for a Ministerial Authorization, CSE should disclose to the Minister any related testing or evaluation activities that it intends to undertake pursuant to paragraph 23(1)(c) of the CSE Act. Disagree. CSE disagrees with this recommendation.

The purpose of a ministerial authorization is to seek authorities for activities that would contravene an Act of Parliament or involve the acquisition of information that interferes with the reasonable expectation of privacy (REP) of a Canadian or any person in Canada. Testing activities, as per s.23(1)(c) of the CSE Act, are not carried out under the authorities of a ministerial authorization if they do not risk contravening an Act of Parliament or do not involve the acquisition of information that interferes with the REP of a Canadian or any person in Canada. In such cases, it is not required to request authorities to conduct testing activities from the Minister through a ministerial authorization. However, at the Chief’s discretion, CSE will inform the Minister of non- ministerial authorization activities through other means.

Paragraph 23(1)(c) provides an exception to CSE’s prohibition on directing its activities at a Canadian or any person in Canada when conducting testing or evaluating products, software and systems. This means that CSE may conduct these activities which will not be considered directed at a Canadian or any person in Canada.

Any foreign intelligence activities, including testing activities, that contravene an Act of Parliament or involve the acquisition of information that interferes with the REP of a Canadian or any person in Canada can only be conducted under the authorities of a ministerial authorization. In such cases, the activities must be conducted under the authorities of an existing ministerial authorization or will require that the Minister issue a new ministerial authorization, and the Minister would be fully informed of the activities being considered before being in a position to approve them.

Department of National Defence and the Canadian Armed Forces Review

Report issued pursuant to section 35 of the NSIRA Act

NSIRA’s finding

The report contained a finding that, in NSIRA’s opinion, certain activities undertaken by the Canadian Armed Forces may not have been in compliance with the law.

Department of National Defence and the Canadian Armed Forces (DND/CAF’s) response

DND/CAF recognize the importance of independent, external reviews of the Government of Canada’s national security and intelligence activities. We fully support NSIRA’s review mandate and take all of its reports seriously.

Upon receipt of NSIRA’s section 35 compliance report, DND/CAF conducted a comprehensive analysis and do not agree with NSIRA’s opinion. Our analysis supports that the reviewed activities were conducted in accordance with the law within a robust system of oversight and accountability. Furthermore, an earlier independent external review was consistent with our analysis and supported a number of recommendations that were implemented to strengthen the governance framework. The Minister is following the steps in order to meet all the requirements outlined in section 35 of the Act.

Canada Border Services Agency review

Air Passenger Targeting Review

NSIRA’s findings

The use of Advance Passenger Information and Passenger Name Record data by the Canada Border Services Agency (CBSA) in scenario-based targeting complied with section 107(3) of the Customs Act.

The CBSA does not document its triaging practices in a manner that enables effective verification of whether all triaging decisions comply with statutory and regulatory restrictions.

The CBSA has not consistently demonstrated that an adequate justification exists for its Air Passenger Targeting triaging practices. This weakness in the link between the indicators used to triage passengers and the potential threats or contraventions they seek to identify creates a risk that Air Passenger Targeting triaging practices may be discriminatory.

The CBSA’s policies, procedures, and training are insufficiently detailed to adequately equip CBSA staff to identify potential discrimination-related risks and to take appropriate action to mitigate these risks in the exercise of their duties.

The CBSA’s oversight structures and practices are not rigorous enough to identify and mitigate potential discrimination-related risks, as appropriate. This is compounded by a lack of collection and assessment of relevant data.

NSIRA’s recommendations, and the CBSA’s responses

Recommendation Response (July 2022)
Recommendation 1: NSIRA recommends that the CBSA document its triaging practices in a manner that enables effective verification of whether all triaging decisions comply with statutory and regulatory restrictions. Agree. The CBSA will complete a review of its air passenger targeting triaging practices to ensure practices are in place which will enable effective verification of compliance with statutory and regulatory restrictions.
Recommendation 2: NSIRA recommends that the CBSA ensure, in an ongoing manner, that its triaging practices are based on information and/or intelligence that justifies the use of each indicator. This justification should be well-documented to enable effective internal and external verification of whether the CBSA’s triaging practices comply with its non-discrimination obligations. Agree. While we are satisfied that justification for triaging and targeting practices exist, the CBSA acknowledges that better documentation practices could be implemented to enable effective internal and external verification of whether the CBSA’s triaging practices comply with its non- discrimination obligations.
The CBSA’s Scenario Based Targeting Governance Framework will be updated to include information and/or intelligence that justifies the use of each indicator.
Annual reviews of scenarios will continue to be conducted and documented to confirm that each active scenario is supported by recent and reliable intelligence.
Recommendation 3: NSIRA recommends that the CBSA ensure that any Air Passenger Targeting- related distinctions on protected grounds that are capable of reinforcing, perpetuating, or exacerbating a disadvantage constitute a reasonable limit on travellers’ equality rights under the Charter. Agree. The CBSA will review its air passenger targeting practices to ensure that distinctions based on protected grounds are reasonable and can be demonstrably justified in the border administration and enforcement context.
Recommendation 4: NSIRA recommends that the CBSA develop more robust and regular oversight for Air Passenger Targeting to ensure that its practices are not discriminatory. This should include updates to the CBSA’s policies, procedures, training, and other guidance, as appropriate.
Agree. The CBSA acknowledges that policies, procedures, training, and other guidance, as appropriate can be improved to ensure robust and regular oversight for Air Passenger Targeting to ensure that its practices are not discriminatory.
The CBSA will complete a review of its policies, procedures, guidelines and training to ensure practices are not discriminatory.
Recommendation 5: NSIRA recommends that the CBSA start gathering and assessing the necessary data to identify, analyze, and mitigate discrimination-related risks. This includes disaggregated demographic data, data on the effects of Air Passenger Targeting on secondary examinations that may be apparent from related human rights complaints, and data on a baseline comparator group.
Agree. To that end, the CBSA is taking deliberate steps to develop its capacity to capture and analyze reliable and accurate data in non-intrusive ways. The Agency is working on developing standard and consistent positions and frameworks on the collection, use, management and governance of disaggregated data, developing metrics and indicators to measure the impact of decisions and policies on different groups; using data to build more inclusive and representative policies and strategies, and; identifying possible discrimination and bias.

Multi-departmental reviews

Review of Federal Institutions’ Disclosures of Information under the Security of Canada Information Disclosure Act in 2021

NSIRA’s findings

NSIRA finds that, in 12 out of 13 disclosures, Global Affairs Canada demonstrated that it satisfied itself as to the contribution of the information to the recipient institution’s responsibilities in respect of activities that undermine the security of Canada, as required under paragraph 5(1)(a) of the SCIDA.

NSIRA finds that, without first conducting the analysis under paragraph 5(1)(a) of the SCIDA, departments risk disclosing information that does not pertain to the national security mandate of the recipient institution or to activities that undermine the security of Canada.

NSIRA finds that, in 1 of 13 disclosures, Global Affairs Canada consulted on more information than necessary to obtain confirmation from CSIS that the disclosure contributed to its mandate and was linked to activities that undermine the security of Canada.

NSIRA finds that, in 10 out of 13 disclosures, Global Affairs Canada demonstrated that it satisfied itself that the disclosure will not affect any person’s privacy interest more than reasonably necessary in the circumstances, as required under paragraph 5(1)(b) of the SCIDA.

NSIRA finds that 2 of 13 disclosures did not contain the accuracy and reliability statements as required by subsection 5(2) of the SCIDA.

NSIRA finds that Global Affairs Canada training on the SCIDA lacks sufficient illustrative examples required to provide employees with adequate guidance to fulfill their obligations under the SCIDA.

NSIRA’s recommendations, and government response

Recommendation Response (February 14th, 2023)
Recommendation 1: NSIRA recommends that consultations be limited to the information necessary to obtain confirmation from the potential recipient that the information contributes to its mandate and is linked to activities that undermine the security of Canada. Agree. Public Safety’s Step-by-Step SCIDA Guide 2022 (“SCIDA Guide 2022”) was updated and distributed to federal institutions in October 2022. Many of the updates to the SCIDA Guide 2022, that were based on practitioner feedback, directly address this recommendation. The updated SCIDA Guide 2022 specifies that preliminary consultations prior to a disclosure should only include general information to ensure that SCIDA thresholds are met before the disclosing institution proceeds with the disclosure. In addition, SCIDA training material was updated in September 2022 with a renewed emphasis on the need for disclosing institutions to strictly limit the information communicated with recipient institutions during preliminary consultations.

Multiple SCIDA trainings have been delivered to federal institutions using the new material. Public Safety will continue to work with federal institutions to provide them with access to training, guidance and other useful resources on the use of the SCIDA. Given the focus of this review, Public Safety will work closely with Global Affairs Canada to address this recommendation.

Recommendation 2: NSIRA recommends that in order to provide the most valuable and meaningful context for the recipient institution, accuracy and reliability statements should be clear and specific to the circumstances of the disclosure. Agree. Statements regarding the accuracy of the information and the reliability of the manner in which it was obtained are an essential part of the disclosure process. To ensure greater compliance with this requirement, the SCIDA Guide 2022 and its related templates, as well as the updated SCIDA training material, emphasize the importance of providing statements on the accuracy of the information and reliability of the manner in which it was obtained that are clear and specific to the circumstances of the disclosure.

Public Safety will continue to provide SCIDA training and guidance to federal institutions to highlight the requirement for statements of accuracy and reliability that are clear, complete, accurate and do not include formulaic language in support of disclosures under the SCIDA.

Recommendation 3: NSIRA recommends that all disclosing departments contemporaneously prepare descriptions of the information that was relied on to satisfy themselves that disclosures were authorized under the SCIDA. Agree. Record keeping is an essential component of the SCIDA, and records of disclosures must include an appropriately robust description of the information relied upon to satisfy the disclosing institution that the disclosure meets the thresholds of the SCIDA. The SCIDA Guide 2022 includes templates that support federal institutions with their record-keeping requirements. This includes sections where disclosing institutions must prepare and maintain records that set out a description of the information that was relied on to satisfy the disclosing institution that the disclosure was authorized under the SCIDA. While paragraph 9(1)(e) of the SCIDA does not explicitly require departments to contemporaneously prepare descriptions of the information related to SCIDA disclosures, Public Safety takes note of NSIRA’s recommendation to do so in a timely manner.

Public Safety will continue to provide SCIDA training and guidance to federal institutions to highlight their recordkeeping obligations to ensure that all disclosures are authorized under the SCIDA and assist them in understanding their authorities for requesting and disclosing information under the Act.

Recommendation 4: NSIRA recommends that additional illustrative examples and scenarios be included in the SCIDA training, including for disclosure threshold requirements, accuracy and reliability statements and record-keeping requirements.

Agree. SCIDA training material was updated in September 2022 with multiple illustrative examples and case studies that provide further details on how to apply the disclosure threshold requirements, accuracy and reliability statements and record-keeping requirements. SCIDA training sessions have been delivered to federal institutions using the new material. Given the focus of this review, Public Safety will work closely with Global Affairs Canada to address this recommendation.

Review of departmental implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2021

NSIRA’s findings

NSIRA finds that the Canada Border Services Agency and Public Safety Canada still have not fully implemented an ACA framework and supporting policies and procedures are still under development.

NSIRA finds that from January 1, 2021, to December 31, 2021, no cases under the ACA were escalated to deputy heads in any department.

NSIRA finds that the RCMP has a robust framework in place for the triage of cases pertaining to the ACA.

NSIRA finds that the RCMP’s Foreign Information Risk Advisory Committee (FIRAC) risk assessments include objectives external to the requirements of the Orders in Council, such as the risk of not exchanging information.

NSIRA finds that the RCMP use of a two-part risk assessment, that of the country profile and that of the individual to determine if there is a substantial risk, including the particular circumstances of the individual in question within the risk assessment is a best practice.

NSIRA finds that the RCMP does not have a centralized system of documenting assurances and does not regularly monitor and update the assessment of the reliability of assurances.

NSIRA finds that the RCMP does not regularly update or have a schedule to update its Country and Entity Assessments. In many cases these assessments are more than four years old and are heavily dependent on an aggregation of open-source reporting.

NSIRA finds that information collected through the Liaison Officer in the course of an operation is not centrally documented such that it can inform future assessments.

NSIRA finds that FIRAC members concluded that the information sharing would result in a substantial risk of mistreatment that could not be mitigated. The Assistant Commissioner determined that it may be mitigated. This amounts to a disagreement between officials or a situation where “officials are unable to determine whether the risk can be mitigated”.

NSIRA finds that the Assistant Commissioner’s rationale for rejecting FIRAC’s advice did not adequately address concerns consistent with the provisions of the Orders in Council. In particular, NSIRA finds that the Assistant Commissioner erroneously considered the importance of the potential future strategic relationship with a foreign entity in the assessment of potential risk of mistreatment of the individual.

NSIRA finds that Global Affairs Canada is now strongly dependent on operational staff and Heads of Mission for decision-making and accountability under the ACA.

NSIRA finds that Global Affairs Canada has not demonstrated that all of its business lines are integrated into its framework under the ACA.

NSIRA finds that Global Affairs Canada has not made ACA training mandatory for all staff across relevant business lines. This could result in staff being involved in information exchanges without the proper training and knowledge of the implications of the ACA.

NSIRA finds that Global Affairs Canada has not regularly updated its Human Rights Reports. While many were updated during the 2021 review year, more than half have not been updated since 2019. This is particularly problematic when departments and agencies rely on these reports as a key source in assessing risk related to the ACA.

NSIRA finds that Global Affairs Canada does not have a standardized centralized approach for the tracking and documentation of assurances.

NSIRA’s recommendations

Recommendation
Recommendation 1: NSIRA recommends that the RCMP establish a centralized system to track caveats and assurances provided by foreign entities and where possible to monitor and document whether said caveats and assurances were respected.
Recommendation 2: NSIRA recommends that in cases where the RCMP Assistant Commissioner disagrees with FIRAC’s recommendation not to share the information, the case be automatically referred to the Commissioner.
Recommendation 3: NSIRA recommends that the assessment of substantial risk be limited to the provisions of the Orders in Council – namely the substantial risk of mistreatment and whether the risk may be mitigated – and external objectives such as fostering strategic relationships should not factor into this decision-making.

Recommendation 4: NSIRA recommends that FIRAC recommendations are referred to an Assistant Commissioner who is not responsible for the branch from which the case originates.

Recommendation 5: NSIRA recommends that GAC ensure that accountability for compliance with the ACA clearly rests with the Avoiding Mistreatment Compliance Committee.
Recommendation 6: NSIRA recommends that GAC conduct a formal internal mapping exercise of other possibly implicated business lines to ensure it is meeting its obligations set out in the ACA.
Recommendation 7: NSIRA recommends that GAC make ACA training mandatory for all rotational staff.

Recommendation 8: NSIRA recommends that GAC ensure countries’ Human Rights Reports are updated more regularly to ensure evolving human rights related issues are captured.

Recommendation 9: NSIRA recommends that GAC establish a centralized system to track caveats and assurances provided by foreign entities and document any instances of non-compliance for use in future risk assessments.

This review was approved in 2022. Under section 38 (1) of the NSIRA Act, NSIRA is therefore obliged to report on its findings and recommendations as part of its annual report for the calendar year 2022. A summary of this review is available in NSIRA’s Annual Report 2021.

NSIRA’s findings

NSIRA finds that the legal advice-seeking and giving process, and resource constraints at the Department of Justice’s National Security Litigation and Advisory Group (NSLAG) contribute to considerable delays, [*description of timeline*].

NSIRA finds that Justice legal opinions have sometimes been prepared without sufficient attention to the audience that needs to understand and act on them. Opinions have been focused on assessing legal risk, often late in the development of a CSIS activity, with limited effort made to propose alternative and legally sustainable means of arriving at the intended objective.

NSIRA finds that the Justice Legal Risk Management Framework is misunderstood at the working level at CSIS and further that it does not provide an appropriate framework for the unequivocal communication of unlawful conduct to CSIS.

NSIRA finds that difficulties in acquiring prompt and relevant legal advice have contributed to [*discussion of the detrimental effects on and risks to operations*] that may require legal advice. In consequence, the manner in which NSLAG has provided legal advice to CSIS has often not met the needs of CSIS operations.

NSIRA finds that Justice does not generate the necessary business analytics to track its service delivery performance to CSIS.

NSIRA finds that Justice has acknowledged that internal silos at NSLAG between the advisory and litigation wings have sometimes left warrant counsel unaware of emerging legal issues and that Justice has taken steps to resolve these issues.

NSIRA finds that Justice has committed to improve its advice-giving to CSIS, including moving toward “road map” style legal advice that involves working collaboratively and iteratively with CSIS to achieve operational goals within the bounds of the law.

NSIRA finds that CSIS has not always shared all relevant information with NSLAG, prompting a degree of mistrust and limiting Justice’s ability to provide responsive legal advice.

NSIRA finds that CSIS has a history of quick reforms, followed by neglect, high turnover of personnel leading to a loss of institutional knowledge, and resourcing that did not match stated priorities. CSIS does not track or measure the outcome of past reforms adequately and has no performance metrics for assessing success.

NSIRA finds that CSIS policies have not kept pace with operational reality, as they are often vague, dated, overlapping and contradictory. The absence of clear policy creates legal doubt or concerns, and gives rise to disparate interpretations of legal and operational standards.

NSIRA finds that there is little common understanding regarding the process or basis on which a warrant is prioritized. Frequent shifts in this process of prioritization have added to operational uncertainty. The prioritization process has made it very difficult to bring novel issues to the Court with the goal of addressing legal ambiguities through court decisions.

NSIRA finds that the actors involved in the warrant process do not have a common understanding of the rationale for each of the [*multiple*] of steps in the overarching warrant application scheme and are not always sure what role each approval step plays.

NSIRA finds that the proliferation of process in seeking warrants has created a system of diluted accountability widely regarded as slow and unwieldy, with delays caused by multiple levels of approval.

NSIRA finds there is no regular feedback process in which explanations for warrant-related decisions made at one level filter back to other levels. The absence of feedback is especially acute for the regional investigators.

NSIRA finds that often, the sole means to address legal uncertainty is to bring legal questions to the Federal Court through warrant applications. In consequence, an unwieldy warrant process makes resolution of legal doubt more difficult.

NSIRA finds that CSIS has struggled to ensure that all information material to the credibility of sources is properly contained in warrant applications. This “recurring omissions” problem stems from a misunderstanding of the Federal Court’s role in assessing the credibility of sources and from the presence of multiple, siloed information management systems. CSIS has undertaken reforms, but work remains to implement long-term sustainable solutions.

NSIRA finds that the Affiant Unit constitutes a vital and laudable reform within CSIS. However, the Affiant Unit is currently at risk of collapse. CSIS has not supported the unit with resources commensurate with the importance of this unit in fulfilling CSIS’s mission. The benefits of the Affiant Unit are currently in jeopardy because of governance, human resource, and training deficiencies.

NSIRA finds that the Affiant Unit’s placement in the [*Name*] branch is not commensurate with its functions and importance. This governance anomaly most likely contributes to administrative hurdles and resource challenges faced by the Affiant Unit.

NSIRA finds that without a functional Affiant Unit able to produce timely and accurate warrant applications, CSIS puts at risk access to warrants and the information collected under them.

NSIRA finds that the “independent counsel” role falls short of creating a thorough challenge function.

NSIRA finds that the CSIS regional warrants coordinators have not received sufficient training enabling them to translate the contents of the warrants into advice on proper warrant execution.

NSIRA finds that CSIS lacks long-term training programs for Intelligence Officers.

NSIRA finds that CSIS has failed to provide systematic training programs for “non-Intelligence Officers.”

NSIRA finds that the CSIS’s Learning and Development Branch has not been sufficiently resourced to develop and administer comprehensive training programs, especially in specialized areas not covered by the training offered for Intelligence Officers early in their career.

NSIRA finds that CSIS and Justice are at risk of not being able to fulfill their respective mandates. No one reform is likely to succeed unless each is pursued as part of a coherent package. No package will succeed unless backed by prioritization at senior levels, and the stable provision of resources, including people with the means and institutional knowledge to see reforms through. And no reform initiative will succeed unless accompanied by clear performance indicators, measured and analyzed regularly to track progress.

NSIRA’s recommendations and departmental responses

Recommendation Departmental response (March 29, 2022)
Recommendation 1: NSIRA recommends that Justice pursue its commitment to reforming the manner of providing legal advice to CSIS, and its stated commitment to “road map”-style advice as a best practice. In support of this objective and the provision of timely, operationally relevant advice, NSIRA further recommends that Justice implement the following:

  • Whether through an expanded “office hours” and liaison counsel program or otherwise, NSLAG must develop a legal support service operating full time, staffed by experienced lawyers empowered to provide operational advice in real time on which CSIS officers can rely, on the basis of settled Justice positions on recurring legal issues, accessible directly to CSIS officers across all regional offices and at all levels.
  • NSLAG develop a concise reference tool with its position on recurring issues and most common legal authorities invoked and make the tool accessible to counsel to support their real-time advice.
  • To minimize the need to resort to the formalized legal advice-seeking process, NSLAG (in coordination with CSIS) must involve counsel with CSIS officers at the early stage of the planning of key or novel operations and throughout their entire operational lifecycle to case-manage an iterative legal guidance process.
Agree. Prior to NSIRA issuing its report, Justice Canada has been working on a number of measures concerning policies and practices in the provision of legal services to CSIS. These measures include activities related to the duty of candour and the warrant acquisition process, best practices in the delivery of legal services, advising CSIS on legal risks associated with its operations, the sharing of information in the national security context, and tracking and responding to key performance indicators related to the delivery of legal services.

Justice is committed to improving the manner of providing legal services and ensuring practical and timely legal services. The measures undertaken to date and further measures underway support a coordinated approach for legal services, striking the right balance of resources across corporate and operational priorities. This includes providing legal advice in a more accessible, iterative manner, and supporting Counsel through interactive training to better understand and support their work in a proactive manner.

Justice and CSIS working together in an integrated fashion ensures that counsel are involved throughout an operation’s life-cycle, including the early stages. Early integration into operational planning supports the provision of timely and relevant legal advice as operations progress.

Justice has already modified its liaison counsel model. Liaison counsel are experienced counsel designated to support CSIS officers across regional offices and particular operations.

Enhancements to the role have resulted in liaison counsel providing timely and focused advice, supporting operational imperatives, and identifying trends and issues of concern to develop guidance documents and other practical tools.

Justice is developing a suite of practical tools and legal service delivery mechanisms to support CSIS. These include:

  • a user-friendly blog that describes relevant legal issues and concepts in plain-language and with a practical application to CSIS’s work;
  • a field guide for the practical application of legal concerns to CSIS’s operations that can be used by officers in the field and in real time;
  • interpretation and guidance documents; and,
  • knowledge management tools ensuring counsel can access legal precedents and interpretations.
Recommendation 2: NSIRA recommends that NSLAG (in coordination with CSIS) develop Key Performance Indicators to measure the delivery of legal services to CSIS.

Agree. Justice has developed business metrics to measure service delivery performance. Justice will continue to work with CSIS to invest in resources to conduct detailed business analytics to enhance the provision of legal services and make improvements to the existing system. Client feedback surveys are undertaken regularly.
Recommendation 3: NSIRA recommends that CSIS and Justice should include in their training programs interactive scenario-based training developing the operational intelligence activities expertise of NSLAG counsel and the legal knowledge of CSIS operational staff.

Agree. Justice has worked with CSIS to develop and deliver interactive scenario-based training and is committed to continuing that involvement.

Recommendation 4: To ensure Justice is able to give meaningful and responsive legal advice as recommended in recommendation #1, NSIRA recommends that CSIS invite Justice counsel to sit at the table at all stages of the lifecycle of key and novel operations, and that it fully and frankly brief counsel on operational objectives, intent, and details.

Agree. As set out above, Justice is working with CSIS to be involved sooner and more continuously across the lifecycle of operations to provide timely, focused and iterative legal services.
Recommendation 5: NSIRA recommends that Justice’s advice-giving must clearly and unequivocally communicate advice on the unlawfulness of client conduct, whether criminal or otherwise.

Agree. Justice is currently undertaking a review of its legal risk framework in order to improve both how legal risk is assessed, and also how risks are communicated to clients.
Recommendation 6: NSIRA recommends that CSIS adopt, and share internally, clear criteria for the warrant prioritization process.

Agree. CSIS will further refine the warrant prioritization process and work to set clear criteria.
Recommendation 7: NSIRA recommends that CSIS establish a new warrant process eliminating steps that do not make a significant contribution to a more accurate application. The process should assign clear lines of responsibility for the production of accurate applications. The reformed system should ensure that delays associated with managerial approvals are minimized, and that time is reallocated to those steps contributing to the preparation of the accurate applications.

Agree. Work on implementation is underway. CSIS and Justice are committed to streamlining warrant applications, templates, and requests as part of broader modernisation objectives.
Recommendation 8: NSIRA recommends that CSIS integrate the regional stakeholders (including the implicated investigators) at every key milestone of the warrants process.

Agree. CSIS has already undertaken related improvements to address this recommendation, including through the updated Affiant Unit business approach to warrant acquisition, which now includes regional stakeholders.
Recommendation 9: NSIRA recommends that CSIS adopt policies and procedures governing the reformed warrant process that clearly outlines the roles and responsibilities of each participant and the objective of each step in the warrant process and that these policies be kept current as the process evolves. Agree. The revised CSIS Justice Joint Policy on Duty of Candour and the associated guidance document outline the role of all CSIS employees (not just the affiants) in ensuring that disclosure obligations to the Court are met. In addition, CSIS has developed a s.21 warrant policy and the drafting of the related procedure is underway. In 2020 and 2021, CSIS provided Duty of Candour training to all operational employees through a special project.
Recommendation 10: To address the seeming inevitability of “recurring omissions”, NSIRA recommends that CSIS prioritize the development of [*an improved*] system for human source information management. CSIS should also continue initiatives meant to ensure that source handlers are assiduous in documenting and then reporting in source precis information going to credibility. Even with these reforms, the Affiant Unit should adopt procedures for verifying the information prepared by the regions. Agree. The recommendation endorses a CSIS initiative already underway. An Action Plan approved by the Executive in January 2021 identified the requirement, and CSIS stakeholders are advancing this initiative. CSIS developed a comprehensive requirements package, and identified a potential technical solution. The complexity of the technical development process means this will be a long process.
Recommendation 11: NSIRA recommends that CSIS recognize the importance of the Affiant Unit by assigning affiants and analysts an employment classification congruent with their responsibilities. Agree. CSIS has addressed this recommendation by classifying affiants at one level above the Intelligence Officer working level to recognize the complexity of their work and to attract/retain candidates. A competitive competition process is underway to staff the affiant positions and is anticipated to be completed by the end of March 2022.
Recommendation 12: NSIRA recommends that CSIS should create an Affiant Branch reporting directly to the CSIS Director. Disagree. The Service notes the concerns raised by the committee in its report regarding the Affiant’s Unit current placement in the organization’s hierarchy. This said, throughout the course of this review, CSIS has invested heavily in the Affiant Unit and its employees and has made significant changes to the warrant process and its governance. The Service is confident that these changes will be sufficient to address the concerns that resulted in this finding and recommendation, particularly as it relates to observations related to administrative and human resource challenges. In addition, the current placement of the Affiant Unit with other units with corresponding responsibilities for warrant acquisition best facilitates the provision of ongoing guidance and advice throughout the warrant lifecycle to ensure compliance and duty of candour obligations are met. Given its importance, CSIS commits to ongoing monitoring and evaluation of the Affiant Unit to ensure the concerns highlighted in the report do not re-occur.
Recommendation 13: NSIRA recommends that CSIS urgently resource the Affiant Unit to meet its responsibilities and ensure its sustainability. In deciding the size of the Affiant Unit, CSIS should assess how many warrants an affiant team might reasonably complete every year. Agree. In line with the recommendation, CSIS already increased the resourcing of the Affiant Unit and approved changes to the organizational chart in March 2021. As noted above, a staffing action is currently underway that aims to create a pool of qualified candidates which can be leveraged to help increase the Affiant Unit’s capacity.
Recommendation 14: NSIRA recommends that CSIS, in consultation with Justice, develop a comprehensive training course for all affiants and analysts, codifying best practices and methods for members of the Affiant Unit.

Agree. CSIS intends to provide fulsome training to the affiant unit, as recommended. In late 2021, initial consultations were held to identify appropriate training. Unfortunately, the pandemic has disrupted training efforts.

Justice is supporting CSIS in the development and delivery of all comprehensive and practical training for all those working on warrant applications. Cross-reference recommendations 3 and 18.



Recommendation 15: NSIRA recommends that NSLAG be staffed by a complement of counsel and support personnel sufficient to ensure that CSIS operations are not impeded by resource limitations at NSLAG. Agree. Justice and CSIS will continue to work together on resources and staffing issues.
Recommendation 16: NSIRA recommends that the function of the Independent Counsel as performed by National Security Group counsel at the Department of Justice should be eliminated, in favour of a new challenge function, analogous to the role a defence lawyer would play were warrants subject to an adversarial process, situated at Public Safety and supported by the Public Safety vetting team, and performed by a knowledgeable lawyer from the Public Prosecution Service of Canada, the private sector, or elsewhere, who is independent from Justice management and not otherwise involved in CSIS warrant applications. Agree. Public Safety will develop an enhanced vetting function, housed in Public Safety Canada, that reflects the principles and objectives set out by NSIRA. Public Safety Canada will develop the enhanced vetting function as part of the CSIS warrant acquisition process such that it provides a meaningful challenge function without adding undue complexity or delay. While this work is underway, Public Safety Canada will take steps to strengthen warrant vetting on an interim basis.
Recommendation 17: NSIRA recommends that CSIS regional warrants coordinator positions receive adequate training, and that CSIS professionalize the position and enable warrant coordinators to more effectively translate the content of warrants into advice on warrant execution. Agree. CSIS acknowledges the importance of training and of centers of expertise. CSIS is determining training requirements.
Recommendation 18: NSIRA recommends that CSIS adequately resource and regularly deliver evergreen scenario-based training programs for all CSIS employees, including;
  • annual, comprehensive, warrant training for all operational employees;
  • specialized onboarding training for all employees not part of the Intelligence Officer program; and
  • continued long-term training for all specialized personnel.
Agree. CSIS is committed to improving the training offered to all of its employees, as recommended. Scenario-based training, which helps employees understand the application of policies and procedures, is now an integral part of operational training, which includes the development of an annual operational workshop. A recently approved business case will significantly increase staffing in Learning & Development to further enable training of CSIS employees. This business case includes the creation of a new position responsible for developing an enhanced onboarding for all newly hired employees, as well as the creation of new positions to create and deliver additional learning opportunities for all operational employees. Cross- reference recommendations 3 and 14.



Recommendation 19: The recommendations within this review should be treated as a coherent package and that progress and outcomes in implementing these recommendations be tracked, allowing management, the Ministers of Public Safety and of Justice, and NSIRA, to assess the efficacy of reforms and course-correct if necessary. Agree. PS, CSIS, and Justice are committed to taking a holistic approach to the implementation of the recommendations and will track and course correct as required in this complex operating environment.
Recommendation 20: The full classified version of this report be shared with the designated judges of the Federal Court. Partially agree. The Attorney General of Canada has shared the full report, redacted for solicitor- client privilege, with the designated judges of the Federal Court of Canada.

Annex D: Statistics on complaints investigations

January 1, 2022, to December 31, 2022

INTAKE INQUIRIES 75
New complaints filed 75
National Security and Intelligence Review Agency Act (NSIRA Act), section 16, Canadian Security and Intelligence Service (CSIS) complaints

22
NSIRA Act, section 17, Communications Security Establishment (CSE) complaints 2
NSIRA Act, section 18, security clearances 3
NSIRA Act, section 19, Royal Canadian Mounted Police (RCMP) referred complaints 3
NSIRA Act, section 19, Citizenship Act 0
NSIRA Act, section 45, Canadian Human Rights Commission (CHRC) referrals 0
Accepted jurisdiction to investigate 6
  Accepted Declined
NSIRA Act, section 16, CSIS complaints 3 16
NSIRA Act, section 17, CSE complaints 0 1
NSIRA Act, section 18, security clearances 1 1
NSIRA Act, section 19, RCMP referred complaints 2 3
Active investigations (at the time of writing) 19
NSIRA Act, section 16, CSIS complaints 9
NSIRA Act, section 17, CSE complaints 0
NSIRA Act, section 18, security clearances 4
NSIRA Act, section 19, RCMP referred complaints 6
NSIRA Act, section 45, CHRC referrals 0
Total investigations closed 65
  Abandoned Final report Resolved informally Withdrawn
NSIRA Act, section 16, CSIS complaints 1 0 0 3
NSIRA Act, section 17, CSE complaints 0 0 0 0
NSIRA Act, section 18, security clearances 0 1 0 0
NSIRA Act, section 19, RCMP referred complaints 0 2 0 0
NSIRA Act, section 45, CHRC referrals 0 58 0 0
Total 1 61 0 3
Share this page
Date Modified:

Annual Report on the Access to Information Act 2022–23

Date of Publishing:

Introduction

The Access to Information Act gives Canadian citizens and permanent residents, as well as any person or corporation present in Canada, a right of access to information contained in government records, subject to certain specific and limited exceptions.

Section 94(1) of the Act requires the head of each government institution to prepare an annual report on the administration of the Act within the institution and to submit the report to Parliament. In addition, section 20 of the Service Fees Act requires institutions to report on all statutory fees processed during the reporting period.

This report to Parliament, which is prepared and tabled in accordance with section 94 of the Access to Information Act and section 20 of the Service Fees Act, describes the activities of the National Security and Intelligence Review Agency (NSIRA) Secretariat in administering these Acts during the period of April 1, 2022 to March 31, 2023.

If you require more information or wish to make a request under the Access to Information Act or the Privacy Act, please direct your inquiries to the following:

Access to Information and Privacy Office
National Security and Intelligence Review Agency
P.O. Box 2430, Station “D” Ottawa, Ontario, K1P 5W5
Email: ATIP@nsira-ossnr.gc.ca

Who we are

Established in July 2019, NSIRA is an independent agency that reports to Parliament and conducts investigations and reviews of the federal government’s national security and intelligence activities.

The NSIRA Secretariat assists NSIRA in fulfilling its mandate. It is the NSIRA Secretariat, headed by an Executive Director, that is the government institution for the purposes of the Access to Information Act and the Privacy Act.

Mandate

NSIRA has a dual mandate to conduct reviews and investigations in relation to Canada’s national security or intelligence activities. 

Reviews

NSIRA’s review mandate is broad, as outlined in subsection 8(1) of the National Security and Intelligence Review Agency Act (NSIRA Act). This mandate includes reviewing the activities of both the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), as well as the national security- or intelligence-related activities of any other federal department or agency. This includes, but is not limited to, the national security or intelligence activities of the Royal Canadian Mounted Police (RCMP), the Canada Border Services Agency (CBSA), the Department of National Defence (DND) and Canadian Armed Forces (CAF), Global Affairs Canada (GAC), and the Department of Justice. Further, NSIRA may review any national security or intelligence matters that a minister of the Crown refers to NSIRA.

NSIRA reviews assess whether Canada’s national security and intelligence activities comply with relevant laws, policies, and ministerial directions, and whether they are reasonable and necessary. In conducting its reviews, NSIRA can make any findings or recommendations it considers appropriate.

Investigations

NSIRA is responsible for investigating national security or intelligence-related complaints from members of the public. As outlined in paragraph 8(1)(d) of the NSIRA Act, NSIRA has the mandate to investigate complaints about:

  • any activity of CSIS or of CSE;
  • decisions to deny or revoke certain federal government security clearances;
  • any complaint referred under subsection 45.53(4.1) or 45.67(2.1) of the Royal Canadian Mounted Police Act,
  • reports made under section 19 of the Citizenship Act, and
  • matters referred under section 45 of the Canadian Human Rights Act.

Access to Information and Privacy Office

NSIRA’s ATIP Office is accountable for the development and implementation of effective policies, guidelines, systems, and procedures to ensure that the NSIRA Secretariat meets its responsibilities under the Access to Information Act and the Privacy Act.

For the reporting period, the NSIRA ATIP office consisted of:

  • 1 Full-time Access to Information Consultant;
  • 1 Part-time Privacy Consultant; and
  • 1 Full-time ATIP Manager who fulfilled the duties that would normally be carried out by an ATIP Coordinator, as well as managed the ATIP Office, in addition to fulfilling normal duties as Manager of Administrative Services for the Secretariat and Agency Members.

NSIRA Secretariat Corporate Legal Counsel and Senior General Counsel supported the ATIP office on an as required basis.

The ATIP Office is responsible for the following:

  • monitoring compliance with ATIP legislation and relevant procedures and policies;
  • processing requests under both the Access to Information Act and the Privacy Act;
  • developing and maintaining policies, procedures, and guidelines to ensure that the NSIRA Secretariat respected the Access to Information Act and the Privacy Act;
  • maintaining Personal Information Banks and conducting privacy impact assessments.
  • preparing annual reports to Parliament and other statutory reports, as well as other material that might be required by central agencies; and
  • representing the NSIRA Secretariat in dealings with the Treasury Board of Canada Secretariat, the information and privacy commissioners, and other government departments and agencies in matters pertaining to the Access to Information Act and the Privacy Act.

The NSIRA Secretariat was a party to a service agreement under section 96 of the Access to Information Act during the reporting period, pursuant to which it received administrative services from the Privy Council Office related to the tabling of the Access to Information Act annual report in Parliament. The NSIRA Secretariat was also a party to a service agreement under section 92 of the Act, pursuant to which it received ATIP Online services from the Treasury Board of Canada Secretariat.

The NSIRA Secretariat ensured that the following proactive publication legislative requirements were met during the reporting period with the assistance of its Finance team:

  • Travel expenses;
  • Hospitality expenses;
  • Reports tabled in Parliament; and
  • Contracts over $10,000.

To assist the ATIP Office in meeting its overall legislative obligations, the NSIRA Secretariat relied on a collaborative internal group of subject matter points of contact from all its branches.

Delegation Order

The Executive Director, as the Head of the NSIRA Secretariat, is responsible for the administration of the Access to Information Act within the institution. Pursuant to section 95 of the Access to Information Act, the Executive Director has delegated the ATIP Manager and ATIP Officer – as well as persons acting in these positions – to perform powers, duties, and functions for the administration of the Act. These positions have limited delegation of authority under the Act and the Privacy Act, in accordance with the delegation of authority instrument approved by the Executive Director in August 2022. The Access to Information Act Delegation Order can be found in Appendix A.

Performance 2022-2023

Performance in Processing Access Requests

During the reporting period, from April 1, 2022 to March 31, 2023, the NSIRA Secretariat received 11 formal requests in addition to 10 requests that were outstanding from previous reporting periods, bringing the total number of requests to 21. Of these, the NSIRA Secretariat closed 15 requests in 2022-23, and 6 were carried over to the next reporting period. Five of the carried-over requests were received during the 2022-23 reporting period, of which two open requests are within the legislated timelines as of March 31, 2023, and four are beyond the legislated timelines, including one request that was received during the 2018-19 reporting period.

Statistical Reports for 2022-2023

The institution’s 2022-2023 Statistical Report on the Access to Information Act and Supplemental ATIP Statistical Report for 2022-2023 are found in Appendices B and C.

Extensions and Completion Time of Closed Requests

During the reporting period, the NSIRA Secretariat invoked extensions in processing 10 requests: 1 extension of 31 to 60 days, 3 extensions of 61 to 120 days, 2 extensions of 121 to 180 days, 2 extensions of 181 to 365 days, and 2 extensions of 365 days or more, all of which included extensions necessary to consult with third parties.

Of the requests completed during the reporting period,

  • 2 requests, or 13.33% of the requests completed, were disclosed in its entirety. 1 request completed within 16 to 30 days, and 1 request completed within 181 to 365 days.
  • 7 requests, or 46.66% of the requests completed, were disclosed in part. 3 requests completed within 61 to 120 days, 2 requests completed within 181 to 365 days, and 2 requests completed more than 365 days.
  • 2 requests, or 13.33% of the requests completed, were all exempted. 1 request completed within 1 to 15 days, and 1 request completed within 31 to 60 days.
  • 1 request, or 6.66% of the requests completed, resulted in no records. This request was completed within 16 to 30 days.
  • 1 request, or 6.66% of the requests completed was abandoned and completed within 1 to 15 days.
  • 2 requests, or 13.33% of the requests completed, were neither confirmed nor denied. 1 request completed within 16 to 30 days, and 1 request completed within 31 to 60 days.

The NSIRA Secretariat’s responses to many requests required intensive review of complex records, including extensive internal and external consultations due to a significant portion of our information holdings consisting of sensitive and classified records created or originally received by other government institutions owing to NSIRA’s mandate. In 2022-23, the NSIRA Secretariat’s on-time response rate decreased extensively to 33% from 80% in the previous reporting year.

Consultations

The NSIRA Secretariat was consulted on 4 requests this fiscal year. All 4 requests were completed within 61 to 120 days. The NSIRA Secretariat closed all consultations and carried over none into 2023-2024.

Requests Treated Informally

In 2022-2023, the NSIRA Secretariat responded to 2 informal requests for records previously released under the Access to Information Act and carried over one into 2023-2024.

Impact of COVID-19 measures

During the reporting period, the NSIRA Secretariat was not affected by measures related to the COVID‑19 pandemic.

Complaints and Investigations of Access Requests

Subsection 30(1) of the Act describes how the Office of the Information Commissioner receives and investigates complaints from individuals regarding the processing of requests under the Act. The NSIRA Secretariat received three new complaints during the reporting period. One of these complaints was discontinued during the reporting period, while the other two complaints remained active on March 31, 2023.

Moreover, one complaint received in fiscal year 2021-2022 was closed as “well-founded” during this reporting period. This complaint concerned the NSIRA Secretariat’s delay in providing a fulsome response to a large request that was made to NSIRA’s predecessor, the Security Intelligence Review Committee (SIRC), before the established legislative deadline. The delay was largely due to extended external consultations.

Training and Awareness

During the reporting period, access to information training requirements were identified for all NSIRA Secretariat employees, as well as for those with functional or delegated responsibility for the administration of the Access to Information Act, in accordance with the Directive on Access to Information Requests. The Canada School of Public Service course Access to Information and Privacy Fundamentals (COR502) was included as mandatory training in all employees’ training curriculum.

Privacy policies, guidelines, procedures and initiatives

The NSIRA Secretariat updated the Delegation Order during the reporting period. We also engaged with Library and Archives Canada on obtaining institution-specific disposition authorities, as we are currently operating under the former SIRC’s disposition authorities.

Proactive Publication under Part 2 of the ATIA

In accordance with paragraph 81(b) of the Access to Information Act, the NSIRA Secretariat is a government entity subject to the following proactive publication requirements:

  • Briefing materials (section 88)

During the reporting period, NSIRA Secretariat proactive publications were published on open.canada.ca.

Of the total proactive publication requirements that were due during the reporting period, 80% were published within the legislated timelines.

Initiatives and Projects to Improve Access to Information

The NSIRA Secretariat’s IT team began work to develop an ATIP software tool for our classified and unclassified systems. The NSIRA Secretariat also signed a memorandum of understanding with TBS to make full use of ATIP online and implemented the tool during the reporting period.

Summary of Key Issues and Actions Taken on Complaints

The NSIRA Secretariat hired a consultant to help process the large aforementioned access request made to its predecessor; a request that was subsequently the subject of a delay complaint made in FY 2021-2022 and deemed well-founded by the Information Commissioner during the reporting period. The NSIRA Secretariat took concrete action during the reporting period to comply with the Commissioner’s order to provide a fulsome response to the request “forthwith”, including but not limited to streamlining the consultation process with another government institution and disclosing additional records to the requestor.

Access to Information Act Fees for the Purposes of the Service Fees Act

The Service Fees Act requires a responsible authority to report annually to Parliament on the fees collected by the institution.

With respect to fees collected under the Access to Information Act, the information below is reported in accordance with the requirements of section 20 of the Service Fees Act.

  • Enabling authority: Access to Information Act
  • Fee payable: $5.00 application fee is the only fee charged for an ATI request
  • Total revenue: $30
  • $25
  • Cost of operating the program: $294,640

Monitoring Compliance

In order to meet legislative deadlines for access to information requests, deadlines for individual requests are strictly monitored by using MS Outlook reminders. The ATIP Manager organizes ad hoc meetings to discuss request-related activities (such as whether inter-institutional consultations are necessary), determine deadlines and ensure that all team members are informed of the status of files. At bi-weekly team meetings with the Senior General Counsel and Corporate Counsel, the ATIP Manager raises and discusses compliance with legislative and policy obligations. The Executive Director is also briefed on all ATIP compliance issues.

The NSIRA Secretariat has a document setting out the procedures to be followed in carrying out our monthly proactive disclosure, together with the associated expectations and timelines, in order to monitor the accuracy and completeness of the information proactively published under Part 2 of the Act.

During the reporting period, the NSIRA Secretariat also began assessing the feasibility of making information previously released under the Access to Information Act available on its public-facing website.

For contracts issued during the reporting period, the NSIRA Secretariat included a General Condition on Access to Information from Public Services and Procurement Canada’s Standard Acquisition Clauses and Conditions Manual.

Appendix A: Delegation Order

Access to Information Act Designation Order

The Executive Director of the National Security and Intelligence Review Agency, pursuant to section 95 of the Access to Information Act, hereby designates the persons holding the positions or acting in these positions, set out in the schedule hereto to exercise the powers and perform the duties and functions of the Executive Director of the National Security and Intelligence Review Agency as the head of a government institution under the section of the Access to Information Act set out in the schedule opposite each position.

Privacy Act Designation Order

The Executive Director of the National Security and Intelligence Review Agency, pursuant to section 73 of the Privacy Act, hereby designates the persons holding the positions or acting in these positions, set out in the schedule hereto to exercise the powers and perform the duties and functions of the Executive Director of the National Security and Intelligence Review Agency as the head of a government institution under the section of the Privacy Act set out in the schedule opposite each position.

Appendix B: 2022-2023 Statistical Report on the Access to Information Act

Name of institution: National Security and Intelligence Review Agency

Reporting period: 2022-04-01 – 2023-03-31

Section 1: Request Under the Access to Information Act

1.1 Number of Requests
  Number of Requests
Received during reporting period 11
Outstanding from previous reporting period 9
Outstanding from more than one reporting period 1
Total 21
Closed during reporting period 15
Carried over to next reporting period 6
Carried over within legislated timeline 2
Carried over beyond legislated timeline 4
1.2 Sources of requests
Source Number of Requests
Media 0
Academia 0
Business (private sector) 0
Organization 0
Public 10
Decline to Identify 1
Total 11
1.3 Channels of requests
Source Number of Requests
Online 10
E-mail 0
Mail 1
In person 0
Phone 0
Fax 0
Total 11

Section 2: Informal requests

2.1 Number of informal requests
  Number of Requests
Received during reporting period 3
Outstanding from previous reporting periods 0
Outstanding from more than one reporting period 0
Total 3
Closed during reporting period 2
Carried over to next reporting period 1
2.2 Channels of informal requests
Source Number of Requests
Online 0
E-Mail 3
Mail 0
In person 0
Phone 0
Fax 0
Total 3
2.3 Completion time of informal requests
Completion Time
1 to 15 days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More than 365 Days Total
2 0 0 0 0 0 0 2
2.4 Pages released informally
Less Than 100 Pages Processed 101-500 Pages Processed 501-1000 Pages Processed 1001-5000 Pages Processed More Than 5000 Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
2 65 0 0 0 0 0 0 0 0
2.5 Pages re-released informally
Less Than 100 Pages Processed 101-500 Pages Processed 501-1000 Pages Processed 1001-5000 Pages Processed More Than 5000 Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
0 0 0 0 0 0 0 0 0 0

Section 3: Applications to the Information Commissioner on Declining to Act on Requests

  Number of Requests
Outstanding from previous reporting period 0
Sent during reporting period 0
Total 0
Approved by the Information Commissioner during reporting period 0
Declined by the Information Commissioner during reporting period 0
Withdrawn during reporting period 0
Carried over to next reporting period 0

Section 4: Requests Closed During the Reporting Period

4.1 Disposition and completion time
Disposition of Requests Completion Time
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 0 1 0 0 0 1 0 2
Disclosed in part 0 0 0 3 0 2 2 7
All exempted 1 0 1 0 0 0 0 2
All excluded 0 0 0 0 0 0 0 0
No records exist 0 1 0 0 0 0 0 1
Request transferred 0 0 0 0 0 0 0 0
Request abandoned 1 0 0 0 0 0 0 1
Neither confirmed nor denied 0 1 1 0 0 0 0 2
Decline to act with the approval of the Information Commisioner 0 0 0 0 0 0 0 0
Total 2 3 2 3 0 3 2 15
4.2 Exemptions
Section Numbers of Requests
13(1)(a) 0
13(1)(b) 0
13(1)(c) 0
13(1)(d) 0
13(1)(e) 0
14 0
14(a) 0
14(b) 0
15(1) – I. A. * 0
15(1) – Def. * 5
15(1) – S.A. * 1
16(1)(a)(i) 3
16(1)(a)(ii) 0
16(1)(a)(iii) 0
16(1)(b) 1
16(1)(c) 4
16(1)(d) 0
16(2) 0
16(2)(a) 0
16(2)(b) 0
16(2)(c) 0
16(3) 0
16.1(1)(a) 0
16.1(1)(b) 0
16.1(1)(c) 0
16.1(1)(d) 0
16.2(1) 0
16.3 0
16.31 0
16.4(1)(a) 0
16.4(1)(b) 0
16.5 0
16.6 0
17 0
18(a) 0
18(b) 0
18(c) 0
18(d) 0
18.1(1)(a) 0
18.1(1)(b) 0
18.1(1)(c) 0
18.1(1)(d) 0
19(1) 2
20(1)(a) 0
20(1)(b) 0
20(1)(b.1) 0
20(1)(c) 0
20(1)(d) 0
20.1 0
20.2 0
20.4 0
21(1)(a) 0
21(1)(b) 0
21(1)(c) 0
21(1)(d) 0
22 0
22.1(1) 0
23 1
23.1 0
24(1) 1
26 0

* I.A.: International Affairs
* Def.: Defence of Canada
* S.A.: Subversive Activities

4.3 Exclusions
Section Numbers of Requests
68(a) 0
68(b) 0
68(c) 0
68.1 0
68.2(a) 0
68.2(b) 0
69(1) 0
69(1)(a) 0
69(1)(b) 0
69(1)(c) 0
69(1)(d) 0
69(1)(e) 0
69(1)(f) 0
69(1)(g) re (a) 0
69(1)(g) re (b) 0
69(1)(g) re (c) 0
69(1)(g) re (d) 0
69(1)(g) re (e) 0
69(1)(g) re (f) 0
69.1(1) 0
4.4 Format of information released
Paper Electronic Other
E-record Data set Video Audio
0 9 0 0 0 0
4.5 Complexity
4.5.1 Relevant pages processed and disclosed for paper and e-record formats
Number of Pages Processed Number of Pages Disclosed Number of Requests
856 856 14
4.5.2 Relevant pages processed per request disposition for paper and e-record formats by size of requests
Disposition Less Than 100 Pages Processed 101-500 Pages Processed 501-1000 Pages Processed 1001-5000 Pages Processed More Than 5000 Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
All disclosed 1 7 1 322 0 0 0 0 0 0
Disclosed in part 6 247 1 280 0 0 0 0 0 0
All exempted 2 0 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0 0 0
Request abandoned 1 0 0 0 0 0 0 0 0 0
Neither confirmed nor denied 2 0 0 0 0 0 0 0 0 0
Declined to act with the approval of the information Commissioner 0 0 0 0 0 0 0 0 0 0
Total 12 254 2 602 0 0 0 0 0 0
4.5.3 Relevant minutes processed and disclosed for audio formats
Number of Minutes Processed Number of Minutes Disclosed Number of Requests
0 0 0
4.5.4 Relevant minutes processed per request disposition for audio formats by size of requests
Disposition Less Than 60 Minutes Processed 60 – 120 Minutes Processed More than 120 Minutes Processed
Number of Requests Minutes Processed Number of Requests Minutes Processed Number of Requests Minutes Processed
All disclosed 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0
All exempted 0 0 0 0 0 0
All excluded 0 0 0 0 0 0
Request abandoned 0 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0 0
Declined to act with the approval of the Information Commissioner 0 0 0 0 0 0
Total 0 0 0 0 0 0
4.5.5 Relevant minutes processed and disclosed for video formats
Number of Minutes Processed Number of Minutes Disclosed Number of Requests
0 0 0
4.5.6 Relevant minutes processed per request disposition for video formats by size of requests
Disposition Less Than 60 Minutes Processed 60 – 120 Minutes Processed More than 120 Minutes Processed
Number of Requests Minutes Processed Number of Requests Minutes Processed Number of Requests Minutes Processed
All disclosed 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0
All exempted 0 0 0 0 0 0
All excluded 0 0 0 0 0 0
Request abandoned 0 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0 0
Declined to act with the approval of the Information Commissioner 0 0 0 0 0 0
Total 0 0 0 0 0 0
4.5.7 Other complexities
Disposition Consultation Required Legal Advice Sought Other Total
All disclosed 0 0 0 0
Disclosed in part 0 0 0 0
All exempted 0 0 0 0
All excluded 0 0 0 0
Request abandoned 0 0 0 0
Neither confirmed nor denied 0 0 0 0
Declined to act with the approval of the Information Commissioner 0 0 0 0
Total 0 0 0 0
4.6 Closed requests
4.6.1 Requests closed within legislated timelines
  Requests closed within legislated timelines
Number of requests closed within legislated timelines 5
Percentage of requests closed within legislated timelines (%) 33.33333333
4.7 Deemed refusals
4.7.1 Reasons for not meeting legislated timelines
Number of Requests Closed Past the Legislated Timelines Principal Reason
Interference with Operations/Workload External Consultation Internal Consultation Other
10 0 10 0 0
4.7.2 Requests closed beyond legislated timelines (including any extension taken)
Number of Days Past Legislated Timelines Number of Requests Past Legislated Timeline Where No Extension Was Taken Number of Requests Past Legislated Timeline Where an Extension Was Taken Total
1 to 15 Days 0 0 0
16 to 30 Days 0 0 0
31 to 60 Days 0 2 2
61 to 120 Days 0 3 3
121 to 180 Days 0 0 0
181 to 365 Days 0 3 3
More than 365 Days 0 2 2
Total 0 10 10
4.8 Requests for translation
Translation Requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Section 5: Extensions

5.1 Reasons for extensions and disposition of requests
Disposition of Requests Where an Extension Was taken 9(1)(a) Interference With Operations/Workload 9(1)(b) Consultation 9(1)(c) Third-Party Notice
Section 69 Other
All disclosed 0 0 2 0
Disclosed in part 0 0 7 0
All exempted 0 0 1 0
All excluded 0 0 0 0
Request abandoned 0 0 0 0
No records exist 0 0 0 0
Declined to act with the approval of the Information Commissioner 0 0 0 0
Total 0 0 10 0
5.2 Length of extensions
Length of Extensions 9(1)(a) Interference With Operations/Workload 9(1)(b) Consultation 9(1)(c) Third-Party Notice
Section 69 Other
30 days or less 0 0 0 0
31 to 60 days 0 0 1 0
61 to 120 days 0 0 3 0
121 to 180 days 0 0 2 0
181 to 365 days 0 0 2 0
365 days or more 0 0 2 0
Total 0 0 10 0

Section 6: Fees

Fee Type Fee Collected Fee Waived Fee Refunded
Number of Requests Amount Number of Requests Amount Number of Requests Amount
Application 0 $30.00 5 $0.00 0 $0.00
Other fees 0 $0.00 0 $0.00 0 $0.00
Total 6 $30.00 5 $0.00 0 $0.00

Section 7: Consultations Received From Other Institutions and Organizations

7.1 Consultations received from other Government of Canada institutions and other organizations
Consultations Other Government of Canada Institutions Number of Pages to Review Other Organizations Number of Pages to Review
Received during reporting period 4 189 0 0
Outstanding from the previous reporting period 0 0 0 0
Total 4 189 0 0
Closed during the reporting period 4 189 0 0
Carried over within negotiated timelines 0 0 0 0
Carried over beyond negotiated timelines 0 0 0 0
7.2 Recommendations and completion time for consultations received from other Government of Canada institutions
Recommendation Number of Days Required to Complete Consultation Requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
Disclose entirely 0 0 0 0 0 0 0 0
Disclose in part 0 0 0 4 0 0 0 4
Exempt entirely 0 0 0 0 0 0 0 0
Exclude entirely 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 4 0 0 0 4
7.3 Recommendations and completion time for consultations received from other organizations outside the Government of Canada
Recommendation Number of Days Required to Complete Consultation Requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
Disclose entirely 0 0 0 0 0 0 0 0
Disclose in part 0 0 0 0 0 0 0 0
Exempt entirely 0 0 0 0 0 0 0 0
Exclude entirely 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0

Section 8: Completion Time of Consultations on Cabinet Confidences

8.1 Requests with Legal Services
Number of Days Fewer Than 100 Pages Processed 101-500 Pages Processed 501-1000 Pages Processed 1001-5000 Pages Processed More Than 5000 Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0
8.2 Requests with Privy Council Office
Number of Days Fewer Than 100 Pages Processed 101-500 Pages Processed 501-1000 Pages Processed 1001-5000 Pages Processed More Than 5000 Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

Section 9: Investigations and Reports of finding

9.1 Investigations
Section 32 Notice of intention to investigate Subsection 30(5) Ceased to investigate Section 35 Formal Representations
3 0 0
9.2 Investigations and Reports of finding
Section 37(1) Initial Reports Section 37(2) Final Reports
Received Containing recommendations issued by the Information Commissioner Containing orders issued by the Information Commissioner Received Containing recommendations issued by the Information Commissioner Containing orders issued by the Information Commissioner
1 1 1 1 1 1

Section 10: Court Action

10.1 Court actions on complaints
Section 41
Complainant (1) Institution (2) Third Party (3) Privacy Commissioner (4) Total
0 0 0 0 0
10.2 Court actions on third party notifications under paragraph 28(1)(b)
Section 44 – under paragraph 28(1)(b)
0
11.1 Allocated Costs
Expenditures Amount
Salaries $100,000
Overtime $0
Goods and Services $194,640
Professional services contracts $194,640
Other $0
Total $294,640
11.2 Human Resources
Resources Person Years Dedicated to Access to Information Activities
Full-time employees 0.000
Part-time and casual employees 1.000
Regional Staff 0.000
Consultants and agency personnel 1.000
Students 1.000
Total 3.000

Note: Enter values to three decimal places.

Appendix C: Supplemental Statistical Report on the Access to Information Act and Privacy Act

Section 1: Capacity to Receive Requests under the Access to Information Act and the Privacy Act

  Number of weeks
Able to receive requests by mail 52
Able to receive requests by email 52
Able to receive requests through the digital request service 52

Section 2: Capacity to Process Records under the Access to Information Act and the Privacy Act

2.1 Number of weeks your institution was able to process paper records in different classification levels
  No capacity Partial Capacity Full capacity Total
Unclassified Paper Records 0 0 52 52
Protected B Paper Records 0 0 52 52
Secret and Top Secret Paper Records 0 0 52 52
2.2 Number of weeks your institution was able to process electronic records in different classification levels
  No capacity Partial Capacity Full capacity Total
Unclassified Paper Records 0 0 52 52
Protected B Paper Records 0 0 52 52
Secret and Top Secret Paper Records 0 0 52 52

Section 3: Open Requests and Complaints Under the Privacy Act

3.1 Number of open requests that are outstanding from previous reporting periods.

Fiscal Year Open Requests Were Received Open Requests that are Within Legislated Timelines as Open Requests that are Beyond Legislated Timelines as of March 31, 2023 Total
Received in 2022-23 2 3 5
Received in 2021-22 0 0 0
Received in 2020-21 0 0 0
Received in 2019-20 0 0 0
Received in 2018-19 0 1 1
Received in 2017-18 0 0 0
Received in 2016-17 0 0 0
Received in 2015-16 0 0 0
Received in 2014-15 0 0 0
Received in 2013-14 or earlier 0 0 0

3.2 Number of open complaints with the Privacy Commissioner of Canada that are outstanding from previous reporting periods

Fiscal Year Open Complaints were received by institutions Open Requests that are Within Legislated Timelines as
Received in 2022-23 3
Received in 2021-22 0
Received in 2020-21 0
Received in 2019-20 0
Received in 2018-19 0
Received in 2017-18 0
Received in 2016-17 0
Received in 2015-16 0
Received in 2014-15 0
Received in 2013-14 or earlier 0
Total 3
Share this page
Date Modified:

Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2020

Completed Reviews

Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2020


Backgrounder

The Avoiding Complicity in Mistreatment by Foreign Entities Act (ACA or Act) and its associated directions seek to prevent the mistreatment of any individual as a result of information exchanged between a Government of Canada department and a foreign entity. At the heart of the directions is the consideration of substantial risk, and whether that risk, if present, can be mitigated. To do this, the Act and the directions lay out a series of requirements that need to be met or implemented when handling information. This review covers the implementation of the directions sent to 12 departments and agencies from their date of issuance, January 1, 2020, to the end of the previous calendar year, December 31, 2020. It was conducted under subsection 8(2.2) of the National Security and Intelligence Review Agency Act (NSIRA Act), which requires NSIRA to review, each calendar year, the implementation of all directions issued under ACA.

This was the first ACA review to cover a full calendar year. Many of the reviewed departments noted that the pandemic impacted their information sharing activities, thus impacting the number of cases requiring further review as per the ACA. As such, NISIRA found that from January 1, 2020 to December 31, 2020, no cases under the ACA were escalated to deputy heads in any department.

As part of the review, NSIRA examined the case triage process of all twelve departments. NSIRA found that even when departments employ similar methodologies and sources of information to inform their determination of whether or not a case involving the same country of concern should be escalated, significant divergences in the evaluation of risk and the required level of approval emerge.

In keeping with NSIRA’s 2020 Annual Report which emphasized the implementation of a “trust but verify” approach for assessing information provided over the course of a review, NSIRA continues to work on various verification strategies with the Canadian intelligence community. However, due to the continuing COVID-19 pandemic, implementation of verification processes was not possible across all twelve departments which fall under the ACA. Notwithstanding, the information provided by departments has been independently verified by NSIRA through documentation analysis and meetings with department subject matter experts, as warranted. Further work is underway to continue developing an access model for the independent verification of information relevant to ACA considerations.

Date of Publishing:

Executive Summary

The Avoiding Complicity in Mistreatment by Foreign Entities Act (ACA or Act) and its associated directions seek to prevent the mistreatment of any individual as a result of information exchanged between a Government of Canada department and a foreign entity. At the heart of the directions is the consideration of substantial risk, and whether that risk, if present, can be mitigated. To do this, the Act and the directions lay out a series of requirements that need to be met or implemented when handling information. This review covers the implementation of the directions sent to 12 departments and agencies from their date of issuance, January 1, 2020, to the end of the previous calendar year, December 31, 2020. It was conducted under subsection 8(2.2) of the National Security and Intelligence Review Agency Act (NSIRA Act), which requires NSIRA to review, each calendar year, the implementation of all directions issued under ACA.

This was the first ACA review to cover a full calendar year. Many of the reviewed departments noted that the pandemic impacted their information sharing activities, thus impacting the number of cases requiring further review as per the ACA. As such, NISIRA found that from January 1, 2020 to December 31, 2020, no cases under the ACA were escalated to deputy heads in any department.

While NSIRA was pleased with the considerable efforts made by many departments new to ACA in building their frameworks, Canada Boarder Services Agency (CBSA) and Public Safety did not finalize their policy frameworks in support of the Directions received under the ACA for the review period.

As part of the review, NSIRA examined the case triage process of all twelve departments. NSIRA found that even when departments employ similar methodologies and sources of information to inform their determination of whether or not a case involving the same country of concern should be escalated, significant divergences in the evaluation of risk and the required level of approval emerge.

A case sent to both GAC and CSIS was reviewed by NSIRA for its implications under the ACA. While the information was ultimately not shared with the requesting foreign entity, nonetheless, NSIRA found that the risk of mistreatment was substantial and the decision should have been referred to the Deputy Minister of Foreign Affairs as the accountable deputy minister for this request.

Mitigation measures used by departments were also reviewed this year, since they are an integral part in the information sharing process for departments. NSIRA observed that there are gaps in departments’ ability to verify whether a country or entity has actually complied with caveats or assurances because of the difficulty in tracking compliance to mitigation measures.

NSIRA believes that it is now in a position to conduct in-depth case study assessments of individual departments’ adherence to the ACA and Directions, irrespective of whether or not a department reported any cases to its deputy head. Finally, future reviews will follow up on the ongoing implementation of NSIRA’s past recommendations.

In keeping with NSIRA’s 2020 Annual Report which emphasized the implementation of a “trust but verify” approach for assessing information provided over the course of a review, NSIRA continues to work on various verification strategies with the Canadian intelligence community. However, due to the continuing COVID-19 pandemic, implementation of verification processes was not possible across all twelve departments which fall under the ACA. Notwithstanding, the information provided by departments has been independently verified by NSIRA through documentation analysis and meetings with department subject matter experts, as warranted. Further work is underway to continue developing an access model for the independent verification of information relevant to ACA considerations.

Authorities

This review was conducted under subsection 8(2.2) of the NSIRA Act, which requires NSIRA to review, each calendar year, the implementation of all directions issued under the Avoiding Complicity in Mistreatment by Foreign Entities Act (ACA or the Act).

Introduction

Review background

Departments and agencies in the Government of Canada routinely share information with a range of foreign entities. However such practices can sometimes bring into play a risk of mistreatment for individuals who are the subjects of these exchanges or other individuals. It is therefore incumbent upon the Government of Canada to evaluate and mitigate the risks that this sharing entails.

In 2011, the Government of Canada implemented a general framework for Addressing Risks of Mistreatment in Sharing Information with Foreign Entities. The aim of the framework was to establish a coherent approach across government when sharing with and receiving information from foreign entities. Following this, Ministerial Direction was issued to applicable departments in 2011 (Information Sharing with Foreign Entities), and then again in 2017 (Avoiding Complicity in Mistreatment by Foreign Entities).

On July 13, 2019, the ACA came into force. The preamble of the Act recognizes Canada’s commitments with respect to the Canadian Charter of Rights and Freedoms, and Canada’s international legal obligations on prohibiting torture and other cruel and inhumane treatment. The Act also recognizes that information needs to be shared to enable the Government to fulfill its fundamental responsibility to protect Canada’s national security and the safety of Canadians.

On September 4, 2019, pursuant to section 3 of the ACA, the Governor in Council (GiC) issued written directions (Orders in Council (OiCs) or Directions) to the deputy heads of 12 departments and agencies. This added six new Canadian entities in addition to those that were already associated with the 2011 and 2017 Directions.

This report is NSIRA’s first full year assessment of the implementation of the Directions issued under ACA for the 2020 calendar year. The review builds upon two previous reviews conducted in respect of avoiding complicity in mistreatment. The first was in respect to the 2017 Ministerial Directions, while the second assessed the Directions issued under the ACA, but was limited to the four months from when the Directions were issued to the end of the 2019 calendar year.

ACA and Directions

The ACA and the Directions issued under its authority seek to prevent the mistreatment of any individual due to the exchange of information between a Government of Canada department or agency and a foreign entity. The Act and the Directions also aim to limit the use of information received from a foreign entity that is likely to have been obtained through the mistreatment of an individual.

Under the authority of subsection 3(1) of the Act, the Directions issued to the 12 departments and agencies are near identical in language and focus on the three aspects of handling information when interacting with a foreign entity: the disclosure of information, the requesting of information, and the use of any information received.

In regards to disclosure of information, the Directions state:

If the disclosure of information to a foreign entity would result in a substantial risk of mistreatment of an individual, the Deputy Head must ensure that the Department officials do not disclose the information unless the officials determine that the risk can be mitigated, such as through the use of caveats or assurances, and appropriate measures are taken to mitigate the risk.

With respect to requesting information, the Directions read as follows:

If the making of a request to a foreign entity for information would result in a substantial risk of mistreatment of an individual, the Deputy Head must ensure that Department officials do not make the request for information unless the officials determine that the risk can be mitigated, such as through the use of caveats or assurances, and appropriate measures are taken to mitigate the risk.

Lastly, as it relates to the use of information, the Directions provide:

The Deputy Head must ensure that information that is likely to have been obtained through the mistreatment of an individual by a foreign entity is not used by the Department
(a) in any way that creates a substantial risk of further mistreatment;
(b) as evidence in any judicial, administrative or other proceeding; or
(c) in any way that deprives someone of their rights or freedoms, unless the Deputy Head or, in exceptional circumstances, a senior official designated by the Deputy Head determines that the use of the information is necessary to prevent loss of life or significant personal injury and authorizes the use accordingly.

The consideration of substantial risk figures prominently in subsection 3(1) of the Act as well as the Directions. In considering whether to disclose or request information, a department must determine whether a substantial risk is present and if so whether it can be mitigated. As noted in the previous reviews on information sharing, the ACA does not define “substantial risk”. Departments refer to a definition of this term as set out in the 2017 Ministerial Directions as a general starting point when conducting assessments under the ACA. The 2017 Ministerial Directions define substantial risk as:

‘Substantial risk’ is a personal, present and foreseeable risk of mistreatment that is real and is based on something more than mere theory or speculation. In most cases, the test of a substantial risk of mistreatment would be satisfied when it is more likely than not there would be mistreatment; however, in some cases, particularly where the risk if of severe harm, the standard of substantial risk may be satisfied at a lower level of probability.

Based on the outcome of these determinations, the decision may be to approve, deny, or elevate to the Deputy Head for his or her consideration. Substantial risk is also contemplated in the consideration of the use of information received from a foreign entity. If it is evaluated that the information was likely obtained from the mistreatment of an individual, the department is prohibited from using the information in any way that creates a substantial risk of further mistreatment.

Throughout the process to determine whether to disclose or use information, the Directions require that the accuracy, reliability, and limitations of use of all information being handled are appropriately described and characterized.

Additionally, reporting requirements are found at sections 7 and 8 of the Act as well as within the Directions. Among these requirements, the Minister responsible for the department must provide a copy of the department’s annual report in respect of the implementation of the Directions during the previous calendar year as soon as feasible to NSIRA, the National Security and Intelligence Committee of Parliamentarians (NSICoP) and, if applicable, the Civilian Review and Complaints Commission (CRCC) for the Royal Canadian Mounted Police. Reporting requirements as articulated in the Directions oblige the reporting of decisions which were considered by the Deputy Head in regards to disclosure, requesting of information, or authorizing use of information that would deprive someone of their rights or freedoms be made as soon as feasible to the responsible Minister, NSIRA, and NSICoP.

Review Objectives and Methodology

The review period was January 1, 2020 to December 31, 2020. The objectives of this review included:

  • Following-up on departments’ implementation of the directives received under the ACA;
  • Assessing departments’ operationalization of frameworks/processes that enable them to meet the obligations set out in the ACA and directives; and
  • Assessing coordination and consistency in implementation across applicable departments.

Additionally, NSIRA evaluated all twelve ACA member departments’ ‘case triage’ frameworks (i.e., the combination of policy assessment criteria and a pre-determined ‘escalation ladder’ for cases that require higher levels of managerial approvals). Refer to annexes B to M that provide additional details on each departments’ triage process. Finally, NSIRA reviewed the use and policies around departmental mitigation measures.

FINDINGS

Reporting and Framework Updates

As per the Act, all twelve departments fulfilled their obligations to report to their respective ministers and NSIRA on progress made in operationalizing frameworks and identifying cases escalated to the deputy head level.

Of the nine departments who had reported to NSIRA last year that they had finalized frameworks, all continued to refine assessment protocols over the 2020 review period. Based on submissions to NSIRA, TC has developed a corporate policy to highlight the department’s ACA-related requirements. However, CBSA and PS had yet to finalize their ACA policy. As a result, employees may not have adequate and up to date guidance on how to make determinations related to the ACA.

NSIRA Finding #1: NSIRA found that CBSA and PS did not finalize their policy frameworks in support of Directions received under the ACA over the review period.

Referrals to Deputy Head

The Directions specify that when departmental officials are unable to determine whether the risk of mistreatment arising from a disclosure of or request for information can be mitigated, the matter must be referred to the Deputy Head. The Directions also require the Deputy Head, or in exceptional circumstances a senior official designated by the Deputy Head, to determine the matter where the use of information that is likely to have been obtained through mistreatment of an individual by a foreign entity would in any way deprive an individual of their rights or freedoms and the use of this information is necessary to prevent loss of life or significant injury. In 2020, no cases were escalated to the deputy head level. NSIRA sought clarification on the absence of cases referred; the most common reason provided by departments for this outcome was that cases were either mitigated before deputy head involvement and/or this was a result of an overall reduction in the number of foreign information exchanges generally due to the ongoing pandemic.

NSIRA Finding #2: NSIRA found that from January 1, 2020 to December 31, 2020, no cases under the ACA were escalated to deputy heads in any department.

Case Triage

Typically, when departments are making ACA applicability decisions, they employ varying “case triage” processes, that is, the combination of policy assessment criteria and a pre-determined ‘escalation ladder’ for cases that require higher levels of managerial assessment. NSIRA closely evaluated all twelve ‘case triage’ frameworks of the departments subject to the ACA (Refer to Annex B-M). In carrying out this work, NSIRA noted some issues in the implementation of triage systems; for example, there were instances of not having one designed and of information being outdated.

NSIRA observed that there were two main types of initial case triage processes: case-by-case, where the framework places the onus on the working level official to first make determinations based on policy assessment tools, relevant training, and individual experience; and country assessment rating, which emphasizes the initial use of a country-based risk level that may trigger case escalation. A country assessment rating is a representation of the assessed risk of mistreatment associated to a country, based on a number of criteria and often derived from a range of sources.

Initial Case Triage Category 1: Case-by-Case

All departments use working level officials to determine whether there is a risk of mistreatment. When a working level officials’ assessment is inconclusive as to whether a substantial risk of mistreatment exists, they will defer the decision to a higher management authority. NSIRA has developed Figure 1 to illustrate this type of triage process where the working level official consults assessment tools at his or her disposal to determine whether a substantial risk of mistreatment exists.

Figure 1: Case by Case Triage Diagram

Initial Case Triage Category 2: Informed by Country Assessment Rating

CSIS, CSE, FINTRAC, and RCMP require working level officials to use country assessment ratings that may trigger case escalation. For example, NSIRA has developed Figure 2 to illustrate this type of triage process where country assessment ratings may trigger case escalation.

Case Escalation

In addition to the two categories of case triage frameworks identified above, all departments except for FINTRAC, PS, CSE and TC make use of internal consultation groups/senior decision making committees when cases are identified as requiring consultation/escalation (e.g. working groups and senior management committee secretariats). The following table illustrates the various consultation groups across departments that would make determinations related to the ACA.

The general purpose of consultation groups is to serve as a single point of contact for employees who require assistance in assessing foreign information sharing activities or interpreting policy and procedure. Senior decision making committees are responsible for making determinations on the information exchange. They are the final decision making authority prior to escalation to the deputy head. NSIRA observed that leveraging the overall expertise of these groups may assist officials in consistently applying assessment criteria, as well as provide greater oversight for information exchanges with foreign entities.

Consistency in Implementation Across Departments

Beginning with the 2017 Ministerial Directions on Avoiding Complicity in Mistreatment by Foreign Entities, it was required that departments maintain policies and procedures to assess the risks of information sharing relationships with foreign entities. While not specified in the Act or Directions, departments continue to implement country and entity assessments, a practice NSIRA has supported. NSIRA has previously raised concerns regarding the absence of unified and standardized approach to departments’ country assessments. The PCO-led community response to last year’s recommendation on this element stated in part that:

The information sharing activities of these organizations all serve either an intelligence, law enforcement, or administrative purpose with each carrying different risk profiles, privacy concerns, and legal authorities. Individual departments and agencies are responsible for establishing specific thresholds or triggers in their information sharing frameworks that are appropriate for their operational contexts. It is the view of the Government of Canada that applying the same threshold across all organizations for triggering, evaluating, and elevating cases is not necessarily practical nor essential to ensuring that each department or agency is operating in compliance with the Act.

In order to engage in the questions to which the divergence of thresholds gives rise, NSIRA asked departments to rank bi-lateral information exchanges with foreign partners in terms of volume, excluding exchanges with [***example of foreign entity information sharing***]. Nine of the twelve departments identified ███████ as a foreign exchange entity, a country which is widely recognized as having human rights concerns.

NSIRA then selected only those departments that initially utilize country assessment ratings as a triage method (i.e. FINTRAC, RCMP, CSIS and CSE). [***description of how departments determined foreign entity example***]. Nonetheless, in carrying out this analysis, NSIRA observed that all four departments relied on a combination of open source human rights reports and consultations with other departments. Additionally, RCMP, CSIS and CSE utilize classified intelligence sources.

However, although these departments utilize a similar approach when assessing a country, the assigned rating for ████ was not consistent. CSIS assigned █████████████; FINTRAC and RCMP assigned a [***description of department’s specific ratings***] ; and finally, CSE assigned a ██████ rating.

NISRA examined to what degree country ratings affected the level of approval required for an information exchange. Because CSE has assigned a rating of █████ when they receive a request from ████, a CSE official could require [***description of the factors used to determine the appropriate level process***] CSE acknowledged that its “human rights assessments do not necessarily correlate with the risk level assigned to an instance of sharing,” and nor do they “necessarily correlate to levels of approval or to restrictions to sharing.” [***description of the factors used to determine the appropriate level process***]

In contrast, according to their framework and methodology, an exchange with any one of the █████ authorities listed in the RCMP’s country and entity assessment list could result in an [***description of department’s specific ratings***] because █████ is associated with a country assessment rating. When an entity is yellow, the employee must consider whether or not there is a risk of mistreatment by looking at a list of criteria. If one or more of these criteria exist, the employee must send the case to a senior management committee. NSIRA observes that where the RCMP has a red country rating, the working level official must escalate to the senior management committee. Therefore, unlike CSE and CSIS, country ratings within the RCMP have direct impacts on approval levels.

NSIRA’s ACA report from last year recommended that departments should identify a means to establish unified and standardized country and entity risk assessment tools to support a consistent approach when interacting with Foreign Entities of concern. While PCO disagreed with this recommendation, NSIRA believes that there remain concerns regarding divergences in country and risk assessments.

NSIRA Finding #3: NSIRA found that even when departments employ similar methodologies and sources of information to inform their determination of whether or not a case involving the same country of concern should be scalated, significant divergences in the evaluation of risk and the required level of approval emerge.

Following this review, NSIRA intends to further scrutinize the processes employed regarding ACA triage and decision making by reviewing GAC and RCMP.

A case study as provided for in Box 1 exemplifies the divergent nature on the evaluation of risk where two departments’ considered responding to an identical request made by a foreign entity.

Box 1: A divergent decision-making process

[***description of the case study***] The foreign entity provided this information to GAC and CSIS and requested confirmation [***description of the information sharing request***]

In considering whether to respond to this request, GAC determined that the human rights record of the country in question generally and of the foreign entity specifically making the request were of significant concern. GAC’s senior decision making committee, working under the presumption that the individual’s detention was ongoing, considered whether the disclosure of this information “would not substantially increase the detainee’s risk of mistreatment.” The senior decision making committee determined that confirmation of the individual’s previous employment status with GAC was permissible, subject to the determination of CSIS’s assessment.

Ultimately, the decision by CSIS was made by a DG-level executive and, as the foreign entity was listed by CSIS as a restricted partner, information was not shared.

The assessment by GAC’s senior decision-making committee is of concern. The Act and the Directions impose that departments consider whether disclosing or requesting information “would result in a substantial risk of mistreatment.” [***legal advice to department***]

NSIRA agrees with this interpretation of the law, but not with its implementation by GAC in this case. GAC’s position was that responding to the request “would not aggravate” the risk of mistreatment. However, NSIRA is of a different view. Regardless of the information sought, the human rights record of the foreign entity and of the foreign country was of significant concern, and GAC was operating under the presumption that the individual may have already been subjected to mistreatment. While GAC’s sharing could not have accounted for any mistreatment that could have occurred earlier, responding to the request given the facts of this case would have nonetheless resulted in a substantial risk of mistreatment. Therefore, this case should have been refered to the Deputy Minister of Foreign Affairs for consideration.

NSIRA also observes that this case was triaged at different levels within GAC and CSIS. In GAC’s triage process, the decision was made at the higher senior decision-making committee that disclosure was permissible. Comparatively, CSIS’s decision-making process was completed prior to reaching their senior-level committee and yielded the opposite result. The different levels of decision-making and different outcomes underscore a problematic inconsistency in how each organization considers the same information to be disclosed to the same foreign entity. Furthermore, while a department responsible for the information may consult with other departments as to whether disclosure of information is permissible, it cannot abdicate this responsibility and decision-making to another department.

NSIRA Finding #4: NSIRA found a procedural gap of concern in a case study involving the disclosure of information, even though information was ultimately not shared. The risk of mistreatment was substantial and the decision should have been referred to the Deputy Minister of Foreign Affairs as the accountable deputy minister for this request.

Mitigation Measures

Use of Mitigation Measures

To decrease the risk of mistreatment, departments will employ mitigation measures such as caveats, assurances, sanitization, and redactions. The most common mitigation measures are caveats and assurances. Caveats are specific stipulations appended to information to limit or prohibit certain uses of information unless otherwise authorized by the issuing department. For example, any departments use a ‘third party’ caveat that restricts further dissemination of the information to other departments (domestic and foreign), unless the originating department is consulted on the request to share.

Assurances are not specific to a single information exchange; rather, these are agreements with foreign entities (whether formal or informal), which aim to help ensure that a particular foreign entity understands Canada’s position on human rights and that the entity, in turn, agrees to comply with this expected behaviour. For example, when formulating a risk mitigation strategy for an information exchange, departments will consider written or verbal assurances, who provided the assurance (i.e. working level official or agency head), and whether the assurance is considered credible and reliable.

Furthermore, CSIS, CSE, and GAC have highlighted a number of differences in the types of assurances sought, including a number of informal and formal methods. For example, verbal assurances, scheduled formal assurances, and ad-hoc written assurances can be sought by various levels.

In a related issue, NSIRA observed that there are [***description and an example of a Department’s ability to track compliance***] CSIS, GAC, and CSE indicated that there is ████████████████████████████████████████████████████████████ is not specific to the ACA but is nonetheless key ████████████ when exchanging information with the Government of Canada.

Given that no cases were escalated to the level of deputy head, departments’ lower-level use of mitigation strategies would have taken on considerable prominence in decision making. In a subsequent review, NSIRA intends to further investigate policies of mitigation measures pertaining to their use and tracking.

CONCLUSION

This review assessed departments’ implementation of the directives received under the ACA and their operationalization of frameworks to address ACA requirements.

NSIRA’s first review of departments’ implementation of the Act and Directions was limited to a four month period (September-December 2019). As such, this review constitutes the first examination of the ACA over the course of one full year. NSIRA believes that it is now in a position to conduct in-depth case study assessments of individual departments’ adherence to the ACA and Directions, irrespective of whether or not a department reported any cases to its deputy head. Additionally, future reviews will follow up on the ongoing implementation of NSIRA’s past recommendations.

Annex A: Findings

NSIRA Finding #1: NSIRA found that CBSA and PS did not finalize their policy frameworks in support of Directions received under the ACA over the review period.

NSIRA Finding #2: NSIRA found that from January 1, 2020 to December 31, 2020, no cases under the ACA were escalated to deputy heads in any department.

NSIRA Finding #3: NSIRA found that even when departments employ similar methodologies and sources of information to inform their determination of whether or not a case involving the same country of concern should be escalated, significant divergences in the evaluation of risk and the required level of approval emerge.

NSIRA Finding #4: NSIRA found a procedural gap of concern in a case study involving the disclosure of information, even though information was ultimately not shared. The risk of mistreatment was substantial and the decision should have been referred to the Deputy Minister of Foreign Affairs as the accountable deputy minister for this request.

Annex B: Canada Border Services Agency

Annex B: Canada Border Services Agency Framework

Framework updates: In 2018, Canada Border Services Agency (CBSA) issued a high-level policy document in response to the 2017 MD. Since then, CBSA has drafted updated policies and procedures that have not yet been finalized.

Working Groups: CBSA Avoiding Complicity in Mistreatment Working Group (ACMWG)

Senior Management Committee: Senior Management Risk Assessment Committee (SMRAC). This committee convenes on an as needed basis, to assess cases that have a potential for mistreatment.

[***description of CBSA’s decision making methodology***]

Country Assessment: In-house risk scoring template under development

Mitigation Measures: The CBSA is currently working to strengthen its formal framework/process for deciding whether substantial risk of mistreatment associated with a given request can be mitigated.

Annex C: Canada Revenue Agency

Annex C: Canada Revenue Agency Framework

Framework Updates: The Canada Revenue Agency (CRA) indicated that it did not make any changes to its framework since last year’s response. The department continues to refine its processes and has developed the Canada Revenue Agency Exchange of Information Procedures in the Context of Avoiding Complicity in the Mistreatment by Foreign Entities Act.

[***departmental cabinet confidence***]

Working group: The CRA formed a Risk Assessment Working Group (RAWG) that developed a methodology to assess the human rights records of its information exchange partners, so that senior management can make informed assessments of the risk of mistreatment.

Canada has a large network of international partners with 94 tax treaties and 24 Tax Information Exchange Agreements. Canada is also a party to the Convention on Mutual Administrative Assistance in Tax Matters (MAAC), which includes 144 signatories. These International Legal Agreements allow the CRA to exchange information on request, spontaneously and automatically. Each legal agreement includes secrecy provisions (caveats) that govern appropriate use and disclosure. In addition, members of the Global Forum (Global Forum) on Transparency and Exchange of Information for Tax Purposes are subject to peer reviews on a cyclical basis, including on Confidentiality and Data Safeguard .

Senior Management Committee: During the review period a senior committee was not in place, however there was a formal process to escalate reviews/risk assessment through the Director, Director General and ultimately the Assistant Commissioner of the Compliance Programs Branch (CPB) who is accountable for the administration of the ACA.

Additionally, in July 2021, the CRA established an ACA governance framework that includes the ACA Panel, a senior management consultative committee to support risk assessments, reporting, recommendations, and priorities. The panel currently consists of DGs and Directors within the CPB and the Legislative Policy and Regulatory Affairs Branch. Also in July 2021, the CRA established an executive level committee to consider and develop recommendations on case specific engagements as well as issue identification and guidance. The committee consists of Directors across several directorates of the CRA that manage programs that are directly impacted by/reliant on exchange of information with other jurisdictions.

Triage: The initial assessment is done by a working level employee and requires, at minimum, director approval. The case may escalate to the DG and the AC and so on if there is doubt about risk mitigation.

In cases where risk was identified, there were challenges in conducting full assessments to determine if the risk was substantial, the CRA delayed disclosing the information until the full assessment could be completed. This was largely in part due to COVID-19. As such, files that normally would have been referred were temporarily put on hold and no action was taken during the review period.

The CRA informed NSIRA that funding from the November 2020 Fall Economic Statement was allocated to the creation of a dedicated risk assessment team. It is anticipated that the development and regular updating of country-level assessments and the preparation of individual-level risk assessments will transition to this new dedicated team housed within the CPB, in summer 2021.

The team will also be responsible for:

  • Creating and formalizing the framework for consulting with CRA senior management and other government departments and agencies;
  • Advising CRA officials who engage in exchange of information (EOI);
  • Identifying mitigation and other factors specific to the type of information that CRA exchanges and that would impact risk assessment;
  • Preparing annual and other reporting required under the Act and Directions;
  • Providing awareness and training sessions; and
  • Continuously improving documentation, policies, guidance, and procedures.

Country/Entity Assessments: Since January 2020, the CRA has completed their own set of mistreatment risk assessments for each potential information exchange, including the use of information received from the CRA’s information exchange partners in consultation with other Government of Canada partners. The CRA can only exchange information with another jurisdiction pursuant to a treaty, tax convention or other legal instrument that permits exchange of tax information.

The CRA uses a colour coded system to rate the risk related to a country: green; yellow; red. However, for specific or spontaneous exchanges of information, the CRA completes an analysis based on the specifics of the file to supplement the country specific risk assessment.

Mitigation Measures: Mitigation measures, including caveats (data safeguards and confidentiality provisions) are embedded in all legal instruments that govern and allow for all the CRA’s exchanges of information, while peer reviews of jurisdictions’ legal frameworks and administrative practices provide assurances of exchange partners’ compliance with international standards for exchange of tax information. According to CRA, all information exchanged during the review period were subject to these mitigation measures. Due to COVID19, and for the period under review, the CRA put on hold all exchanges where it was deemed there may be a residual potentially significant risk of mistreatment until a process and mitigation measures were in place, including to redact information. However, the CRA routinely redacted personal information where it would not impact the substance of the exchange for those mitigated risk exchanges that did proceed during this period.

Annex D: Communications Security Establishment

Annex D: Communications Security Establishment Framework

Framework Updates: No changes made to the framework in 2020. It is the same procedure as the last review period.

Working group: Based on the RFI, there are no working groups leveraged to assess the level of risk of mistreatment. The Mistreatment Risk Assessment Process follows a process that has been refined continuously since its inception in 2012. The higher the level of risk (low, medium, high, substantial), the higher approval authority required to exchange or use information.

Senior Management Committee: There is no Senior Management Committee. As explained above, CSE relies on an approval authority scale based on the level of risk (from low to substantial). Senior level officials are involved in the process when there are medium and high-risk cases, which require Director and Director General/Deputy Chief approval, respectively.

Triage: A CSE official performs an initial assessment by consulting the Mistreatment Risk Assessment (MRA), which considers equity concerns, geolocation and identity information, human rights assurances, risk of detention and a profile of the recipients’ human rights practices.

Low (For Low Risk Nations)

If the MRA indicates a low level of risk, the official will need Supervisor [***specific unit***], approval if they wish to proceed with the information exchange or use.

Low (For non-Low Risk Nations)

If the MRA indicates a low level of risk, the official will need Manager [***specific unit***], approval if they wish to proceed with the information exchange or use.

Medium

If the MRA indicates a medium level of risk, the official will need Director, Disclosure and Information Sharing approval if they wish to proceed with the information exchange or use.

High

If the MRA indicates a high level of risk, the official will need Director General, Policy Disclosure and Review or Deputy Chief, PolCom approval if they wish to proceed with the information exchange or use.

Substantial

If the MRA indicates a substantial level of risk, the official may not proceed with the information exchange or use.

Country Assessments: CSE establishes its own country assessments (which CSE refers to as Human Rights Assessments) by using information from OGDs, its own reporting, and open source information. Foreign entity arrangements are reviewed annually. These HRAs are part of CSE’s MRAs.

There are two types of MRAs: Annual and Case-by-case. Annual MRAs include foreign entities with whom CSE regularly exchanges information, [***description of the foreign entities with whom CSE exchanges information***] Caseby-case MRAs are conducted in response to particular requests. Case-by-case MRAs often concern individuals and information sharing activities. There are Abbreviated MRAs, which are a sub case-by-case MRA, and they are conducted for Limited Risk Nations. These nations are considered low risk by CSE.

When making MRAs, CSE does the following:

  • assesses the purpose of the information sharing;
  • verifies there are mistreatment risk management measures in existing information sharing arrangements;
  • reviews CSE’s internal records on the foreign entity under consideration;
  • consults other available Government of Canada assessments and reports related to the foreign entity;
  • assesses the anticipated effectiveness of risk mitigation measures; and
  • evaluates a foreign entity’s compliance with past assurances, based on available information.

CSE consults with GAC, DND, and the Ministers of Foreign Affairs and National Defence for some MRAs, usually case-by-case ones. CSE may also consult GAC for human rights-related advice in certain instances.

Mitigation Measures: CSE considers a number of mitigation factors, such as risk of detention, [***statement regarding information sharing obligations of partners***] caveats, formal assurances, and bilateral relationships. CSE’s principle mitigation measure is Second Party assurances. [***statement regarding information sharing obligations of partners***]

Identifying/Sensitizing: The DG, Policy Disclosure and Review or the DC PolCom review high-risk cases. 303 information-sharing requests were assessed for risk of mistreatment and 10 of them (3%) were referred to the Director, Disclosure & Information Sharing. For the 2020 review period, the Deputy Chief, Policy and Communications was responsible for ACA accountability and quality assurance.

Annex E: Canadian Security Intelligence Service

[***Info-graphic of CSIS’s Risk Assessment process***]

Framework Updates: While there were no changes during the 2020 review period, CSIS modified its procedure on January 2021. Most notably, cases will only be escalated to ISEC if the DG cannot determine if the substantial risk can be mitigated. In addition, CSIS merged the [***statement regarding internal process***] CSIS updated its human rights ‘Assurances’ procedures as a stand-alone policy. This policy requires CSIS Stations to seek assurances from [***statement regarding internal process***] coordination responsibilities for ISEC were moved to the ██████████. Through that, the █████ became ISEC’s Chair.

Triage: CSIS working-level officials do the initial assessment. This assessment requires the official to determine if one or more of the four risk criteria are met. These criteria are:

  • “Based on the available information about the foreign entity, if the information is disclosed or requested, is there a probability that the foreign entity will engage in torture or other forms of cruel, inhuman or degrading treatment or punishment against an individual(s)?”
  • “If the information is disclosed or requested, is there a probability that the foreign entity will disseminate the information in an unauthorized manner to a 3rd party, which may result in torture or other forms of cruel, inhuman or degrading treatment or punishment against an individual(s) by that 3rd party?”
  • “If the information is disclosed or requested, is there a probability that it may result in the extraordinary rendition of an individual(s) by the foreign entity which would lead to the individual(s) being tortured or subject to other forms of cruel, inhuman or degrading treatment or punishment?
  • “If the information is disclosed or requested, is there a probability or an extrajudicial killing of an individual(s) by the foreign entity or other security entities within the country?”

Four scenarios could occur before a case lands at ISEC:

[***description of four possible scenarios and the assessment criteria used to determine risk mitigation and/or ecalation***]

Working Group: While there is a senior management committee, there is no working level group on the operations side.

Senior Management Committee: ISEC is CSIS’s senior-level review committee for foreign information sharing activities. It is composed of CSIS senior managers and representatives from DoJ and GAC. This committee is responsible to determine if a case poses a substantial risk and if it can be mitigated. If ISEC cannot determine if the substantial risk is mitigatable, the case is referred to the Director. Of note, GAC and DoJ are no longer voting members on ISEC but will continue to provide feedback and advice.

Country Assessments: CSIS conducts its own country assessments. Each information exchange arrangement with a foreign entity has its own Arrangement Profile (AP). APs include a summary of the human rights summary.

Mitigation Measures: CSIS relies on a few mitigation measures. First, CSIS widely uses ‘Form of Words’, which include caveats. Second, CSIS uses assurances and relies on standardized templates provided to foreign entities. CSIS may also tailor assurances to address specific concerns, such as extra-judicial killings.

Identifying/Sensitizing Information: ██████ is responsible for CSIS’s information sharing framework. [***name of a specific unit***] is responsible for official policy management. Concerned program areas are responsible for applying related polices and procedures for ACA-related activities.

Annex F: DFO

Annex F: DFO Framework

Framework Updates: Fisheries and Oceans Canada (DFO) did not make any changes to last year’s approach.

Triage: The initial assessment is made by the person receiving the request for information sharing or who first comes into possession of information derived from a foreign source. Risk is determined on a case-by-case basis.

The sector-level analyst/officer does the initial assessment and relies on OGD assessments to determine the level of risk. They determine the level of risk in relation to the specific case and whether they assess that there is a substantial risk or not will impact the level of approval. If the analyst/officer does not think there is risk, the case may proceed. This, according to the decision screen and information received, does not require any manager or senior level approval.

If the analyst/officer believes or is unsure that there is a substantial risk, the senior-level Internal Review Committee (IRC) must seek DM approval.

Working Group: Internal Review Committee

Senior Management Committee: DFO employs the use of a decision screen and the IRC as demonstrated above. It is unclear whether DFO has developed guidance to help officials and management accurately and consistently determine the risk of mistreatment.

Country Assessments: DFO relies on country assessments conducted by GAC (as well as DFO legal services, RCMP and CSIS as needed) to make mistreatment risk determinations.

Mitigation measures: DFO indicated that it employs the use of caveats and assurances as necessary but has not yet had to seek such assurances. As such, there is no tracking mechanism in place. The Department is able to retroactively determine when, how, and why a decision was made through its record keeping system. A process is in place to record the details of each case, its evaluation process, and any resulting actions and decisions.

Annex G: Department of National Defence/Canadian Armed Forces

Annex G: Department of National Defence/Canadian Armed Forces Framework

Framework Updates: The Department of National Defence (DND) indicated that there were no changes to its framework since last year’s response.

Triage: The process of assessing risk is largely the same across all three forms of information sharing transactions. The process involves examining country human rights conditions, and researching specific partner entities, including any reports of mistreatment. Adverse information on a foreign partner is reviewed by the Defence Information Sharing Working Group (DISWG) and recommendations are made to the implicated L1s on how to manage information sharing activities (request, disclosure, or use). There are no differences in the types of mitigation measures employed across the three forms of information sharing. The primary governance document Release and Disclosure Officers (RDOs) and Release and Disclosure Authorities (RDAs) must adhere to is the CDI Interim Functional Directive: Information Sharing with Certain Foreign States and their Entities.

Working Group: The Defence Information Sharing Working Group (DISWG) is a working-level committee led by the Release and Disclosure Coordination Office (RDCO) within CFINTCOM that serves as an advisory body to operation Commanders regarding issues covered under the ACA. This Working Group exists as a platform for open dialogue related to information sharing arrangements and transactions. This group convenes monthly, or as required.

Senior Management Committee: The Defence Information Sharing Assessment Committee (DISAC) is chaired by the Chief of Defence Intelligence / Commander CFINTCOM . The DISAC’s primary object is to act as an advisory committee for the Deputy Minister and the Chief of Defence Staff in support of their decision making regarding issues pertaining to the ACA.

Country Assessments: Currently, RDCO has established a list of low-risk countries that can be referred to by other L1s. Inclusion in this list indicates CDI’s confidence that sharing information with government entities of that foreign state can take place without a substantial risk of mistreatment. Moreover, RDCO has developed a draft methodology for Country Human Rights Profiles to classify countries as low, medium, or high risk but has only begun producing country human rights profiles on a few medium and high-risk countries and the methodology has not yet formally approved. These profiles will be used by other L1s in the development of specific Partner Entity Assessments and to inform the overall risk assessment of sharing information with foreign entities.

Information Management: There is no common shared system or repository for all RDOs. Information decisions are recorded by RDOs at the unit level. In some cases, all transactions are recorded using a spreadsheet and should include all details relating to the collection, retention, dissemination or destruction of the information, but the precise format will vary. CFINTCOM is working to standardize RDO logs across DND/CAF. From an information management perspective, there have been no changes since last year’s report. Records of discussion of all DISWG meetings are kept centrally within RDCO/CFINTCOM and it is possible to retroactively determine how and why a decision or recommendation was made.

Mitigation Measures: DND uses mitigation measures to reduce the risk of mistreatment. For example, DND uses measures such as the sanitization of information, the inclusion of caveats, and/or the seeking of assurances, including on low-risk cases in order to err on the side of caution.

Annex H: FINTRAC

Annex H: FINTRAC Framework

Framework Updates: The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) did not make any changes to their framework for the 2020 review year.

Triage: Who does the initial assessment will depend on the risk level classification of the country. If it’s green, the intelligence analyst (IA) does the risk assessment. If it’s yellow, the IA’s team leader does the risk assessment. If it’s red, Senior Level does the risk assessment. Regardless of the determined risk level, Senior Level must ultimately approve or decline the information exchange/use.

Partnerships and Working Groups: FINTRAC makes use of external organizations, such as the Egmont group, to ensure that member organizations are adhering to global standards against mistreatment. If one of these groups is found to have breached their duty of care, and is expelled from the group, then FINTRAC will cease to exchange information until the matter has been rectified. FINTRAC enters Memoranda of Understandings (MOUs) with nations who wish to exchange information with them. To do so, each nation is assessed using a variety of criteria to determine their risk rating and whether an MOU should be established.

FINTRAC also regularly participates in ISCG meetings alongside other departments.

Senior Management Committee: FINTRAC does not have a senior management committee to determine risk like other departments. Instead, they rely on senior management and the Director to make final decisions on cases.

Country Assessments: FINTRAC established its own country assessments. Establishing each country assessment involves gathering pertinent information on the human rights situation in the country and using indicators to assess the risk level of mistreatment of each country. During the development of the country assessment process, FINTRAC consulted with other agencies/government departments captured under the ACA.

The Manager of International Relationships is responsible for monitoring and assessing the human rights profile of countries with which FINTRAC shares an MOU.

Mitigation Measures: Caveats and assurances are established at the signing of an MOU and repeated whenever sharing information with any foreign entity. The sharing of information is not allowed without a signed MOU.

Annex I: Global Affairs Canada

Annex I: Global Affairs Canada Framework

Framework Updates: Global Affairs Canada (GAC) indicated that no changes to their framework was made during the current review period.

Triage: There is not one unified set of processes at GAC for determining whether information being used by the department is likely to have been obtained through the mistreatment of an individual by a foreign entity. If an official determines that information that he or she has received is likely to have been obtained through the mistreatment of an individual by a foreign entity and that official still wants to use the information, they are instructed in their training to consult with their Program management at HQ. Should that manager be unable to make a determination on their own as to whether the use would comply with the Act, they will consult the relevant departmental policy group and the department’s Legal Services Unit.

Working Groups: The Ministerial Direction Compliance Committee Secretariat

Senior Management Committees: The Ministerial Direction Compliance Committee (MDCC) meetings focuses on the following:

  • Has the information, the use of which is being sought, likely been derived from mistreatment?
  • What are the proposed measures to mitigate the risks? What is the likelihood of their success?
  • Consider the justifications for and proportionality of any potential involvement with the foreign state or entity that may result in mistreatment.

The MDCC Secretariat will create a record of decision and circulate it for comment by MDCC members. Once finalized, it will be kept by the Secretariat for future reporting. The MDCC Secretariat follows up with the requesting official for updates on the outcome of the situation and requests a final update from the requesting official once the situation is resolved. Currently the MDCC Secretariat consists of one person.

Country Assessments: Global Affairs Canada’s human rights reports provide an evidence-based overview of the human rights situation in a particular country, including significant human rights-related events, trends and developments and include a section focused on mistreatment. There are no scores for countries however, and it is up to the officials to assess the risk based on the information in the reports.

Mitigation Measures: The Legal Services Unit and/or Intelligence Policy and Programs division will provide guidance on the limitations and the prohibitions of the use of information obtained through mistreatment. They are also able to propose potential mitigation measures, such as sanitization of the information, if there is a risk of further mistreatment; of depriving someone of their rights or freedoms; or if the information could be used as evidence in any judicial, administrative or other proceeding.

Annex J: IRCC

Annex J: IRCC Framework

Framework Updates: Immigration, Refugees and Citizenship Canada (IRCC) indicated that there were no changes to its procedures regarding the disclosure of information to foreign entities.

Triage: The initial assessment is done by the employee/officer receiving a request to disclose information. Officers are provided with a country assessment tool that provides a country-level risk assessment. If the country is listed as low-risk and the employee does not believe there are any risks of mistreatment, they may proceed with the exchange and record the details of that exchange (i.e., what information was exchanged; to which country, etc) into the Global Case Management System (GCMS). If the country is high-risk, or the officer believes that there is any risk of mistreatment and they wish to pursue with the case, then the officer is required to refer the case to IRM and Admissibility to assess the risk of the exchange.

Senior Management Committee: IRCC has the Avoiding Complicity Assessment Committee. The Committee is comprised of executives representing relevant policy, operations, legal and privacy branches within the Department. The purpose of the Committee is to reassess whether the circumstances of the case meet the “substantial risk” threshold, and to determine whether mitigations could be sufficiently imposed to allow for the disclosure. If the Committee is unable to unanimously determine if the risk can be mitigated, and there remains a need to disclose the information to the requesting foreign entity, then the case will be referred to the Deputy Minister for final decision.

Country Assessments: IRCC officers are instructed to refer to an initial country assessment tool when they are contemplating any disclosure or request for information from a foreign entity. This tool provides a general assessment of the country’s risk. If the country is identified as a high-risk country, then the officer is required to make a Consultation Request before disclosing, requesting or using information. If the country is identified as medium-risk, then it is recommended that the officer make a Consultation Request.

Mitigation Measures: Possible mitigation measures for a case where a substantial risk of mistreatment has been determined, if available, would be established in the Consultation Request assessment and, if necessary, in the Avoiding Complicity Assessment Committee’s recommendation. In either case, the mitigations will be manually recorded in the case file where they can be later recalled and noted in the Annual Report.

Annex K: Public Safety

Annex K: Public Safety Framework
Annex K: Public Safety Framework Image 2

Please note that the above flow charts are draft and have not yet been approved.

Framework Updates: Public Safety (PS) does not yet have a framework for deciding whether an exchange of information with a foreign entity would result in a substantial risk of mistreatment of an individual. PS noted, however, that it has drafted a departmental policy to support the department’s implementation of the Directions but it has not yet been approved by senior management.

Triage: PS officials at the operational level are responsible for identifying whether the disclosure of or request for information would result in a substantial risk of mistreatment of an individual. Prior to the disclosure of or request for information to/from a foreign entity, PS officials, as per the draft policy, are expected to:

  • review risk assessments and information sharing arrangements/agreements to determine risks;
  • identify mitigation measures as needed; and
  • seek DG approval for the disclosure or request; and the DG would determine whether the risk can or cannot be mitigated and whether the case should be referred to the DM for determination and decision.
  • PS officials at the operational level are responsible for identifying whether information for potential use was likely obtained through the mistreatment of an individual. As per the draft policy, prior to the use of information, PS officials are expected to:
  • conduct an assessment to determine if the information was likely obtained through the mistreatment of an individual, if not previously completed by PS officials or another government department, and mark it accordingly, based on DG-level determination;
  • assess and characterize the accuracy and reliability of the information; and,
  • advise their DG of the circumstance; and the DG would determine whether the information would be used as per section 3 of the Directions and refer the decision to the DM to determine if the use of information in any way that deprives someone their rights or freedoms is necessary to prevent the loss of life or significant personal injury.

For PS program areas where responsibilities for program delivery are shared among multiple Government of Canada departments, PS officials may use accuracy and reliability assessments conducted by another Government of Canada department for the express purpose of the specific information exchange. In these cases, and where PS does not have sufficient information (such as the source of the information) to conduct an assessment, it will require Government of Canada departments to attest to having conducted the assessment. This same principle applies risk assessments and assessments as to whether information was likely obtained through the mistreatment of an individual.

Working Group: The ISCG is the primary interdepartmental forum for supporting interdepartmental collaboration and information-sharing between members as they implement the Act and Directions and is regularly attended by all members.

PS participates in the ISCG in three ways as the:

  1. chair, coordinator and PS policy lead;
  2. area responsible for implementing the ACA;
  3. legal counsel representative.

PS has also made progress with ISCG guidance. However, due to COVID-19, the ISCG was limited in its capacity to convene meetings.

Senior Management Committee: PS does not have a formal senior management committee to review high-risk cases. The Investigative Authorities and Accountability Policy (IAAP) unit supports program areas in the referral process to the Senior Assistant Deputy Minister (SADM) of the National and Cyber Security Branch for further examination. Acting as a senior Public Safety official, the SADM is responsible for referring cases to the Deputy Minister if they are unable to determine whether the risk of mistreatment can be mitigated.

Country Assessments: PS currently does not have any country assessments completed and plans to use other department’s assessments, but as outlined in its draft policy, PS expects to conduct country and entity assessments as part of its annual risk assessment process. The risk assessment process will ensure that an agreement with the foreign entity is in place prior to information sharing exchanges; review risk and country assessments developed by portfolio agencies (e.g. CSIS) and other departments (e.g. GAC), and consider human rights reporting from non-government entities.

The IAAP will coordinate, on an annual basis, risk assessments. To do so, IAAP may, for example, review human rights reports developed by Global Affairs Canada (GAC), country assessments prepared by portfolio agencies (e.g. CSIS), human rights reporting from non-government entities and country/entity specific material.

Mitigation Measures: PS currently has developed a draft policy to address mitigation measures and caveats. The draft policy will provide guidance to officials on how to assess risk and apply mitigation measure, while also defining approval levels and country assessment responsibilities.

Once a risk of mistreatment has been identified, the PS official is required to undertake a risk mitigation assessment prior to requesting the information. Approved risk mitigation mechanisms include:

  • the caveating of information,
  • obtaining assurance and/or
  • disclosing a limited amount of the information.

The policy also outlines requirements regarding the use of congruent mitigation mechanisms to collectively reduce the risk.

Annex L: Royal Canadian Mounted Police

Annex L: Royal Canadian Mounted Police Framework

Framework Updates: There were no changes to the Royal Canadian Mounted Police’s (RCMP) framework in 2020. RCMP has undertaken a number of internal reviews of its information sharing framework and continues to refine and optimize its processes.

RCMP also noted that it was in its final stages of rolling out an online training course specifically tailored to the ACA.

Triage: The Foreign Information Risk Advisory Committee (FIRAC) process may be initiated if and when an information exchange involves a country identified as high or medium risk. A low-risk case would only be sent if an official believes there is the potential for mistreatment.

All RCMP personnel are required to consider the risk of mistreatment before requesting, disclosing or using information and to engage the FIRAC process if there is a substantial risk identified to a specific individual(s) with a country of exchange.

An employee is almost always the one to perform the initial risk assessment. When an entity is green, the employee may exchange or use information without consulting FIRAC, unless they express doubts. When an entity is yellow, the employee must consider whether or not there is a substantial risk of mistreatment by looking at a list of criteria (similar to CSIS). If one or more of these criteria is present, the employee must send the case to FIRAC. If the entity is red, the employee must send the case to FIRAC for the initial assessment, unless no personal information is exchanged.

Working Group: Law Enforcement Assessment Group (LEAG). Full-length LEAG assessments include classified information from other Federal departments and agencies. The FIRAC Portal was developed to allow RCMP employees to access the assessments, and to further support compliance with the directions.

Senior Management Committee: FIRAC was established to facilitate the systematic and consistent review of RCMP files to ensure information exchanges do not involve or result in the mistreatment of any person.

FIRAC holds the responsibility to determine if a substantial risk exists and in cases where a substantial risk of mistreatment exists, make a recommendation on whether the proposed mitigating measures are adequate to mitigate the risk.

FIRAC’s recommendations are made by the Chair, upon the advice of the Committee, to the appropriate Assistant Commissioner / Executive Director responsible for the operational area seeking to disclose, request or use the information.

FIRAC determines if the risk is mitigatable or not. If it is, the case goes to the Assistant Commissioner. If it is not, FIRAC declines the exchange or use of information.

Country Assessments: An in-house country assessment model has been completed.

Countries are listed in alphabetical order, along with any specific foreign entities (i.e. police forces, military units, etc.) that have been assessed. For each entity, the risk level (Red-High, Yellow-Medium, Green-Low) is provided, as are the specific crime types and conditions.

Mitigation Measures: The RCMP leverages existing MOU’s with specific partners to partially mitigate underlying risk, in particular where mutually agreed standards around human rights exist as well as having a good track record for respecting caveats. Similarly, officials work with Liaison Officers to identify any relevant assurances or strategies, factors or conditions that could mitigate the risk of mistreatment posed by the information exchange, request for information or use of information.

All mitigation measures used are tracked through the FIRAC by filling in a FIRAC Request Form. Noting which mitigations/caveats are used is a mandatory part of the process.

Annex M: Transport Canada

Does not have a departmental framework for assessing ACA considerations, outside of the Passenger Protect Program (PPP).

Changes: Transport Canada (TC) developed a corporate policy in September 2020 to highlight the department’s ACA-related requirements, roles and responsibilities and remains a participant in PS framework.

Triage: Relies on PS’ framework for the Passenger Protect Program.

Should they have any concerns about a request for information from a foreign partner they will consult with other agencies, such as CSIS or GAC.

Working Group: TC is a voting member of the PPP Advisory Group but does not have any responsibility for drafting case briefs. At each meeting of the PPP Advisory Group, TC has ensured that all other voting members have acknowledged TC’s SATA-legislated responsibility for sharing the List with domestic and foreign air carriers, and its associated responsibilities under the ACA.

Senior Management Committee: TC does not have any senior management committee in place to further review cases with a potential for mistreatment.

Country Assessments: Rely on other government departments.TC relies on assessments by other departments such as PS and GAC.

Mitigation measures: The framework was established by Public Safety (lead on PPP), with consultations with the PPP partners (RCMP, CSIS, CBSA). TC has worked with PS to integrate mitigation measures into the operating procedures and protocols of PPP partners.

Share this page
Date Modified:

Review of the CSIS-RCMP relationship in a region of Canada through the lens of an ongoing investigation – NSIRA recommendations and CSIS-RCMP responses

Responses

Review of the CSIS-RCMP relationship in a region of Canada through the lens of an ongoing investigation – NSIRA recommendations and CSIS-RCMP responses


CSIS-RCMP relationship in a region of Canada through the lens of an ongoing investigation (NSIRA 2019-04)

NSIRA Recommendation: CSIS invest the resources needed to develop a broader range of sources of information in order to prevent further serious damage to the reviewed investigation.

CSIS-RCMP Response: Due to the variety of factors inherent in each investigation, CSIS always considers how best to collect information and mitigate threats, drawing on a number of tools and resources – in accordance with the CSIS Act and ministerial direction – dependent on the situation.

NSIRA Recommendation: CSIS and the RCMP prioritize the deployment of usable and compatible secure communications systems in order to make regional de-confliction more efficient.

CSIS-RCMP Response: CSIS and the RCMP are prioritizing the deployment of compatible secure communication. The CSIS Director and the RCMP Commissioner approved the development of a CSISRCMP Secure Communications Strategy, the implementation of which is already underway.

NSIRA Recommendation: CSIS and the RCMP continue to prioritize the timely implementation of recommendations from the Operational Improvement Review (OIR) in order to help address the operational shortcomings reported by the OIR and further illustrated in this review.

CSIS-RCMP Response: CSIS and the RCMP remain committed to implementing the OIR recommendations as well as the implementation of One Vision 3.0.

The OIR resulted in 76 recommendations, some of which include enhanced collaboration and information sharing in national security investigations, additional training for national security personnel, as well as the improved handling and disclosure of sensitive and classified information. Significant effort has been undertaken to ensure recommendations are adopted and implemented within both organisations. Some of the early successes include pilot projects such as the Leads Pilot that has resulted in enhanced CSISRCMP de-confliction within national security areas of focus.

The RCMP and CSIS continue to be fully supportive of implementing these needed changes to our organisations. This work, and efforts of the broader community, will ensure that the Government of Canada has a strong foundation of enhanced collaboration and the best tools available to mitigate threats and ensure public safety. This complex work however, is ongoing and challenges remain, particularly as it relates to the issue of intelligence and evidence. These significant challenges will require a whole-ofgovernment approach in order to address.

NSIRA Recommendation: CSIS and the RCMP develop a properly resourced complimentary strategy to address the threat examined in this report. In accordance with the vision set out in the Operational Improvement Review, the strategy should consider the full range of tools available to both agencies.

CSIS-RCMP Response: CSIS and the RCMP coordinate and collaborate on national security threats and use strategies and resources best suited to individual operations.

As a result of the OIR, discussions between CSIS and the RCMP are more frequent and occur earlier in the process which has reduced the duplication of efforts between both of our agencies

Share this page
Date Modified:

NSIRA Review Considerations Matrix

Table of Contents
No header Tag found

Date of Publishing:

Considerations for Selecting Review Topic
Categories Considerations
The Considerations Matrix uses objective criteria to identify review topics in accordance with NSIRA’s core mandate and mission. The prioritization of reviews is informed by additional strategic factors, including resourcing, ongoing reviews, and public commitments.
Non-Discretionary Reviews and Reports Annual Canadian Security Intelligence Service's Threat Reduction Measures (TRM). NSIRA will review at least one aspect of CSIS's performance in taking measures to reduce threats to the security of Canada. 
Avoiding Complicity in Mistreatment by Foreign Entities Act (ACA). NSIRA will review the implementation of all directions issued under the ACA.
Security of Information Disclosure Act (SCIDA). NSIRA will submit to the Minister of Public Safety a report respecting the disclosure of information under the SCIDA during the previous calendar year. 
As Required Ministerial Directions. NSIRA will review the implementation of significant aspects of every new or modified ministerial direction issued to CSIS, CSE, and any other organization if it relates to national security or intelligence.
Core Considerations for Discretionary Reviews Referrals from Ministers. NSIRA may review any matter that relates to national security or intelligence that is referred to it by a minister of the Crown. 
History repeats itself. Reviews of activities or programs with histories of non-compliance. 
High-Risk. Reviews of activities where the impact of compliance issues are vast. 
Circle Back. Reviews that follow up on findings or recommendations made by previous NSIRA reviews or emerging from NSIRA complaint investigations. 
Rules of the Road. Reviews that examine significant changes in the legal landscape governing  national security or intelligence organizations or activities.  
Making Good. Reviews that fulfil a commitment or objective outlined in public fora, for example in NSIRA's Public Annual Report.  
Following up. Reviews which address issue(s) raised during previous NSIRA reviews.  
Wide Lens. Reviews with a focus on horizontal themes and/or topics pertaining to multiple organizations across the national security and intelligence landscape.
New and Novel. Reviews of activities or programs that NSIRA has yet to examine.
Happening Now. Reviews that examine current or emerging national security activities or issues.  
Building Blocks. Reviews with links to previously completed reviews.
We're On It. Reviews that examine an issue or concern, or recommendation originating from another organization in the review or oversight community or concern matters of public controversy.
Working With Others. Reviews that involve cooperation with other review bodies, for example the National Security and Intelligence Committee of Parliamentarians and the Civilian Review and Complaints Commission for the RCMP.
Diversity. Reviews that relate to the government’s policies on anti-racism, equity, and inclusion. 
Technology Considerations Dual-Use. Reviews of activities involving technology(ies) that can be used for more than one purpose.
New and Novel. Reviews of activities involving technology(ies) that NSIRA has yet to examine.
Big Data. Reviews of activities involving data warehousing, bulk data and/or data analytics.
Artificial Intelligence & Algorithms. Reviews of activities involving automated decision-making.
Bycatch. Reviews of activities that may involve the collection of personal information from non-threat actors.
Share this page
Date Modified:

Departmental Plan: 2023-2024

Meta data information

Cat. Number: PS106-6E-PDF
ISSN: 2563-0334

© Her Majesty the Queen in Right of Canada, 2020

Date of Publishing:

From the Executive Director

It is my pleasure to present the National Security and Intelligence Review Agency (NSIRA) 2023–24 Departmental Plan. This report provides an overview of NSIRA’s planned activities, priorities, and targeted outcomes for the 2023–24 fiscal year.

Throughout NSIRA’s first three years of operation, we have grown our staff complement, developed expertise in alignment with our broad mandate, and completed numerous high-quality reviews and complaint investigations. NSIRA has also developed and revised the processes that guide work on both aspects of our mandate, with a view to continuously improving the quality of our final products.

In 2023–24, we will implement NSIRA’s renewed forward review plan, which will build upon and expand our subject matter expertise with respect to both the core security and intelligence agencies, and those which are newer to review. This includes further developing NSIRA’s capacity to review the technological elements of national security and intelligence activities.

Over the year ahead, NSIRA will establish new service standards for the investigation of complaints, while continuing to apply the existing rules of procedure. This will support timely and efficient investigations and promote access to justice for complainants.

Throughout the upcoming fiscal year, we will continue to focus on maintaining a safe and healthy workplace and prioritizing the well-being of our workforce. We will continue work to establish a permanent second site, place heightened emphasis on post-graduate recruitment, and continue to implement a flexible approach to hybrid work. In doing so, we will continue to advance departmental priorities related to diversity and inclusion, and to implement our agency accessibility plan.

My sincere thanks go to the staff and members of NSIRA, whose commitment and dedication to success will drive our organization forward over the coming year.

John Davies
Executive Director

Plans at a glance

Over the coming year, NSIRA will continue its ambitious review agenda. This will include:

  • mandatory reviews related to the Canadian Security Intelligence Service (CSIS), the Communications Security Establishment (CSE), the Security of Canada Information Disclosure Act and Governor in Council directions under the Avoiding Complicity in Mistreatment by Foreign Entities Act;
  • reviews prompted by previous reviews that identified high-risk activities or significant issues that require follow-up;
  • reviews of activities undertaken under the new authorities granted to government institutions under the National Security Act, 2017; and
  • reviews of activities where technology and the collection of data are central features.

NSIRA will also continue to expand its knowledge of departments and agencies not previously subject to expert review, including through the conduct of interagency reviews.

After an extensive consultation exercise with key stakeholders and the development of new rules of procedures in 2021, NSIRA will also focus on implementing its new model for investigating complaints. The agency’s goal is to continue enhancing access to justice for complainants and to ensure that NSIRA investigates complaints in a timely manner.

Employee development, health and well-being continue to be key to the agency’s success. NSIRA’s suite of initiatives to protect the physical and mental health of its employees will rely on up-to-date information from surveys and internal discussion groups. NSIRA will also continue to take action on broad federal public service objectives for pay and employment equity, as well as those relating to diversity, inclusion and accessibility.

For more information on NSIRA’s plans, see the “Core responsibilities: planned results and resources, and key risks” section of this plan.

Core responsibilities: planned results and resources, and key risks

This section contains information on the department’s planned results and resources for each of its core responsibilities. It also contains information on key risks related to achieving those results.

National Security and Intelligence Reviews and Complaints Investigations

Description

The National Security and Intelligence Review Agency reviews Government of Canada national security and intelligence activities to assess whether they are lawful, reasonable and necessary. It investigates complaints from members of the public regarding activities of the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), or the national security activities of the Royal Canadian Mounted Police (RCMP), as well as certain other national security-related complaints. This independent scrutiny contributes to the strengthening of the framework of accountability for national security and intelligence activities undertaken by Government of Canada institutions and supports public confidence in this regard.

Planning highlights

Reviews

In support of this outcome, NSIRA will continue to implement an ambitious review agenda in 2023–24. It will review the activities of CSIS and CSE to provide responsible ministers and the Canadian public with an informed assessment of these activities, including their lawfulness, reasonableness and necessity. NSIRA will also build on the knowledge it has acquired of departments and agencies, such as the RCMP, the Canada Border Services Agency, Immigration, Refugees and Citizenship Canada, and the Department of National Defence and Canadian Armed Forces. Using that knowledge, NSIRA will ensure these organizations’ national security or intelligence activities are independently reviewed. NSIRA is committed to transcending the silos that have characterized national security review, and will “follow the thread” of an activity between agencies to ensure its assessments reflect the complex and interwoven approach Canada takes to national security.

NSIRA is committed to ensuring its review agenda remains responsive and topical. In 2023–24 in order to inform the upcoming review of the National Security Act, 2017, NSIRA will focus on the review of activities performed under authorities that were granted by virtue of this legislation. For CSIS, these include the collection and use of datasets, and the implementation of a framework for justifying activities that contravene the law that are carried out by designated employees under specific circumstances in the context of their duties and functions. For CSE, this will include the conduct of active and defensive cyber operations. Other NSIRA reviews that will contribute information in this regard are the annual reviews of the Security of Canada Information Disclosure Act, of the Governor in Council directions under the Avoiding Complicity in Mistreatment by Foreign Entities Act, and of the use of measures by CSIS to reduce threats to the security of Canada.

NSIRA will continue to expand its knowledge of national security institutions by undertaking reviews in the areas of terrorist financing, foreign interference and cybersecurity. The agency will fully utilize its authorities to follow the thread of information across multiple organizations by undertaking reviews on CSIS-CSE collaboration, and the use of human sources by various departments and agencies.

Finally, NSIRA will focus on select reviews where the review of technology and data flows are central, including the collection and use of open-source intelligence at the Department of National Defence, the lifecycle of information collected under warrant by CSIS, and the retention practices of signals intelligence by CSE. NSIRA will be leveraging both internal and external technology expertise in conducting these reviews.

Outreach and collaboration

NSIRA will engage with community stakeholders to understand their concerns surrounding national security and intelligence activities. NSIRA will also continue to proactively publish unclassified versions of its reports throughout the year, as well as information on its plans and processes. The annual report will continue to summarize NSIRA’s review findings and recommendations in context, situating these elements within a broader discussion of key trends and challenges NSIRA has observed over the year.

In 2023–24, NSIRA will continue to draw on the close relationships it has established with the National Security and Intelligence Committee of Parliamentarians and the Office of the Privacy Commissioner of Canada. The agency will coordinate its activities to ensure review is efficient and comprehensive, and avoids unnecessary duplication of effort.

NSIRA is also developing close ties to its international equivalents. It will continue its participation in the Five Eyes Intelligence Oversight and Review Council (FIORC) that brings together review agency representatives from Canada, the United States, Australia, New Zealand and the United Kingdom, by hosting this annual conference in 2023. In addition, NSIRA will continue its working-level engagement with FIORC review bodies to discuss topics of common interest, such as the impacts of new technology, the investigation of complaints from the public and access to information in the possession of reviewed departments. NSIRA also intends to build on its recent efforts to foster new collaborative relationships with other international review bodies and civil society outside the Five Eyes.

Complaints investigations

In 2023–24, NSIRA will also continue to ensure institutions’ accountability and enhance public confidence by conducting consistent, and timely investigations into complaints related to national security and to denial of security clearances. The independent investigation of complaints plays a critical role in maintaining public confidence in Canada’s national security institutions.

NSIRA will apply its new rules of procedure, which were implemented in 2021, to promote accessibility, timeliness and efficiency in the investigation of complaints. This includes an informal resolution process that has proven successful in resolving complaints that do not need to proceed through the entire investigation process. Finally, NSIRA will establish new service standards for the investigation of complaints.

Gender-based analysis plus

In 2023–24, NSIRA will continue to implement its three-year action plan on human rights, accessibility, employment equity, diversity and inclusion. This plan was put into effect last fiscal year following a maturity assessment of NSIRA’s policies, programs and practices, and following the Call to Action from the Clerk of the Privy Council. It includes, among other things, incorporating a GBA+ lens into the design and implementation of policies and programs.

NSIRA’s renewed forward looking review plan is informed by considerations related to anti-racism, equity and inclusion. These considerations apply to the process of selecting reviews to undertake, as well as to the analysis that takes place within individual reviews. NSIRA reviews routinely take into account the potential for national security or intelligence activities to result in disparate outcomes for various communities and will continue to do so in the year ahead.

In the complaint investigations context, NSIRA will continue to work with the Civilian Review and Complaints Commission (CRCC) to develop strategies for the collection, analysis and use of identity-based data. Following the completion of the first phase of a joint project, focus in the year ahead will be on consultations to determine how the public perceives the collection, analysis and use of identity-based data in relation to the NSIRA and CRCC mandate. This information will enable each agency to determine the best approach to developing and implementing an identity-based data strategy.

In 2023-24, NSIRA will begin to implement its inaugural accessibility plan, which outlines the steps that will be taken to increase accessibility, both within the organization and for Canadians more generally, over the next three years. NSIRA’s Diversity, Inclusion and Employment Equity Advisory Committee will also continue to work with management and staff to build a more equitable, diverse and inclusive workplace and workforce. This will include organizing discussions and learning events with all staff, and providing advice on policy and program design

Innovation

Some high impact innovations have enriched NSIRA’s approach to investigations and reviews in the areas of project architecture, quality assurance and the promotion of timeliness in its investigations. Some examples include a horizontal and tiered Quality Assurance Framework. This framework involves a form of ‘red teaming’, in which a panel of experts highlights the weaknesses of a project approach at critical junctures, with the goal of heading off problems before they happen This will ensure the review reflects the agency’s standards for independence, consistency, clarity, objectivity, and rigour. NSIRA is also adopting a matrix management approach to assembling review project teams that will ensure internal mobility and the development of horizontal expertise. NSIRA’s overall commitment is to refrain from a static approach to workflow and project management, and to embrace new methodologies and organizational principles when they best promote the production of review reports of exceptional quality.

Key risks

Some high impact innovations have enriched NSIRA’s approach to investigations and reviews in the areas of project architecture, quality assurance and the promotion of timeliness in its investigations. Some examples include a horizontal and tiered Quality Assurance Framework. This framework involves a form of ‘red teaming’, in which a panel of experts highlights the weaknesses of a project approach at critical junctures, with the goal of heading off problems before they happen This will ensure the review reflects the agency’s standards for independence, consistency, clarity, objectivity, and rigour. NSIRA is also adopting a matrix management approach to assembling review project teams that will ensure internal mobility and the development of horizontal expertise. NSIRA’s overall commitment is to refrain from a static approach to workflow and project management, and to embrace new methodologies and organizational principles when they best promote the production of review reports of exceptional quality.

Planned results for National Security and Intelligence Activity Reviews and Complaints Investigations

The following table shows, for National Security and Intelligence Activity Reviews and Complaints Investigations, the planned results, the result indicators, the targets and the target dates for 2023–24, and the actual results for the three most recent fiscal years for which actual results are available.

Departmental results Departmental result indicator Target Date to achieve target 2019–20 actual result 2020–21 actual result 2021–22 actual result
Note: NSIRA was created on July 12, 2019. Actual results for 2019–20 and 2020–21 are not available because the new Departmental Results Framework in the changeover from the Security Intelligence Review Committee to NSIRA was being developed. This new framework is for measuring and reporting on results achieved starting in 2021–22. In 2022–23, NSIRA will finalize the development of service standards for how long it takes to complete its investigations; the results will be included in the next Departmental Results Report.
Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary All mandatory reviews are completed on an annual basis 100% completion of mandatory reviews December 2022 Not applicable (N/A) N/A 100%
Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year At least one national security or intelligence activity is reviewed in at least five departments or agencies annually December 2022 N/A N/A 100%
All Member-approved high priority national security or intelligence activities are reviewed over a three- year period 100% completion over three years; at least 33% completed each year December 2022 N/A N/A 33%
National security-related complaints are independently investigated in a timely manner Percentage of investigations completed within NSIRA service standards Between 90% and 100% March 2024 N/A N/A N/A

The financial, human resources and performance information for NSIRA’s program inventory is available on GC InfoBase.

Planned budgetary spending for National Security and Intelligence Activity Reviews and Complaints Investigations

The following table shows, for National Security and Intelligence Reviews and Complaints Investigations, budgetary spending for 2023–24, as well as planned spending for that year and for each of the next two fiscal years.

2023–24 budgetary spending (as indicated in Main Estimates) 2023–24 planned spending 2023–24 planned spending 2024–25 planned spending
10,807,324 10,807,324 10,807,324 10,806,338

Financial, human resources and performance information for NSIRA’s program inventory is available in the GC InfoBase.

Planned human resources for National Security and Intelligence Activity Reviews and Complaints Investigations

The following table shows, in full‑time equivalents, the human resources the department will need to fulfill this core responsibility for 2023–24 and for each of the next two fiscal years.

2023–24 planned full-time equivalents 2024–25 planned full-time equivalents 2025–26 planned full-time equivalents
69.0 69.0 69.0

Financial, human resources and performance information for NSIRA’s program inventory is available in the GC InfoBase.

Internal Services: planned results

Description

Internal services are the services that are provided within a department so that it can meet its corporate obligations and deliver its programs. There are 10 categories of internal services:

  • Management and Oversight Services
  • Communications Services
  • Legal Services
  • Human Resources Management Services
  • Financial Management Services
  • Information Management Services
  • Information Technology Services
  • Real Property Management Services
  • Materiel Management Services
  • Acquisition Management Services

Planning highlights

In 2023–24, NSIRA continue to take steps to ensure resources are deployed in the most effective and efficient manner possible and that its operational and administrative structures, tools and processes continue to enhance its ability to deliver on its priorities.

The tight labour market and the distinctive competencies required for NSIRA’s mandate will continue to shape NSIRA priorities in 2023–24, including employee development through seminars and increased participation in national and international forums, the use of internal centres of expertise, and improved leveraging of existing review and investigation information to accelerate and facilitate the acquisition of knowledge. NSIRA will also be able to benefit from recently released external recruitment and internal development programs undertaken within the organization.

The health and well-being of NSIRA employees is key to its success and to its ability to attract and retain talent and for the development of employees’ full potential. To that end, NSIRA has hired a dedicated resource to work with NSIRA’s Champions to accelerate the implementation of its diversity, inclusion, accessibility, mental health and employee development priorities. Using recent survey information and all staff meeting discussions, NSIRA is confident that it will be able to adapt its wellness initiatives to the need of its employees.

Lastly, the continuing impact of COVID-19 on the ability to source goods and services combined with the complexity of some projects has further delayed the completion of NSIRA’s accommodation, infrastructure and systems projects. These enabling investments are now projected to be completed by the end of fiscal year 2023–24.

Planning for contracts awarded to Indigenous businesses

NSIRA is part of the final wave of departments and agencies that are to achieve the mandatory minimum target of contract awards to Indigenous businesses by 2024–25. Efforts are already well under way in support of the Government of Canada’s commitment that a mandatory minimum target of 5% of the total value of contracts is awarded to Indigenous businesses annually. NSIRA had planned to have 2% of total contract values awarded to Indigenous business in 2021–22 and achieved 3%. Measures undertaken within NSIRA to facilitate the achievement of the mandatory minimum target by 2024–25 include a commitment to process an increasing minimum number of contracts in each of the following three fiscal years as set-asides under the Procurement Strategy for Indigenous Business.

The following table shows the percentage of actual, forecasted and planned value for the target.

5% reporting field description 2021–22 actual % achieved 2022–23 forecasted % target 2023–24 planned % target 2024–25 planned % target
Total percentage of contracts with Indigenous businesses 3% 2% 3% 5%

Planned budgetary financial resources for Internal Services

The following table shows, for internal services, budgetary spending for 2023–24, as well as planned spending for that year and for each of the next two fiscal years.

2023–24 budgetary spending (as indicated in Main Estimates) 2023–24 planned spending 2024–25 planned spending 2025–26 planned spending
12,201,901 12,201,901 7,701,607 7,737,518

Planned human resources for Internal Services

The following table shows, in full‑time equivalents, the human resources the department will need to carry out its internal services for 2023–24 and for each of the next two fiscal years.

2023–24 planned full-time equivalents 2024–25 planned full-time equivalents 2025–26 planned full-time equivalents
31.0 31.0 31.0

Planned spending and human resources

This section provides an overview of the department’s planned spending and human resources for the next three fiscal years and compares planned spending for 2023–24 with actual spending for the current year and the previous year.

Planned spending

Departmental spending 2020–21 to 2025–26

The following graph presents planned (voted and statutory) spending over time.

Departmental spending trend graph
  2020–21 2021–22 2022–23 2023–24 2024–25 2025–26
Statutory 962,186 1,176,321 1,360,985 1,755,229 1,755,229 1,756,977
Voted 11,289,189 16,113,433 19,348,025 21,253,996 16,753,702 16,786,929
Total 12,251,375 17,289.754 20,709.010 23,009,225 18,508,931 18,543,906

Fiscal years 2020–21 and 2021–22 show actual expenditures as reported in the Public Accounts, while 2022–23 presents the forecast for the current fiscal year. Fiscal years 2023–24 to 2025–26 present planned spending.

The 2021–22 spending of $17.3 million increased by $5.0 million (41%), compared with 2020–21. The increase is mainly explained by the cost of additional resources hired by NSIRA over that period, by an increase in professional services costs, and by the start of facilities fit-up and expansion projects. Forecast spending in 2022–23 is higher than 2021–22 spending by $3.4 million (20%), primarily due to continued growth in personnel and by investments in facilities, infrastructure and systems.

Spending is expected to increase by $2.3 million (11%) in 2023–24 compared with 2022–23. This planned increase is mainly due to a reprofile of funding to align with the timing of the conduct projects for facilities, infrastructure and systems that had been delayed by the pandemic. Spending is expected to decrease by $4.5 million (20%) in 2024–25, mainly due to the expected completion of the office expansion project in 2023–24. Spending in 2024–25 and 2025–26 is expected to remain relatively unchanged.

Budgetary planning summary for core responsibilities and Internal Services (dollars)

The following table shows information on spending for each of NSIRA’s core responsibilities and for its internal services for 2023–24 and other relevant fiscal years.

Core responsibilities and Internal Services 2020–21 actual expenditures 2021–22 actual expenditures 2022–23 forecast spending 2023–24 budgetary spending (as indicated in Main Estimates) 2023–24 planned spending 2024–25 planned spending 2025–26 planned spending
National Security and Intelligence Reviews and Complaints Investigations 5,607,796 7,394,642 8,472,193 10,807,324 10,807,324 10,807,324 10,806,388
Subtotal 5,607,796 7,394,642 8,472,193 10,807,324 10,807,324 10,807,324 10,806,388
Internal Services 6,643,579 9,895,112 12,236,817 12,201,901 12,201,901 7,701,607 7,737,518
Total 12,251,375 17,289,754 20,709,010 23,009,225 23,009,225 18,508,931 18,543,906

The table illustrates how NSIRA continues to grow its capacity to deliver its mandate through recruitment and the implementation of several facilities, infrastructure and systems projects. Planned accommodation, infrastructure and systems project costs are expected be reduced significantly by 2024–25.

Planned human resources

The following table shows information on human resources, in full-time equivalents, for each of NSIRA’s core responsibilities and for its internal services for 2023–24 and the other relevant years.

Human resources planning summary for core responsibilities and Internal Services

Core responsibilities and Internal Services 2020–21 Actual full-time equivalents 2021–22 Actual full-time equivalents 2022–23 Forecast full-time equivalents 2023–24 Planned full-time equivalents 2024–25 Planned full-time equivalents 2025–26 Planned full-time equivalents
National Security and Intelligence Reviews and Complaints Investigations 17.5 37.8 53.3 69.0 69.0 69.0
Subtotal 17.5 37.8 53.3 69.0 69.0 69.0
Internal Services 11.2 21.7 25.9 31.0 31.0 31.0
Total 28.7 59.5 79.2 100.0 100.0 100.0

With a tight labour market and the requirement for a significant portion of employees to work primarily from secure office space, recruitment continues to prove challenging. New recruitment and retention programs will help NSIRA in its ongoing efforts to be fully staffed.

Estimates by vote

Information on NSIRA’s organizational appropriations is available in the 2023–24 Main Estimates.

Future-oriented condensed statement of operations

The future‑oriented condensed statement of operations provides an overview of NSIRA’s operations for 2022–23 to 2023–24.

The forecast and planned amounts in this statement of operations were prepared on an accrual basis. The forecast and planned amounts presented in other sections of the Departmental Plan were prepared on an expenditure basis. Amounts may therefore differ.

A more detailed future‑oriented statement of operations and associated notes, including a reconciliation of the net cost of operations with the requested authorities, are available on NSIRA’s website.

Future-oriented condensed statement of operations for the year ending March 31, 2024 (dollars)

Financial information 2022–23 Forecast results 2023–24 Planned results Difference (2023–24 planned results minus 2022–23 Forecast results)
Total expenses 18,549,572 23,599,775 5,050,203
Total revenues
Net cost of operations before government funding and transfers 18,549,572 23,599,775 5,050,203

The difference between the 2023–24 planned results and 2022–23 forecast results is mostly explained by delayed planned accommodation, infrastructure and systems project costs.

Corporate Information

Organizational profile

Appropriate minister: The Right Honourable Justin Trudeau, Prime Minister of Canada
Institutional head: John Davies, Executive Director
Ministerial portfolio: Privy Council Office
Enabling instrument: National Security and Intelligence Review Agency Act
Year of incorporation / commencement: 2019

Raison d’être, mandate and role: who we are and what we do

Information on NSIRA’s raison d’être, mandate and role is available on NSIRA’s website.

Operating context

Information on the operating context is available on NSIRA’s website.

Reporting framework

NSIRA’s approved departmental results framework and program inventory for 2023–24 are as follows

Core Responsibility: National Security and Intelligence Reviews and Complaints Investigations
Departmental Results Framework Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary Indicator: All mandatory reviews are completed on an annual basis Internal Services
Indicator: Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year
Indicator: All Member-approved high priority national security or intelligence activities are reviewed over a three-year period
National security-related complaints are independently investigated in a timely manner Indicator: Percentage of investigations completed within NSIRA service standards
Program Inventory Program: National security and intelligence activity reviews and complaints investigations

Supporting information on the program inventory

Supporting information on planned expenditures, human resources and results related to NSIRA’s program inventory is available on GC InfoBase.

Supplementary information tables

The following supplementary information tables are available on NSIRA‘s website.

  • Gender-based analysis plus

Federal tax expenditures

NSIRA’s Departmental Plan does not include information on tax expenditures.

Tax expenditures are the responsibility of the Minister of Finance. The Department of Finance Canada publishes cost estimates and projections for government­‑wide tax expenditures each year in the Report on Federal Tax Expenditures. This report provides detailed information on tax expenditures, including objectives, historical background and references to related federal spending programs, as well as evaluations, research papers and gender-based analysis plus.

Organizational contact information

National Security and Intelligence Review Agency
P.O. Box 2430, Station “D” Ottawa, Ontario
K1P 5W5

Telephone: The phone number is temporarily disabled
Fax: The fax number is temporarily disabled.
Email: info@nsira-ossnr.gc.ca
Website: www.nsira-ossnr.gc.ca

Appendix: definitions

appropriation (crédit)

Any authority of Parliament to pay money out of the Consolidated Revenue Fund.

budgetary expenditures (dépenses budgétaires)

Operating and capital expenditures; transfer payments to other levels of government, organizations or individuals; and payments to Crown corporations.

core responsibility (responsabilité essentielle)

An enduring function or role performed by a department. The intentions of the department with respect to a core responsibility are reflected in one or more related departmental results that the department seeks to contribute to or influence.

Departmental Plan (plan ministériel)

A report on the plans and expected performance of an appropriated department over a 3‑year period. Departmental Plans are usually tabled in Parliament each spring.

departmental priority (priorité)

A plan or project that a department has chosen to focus and report on during the planning period. Priorities represent the things that are most important or what must be done first to support the achievement of the desired departmental results.

departmental result (résultat ministériel)

A consequence or outcome that a department seeks to achieve. A departmental result is often outside departments’ immediate control, but it should be influenced by program-level outcomes.

departmental result indicator (indicateur de résultat ministériel)

A quantitative measure of progress on a departmental result.

departmental results framework (cadre ministériel des résultats)

A framework that connects the department’s core responsibilities to its departmental results and departmental result indicators.

Departmental Results Report (rapport sur les résultats ministériels)

A report on a department’s actual accomplishments against the plans, priorities and expected results set out in the corresponding Departmental Plan.

experimentation (expérimentation)

The conducting of activities that seek to first explore, then test and compare the effects and impacts of policies and interventions in order to inform evidence-based decision-making, and improve outcomes for Canadians, by learning what works, for whom and in what circumstances. Experimentation is related to, but distinct from innovation (the trying of new things), because it involves a rigorous comparison of results. For example, using a new website to communicate with Canadians can be an innovation; systematically testing the new website against existing outreach tools or an old website to see which one leads to more engagement, is experimentation.

full‑time equivalent (équivalent temps plein)

A measure of the extent to which an employee represents a full person‑year charge against a departmental budget. For a particular position, the full‑time equivalent figure is the ratio of number of hours the person actually works divided by the standard number of hours set out in the person’s collective agreement.

gender-based analysis plus (GBA Plus) (analyse comparative entre les sexes plus [ACS Plus])

An analytical process used to assess how diverse groups of women, men and gender-diverse people experience policies, programs and services based on multiple factors including race ethnicity, religion, age, and mental or physical disability.

government-wide priorities (priorités pangouvernementales)

For the purpose of the 2020–21 Departmental Results Report, those high-level themes outlining the government’s agenda in the 2019 Speech from the Throne, namely: Fighting climate change; Strengthening the Middle Class; Walking the road of reconciliation; Keeping Canadians safe and healthy; and Positioning Canada for success in an uncertain world.

horizontal initiative (initiative horizontale)

An initiative where two or more federal organizations are given funding to pursue a shared outcome, often linked to a government priority.

non‑budgetary expenditures (dépenses non budgétaires)

Net outlays and receipts related to loans, investments and advances, which change the composition of the financial assets of the Government of Canada.

performance (rendement)

What an organization did with its resources to achieve its results, how well those results compare to what the organization intended to achieve, and how well lessons learned have been identified.

performance indicator (indicateur de rendement)

A qualitative or quantitative means of measuring an output or outcome, with the intention of gauging the performance of an organization, program, policy or initiative respecting expected results.

performance reporting (production de rapports sur le rendement)

The process of communicating evidence‑based performance information. Performance reporting supports decision making, accountability and transparency.

plan (plan)

The articulation of strategic choices, which provides information on how an organization intends to achieve its priorities and associated results. Generally, a plan will explain the logic behind the strategies chosen and tend to focus on actions that lead to the expected result.

planned spending (dépenses prévues)

For Departmental Plans and Departmental Results Reports, planned spending refers to those amounts presented in Main Estimates.

A department is expected to be aware of the authorities that it has sought and received. The determination of planned spending is a departmental responsibility, and departments must be able to defend the expenditure and accrual numbers presented in their Departmental Plans and Departmental Results Reports.

program (programme)

Individual or groups of services, activities or combinations thereof that are managed together within the department and focus on a specific set of outputs, outcomes or service levels.

program inventory (répertoire des programmes)

Identifies all the department’s programs and describes how resources are organized to contribute to the department’s core responsibilities and results.

result (résultat)

A consequence attributed, in part, to an organization, policy, program or initiative. Results are not within the control of a single organization, policy, program or initiative; instead they are within the area of the organization’s influence.

statutory expenditures (dépenses législatives)

Expenditures that Parliament has approved through legislation other than appropriation acts. The legislation sets out the purpose of the expenditures and the terms and conditions under which they may be made.

target (cible)

A measurable performance or success level that an organization, program or initiative plans to achieve within a specified time period. Targets can be either quantitative or qualitative.

voted expenditures (dépenses votées)

Expenditures that Parliament approves annually through an appropriation act. The vote wording becomes the governing conditions under which these expenditures may be made.

Share this page
Date Modified:

Financial Statements: NSIRA 2021–22

Date of Publishing:

Statement of Management Responsibility Including Internal Control over Financial Reporting

Responsibility for the integrity and objectivity of the accompanying financial statements for the year ended March 31, 2022, and all information contained in these financial statements rests with the management of the National Security and Intelligence Review Agency (NSIRA). These financial statements have been prepared by management using the Government of Canada’s accounting policies, which are based on Canadian public sector accounting standards.

Management is responsible for the integrity and objectivity of the information in these financial statements. Some of the information in the financial statements is based on management’s best estimates and judgment, and gives due consideration to materiality. To fulfill its accounting and reporting responsibilities, management maintains a set of accounts that provides a centralized record of the NSIRA’s financial transactions. Financial information submitted in the preparation of the Public Accounts of Canada, and included in the NSIRA’s Departmental Results Report, is consistent with these financial statements.

Management is also responsible for maintaining an effective system of internal control over financial reporting (ICFR) designed to provide reasonable assurance that financial information is reliable, that assets are safeguarded and that transactions are properly authorized and recorded in accordance with the Financial Administration Act and other applicable legislation, regulations, authorities and policies.

Management seeks to ensure the objectivity and integrity of data in its financial statements through careful selection, training and development of qualified staff; through organizational arrangements that provide appropriate divisions of responsibility; through communication programs aimed at ensuring that regulations, policies, standards, and managerial authorities are understood throughout the NSIRA and through conducting an annual risk-based assessment of the effectiveness of the system of ICFR.

The system of ICFR is designed to mitigate risks to a reasonable level based on an ongoing process to identify key risks, to assess effectiveness of associated key controls, and to make any necessary adjustments.

A risk-based assessment of the system of ICFR for the year ended March 31, 2022 was completed in accordance with the Treasury Board Policy on Financial Management and the results and action plans are summarized in the annex.

The financial statements of the National Security and Intelligence Agency have not been audited.

John Davies
Deputy Head

Pierre Souligny
Chief Financial Officer

Ottawa, Canada
September 9, 2022

Statement of Financial Position (Unaudited)

As of March 31 (in thousands of dollars)

  2022 2021
(Restated Note 11)
Liabilities
Accounts payable and accrued liabilities (Note 4) 1,220 1,519
Vacation pay and compensatory leave 556 215
Employee future benefits (Note 5b) 228 316
Total liabilities 2,004 2,050
Financial assets
Due from Consolidated Revenue Fund 692 946
Accounts receivable and advances (Note 6) 637 632
Total net financial assets 1,329 1,578
Departmental net debt 675 472
Non-financial assets
Prepaid expenses 70   92
Tangible capital assets (Note 7) 4,734 2,148
Total non-financial assets 4,804 2,240
Departmental net financial position 4,129 1,768
Contractual obligations (Note 8)    

The accompanying notes form an integral part of these financial statements.

John Davies
Deputy Head

Pierre Souligny
Chief Financial Officer

Ottawa, Canada
September 9, 2022

Statement of Operations and Departmental Net Financial Position (Unaudited)

For the Year Ended March 31 (in thousands of dollars)

  2022
Planned Results
2022 2021
(Restated Note 11)
Expenses
National Security and Intelligence Reviews and Complaints Investigations 12,616 8,360 5,769
Vacation pay and compensatory leave 15,619 7,805 5,894
Total expenses 28,235 16,165 11,663
Net cost from continuing operations 28,235 16,165 11,663
Net cost of operations before government funding and transfers 28,235 16,165 11,663
Government funding and transfers
Net cash provided by Government of Canada 692 17,553 12,401
Change in due from Consolidated Revenue Fund 637 (254) (590)
Services provided without charge by other government departments (Note 9a) 1,329 1,242 1,007
Transfer of overpayments 675 15 (60)
Net cost of operations after government funding and transfers (2,361) (1,095)
Departmental net financial position – Beginning of year 1,768 673
Departmental net financial position – End of year 4,129 1,768

Segmented information (Note 10)

The accompanying notes form an integral part of these financial statements.

Statement of Change in Departmental Net Debt (Unaudited)

For the Year Ended March 31 (in thousands of dollars)

  2022 2021
(Restated Note 11)
Net cost of operations after government funding and transfers (2,361) (1,095)
Change due to tangible capital assets
Acquisition of tangible capital assets 3,114 1,352
Amortization of tangible capital assets (528) (171)
Total change due to tangible capital assets 2,586 1,181
Change due to prepaid expenses (22) (17)
Net increase (decrease) in departmental net debt 203 69
Departmental net debt – Beginning of year 472 403
Departmental net debt – End of year 675 472

The accompanying notes form an integral part of these financial statements.

Statement of Cash Flows (Unaudited)

For the Year Ended March 31 (in thousands of dollars)

  2022 2021
(Restated Note 11)
Operating activities
Net cost of operations before government funding and transfers 16,165 11,663
Non-cash items:
Amortization of tangible capital assets (528) (171)
Services provided without charge by other government departments (Note 9a) (1,242) (1,007)
Transfer of overpayments 15 60
Variations in Statement of Financial Position:
Increase (decrease) in accounts receivable and advances 5 542
Increase (decrease) in prepaid expenses (22) (17)
Decrease (increase) in accounts payable and accrued liabilities 299 41
Decrease (increase) in vacation pay and compensatory leave (341) 108
Decrease (increase) in future employee benefits 88 (170)
Cash used in operating activities 14,439 11,049
Capital investing activities
Acquisitions of tangible capital assets (Note 7) 3,114 1,352
Cash used in capital investing activities 3,114 1,353
Net cash provided by Government of Canada 17,553 12,401

Notes to the Financial Statements (Unaudited)

1. Authority and objectives

The agency was established, effective July 12, 2019 under the National Security and Intelligence Review Agency Act (NSIRA Act).

The agency is a division of the federal public administration as set out in column 1 of Schedule I.1 of the Financial Administration Act and reports to Parliament through the Prime Minister.

The mandate of the agency is to review all Government of Canada national security and intelligence activities to ensure that they are lawful, reasonable and necessary.  The agency also investigates public complaints regarding key national security agencies and activities.

To achieve its strategic outcome and deliver results for Canadians, NSIRA articulates its plans and priorities based on the core responsibility and program inventory included below:

National Security and Intelligence Reviews and Complaints Investigations

The National Security and Intelligence Review Agency reviews Government of Canada national security and intelligence activities to assess whether they are lawful, reasonable and necessary. It investigates complaints from members of the public regarding activities of CSIS, CSE or the national security activities of the RCMP, as well as certain other national security-related complaints.  This independent scrutiny contributes to the strengthening of the framework of accountability for national security and intelligence activities undertaken by Government of Canada institutions and supports public confidence in this regard.

Internal Services

Internal support services are groups of related activities and resources that are administered to support the needs of programs and other corporate obligations of an organization. These groups are: Management and Oversight Services; Communications Services; Legal Services; Human Resources Management Services; Financial Management Services; Information Management Services; Information Technology Services; Real Property Services; Materiel Services; Acquisition Services; and Other Administrative Services. Internal Services include only those activities and resources that apply across an organization and not to those provided specifically to a program.

2. Summary of significant accounting policies

These financial statements are prepared using NSIRA’s accounting policies stated below, which are based on Canadian public sector accounting standards. The presentation and results using the stated accounting policies do not result in any significant differences from Canadian public sector accounting standards.

Significant accounting policies are as follows:

(a) Parliamentary authorities

NSIRA is financed by the Government of Canada through Parliamentary authorities. Financial reporting of authorities provided to NSIRA do not parallel financial reporting according to generally accepted accounting principles since authorities are primarily based on cash flow requirements. Consequently, items recognized in the Statement of Operations and Departmental Net Financial Position and in the Statement of Financial Position are not necessarily the same as those provided through authorities from Parliament. Note 3 provides a reconciliation between the bases of reporting. The planned results amounts in the ”Expenses” and ”Revenues” sections of the Statement of Operations and Departmental Net Financial Position are the amounts reported in the Future-Oriented Statement of Operations included in the 2021-2022 Departmental Plan. The planned results amounts in the “Government funding and transfers” section of the Statement of Operations and Departmental Net Financial Position and in the Statement of Change in Departmental Net Debt were prepared for internal management purposes and have not been previously published.

(b) Net cash provided by Government of Canada

NSIRA operates within the Consolidated Revenue Fund (CRF), which is administered by the Receiver General for Canada. All cash received by NSIRA is deposited to the CRF, and all cash disbursements made by NSIRA are paid from the CRF. The net cash provided by Government is the difference between all cash receipts and all cash disbursements, including transactions between departments of the Government.

(c) Amounts due from or to the CRF

Amounts due from or to the CRF are the result of timing differences at year-end between when a transaction affects authorities and when it is processed through the CRF. Amounts due from the CRF represent the net amount of cash that NSIRA is entitled to draw from the CRF without further authorities to discharge its liabilities.

(d) Expenses

  • Vacation pay and compensatory leave are accrued as the benefits are earned by employees under their respective terms of employment.
  • Services provided without charge by other government departments for accommodation, employer contributions to the health and dental insurance plans and workers’ compensation are recorded as operating expenses at their carrying value.

(e) Employee future benefits

  • Pension benefits: Eligible employees participate in the Public Service Pension Plan, a pension plan administered by the Government. NSIRA’s contributions to the Plan are charged to expenses in the year incurred and represent the total departmental obligation to the Plan. NSIRA’s responsibility with regard to the Plan is limited to its contributions. Actuarial surpluses or deficiencies are recognized in the financial statements of the Government of Canada, as the Plan’s sponsor.
  • Severance benefits: The accumulation of severance benefits for voluntary departures ceased for applicable employee groups. The remaining obligation for employees who did not withdraw benefits is calculated using information derived from the results of the actuarially determined liability for employee severance benefits for the Government as a whole.

(f) Accounts receivable

Accounts receivable are initially recorded at cost and when necessary, an allowance for valuation is recorded to reduce the carrying value of accounts receivable to amounts that approximate their net recoverable value.

(g) Non-financial assets

All tangible capital assets having an initial cost of $10,000 or more are recorded at their acquisition cost. Tangible capital assets do not include immovable assets located on reserves as defined in the Indian Act, works of art, museum collection and Crown land to which no acquisition cost is attributable; and intangible assets.

Inventories are valued at cost and are comprised of spare parts and supplies held for future program delivery and are not primarily intended for resale. Inventories that no longer have service potential are valued at the lower of cost or net realizable value.

(h) Measurement uncertainty

The preparation of these financial statements requires management to make estimates and assumptions that affect the reported and disclosed amounts of assets, liabilities, revenues and expenses reported in the financial statements and accompanying notes at March 31. The estimates are based on facts and circumstances, historical experience, general economic conditions and reflect the Government’s best estimate of the related amount at the end of the reporting period. The most significant items where estimates are used are contingent liabilities, the liability for employee future benefits and the useful life of tangible capital assets. Actual results could significantly differ from those estimated. Management’s estimates are reviewed periodically and, as adjustments become necessary, they are recorded in the financial statements in the year they become known.

Related party transactions, other than inter-entity transactions, are recorded at the exchange amount.

Inter-entity transactions are transactions between commonly controlled entities. Inter-entity transactions, other than restructuring transactions, are recorded on a gross basis and are measured at the carrying amount, except for the following:

  • Services provided on a recovery basis are recognized as revenues and expenses on a gross basis and measured at the exchange amount.
  • Certain services received on a without charge basis are recorded for departmental financial statement purposes at the carrying amount.

3. Parliamentary authorities

NSIRA receives most of its funding through annual Parliamentary authorities. Items recognized in the Statement of Operations and Departmental Net Financial Position and the Statement of Financial Position in one year may be funded through Parliamentary authorities in prior, current or future years. Accordingly, NSIRA has different net results of operations for the year on a government funding basis than on an accrual accounting basis. The differences are reconciled in the following tables:

(a) Reconciliation of net cost of operations to current year authorities used

(in thousands of dollars)

  2022 2021
(Restated Note 11)
Net cost of operations before government funding and transfers 16,165 11,663
Adjustments for items affecting net cost of operations but not affecting authorities:
Amortization of tangible capital assets (528) (171)
Services provided without charge by other government departments (1,242) (1,007)
Increase / (decrease) in vacation pay and compensatory leave (341) 109
Increase / (decrease) in employee future benefits 88 (170)
Refund of prior years’ expenditures 41 481
Total items affecting net cost of operations but not affecting authorities (1,982) 759
Adjustments for items not affecting net cost of operations but affecting authorities
Acquisition of tangible capital assets 3,114 1,352
Amortization of tangible capital assets (22) (17)
Accounts receivable and advances 15 12
Total items not affecting net cost of operations but affecting authorities 3,107 1,347
Current year authorities used 17,290 12,251

(b) Authorities provided and used

(in thousands of dollars)

  2022 2021
Authorities provided:
Vote 1 – Operating expenditures 30,851 22,592
Statutory amounts 1,176 962
Less:
Lapsed: Operating (14,737) (11,303)
Current year authorities used 17,290 12,251

4. Accounts payable and accrued liabilities

The following table presents details of NSIRA’s accounts payable and accrued liabilities.

(in thousands of dollars)

  2022 2021
Accounts payable – Other government departments and agencies 436 444
Accounts payable – External parties 784 1,075
Total accounts payable 1,220 1,519
Total accounts payable and accrued liabilities 1,220 1,519

5. Employee future benefits

(a) Pension benefits

NSIRA’s employees participate in the Public Service Pension Plan (the ”Plan”), which is sponsored and administered by the Government of Canada. Pension benefits accrue up to a maximum period of 35 years at a rate of two percent per year of pensionable service, times the average of the best five consecutive years of earnings. The benefits are integrated with Canada/Québec Pension Plan benefits and they are indexed to inflation.

Both the employees and the Agency contribute to the cost of the Plan. Due to the amendment of the Public Service Superannuation Act following the implementation of provisions related to Economic Action Plan 2012, employee contributors have been divided into two groups – Group 1 related to existing plan members as of December 31, 2012 and Group 2 relates to members joining the Plan as of January 1, 2013. Each group has a distinct contribution rate.

The 2021-22 expense amounts to $1,072,922 ($877,610 in 2020-21). For Group 1 members, the expense represents approximately 1.01 times (1.01 times in 2020-21) the employee contributions and, for Group 2 members, approximately 1.00 times (1.00 times in 2020-21) the employee contributions.

NSIRA’s responsibility with regard to the Plan is limited to its contributions. Actuarial surpluses or deficiencies are recognized in the Consolidated Financial Statements of the Government of Canada, as the Plan’s sponsor.

(b) Severance benefits

Severance benefits provided to NSIRA’s employees were previously based on an employee’s eligibility, years of service and salary at termination of employment. However, since 2011 the accumulation of severance benefits for voluntary departures progressively ceased for substantially all employees. Employees subject to these changes were given the option to be paid the full or partial value of benefits earned to date or collect the full or remaining value of benefits upon departure from the public service. By March 31, 2018, substantially all settlements for immediate cash out were completed. Severance benefits are unfunded and, consequently, the outstanding obligation will be paid from future authorities.

The changes in the obligations during the year were as follows:

(in thousands of dollars)

  2022 2021
Accrued benefit obligation – Beginning of year 316 146
Expense for the year (7) 170
Benefits paid during the year (81)
Accrued benefit obligation – End of year 228 316

6. Accounts receivable and advances

The following table presents details of NSIRA’s accounts receivable and advances balances:

  2022 2021
Receivables – Other government departments and agencies 546 581
Receivables – External parties 60 51
Employee advances 31
Net accounts receivable 637 632

7. Tangible capital assets

Amortization of tangible capital assets is done on a straight-line basis over the estimated useful life of the asset as follows:

Asset Class Amortization Period
Informatics hardware 3 to 10 years
Other equipment 3 to 30 years
Leasehold improvements Over the useful life of the improvement or the lease term, whichever is shorter
Assets under construction once in service, in accordance with asset type

(in thousands of dollars)

  Cost Accumulated Amortization Net Book Value
(1) Adjustments include assets under construction that were transferred to the other categories upon completion of the assets.
Capital Asset Class Opening Balance Acquisitions Adjustments (1) Disposal and Write- Offs Closing Balance Opening Balance Amortization Adjustments (1) Disposals and Write- Offs Closing Balance 2022 2021
Restated (Note 11)
Informatics hardware 279 56 335 189 78 267 68 90
Other equipment 1,095 29 1,124 306 115 421 703 789
Leasehold improvements 136 869 1,005 335 335 670
Assets under construction 1,269 2,893 (869) 3,293 3,293 1,129
Total 2,643 3,114 5,757 495 528 1,023 4,734 2,148

8. Contractual obligations

The nature of the NSIRA’s activities may result in some large multi-year contracts and obligations whereby NSRIA will be obligated to make future payments in order to carry out its programs or when the services/goods are received. Significant contractual obligations that can be reasonably estimated are summarized as follows:

  2023 2024 2025 2026 2027 2028 and subsequent Total
Professional and special services 2,257 418 2,615
Repair and maintenance 3,886 3,886
Rental 117 117
Transportation and communications 89 89
Total 6,349 418 6,767

NSIRA is related as a result of common ownership to all government departments, agencies, and Crown corporations. Related parties also include individuals who are members of key management personnel or close family members of those individuals, and entities controlled by, or under shared control of, a member of key management personnel or a close family member of that individual.

NSIRA enters into transactions with these entities in the normal course of business and on normal trade terms.

During the year, NSIRA received common services which were obtained without charge for other government departments as disclosed below.

(a) Common services provided without charge by other government departments

During the year, the NSIRA received services without charge from certain common service organizations, related to accommodation and the employer’s contribution to the health and dental insurance plans. These services provided without charge have been recorded at the carrying value in NSIRA’s Statement of Operations and Departmental Net Financial Position as follows:

(in thousands of dollars)

  2022 2021
Accommodation 486 451
Employer’s contribution to the health and dental insurance plans 756 556
Total 1,242 1,007

The Government has centralized some of its administrative activities for efficiency, cost-effectiveness purposes and economic delivery of programs to the public. As a result, the Government uses central agencies and common service organizations so that one department performs services for all other departments and agencies without charge. The costs of these services, such as the payroll and cheque issuance services provided by Public Services and Procurement Canada and audit services provided by the Office of the Auditor General are not included in the Department’s Statement of Operations and Departmental Net Financial Position.

(b) Other transactions with other government departments and agencies

  2022 2021
Expenses 6,844 5,595

10. Segmented information

Presentation by segment is based on the Department’s core responsibility. The presentation by segment is based on the same accounting policies as described in the Summary of significant accounting policies in Note 2. The following table presents the expenses incurred and revenues generated for the main core responsibilities, by major object of expense and by major type of revenue. The segment results for the period are as follows:

  National Security and Intelligence Reviews and Complaints Investigations Internal Services 2022 2021
Expenses
Salaries and employee benefits 7,638 2,644 10,282 7,995
Professional and special services 231 3,239 3,470 1,845
Accommodation 505 505 451
Transportation and communications 30 183 213 88
Information 23 46 69 192
Acquisition of machinery and equipment 4 350 354 864
Repair and maintenance 3,091 3,091 1,258
Amortization of tangible capital assets 528 528 171
Rental 130 130 152
Utilities, materials and supplies 4 26 30 8
Other 430 (2,937) (2,507) (1,361)
Total expenses 8,360 7,805 16,165 11,663
Net cost from continuing operations 8,360 7,805 16,165 11,663

11. Adjustments to prior year’s results

As a result of a review, NSIRA identified minor rounding discrepancies. These changes have been applied retroactively and comparative information for 2020-21 has been restated. The effect of these adjustments is presented in the table below.

  2021
(As previously stated)
Effect of the adjustment 2021
(Restated)
Statement of Financial Position
Tangible capital assets 7,638 2,644 10,282
Total non-financial assets 231 3,239 3,470
Departmental net financial position 505 505
Statement of Operations and Departmental Net Financial Position
Internal Services 30 183 213
Total Expenses 23 46 69
Net cost of operations after government funding and transfers 4 350 354
Departmental net financial position – End of year 3,091 3,091
Statement of Change in Departmental Net Debt
Net cost of operations after government funding and transfers 528 528
Acquisition of tangible capital assets 130 130
Total change due to tangible capital assets 4 26 30
Statement of Cash Flow
Net cost of operations before government funding and transfers 430 (2,937) (2,507)
Cash used in operating activities 8,360 7,805 16,165
Acquisitions of tangible capital assets 8,360 7,805 16,165
Note 3(a) – Parliamentary authorities
Net cost of operations before government funding and transfers 11,662 1 11,663
Acquisition of tangible capital assets 1,353 (1) 1,352
Total items not affecting net cost of operations but affecting authorities 1,348 (1) 1,347
Note 7 – Tangible capital assets
Assets under construction – Net Book Value 430 (1) (2,507)
Total – Net Book Value 8,360 (1) 16,165
Note 10 – Segmented Information
Salaries and employee benefits 7,994 1 7,995
Acquisition of machinery and equipment 694 170 864
Other (1,191) (170) (1,361)
Total Expenses 11,662 1 11,663
Net cost from continuing operations 11,662 1 11,663

Annex to the Statement of Management Responsibility Including Internal Control over Financial Reporting for Fiscal Year 2021-22 (unaudited)

1. Introduction

This document provides summary information on measures taken by the National Security Intelligence Review Agency (NSIRA) to maintain an effective system of internal control over financial reporting (ICFR) including information on internal control management, assessment results and related action plans.

Detailed information on NSIRA authority, mandate, and programs can be found in our Departmental Plan for the 2021 to 2022 fiscal year and our Departmental Results Report for the 2021 to 2022 fiscal year.

2. Departmental system of internal control over financial reporting

2.1  Internal Control Management

NSIRA has implemented a rigourous governance and accountability structure to support the oversight of its system of internal control, which includes:

  • organizational accountability structures as they relate to internal control management to support sound financial management, including the roles and responsibilities of senior departmental managers for control management in their areas of responsibility
  • values and ethics
  • ongoing communication and training on statutory requirements, and policies and procedures for sound financial management and control
  • monitoring of, and regular updates to, internal control management, as well as the provision of related assessment results and action plans to the deputy head and senior departmental management

NSIRA recognizes the importance of setting the tone from the top to help ensure that staff at all levels understand their roles in maintaining effective financial systems of ICFR and are well equipped to exercise these responsibilities effectively

2.2  Service Arrangements relevant to financial statements

NSIRA relies on other organizations for the processing of certain transactions that are recorded in its financial statements, and relies on these service providers to ensure an adequate system of ICFR is maintained over services provided to NSIRA.

Common Arrangements:
  • Public Services and Procurement Canada, which administers the payment of salaries and the procurement of goods and services, and provides accommodation services
  • Shared Services Canada, which provides IT infrastructure services
  • Treasury Board of Canada Secretariat, which provides information on public service insurance and centrally administers payment of the employer’s share of contributions toward statutory employee benefit plans

Readers of this annex may refer to the annexes of the above-noted departments for a greater understanding of the systems of internal control over financial reporting related to these specific services.

Specific Arrangements:
  • Prior to fiscal 2021-22, in accordance to a Memorandum of Understanding (MOU) between the two organizations, NSIRA relied on the Privy Council Office (PCO) for the performance of financial services, including relevant control measures.  Effective, April 1, 2021, NSIRA entered into a new MOU with PCO, which reflected a shift whereby NSIRA would work towards financial services self-sufficiency, by fiscal 2022-23 (including a transition period over fiscal 2021-22).
  • Treasury Board of Canada Secretariat provides the agency with a SAP financial system platform to capture and report all financial transactions and a PeopleSoft human resources system platform to manage pay and leave transactions

3. Departmental assessments results during fiscal year 2021-22

Progress during the 2021-22 fiscal year

NSIRA’s management team has maintained a system of internal control that ensures that financial information is understandable, relevant, reliable and comparable in concert with the PCO’s support as per the MOU.  Progress is disclosed in the Annex of PCO’s Statement of Management Responsibility.

New or significantly amended key controls

In the current fiscal year, there were no new or significantly amended key controls in existing processes that required reassessment. No significant adjustments were required.

On-going monitoring program

In the current fiscal year, NSIRA’s leveraged PCO’s rotational on-going monitoring plan disclosed in the Annex of PCO’s statement of management responsibility. Starting in fiscal 2022-23 NSIRA will establish its own rotational monitoring plan.  See Departmental action plan below for additional information.

4. Departmental action plan

NSIRA’s risk-based monitoring plan over the next 3 fiscal years is shown in the following table.

Key Control Areas 2022-23 2023-24 2024-25
Entity-level controls X    
Procure to pay X X  
Payroll X X  
Financial Close X   X
Capital Assets X   X
Share this page
Date Modified:

Departmental Results Report: 2021-22

Meta data information

Cat. Number: PS106-8E-PDF
ISSN: 2563-5174

© Her Majesty the Queen in Right of Canada, 2021

Date of Publishing:

From the Executive Director

The National Security and Intelligence Review Agency (NSIRA) marked its second full year of operation in 2021–22, and we continued to build institutional processes and systems throughout the period with the goal of putting the organization on a solid long-term footing.

We refined our review processes, with an emphasis on generating high-quality reviews by establishing interdisciplinary teams that incorporate subject-matter, legal and technological expertise. Throughout the year, we expanded our institutional understanding of the various departments and agencies that make up Canada’s security and intelligence community, and reviewed activities that had not previously been subject to independent scrutiny. We also developed a consistent way to assess the timeliness of departmental responses to support public reporting and transparency.

In 2021–22, we implemented new Rules of Procedure for our complaints investigation process that were based on a major consultation and reform in the year prior. These new rules are aimed at enhancing efficiency in the process, as well as access to justice for complainants. Our work on both reviews and complaints investigations was informed by our network of like-minded review and complaints investigation bodies, as well as our network of Canadian and international academics and civil society organizations.

We continued our practice of proactively redacting and releasing review reports on our website. As stated in the past, we consider this type of transparency vital to the development of an enhanced culture of accountability among departments and agencies involved in national security and intelligence activities.

We achieved much throughout the year despite the ongoing pandemic, thanks to the hard work of our talented and dedicated staff. I would like to thank our employees for their commitment during this period, and for the energy and enthusiasm that they bring to the continued growth of our organization.

John Davies
Executive Director
National Security and Intelligence Review Agency

Results at a glance

The National Security and Intelligence Review Agency (NSIRA) began operating in 2019 as a new independent accountability mechanism in Canada. Its broad review and investigations mandate covers the national security and intelligence activities of departments and agencies across the federal government. The agency’s total actual spending in 2021–22 amounted to $17,289,754 and its total actual full-time equivalents were 74.

For a significant part of the fiscal year, the pandemic required NSIRA staff to work remotely, limiting its access to classified materials that are critical to NSIRA’s work. To adjust, NSIRA revised its review plans and used innovative approaches to continue to advance its work. This included implementing strict rotating schedules to enable limited office access for classified work to continue safely and using videoconference technology where possible. This allowed NSIRA to fulfill its statutory obligations and uphold its commitments to Canadians. Despite the restrictions, NSIRA was able to enhance its scrutiny of Canada’s national security and intelligence activities.

Below are some of NSIRA’s achievements in 2021–22.

Review

NSIRA’s review of national security and intelligence activities undertaken by Government of Canada institutions ensures that ministers and Canadians are informed about whether these activities were lawful, reasonable and necessary.

During 2021–22, NSIRA completed and approved 10 reviews, including six dedicated to reviewing the activities of a specific department or agency and four interdepartmental reviews that involved more than a dozen departments and agencies. This helped to extend both the breadth and depth of NSIRA’s knowledge and experience.

NSIRA continued to develop and improve its review framework. With the creation of its Technology Directorate, for example, NSIRA boosted its capacity to do technical review. The review framework now embeds legal and technological experts in the review process at the outset of reviews and outlines a clear process to promote consistency across subject areas.

Complaint investigations

NSIRA independently investigates national security and intelligence–related complaints from members of the public and strives to do so in a timely manner.

In fiscal year 2021–22, NSIRA completed two complaints investigations and issued two final reports. NSIRA also received 58 referrals from the Canadian Human Rights Commission, pursuant to subsection 45(2) of the Canadian Human Rights Act, substantially increasing its inventory of complaint files. This high-volume caseload affected NSIRA’s overall management of its cases.

In 2021, NSIRA also finalized its major reform and modernization of its complaints investigation process, aimed at streamlining the procedural steps and promoting access to justice for self-represented complainants.

Reporting and transparency

During the reporting period, NSIRA remained committed to publishing redacted and depersonalized investigation reports to promote and enhance transparency in its investigations as set out in its January 2021 policy statement. NSIRA also turned its attention to examining appropriate ways to release declassified and depersonalized final complaints investigations reports, and consulted with parties to the complaint investigations.

For more information on NSIRA’s plans, priorities and results achieved, see the “Results: what we achieved” section of this report.

Results: what we achieved

Core responsibility

National Security and Intelligence Reviews and Complaints Investigations

Description:

The National Security and Intelligence Review Agency reviews Government of Canada national security and intelligence activities to assess whether they are lawful, reasonable and necessary. It investigates complaints from members of the public regarding activities of CSIS, CSE or the national security activities of the RCMP, as well as certain other national security-related complaints.  This independent scrutiny contributes to the strengthening of the framework of accountability for national security and intelligence activities undertaken by Government of Canada institutions and supports public confidence in this regard.

Results:

In 2021–22, NSIRA delivered on its mandate by completing reviews on federal departments and agencies involved in a wide array of national security and intelligence activities, and efficiently supported agency members in conducting several complaints investigations using a revised and improved process.

Review of national security and intelligence activities

NSIRA completed 10 national security and intelligence reviews over the course of 2021–22. Six reviews focused on an individual department or agency, while four reviews were interdepartmental by design. Organizations whose activities were the subject of specific reviews included:

  • Canadian Security Intelligence Service — two reviews
  • Communications Security Establishment — two reviews
  • Department of National Defence and the Canadian Armed Forces — two reviews

The four interdepartmental reviews were by design were:

  • Rebuilding Trust: Reforming the CSIS Warrant and Justice Legal Advisory Processes
  • Study of the Government of Canada’s Use of Biometrics in the Border Continuum
  • the annual review of disclosures under the Security of Canada Information Disclosure Act
  • the annual review of the implementation of directions issued under the Avoiding Complicity in Mistreatment by Foreign Entities Act

Six of NSIRA’s reviews resulted in recommendations to ministers on issues related to compliance and governance. One review did not result in any recommendations but had four findings. The three other reviews helped NSIRA gain a better baseline understanding of certain organizations or activities, which will help guide future reviews. As a result of NSIRA’s unclassified and publicly released reviews, as well as its annual reporting, NSIRA contributes to increased confidence among Canadians in the independent review of national security and intelligence activities carried out by Government of Canada institutions.

During the reporting period, NSIRA continued to refine its review framework to promote high quality and rigour in its work, and to ensure consistency in the way it executes reviews. This framework provides systematic guidance on NSIRA’s process and approach, and embeds legal and technological expertise in reviews from the outset. NSIRA also developed new guidelines to assess the timeliness of reviewee responses to requests for information during the review process, and will comment both privately and publicly on the outcomes. As it improves its processes, NSIRA’s aim continues to be to produce the most consistent, objective and rigorous reviews possible.

In 2021–22, NSIRA established a Technology Directorate to enhance review by incorporating the capability to examine the use and implementation of technology by security and intelligence agencies in Canada. In the coming year, NSIRA will increase the number of employees working in the Technology Directorate as it takes an increasingly active and significant role. The directorate will also lead the first technology-focused reviews of the lifecycle of CSIS information collected by technical capabilities pursuant to a Federal Court warrant.

Investigation of national security and intelligence–related complaints

During the reporting period, NSIRA continued to adapt in conducting its complaints investigations by finding procedural efficiencies and using innovative approaches whenever possible. This included proceeding in writing for certain investigative steps and using videoconference technology for case management conferences, hearings and investigative interviews. Some departments and agencies were slow to respond to requests for information and evidence, in part due to challenges inherent to the COVID-19 pandemic, which delayed NSIRA’s investigations. Consequently, in several ongoing matters, NSIRA granted adjournments and extensions of deadlines for procedural steps, including the filing of submissions and evidentiary material. The reasons provided for the adjournments and requests for extensions not only were pandemic related but also included issues surrounding the availability of witnesses and shortage of resources of federal government parties. In addition, NSIRA had to ask for further information in response to incomplete initial disclosures in more than one investigation, also creating delays.

In 2021–22, NSIRA completed two complaints investigations and issued two final reports. Ministers, complainants and the public were informed of the conclusions of investigations of national security and intelligence–related complaints. NSIRA also dealt with a substantial increase in its inventory of complaint files as a result of 58 complaints referred by the Canadian Human Rights Commission to NSIRA in April and June 2021, pursuant to subsection 45(2) of the Canadian Human Rights Act. This high-volume caseload impacted NSIRA’s overall management of its cases.

In 2021, NSIRA completed its investigation process reform initiative after extensive consultation with stakeholders in the public and private sectors. In July 2021, NSIRA launched its new investigative process, which included the implementation of new Rules of Procedure to enhance efficiency in NSIRA’s investigation mandate and provide greater access to justice for self-represented complainants.

Lastly, NSIRA will finalize in 2022–23 the service standards for how long it takes to complete its investigations. The results will be included in the next Departmental Results Report.

Gender-based analysis plus

Building from naming a Champion and establishing a committee to take action against systemic employment equity, diversity and inclusion issues in 2020, NSIRA continued to work hard to create a culture of inclusion. At an individual level, the agency held staff discussions on anti-racism and themes related to diversity. In response to the Call to Action from the Clerk of the Privy Council, NSIRA completed a maturity assessment of its policies, programs and practices related to human rights, accessibility, employment equity, diversity and inclusion, and developed a three-year action plan to guide its efforts.

When reviewing national security and intelligence activities, NSIRA analysts are prompted to examines these activities’ potential for resulting in unequal outcomes for visible minority groups. For instance, among last year’s reviews, the Study of the Government of Canada’s Use of Biometrics in the Border Continuum examined the approach of Immigration, Refugees and Citizenship Canada and of the Canada Border Services Agency to preventing bias and discrimination against some groups of people in the use of biometrics by these agencies.

In terms of investigations, complainants file with NSIRA pursuant to the National Security and Intelligence Review Agency Act and the Rules of Procedure. Following the practices and procedures systematically in all complaint matters ensures a non-discriminatory process.

Furthermore, NSIRA and another review body are finalizing a study on how to systematically collect, analyze and use race-based and other demographic data in the complaints investigation process. This study draws on academic expertise to provide NSIRA insight into: whether significant racial disparities exist among civilian complainants; whether racial differences exist with respect to the types of complaints made against members of national security organizations based on different groups; the frequency of complaints that include allegations of racial or other forms of bias; and whether complaints investigation outcomes vary by racial group. NSIRA also aims to use the study results to improve public awareness and understanding of its investigation process, as well as to guide the development of NSIRA’s outreach and public engagement priorities

Experimentation

Given NSIRA’s functions and responsibilities, the agency did not engage in any program-related experimentation activities.

Key risks

Timely access to information, and the ability to verify that it has been provided with all relevant information, are paramount to the successful execution of NSIRA’s review and complaints investigation mandates. During the reporting period, departments and agencies delayed unnecessarily in providing NSIRA information and, in some reviews, NSIRA had to ask for additional information because of incomplete initial disclosures. NSIRA eventually received all relevant information from responding government departments and agencies for its investigations. NSIRA will continue to seek direct access to systems to ensure a high degree of confidence, reliability and independence in its work. During the reporting period, NSIRA also developed clear guidelines for assessing the timeliness and responsiveness of departments and agencies for its reviews, including remedial steps to be taken to respond to delays.

Physical distancing protocols and lockdowns required by the COVID-19 pandemic limited NSIRA employees’ access to classified physical and electronic documents in 2021–22. Flexible measures that follow current public health conditions mitigate the impact of the pandemic on NSIRA’s ability to deliver on its mandate in a timely way.

The pandemic also complicated the recruitment, onboarding and training of new review staff. NSIRA mitigated these impacts by increasing and adapting its office space, investing in communications technology, and implementing novel approaches to recruitment and onboarding.

Results achieved

The following table shows, for National Security and Intelligence Reviews and Complaints Investigations, the results achieved, the performance indicators, the targets and the target dates for 2021–22, and the actual results for the three most recent fiscal years for which actual results are available.

Departmental results Performance indicators Target Date to achieve target 2019-20 actual results 2020-21 actual results 2021-22 actual results
Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary All mandatory reviews are completed on an annual basis 100% completion of mandatory reviews 2021-22 Not applicable (N/A) N/A 100%
Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year At least one national security or intelligence activity is reviewed in at least five departments or agencies annually 2021-22 N/A N/A 100%
All Member-approved high priority national security or intelligence activities are reviewed over a three- year period 100% completion over three years; at least 33% completed each year 2021-22 N/A N/A 33%
National security-related complaints are independently investigated in a timely manner Percentage of investigations completed within NSIRA service standards 90% 2022-23 N/A N/A N/A

Note: NSIRA was created on July 12, 2019. Actual results for 2019–20 and 2020–21 are not available because the new Departmental Results Framework in the changeover from the Security Intelligence Review Committee to NSIRA was being developed. This new framework is for measuring and reporting on results achieved starting in 2021–22. In 2022–23, NSIRA will finalize the development of service standards for how long it takes to complete its investigations; the results will be included in the next Departmental Results Report.

Financial, human resources and performance information for NSIRA’s Program Inventory is available in GC InfoBase.

Budgetary financial resources (dollars)

The following table shows, for National Security and Intelligence Reviews and Complaints Investigations, budgetary spending for 2021–22, as well as actual spending for that year.

2021–22 Main Estimates 2021–22 Planned spending 2021–22 Total authorities available for use 2021–22 Actual spending (authorities used) 2021–22 Difference (Actual spending minus Planned spending)
12,047,835 12,047,835 11,688,292 7,394,642 (4,653,193)

Financial, human resources and performance information for NSIRA’s Program Inventory is available in GC InfoBase.

The variance between planned and actual spending is mainly due to recruitment challenges.

Human resources (full-time equivalents)

The following table shows, in full‑time equivalents, the human resources the department needed to fulfill this core responsibility for 2021–22.

2021–22 Planned full-time equivalents 2021–22 Actual full-time equivalents 2021–22 Difference (Actual full-time equivalents minus Planned full-time equivalents)
69 52 (17)

Financial, human resources and performance information for NSIRA’s Program Inventory is available in GC InfoBase.

Internal Services

Description

Internal services are those groups of related activities and resources that the federal government considers to be services in support of programs and/or required to meet corporate obligations of an organization. Internal services refers to the activities and resources of the 10 distinct service categories that support program delivery in the organization, regardless of the internal services delivery model in a department. The 10 service categories are:

  • Acquisition Management Services
  • Communication Services
  • Financial Management Services
  • Human Resources Management Services
  • Information Management Services
  • Information Technology Services
  • Legal Services
  • Material Management Services
  • Management and Oversight Services
  • Real Property Management Services

Results

The pandemic continued to have an impact on NSIRA operations and activities throughout the year. The NSIRA Secretariat’s first priority was the safety of the agency’s employees and, as a result, it responded quickly to lockdowns by communicating COVID-19 working protocols and implementing its own vaccination policy following the Government of Canada call for mandatory vaccination for its public service employees. Furthermore, NSIRA recognized that a modern and flexible approach to work was necessary for the conduct of its mandated activities during the pandemic. As a result, NSIRA developed an evergreen COVID-19 guide where employees and managers could turn for up-to-date references on COVID-19 and on flexible work arrangements.

In light of the current and planned growth in personnel and the pandemic physical distancing requirements, NSIRA’s success depended on increasing its access to secure office space to conduct work of a classified nature. In 2021, NSIRA was able to increase its footprint by opening a temporary office site. At the same time, the plans for a permanent NSIRA site were also completed; construction of additional secure office space began in April 2022.

During the fiscal year, NSIRA focused on assessing gaps in its security and information management practices. The conduct of an agency security governance and controls assessment led to the approval and implementation of the Agency Security Plan recommendations in September 2021. NSIRA also published a policy on information management to ensure that roles, responsibilities and expectations regarding information management were defined, communicated, understood and adhered to throughout the organization. Since information and information management are critical in the conduct of NSIRA’s mandate, the agency developed a new classification plan, established information retention plans and developed strategies for the destruction, storage, digitization, transport and transfer of information.

Budgetary financial resources (dollars)

The following table shows, for internal services, budgetary spending for 2021–22, as well as spending for that year.

2021–22 Main Estimates 2021–22 Planned spending 2021–22 Total authorities available for use 2021–22 Actual spending (authorities used) 2021–22 Difference (Actual spending minus Planned spending)
18,147,084 18,147,084 20,338,994 9,895,112 (8,251,972)

The difference of $8.3 million between planned and actual spending is mainly explained by the impacts of the pandemic on NSIRA’s ability to progress with its facilities fit-up and expansion plans, as well as on its planned spending on internal services infrastructure and systems.

Human resources (full-time equivalents)

The following table shows, in full‑time equivalents, the human resources the department needed to carry out its internal services for 2021–22.

2021–22 Planned full-time equivalents 2021–22 Actual full-time equivalents 2021–22 Difference (Actual full-time equivalents minus Planned full-time equivalents)
31 22 (9)

Spending

Spending 2019–20 to 2024–25

The following graph presents planned (voted and statutory spending) over time.

Departmental spending trend graph
2019-20 2020-21 2021-22 2022-23 2023-24 2024-25
Statutory 371,057 962,186 1,176,321 1,704,632 1,704,632 1,727,668
Voted 5,254,250 11,289,189 16,113,433 24,423,008 16,731,355 16,731,061
Total 0 5,625,250 12,251,375 30,194,919 26,127,640 18,435,987

The graph illustrates NSIRA’s spending trends over a six-year period from 2019–20 to 2024–25. Fiscal years 2019–20 to 2021–22 reflect actual expenditures as reported in the Public Accounts. Fiscal years 2022–23 to 2024–25 represent planned spending.

The increase in spending from 2019–20 to 2021–22 is mainly explained by the cost of additional resources hired by NSIRA over that period, by an increase in professional services costs, and by the start of facilities fit-up and expansion.

The overall difference between actual spending in 2021–22 and planned spending in 2022–23 is due to lower spending than planned on payroll and on facilities fit-up and expansion in 2021–22 as a result of the pandemic.

The difference between the peaks in spending authorities in 2022–23 and 2023–24 with the levelling of authorities in 2024–25 is due to the sunsetting of funding earmarked for the completion of facilities fit-up and expansion.

Budgetary performance summary for core responsibilities and internal services (dollars)

The “Budgetary performance summary for core responsibilities and internal services” table presents the budgetary financial resources allocated for NSIRA’s core responsibilities and for internal services.

Core responsibilities and Internal Services 2021-22 Main Estimates 2021-22 Planned spending 2022-23 Planned spending 2023-24 Planned spending 2021-22 Total authorities available for use 2019-20 Actual spending (authorities used) 2020-21 Actual spending (authorities used) 2021-22 Actual spending (authorities used)
National Security and Intelligence Reviews and Complaints Investigations 12,047,935 12,047,835 10,740,923 10,744,262 11,688,292 3,009,066 5,607,796 7,394,642
Subtotal 12,047,835 12,047,835 10,740,923 10,744,262 11,688,292 3,009,066 5,607,796 7,394,642
Internal Services 18,147,084 18,147,084 15,386,717 7,691,725 20,338,994 2,616,241 6,643,579 9,895,112
Total 30,194,919 30,194,919 26,127,640 18,435,987 32,027,286 5,625,307 12,251,375 17,289,754

Human resources

The “Human resources summary for core responsibilities and internal services” table presents the full-time equivalents (FTEs) allocated to each of NSIRA’s core responsibilities and to internal services.

Human resources summary for core responsibilities and internal services

Core responsibilities and Internal Services 2019-20 Actual full-time equivalents 2020-21 Actual full-time equivalents 2021-22 Planned full-time equivalents 2021-22 Actual full-time equivalents 2022-23 Planned full-time equivalents 2023-24 Planned full-time equivalents
National Security and Intelligence Reviews and Complaints Investigations 18 38 69 52 69 69
Subtotal 18 38 69 52 69 69
Internal Services 11 22 31 22 31 31
Total 29 60 100 74 100 100

Expenditures by vote

For information on NSIRA’s organizational voted and statutory expenditures, consult the Public Accounts of Canada 2021.

Government of Canada spending and activities

Information on the alignment of NSIRA’s spending with Government of Canada’s spending and activities is available in GC InfoBase.

Financial statements and financial statements highlights

Financial statements

NSIRA’s financial statements (unaudited) for the year ended March 31, 2022, are available on the departmental website.

Financial statement highlights

Condensed Statement of Operations (unaudited) for the year ended March 31, 2022 (dollars)
Financial information 2021-22 Planned results 2021-22 Actual results 2020-21 Actual results Difference (2021-22 Actual results minus 2021-22 Planned results) Difference (2021-22 Actual results minus 2020-21 Actual results)
Total expenses 28,235,300 16,164,825 11,662,601 (12,070,475) 4,502,224
Total revenues 0 0 0 0 0
Net cost of operations before government funding and transfers 28,235,300 16,164,825 11,662,601 (12,070,475) 4,502,224
Condensed Statement of Financial Position (unaudited) as of March 31, 2022 (dollars)
Financial information 2021-22 2020-21 Difference (2021-22 minus 2020-21)
Total net liabilities 2,004,002 2,050,302 (46,300)
Total net financial assets 1,329,006 1,577,964 (248,958)
Departmental net debt 674,996 472,338 202,658
Total non-financial assets 4,804,002 2,240,138 2,563,864
Departmental net financial position 4,129,006 1,767,800 2,361,206

The 2021–22 planned results information is provided in NSIRA’s Future-Oriented Statement of Operations and Notes 2021–22.

Corporate Information

Organizational profile

Appropriate minister: The Right Honourable Justin Trudeau, Prime Minister of Canada
Institutional head: John Davies, Executive Director
Ministerial portfolio: Privy Council Office
Enabling instrument: National Security and Intelligence Review Agency Act
Year of incorporation / commencement: 2019

Raison d’être, mandate and role: who we are and what we do

“Raison d’être, mandate and role: who we are and what we do” is available on NSIRA‘s website.

Operating context

Information on the operating context is available on NSIRA’s website.

Reporting framework

NSIRA’s Departmental Results Framework, with accompanying results and indicators, were under development in 2020–21. Additional information on key performance measures are included in the 2021–22 Departmental Plan.

Core Responsibility: National Security and Intelligence Reviews and Complaints Investigations
Departmental Results Framework Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary Indicator: All mandatory reviews are completed on an annual basis Internal Services
Indicator: Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year
Indicator: All Member-approved high priority national security or intelligence activities are reviewed over a three-year period
National security-related complaints are independently investigated in a timely manner Indicator: Percentage of investigations completed within NSIRA service standards
Program Inventory Program: National security and intelligence activity reviews and complaints investigations

Supporting information on the program inventory

Financial, human resources and performance information for NSIRA’s Program Inventory is available in GC InfoBase.

Supplementary information tables

The following supplementary information table is available on NSIRA’s website:

  • Gender-based analysis plus

Federal tax expenditures

The tax system can be used to achieve public policy objectives through the application of special measures such as low tax rates, exemptions, deductions, deferrals and credits. The Department of Finance Canada publishes cost estimates and projections for these measures each year in the Report on Federal Tax Expenditures. This report also provides detailed background information on tax expenditures, including descriptions, objectives, historical information and references to related federal spending programs. The tax measures presented in this report are the responsibility of the Minister of Finance.

Organizational contact information

National Security and Intelligence Review Agency
P.O. Box 2430, Station “D”
Ottawa, Ontario
K1P 5W5

Appendix: definitions

appropriation (crédit)

Any authority of Parliament to pay money out of the Consolidated Revenue Fund.

budgetary expenditures (dépenses budgétaires)

Operating and capital expenditures; transfer payments to other levels of government, organizations or individuals; and payments to Crown corporations.

core responsibility (responsabilité essentielle)

An enduring function or role performed by a department. The intentions of the department with respect to a core responsibility are reflected in one or more related departmental results that the department seeks to contribute to or influence.

Departmental Plan (plan ministériel)

A report on the plans and expected performance of an appropriated department over a 3‑year period. Departmental Plans are usually tabled in Parliament each spring.

departmental priority (priorité)

A plan or project that a department has chosen to focus and report on during the planning period. Priorities represent the things that are most important or what must be done first to support the achievement of the desired departmental results.

departmental result (résultat ministériel)

A consequence or outcome that a department seeks to achieve. A departmental result is often outside departments’ immediate control, but it should be influenced by program-level outcomes.

departmental result indicator (indicateur de résultat ministériel)

A quantitative measure of progress on a departmental result.

departmental results framework (cadre ministériel des résultats)

A framework that connects the department’s core responsibilities to its departmental results and departmental result indicators.

Departmental Results Report (rapport sur les résultats ministériels)

A report on a department’s actual accomplishments against the plans, priorities and expected results set out in the corresponding Departmental Plan.

experimentation (expérimentation)

The conducting of activities that seek to first explore, then test and compare the effects and impacts of policies and interventions in order to inform evidence-based decision-making, and improve outcomes for Canadians, by learning what works, for whom and in what circumstances. Experimentation is related to, but distinct from innovation (the trying of new things), because it involves a rigorous comparison of results. For example, using a new website to communicate with Canadians can be an innovation; systematically testing the new website against existing outreach tools or an old website to see which one leads to more engagement, is experimentation.

full‑time equivalent (équivalent temps plein)

A measure of the extent to which an employee represents a full person‑year charge against a departmental budget. For a particular position, the full‑time equivalent figure is the ratio of number of hours the person actually works divided by the standard number of hours set out in the person’s collective agreement.

gender-based analysis plus (GBA Plus) (analyse comparative entre les sexes plus [ACS Plus])

An analytical process used to assess how diverse groups of women, men and gender-diverse people experience policies, programs and services based on multiple factors including race ethnicity, religion, age, and mental or physical disability.

government-wide priorities (priorités pangouvernementales)

For the purpose of the 2020–21 Departmental Results Report, those high-level themes outlining the government’s agenda in the 2019 Speech from the Throne, namely: Fighting climate change; Strengthening the Middle Class; Walking the road of reconciliation; Keeping Canadians safe and healthy; and Positioning Canada for success in an uncertain world.

horizontal initiative (initiative horizontale)

An initiative where two or more federal organizations are given funding to pursue a shared outcome, often linked to a government priority.

non‑budgetary expenditures (dépenses non budgétaires)

Net outlays and receipts related to loans, investments and advances, which change the composition of the financial assets of the Government of Canada.

performance (rendement)

What an organization did with its resources to achieve its results, how well those results compare to what the organization intended to achieve, and how well lessons learned have been identified.

performance indicator (indicateur de rendement)

A qualitative or quantitative means of measuring an output or outcome, with the intention of gauging the performance of an organization, program, policy or initiative respecting expected results.

performance reporting (production de rapports sur le rendement)

The process of communicating evidence‑based performance information. Performance reporting supports decision making, accountability and transparency.

plan (plan)

The articulation of strategic choices, which provides information on how an organization intends to achieve its priorities and associated results. Generally, a plan will explain the logic behind the strategies chosen and tend to focus on actions that lead to the expected result.

planned spending (dépenses prévues)

For Departmental Plans and Departmental Results Reports, planned spending refers to those amounts presented in Main Estimates.

A department is expected to be aware of the authorities that it has sought and received. The determination of planned spending is a departmental responsibility, and departments must be able to defend the expenditure and accrual numbers presented in their Departmental Plans and Departmental Results Reports.

program (programme)

Individual or groups of services, activities or combinations thereof that are managed together within the department and focus on a specific set of outputs, outcomes or service levels.

program inventory (répertoire des programmes)

Identifies all the department’s programs and describes how resources are organized to contribute to the department’s core responsibilities and results.

result (résultat)

A consequence attributed, in part, to an organization, policy, program or initiative. Results are not within the control of a single organization, policy, program or initiative; instead they are within the area of the organization’s influence.

statutory expenditures (dépenses législatives)

Expenditures that Parliament has approved through legislation other than appropriation acts. The legislation sets out the purpose of the expenditures and the terms and conditions under which they may be made.

target (cible)

A measurable performance or success level that an organization, program or initiative plans to achieve within a specified time period. Targets can be either quantitative or qualitative.

voted expenditures (dépenses votées)

Expenditures that Parliament approves annually through an appropriation act. The vote wording becomes the governing conditions under which these expenditures may be made.

Share this page
Date Modified: