Review of Information Sharing Across Aspects of CSE’s Mandate

Completed Reviews

Review of Information Sharing Across Aspects of CSE’s Mandate

Table of Contents

Executive Summary
Authorities
Introduction
Background
1. What is IRTC?
2. Internal Sharing of IRTC at CSE
Findings and recommendations
1. Compliance with the CSE Act and the Privacy Act
Conclusion
Annexes

Date of Publishing:

January 25, 2024

This report has been modified slightly from the final version which was provided to the Minister. An error in the language of Finding 4, wherein two different versions were presented within the report and the summary, has been corrected for publication. The correct language was always represented in the body of the final report. The incorrect language has been replaced with the correct language for publication.

Executive Summary

(U) NSIRA examined whether CSE’s internal sharing of information relating to a Canadian or a person in Canada (IRTC) is consistent with the Privacy Act, which limits how collected personal information can be used by a federal institution, and the CSE Act, which applies to CSE’s incidental collection and use of IRTC. NSIRA concluded that from the descriptions of the aspects in sections 16 and 17 of the CSE Act, there may be instances where information acquired under one aspect can be used for the same, or a consistent purpose, as another. This would satisfy Privacy Act requirements for sharing information internally. However, this cannot simply be assumed as the purposes of the aspects differ within the CSE Act. CSE must conduct case-by- case compliance analysis that considers the purpose of the collection and sharing.

(U) NSIRA considers it necessary for the Chief of CSE’s application for a Ministerial Authorization to fully inform the Minister of how IRTC might be used and analysed by CSE, including the sharing of IRTC to another aspect, and for what purpose. With one exception, the Chief’s applications for the period of review appropriately informed the Minister of National Defence that retained IRTC might be used to support a different aspect. Moreover, the foreign intelligence applications appropriately informed the Minister how CSE assessed “essentiality” for IRTC collected under the FI aspect.

(U) Under CSE policy, an assessment of IRTC’s relevance, essentiality, or necessity to each aspect is required for sharing information across the aspects. CSE policy offers definitions and criteria for assessing and applying these thresholds to the information. NSIRA found that CSE’s policy framework with regards to the internal sharing of information between the foreign intelligence and cybersecurity aspects of the mandate is compliant with the CSE Act.

(U) The information provided by CSE has not been independently verified by NSIRA. Work is underway to establish effective policies and best practices for the independent verification of various kinds of information, in keeping with NSIRA’s commitment to a ‘trust but verify’ approach.

Authorities

(U) This review was conducted under the authority of paragraph 8(1)(a) of the National Security and Intelligence Review Agency Act (NSIRA Act).

Introduction

(U) This review examined the Communications Security Establishment’s (CSE) legal authority for sharing information obtained in the course of one aspect of its mandate (“aspect”) for the purposes of fulfilling another aspect of its mandate. Specifically, the review focused on internal information sharing within CSE between the foreign intelligence (FI), and the cybersecurity and information assurance (cybersecurity) aspects of its mandate. Broadly, this review also documented activities pertaining to the internal sharing of information relating to a Canadian or a person in Canada between the foreign intelligence and cybersecurity aspects, in order to inform future reviews by NSIRA.

(TS) The Office of the Communications Security Establishment Commissioner (OCSEC) previously studied the sharing of, and access to, cyber threat information between CSE’s SIGINT and IT Security Branches. OCSEC’s review found that CSE’s cyber threat information sharing and accessing activities between CSE’s SIGINT and IT Security were consistent with National Defence Act and Privacy Act authorities, and that information shared between the branches posed a minimal risk to the privacy of Canadians.

(U) With the coming into force of the CSE Act, on August 1, 2019, CSE’s legal authorities for conducting its activities have changed since OCSEC’s review. In light of this change of legal authority for CSE, NSIRA decided to re-assess and evaluate whether CSE’s internal information sharing activities between the FI and cybersecurity aspects are consistent with the CSE Act and the Privacy Act.

(U) NSIRA expects that CSE’s internal sharing of IRTC complies with the CSE Act and the Privacy Act. As such, the focus of this review was to examine the legal authority that allows for CSE to share IRTC between the FI and cybersecurity aspects.

(U) The Communications Security Establishment Act (CSE Act), creates five distinct aspects to CSE’s mandate. The CSE Act distinguishes between each aspect and its associated activities, as listed below: Foreign intelligence (FI) (section 16): to acquire information from the global information infrastructure (GII), and to use, analyse and disseminate the information for the purpose of providing foreign intelligence;

Foreign intelligence (FI) (section 16): to acquire information from the global information infrastructure (GII), and to use, analyse and disseminate the information for the purpose of providing foreign intelligence;
Cybersecurity and information assurance (cybersecurity) (section 17): to provide advice, guidance and services to help protect electronic information and information infrastructures of federal institutions or those designated under subsection 21(1) of the CSE Act, and to acquire, use and analyse information to do so;
Defensive cyber operations (section 18): to carry out activities on the GII to help protect electronic information and information infrastructures of federal institutions or those designated under subsection 21(1) of the CSE Act;
Active cyber operations (section 19): to carry out activities on the GII to degrade, disrupt, influence, respond to or interfere with the capabilities, intentions or activities of foreign entities; and
Technical and operational assistance (section 20): to provide technical and operational assistance to federal law enforcement, security agencies, the Canadian Armed Forces and the Department of National Defence.

(U) The CSE Act also distinguishes between the aspects by requiring different Ministerial Authorizations (MAs) for CSE’s activities, except for assistance activities (s. 20). Under the CSE Act, and with the exception of assistance activities, CSE’s activities must not be directed at a Canadian or any person in Canada, and must not infringe the Canadian Charter of Rights and Freedoms. Under the FI and cybersecurity aspects, CSE’s activities must not contravene any other Act of Parliament or involve the acquisition of information on or through the GII that interferes with the reasonable expectation of privacy of a Canadian or a person in Canada, unless carried out under a MA.

(U) The Minister of National Defence may issue a MA that permits CSE to conduct activities or classes of activities that may contravene any other Acts of Parliament, and, in the case of FI and cybersecurity, would involve the acquisition of information that would interfere with the reasonable expectation of privacy of a Canadian or a person in Canada. FI and cybersecurity MAs must be approved by the Intelligence Commissioner (IC), who must review whether the conclusions made by the Minister in issuing the authorization are reasonable.

(U) Thus, CSE is permitted to incidentally acquire information relating to a Canadian or a person in Canada in the course of carrying out activities that are authorized by an FI (s. 26(1)), cybersecurity (s. 27(1) or 27(2)), or emergency (s. 40) MA. CSE refers to this information as information relating to a Canadian or a person in Canada (IRTC). In order to issue an authorization, the Minister must be satisfied that CSE will only use, analyse or retain IRTC when it meets the “essentiality” conditions in section 34 of the CSE Act, which are different for the FI and cybersecurity aspects. For FI, “essentiality” means an assessment of whether the information is essential to international affairs, defence or security. For cybersecurity, “essentiality” means an assessment of whether the information is essential to identify, isolate, prevent or mitigate harm to (i) federal institutions’ electronic information or information infrastructures, or (ii) electronic information or information infrastructures designated under subsection 21(1) of the CSE Act.

(U) As the CSE Act distinguishes between the aspects and the corresponding MAs, NSIRA examined CSE’s legal authority for sharing IRTC between the FI and cybersecurity aspects.

(U) Due to operational and access-related challenges, including due to the COVID-19 pandemic, this review was not able to independently assess and verify CSE’s compliance with the law or compliance with the restrictions and authorities in place when internally sharing and using information between aspects. Additionally, NSIRA was not able to independently observe, investigate or validate the systems used when sharing data between aspects (consult Annex F for a description of processes and methods used by CSE to share information between the two aspects). These data sharing systems may be examined in future NSIRA reviews.

(U) NSIRA also intended to review the internal sharing of information with the active (ACO) and defensive (DCO) cyber operations aspects of CSE’s mandate, including compliance with the requirements in subsection 34(4) of the CSE Act on acquiring information while conducting ACO and DCO cyber operations. Among other things, this subsection stipulates that no information may be acquired pursuant to ACO and DCO authorizations unless done in accordance with an FI (CSE Act, s. 26(1)), cybersecurity (CSE Act, ss. 27(1) & 27(2)), or emergency (CSE Act, s. 40(1)) authorization. This facet of the review was instead covered in NSIRA’s review of CSE’s Active Cyber Operations and Defensive Cyber Operations – Governance, and will be further examined in NSIRA’s second review of ACO and DCO activities later in 2021.

(U) Importantly, this review did not examine the disclosure of Canadian identifying information (CII) outside of CSE.

Background

What is IRTC?

(U) While the CSE Act mentions IRTC several times, it is not clearly defined. In practice, IRTC is the information about Canadians or persons in Canada that may be incidentally collected by CSE while conducting FI or cybersecurity activities under the authority of an MA. According to CSE policy, IRTC is any information recognized as having reference to a Canadian or person in Canada, regardless of whether that information could be used to identify that Canadian or person in Canada.

(U) There is a distinction to be made between IRTC and Canadian identifying information (CII). For example, the CSE Act uses both IRTC and CII throughout the Act to describe types of information. Where IRTC is any information recognized as having reference to a Canadian or a person in Canada, CII is information that could be used to identify a Canadian or a person in Canada and that has been used, analyzed or retained under a FI or emergency authorization. CSE describes CII as a subset of IRTC. CII may be disclosed by CSE to designated persons under section 43 of the CSE Act.

(TS) In some circumstances, CSE policy allows for IRTC collected under the authority of one aspect to be shared for use under another aspect (see Annex D for a description of the other types of information that is shared between the FI and cybersecurity aspects). CSE policy permits FI to be used internally to fulfill cybersecurity requirements. Information retained under the cybersecurity aspect may be used by CSE personnel operating under the FI aspect, unless the information is subject to any conditions imposed on it by external clients or disclosing entities. According to CSE, sharing information across aspects of the mandate enables CSE to carry out its activities in support of Government of Canada priorities.

(TS) In the cybersecurity context, CSE explained that any IRTC shared internally in support of the FI aspect [redacted description of CSE operations]

(~~TS//SI~~) An example that CSE provided [redacted example of CSE operations]. Sharing this information across the aspects of the mandate enabled CSE to help protect GC information and information infrastructures as well as those of Systems of Importance (SOI), by identifying, isolating and mitigating the threat, and provided GC decision- makers with a comprehensive view of the foreign threats targeting Canada.

(TS) After reviewing a random selection of reports, in addition to receiving information by CSE and interviewing analysts familiar with working on both FI and cybersecurity, NSIRA learned that the IRTC shared between the FI and cybersecurity aspects generally included: [redacted list of operational utilized in the system]. CSE policy permits [redacted].

(U) CSE asserts that although IRTC is shared across the aspects, activities will not be directed at Canadians or persons in Canada. As previously mentioned, CSE must not direct its activities at a Canadian or any person in Canada.

Findings and recommendations

Compliance with the CSE Act and the Privacy Act

(S) The relevant statutes that apply to CSE’s internal information sharing are CSE’s enabling statute, the CSE Act, and the Privacy Act. The CSE Act does not provide a clear authority to share IRTC between the aspects. Likewise, the CSE Act disclosure provisions for CII in sections 43–45 do not prima facie contemplate internal sharing of IRTC, as to disclose information under these provisions, the Minister would need to authorize CSE to collect and disclose CII to itself. Additionally, CSE is not a designated entity under section 45 of the CSE Act for the purposes of receiving disclosed information under sections 43 and 44.

(U) IRTC could constitute personal information as defined in section 3 of the Privacy Act, which is information about an identifiable individual that is recorded in any form. For example, Canadian IP addresses, may constitute both IRTC for the purposes of the CSE Act and personal information under the Privacy Act. Pursuant to section 4 of the Privacy Act, the collection of personal information must relate directly to an operating program or activity of the institution, which includes CSE’s mandated activities in the CSE Act.

(U) The Privacy Act also requires that personal information be used and disclosed in manner consistent with sections 7 and 8 of the Privacy Act. For reference, Section 7 of the Privacy Act states:

Personal information under the control of a government institution shall not, without the consent of the individual to whom it relates, be used by the institution except

For the purpose for which the information was obtained or compiled by the institution or for a use consistent with that purpose; or
For a purpose for which the information may be disclosed to the institution under subsection 8(2).

(U) NSIRA examined whether CSE’s internal sharing of IRTC is consistent with the Privacy Act, which limits how collected personal information can be used by a federal institution. NSIRA concluded that in some circumstances, as described later in the report, internal sharing of IRTC that constitutes personal information between the FI and cybersecurity aspects might satisfy Privacy Act requirements. This compliance assessment requires a case-by-case analysis.

CSE Directorate of Legal Services’ (DLS) Legal Analysis

(~~Protected B//Solicitor-Client Privilege~~) NSIRA examined CSE DLS’s legal analysis, provided by Department of Justice (DOJ) lawyers, [redacted legal opinion or advice].

(~~Protected B//Solicitor-Client Privilege~~) In DOJ’s opinion, [redacted legal opinion or advice].

(~~Protected B//Solicitor-Client Privilege~~) According to DOJ, [redacted legal opinion or advice].

Compliance with the Privacy Act

(U) NSIRA observes that, in assessing compliance with section 7 of the Privacy Act, CSE emphasizes compliance with paragraphs 34(2)(c) and 34(3)(d) of the CSE Act to support the internal sharing of personal information across the various aspects of the mandate.

(U) As noted, section 7 of the Privacy Act requires that personal information under the control of a government institution shall not be used without the consent of an individual, except for two purposes: (1) the purpose for which it was obtained, or for a use consistent with that purpose; or (2) for a purpose for which the information may be disclosed to the institution under subsection 8(2) of the Act. Importantly, a use of information need not be identical to the purpose for which information was obtained; it must only be consistent with that purpose.

(U) CSE’s reliance on section 34 of the CSE Act poses a challenge for compliance with the Privacy Act because section 34 does not identify the actual purpose of the incidental collection of the IRTC, or provide an authority for internal sharing. Rather, section 34 conditions the Minister’s authority to issue an MA on prerequisites. Paragraphs 34(2)(c) and 34(3)(d) of the CSE Act specify that the Minister must be satisfied that the privacy protection measures in section 24 of the Act will ensure that IRTC will be used, analysed, and retained only if it complies with the respective essentiality requirements for FI and cybersecurity, as the case may be. These conditions establish a required threshold for the use, analysis and retention of IRTC collected under a MA, and not an authority for internal sharing of IRTC.

(U) Depending on the factual circumstances in which the IRTC is shared, CSE’s sharing of IRTC that constitutes personal information between the FI and cybersecurity aspects could be supported by the CSE Act and the Privacy Act when the information is shared for the purpose for which it was obtained, or for a use consistent with that purpose. This would require a case-by- case assessment to ensure that the purpose for which the IRTC is shared internally is for the same purpose for which it was collected, a purpose consistent with that original purpose for collection, or as permitted by section 7(b), that the sharing is permitted for one of the reasons identified by Parliament in subsection 8(2) of the Privacy Act. As mentioned, CSE does not consider internal sharing a disclosure of information. NSIRA notes that the issue of whether internal sharing in this way constitutes a “use” or a “disclosure”, under the Privacy Act is unclear. Regardless, NSIRA observes that in relying solely on the “essentiality” criteria in section 34, CSE is not assuring itself that it has lawful authority for internal sharing.

(U) A justification under section 7(a) or paragraph 8(2)(a) of the Privacy Act requires CSE to identify the purpose of the incidental collection and internal sharing, which is found in the corresponding aspect of CSE’s mandate. CSE’s purpose for collecting, and authority to collect, personal information comes from the CSE Act. Sections 16 and 17 of the Act identify FI and cybersecurity as operating programs and activities of the institution, and provide the authority to collect information for those purposes. As noted, MAs must authorize collection when activities might contravene any other Act of Parliament, or involve the acquisition of information from or through the GII that interferes with a reasonable expectation of privacy of a Canadian or a person in Canada. From the descriptions of the aspects in sections 16 and 17 of the CSE Act, there may be instances where information acquired under one aspect can be used for the same, or a consistent purpose, as exists for another, thus satisfying Privacy Act requirements for sharing information internally. However, this cannot simply be assumed as the purposes of the aspects are described differently within the Act.

(U) Section 16 of the CSE Act authorizes CSE to acquire information from or through the GII, and to use, analyse and disseminate the information for the purpose of providing foreign intelligence in accordance with Government of Canada (GC) priorities. Section 17 of the CSE Act, in turn, authorizes CSE to provide advice, guidance and services to help protect the electronic information or information infrastructures of federal institutions and designated systems of importance, and to acquire, use and analyse information, from the GII or from other sources, in order to provide such advice, guidance and services.

(~~TS//SI~~) When sharing FI-acquired IRTC to support CSE’s cybersecurity aspect, there is arguably no shift in purpose if cybersecurity is among the purposes for which the FI is obtained, used, analysed and disseminated. For the period of this review, [redacted related to GC priorities]. Sharing FI information to fulfill CSE’s section 17 cybersecurity objectives of providing advice, guidance and services to help protect federal and designated electronic information and infrastructures could be considered as the same purpose, or consistent with the purpose, for which the IRTC was originally obtained. Where the FI is used in the section 17 aspect to protect federal and designated electronic information and infrastructures, the purpose of collection and the subsequent use of that information could remain the same.

(U) For cybersecurity-acquired IRTC, sharing information to the FI aspect could be permissible if the FI purpose is the same as, or consistent with, the purpose for which the information was initially acquired, i.e., for the purpose of providing advice, guidance and services to help protect federal and designated information infrastructures or electronic information. Thus, sharing cybersecurity IRTC to the FI aspect would be permissible under the Privacy Act if the internal sharing ultimately serves the purpose of helping to protect federal and designated information infrastructures or electronic information.

(U) In sum, if the purpose of CSE’s acquisition of personal information is for the purpose of, or consistent with, delivering on the foreign intelligence and/or cybersecurity aspects, CSE’s internal sharing of IRTC can be consistent with section 7(a) or paragraph 8(2)(a) of the Privacy Act, provided that purpose of the information collection and sharing is identified and justified. CSE must also always satisfy any conditions from the CSE Act and relevant MAs on the collection and use of IRTC. To support internal sharing of personal information between the aspects, further analysis is required based on the factual circumstances of each case.

Finding no. 1: CSE’s internal sharing of information between the FI and cybersecurity aspects of the mandate has not been sufficiently examined for compliance with the Privacy Act.

Recommendation no. 1: CSE should obtain additional legal advice on its internal sharing of information between the foreign intelligence and cybersecurity aspects of the mandate, explicitly in relation to compliance with the Privacy Act, which thoroughly addresses the following two issues:

Whether the internal sharing of information between the foreign intelligence and cybersecurity aspects of the mandate is a use or a disclosure of information for the purposes of the Privacy Act; and
Whether uses and disclosures are done in accordance with sections 7 and 8 of the Privacy Act.

The Ministerial Authorizations

(U) The CSE Act does not allow the Minister to authorize internal sharing of IRTC, as MAs may only authorize, in the case of FI, the activities or classes of activities listed in subsection 26(2), or for cybersecurity, access and acquisition of the information referred to in subsections 27(1) and 27(2). Any internal sharing of IRTC that constitutes personal information must be done in accordance with the Privacy Act.

(U) As mentioned, section 24 of the CSE Act requires CSE to have measures in place to protect the privacy of Canadians and of persons in Canada in the use, analysis, retention and disclosure of IRTC. When issuing a MA, the Minister must conclude that these measures will ensure that any acquired IRTC will only be used, analysed or retained if it meets the essentiality thresholds in paragraphs 34(2)(c) or 34(3)(d). The Minister may issue these authorizations if they are of the view that such activities would be “reasonable and proportionate, having regard to the nature of the objective to be achieved and the nature of the activities.” As the Minister considers the reasonableness of the activities proposed against either an FI or cybersecurity purpose, it is conceivable that some activities might be reasonable and proportionate in one context, but not in the other. As activities authorized under subsection 26(2) might acquire a broader range of information than what is contemplated in subsections 27(1) and 27(2), the sharing of FI to cybersecurity might allow for CSE to use more information for a cybersecurity purpose than what is permitted under cybersecurity authorizations alone, and may require different privacy protection measures when using such information.

(U) To issue an MA, the Chief of CSE must set out the facts in an application that would allow the Minister to conclude that there are reasonable grounds to believe that the authorization is necessary, and that the conditions for issuing it are met. NSIRA considers it necessary for the Chief’s application to fully inform the Minister of how IRTC might be used and analysed by CSE, including the sharing of IRTC to another aspect, and for what purpose. This information would also allow for the Minister to make a determination under section 35 whether any other terms, conditions, or restrictions are advisable to protect the privacy of Canadians when issuing a FI or cybersecurity authorization.

(~~TS//SI~~) For the authorizations issued during 2020, most of the Chief of CSE’s applications indicated that collected and retained information might be used under a different aspect, while the text of most of the corresponding MAs did not mention use under a different aspect. This situation was reversed in one instance: [redacted example of CSE operations].

(~~TS//SI~~) Moreover, the 2020 FI applications and authorizations indicate that in order to meet the essentiality condition for retention of IRTC under subsection 34(2)(c) of the CSE Act, IRTC will be retained if it is assessed as essential to cybersecurity. In these instances, cybersecurity is included under the concept of “essential to security”, thus providing the Minister with additional context as to how the essentiality conditions are assessed and met by CSE. NSIRA considers this information necessary for the Minister to assess whether the conditions listed in section 34 of the CSE Act for issuing the authorization are met.

Finding no. 2: With one exception, the Chief of CSE’s applications for Ministerial Authorizations issued in 2020 informed the Minister of National Defence that retained information might be used to support a different aspect.

Finding no. 3: The applications for foreign intelligence authorizations by the Chief of CSE for the period of review appropriately informed the Minister of National Defence how the essentiality condition in paragraph 34(2)(c) is met for IRTC collected under the FI aspect.

Recommendation no. 2: All foreign intelligence and cybersecurity applications from the Chief of CSE should appropriately inform the Minister of National Defence that retained information might be used to support a different aspect.

Assessment of Essentiality, Necessity, and Relevancy

(U) Under CSE policy, an assessment of IRTC’s relevance, essentiality, or necessity to each aspect is required for sharing information across the aspects (see Annex G for CSE’s policy thresholds and definitions used to assess IRTC when shared between the aspects). These terms come from the CSE Act, but are not defined in the Act. CSE policy offers definitions and criteria for assessing and applying these thresholds to the information. NSIRA did not assess these policy thresholds or definitions for lawfulness, or how these requirements are satisfied by CSE when internally sharing IRTC. This may be examined in future reviews.

(TS) CSE policy also sets forth the criteria by which to authorize the sharing of IRTC across aspects (see Annex E for the approval processes at CSE for sharing information). Before any IRTC may be shared across aspects of the mandate, the information must be assessed for essentiality to the aspect for which it was acquired. If it does not pass this initial essentiality threshold, the information must be deleted.

(~~Protected B//Solicitor-Client Privilege~~) According to CSE, [redacted legal opinion or advice]

(U) NSIRA agrees that the CSE Act does not require that internally shared IRTC between the FI and cybersecurity aspects meet both of the essentiality conditions of paragraphs 34(2)(c) and 34(3)(d) of the CSE Act. Subsections 22(3) and 22(4) of the CSE Act require an FI or cybersecurity MA when the activities carried out in furtherance of either aspect involve acquiring information from the GII that may interfere with a reasonable expectation of privacy, or for activities that might contravene an Act of Parliament. MAs may only authorize the activities or classes of activities listed in subsection 26(2) for FI, or to access information infrastructures and acquire the information referred to in subsections 27(1) and 27(2). As mentioned, the “essentiality” thresholds in section 34 condition the Minister’s authority to issue an MA on the prerequisite of the privacy protection measures in section 24. Such a requirement can be understood as applying to use, analysis and retention of IRTC collected by CSE under the authority of a MA and within the confines of a single aspect. Therefore, there is no legal requirement within the CSE Act that CSE observe the essentiality threshold of the aspect of which the IRTC is internally shared. IRTC must only meet the original essentiality condition of either paragraph 34(2)(c) or 34(3)(d) when IRTC is acquired, as required by the MA authorizing its actual incidental collection.

Finding no. 4: CSE’s position that they do not need to assess “essentiality” twice when sharing information between the foreign intelligence and cybersecurity aspects of the mandate is compliant with paragraphs 34(2)(c) and 34(3)(d) of the CSE Act.

Conclusion

(U) As the CSE Act distinguishes between the aspects and the corresponding MAs, NSIRA examined CSE’s legal authority for sharing IRTC between the FI and cybersecurity aspects of its mandate. NSIRA concludes that internal sharing may be consistent with the Privacy Act in some circumstances. However, CSE must give further consideration to the purpose of the collection of the IRTC to justify any internal sharing of IRTC.

(U) This review also established a foundational understanding of some of the processes, systems, and compliance measures applied by CSE when sharing IRTC across aspects. Although NSIRA was not able to independently verify this information, NSIRA intends to build upon this information in future reviews.

Annexes

ANNEX A: Objectives, Scope, and Methodology

(U) Initially, NSIRA intended to examine the internal sharing of IRTC between aspects of CSE’s mandate in a thematic manner that covered several operational areas and several aspects. The review intended to examine the sharing of information between aspects of CSE’s mandate for the period of August 1, 2019 to August 1, 2020, with the objective to independently assess and evaluate:

Compliance with legal, ministerial, and policy requirements, including adequate management of compliance risks when conducting information sharing activities between aspects of CSE’s mandate; and,

CSE’s policies, procedures and practices on the internal sharing of information between aspects of the mandate.

(U) Due to operational realities, including COVID-19 related disruptions and access challenges, the objectives, scope, and methodology of this review were significantly reduced from the original Terms of Reference (sent to CSE on August 28, 2020), to focus mainly on the legal authority for sharing of information between the FI and cybersecurity aspects.

(U) For this review, NSIRA examined documents and records relevant to the sharing of information between aspects of CSE’s mandate, from the coming into force of the CSE Act on August 1, 2019, until August 1, 2020.

(U) Two interviews were conducted with CSE employees involved with information sharing across CSE’s aspects, and an interview was conducted with a Department of Justice lawyer in CSE’s Directorate of Legal Services familiar with the legal framework of such activities.

(U) NSIRA also completed a foundational description of some of the processes, systems, and compliance measures in place when sharing such information, in order to establish a baseline of knowledge to inform future reviews.

ANNEX B: Meetings and Briefings

Briefing. “Information Sharing: Sharing information for use across aspects of the CSE Mandate”, NSIRA Briefing, February 7, 2020.

NSIRA meeting with counsel from the Department of Justice at CSE DLS, October 13, 2020.

NSIRA meeting with CSE analysts, October 20, 2020.

ANNEX C: Findings and Recommendations

Finding no. 1: CSE’s internal sharing of information between the FI and cybersecurity aspects of the mandate has not been sufficiently examined for compliance with the Privacy Act.

Whether the internal sharing of information between the foreign intelligence and cybersecurity aspects of the mandate is a use or a disclosure of information for the purposes of the Privacy Act; and
Whether uses and disclosures are done in accordance with sections 7 and 8 of the Privacy Act.

Finding no. 2: With one exception, the Chief of CSE’s applications for Ministerial Authorizations issued in 2020 appropriately informed the Minister of National Defence that retained information might be used to support a different aspect.

ANNEX D: Partner and client information and publicly available information shared between the fi and cybersecurity aspects

(~~Protected B~~) Under the cybersecurity aspect, federal and non-federal clients may disclose cyber threat information to CSE as Canada’s lead agency for cybersecurity, or when seeking CSE services to analyse and mitigate known or suspected cyber incidents. Disclosed information may be used for FI purposes provided that it is done so for the purposes of identifying, isolating, preventing or mitigating harm to federal systems or systems of importance to the GC.

(~~Protected B~~) The documentation that governs CSE’s arrangements with GC and non- federal clients specifies that information obtained by CSE from a given client’s network or system that is relevant to the cybersecurity aspect may be shared with partners [redacted CSE operational information] or internal partners for GC clients) involved in cybersecurity for the purposes of identifying, isolating, preventing or mitigating harm to federal systems or systems of importance to the GC. However, this type of documentation does not explicitly mention that clients’ information might be used for FI purposes. For the purposes of obtaining the informed consent of disclosing entities, NSIRA considers it appropriate for CSE to be fully transparent with how clients’ information might be used by CSE.

(~~Protected B~~) When client information is shared with [redacted CSE operational information] partners, the information is anonymized and identifiable information is omitted. Any releasable cybersecurity products created from client information must only contain information necessary to mitigate a cyber compromise. Additionally, disclosing entities may also impose specific restrictions on the use and sharing of their data at the time of disclosure.

(TS) As per subsection 21(1) of the CSE Act, CSE is permitted to acquire and use publicly available information without seeking a MA. Currently, [redacted related to legal opinion or advice].

(~~TS//SI~~) The appropriate approval authority for sharing information is outlined in CSE internal policy, where the nature of the information dictates the release authority. CSE policy requires management approval (known as the release authorities) before sharing unsuppressed IRTC between aspects. However, policy does not stipulate the actual process for approval; this is determined by the relevant operational areas in accordance with their business practices. The Mission Policy Suite (MPS) requires all management decisions to be documented and retained in a central repository for transparency and accountability purposes. Those records must be accessible for review purposes. However, for this review, NSIRA was unable to independently verify and assess the approval process for internally shared IRTC.

(TS) Generally, CSE requires management approval for sharing information contained within a report for use across aspects of the mandate, and will elevate the appropriate release authority when the information contains IRTC. The appropriate release authority and conditions for release are outlined in policy (discussed below). The release authority is responsible for the information exchange, and must be informed if any changes are made to the data that result in a change in the type of privacy-related information to be shared.

(TS) Automated sharing techniques [redacted related to GC priorities].

Cybersecurity IRTC to Foreign Intelligence

(U) Retained IRTC under the cybersecurity aspect can be shared to FI as a Releasable Cybersecurity Product (RCP), which must meet the requirements listed below. The release authority is determined by the privacy impact that the release of information may have on an individual or entity, which is in turn determined by the level of sensitivity and privacy impact of the IRTC. Depending on the level of sensitivity of the IRTC, operational managers or supervisors from the Canadian Centre for Cyber Security (CCCS, or Cyber Centre) must approve RCPs containing IRTC.

(U) The requirements for a RCP as per CSE policy include the following:

Requirement	When and How the Requirement is Applied
Purpose is to provide advice, guidance, and services	At the time of sharing – why am I sharing this information?
Product only contains retained information	The decision to use and retain information is made at the time the raw data is assessed for relevance and necessity (and in the case of IRTC, essentiality) to the cybersecurity aspect of the mandate.
Privacy Protection	At the time of sharing, as appropriate (e.g., being shared back with the system owner/administrator who already has access to the information on their own systems; or to a broader audience with strict limits on the use of the information). No suppression is required if the IRTC is shared for use under the FI aspect of the mandate when the sharing is for the purposes of supporting activities to help protect the electronic information and information infrastructures of the GC or SOI to the GC
Classification and limitations on use and handling	Either at the time of sharing, or applied at a later stage to the onward use and dissemination of the information by FI. Can include pre-approved uses and conditions, as well as limitations placed by the data/system owner if applicable. Can be applied by report-authoring platforms to End Product Reports (EPRs), restrict the use and dissemination of CSE information.
Auditable	At the time of acquisition, applied automatically by CSE systems. All data entering CSE is automatically tagged with a unique identifier, as well as information regarding origin (e.g., MA vs non-MA, disclosing client if applicable etc.), access restrictions if applicable, aspect of the mandate under which the data was acquired, date and time of acquisition, use and handling requirements.
Approved for release	At the time of sharing. The approval authority depends on the nature of the information. See table in s. 25.2 in the MPS cybersecurity chapter.

Foreign Intelligence IRTC to Cybersecurity

(TS) IRTC under the FI aspect can be released to CCCS as a Releasable SIGINT Product (RSP). RSPs that contain information with a recognized Canadian privacy interest, or based on material with a Canadian privacy interest, require DC SIGINT approval for release, which can be delegated.

(TS) In order to create a RSP to share information for use under the cybersecurity aspect, the following table summarizes how the criteria required in policy must be met:

Requirement	When and How the Requirement is Applied
Information is relevant to FI	At the time of assessment. Must be met prior to use.
Privacy protection e.g., suppression of IRTC	At the time of sharing, if necessary. Suppression is mandatory for IRTC included in an EPR shared outside CSE. CCCS clients that receive these EPRs may request this CII through the regular Action-On process. Otherwise, no suppression required if IRTC is necessary for cybersecurity purposes, but other measures to protect privacy are used, for example, restricting the audience for the information.
Sanitization	Either at the time of sharing, or to be applied if/when cybersecurity use requires the information be sanitized to protect CSE equities.
Serialization	At the time of acquisition, applied automatically by CSE systems. All data entering CSE is automatically tagged with a unique identifier, as well as information regarding origin [redacted example of CSE operations] access restrictions if applicable, aspect of the mandate under which the data was acquired, date and time of acquisition, use and handling requirements.
Caveats	Either at the time of sharing, or applied at a later stage to the onward use and dissemination of the information by cybersecurity. Can include pre- approved actions-on. Automatically applied by report-authoring platforms to EPRs, limit the use and dissemination of CSE information.
Approved for release	At the time of sharing. The approval authority depends on the nature of the information. See table in s. 27.8 of MPS FI chapter.

(TS) Internal sharing of information between the aspects is subject to CSE internal review, for both automated sharing and data-based queries. SIGINT Compliance, the group responsible for internal compliance activities under the FI aspect, reviewed CSE-originated queries for 2019 and 2020, and found that query activity was complaint. The CCCS’ Internal Program for Operational Compliance (IPOC) did not prioritize compliance monitoring reviews for the past two fiscal years in order to monitor other activities that posed a higher-risk to compliance.

(TS) Automated sharing techniques are also subject to review. SIGINT Compliance is required to revalidate all instances of automated sharing between the FI and cybersecurity aspects every 12 months. The most recent review for the period of July 2019 to September 2020 found that the [redacted number] of automated sharing were compliant with policy requirements, except for [redacted number] that CSE was unable to assess.

(TS) This section describes the methods and processes used by CSE to share information between the FI and cybersecurity aspects. There is a multitude of systems, methods, and processes that enable information sharing between these aspects, both suppressed and unsuppressed. Note that the processes described below are not static, and that CSE’s systems, methods, and processes can change anytime.

(TS) Generally, access to information for each aspect is restricted by [redacted related to legal opinion or advice]

(TS//SI) For examples, [redacted description of CSE operations].

(U) As required by section 24 of the CSE Act, CSE must have measures in place to protect the privacy of Canadians and persons in Canada in the use of information related to them acquired in furtherance of the FI or cybersecurity aspects.

(TS) Suppression and minimization of IRTC is not required by CSE policy when sharing information internally; it is a default practice to share IRTC unsuppressed across the FI and cybersecurity aspects. According to CSE, although not mandated by policy, analysts are encouraged to anonymize or remove privacy-related information where it is not essential for the person using the information to understand the context and value. CSE recognizes that suppression and minimization are a best effort practice, and is of the opinion that CSE is not in contravention of the law should suppression, minimization, anonymization not occur when sharing information between the aspects.

Cross-Aspect Access to both SIGINT and Cyber Centre Raw Data

(TS) When accessing data from another aspect that is not within a reporting product (i.e., RSPs or RCPs), analysts are subject to the policy requirements of the data they are accessing.

(~~TS//SI~~) Under the FI aspect, [redacted description of CSE operations].

(~~TS//SI~~) For examples, [redacted description of CSE].

(~~TS//SI~~) While analysing raw FI data, Cyber Centre personnel must follow all applicable foreign intelligence authorities and policy requirements. The use, handling, and retention of this information is further subject to any restrictions applied to the foreign intelligence data.

(~~TS//SI~~) SIGINT personnel may access and use Cyber Centre systems if they meet the requirements in section 26.1 of the MPS Cybersecurity. Access to Cyber Centre systems and raw cybersecurity data is similarly restricted [redacted] to individuals with an operational need-to-know and mandatory annual policy and compliance training and knowledge testing. [description of CSE operations].

Reporting – RCPs and RSPs

(U) Retained information is internally shared through formal reporting processes in the form of either RSPs, which includes EPRs, or RCPs.

(~~TS//SI~~) Cyber Centre personnel operating under cybersecurity requirements may also be internal clients without access to raw FI data. Foreign intelligence information is shared to some cybersecurity personnel as an RSP, meaning that the information has met the requirements for release in CSE policy, including suppression and approval, and is subject to any restrictions on the intelligence data. For the period of review, there [redacted number] RSPs approved for release from the FI aspect that were made available to personnel operating under the cybersecurity aspect.

(~~TS//SI~~) Cybersecurity information can be reported and released to SIGINT personnel for subsequent use under the FI aspect via RCPs. Information released through RCPs must meet the requirements for release within CSE policy, and the use must be consistent with the cybersecurity aspect of CSE’s mandate and used for a subsequent use related to relevant GC priorities. For the period of review, [redacted number] RCPs were disseminated to authorized recipients in SIGINT.

Receiving Suppressed Identifiers from Reporting

(TS) Suppressed IRTC in EPRs disseminated through SLINGSHOT can be requested by internal CSE clients through the existing CII external disclosures process. This is the only mechanism by which suppressed identities can be accessed and released. Supressed IRTC can be requested by submitting a request to the Action-On team (D2A). The requestor must provide the legal authority and operational justification to receive the unsuppressed information. Between August 1, 2019 and August 1, 2020, [redacted description of CSE operations].

(TS) Although the mechanism for releasing this information is the same as the external disclosures process, it is not considered a “disclosure” of information but an internal “use” of information. As such, the disclosure regime requirements of sections 43 to 46 of the CSE Act do not need to be met in order for supressed information to be released to internal CSE clients.

Joint-Reporting

(~~TS//SI~~) Information may also be shared between the foreign intelligence and cybersecurity aspects for the purposes of disseminating foreign intelligence under cybersecurity authorities. This foreign intelligence information must first be used for foreign intelligence purposes, and then may be shared to CCCS personnel use under the cybersecurity aspect and only then released under their authorities.

(~~TS//SI~~) Approval for sharing of foreign intelligence information under the cybersecurity aspect of the mandate must abide by the appropriate release approval authorities for both aspects. [redacted description of CSE operations]

(TS) Automated sharing is defined in CSE policy as “the use of automated techniques or processes to expedite the dissemination of [redacted releasable reporting products]”.

(~~TS//SI~~) There are various automated feeds used at CSE to exchange information between the aspects. [redacted description of CSE operations].

(~~TS//SI~~) [redacted description of CSE operations and systems]

(~~TS//SI~~) [redacted]

(~~TS//SI~~) [redacted description of CSE operations and systems]

(TS) More informal methods of information exchange may occur between the two aspects. As CSE teams work closely together, analysts might gain knowledge of information that can be useful for either aspect of the mandate. Analysts may exchange general knowledge without any formal reporting. CSE policy provides for analytic exchanges whereby analysts may engage with partners working under a different aspect to work on common objectives by exchanging information. However, any data exchange must meet the requirements of issuing a RCP or RSP, although the data need not be released through the formal product dissemination systems.

(U) Generally, CSE policy provides that IRTC may be shared internally according to the thresholds outlined below. As mentioned, NSIRA did not assess these thresholds or definitions for lawfulness, but may do so in future reviews. Additionally, NSIRA did not assess how these policy requirements are satisfied in practice.

Foreign Intelligence Aspect to Cybersecurity Aspect

(TS) Under the FI aspect, IRTC must be essential and relevant to the FI aspect prior to sharing, as per the essentiality condition in 34(2)(c) of the CSE Act. According to CSE policy, the information must be considered essential to international affairs, defence or security, including cybersecurity. Essential is not defined in CSE policy, though policy provides criteria by which to assess the IRTC as it relates to protecting the lives or safety of individuals, or to serious criminal activity relating to the security of Canada.

(TS) To share FI IRTC information for use under the cybersecurity aspect of the mandate, the IRTC information must be relevant to the cybersecurity aspect. IRTC must further be assessed for necessity to the cybersecurity aspect, meaning whether the information is necessary to help protect GC systems and designated systems of importance. It is a policy decision to apply the threshold of necessity from subsection 44(1) of the CSE Act.

(TS) CSE policy requires the standard of necessity, [redacted description of CSE operations]. This information is necessary to fulfill the cybersecurity mandate as it enables activities that protect GC systems and designated SOIs (such as by blocking traffic). However, the identifiable individual or entity is not the focus of the activity.¹⁰⁴ Therefore, CSE is of the opinion that since there is a lower risk to the reasonable expectation of privacy of the individual in the cybersecurity context, the threshold of necessity is sufficient for sharing FI-acquired IRTC to the cybersecurity aspect.

Cybersecurity Aspect to Foreign Intelligence aspect

(~~TS//SI~~) Under the cybersecurity aspect, IRTC acquired under a MA must be both relevant and essential prior to sharing, as per the essentiality condition under paragraph 34(3)(d) of the CSE Act. In CSE policy, IRTC is considered essential when without the information, CSE would be unable to protect federal systems or SOIs and the electronic information on those systems. However, non-MA acquired IRTC, such as client information, must only be necessary.

(TS) The shared IRTC is also assessed for essentiality to the FI aspect (that is, essential to international affairs, defence or security), for both MA and non-MA cybersecurity information. It is a policy decision to further assess cybersecurity-acquired IRTC for essentiality under the FI criteria, [redacted description of CSE operations].

(~~TS//SI~~) As explained by CSE, the cybersecurity-acquired IRTC shared internally in support of the FI aspect is for the purposes of protecting federal institutions or SOIs and the electronic information they contain. This IRTC is used to identify foreign threats to Canadian systems, which aligns with the [redacted related to GC priorities].

Figure: Process Diagram of Internal Sharing of IRTC at CSE

Date Modified:: 2024-02-05

Review of Information Sharing Across Aspects of CSE’s Mandate – CSE Responses

Responses

Review of Information Sharing Across Aspects of CSE’s Mandate – CSE Responses

Recommendation	CSE Response
NSIRA Recommendation 1: CSE should obtain additional legal advice on its internal sharing of information between the foreign intelligence and cybersecurity aspects of the mandate, explicitly in relation to compliance with the Privacy Act. which thoroughly addresses the following two issues: Whether the internal sharing of information between the foreign intelligence and cybersecurity aspects of the mandate is a use or a disclosure of information for the purposes of the Privacy Act: and Whether uses and disclosures a re done in accordance with sections 7 and 8 of the Privacy Act.	CSE Response: Disagree. CSE does not accept recommendation 1. CSE has already received comprehensive and clear legal advice on this matter from the Department of Justice and has relied on that advice in the conductof its activities (which NSIRA has found lawful).
NSIRA Recommendation 2: All foreign intelligence and cyber security applications from the Chief of CSE should appropriately inform the Minister of National Defence that retained information might be used to support a different aspect.	CSE Response:CSE has already implemented the recommended action. CSE notes that it had and continues to inform the Minister a bout the use of information for other aspects of its mandate. Applications for all foreign intelligence and cybersecurity Ministerial Authorizations in 2021-2022 included wording to clearly reflect that information collected under one aspect of CSE’s mandate could be used to support a different aspect.

Date Modified:: 2024-01-25

Review of Global Affairs Canada’s Global Security Reporting Program

Completed Reviews

Review of Global Affairs Canada’s Global Security Reporting Program

Backgrounder

This review focused on Global Affairs Canada’s (GAC) Global Security Reporting Program (GSRP, or the Program). The review was selected given that the GSRP is a key component to GAC’s security and intelligence footprint overseas, with approximately thirty officers posted around the world dedicated and funded to collect overt security-related information. GSRP clients have reported that the Program is both unique and valuable to the Government of Canada. This review is the first external review of GSRP and NSIRA’s inaugural review of GAC.

Many of the receiving states where GSRP officers work have poor human rights records and/or are environments where surveillance of foreigners and citizens is commonplace. As such, receiving state perceptions of GSRP activities have direct implications on reputational risk to Canada and its allies, to other Canadian departments and agencies (like the Canadian Security Intelligence Service (CSIS), for example), to GSRP officers, and finally, on the local contacts used to help collect the Program’s information.

The review found a number of areas where the Program can improve, including more robust governance and accountability structures, additional oversight and attention to information management best practices.

Table of Contents

Backgrounder
Executive Summary
Authorities
Introduction
1. History of the GSRP
Findings and recommendations
Conclusion
Annex A: Findings and Recommendations

Date of Publishing:

December 20, 2023

Download PDF

View NSIRA’s Letter to the GAC Minister

View Government Response Letter

View GAC Minister’s Letter to NSIRA

Executive Summary

More significantly, the review found that although the GSRP operates under the Vienna Convention on Diplomatic Relations (VCDR), it does so without legal guidance assessing the activities of the Program. Likewise, GSRP officers do not receive adequate training regarding their legal obligations. In particular, the activities of certain GSRP officers abroad raised concern that some activities may not be in accordance with the duties and functions under the VCDR.

Although GSRP officers rely on the VCDR as a shield for their actions, some officers did not appear to appreciate the limitations of this immunity nor understand the true scope of their duties and functions. In addition, it was not clear if all officers understood that once they are no longer afforded diplomatic immunity, a receiving state may seek retaliatory measures against them. The review found an absence of risk assessments, security protocols, and legal guidance specific to the increased scrutiny that GSRP officers may attract due to the nature of their reporting priorities.

As government partners overseas, CSIS and GSRP frequently interact with each other, with overlap between these respective mandates. Insufficient deconfliction at Mission and Headquarters between CSIS and GAC exists, which results in inconsistent governance [redacted].

The review also found that the Program does not have appropriate safeguards in place regarding the safety of contacts overseas. Although most interactions between officers and contacts are innocuous, the Program does not appear to appreciate the associated risks of these exchanges. Significantly, the review identified some possible concerns related to how recommended that GAC Canadian identity information is managed, and therefore conduct a privacy impact assessment of the Program.

The creation of a foreign intelligence entity within GAC, or the allowance of mission creep by the GSRP into covert collection would run against the principles of the VCDR. Therefore, NSIRA believes it is important that the Government consider the implications stemming from this review and decide on the most appropriate means of collecting this kind of information. NSIRA acknowledges that this is a topic that goes beyond our remit, and therefore may require consideration by the National Security and Intelligence Committee of Parliamentarians. We intend to share this review with our review counterpart in order to commence such deliberations.

Authorities

This review was conducted under the authority of subsections 8(1)(a) and 8(1)(b) of the National Security and Intelligence Review Agency Act.

Introduction

Global Affairs Canada’s (GAC) Global Security Reporting Program (GSRP) collects and disseminates information in support of Canada’s intelligence priorities. As the program has matured during its nearly twenty years of existence, GSRP products have received attention from Government of Canada (GoC) departments and agencies, as well as allied nations.

This was the National Security and Intelligence Review Agency’s (NSIRA) first standalone review of GAC. As such, NSIRA familiarized itself with GAC’s mandate, policies, and legal authorities while simultaneously reviewing the GSRP as a unique and complex program.

NSIRA assessed whether GSRP activities were conducted in accordance with the law, relevant policies and procedures, and whether the activities were reasonable and necessary. Additionally, NSIRA examined whether the Program’s policies and procedures were sufficiently comprehensive to support overseas activities.

The core review period for this study was from January 1, 2017, to December 31, 2019, however, NSIRA reviewed information outside of this period in order to conduct a complete assessment. NSIRA also examined a significant sample of GSRP Missions that provided diverse perspectives on the nature and scope of the Program’s activities.

Given the unique circumstances of NSIRA’s recent establishment and the various logistical and procedural challenges associated with this transition, this review was only possible with the support of GAC staff, especially those within its External Review Liaison Unit. Additionally, NSIRA thanks CSIS and its External Review and Compliance team for its help in facilitating this review. This report was scheduled to be completed in the summer of 2020, but was delayed due to the COVID-19 pandemic that began when the review was in its initial scoping stages.

History of the GSRP

During the Cold War, security reporting was integrated into political reporting by Canadian diplomats abroad. The Canadian security and intelligence (S&l) community largely relied on this foreign security reporting to meet its information needs. Following the end of the Cold War, security reporting was no longer routinely incorporated into political reporting by Canadian diplomats. The change was reflective of:

“an evolving world order, in which different, non-traditional security challenges arose; new and changing national and departmental priorities; the loss of subject matter expertise as diplomats and managers both moved on and retired; and significant public service cuts and budget restraints in the 1990s influenced GAC activities and priorities.”

GSRP was created soon after the events of 9/11. The contemporary Program has a unit of approximately 30 diplomatic personnel dedicated to overt single source* reporting — from a network of primarily “non-traditional” contacts — on issues pertinent to the Canadian security, intelligence, defence, and foreign policy community. GSRP. officers (or officers) operate within and outside of host country capitals and regularly travel to areas less frequented by most diplomats. Since 2009, these reports (which inform both Canadian and allied decision-makers), have been anchored in the GoC intelligence priorities.

GSRP officers report to the Intelligence Assessments and Reporting Division (INA) under the Intelligence Bureau which falls under the ADM of International Security and Political Affairs.” The GSRP adheres to a matrix management structure: at mission, GSRP officers report to the Foreign Policy and Diplomacy Service (FPDS) manager or Head of Mission (HoM), while GSRP Headquarters (HQ) primarily determines officer collection priorities. In addition, GSRP HQ defines the expectations for the Program.

Findings and recommendations

Utility of GSRP

The GSRP is the only Canadian diplomatic program that is dedicated and funded to collect overt security-related information. GSRP functions as a fenced resource wherein the majority of an officer’s time (90%) is devoted to the production of single- source reports. No other GAC program devotes similar resource allocation to “pure collection”.

GSRP’s clients repeatedly stated that the reports provide pertinent information consistent with their department/agency’s collection requirements. Specifically, GSRP reporting provides “on-the-ground” perspectives from a diverse group of individuals, which is unique in comparison to other GoC collection streams. Recipients mentioned the reports provide useful information on broader threats and trends in areas of emerging interest.

Clients reported that one of the greatest assets of the GSRP is the priority placed on language training. This includes, in some cases, over a year of training, including immersive in-country exposure.’ GSRP clients have noted that language fluency is a key value of the Program.

Moreover, clients commended the Program’s ability to rapidly deploy officers to cover a specific area, event, or issue that is of significant value to the GoC. Despite these benefits, review of GSRP documentation indicates the need for improved product feedback mechanisms to help determine whether reports meet client needs”.

Legal Authorities

Duties and Functions under the Vienna Convention on Diplomatic Relations

The lawful functions of a diplomatic mission and the duties owed by diplomats who enjoy privileges and immunities in a receiving state are articulated in the Vienna Convention on Diplomatic Relations (VCDR). The VCDR is generally accepted as a codification of diplomatic law, rules and practices under customary international law. According to GAC, the GSRP falls within the functions of a diplomatic mission, as listed in Article 3 of the VCDR. As outlined under Article 3(1)(d), it forms part of the function of a diplomatic mission to ascertain, by all lawful means, the conditions and developments in the host state and report on them to the government of the sending state. Article 3(1)(d) specifically requires diplomatic reporting to be “by lawful means.”

Under Article 41(1) of the VCDR, it is the duty of diplomats exercising the functions listed under Article 3 and who enjoy privileges and immunities in the receiving state “to respect the laws and regulations of the receiving state” and “not to interfere in the internal affairs of that state”. Breaches of these duties constitute abuses of privileges and immunities (also referred to as abuses of diplomatic functions).

Remedies for abuse of diplomatic privileges and immunities

Remedy for abuse of diplomatic privileges and immunities, as outlined in the VCDR, includes notifying the sending state that a diplomat in question is declared persona non grata (Article 9 of the VCDR) and, in the most exceptional circumstances, breaking off diplomatic relations, which are established by mutual consent as articulated in Article 2 of the VCDR.

Importantly, these remedies do not require the host state to give reasons for the remedial action. The result is that the perception of abuse can be as likely a cause for expelling a diplomat or even breaking off diplomatic relations as an actual abuse. The International Court of Justice in the Tehran Hostages Case explained the discretion built into this regime as follows:

Article 9 of the [VCDR]… take[s] account of the difficulty that may be experienced in practice of proving such abuses in every case or, indeed, of determining exactly when exercise of the diplomatic function”…”may be considered as involving such acts as “espionage” or “interference in internal affairs”. The way in which Article 9 paragraph 1, takes account of any such difficulty is by providing expressly in its opening sentence that the receiving state may “at any time and without having to explain its decision” notify the sending state that any particular member of its diplomatic mission is “persona non grata” or “not acceptable”… Beyond that remedy for dealing with abuses of the diplomatic function by individual members of a mission, a receiving state has in its hands a more radical remedy if abuses of their functions by members of a mission reach serious proportions. This is the power which every receiving state has, at its own discretion, to break off diplomatic relations with a sending state and to call for the immediate closure of the offending mission. (emphasis NSIRA’S).

The personal immunity enjoyed by diplomats will normally cease when the functions of the diplomat have come to an end and “at the moment when he leaves the country, or on expiry of a reasonable period in which to do so. There are circumstances wherein the receiving state may prosecute a diplomat for those breaches that contravene their domestic law where the personal diplomatic immunity enjoyed by the diplomat has ceased.

Acts performed by a diplomat “in the exercise of his functions as a member of the mission” will continue to be covered by immunity despite the diplomat’s personal immunity having ended. However, acts falling outside of a diplomat’s legitimate functions will not continue to be covered by immunity, and the diplomat may be liable to prosecution for illegal acts they performed during the mission if they later re-enter the receiving state without the protection of diplomatic immunity or where they fail to leave the receiving state within a reasonable time.

There are of course other less severe means at the receiving state’s disposal to respond to a diplomat’s abuse of functions, both legal and political. Aside from the more unlikely risks of expulsion or severing of diplomatic relations, there is a wide spectrum of reputational harm that may result from perceived breaches of the VCDR. NSIRA emphasizes that GSRP officers should be wary of placing a receiving state in the position to seek remedy.

Where the GSRP activities depart from the legal framework for diplomatic functions in international law, attention should also be turned to whether these activities are lawful under Canadian law. Diplomatic relations are conducted under the authority of Crown Prerogative over foreign relations, which is constrained, to some extent, by international law. Prohibitive rules of customary international law, which would include prohibitive rules of diplomatic law, are considered to be incorporated into Canadian common law unless there is legislation to suggest the contrary. Crown Prerogative is likewise part of our common law. Consideration must be given as to how the exercise of Crown Prerogative reconciles with these prohibitive rules.

Perceptions

Diplomatic vs. Intelligence Functions

Existing within GAC’s intelligence bureau, the GSRP’s reporting directions are derived from Canada’s intelligence priorities. Nonetheless, GAC characterized the Program to NSIRA as being consistent with regular diplomatic reporting. Effectively, NSIRA views the Program as existing within a grey zone between these two dichotomies.

GSRP officers are posted to countries to collect information relevant to the GoC’s intelligence priorities. These countries are often characterised by poor human rights records; a high degree of mistrust for outsiders; often take a hard line on internal security matters; and, tend to deploy mass surveillance on foreigners and citizens. This is why the perception of GSRP activities by receiving states is a relevant consideration for the Program.

When NSIRA asked how the Program accounts for disparities between what are legally permitted activities and the laws of the receiving state, GSRP officers were insistent that they operate under the VCDR.”’ Although officers acknowledged that they have a right under diplomatic law to fulfill their duties, they also understood that the receiving state might perceive their role differently. To help mitigate this risk, some officers indicated that they avoid reporting on sensitive topics.

Although the GSRP reports on intelligence priorities and obtains information from human contacts, officers believe they are distinct from intelligence practitioners given that they operate overtly as accredited members of a diplomatic mission, and do not pay or task their contacts. Despite these assertions, whether the actions of the GSRP officer are “overt” or “covert”, and whether or not they task or pay contacts, is not determinative when assessing for an abuse of privileges and immunities under the VCDR. In fact, many cases where interference activities have attracted the attention of receiving states were clearly overt.

Risk

GSRP officers must be alert to any activity that may be perceived by receiving states as falling outside of the functions of a diplomatic mission. This portion of the review briefly outlines some of the attendant risks.

Risk to the Government of Canada and its Allies

NSIRA expected to find a GSRP governance framework that articulates internal policies and provides guidance to GSRP officers on how to perform their diplomatic reporting functions. Such a governance framework does not exist.

When questioned on the absence of a governance framework, GSRP indicated that a policy suite was unnecessary given that officers “are doing what diplomats have always done.” Although GSRP management noted that they are working towards professionalizing the Program, policy is currently:

established by the Head of the GSRP, exercising their judgement and discretion, and drawing on specialized expertise, including support from legal, human resources and finance divisions, and seeking formal or informal approval from senior executives as required and when appropriate.

Policy guidance provided by the Head of GSRP is disseminated to officers via email. There is no central repository to organize this information. In addition to a lack of information management structures, there are information management weaknesses in other areas, including multiple incompatible systems and various security accreditations across missions. Additionally, some information is solely held at mission, limiting HQ’s visibility and oversight of mission developments.

As a result of the absence of a sufficient governance structure, information management challenges and limited oversight of mission developments, there have been instances where the Program has not managed risk appropriately.

For example, the review observed instances in which Canada’s allies misidentified GSRP officers as Canadian intelligence representatives.

Although NSIRA did not observe any instances where GSRP officers intentionally mislead receiving states, in one case, the lack of understanding of the Program’s mandate [redacted].

Some recipients of GSRP reports also indicated that other recipients (particularly those with limited security and intelligence backgrounds) do not fully understand that these products are single-source, unvalidated, or uncorroborated. This is particularly relevant given that GSRP officers have in the past unwittingly reported information that turned out to be misinformation and disinformation. Of note, GSRP produced just over five thousand reports over the review period, with two significant instances of confirmed disinformation in ten reports. Moreover, recipients repeatedly referred to misinformation in GSRP reports, yet NSIRA was unable to independently corroborate all of the Program’s reports over the review period.

As already noted, one of the challenges facing the Program is the absence of sufficient oversight. Four full time employees at HQ are responsible for the management of approximately thirty officers, the vetting of approximately two thousand reports per year, for providing informal policy guidance, and conducting outreach with relevant stakeholders. This deprives HQ of the capacity to perform adequate quality control of officer activities.

Finding no. 1: NSIRA found that GSRP’s governance and accountability structures are insufficiently developed.

Finding no. 2: NSIRA found that GSRP activities have the potential to cause unnecessary reputational and political harm to the Government of Canada.

Finding no. 3: NSIRA found that GSRP does not adequately maintain central repositories or follow information management best practices.

Recommendation no. 1: NSIRA recommends GSRP prioritize the development of a governance framework.

Recommendation no. 2: NSIRA recommends that GAC enforce data retention and information management practices as laid out in already-existing GoC policies.

GAC-CSIS Operational Partnership

CSIS has a framework that outlines host country expectations, both politically and operationally. The CS/S Act specifies, under section 17, how these arrangements are to be governed. In addition, there is Ministerial Direction that further guides CSIS’ conduct abroad. This governance framework structures CSIS’ operations to be consistent with domestic and international law. In most cases, CSIS prefers to be the primary interlocutor with foreign security or intelligence partners, just as GAC prefers to be the primary contact with diplomatic representatives.

In at least one instance, GSRP was a primary contact with a foreign intelligence agency instead of CSIS. In this instance, GAC refused to approve a Section 17 relationship between CSIS and [redacted] due to an ongoing sensitive diplomatic case. However, NSIRA did not observe anything to indicate these same relationship prohibitions were extended to RCMP or GSRP. Regardless of the circumstances, in cases where CSIS is prohibited from engaging a foreign entity due to restrictions on the foreign arrangement, GAC does not have the same restrictions.

Moreover, where CSIS and GAC have identical legal obligations under the Avoiding Complicity in Mistreatment by Foreign Entities Act (ACMFEA), these obligations risk being applied differently. For example, where CSIS has controls on who they can and cannot liaise with as derived from Ministerial direction (i.e. s.17, CS/S Act), GAC does not have comparable restrictions. Rather, GAC relies on internal mitigation processes when sharing information with foreign entities, which for CSIS, are only relevant if the Minister permits the Service to engage with that entity to start with.

Although GSRP management stated that it is not the role of officers to liaise with foreign security and intelligence agencies, GSRP officers did not consistently articulate this to NSIRA. For instance, some officers interacted with members of local intelligence agencies, while others mentioned that they consider this to be outside their mandate.

In several instances, CSIS was asked by receiving states to clarify what was perceived to be inappropriate activities by GSRP officers. In these cases, CSIS. attempted to reassure these partners that the GSRP was not a covert collection program. NSIRA also observed coordination challenges in regions where CSIS and GSRP activities overlap (e.g. contact pools).

NSIRA heard from multiple GSRP officers that they generally found CSIS partners at missions collegial and forthcoming with security advice.” In one other instance, the GSRP officer reported a hostile relationship with their CSIS counterpart.

NSIRA also observed numerous cases where it did not appear that GSRP officers had adequately productive relationships with CSIS at mission. In these instances, although individuals were cordial, there was minimal interaction, with CSIS officers often keeping to themselves. Although NSIRA understands the legal protections pertaining to CSIS information sharing, there appeared to be a lack of consistent deconfliction and interaction between GSRP and CSIS in the field.

When NSIRA raised the issue of deconfliction overseas, GSRP management maintained that such mechanisms were unnecessary given that CSIS is a client, and not a partner, of the Program Although CSIS is indeed a client of GSRP reporting, the above also clearly indicates that the GSRP and CSIS operate in close proximity to each other overseas, with attendant relationship complexities that must be managed.

CSIS and GAC both participate in a Joint Management Team (JMT), which convenes at the Director General and Deputy Minister levels. NSIRA observed that although there is potential for the JMT to serve as an effective deconfliction mechanism, there was no evidence that key takeaways concerning GSRP and CSIS collaboration were acted upon. Further, the JMT convenes too infrequently to have a lasting or substantive impact.

Finding no. 4: NSIRA found that there is insufficient deconfliction between CSIS and GSRP, which results in inconsistent governance when engaging foreign entities.

Recommendation no. 3: NSIRA recommends the development of clear deconfliction guidelines between CSIS and GSRP and that there must be a consistent approach by CSIS and GSRP when engaging with foreign entities overseas.

Risk to Officers

GAC advised that they have no legal opinions on the legal framework for the GSRP. NSIRA observes that not enough attention has been turned to ascertaining the scope of the functions of a diplomatic mission as described by Article 3(1)(d) and the duties outlined in Article 41(1) of the VCDR, as well as the types of activities that may expose GSRP officers to being declared persona non grata by the receiving state. One area of particular ambiguity is the broad concept of diplomatic interference under Article 41(1) which is not clearly defined under diplomatic law and requires further consideration. The more sensitive a GSRP officer’s conduct, the more likely a receiving state may perceive interference. In addition, thresholds for interference will likely differ between states.

Similarly, where GSRP activity takes on the perceived attributes of espionage, there is increased risk of exceeding the GSRP mandate, violating the receiving state’s domestic law, and exceeding the GSRP officer’s legal diplomatic functions. These risks require further consideration by GAC’s legal and policy team, as outlined further below.

The risks of not creating a legal and policy framework could result in reputational harm to Canada and its diplomatic relations, and presents risks to the individual GSRP officers. NSIRA observed that many GSRP officers routinely relied on the VCDR as a shield for their actions. Indeed, officers did not appear to appreciate that a breach of their obligations under the VCDR amounts to an abuse of their diplomatic privileges and immunities. Article 3(1)(d) of the VCDR recognizes reporting information ascertained through lawful means. Any departure from this requirement would mean that a GSRP officer runs a risk of not being protected by immunity once the GSRP officer’s personal immunity ceases at the end of the individual’s diplomatic posting.

GAC’s Conduct Abroad Code explicitly acknowledges that host country local norms are to be followed by Canadian representatives and that perceptions of Canadian representatives may have a negative effect on Canada’s reputation. Additionally, the activities of GSRP officers are governed by other protocols, which cover the risk of natural disasters, local health concerns, crime, and the physical security of the mission.

In order to collect pertinent information, GSRP officers often travel to dangerous regions not regularly frequented by other diplomats. In addition, GSRP officers also engage with contacts who may hold viewpoints that are considered sensitive by receiving states. Obviously, these contacts would be of little value to the Program if the information/perspective they possess could be collected anywhere. Although all diplomats can attract attention of local authorities, given the nature of the GSRP’s mandate, officers are at particular risk of scrutiny by receiving states.

There also appears to be a disconnect between GSRP HQ and mission management. Namely, there does not appear to be a shared accountability structure. As a result, this undermines the primacy of any one of the managing parties. For example, NSIRA observed multiple instances in which the reporting structure was not clear either for Program partners or for GAC management. For example, the time lag for receiving critical guidance placed one officer at risk of continuing activities which could have been perceived as non-compliant with the VCDR.

GSRP officers do not receive adequate training or briefings on the parameters of diplomatic privileges and immunities. This lack of knowledge may have serious consequences on the GSRP officer’s ability to conduct themselves in accordance with their diplomatic duties. In addition, once a GSRP officer is no longer afforded diplomatic immunity, a receiving state may seek retaliatory measures.

Case Study: Accepting and reporting on classified information

During the course of the review, NSIRA observed many instances where GSRP officers claimed to have a good understanding of their legal boundaries. However, an instance that occurred in [redacted] highlighted the need to ensure that GSRP officers are properly aware of their legal obligations. In this case, a GSRP officer received what appeared to be classified [redacted] from a contact.

Like Canada, [redacted] has laws prohibiting the disclosure of classified information. The GSRP officer’s actions must comply with [redacted]. In addition, Article 41 of the VCDR is clear that diplomats are required to respect the laws and regulations of the receiving state. NSIRA did not see any indication that consultation with legal counsel occurred in this particular case.

In another case, a GSRP officer [redacted] requested and received what was likely classified information from a contact. The information received included [redacted].

In both of the cases examined above, the two GSRP officers appeared to believe that their actions were distinguishable from the activities of an intelligence officer because they did not pay for the information. As noted previously, this is not pertinent when considering compliance with the VCDR; moreover, the aforementioned cases raise concerns related to abuses of diplomatic privileges.

GSRP officers do not have clear guidelines on how to proceed when exposed to information that falls outside the limits of diplomatic collection. NSIRA did observe one instance in which a GSRP officer was given suspected classified information and appropriately returned it to the contact. However, this result was a consequence of the good judgment exhibited by the officer, rather than derived from explicit direction.

Finding no. 5: NSIRA found there was an absence of risk assessments and security protocols specific to the increased scrutiny that GSRP officers may attract because of the nature of their reporting priorities.

Finding no. 6: NSIRA found that although the GSRP operates under the VCDR, it does so without adequate legal guidance assessing the activities of the Program.

Finding no. 7: NSIRA found that GSRP officers do not receive adequate training regarding their legal obligations.

Recommendation no. 4: NSIRA recommends that GSRP develop risk protocols and security guidelines specific to the GSRP.

Recommendation no. 5: NSIRA recommends that GAC complete a thorough legal assessment of GSRP activities. GSRP officers should receive applicable training based on the result of the assessment.

Risk to Contacts

As already explained above, the more sensitive a GSRP officer’s conduct, the more likely a receiving state will perceive interference. This is particularly true with respect to officer interactions with contacts. It is important to underscore that the assumed diplomatic protections granted to the GSRP officer do not apply to contacts. As such, everything depends on a) the degree to which the contact is genuinely free to share such information with a foreign state and b) the degree to which the GSRP officer’s activities do not raise unnecessary suspicion about this interaction.

GSRP officers reported many different experiences regarding risk and security for their contacts, consistent with the diverse environments in which they operate. Most GSRP officers believed that there was little reason to be concerned for contacts, irrespective of the environment, given the overt nature of the collection. In cases where officers acknowledged that certain regions and/or circumstances created a higher risk to the contact, these situations were often mitigated by following the lead of the contact. In other words, given that the contact was most familiar with the environment, the GSRP officer paid close attention to these sensitivities.

In some instances however, GSRP officers mentioned concern for the security of their contacts, which could not be easily mitigated. One GSRP officer noted in an interview that his contact informed him that their interactions would garner unwanted attention by local authorities. Similarly, another GSRP contact was detained by the local authorities and questioned about his interaction with a GSRP officer. In other instances, GSRP officers reported political turmoil or increased security as reasons why contacts suddenly stopped talking to them.’”

Throughout the course of this review, the implications of the differences between overt contacts and clandestine sources were ever-present. In many respects, GSRP. management’s contention that a contact cannot be perceived in the same manner as an intelligence source is accurate. Certainly, most GSRP officers’ interactions with contacts are innocuous. However, given the very nature of the reporting requirements for the Program, there were cases where the contact’s interactions with the officer were high risk. Such examples include GSRP [redacted] speaking with various individuals in [redacted].

These topics and regions are not only widely known as highly sensitive to the receiving states, but also align closely with what a covert source may be tasked to collect information on.

The problem facing the Program from a “contact management” perspective is that anything that takes on the trappings of a “source management” program lends itself to appropriate criticism of being too closely affiliated to non-diplomatic reporting. For example, although the Program would benefit from some of the best practices of HUMINT management, discerning precisely which aspects would be most beneficial, while remaining a diplomatic program, is a key challenge.

In the absence of a “contact management” governance structure, it is therefore left to the best judgment of individual officers on how these interactions are to transpire. This includes the officer determining who to meet, where to meet, and what security protocols are most appropriate in the given circumstances.

In some cases, the officer took it upon themselves to try to enhance security for the contact, including setting up meeting venues minutes before in order to decrease the likelihood of third parties discovering the meeting location. In another example, the officer attempted to obscure mobile device tracking with a faraday bag.

Although these measures were undertaken with the best interest of the contact at hand, intelligence services observing these behaviours could draw an alternative perspective about the intent of such behaviours. Most notably, this could run the risk that GSRP contacts would be perceived by receiving states as assets of a hostile intelligence service.

Irrespective of the environment, or the comfort of the contact, there was also inconsistency in how GSRP officers provided assurances to contacts. For example, while some officers reassured contacts that there is anonymity or confidentiality in GSRP reports, others did not. There was no evidence of a consistent understanding among officers on what assurances could be offered to contacts, or if contacts fully understood what would be done with the information they provided.

Recipients of GSRP reports repeatedly mentioned the ease at which they were able to identify contacts from the descriptions in the reports. Significantly, the majority of officers mentioned that they also report on meetings with Canadian contacts. The anonymization of Canadians is particularly important with regard to ensuring that GAC is meeting its obligations under the Privacy Act and other pertinent legislation. NSIRA will examine the issue of the GSRP meeting their information-sharing obligations with regard to Canadian contacts in the future.

Finding no. 8: NSIRA found that the GSRP does not have appropriate safeguards for interactions with contacts overseas.

Recommendation no. 6: NSIRA recommends that GSRP develop best practices for interactions with contacts based on consultation with GAC legal advisors.

Recommendation no. 7: NSIRA recommends that GAC conduct a Privacy Impact Assessment of the GSRP.

Conclusion

GSRP operates in a distinctly grey zone; GSRP’s vision for the Program includes “greater integration of intelligence community standards and best practices into the GSRP, while maintaining its diplomatic ethos”. Reconciling what this means, in practice, is the most pressing challenge facing the Program.

Reciprocity is an important element of diplomacy. The activities of certain GSRP officers abroad raises concerns that Canada’s diplomats are at times not conducting themselves in accordance with their duties and functions under the VCDR, and of consequence, this may inadvertently influence how these states conduct activities in Canada.

There is a strong appetite for foreign intelligence collected by Canadians. Academics and senior officials from various departments have made clear that Canada’s allies are also eager for Canada to be more involved.

The creation of a foreign intelligence entity within GAC, or the allowance of mission creep by the GSRP into this area of collection, would run against the principles of the VCDR. Therefore, it is important that the GoC consider the implications stemming from this review and decide on the most appropriate means of collecting this kind of information. NSIRA appreciates that issues raised in this review necessarily evoke a renewed conversation on a dedicated Canadian foreign intelligence agency. This is, however, beyond the remit of NSIRA and may require consideration by the NSICoP.

Annex A: Findings and Recommendations

Finding no. 1: NSIRA found that GSRP’s governance and accountability structures are insufficiently developed.

Finding no. 2: NSIRA found that GSRP activities have the potential to cause reputational and political harm to the Government of Canada.

Finding no. 3: NSIRA found that GSRP does not adequately maintain central repositories or follow information management best practices.

Finding no. 4: NSIRA found that there is insufficient deconfliction between CSIS and GSRP which results in inconsistent governance when engaging foreign entities.

Finding no. 6: NSIRA found that although the GSRP operates under the VCDR, it does so without adequate legal guidance assessing the activities of the Program.

Finding no. 7: NSIRA found that GSRP officers do not receive adequate training regarding their legal obligations.

Finding 8: NSIRA found that the GSRP does not have appropriate safeguards for interactions with contacts overseas.

Recommendation no. 1: NSIRA recommends GSRP prioritize the development of a governance framework.

Recommendation no. 2: NSIRA recommends that GAC enforce data retention and information management practices as laid out in already-existing GoC policies.

Recommendation no. 4: NSIRA recommends that GSRP develop risk protocols and security guidelines specific to the GSRP.

Recommendation no. 5: NSIRA recommends that GAC complete a thorough legal assessment of GSRP activities. GSRP officers should receive applicable training based on the result of the assessment.

Recommendation no. 6: NSIRA recommends that GSRP develop best practices for interactions with contacts based on consultation with GAC legal advisors.

Recommendation no. 7: NSIRA recommends that GAC conduct a Privacy Impact Assessment of the GSRP.

Date Modified:: 2024-01-12

Review of Air Passenger Targeting by the Canada Border Services Agency (CBSA)

Completed Reviews

Review of Air Passenger Targeting by the Canada Border Services Agency (CBSA)

Date of Publishing:

November 30, 2023

Download PDF

View GOC Responses

Executive Summary

The Canada Border Services Agency (CBSA)’s Air Passenger Targeting program performs pre-arrival risk assessments on inbound passengers. It seeks to identify passengers that may be at higher risk of being inadmissible to Canada or of otherwise contravening the CBSA’s program legislation. It does so by using information submitted by commercial air carriers called Advanced Passenger Information and Passenger Name Record data in a multi-stage process that involves manual and automated triaging methods, referred to as Flight List Targeting and Scenario Based Targeting.

The Advance Passenger Information and/or Passenger Name Record data used to perform these prearrival risk assessments include personal information about passengers that relates to prohibited grounds of discrimination under the Canadian Human Rights Act and the Canadian Charter of Rights and Freedoms (the Charter). These grounds include age, sex, and national or ethnic origin. The CBSA relies on information and intelligence from a variety of different sources to determine which of these data elements indicate a risk in passengers’ characteristics and travel patterns in the context of specific enforcement issues, including national security-related risks. Given their potential importance for Canada’s national security and for the CBSA’s concurrent obligations to avoid discrimination, attention to the validity of the inferences underpinning the CBSA’s reliance on the particular indicators it creates from this passenger data to perform these risk assessments is warranted. These considerations also have implications for Canada’s international commitments to combat terrorism and serious transnational crime and to respect privacy and human rights in the processing of passenger information.

NSIRA conducted an in-depth assessment of the lawfulness of the CBSA’s activities in the first step of the pre-arrival risk assessment, where inbound passengers are triaged using the passenger data provided by commercial air carriers. The review examined whether the CBSA complies with restrictions established in statutes and regulations on the use of the Advance Passenger Information and Passenger Name Record data and whether the CBSA complies with its obligations pertaining to non-discrimination.

While NSIRA found that the CBSA’s use of Advance Passenger Information and Passenger Name Record data complied with the Customs Act, the CBSA does not document its triaging activities in a manner that enables effective verification of compliance with regulatory restrictions established under the Protection of Passenger Information Regulations. This was more of a weakness in the CBSA’s manual Flight List Targeting triaging method than its automated Scenario Based Targeting method.

The CBSA was also unable to consistently demonstrate that an adequate justification exists for its reliance on particular indicators it created from the Advance Passenger Information and Passenger Name Record data to triage passengers. This is important, as the CBSA’s reliance on certain indicators results in drawing distinctions between travellers based on prohibited grounds of discrimination. These distinctions may lead to adverse impacts on passengers’ time, privacy, and equal treatment, which may be capable of reinforcing, perpetuating or exacerbating a disadvantage. Adequate justification for such adverse differentiation is needed to demonstrate that such distinctions are not discriminatory and are a reasonable limit on travellers’ equality rights.

Recordkeeping is important to ensure effective verification that Air Passenger Targeting triaging activities comply with the law and respect human rights and NSIRA observed important weaknesses in this regard. These recordkeeping weaknesses stem in part from the fact that the CBSA’s policies, procedures, and training are insufficiently detailed to adequately equip CBSA staff to identify discrimination and compliance-related risks and to act appropriately in their duties. Oversight structures and practices are also not rigorous enough to identify and mitigate potential compliance and discrimination-related risks. This is compounded by lack of collection and assessment of relevant data. NSIRA recommends improved documentation practices for triaging to demonstrate compliance with statutory and regulatory restrictions and to demonstrate that an adequate justification exists for its reliance on the indicators it creates from Advance Passenger Information and Passenger Name Record data. Such documentation is essential to enable effective internal oversight as well as external review.

NSIRA also recommends more robust training and increased oversight to ensure that triaging practices are not discriminatory. This should include updates to policies as appropriate as well as the collection and analysis of the data necessary to identify, analyze and mitigate discrimination-related risks

Front matter

Lists of acronyms

API	Advance Passenger Information
APT	Air Passenger Targeting
CBSA	Canada Border Services Agency
CHRA COVID-19 EU	Canadian Human Rights ActNovel Coronavirus/Coronavirus Disease of 2019European Union
FLT	Flight List Targeting
IATA	International Air Transport Association
ICES	Integrated Customs Enforcement System
IRPA	Immigration and Refugee Protection Act
IRPR	Immigration and Refugee Protection Regulations
MOU	Memorandum of Understanding
NSIRA	National Security and Intelligence Review Agency
OAG	Office of the Auditor General of Canada
OPC	Office of the Privacy Commissioner
PAXIS	Passenger Information System
PCLMTFA	Proceeds of Crime (Money Laundering) and Terrorist Financing Act
PICR	Passenger Information (Customs) Regulations
PNR	Passenger Name Record
PPIR	Protection of Passenger Information Regulations
RFI	Request for Information
SBT	Scenario Based Targeting
SOP	Standard Operating Procedures
UNSC	United Nations Security Council
US	United States

Lists of figures

Figure 1. Advance Passenger Information and Passenger Name Record Elements

Figure 2. Steps in the Air Passenger Targeting

Figure 3. Process for Developing Scenarios for Scenario Based Targeting

Figure 4. What is a “High Risk” Flight or Passenger

Figure 5. Instances Where the Link to Serious Transnational Crime or Terrorism Offences was unclear

Figure 6. Instances Where the Potential Contravention was Unclear in Targets

Figure 7. Legal Tests under the CHRA and the Charter

Figure 8. Advance Passenger Information and Passenger Name Record Data That Relate to Protected Grounds

Figure 9. Instances Where Behavioural Indicators Were Protected Grounds or Did Not Narrow Scope

Figure 10. Impacts on Travellers Resulting from Initial Triage

Figure 11. Summary of NSIRA’s Assessment of Scenario Supporting Documentation

Figure 12. Examples of Weaknesses in Scenario Supporting Documentation

Figure 13. Example of a Well-Substantiated Scenario

Figure 14. Why the Justification for the Indicators Used in Targeting is Important

Authorities

The National Security and Intelligence Review Agency (NSIRA) conducted this review under paragraph 8(1)(b) of the NSIRA Act.

Introduction

The Canada Border Services Agency (CBSA)’s Air Passenger Targeting program is one of several programs that help the Agency fulfill its mandate of “providing integrated border services that support [Canada’s] national security and public safety priorities and facilitate the free flow of [admissible] persons and goods” into Canada. Air Passenger Targeting uses passenger data submitted by commercial air carriers called Advance Passenger Information and Passenger Name Record data to conduct pre-arrival risk assessments. The pre-arrival risk assessments are intended to identify individuals at higher risk of being inadmissible to Canada or of otherwise contravening the CBSA’s program legislation. In 2019-20, the CBSA received this information to risk assess 33.9 million inbound international travellers.

Air Passenger Targeting has become an increasingly important tool for screening passengers. The CBSA’s deployment of self-serve kiosks to process travellers arriving in Canadian airports has decreased the ability of Border Services Officers to risk assess travellers through in-person observations or interactions, increasing the CBSA’s reliance on pre-arrival risk assessments, like Air Passenger Targeting, to identify and interdict inadmissible people and goods.

The Canadian border context affords the CBSA considerable discretion in how it conducts its activities. Individuals have lower reasonable expectations of privacy at the border. Brief interruptions to passengers’ liberty and freedom of movement are reasonable, given the state’s legitimate interest in screening travellers and regulating entry. However, the activities of the CBSA must not be discriminatory, meaning that any adverse differential treatment on the basis of prohibited grounds of discrimination, such as national or ethnic origin, age, or sex must be justified. Both the Canadian Human Rights Act and the Canadian Charter of Rights and Freedoms (the Charter) create distinct obligations in this regard. The Advance Passenger Information and Passenger Name Record data that the CBSA uses to perform these pre-arrival risk assessments includes personal information about passengers that is either a prohibited ground of discrimination or that relates closely to such grounds, warranting further attention to the CBSA’s compliance with these obligations. As Air Passenger Targeting involves passenger screening to identify national security-related risks (among others), attention to the validity of the inferences underpinning the CBSA’s interpretation of passenger information also has implications for Canada’s national security.

Air Passenger Targeting also engages Canada’s international commitments to combat terrorism and serious transnational crime and to respect privacy and human rights in the processing of passenger information. The latter commitment has been of particular importance to the European Union in the context of ongoing negotiations on an updated agreement for sharing passenger information.

About the review

NSIRA’s review examined two main aspects of the lawfulness of the CBSA’s passenger triaging activities in Air Passenger Targeting and their effects on travellers. The review examined whether the CBSA’s triaging activities comply with restrictions established in statutes and regulations on the use of Advance Passenger Information and Passenger Name Record data; and whether passenger triaging activities comply with the CBSA’s obligations pertaining to non-discrimination under the Canadian Human Rights Act and the Charter.9 NSIRA expected to find that the CBSA’s triaging activities are conducted with appropriate legal authority and comply with use restrictions on the passenger data and non-discrimination obligations, namely, that any adverse differentiation among travellers based on protected grounds is supported by adequate justification.

The review focused on the CBSA’s triaging activities in Air Passenger Targeting relevant to identifying potential national security-related threats and contraventions. However, it also examined the program as a whole across the CBSA’s three main targeting categories—national security, illicit migration, and contraband—to fully appreciate the program’s governance and operations, given its reliance on intelligence analysis. The review examined the Air Passenger Targeting program as implemented by the CBSA between November 2020 and September 2021.

The review relied on information from the following sources:

Program documents and legal opinions
Information provided in response to requests for information (written answers and briefings)
[***Sentence revised to remove privileged or injurious information. It describes the number of scenarios that were active on May 26, 2021***]
Supporting documentation for a sample of 12 scenarios that were active on May 26, 2021
A sample of 83 targets issued between January and March 2021 (including 59 targets subsequent to Flight List Targeting and 24 targets subsequent to Scenario Based Targeting)
A live demonstration at the National Targeting Centre, which conducts Air Passenger Targeting
Open sources, including news articles, academic articles, and prior reviews by other agencies.
Past performance data and relevant policy developments

Confidence statement

For all reviews, NSIRA seeks to independently verify information it receives. Access to information was through requests for information and briefings by the CBSA. During this review, NSIRA corroborated the information that was received through verbal briefings by receiving copies of program files and alive demonstration of Air Passenger Targeting. NSIRA is confident in the report’s findings and recommendations.

Orientation to the Review Report

After providing essential background information on the steps and activities involved in Air Passenger Targeting and its contribution to the CBSA’s mandate in Section 5, the review’s findings and recommendations are presented in Section 6.

In Section 6.1, NSIRA’s assessed the CBSA’s compliance with statutory and regulatory restrictions on the CBSA’s use of Advance Passenger Information and Passenger Name Record data. Weaknesses in how the CBSA documents its Air Passenger Targeting program activities prevented NSIRA from verifying that all triaging activities complied with these restrictions. These weaknesses also impede the CBSA’s own ability to provide effective internal oversight.

In Section 6.2, NSIRA’s assessed the CBSA’s compliance with its obligations pertaining to nondiscrimination under the Canadian Human Rights Act and the Charter. Similar weaknesses in documentation and recordkeeping prevented the CBSA from demonstrating, in several instances, that an adequate justification exists for its reliance on the indicators it created from Advance Passenger Information and Passenger Name Record data to triage inbound travellers. Ensuring that Air Passenger Targeting triaging practices are substantiated by relevant, reliable and documented information and intelligence is important to demonstrating that travellers’ equality rights are being respected, given that some of the indicators relied on to triage passengers relate to protected grounds and given that passenger triage may lead to adverse impacts for travellers. NSIRA recommends a number of measures to improve recordkeeping and identify and mitigate discrimination-related risks.

Background and content

Air Passenger Targeting and the CBSA’s Mandate

The Air Passenger Targeting program is housed within the National Targeting Centre and is currently supported by 92 Full-Time Equivalents. Air Passenger Targeting is one of several targeting programs at the CBSA, and pre-arrival risk assessments are also performed on cargo and conveyances in other modes of travel, such as marine or rail. Pre-arrival risk assessments are currently only performed on crew and passengers for commercial-based air and marine travel. Screening and secondary examinations of travellers entering Canada through other modes of travel such as land or rail are undertaken at the border.

The Air Passenger Targeting pre-arrival risk assessments are intended to help front line Border Services Officers to identify travellers and goods with a higher risk of being inadmissible to Canada or of otherwise contravening the CBSA’s program legislation and referring them for further examination once they arrive at a Canadian Port of Entry.

Pre-arrival risk assessments are performed in relation to multiple enforcement issues, all of which are associated with ever-evolving travel patterns and traveller characteristics that may vary from one part of the world to the other. Staff at the National Targeting Centre receive training, develop on-the-job experience, and have access to a large body of information and intelligence to perform their duties.

How Air Passenger Targeting works

Key Information Relied Upon in Air Passenger Targeting

Air Passenger Targeting relies on two sets of information to triage passengers for these risk assessments. The first set consists of information about passengers that commercial air carriers submit to the CBSA under section 148(1)(d) of the Immigration and Refugee Protection Act and 107.1 of the Customs Act. This information is referred to as Advance Passenger Information and Passenger Name Record data. Advance Passenger Information comprises information about a traveller and the flight information associated with their travel to Canada; Passenger Name Record data is not standardized and refers to information about a passenger kept in the air carrier’s reservation system. The particular data elements are prescribed under section 5 of the Passenger Information(Customs) Regulations and section 269(1) of the Immigration and Refugee Protection Regulations.

For simplicity, NSIRA refers to Advance Passenger Information and Passenger Name Record Data collectively as “passenger data” in this review unless otherwise specified. Figure 1 provides an overview of common Advance Passenger Information and Passenger Name Record data elements. Once received by the CBSA, the passenger data is loaded into the CBSA’s Passenger Information System (PAXIS). This is the main system used to conduct Air Passenger Targeting.

Figure 1. Advance Passenger Information and Passenger Name Record Elements

The second set consists of information and intelligence from a variety of other sources that is used to help the CBSA determine which Advance Passenger Information and Passenger Name Record data elements may indicate risks in passengers’ characteristics and travel patterns in the context of specific enforcement issues and can therefore provide indicators for triaging passengers. Key sources include:

Recent significant interdictions that are cross-referenced with historical enforcement and intelligence information, as well as with the Advance Passenger Information and/or Passenger Name Record data for interdicted subjects
Port of entry seizures
Information from Liaison Officers overseas
International intelligence bulletins
Intelligence products shared by domestic and international partners concerning actionable indicators and trends from partner agencies based on their area of expertise.
Open sources, including news articles, op-eds, academic articles, social media.
CBSA intelligence products based on one or more of the above-mentioned sources, such as Intelligence Bulletins, Targeting Snapshots or Placemats, Country Threat Assessments, Intelligence Briefs, daily news briefings.

The quality of the information supporting the CBSA’s inferences as to who may be a high-risk traveller is important to ensure the triage is reasonable and non-discriminatory (see Section 6.2).

Step by Step Process of Air Passenger Targeting

Air Passenger Targeting involves three key steps, illustrated in Figure 2. First, CBSA officers triage passengers based on the Advance Passenger Information and Passenger Name Record data using manual or automated methods. Second, CBSA officers undertake a risk assessment of the selected passengers using different sources of information and intelligence. Third, Targeting Officers decide whether to issue a “target,” based on the results of this risk assessment.

Figure 2. Steps in the Air Passenger Targeting Process

Figure 2: Horizontal diagram of the steps in the Air Passenger Targeting Process

Step 1: Passenger Triage

The CBSA uses two distinct methods to triage passengers using Advance Passenger Information and Passenger Name Record data: Flight List Targeting and Scenario-Based Targeting.

Flight List Targeting is a manual triage method that involves two main steps. The officers use their judgement to make these selections (see Figure 4 for further details).

Targeting Officers select an inbound flight from those arriving that day that they consider to be at “higher risk” of transporting passengers that may be contravening the CBSA’s program legislation.
Targeting Officers then select passengers on those flights for further assessment, based on the details displayed about them in the list of passengers.

Scenario Based Targeting is an automated triage method that relies on “scenarios,” or pre-established set of indicators created from Advance Passenger Information and Passenger Name Record data elements that the CBSA considers as risk factors for a particular enforcement issue. The data for passengers on all inbound flights are automatically compared against the parameters of each scenario. Any passengers whose data match all of the parameters of one (or more) scenario are automatically selected for a Targeting Officer to assess further.

[***Sentence revised to remove privileged or injurious information. It describes the steps involved in developing scenarios ***]

Figure 3. Process for Developing Scenarios for Scenario Based Targeting

[***Figure revised to remove privileged or injurious information. It describes the steps involved in developing scenarios. ***]

Both of these triage methods are informed by an analysis of information and intelligence in slightly different ways. In Scenario Based Targeting, the National Targeting Centre’s Targeting Intelligence unit analyses intelligence and information to identify combinations of Advance Passenger Information and Passenger Name Record data elements associated with “high risk” passengers and travel patterns for the purposes of developing scenarios, as illustrated in Step 1 of Figure 3 above. In Flight List Targeting, Targeting Officers analyze information and intelligence to develop a personal “mental model” about what constitute “high risk” flights or passengers in the context of a specific enforcement issue. Examples are provided in Figure 4.

Figure 4. What is a “High Risk” Flight or Passenger?

Based on information about past trends and intelligence about future travel, CBSA officers identify certain flights or airports that have had a higher incidence of travellers subsequently found to be in contravention of the CBSA’s program legislation. The CBSA assesses flights from these points of origin as “high risk” flights. [Sentence revised to remove privileged or injurious information. It provided examples of flight information that the CBSA indicated was associated with past contraventions.]

Based on similar analysis, CBSA officers have assessed that certain combinations of traveller characteristics and travel patterns are or may be associated with contraventions of the CBSA’s program legislation. Travellers who match these characteristics are considered to be “high risk” travellers. [Sentence revised to remove privileged or injurious information. It provided examples of flight information that the CBSA indicated was associated with past contraventions.]

Steps 2 and 3: Passenger Risk Assessments and Issuing Targets

The initial triage of passengers may result in two additional steps for those who have been selected for further assessment: further passenger risk assessments (referred to by the CBSA as a “comprehensive review”) and a decision to issue a target if risks that were initially identified remain.

The passenger risk assessment process involves requesting and analyzing the following information to determine whether risks initially identified in the passenger’s Advance Passenger Information and Passenger Name Record data are no longer of concern (referred to as “negation”), whether they continue to be of concern, or whether those concerns have increased:

Mandatory and discretionary queries of CBSA and other government databases;
Open-source searches (including social media);
Requests for information to other Government of Canada departments and to the United States Customs and Border Protection agency (mandatory for all potential contraventions related to national security, but optional for other enforcement issues).

A target is issued when the risk assessment cannot “negate” risks initially inferred about the passenger. A target is a notification to Border Services Officers at a Canadian Port of Entry (in this case, airports) to refer the passenger for “secondary examination”. It does not mean that a passenger has been found in contravention of the CBSA’s program legislation. A target includes details about the passenger and the risks identified in relation to the potential contravention (referred to as a “target narrative”).

During secondary examinations, Border Services Officers engage in a progressive line of questioning. This questioning is informed by the details contained in the target as well as all other information available to the officers, including information provided by travellers and other observations developed during the examination. This information may allow the officers to establish a reasonable suspicion about whether the passenger has contravened customs, immigration, or other requirements that are enforced by the CBSA and pursue further questioning or examination. These examinations may also involve a search of luggage and/or digital devices where required and with managerial approval. The outcome of these examinations determines the next steps for individual travellers.

Findings and Recommendations

The CBSA’s Compliance with Restrictions Established in Law and Regulations

Restrictions that Apply to Air Passenger Targeting and Why They Matter

While Air Passenger Targeting is not explicitly discussed in legislation, both the Customs Act and the Immigration and Refugee Protection Act provide the CBSA with legislative authority to collect and use Advance Passenger Information and Passenger Name Record data in Air Passenger Targeting. Such use is further supported by section 4(1)(b) of the Protection of Passenger Information Regulations, which expressly contemplates the use of Passenger Name Record data to conduct trend analysis and to develop risk indicators for the purpose of identifying certain high-risk individuals.

NSIRA is satisfied that these statutory provisions also authorize the CBSA to collect and analyze the information and intelligence necessary to support Air Passenger Targeting. These inputs are necessary to contextualize its interpretation of the Advance Passenger Information and Passenger Name Record data and determine which data elements characterize “high risk” passengers and travel patterns in the context of different enforcement issues. However, the review did not examine whether all information and intelligence collected by the CBSA was necessary to the conduct of its operations (in Air Passenger Targeting or otherwise). This related topic may be the subject of future review.

These authorizing provisions create restrictions on the CBSA’s use of Advance Passenger Information and Passenger Name Record data. Two layers of use restrictions apply: one set arises from the Customs Act or the Immigration and Refugee Protection Act as authorizing statutes, and the other set arises from section 4 of the Protection of Passenger Information Regulations.

In examining compliance with the first set, NSIRA referred to section 107(3) of the Customs Act, the broader of the two authorities. Section 107(3) authorizes the CBSA to use Advance Passenger Information and Passenger Name Record data:

To administer or enforce the Customs Act, Customs Tariff, or related legislation;
To exercise its powers, duties and functions under the Immigration and Refugee Protection Act, including establishing a person’s identity or determining their inadmissibility; and/or
For the purposes of its program legislation.

NSIRA also examined compliance with the use restrictions established by section 4 of the Protection of Passenger Information Regulations. The regulations limit the CBSA’s use of Passenger Name Record data to the identification of persons “who have or may have committed” either a terrorism offence or a serious transnational crime. The data can be used to identify such persons directly, or to enable trend analysis or the development of risk indicators for that same purpose.

The Protection of Passenger Information Regulations were enacted to fulfill Canada’s commitments respecting its use of Passenger Name Record data as part of an agreement signed with the European Union. The Agreement specifies that “[Passenger Name Record] data will be used strictly for purposes of preventing and combating: terrorism and related crimes; other serious crimes, including organized crime, that are transnational in nature.” Although the 2006 agreement expired, ongoing efforts to negotiate a new agreement place continued importance on ensuring the CBSA’s ability to demonstrate compliance with the lawful uses of Passenger Name Record data. The constraints established in the regulations also indicate the Minister’s determination of when the use of Passenger Name Record data by the CBSA will be reasonable and proportional.

As a matter of law, the Protection of Passenger Information Regulations restrictions apply only to Passenger Name Record data provided to the CBSA under the Immigration and Refugee Protection Act. However, Advance Passenger Information and Passenger Name Record data are integrated within its systems. The CBSA also uses Passenger Name Record data to issue targets for the purposes of the Customs Act and the Immigration and Refugee Protection Act simultaneously. Given the CBSA’s commitments to the European Union under the above-mentioned Agreement and these other considerations, the CBSA observes these regulatory restrictions across its Air Passenger Targeting program as a matter of policy.

Assessing compliance with the Protection of Passenger Information Regulations required NSIRA to determine whether the enforcement issue of interest in the triaging decision fell within the regulations’ definitions of a “terrorism offence” or of a “serious transnational crime.”

What NSIRA found?

NSIRA found that, in its automated Scenario Based Targeting triaging method, the CBSA’s use of Advance Passenger Information and Passenger Name Record data to identify potential threats and contraventions of the CBSA’s program legislation complied with statutory restrictions. For its manual Flight List Targeting triaging method, NSIRA was not able to assess the reasons for the CBSA’s selection of individual travellers and was therefore not able to verify compliance with section 107(3) of the Customs Act. For both methods, NSIRA was also unable to verify that all triaging complied with the regulatory restrictions imposed by the Protection of Passenger Information Regulations on the CBSA’s use of Passenger Name Record data, namely that its use served to identify potential involvement in terrorism offences or serious transnational crimes. This was due to lack of precision in Scenario Based Targeting program documentation and lack of documentation about the basis for Flight List Targeting triaging decisions.

Do Scenario Based Targeting triage practices comply with statutory and regulatory restrictions?

In Scenario Based Targeting, all scenarios complied with the statutory restrictions on the use of Advance Passenger Information and Passenger Name Record data, as all scenarios were developed for the purposes of administering or enforcing the CBSA’s program legislation. However, in several instances, the scenario documentation did not precisely identify why the CBSA considered a particular enforcement concern to be related to a terrorism offence or serious transnational crime. This lack of precision obscured whether the scenarios complied with the Protection of Passenger Information Regulations.

NSIRA reviewed the information contained within the scenario templates for [***Sentence revised to remove privileged or injurious information. It describes the number of scenarios that were active on May 26, 2021***]. The templates require information on the specific legislative provisions associated with the potential contravention the scenario seeks to identify. The templates also require a general description of the details of the scenario, including the potential contravention.

The CBSA’s use of Advance Passenger Information and Passenger Name Record data in Scenario Based Targeting complied with the first layer of legal restrictions, as all of the scenarios sought to identify contraventions of the Immigration and Refugee Protection Act, the Customs Act, the Customs Tariff, and/or the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, which are authorized purposes under section 107(3) of the Customs Act. In many instances, the scenario’s purpose also complied with the complementary restrictions under the Immigration and Refugee Protection Act.

Regarding the second layer of restrictions imposed by the Protection of Passenger Information Regulations, most scenarios cited provisions for potential contraventions that were reasonably viewed as relating to terrorism or serious transnational crime. In several instances, however, the link to terrorism or serious transnational crime was not clear. This occurred in one of two ways:

Scenarios did not establish why a potential contravention cited as the intent of the scenario was related to an offence punishable by a term of at least four years of imprisonment, which one of the criteria in the definition of a serious transnational crime. It was therefore unclear how the enforcement interest related to a serious transnational crime (observed in at least 28 scenarios).Including more precise details on how the potential contravention relates to a serious transnational crime or terrorism offence would more clearly establish this link.
Scenarios cited three or more distinct grounds for serious inadmissibility, such as sections 34, 35,36, and/or 37 of the Immigration and Refugee Protection Act without providing further details as to why all grounds were relevant to the conduct at issue in the scenario (observed in at least 20 scenarios).

This obscured how the grounds related meaningfully to the conduct at issue and why the conduct related to a terrorism offence or serious transnational crime. Including more precise details on how each ground of inadmissibility included in a scenario is relevant to the conduct at issue would help in this regard.

Illustrative examples are provided in Figure 5, and further details on NSIRA’s assessment of compliance with the Customs Act and the Protection of Passenger Information Regulations are provided in Appendix 8.3.

Figure 5. Instances Where the Link to Serious Transnational Crime or Terrorism Offences was unclear

[Figure revised to remove privileged or injurious information. It described two examples where the link to serious transnational crime or terrorism offences was unclear in scenarios.]

Do Flight List Targeting triage practices comply with statutory and regulatory restrictions?

Lack of documentation about why officers selected particular flights or passengers prevented NSIRA from verifying whether Flight List Targeting triaging practices comply with the use restrictions found in the Customs Act or the Protection of Passenger Information Regulations. This lack of documentation also impedes the CBSA’s internal verification that Flight List Targeting triaging complies with these use restrictions.

As Targeting Officers rely on their judgement to triage passengers in Flight List Targeting, record keeping about triaging decisions is important to be able to verify that triaging complies with relevant statutes and regulations and take corrective action as appropriate. Although the National Targeting Centre has a Notebook Policy, which requires officers to “record all information about the officers’ activities,” the National Targeting Policy and the Air Passenger Targeting Standard Operating Procedures do not specify what stages of Air Passenger Targeting need to be documented or what information needs to be recorded at each step. Moreover, the Air Passenger Targeting Standard Operating Procedures, the Target Narrative Guidelines, and the format for issuing targets in the CBSA’s systems do not require officers to include precise details about the potential contravention that motivated their decision to issue a target.

NSIRA was only able to infer why a passenger was first selected for further assessment in Flight List Targeting from the details of targets, even though the explanatory value of analyzing targets for insight about initial triaging is limited. Targets are not issued for all initially selected passengers : only 15 percent of the passengers that were selected for a comprehensive risk assessment led to a target being issued in 2019-20.

As well, the enforcement issue contained within targets may have changed during later stages in the Air Passenger Targeting process and may not necessarily reflect the issue that motivated the initial triaging decision.

NSIRA found that all targets in a sample of 59 targets issued subsequent to Flight List Targeting complied with the first layer of use restrictions under section 107(3) of the Customs Act, as they cited either the “IRPA” or the “Customs Act” in the details of the target. However, the targets did not always specify a particular contravention of these Acts, which created a challenge for determining why the officers’ interest in the passenger related to a terrorism offence or serious transnational crime. Based on other descriptive details about the behaviours or risk factors contained in the target, it was only possible to clearly infer the enforcement issue and determine that it was a terrorism offence or a serious transnational crime in approximately half the targets (29 of 59). Illustrative examples are provided in Figure 6.

Figure 6. Instances Where the Potential Contravention was Unclear in Targets

[***Figure revised to remove privileged or injurious information. It described two examples of targets where the potential was unclear based on the details of the target.***]

Why is precision in record keeping important?

It is important to ensure that the potential contravention at issue is clear in scenario templates and targets and to ensure that recordkeeping about the reasons animating Flight List Targeting triaging is adequate in order to allow effective verification that all triaging activities comply with statutory and regulatory restrictions.

The CBSA’s current oversight functions consist of reviewing new scenarios prior to and in parallel with their activation and of reviewing targets after the fact for quality control and performance measurement. However, the documentation weaknesses identified above prevent the CBSA from ensuring that its triaging activities comply with statutory and regulatory restrictions. The CBSA’s oversight mechanisms should include robust verification that scenarios and manual Flight List Targeting triaging practices are animated by issues relevant to the administration or enforcement of the CBSA’s program legislation. Where Passenger Name Record data is used, oversight should also verify that the enforcement issue constitutes or is indicative of a terrorism offence or serious transnational crime. More precise and consistent recordkeeping of the reasons underlying passenger triage decisions in both Scenario Based Targeting and Flight List Targeting would help in this respect.

Guidance on what the legislative and regulatory restrictions entail for targeting activities was also not clearly articulated in the National Targeting Centre’s policies, standard operating procedures, or training materials. These guidance materials should include further specifics on:

Which issues pertinent to admissibility under the Immigration and Refugee Protection Act or other contraventions of the CBSA’s program legislation constitute or relate to a serious transnational crime or terrorism offence and why; and
How to document triaging decisions on a consistent basis to enable internal and external verification that targeting activities align with these legal and regulatory restrictions.

For example, the Scenario Based Targeting Governance Framework included helpful examples of risk categories that identify associated legislative provisions. Though the examples align with the definitions of serious transnational crime and terrorism offences in the Protection of Passenger Information Regulations, no explanation linking the examples to alignment with the regulations are provided. Equivalent guidance does not exist for Flight List Targeting.

Clearly identifying the potential enforcement issue is also important to verifying that the indicators created from Advance Passenger Information and Passenger Name Record data that are used to triage passengers are relevant to the issue and reliably predictive of it. This is important for demonstrating that the triaging practices are reasonable and non-discriminatory (see Section 6.3).

Finding 1. The CBSA’s use of Advance Passenger Information and Passenger Name Record data in Scenario Based Targeting complied with section 107(3) of the Customs Act.

Finding 2. The CBSA does not document its triaging practices in a manner that enables effective verification of whether all triaging decisions comply with statutory and regulatory restrictions.

Recommendation 1. NSIRA recommends that the CBSA document its triaging practices in a manner that enables effective verification of whether all triaging decisions comply with statutory and regulatory restrictions.

The CBSA’s Compliance with Obligations Pertaining to Non-Discrimination

The CBSA’s Non-Discrimination Obligations and Why They Matter

The Canadian Human Rights Act and the Charter each establish obligations pertaining to nondiscrimination. The tests for assessing whether or not discrimination has occurred are thematically similar, though with differences in approach and terminology as illustrated in Figure 7. The analysis under both instruments begins with a factual inquiry into whether a distinction is being drawn between travellers based on prohibited grounds of discrimination, and if so, whether it has an adverse effect on the traveller or reinforces, perpetuates or exacerbates disadvantage. If so, the analysis under the CHRA examines whether there is a bona fide justification for the adverse differentiation. The corresponding analysis under the Charter examines whether the limit on travellers’ equality rights is demonstrably justified in a free and democratic society.

Figure 7. Legal Tests under the CHRA and the Charter

What NSIRA Found

Although triaging in Air Passenger Targeting typically relies on multiple indicators that are created from Advance Passenger Information and Passenger Name Record data, some of these indicators are protected grounds or relate closely to protected grounds. Air Passenger Targeting triaging results in impacts on travellers that can be considered adverse in nature and are capable of reinforcing, perpetuating, or exacerbating disadvantages. This creates a risk of prima facie discrimination. While these limits on travellers’ equality rights may be justifiable, weaknesses in the CBSA’s program documentation prevented the CBSA from demonstrating that a bona fide justification supported the adverse differentiation of travellers in several instances. A large body of information and intelligence is available to CBSA staff; however, it was not compiled and documented in a way that consistently established why certain indicators used to triage passengers related to a threat or potential contravention and did not always establish that these indicators were current and reliable. This weakness with respect to ensuring precise, well-substantiated documentation is similar to the one already highlighted in relation to the CBSA’s compliance with legal and regulatory restrictions.

Further information on the nature of the differentiations made in Air Passenger Targeting triaging practices and their impact on individuals would be required to conclusively establish whether or not triaging practices are discriminatory. However, the risk of discrimination is sufficiently apparent to warrant careful attention. In this review, NSIRA will recommend measures that could help the CBSA to assess and mitigate discrimination-related risks.

Does the CBSA make a distinction in relation to “protected grounds”?

Some of the indicators relied on to triage passengers are either protected grounds themselves or relate closely to protected grounds. NSIRA observed instances where passengers appeared to be differentiated based on protected grounds.

NSIRA examined all scenarios that were active on May 26, 2021 and a sample of targets to determine whether the CBSA’s triaging practices engage prohibited grounds of discrimination, such as age, sex, or national or ethnic origin. NSIRA refers to these as “protected grounds” in the report. The assessment considered:

How the indicators used to triage passengers relate to protected grounds;
The significance of the indicators in triage and how individual indicators were weighted in relation to each other; and
Whether these indicators created distinctions among individuals, or classes of individuals, based on protected grounds, whether in their own right or by virtue of their cumulative impact.

NSIRA found that the CBSA triages passengers based on a combination of indicators that are created from Advance Passenger Information and Passenger Name Record data. This triaging often included indicators that were either protected grounds themselves or related closely to protected grounds. Examples of these indicators are provided in Figure 8 with further details on how the CBSA relied on these indicators in Appendix 8.4.

Figure 8. Advance Passenger Information and Passenger Name Record Data That Relate to Protected Grounds

Figure 8: Diagram/Table of the Advance Passenger Information and Passenger Name Record Data That Relate to Protected Grounds

Although the CBSA took certain measures to mitigate the possibility that triaging decisions were based primarily on protected grounds, NSIRA observed that these measures did not always adequately mitigate that risk. More specifically:

[***Note revised to remove injurious or privileged information. It lists examples of scenarios that relied on single elements.***] NSIRA observed instances where scenarios continued to rely largely on indicators that related closely to protected grounds. This was because the behavioural indicators were often used in a way that related closely to a protected ground (primarily national origin) or because the parameters for the behavioural indicators were very broad (for example: passports as a travel document) and did not significantly narrow the range of passengers captured by the scenario. Examples are provided in Figure 9.
Scenario Based Targeting triaging for potential contraventions relevant to national security focused disproportionately on a certain profile of passengers: [***Sentence revised to remove injurious or privileged information. It described a combination of traveller characteristics that relates to protected grounds.***] While individual scenarios considered a variety of other indicators that differed between each scenario and that appeared to be specific to a unique set of personal characteristics and behavioural patterns for each national security risk, the overall effect of the scenarios created a differential impact largely focused on this particular profile.

Figure 9. Instances Where Behavioural Indicators Were Protected Grounds or Did Not Narrow Scope

[***Figure revised to remove privileged or injurious information. It describes two examples of scenarios where behavioural indicators were used in a way that related closely to a protected ground or because the parameters for the behavioural indicators were very broad and did not significantly narrow the range of passengers captured by the scenario***]

As the CBSA’s triaging practices engage protected grounds and resulted in a differentiation of passengers based on protected grounds in certain instances, NSIRA considered the impacts that these distinctions may produce.

Do distinctions result in adverse impacts capable of reinforcing, perpetuating, or exacerbating a disadvantage?

Distinctions made in passenger triage lead to several types of potential impacts for the passengers that are selected for further assessment. These impacts are adverse in nature and are capable of reinforcing, perpetuating, or exacerbating disadvantages.

NSIRA considered the kinds of impacts that Air Passenger Targeting has for the passengers who are selected for further assessment through the initial triage. These impacts are illustrated in Figure 10. Each may have important effects on passengers’ time, privacy, and equality, particularly as the impacts accumulate during the screening process and/or where these impacts are experienced repeatedly by the same travellers.

Figure 10. Impacts on Travellers Resulting from Initial Triage

[Figure revised to remove privileged or injurious information. It describes numbers of passengers targeted by year.]

These impacts can be adverse in nature and are reasonably understood as being capable of reinforcing, perpetuating, or exacerbating disadvantage, particularly when viewed in light of possible systemic or historical disadvantages. However, disaggregated data on the ethno-cultural, gender, or other group identity of affected passengers and their circumstances in Canadian society would be required to fully appreciate Air Passenger Targeting’s impacts on affected groups.

A risk of prima facie discrimination is established where these adverse impacts accrue to individuals based on protected grounds. These adverse impacts on protected groups will not amount to discrimination under the Canadian Human Rights Act if the CBSA can demonstrate a bona fide justification for the differentiation and will be allowed under the Charter if the CBSA can establish that the distinctions are a reasonable limit on travellers’ equality rights.

Does the CBSA have an adequate justification for the adverse differentiation?

While a large body of information and intelligence is available to CBSA’s staff for their triaging activities, weaknesses in recordkeeping, in the coherent synthesis of this information, and in data collection prevented the CBSA from demonstrating, that an adequate justification exists for its use of the indicators it created from Advance Passenger Information and Passenger Name Record data in several instances.

NSIRA examined how the CBSA relied on information and intelligence to support its triaging practices by reviewing a sample of 12 scenarios and a sample of 59 targets issued subsequent to manual triaging in Flight List Targeting. NSIRA also examined performance data for the selected scenarios. In examining the supporting documentation provided for each scenario demonstrated an adequate justification for the indicators created from Advance Passenger Information and Passenger Name Record data to triage passengers, NSIRA considered a number of factors:

Whether the information was objective and empirical;
Whether it was credible and reliable, in terms of its source and the quality of its substantiation;
Whether the information was recent and up to date;
Whether the information established a meaningful connection between the indicator(s) and the enforcement issue;
Whether the indicators were specifically indicative of the enforcement issue or were general;
Whether the indicators were based on a representative sample size; and
Whether the reliance on the particular indicators to triage passengers was effective in identifying potential contraventions in the past (i.e. whether empirical results support the reliance).

In Scenario Based Targeting, 11 out of the 12 scenarios in the sample reviewed did not provide an adequate justification for the triaging indicators, due in part to weaknesses in the supporting documentation for scenarios.

A summary of NSIRA’s assessment in relation to each of the assessment criteria is provided in Figure 11 and examples are described below.

Figure 11. Summary of NSIRA’s Assessment of Scenario Supporting Documentation

Figure 11: Graph/Table of the summary of NSIRA’s Assessment of Scenario Supporting Documentation

Most of the supporting documentation for the scenario sample was based on empirical information about enforcement actions or other intelligence products developed by the CBSA or its partners that were derived from clearly identified empirical sources. NSIRA considered these products to be objective and reliable sources. However, NSIRA noted three instances where it was unclear what the basis of the information was, and therefore whether it was objective and credible.

Inconsistencies in how supporting documentation for scenarios was maintained created further challenges for verifying that scenarios were based on reliable and up-to-date information, as four of the scenarios examined relied on information that was more than five years old and the CBSA could not locate one or more documents cited as supporting documentation in nine of the scenarios. While deleting older information is appropriate if it is replaced with more recent information, doing so in absence of more recent supporting information may undermine the CBSA’s the ability to justify the basis of the scenario.

In 3 of 12 scenarios examined, it was unclear how the supporting documentation related to the potential contravention identified in the scenario, which prevented further analysis as to how the indicators created from Advance Passenger Information and Passenger Name Record data were meaningfully connected to the enforcement issue. In all except one of the 12 scenarios, the supporting documentation did not mention one or more of the indicators in the scenario, making it unclear what the basis was for relying on those indicators. A number of the unsubstantiated indicators in those scenarios related closely to protected grounds. Two examples are provided in Figure 12.

Figure 12. Examples of Weaknesses in Scenario Supporting Documentation

[***Figure revised to remove privileged or injurious information. It describes issues observed in the supporting documentation for two scenarios as examples. These concerned the reliability of speculative claims made in an op-ed that was used as supporting documentation for one scenario that did not provide a clear basis for the indicators relied on in the scenario, and lack of information related to one or more of the indicators in the other scenario.***]

In 11 of the 12 scenarios, the supporting documentation did not include enough information to assess whether the indicators in the scenarios were based on a representative sample size of passengers. This prevented verification that the indicators in the scenario and their parameters reflect a pattern or trend in traveller characteristics and travel patterns rather than a single instance or handful of instances. Deriving indicators from too small a sample size also creates a risk that the indicators are not reliably associated to a potential contravention but rather simply connoted individuals who happen to have been the subject of past enforcement activity. A small sample size can also create bias and confirmation bias about stereotypes pertaining to traveller behaviour or personal characteristics.

Lack of information in 11 of the 12 scenarios on the likelihood and impact of the risk posed by the enforcement issue also prevented further assessment of the extent that the indicators and parameters were unique to the particular enforcement issue either individually or collectively. Moreover, in 4 of the 12 scenarios, the supporting documentation did not include any information to indicate that the indicators and parameters of the scenario had indeed been associated with a confirmed contravention of the CBSA’s program legislation or whether the association between the indicators and the enforcement issue was simply hypothetical. While reliable intelligence could also provide an empirical basis for passenger triage to inform the development of scenarios, information about whether scenarios have actually resulted in confirmed contraventions of the CBSA’s program legislation can be integrated into the supporting documentation of scenarios over time. This issue is examined further in relation to performance data below.

Only one of the 12 scenarios in the sample had enough information to get a sense of the enforcement issue, to understand the basis for relying on the particular indicators in the scenario in relation to the enforcement issue, and to establish that the indicators were based on a clear pattern of association with a large number of confirmed contraventions and reflected an appropriate range. Details about this scenario and why the supporting document substantiated the scenario are provided in Figure 13.

[***Figure revised to remove privileged or injurious information. It describes how the supporting documentation provided for a scenario was based on credible, empirical information that helped to establish the enforcement issue, provided a sense of the prevalence of the issue and its pertinence to the CBSA mandate, established a correlation between the specific indicators in the scenario and confirmed contraventions based on a significant sample size, and established that the parameters for each indicator were appropriately defined.***]

A large body of information and intelligence is available to CBSA staff to inform their targeting activities; however, in all except one of the scenarios, the information, intelligence, and other analytical insights were not brought together coherently to demonstrate that the basis for triaging was justified in those particular instances. The CBSA indicated that they intend to prepare standardized intelligence products that would coherently bring together this information to support the development of new scenarios. Developing such products for all active scenarios would help ensure that an adequate justification exists for all differentiation arising from triaging decisions in Air Passenger Targeting. This issue is examined further in relation to oversight practices below.

In Flight List Targeting, there was insufficient documentation to explain why particular indicators were considered valid risk factors in the context of a particular enforcement issue.

While a large body of information and intelligence exists for Targeting Officers to draw from when triaging passengers in Flight List Targeting, these sources are not necessarily documented in the course of making triaging decisions. Flight List Targeting strategies are not codified and triaging decisions are not consistently documented. This means that the sources and considerations that informed individual triaging decisions were not always apparent in the program documentation that NSIRA reviewed.

Noting the limitations of analyzing targets for insight into initial triaging decisions mentioned previously, the sparse details contained within the sample of 59 targets issued subsequent to Flight List Targeting further limited NSIRA’s assessment. Most of the targets included information specific to each passenger that was obtained through the passenger risk assessment, which reasonably supported a justification for issuing the target. However, this information would have been obtained after initial triaging decisions. Targets occasionally included a brief explanation about why certain elements of Advance Passenger Information and Passenger Name Record data were considered to be risk factors, suggesting that the Targeting Officer’s triage decision may have been informed by information and intelligence. However, it was often unclear why the passenger data cited as risk factors in the target suggested a threat or potential contravention of the CBSA’s program legislation. Assessing how the passenger data cited as risk factors in a target corresponded with the potential contravention was further complicated where the enforcement issue was also unclear. Examples in Figure 14 illustrate this challenge.

Figure 14. Why the Justification for the Indicators Used in Targeting is Important

[***Figure revised to remove privileged or injurious information. It returns to the examples of targets discussed in Figure 6 where ambiguity about the enforcement issue created further challenges for assessing how the passenger data cited as risk factors in the target corresponded with the enforcement issue.***]

Performance data for the scenario sample indicates that the indicators created from Advance Passenger Information and Passenger Name Record data to triage passengers may not be closely correlated with the particular enforcement issue.

The CBSA should be able to demonstrate at the outset that information and intelligence justify the use of particular indicators created from Advance Passenger Information and Passenger Name Record data to triage passengers for potential contraventions, particularly where those indicators relate to protected grounds. However, secondary examination results from previously issued targets can provide a source of such information. These results also provide important insight into how strongly certain indicators correlate with potential contraventions and indicate areas where inferences should be revisited and revised.

NSIRA’s analysis of the performance data for the sample of 12 scenarios revealed that the indicators may not necessarily be closely correlated with the particular enforcement issue(s) in the scenarios or predict potential contraventions of the CBSA’s program legislation with high accuracy.

In many of the scenarios, less than 5 percent of passengers that matched to the scenario—based on their Advance Passenger Information and Passenger Name Record data—resulted in an enforcement action or relevant intelligence at the end of a secondary examination, which the CBSA refers to as a “resultant” target. This is due in part to the fact that the vast majority of passengers who are risk assessed do not result in a decision to issue a target. Additionally, certain enforcement issues may have a low probability of occurring, but a high impact. However, the fact that most passengers who match to a scenario are not of concern raises questions about the accuracy of relying on Advance Passenger Information and Passenger Name Record data elements as indicators and about the proportionality of the targeting practices.
On average, a quarter of targets issued (through both Flight List Targeting and Scenario Based Targeting) led to a “resultant” secondary examination, though the scenarios in the sample ranged widely from as low as 4.8 percent to as high as 72.7 percent.
Only nine of the 12 scenarios led to at least one enforcement action or useful intelligence between 2019-20 or 2020-21. Again, this is not necessarily an issue if an enforcement issue has a low probability of occurring, but a high impact. However, it also raises questions about the empirical basis of the scenario.
Many of the scenarios led to examination results for issues other than the one that justified the initial targeting. This suggests that the indicators may not be very precise and raises questions about the underlying assumptions or inferences.

NSIRA also observed that the performance data for scenarios matched to a significantly higher proportion of travellers and yielded a higher proportion of “resultant” targets in one year, with much lower results in the next year, indicating how rapidly travel patterns may change. The CBSA indicated that COVID-19 resulted in major shift in travel and business patterns, which has presented challenges for the CBSA to understand how the indicators have evolved in relation to a diversity of enforcement issues and to adapt their targeting strategies. This emphasizes the importance of ensuring that scenarios and Flight List Targeting activities are supported by up-to-date information and intelligence. It also emphasizes the importance of analyzing performance data to rigorously to evaluate, refine, and/or deactivate scenarios in order to remain consistent with a changing risk environment.

However, the insights that can be drawn from the performance data are limited, because the CSBA does not track the results of secondary examinations arising from random referrals or instances where passengers that were not targeted were later found to have contravened the CBSA’s program legislation by other means. This prevents contextualization of Air Passenger Targeting performance against a baseline (namely, whether Air Passenger Targeting is better, on par with, or less effective at predicting a potential contravention of its program legislation than a random referral). Beyond its relevance for performance measurement, baseline data would help to protect the CBSA against confirmation biases where enforcement results in a few isolated cases may reinforce stereotypes even though they do not represent a meaningful trend. Moreover, a “resultant” secondary examination according to the National Targeting Centre’s definition does not necessarily indicate a confirmed instance of non-compliance. This makes it difficult to analyze performance data as source of empirical information to support the CBSA’s justification for using certain indicators to triage passengers, as a “resultant” search may not always signify a correlation between the indicators and the potential contravention.

In sum, the CBSA was not able to demonstrate that adequate justification consistently supported its use of particular indicators in the scenarios and targets examined by NSIRA. This creates a risk that the triaging activities were discriminatory. To avoid discrimination, the link between the indicators used to triage passengers and the potential threats and contraventions they purport to identify must be well-substantiated by recent, reliable, and documented intelligence or empirical information that demonstrates that the indicators are reasonably predictive of potential harms to Canada’s national security and public safety. The CBSA was able to document an adequate justification for passenger triaging in one scenario. Compiling relevant information and intelligence for its other triaging activities would assist in demonstrating that they are also non-discriminatory.

Further information would be required to determine if any distinctions arising from Air Passenger Targeting that are capable of reinforcing, perpetuating, or exacerbating a disadvantage constitute a reasonable limit on travellers’ equality rights.

The analysis above establishes that Air Passenger Targeting may infringe travellers’ equality rights under the Charter. All Charter rights are subject to reasonable limits, however. To establish that a limit is reasonable, the state must demonstrate that it is rationally connected to a pressing and substantial objective, that it is minimally impairing of the right, and that there is a proportionality between its salutary and deleterious effects. These limits must also be prescribed by law.

The analysis of whether state actions constitute a reasonable limitation of Charter rights is highly fact specific. To examine this question, further data would be required on:

Precisely how various indicators relate to protected grounds;
Whether the indicators effectively further national security and public safety;
The reasonable availability of other means to ensure similar security outcomes at the border;
The impacts of Air Passenger Targeting for affected passengers; and
The significance of the contribution of Air Passenger Targeting to national security and other government objectives.

NSIRA notes these data gaps may create challenges for the CBSA in establishing that any discrimination resulting from Air Passenger Targeting is demonstrably justified under section 1 of the Charter. Documenting the contribution of Air Passenger Targeting to national security and public safety, the breadth and nature of its impacts, and contrasting the effectiveness of Air Passenger Targeting relative to other less intrusive means of achieving the CBSA’s objectives would assist the CBSA in demonstrating that the program is reasonable and demonstrably justified in Canadian society.

Has the CBSA complied with its obligations pertaining to non-discrimination?

Air Passenger Targeting triaging practices create a risk of prima facie discrimination. This is due to two key features. First, Air Passenger Targeting relies, in part, on indicators created from Advance Passenger Information and Passenger Name Record data that are either protected grounds themselves or that relate closely to such grounds. This was particularly the case for indicators relating to passengers’ age, sex, and national or ethnic origin. Passengers were differentiated based on these grounds, as they were selected for further assessment due in part to these characteristics. NSIRA also observed that the triaging resulted in disproportionate attention to certain nationalities and sexes, when the cumulative effect of scenarios was taken into account.

Second, this differentiation has adverse effects on travellers. Air Passenger Targeting triaging affects individuals’ privacy through subsequent risk assessments and mandatory referrals for secondary examination. Such scrutiny may also erode an individual’s sense of receiving the equal protection of the law, particularly where these impacts are repeatedly experienced by the same traveller or are perceived to be animated by racial, religious, ethnic, or other biases. These impacts are also capable of reinforcing, perpetuating, or exacerbating disadvantage, especially when viewed in light of systemic or historical disadvantage.

To comply with its obligations under the Canadian Human Rights Act, the CBSA must be able to demonstrate that a bona fide justification exists for this adverse differentiation. However, the CBSA was not able to demonstrate that its choice of indicators was consistently based on recent, reliable, and documented intelligence or empirical information. This weaknesses in the link between the indicators and the potential threats or contraventions they seek to identify, creates a risk of discrimination.

To comply with its Charter obligations, the CBSA must also be able to demonstrate that any resulting discrimination is a reasonable limit on travellers’ equality rights. The same weaknesses NSIRA observed in the CBSA’s substantiation of the link between particular indicators and potential threats or contraventions they seek to identify also undermines its ability to demonstrate the rational connection between its triaging indicators and potential contraventions of its program legislation. Further information on the contribution of Air Passenger Targeting to national security and its relative value compared to other screening means would also be needed to determine whether Air Passenger Targeting can be justified as a reasonable limit under the Charter.

The weaknesses NSIRA observed stem partly from lack of precision in the CBSA’s program documentation and other recordkeeping issues. These are examined in the following section.

Finding 3. The CBSA has not consistently demonstrated that an adequate justification exists for its Air Passenger Targeting triaging practices. This weakness in the link between the indicators used to triage passengers and the potential threats or contraventions they seek to identify creates a risk that Air Passenger Targeting triaging practices may be discriminatory.

Recommendation 2. NSIRA recommends that the CBSA ensure, in an ongoing manner, that its triaging practices are based on information and/or intelligence that justifies the use of each indicator. This justification should be well-documented to enable effective internal and external verification of whether the CBSA’s triaging practices comply with its non-discrimination obligations.

Recommendation 3. NSIRA recommends that the CBSA ensure that any Air Passenger Targeting-related distinctions on protected grounds that are capable of reinforcing, perpetuating, or exacerbating a disadvantage constitute a reasonable limit on travellers’ equality rights under the Charter.

What measures are in place to mitigate the risk of discrimination?

The policies, procedures, and training materials reviewed did not adequately equip CBSA staff to identify potential discrimination or to mitigate related risks in the exercise of their duties.

The CBSA’s Air Passenger Targeting policies acknowledged responsibility to respect privacy, human rights, and civil liberties. However, policies, procedures, and training were insufficiently detailed to equip staff to identify and mitigate discrimination-related risks in the exercise of their duties.

Targeting Officers did not receive any specific training related to human rights.
The CBSA’s policies, procedures, and other program guidance were not precise enough on specific requirements or steps to equip staff to mitigate risks related to discrimination. In particular, details were lacking in how to associate supporting documentation to a scenario or a triaging decision in Flight List Targeting, and when and how to revisit and update that information on are gular basis.
No specific policies, procedures, or guidelines were developed for Flight List Targeting beyond the Air Passenger Targeting Standard Operating Procedures, particularly those that relate to record keeping.

The oversight structures and practices that were reviewed were not rigorous enough to identify and mitigate potential discrimination-risks, compounded by an absence of relevant data for this task.

While the CBSA has oversight structures and practices in place for Air Passenger Targeting, it was unclear how these oversight practices were performed. NSIRA identified several areas where they may not be rigorous enough to identify and mitigate potential risks of discrimination as appropriate.

Scenarios are reviewed for policy, legal, privacy, human rights, and civil liberties implications as part of their activation and on an ongoing basis. However, it is not clear that these oversight functions are guided by a clear understanding of what constitutes discrimination or that all relevant aspects of scenarios are examined.
Scenarios are reviewed individually on a regular basis. However, it is not clear that the collective impact of the CBSA’s targeting activities is also assessed on a regular basis.
It is not clear whether any oversight functions related to non-discrimination take place in Flight List Targeting.

Moreover, the CBSA does not gather data relevant to fully assess whether Air Passenger Targeting results in discrimination or to mitigate its impacts.

The CBSA does not gather disaggregated demographic data about the passengers affected by each stage of the Air Passenger Targeting program. This is relevant to detecting whether the program may be drawing distinctions on protected grounds and/or whether it has a disproportionate impact on members of protected groups.
The CBSA does not compare information about its triaging practices against information relevant to understanding their potential impacts on travellers and whether those impacts indicate an issue with the CBSA’s targeting practices. This includes information about whether complaints about alleged discrimination at the border relate to a person identified through Air Passenger Targeting and whether the nature of secondary examinations resulting from Air Passenger Targeting may differ from those caused by random or other referrals.
The CBSA does not gather or assess relevant performance data or data on its impacts against a baseline comparator group in order to contextualize its analysis of this information.

Finding 4. The CBSA’s policies, procedures, and training are insufficiently detailed to adequately equip CBSA staff to identify potential discrimination-related risks and to take appropriate action to mitigate these risks in the exercise of their duties.

Finding 5. The CBSA’s oversight structures and practices are not rigorous enough to identify and mitigate potential discrimination-related risks, as appropriate. This is compounded by a lack of collection and assessment of relevant data.

A number of adjustments to current policies, procedures, guidance, training, and other oversight practices for the Air Passenger Targeting program will help the CBSA mitigate discrimination-related risks by ensuring that distinctions drawn in the initial triage of passengers are based on adequate justifications that are supported by intelligence and/or empirical information. A more detailed treatment on discrimination in training, policies, guidance materials, and oversight for the Air Passenger Targeting program could also provide CSBA staff and the units and committees that perform internal oversight functions with information they may require to exercise their functions accordingly. Careful attention should be paid to the following:

Understanding the CBSA’s human rights obligations and how risks related to discrimination should be identified and assessed;
Identifying when triaging indicators may relate to protected grounds;
Ensuring that any adverse differentiation is based on a well-substantiated connection between the indicators and the potential threat or potential contravention;
Ensuring the triage of travellers is informed by recent and reliable information and intelligence, with training on how to assess whether the supporting documents meets these requirements;
Identifying and addressing impacts resulting from passenger triaging practices to ensure that they are minimized and proportional to the benefit gained for public safety or national security;
Ensuring that impacts resulting from Air Passenger Targeting do not unduly reinforce, perpetuate, or exacerbate disadvantage; and
Developing tools to detect and mitigate potential biases by gathering and assessing relevant data on targeting practices, their performance, and their impacts.

In this respect, the obligations created by the United Kingdom Public Sector Equality Duty may be instructive. The duty is procedural in nature and requires that public bodies (including customs and immigration authorities) consider how they may eliminate discrimination in the exercise of their functions. It requires departments to turn their minds to the potential impact their decisions, policies or programs have, and how these may differ based on protected grounds, such as age, sex/gender, and race, ethnic or national origin, colour, or nationality. It also creates an obligation to acquire relevant information, if it is not already available, to avoid direct or indirect discrimination.

It is important to clarify that any data collection and analysis relevant to detecting and addressing potential discrimination should be conducted by a separate unit than the National Targeting Centre. Targeting Officers should not have access to disaggregated demographic data when triaging passengers, as this might increase discrimination-related risks. The CBSA recognizes this in its commitment to removing “sensitive data” about a person’s health or sex life from the Advance Passenger Information and Passenger Name Record data that it imports into its triaging systems. This precaution should not prevent other units within the CBSA from gathering and considering depersonalized, disaggregated demographic data, including to conduct Gender Based Analysis+ that could reduce the risk of discrimination and/or mitigate its potential impacts.

Recommendation 4. NSIRA recommends that the CBSA develop more robust and regular oversight for Air Passenger Targeting to ensure that its practices are not discriminatory. This should include updates to the CBSA’s policies, procedures, training, and other guidance, as appropriate.

Recommendation 5. NSIRA recommends that the CBSA start gathering and assessing the necessary data to identify, analyze, and mitigate discrimination-related risks. This includes disaggregated demographic data, data on the effects of Air Passenger Targeting on secondary examinations that may be apparent from related human rights complaints, and data on a baseline comparator group.

Conclusion

The pre-arrival risk assessments performed as part of the CBSA’s Air Passenger Targeting program support the CBSA’s ability to screen inbound travellers in relation to a variety of enforcement issues. However, some of the information used to triage passengers relates to protected grounds. This creates a risk that passengers may be differentiated based on prohibited grounds of discrimination. Triaging may lead to adverse impacts on passengers’ time, privacy, and equal treatment, which maybe capable of reinforcing, perpetuating or exacerbating disadvantage.

Careful attention to the reliability of the information and intelligence that underpin the choice of indicators to triage passengers and their connection to the threats or potential contraventions they seek to identify is needed to verify that the CBSA respects its non-discrimination obligations. This has implications for both Canada’s national security and its international commitments related to combatting terrorism and serious transnational crime and related to privacy and human rights.

NSIRA is satisfied that the CBSA has the legal authority to conduct Air Passenger Targeting. However, NSIRA observed shortcomings in the CBSA’s documentation of its program activities that complicated verification that all triaging decisions complied with statutory and regulatory restrictions. Improvements to documentation in these respects are essential and will help lower future compliance risks by ensuring the CBSA can verify that all triaging decisions comply with the terms of the Customs Act and the Protection of Passenger Information Regulations.

Similarly, the absence of adequate justification in several instances for the CBSA’s reliance on indicators created from passengers’ Advance Passenger Information and Passenger Name Record data leads to a risk of discrimination. Improving documentation requirements and setting out further detail in the CBSA’s policies, procedures, and training would better equip CBSA staff to understand these risks and mitigate them in the conduct of their duties. More robust and regular oversight to ensure that adequate justification exists for any adverse differentiation arising from Air Passenger Targeting grounds would equip the CBSA to identify which scenarios or manual Flight List Targeting triaging practices need further support. Improving relevant data gathering and assessment will also support the identification and mitigation of discrimination-related risks in Air Passenger Targeting.

Appendices

Findings & Recommendations

Findings	Recommendations
Finding 1. The CBSA’s use of Advance Passenger Information and Passenger Name Record data in Scenario Based Targeting complied with section 107(3) of the Customs Act.	Recommendation 1. NSIRA recommends that the CBSA document its triaging practices in a manner that enables effective verification of whether all triaging decisions comply with statutory and regulatory restrictions.
Finding 2. The CBSA does not document its triaging practices in a manner that enables effective verification of whether all triaging decisions comply with statutory and regulatory restrictions.	Recommendation 2. NSIRA recommends that the CBSA ensure, in an ongoing manner, that its triaging practices are based on information and/or intelligence that justifies the use of each indicator. This justification should be well-documented to enable effective internal and external verification of whether the CBSA’s triaging practices comply with its non-discrimination obligations.
Finding 3. The CBSA has not consistently demonstrated that an adequate justification exists for its Air Passenger Targeting triaging practices. This weakness in the link between the indicators used to triage passengers and the potential threats or contraventions they seek to identify creates a risk that Air Passenger Targeting triaging practices may be discriminatory.	Recommendation 3. NSIRA recommends that the CBSA ensure that any Air Passenger Targetingrelated distinctions on protected grounds that are capable of reinforcing, perpetuating, or exacerbating a disadvantage constitute a reasonable limit on travellers’ equality rights under the Charter.
Finding 4. The CBSA’s policies, procedures, and training are insufficiently detailed to adequately equip CBSA staff to identify potential discrimination-related risks and to take appropriate action to mitigate these risks in the exercise of their duties.	Recommendation 4. NSIRA recommends that the CBSA develop more robust and regular oversight for Air Passenger Targeting to ensure that its practices are not discriminatory. This should include updates to the CBSA’s policies, procedures, training, and other guidance, as appropriate.
Finding 5. The CBSA’s oversight structures and practices are not rigorous enough to identify and mitigate potential discrimination-related risks, as appropriate. This is compounded by a lack of collection and assessment of relevant data.	Recommendation 5. NSIRA recommends that the CBSA start gathering and assessing the necessary data to identify, analyze, and mitigate discrimination-related risks. This includes disaggregated demographic data, data on the effects of Air Passenger Targeting on secondary examinations that may be apparent from related human rights complaints, and data on a baseline comparator group.

The CBSA’s Authority to Collect and Use Advance Passenger Information and Passenger Name Record data in Air Passenger Targeting

Authority to Collect the Data
Customs Act, s. 107.1 & IRPA s. 148(1)(d) Air carriers are required to provide “prescribed information” about any person on board, or expected to be on board, a flight arriving into Canada.
Passenger Information Customs Regulations, s. 5 & Immigration and Refugee Protection Regulations, s. 269(1) Prescribe the required information, which constitute Advance Passenger Information and Passenger Name Record data.
Authority to Use the Data
Customs Act, s. 107(3) “Customs information” (including Advance Passenger Information/Passenger Name Record data)115 may be used for three purposes: • Administer or enforce the Customs Act, Customs Tariff, or related legislation; • Exercise the powers or perform the duties and functions of the Minister of Public Safety under the IRPA, including establishing a person’s identity or determining their inadmissibility; • For the purposes of other program legislation that the Minister of Public Safety or the CBSA is authorized to enforce
Immigration and Refugee Protection Act, s.149(a) Advanced Passenger Information and Passenger Name Record data may be used for three purposes: • for the purposes of the IRPA; • for the purposes of the Department of Citizenship and Immigration Act; • to identify a person for whom a warrant of arrest has been issued in Canada.
Protection of Passenger Information Regulations, s. 4 Passenger Name Record data provided to the CBSA under the Immigration and Refugee Protection Act116 may be used for two purposes: • to identify persons who have or may have committed a terrorism offence or serious transnational crime; • to conduct a trend analysis or develop risk indicators for that purpose.

Frequently Cited Provisions in Scenario Templates

The figure summarizes the main provisions cited as potential contraventions in scenario templates. [***Sentence revised to remove privileged or injurious information. It describes the number of scenarios that were active on May 26, 2021***]. Five of the provisions that were cited as potential contraventions did not clearly establish a link to a serious transnational crime or terrorism offence in compliance with the Protection of Passenger Information Regulations (PPIR). These are marked in orange and described below.

Provisions	Description	Complies with Cust Act	Complies with PPIR
IRPA s. 20	Presenting visa or other documents	Yes	Yes*
IRPA s. 34	Inadmissible, national security reasons	Yes	Yes
IRPA s. 35	Inadmissible, human rights violations	Yes	Yes
IRPA s. 36	Inadmissible, serious criminality	Yes	Yes
IRPA s. 37	Inadmissible, organized criminality	Yes	Yes
IRPA s. 40	Inadmissible, misrepresentation	Yes	Yes*
IRPA s. 41	Inadmissible, IRPA non-compliance	Yes	Yes*
IRPA s. 117	Human smuggling	Yes	Yes
IRPA s. 118	Human trafficking	Yes	Yes
Customs Act s. 159	Smuggling goods	Yes	Yes
Customs Act s. 12	Reporting goods	Yes	Yes*
Customs Act s. 13	Truthfully answering questions about & presenting goods	Yes	Yes*
Customs Tariff 9899.00.00	Hate or terrorist propaganda; seditious materials	Yes	Yes
PCMLTFA s. 12	Reporting of currency	Yes	Yes
PCMLTFA s. 74	General Offences	Yes	Yes

Section 20 of the Immigration and Refugee Protection Act (IRPA) concerns the requirement for foreign nationals to have the proper documentation to enter or remain in Canada. As contraventions of the IRPA where a penalty is not specified (such as section 20) are punishable by a term of imprisonment of up to two years under sections 124 and 125 of the IRPA, this contravention does not meet the definition of a serious transnational crime.

Section 40 of the IRPA indicates that a foreign national is inadmissible to Canada for misrepresentation. The link to serious transnational crime would be clearer by citing the provisions that establish misrepresentation as an offence under sections 127 and 128 of the IRPA.

Section 41 of the IRPA indicates that a foreign national is inadmissible for non-compliance with the IRPA. Non-compliance with the IRPA is not itself a terrorism offence or serious transnational crime. Further details about the enforcement concern are necessary to establish such a link.

Sections 12 and 13 of the Customs Act concern traveller requirements to report goods and truthfully answer questions; reference to the penalty provision in section 160(1)(b) indicates it is a serious offence. Reliance on these sections to justify the use of Passenger Name Record data may be problematic however, as these sections relate to future conduct, whereas section 4 of the PPIR focuses on past conduct (“have or may have” committed such acts). Concerns about prohibited goods or potential smuggling of goods may also more appropriately cite section 159 of the Customs Act and/or the Customs Tariff, Item 9899.00.00.

Examples of the CBSA’s Reliance on Indicators Relating to Protected Grounds

The figure below presents examples from both Scenario Based Targeting and Flight List Targeting of how the CBSA relies on indicators created from Advance Passenger Information and Passenger Name Record data that are or may relate closely to the grounds of “national or ethnic origin,” “age,” or “sex,” which are prohibited grounds of discrimination under the Canadian Human Rights Act and the Charter. The CBSA often relies on more than one such indicator. This is discussed in Section 6.2.2.1. The CBSA’s basis for relying on such indicators is discussed in Section 6.2.2.3.

[***Figure revised to remove injurious or privileged information. It provides statistics on the number of scenarios that rely on indicators that relate to protected grounds for “national or ethnic origin,” “age,” and “sex.”***]

Date Modified:: 2023-11-30

Review of Air Passenger Targeting by the Canada Border Services Agency (CBSA) – Government responses

Responses

Review of Air Passenger Targeting by the Canada Border Services Agency (CBSA) – Government responses

NSIRA Recommendation 1: NSIRA recommends that the CBSA document its triaging practices in a manner that enables effective verification of whether all triaging decisions comply with statutory and regulatory restrictions.

GOC Response: The CBSA agrees with this recommendation. The CBSA will complete a review of its APT triaging practices to ensure practices are in place which will enable effective verification of compliance with statutory and regulatory restrictions.

NSIRA Recommendation 2: NSIRA recommends that the CBSA ensure, in an ongoing manner, that its triaging practices are based on information and/or intelligence that justifies the use of each indicator. This justification should be well-documented to enable effective internal and external verification of whether the CBSA’s triaging practices comply with its non-discrimination obligations.

GOC Response: The CBSA agrees with this recommendation. While we are satisfied that justification for triaging and targeting practices exist, the CBSA acknowledges that better documentation practices could be implemented to enable effective internal and external verification of whether the CBSA’s triaging practices comply with its non-discrimination obligations. The CBSA’s Scenario Based Targeting Governance Framework will be updated to include information and/or intelligence that justifies the use of each indicator. Annual reviews of scenarios will continue to be conducted and documented to confirm that each active scenario is supported by recent and reliable intelligence.

NSIRA Recommendation 3: NSIRA recommends that the CBSA ensure that any Air Passenger Targeting related distinctions on protected grounds that are capable of reinforcing, perpetuating, or exacerbating a disadvantage constitute a reasonable limit on travellers’ equality rights under the Charter.

GOC Response: The CBSA agrees with this recommendation. The CBSA will review its APT practices to ensure that distinctions based on protected grounds are reasonable and can be demonstrably justified in the border administration and enforcement context.

NSIRA Recommendation 4: NSIRA recommends that the CBSA develop more robust and regular oversight for Air Passenger Targeting to ensure that its practices are not discriminatory. This should include updates to the CBSA’s policies, procedures, training, and other guidance, as appropriate.

GOC Response: The CBSA agrees with this recommendation. The CBSA acknowledges that policies, procedures, training, and other guidance, as appropriate can be improved to ensure robust and regular oversight for Air Passenger Targeting to ensure that its practices are not discriminatory. The CBSA will complete a review of its policies, procedures, guidelines and training to ensure practices are not discriminatory.

NSIRA Recommendation 5: NSIRA recommends that the CBSA start gathering and assessing the necessary data to identify, analyze, and mitigate discrimination-related risks. This includes disaggregated demographic data, data on the effects of Air Passenger Targeting on secondary examinations that may be apparent from related human rights complaints, and data on a baseline comparator group.

GOC Response: The CBSA agrees with this recommendation. To that end, the CBSA is taking deliberate steps to develop its capacity to capture and analyze reliable and accurate data in non-intrusive ways. The Agency is working on developing standard and consistent positions and frameworks on the collection, use, management and governance of disaggregated data, developing metrics and indicators to measure the impact of decisions and policies on different groups; using data to build more inclusive and representative policies and strategies, and; identifying possible discrimination and bias.

Date Modified:: 2023-11-30

Review of federal institutions’ disclosures of information under the Security of Canada Information Disclosure Act in 2022 – Government Responses

Responses

Review of federal institutions’ disclosures of information under the Security of Canada Information Disclosure Act in 2022 – Government Responses

Government of Canada Response to the Recommendations of the NSIRA Review of Federal Institutions’ Disclosures of Information under the Security of Canada Information Disclosure Act (“SCIDA”) in 2022

NSIRA Recommendation	Related Findings(s)	Government Response	Explanation
1. NSIRA recommends that information sharing arrangements be used to govern regular SCIDA disclosures between GAC and CSIS; IRCC and CSIS; as well as IRCC and CSE.	Finding no. 1: CSE, CSIS, GAC, and IRCC regularly use the SCIDA in a manner that warrants information sharing arrangements, as encouraged by subsection 4(c) of the SCIDA.	Agree	The Government of Canada recognizes the value of using information sharing arrangements to facilitate the effective and responsible sharing of information between federal institutions that frequently disclose information of a similar nature under the SCIDA. In response to this recommendation, and in consultation with the designated recipient institutions under the SCIDA, Public Safety Canada has developed an information sharing agreement template. The template has been reviewed by the Office of the Privacy Commissioner of Canada and specifically assessed against the SCIDA, the Privacy Act, the 10 fair information principles of the Canadian Standards Association Model Code for the Protection of Personal Information (the Model Code), applicable Treasury Board of Canada Secretariat (TBS) policies, directives and guidelines, and internationally recognized best practices. Public Safety Canada has disseminated this template to federal institutions, including those named in NSIRA’s findings and recommendations, so that they may adapt it to their unique operating environments and the types of information that they frequently disclose and receive, while continuing to respect the Charter, the Privacy Act, the SCIDA, as well as other relevant policies, legislation and regulation. In addition, several departments and agencies have already entered into information sharing agreements to facilitate the disclosure of information under the SCIDA. For example, CSIS and GAC entered into an information sharing agreement in 2016 under the SCISA (the precursor to the SCIDA). The agreement outlines the types of information that GAC may share with CSIS. While it is still in effect, it is currently being reviewed to ensure the scope remains current. CSIS and IRCC are currently holding preliminary discussions to establish an information sharing agreement to address disclosures under SCIDA. IRCC and CSE also recently signed an information sharing agreement, as recommended in the 2020 SCIDA Annual Report.
2. NSIRA recommends that all GC institutions prepare record overviews to clearly address the requirements of subsections 9(1) and 9(2) of the SCIDA; and provide them to NSIRA along with a copy of the disclosure itself and, where relevant, a copy of the request.	Finding no. 2: CBSA, DND/CAF, and IRCC were non-compliant with subsection 9(3) of the SCIDA, as they failed to provide all records created under subsections 9(1) or 9(2) to NSIRA within the legislated timeframe. Finding no. 3: Improved compliance outcomes in instances where departments prepared record overview spreadsheets under subsections 9(1) and 9(2) of the SCIDA that displayed the following characteristics: a row for each disclosure made or received; columns explicitly tied to each individual paragraph under section 9; and additional columns to capture relevant administrative details, such as whether the disclosure was requested or proactive; the date of the request (if applicable); and any applicable file reference numbers.	Agree	The Government of Canada recognizes the importance of keeping records of SCIDA disclosures and receipts, as required under the Act. Public Safety Canada assists partners in adopting best practices that facilitate ease-of-review and improve compliance. Government of Canada partners implement Public Safety Canada’s guidance in a manner that complies with the SCIDA and works best with their unique mandates and internal procedures. In March 2023, the Step-by-Step SCIDA Guide 2022 (“SCIDA Guide 2022”) was updated and published on Public Safety Canada’s public-facing webpage. The SCIDA Guide 2022 includes templates that support federal institutions with their record-keeping requirements. Public Safety Canada will continue to review and update existing SCIDA resources, including advice pertaining to record keeping. Public Safety Canada has also circulated a record overview template that NSIRA found particularly effective during the course of its 2022 review. In addition, CSIS has developed clear policy and subsequent guidelines on how to handle and document information disclosures in line with the SCIDA, including a requirement to maintain a record overview along with an associated template. This template has been adjusted for clarity based on feedback from NSIRA’s 2022 review. The CBSA and IRCC have also reviewed their current operational and reporting practices with regards to SCIDA and are making the necessary functional adjustments to ensure that they remain compliant in future information sharing activities.
3. NSIRA recommends that disclosing institutions explicitly address the requirements of both paragraphs 5(1)(a) and 5(1)(b) in the records that they prepare under paragraph 9(1)(e) of the SCIDA.	Finding no. 5: More than half of the descriptions provided by CBSA and IRCC under paragraph 9(1)(e) of the SCIDA did not explicitly address their satisfaction that the disclosure was authorized under paragraph 5(1)(b), the proportionality test. Finding no. 6: within the sample of disclosures reviewed, that disclosing institutions demonstrated they had satisfied themselves of both the contribution and proportionality tests, in compliance with subsection 5(1) of the SCIDA.	Agree	The Government of Canada recognizes the importance of the SCIDA’s contribution and proportionality tests in 5(1)(a) and 5(1)(b), respectively. It also recognizes the need for disclosing institutions to demonstrate their satisfaction that these two tests are met for each disclosure by providing NSIRA with a description of the information that was relied on to satisfy themselves that the disclosure was authorized under the SCIDA. Through the publication of the SCIDA Guide 2022 and the delivery of training sessions, Public Safety Canada has provided guidance to federal institutions on ensuring that the contribution and proportionality thresholds are met when disclosing information under the SCIDA. Recently, IRCC has added a new “Proportionality” section to their SCIDA template to require that the delegated official documents their satisfaction that the disclosure is authorized under paragraph 5(1)(b) before disclosing personal information to a recipient institution. In addition to disclosing institutions having to satisfy the contribution and proportionality tests, CSIS independently assesses its authority to collect and retain the disclosure under the CSIS Act as a recipient institution. This includes an obligation for CSIS to ensure that the collection and retention of a SCIDA disclosure is compliant with all relevant legislation, including the Avoiding Complicity in Mistreatment by Foreign Entities Act. The SCIDA procedure published in 2022 includes direction on processing disclosures that do not meet CSIS’ threshold for collection, ensuring that the disclosure is appropriately documented and destroyed.
4. NSIRA recommends that GC institutions contemplating the use of proactive disclosures under the SCIDA communicate with the recipient institution, ahead of making the disclosure, to inform their assessments under subsection 5(1).	Finding no. 7: GAC satisfied itself under the SCIDA’s paragraph 5(1)(a) contribution test based on an incorrect understanding of the recipient’s national security mandate in two cases.	Agree	The Government of Canada recognizes the value of general informal discussions ahead of SCIDA disclosures. The SCIDA Guide 2022 emphasizes the importance of preliminary, high-level consultations between disclosing and recipient institutions prior to a disclosure in a manner that does not itself constitute a disclosure. The guidance specifies that informal communication should only include enough general information to ensure that the SCIDA contribution and proportionality thresholds are met before making a disclosure. Annex F of the SCIDA Guide 2022 outlines the national security mandates of the designated recipient institutions under SCIDA. Public Safety Canada endeavours to keep the mandates updated to aid disclosing institutions in making their assessment required under subsection 5(1).
5. NSIRA recommends that all disclosing institutions include statements regarding accuracy and reliability within the same document as the disclosed information.	Finding no. 8: Within the sample of disclosures reviewed, that CBSA and GAC (in one and two disclosures, respectively) were non-compliant with the SCIDA’s subsection 5(2) requirement to provide a statement regarding accuracy and reliability. Finding no. 9: In relation to the remaining disclosures within the sample, that GAC, IRCC, and RCMP included their statements regarding accuracy and reliability within the disclosures themselves, whereas CBSA provided its statement in the disclosures’ cover letters.	Agree	The Government of Canada notes that providing statements on the accuracy and reliability of the manner in which information was obtained in a cover letter or in the disclosure itself both satisfy the legislated requirement under subsection 5(2) for disclosing institutions to provide such a statement. The Government of Canada recognizes the additional value of including the statements in the actual disclosure, especially in the event of onward disclosure. Public Safety Canada will update its guidance to reflect this best practice.
6. NSIRA recommends that GC institutions review their administrative processes for sending and receiving disclosures under the SCIDA, and correct practices that cause delays.	Finding no. 10: DND/CAF destroyed information under the SCIDA subsection 5.1(1), but they were non-compliant with the requirement to do so “as soon as feasible after receiving it.” Finding no. 11: Delays between when a disclosure was authorized for sending and when it was received by the individual designated by the head of the recipient institution to receive it in at least 20% (n=34) of disclosures.	Agree	The Government of Canada recognizes the need to destroy unnecessary information as soon as feasible under the SCIDA, as well as the value of timely disclosures. Government of Canada institutions each have their own systems, standards and procedures for physically and/or electronically sending and receiving information. Departments and agencies will work to review their own processes to ensure information is handled efficiently and appropriately in compliance with the SCIDA and other legislation.

Date Modified:: 2023-11-07

Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2020

Completed Reviews

Review of Departmental Implementation of the Avoiding Complicity in Mistreatment by Foreign Entities Act for 2020

Backgrounder

The Avoiding Complicity in Mistreatment by Foreign Entities Act (ACA or Act) and its associated directions seek to prevent the mistreatment of any individual as a result of information exchanged between a Government of Canada department and a foreign entity. At the heart of the directions is the consideration of substantial risk, and whether that risk, if present, can be mitigated. To do this, the Act and the directions lay out a series of requirements that need to be met or implemented when handling information. This review covers the implementation of the directions sent to 12 departments and agencies from their date of issuance, January 1, 2020, to the end of the previous calendar year, December 31, 2020. It was conducted under subsection 8(2.2) of the National Security and Intelligence Review Agency Act (NSIRA Act), which requires NSIRA to review, each calendar year, the implementation of all directions issued under ACA.

This was the first ACA review to cover a full calendar year. Many of the reviewed departments noted that the pandemic impacted their information sharing activities, thus impacting the number of cases requiring further review as per the ACA. As such, NISIRA found that from January 1, 2020 to December 31, 2020, no cases under the ACA were escalated to deputy heads in any department.

As part of the review, NSIRA examined the case triage process of all twelve departments. NSIRA found that even when departments employ similar methodologies and sources of information to inform their determination of whether or not a case involving the same country of concern should be escalated, significant divergences in the evaluation of risk and the required level of approval emerge.

In keeping with NSIRA’s 2020 Annual Report which emphasized the implementation of a “trust but verify” approach for assessing information provided over the course of a review, NSIRA continues to work on various verification strategies with the Canadian intelligence community. However, due to the continuing COVID-19 pandemic, implementation of verification processes was not possible across all twelve departments which fall under the ACA. Notwithstanding, the information provided by departments has been independently verified by NSIRA through documentation analysis and meetings with department subject matter experts, as warranted. Further work is underway to continue developing an access model for the independent verification of information relevant to ACA considerations.

Table of Contents

Date of Publishing:

July 4, 2023

Download PDF

Executive Summary

The Avoiding Complicity in Mistreatment by Foreign Entities Act (ACA or Act) and its associated directions seek to prevent the mistreatment of any individual as a result of information exchanged between a Government of Canada department and a foreign entity. At the heart of the directions is the consideration of substantial risk, and whether that risk, if present, can be mitigated. To do this, the Act and the directions lay out a series of requirements that need to be met or implemented when handling information. This review covers the implementation of the directions sent to 12 departments and agencies from their date of issuance, January 1, 2020, to the end of the previous calendar year, December 31, 2020. It was conducted under subsection 8(2.2) of the National Security and Intelligence Review Agency Act (NSIRA Act), which requires NSIRA to review, each calendar year, the implementation of all directions issued under ACA.

While NSIRA was pleased with the considerable efforts made by many departments new to ACA in building their frameworks, Canada Boarder Services Agency (CBSA) and Public Safety did not finalize their policy frameworks in support of the Directions received under the ACA for the review period.

A case sent to both GAC and CSIS was reviewed by NSIRA for its implications under the ACA. While the information was ultimately not shared with the requesting foreign entity, nonetheless, NSIRA found that the risk of mistreatment was substantial and the decision should have been referred to the Deputy Minister of Foreign Affairs as the accountable deputy minister for this request.

Mitigation measures used by departments were also reviewed this year, since they are an integral part in the information sharing process for departments. NSIRA observed that there are gaps in departments’ ability to verify whether a country or entity has actually complied with caveats or assurances because of the difficulty in tracking compliance to mitigation measures.

NSIRA believes that it is now in a position to conduct in-depth case study assessments of individual departments’ adherence to the ACA and Directions, irrespective of whether or not a department reported any cases to its deputy head. Finally, future reviews will follow up on the ongoing implementation of NSIRA’s past recommendations.

Authorities

This review was conducted under subsection 8(2.2) of the NSIRA Act, which requires NSIRA to review, each calendar year, the implementation of all directions issued under the Avoiding Complicity in Mistreatment by Foreign Entities Act (ACA or the Act).

Introduction

Review background

Departments and agencies in the Government of Canada routinely share information with a range of foreign entities. However such practices can sometimes bring into play a risk of mistreatment for individuals who are the subjects of these exchanges or other individuals. It is therefore incumbent upon the Government of Canada to evaluate and mitigate the risks that this sharing entails.

In 2011, the Government of Canada implemented a general framework for Addressing Risks of Mistreatment in Sharing Information with Foreign Entities. The aim of the framework was to establish a coherent approach across government when sharing with and receiving information from foreign entities. Following this, Ministerial Direction was issued to applicable departments in 2011 (Information Sharing with Foreign Entities), and then again in 2017 (Avoiding Complicity in Mistreatment by Foreign Entities).

On July 13, 2019, the ACA came into force. The preamble of the Act recognizes Canada’s commitments with respect to the Canadian Charter of Rights and Freedoms, and Canada’s international legal obligations on prohibiting torture and other cruel and inhumane treatment. The Act also recognizes that information needs to be shared to enable the Government to fulfill its fundamental responsibility to protect Canada’s national security and the safety of Canadians.

On September 4, 2019, pursuant to section 3 of the ACA, the Governor in Council (GiC) issued written directions (Orders in Council (OiCs) or Directions) to the deputy heads of 12 departments and agencies. This added six new Canadian entities in addition to those that were already associated with the 2011 and 2017 Directions.

This report is NSIRA’s first full year assessment of the implementation of the Directions issued under ACA for the 2020 calendar year. The review builds upon two previous reviews conducted in respect of avoiding complicity in mistreatment. The first was in respect to the 2017 Ministerial Directions, while the second assessed the Directions issued under the ACA, but was limited to the four months from when the Directions were issued to the end of the 2019 calendar year.

ACA and Directions

The ACA and the Directions issued under its authority seek to prevent the mistreatment of any individual due to the exchange of information between a Government of Canada department or agency and a foreign entity. The Act and the Directions also aim to limit the use of information received from a foreign entity that is likely to have been obtained through the mistreatment of an individual.

Under the authority of subsection 3(1) of the Act, the Directions issued to the 12 departments and agencies are near identical in language and focus on the three aspects of handling information when interacting with a foreign entity: the disclosure of information, the requesting of information, and the use of any information received.

In regards to disclosure of information, the Directions state:

If the disclosure of information to a foreign entity would result in a substantial risk of mistreatment of an individual, the Deputy Head must ensure that the Department officials do not disclose the information unless the officials determine that the risk can be mitigated, such as through the use of caveats or assurances, and appropriate measures are taken to mitigate the risk.

With respect to requesting information, the Directions read as follows:

If the making of a request to a foreign entity for information would result in a substantial risk of mistreatment of an individual, the Deputy Head must ensure that Department officials do not make the request for information unless the officials determine that the risk can be mitigated, such as through the use of caveats or assurances, and appropriate measures are taken to mitigate the risk.

Lastly, as it relates to the use of information, the Directions provide:

The Deputy Head must ensure that information that is likely to have been obtained through the mistreatment of an individual by a foreign entity is not used by the Department
(a) in any way that creates a substantial risk of further mistreatment;
(b) as evidence in any judicial, administrative or other proceeding; or
(c) in any way that deprives someone of their rights or freedoms, unless the Deputy Head or, in exceptional circumstances, a senior official designated by the Deputy Head determines that the use of the information is necessary to prevent loss of life or significant personal injury and authorizes the use accordingly.

The consideration of substantial risk figures prominently in subsection 3(1) of the Act as well as the Directions. In considering whether to disclose or request information, a department must determine whether a substantial risk is present and if so whether it can be mitigated. As noted in the previous reviews on information sharing, the ACA does not define “substantial risk”. Departments refer to a definition of this term as set out in the 2017 Ministerial Directions as a general starting point when conducting assessments under the ACA. The 2017 Ministerial Directions define substantial risk as:

‘Substantial risk’ is a personal, present and foreseeable risk of mistreatment that is real and is based on something more than mere theory or speculation. In most cases, the test of a substantial risk of mistreatment would be satisfied when it is more likely than not there would be mistreatment; however, in some cases, particularly where the risk if of severe harm, the standard of substantial risk may be satisfied at a lower level of probability.

Based on the outcome of these determinations, the decision may be to approve, deny, or elevate to the Deputy Head for his or her consideration. Substantial risk is also contemplated in the consideration of the use of information received from a foreign entity. If it is evaluated that the information was likely obtained from the mistreatment of an individual, the department is prohibited from using the information in any way that creates a substantial risk of further mistreatment.

Throughout the process to determine whether to disclose or use information, the Directions require that the accuracy, reliability, and limitations of use of all information being handled are appropriately described and characterized.

Additionally, reporting requirements are found at sections 7 and 8 of the Act as well as within the Directions. Among these requirements, the Minister responsible for the department must provide a copy of the department’s annual report in respect of the implementation of the Directions during the previous calendar year as soon as feasible to NSIRA, the National Security and Intelligence Committee of Parliamentarians (NSICoP) and, if applicable, the Civilian Review and Complaints Commission (CRCC) for the Royal Canadian Mounted Police. Reporting requirements as articulated in the Directions oblige the reporting of decisions which were considered by the Deputy Head in regards to disclosure, requesting of information, or authorizing use of information that would deprive someone of their rights or freedoms be made as soon as feasible to the responsible Minister, NSIRA, and NSICoP.

Review Objectives and Methodology

The review period was January 1, 2020 to December 31, 2020. The objectives of this review included:

Following-up on departments’ implementation of the directives received under the ACA;
Assessing departments’ operationalization of frameworks/processes that enable them to meet the obligations set out in the ACA and directives; and
Assessing coordination and consistency in implementation across applicable departments.

Additionally, NSIRA evaluated all twelve ACA member departments’ ‘case triage’ frameworks (i.e., the combination of policy assessment criteria and a pre-determined ‘escalation ladder’ for cases that require higher levels of managerial approvals). Refer to annexes B to M that provide additional details on each departments’ triage process. Finally, NSIRA reviewed the use and policies around departmental mitigation measures.

FINDINGS

Reporting and Framework Updates

As per the Act, all twelve departments fulfilled their obligations to report to their respective ministers and NSIRA on progress made in operationalizing frameworks and identifying cases escalated to the deputy head level.

Of the nine departments who had reported to NSIRA last year that they had finalized frameworks, all continued to refine assessment protocols over the 2020 review period. Based on submissions to NSIRA, TC has developed a corporate policy to highlight the department’s ACA-related requirements. However, CBSA and PS had yet to finalize their ACA policy. As a result, employees may not have adequate and up to date guidance on how to make determinations related to the ACA.

NSIRA Finding #1: NSIRA found that CBSA and PS did not finalize their policy frameworks in support of Directions received under the ACA over the review period.

Referrals to Deputy Head

The Directions specify that when departmental officials are unable to determine whether the risk of mistreatment arising from a disclosure of or request for information can be mitigated, the matter must be referred to the Deputy Head. The Directions also require the Deputy Head, or in exceptional circumstances a senior official designated by the Deputy Head, to determine the matter where the use of information that is likely to have been obtained through mistreatment of an individual by a foreign entity would in any way deprive an individual of their rights or freedoms and the use of this information is necessary to prevent loss of life or significant injury. In 2020, no cases were escalated to the deputy head level. NSIRA sought clarification on the absence of cases referred; the most common reason provided by departments for this outcome was that cases were either mitigated before deputy head involvement and/or this was a result of an overall reduction in the number of foreign information exchanges generally due to the ongoing pandemic.

NSIRA Finding #2: NSIRA found that from January 1, 2020 to December 31, 2020, no cases under the ACA were escalated to deputy heads in any department.

Case Triage

Typically, when departments are making ACA applicability decisions, they employ varying “case triage” processes, that is, the combination of policy assessment criteria and a pre-determined ‘escalation ladder’ for cases that require higher levels of managerial assessment. NSIRA closely evaluated all twelve ‘case triage’ frameworks of the departments subject to the ACA (Refer to Annex B-M). In carrying out this work, NSIRA noted some issues in the implementation of triage systems; for example, there were instances of not having one designed and of information being outdated.

NSIRA observed that there were two main types of initial case triage processes: case-by-case, where the framework places the onus on the working level official to first make determinations based on policy assessment tools, relevant training, and individual experience; and country assessment rating, which emphasizes the initial use of a country-based risk level that may trigger case escalation. A country assessment rating is a representation of the assessed risk of mistreatment associated to a country, based on a number of criteria and often derived from a range of sources.

Initial Case Triage Category 1: Case-by-Case

All departments use working level officials to determine whether there is a risk of mistreatment. When a working level officials’ assessment is inconclusive as to whether a substantial risk of mistreatment exists, they will defer the decision to a higher management authority. NSIRA has developed Figure 1 to illustrate this type of triage process where the working level official consults assessment tools at his or her disposal to determine whether a substantial risk of mistreatment exists.

Initial Case Triage Category 2: Informed by Country Assessment Rating

CSIS, CSE, FINTRAC, and RCMP require working level officials to use country assessment ratings that may trigger case escalation. For example, NSIRA has developed Figure 2 to illustrate this type of triage process where country assessment ratings may trigger case escalation.

Case Escalation

In addition to the two categories of case triage frameworks identified above, all departments except for FINTRAC, PS, CSE and TC make use of internal consultation groups/senior decision making committees when cases are identified as requiring consultation/escalation (e.g. working groups and senior management committee secretariats). The following table illustrates the various consultation groups across departments that would make determinations related to the ACA.

The general purpose of consultation groups is to serve as a single point of contact for employees who require assistance in assessing foreign information sharing activities or interpreting policy and procedure. Senior decision making committees are responsible for making determinations on the information exchange. They are the final decision making authority prior to escalation to the deputy head. NSIRA observed that leveraging the overall expertise of these groups may assist officials in consistently applying assessment criteria, as well as provide greater oversight for information exchanges with foreign entities.

Consistency in Implementation Across Departments

Beginning with the 2017 Ministerial Directions on Avoiding Complicity in Mistreatment by Foreign Entities, it was required that departments maintain policies and procedures to assess the risks of information sharing relationships with foreign entities. While not specified in the Act or Directions, departments continue to implement country and entity assessments, a practice NSIRA has supported. NSIRA has previously raised concerns regarding the absence of unified and standardized approach to departments’ country assessments. The PCO-led community response to last year’s recommendation on this element stated in part that:

The information sharing activities of these organizations all serve either an intelligence, law enforcement, or administrative purpose with each carrying different risk profiles, privacy concerns, and legal authorities. Individual departments and agencies are responsible for establishing specific thresholds or triggers in their information sharing frameworks that are appropriate for their operational contexts. It is the view of the Government of Canada that applying the same threshold across all organizations for triggering, evaluating, and elevating cases is not necessarily practical nor essential to ensuring that each department or agency is operating in compliance with the Act.

In order to engage in the questions to which the divergence of thresholds gives rise, NSIRA asked departments to rank bi-lateral information exchanges with foreign partners in terms of volume, excluding exchanges with [***example of foreign entity information sharing***]. Nine of the twelve departments identified ███████ as a foreign exchange entity, a country which is widely recognized as having human rights concerns.

NSIRA then selected only those departments that initially utilize country assessment ratings as a triage method (i.e. FINTRAC, RCMP, CSIS and CSE). [***description of how departments determined foreign entity example***]. Nonetheless, in carrying out this analysis, NSIRA observed that all four departments relied on a combination of open source human rights reports and consultations with other departments. Additionally, RCMP, CSIS and CSE utilize classified intelligence sources.

However, although these departments utilize a similar approach when assessing a country, the assigned rating for ████ was not consistent. CSIS assigned █████████████; FINTRAC and RCMP assigned a [***description of department’s specific ratings***] ; and finally, CSE assigned a ██████ rating.

NISRA examined to what degree country ratings affected the level of approval required for an information exchange. Because CSE has assigned a rating of █████ when they receive a request from ████, a CSE official could require [***description of the factors used to determine the appropriate level process***] CSE acknowledged that its “human rights assessments do not necessarily correlate with the risk level assigned to an instance of sharing,” and nor do they “necessarily correlate to levels of approval or to restrictions to sharing.” [***description of the factors used to determine the appropriate level process***]

In contrast, according to their framework and methodology, an exchange with any one of the █████ authorities listed in the RCMP’s country and entity assessment list could result in an [***description of department’s specific ratings***] because █████ is associated with a country assessment rating. When an entity is yellow, the employee must consider whether or not there is a risk of mistreatment by looking at a list of criteria. If one or more of these criteria exist, the employee must send the case to a senior management committee. NSIRA observes that where the RCMP has a red country rating, the working level official must escalate to the senior management committee. Therefore, unlike CSE and CSIS, country ratings within the RCMP have direct impacts on approval levels.

NSIRA’s ACA report from last year recommended that departments should identify a means to establish unified and standardized country and entity risk assessment tools to support a consistent approach when interacting with Foreign Entities of concern. While PCO disagreed with this recommendation, NSIRA believes that there remain concerns regarding divergences in country and risk assessments.

NSIRA Finding #3: NSIRA found that even when departments employ similar methodologies and sources of information to inform their determination of whether or not a case involving the same country of concern should be scalated, significant divergences in the evaluation of risk and the required level of approval emerge.

Following this review, NSIRA intends to further scrutinize the processes employed regarding ACA triage and decision making by reviewing GAC and RCMP.

A case study as provided for in Box 1 exemplifies the divergent nature on the evaluation of risk where two departments’ considered responding to an identical request made by a foreign entity.

Box 1: A divergent decision-making process

[***description of the case study***] The foreign entity provided this information to GAC and CSIS and requested confirmation [***description of the information sharing request***]

In considering whether to respond to this request, GAC determined that the human rights record of the country in question generally and of the foreign entity specifically making the request were of significant concern. GAC’s senior decision making committee, working under the presumption that the individual’s detention was ongoing, considered whether the disclosure of this information “would not substantially increase the detainee’s risk of mistreatment.” The senior decision making committee determined that confirmation of the individual’s previous employment status with GAC was permissible, subject to the determination of CSIS’s assessment.

Ultimately, the decision by CSIS was made by a DG-level executive and, as the foreign entity was listed by CSIS as a restricted partner, information was not shared.

The assessment by GAC’s senior decision-making committee is of concern. The Act and the Directions impose that departments consider whether disclosing or requesting information “would result in a substantial risk of mistreatment.” [***legal advice to department***]

NSIRA agrees with this interpretation of the law, but not with its implementation by GAC in this case. GAC’s position was that responding to the request “would not aggravate” the risk of mistreatment. However, NSIRA is of a different view. Regardless of the information sought, the human rights record of the foreign entity and of the foreign country was of significant concern, and GAC was operating under the presumption that the individual may have already been subjected to mistreatment. While GAC’s sharing could not have accounted for any mistreatment that could have occurred earlier, responding to the request given the facts of this case would have nonetheless resulted in a substantial risk of mistreatment. Therefore, this case should have been refered to the Deputy Minister of Foreign Affairs for consideration.

NSIRA also observes that this case was triaged at different levels within GAC and CSIS. In GAC’s triage process, the decision was made at the higher senior decision-making committee that disclosure was permissible. Comparatively, CSIS’s decision-making process was completed prior to reaching their senior-level committee and yielded the opposite result. The different levels of decision-making and different outcomes underscore a problematic inconsistency in how each organization considers the same information to be disclosed to the same foreign entity. Furthermore, while a department responsible for the information may consult with other departments as to whether disclosure of information is permissible, it cannot abdicate this responsibility and decision-making to another department.

NSIRA Finding #4: NSIRA found a procedural gap of concern in a case study involving the disclosure of information, even though information was ultimately not shared. The risk of mistreatment was substantial and the decision should have been referred to the Deputy Minister of Foreign Affairs as the accountable deputy minister for this request.

Mitigation Measures

Use of Mitigation Measures

To decrease the risk of mistreatment, departments will employ mitigation measures such as caveats, assurances, sanitization, and redactions. The most common mitigation measures are caveats and assurances. Caveats are specific stipulations appended to information to limit or prohibit certain uses of information unless otherwise authorized by the issuing department. For example, any departments use a ‘third party’ caveat that restricts further dissemination of the information to other departments (domestic and foreign), unless the originating department is consulted on the request to share.

Assurances are not specific to a single information exchange; rather, these are agreements with foreign entities (whether formal or informal), which aim to help ensure that a particular foreign entity understands Canada’s position on human rights and that the entity, in turn, agrees to comply with this expected behaviour. For example, when formulating a risk mitigation strategy for an information exchange, departments will consider written or verbal assurances, who provided the assurance (i.e. working level official or agency head), and whether the assurance is considered credible and reliable.

Furthermore, CSIS, CSE, and GAC have highlighted a number of differences in the types of assurances sought, including a number of informal and formal methods. For example, verbal assurances, scheduled formal assurances, and ad-hoc written assurances can be sought by various levels.

In a related issue, NSIRA observed that there are [***description and an example of a Department’s ability to track compliance***] CSIS, GAC, and CSE indicated that there is ████████████████████████████████████████████████████████████ is not specific to the ACA but is nonetheless key ████████████ when exchanging information with the Government of Canada.

Given that no cases were escalated to the level of deputy head, departments’ lower-level use of mitigation strategies would have taken on considerable prominence in decision making. In a subsequent review, NSIRA intends to further investigate policies of mitigation measures pertaining to their use and tracking.

CONCLUSION

This review assessed departments’ implementation of the directives received under the ACA and their operationalization of frameworks to address ACA requirements.

NSIRA’s first review of departments’ implementation of the Act and Directions was limited to a four month period (September-December 2019). As such, this review constitutes the first examination of the ACA over the course of one full year. NSIRA believes that it is now in a position to conduct in-depth case study assessments of individual departments’ adherence to the ACA and Directions, irrespective of whether or not a department reported any cases to its deputy head. Additionally, future reviews will follow up on the ongoing implementation of NSIRA’s past recommendations.

Annex A: Findings

NSIRA Finding #1: NSIRA found that CBSA and PS did not finalize their policy frameworks in support of Directions received under the ACA over the review period.

NSIRA Finding #2: NSIRA found that from January 1, 2020 to December 31, 2020, no cases under the ACA were escalated to deputy heads in any department.

NSIRA Finding #3: NSIRA found that even when departments employ similar methodologies and sources of information to inform their determination of whether or not a case involving the same country of concern should be escalated, significant divergences in the evaluation of risk and the required level of approval emerge.

Annex B: Canada Border Services Agency

Framework updates: In 2018, Canada Border Services Agency (CBSA) issued a high-level policy document in response to the 2017 MD. Since then, CBSA has drafted updated policies and procedures that have not yet been finalized.

Working Groups: CBSA Avoiding Complicity in Mistreatment Working Group (ACMWG)

Senior Management Committee: Senior Management Risk Assessment Committee (SMRAC). This committee convenes on an as needed basis, to assess cases that have a potential for mistreatment.

[***description of CBSA’s decision making methodology***]

Country Assessment: In-house risk scoring template under development

Mitigation Measures: The CBSA is currently working to strengthen its formal framework/process for deciding whether substantial risk of mistreatment associated with a given request can be mitigated.

Annex C: Canada Revenue Agency

Framework Updates: The Canada Revenue Agency (CRA) indicated that it did not make any changes to its framework since last year’s response. The department continues to refine its processes and has developed the Canada Revenue Agency Exchange of Information Procedures in the Context of Avoiding Complicity in the Mistreatment by Foreign Entities Act.

[***departmental cabinet confidence***]

Working group: The CRA formed a Risk Assessment Working Group (RAWG) that developed a methodology to assess the human rights records of its information exchange partners, so that senior management can make informed assessments of the risk of mistreatment.

Canada has a large network of international partners with 94 tax treaties and 24 Tax Information Exchange Agreements. Canada is also a party to the Convention on Mutual Administrative Assistance in Tax Matters (MAAC), which includes 144 signatories. These International Legal Agreements allow the CRA to exchange information on request, spontaneously and automatically. Each legal agreement includes secrecy provisions (caveats) that govern appropriate use and disclosure. In addition, members of the Global Forum (Global Forum) on Transparency and Exchange of Information for Tax Purposes are subject to peer reviews on a cyclical basis, including on Confidentiality and Data Safeguard .

Senior Management Committee: During the review period a senior committee was not in place, however there was a formal process to escalate reviews/risk assessment through the Director, Director General and ultimately the Assistant Commissioner of the Compliance Programs Branch (CPB) who is accountable for the administration of the ACA.

Additionally, in July 2021, the CRA established an ACA governance framework that includes the ACA Panel, a senior management consultative committee to support risk assessments, reporting, recommendations, and priorities. The panel currently consists of DGs and Directors within the CPB and the Legislative Policy and Regulatory Affairs Branch. Also in July 2021, the CRA established an executive level committee to consider and develop recommendations on case specific engagements as well as issue identification and guidance. The committee consists of Directors across several directorates of the CRA that manage programs that are directly impacted by/reliant on exchange of information with other jurisdictions.

Triage: The initial assessment is done by a working level employee and requires, at minimum, director approval. The case may escalate to the DG and the AC and so on if there is doubt about risk mitigation.

In cases where risk was identified, there were challenges in conducting full assessments to determine if the risk was substantial, the CRA delayed disclosing the information until the full assessment could be completed. This was largely in part due to COVID-19. As such, files that normally would have been referred were temporarily put on hold and no action was taken during the review period.

The CRA informed NSIRA that funding from the November 2020 Fall Economic Statement was allocated to the creation of a dedicated risk assessment team. It is anticipated that the development and regular updating of country-level assessments and the preparation of individual-level risk assessments will transition to this new dedicated team housed within the CPB, in summer 2021.

The team will also be responsible for:

Creating and formalizing the framework for consulting with CRA senior management and other government departments and agencies;
Advising CRA officials who engage in exchange of information (EOI);
Identifying mitigation and other factors specific to the type of information that CRA exchanges and that would impact risk assessment;
Preparing annual and other reporting required under the Act and Directions;
Providing awareness and training sessions; and
Continuously improving documentation, policies, guidance, and procedures.

Country/Entity Assessments: Since January 2020, the CRA has completed their own set of mistreatment risk assessments for each potential information exchange, including the use of information received from the CRA’s information exchange partners in consultation with other Government of Canada partners. The CRA can only exchange information with another jurisdiction pursuant to a treaty, tax convention or other legal instrument that permits exchange of tax information.

The CRA uses a colour coded system to rate the risk related to a country: green; yellow; red. However, for specific or spontaneous exchanges of information, the CRA completes an analysis based on the specifics of the file to supplement the country specific risk assessment.

Mitigation Measures: Mitigation measures, including caveats (data safeguards and confidentiality provisions) are embedded in all legal instruments that govern and allow for all the CRA’s exchanges of information, while peer reviews of jurisdictions’ legal frameworks and administrative practices provide assurances of exchange partners’ compliance with international standards for exchange of tax information. According to CRA, all information exchanged during the review period were subject to these mitigation measures. Due to COVID19, and for the period under review, the CRA put on hold all exchanges where it was deemed there may be a residual potentially significant risk of mistreatment until a process and mitigation measures were in place, including to redact information. However, the CRA routinely redacted personal information where it would not impact the substance of the exchange for those mitigated risk exchanges that did proceed during this period.

Annex D: Communications Security Establishment

Framework Updates: No changes made to the framework in 2020. It is the same procedure as the last review period.

Working group: Based on the RFI, there are no working groups leveraged to assess the level of risk of mistreatment. The Mistreatment Risk Assessment Process follows a process that has been refined continuously since its inception in 2012. The higher the level of risk (low, medium, high, substantial), the higher approval authority required to exchange or use information.

Senior Management Committee: There is no Senior Management Committee. As explained above, CSE relies on an approval authority scale based on the level of risk (from low to substantial). Senior level officials are involved in the process when there are medium and high-risk cases, which require Director and Director General/Deputy Chief approval, respectively.

Triage: A CSE official performs an initial assessment by consulting the Mistreatment Risk Assessment (MRA), which considers equity concerns, geolocation and identity information, human rights assurances, risk of detention and a profile of the recipients’ human rights practices.

Low (For Low Risk Nations)

If the MRA indicates a low level of risk, the official will need Supervisor [***specific unit***], approval if they wish to proceed with the information exchange or use.

Low (For non-Low Risk Nations)

If the MRA indicates a low level of risk, the official will need Manager [***specific unit***], approval if they wish to proceed with the information exchange or use.

Medium

If the MRA indicates a medium level of risk, the official will need Director, Disclosure and Information Sharing approval if they wish to proceed with the information exchange or use.

High

If the MRA indicates a high level of risk, the official will need Director General, Policy Disclosure and Review or Deputy Chief, PolCom approval if they wish to proceed with the information exchange or use.

Substantial

If the MRA indicates a substantial level of risk, the official may not proceed with the information exchange or use.

Country Assessments: CSE establishes its own country assessments (which CSE refers to as Human Rights Assessments) by using information from OGDs, its own reporting, and open source information. Foreign entity arrangements are reviewed annually. These HRAs are part of CSE’s MRAs.

There are two types of MRAs: Annual and Case-by-case. Annual MRAs include foreign entities with whom CSE regularly exchanges information, [***description of the foreign entities with whom CSE exchanges information***] Caseby-case MRAs are conducted in response to particular requests. Case-by-case MRAs often concern individuals and information sharing activities. There are Abbreviated MRAs, which are a sub case-by-case MRA, and they are conducted for Limited Risk Nations. These nations are considered low risk by CSE.

When making MRAs, CSE does the following:

assesses the purpose of the information sharing;
verifies there are mistreatment risk management measures in existing information sharing arrangements;
reviews CSE’s internal records on the foreign entity under consideration;
consults other available Government of Canada assessments and reports related to the foreign entity;
assesses the anticipated effectiveness of risk mitigation measures; and
evaluates a foreign entity’s compliance with past assurances, based on available information.

CSE consults with GAC, DND, and the Ministers of Foreign Affairs and National Defence for some MRAs, usually case-by-case ones. CSE may also consult GAC for human rights-related advice in certain instances.

Mitigation Measures: CSE considers a number of mitigation factors, such as risk of detention, [***statement regarding information sharing obligations of partners***] caveats, formal assurances, and bilateral relationships. CSE’s principle mitigation measure is Second Party assurances. [***statement regarding information sharing obligations of partners***]

Identifying/Sensitizing: The DG, Policy Disclosure and Review or the DC PolCom review high-risk cases. 303 information-sharing requests were assessed for risk of mistreatment and 10 of them (3%) were referred to the Director, Disclosure & Information Sharing. For the 2020 review period, the Deputy Chief, Policy and Communications was responsible for ACA accountability and quality assurance.

Annex E: Canadian Security Intelligence Service

[***Info-graphic of CSIS’s Risk Assessment process***]

Framework Updates: While there were no changes during the 2020 review period, CSIS modified its procedure on January 2021. Most notably, cases will only be escalated to ISEC if the DG cannot determine if the substantial risk can be mitigated. In addition, CSIS merged the [***statement regarding internal process***] CSIS updated its human rights ‘Assurances’ procedures as a stand-alone policy. This policy requires CSIS Stations to seek assurances from [***statement regarding internal process***] coordination responsibilities for ISEC were moved to the ██████████. Through that, the █████ became ISEC’s Chair.

Triage: CSIS working-level officials do the initial assessment. This assessment requires the official to determine if one or more of the four risk criteria are met. These criteria are:

“Based on the available information about the foreign entity, if the information is disclosed or requested, is there a probability that the foreign entity will engage in torture or other forms of cruel, inhuman or degrading treatment or punishment against an individual(s)?”
“If the information is disclosed or requested, is there a probability that the foreign entity will disseminate the information in an unauthorized manner to a 3rd party, which may result in torture or other forms of cruel, inhuman or degrading treatment or punishment against an individual(s) by that 3rd party?”
“If the information is disclosed or requested, is there a probability that it may result in the extraordinary rendition of an individual(s) by the foreign entity which would lead to the individual(s) being tortured or subject to other forms of cruel, inhuman or degrading treatment or punishment?
“If the information is disclosed or requested, is there a probability or an extrajudicial killing of an individual(s) by the foreign entity or other security entities within the country?”

Four scenarios could occur before a case lands at ISEC:

[***description of four possible scenarios and the assessment criteria used to determine risk mitigation and/or ecalation***]

Working Group: While there is a senior management committee, there is no working level group on the operations side.

Senior Management Committee: ISEC is CSIS’s senior-level review committee for foreign information sharing activities. It is composed of CSIS senior managers and representatives from DoJ and GAC. This committee is responsible to determine if a case poses a substantial risk and if it can be mitigated. If ISEC cannot determine if the substantial risk is mitigatable, the case is referred to the Director. Of note, GAC and DoJ are no longer voting members on ISEC but will continue to provide feedback and advice.

Country Assessments: CSIS conducts its own country assessments. Each information exchange arrangement with a foreign entity has its own Arrangement Profile (AP). APs include a summary of the human rights summary.

Mitigation Measures: CSIS relies on a few mitigation measures. First, CSIS widely uses ‘Form of Words’, which include caveats. Second, CSIS uses assurances and relies on standardized templates provided to foreign entities. CSIS may also tailor assurances to address specific concerns, such as extra-judicial killings.

Identifying/Sensitizing Information: ██████ is responsible for CSIS’s information sharing framework. [***name of a specific unit***] is responsible for official policy management. Concerned program areas are responsible for applying related polices and procedures for ACA-related activities.

Annex F: DFO

Framework Updates: Fisheries and Oceans Canada (DFO) did not make any changes to last year’s approach.

Triage: The initial assessment is made by the person receiving the request for information sharing or who first comes into possession of information derived from a foreign source. Risk is determined on a case-by-case basis.

The sector-level analyst/officer does the initial assessment and relies on OGD assessments to determine the level of risk. They determine the level of risk in relation to the specific case and whether they assess that there is a substantial risk or not will impact the level of approval. If the analyst/officer does not think there is risk, the case may proceed. This, according to the decision screen and information received, does not require any manager or senior level approval.

If the analyst/officer believes or is unsure that there is a substantial risk, the senior-level Internal Review Committee (IRC) must seek DM approval.

Working Group: Internal Review Committee

Senior Management Committee: DFO employs the use of a decision screen and the IRC as demonstrated above. It is unclear whether DFO has developed guidance to help officials and management accurately and consistently determine the risk of mistreatment.

Country Assessments: DFO relies on country assessments conducted by GAC (as well as DFO legal services, RCMP and CSIS as needed) to make mistreatment risk determinations.

Mitigation measures: DFO indicated that it employs the use of caveats and assurances as necessary but has not yet had to seek such assurances. As such, there is no tracking mechanism in place. The Department is able to retroactively determine when, how, and why a decision was made through its record keeping system. A process is in place to record the details of each case, its evaluation process, and any resulting actions and decisions.

Annex G: Department of National Defence/Canadian Armed Forces

Framework Updates: The Department of National Defence (DND) indicated that there were no changes to its framework since last year’s response.

Triage: The process of assessing risk is largely the same across all three forms of information sharing transactions. The process involves examining country human rights conditions, and researching specific partner entities, including any reports of mistreatment. Adverse information on a foreign partner is reviewed by the Defence Information Sharing Working Group (DISWG) and recommendations are made to the implicated L1s on how to manage information sharing activities (request, disclosure, or use). There are no differences in the types of mitigation measures employed across the three forms of information sharing. The primary governance document Release and Disclosure Officers (RDOs) and Release and Disclosure Authorities (RDAs) must adhere to is the CDI Interim Functional Directive: Information Sharing with Certain Foreign States and their Entities.

Working Group: The Defence Information Sharing Working Group (DISWG) is a working-level committee led by the Release and Disclosure Coordination Office (RDCO) within CFINTCOM that serves as an advisory body to operation Commanders regarding issues covered under the ACA. This Working Group exists as a platform for open dialogue related to information sharing arrangements and transactions. This group convenes monthly, or as required.

Senior Management Committee: The Defence Information Sharing Assessment Committee (DISAC) is chaired by the Chief of Defence Intelligence / Commander CFINTCOM . The DISAC’s primary object is to act as an advisory committee for the Deputy Minister and the Chief of Defence Staff in support of their decision making regarding issues pertaining to the ACA.

Country Assessments: Currently, RDCO has established a list of low-risk countries that can be referred to by other L1s. Inclusion in this list indicates CDI’s confidence that sharing information with government entities of that foreign state can take place without a substantial risk of mistreatment. Moreover, RDCO has developed a draft methodology for Country Human Rights Profiles to classify countries as low, medium, or high risk but has only begun producing country human rights profiles on a few medium and high-risk countries and the methodology has not yet formally approved. These profiles will be used by other L1s in the development of specific Partner Entity Assessments and to inform the overall risk assessment of sharing information with foreign entities.

Information Management: There is no common shared system or repository for all RDOs. Information decisions are recorded by RDOs at the unit level. In some cases, all transactions are recorded using a spreadsheet and should include all details relating to the collection, retention, dissemination or destruction of the information, but the precise format will vary. CFINTCOM is working to standardize RDO logs across DND/CAF. From an information management perspective, there have been no changes since last year’s report. Records of discussion of all DISWG meetings are kept centrally within RDCO/CFINTCOM and it is possible to retroactively determine how and why a decision or recommendation was made.

Mitigation Measures: DND uses mitigation measures to reduce the risk of mistreatment. For example, DND uses measures such as the sanitization of information, the inclusion of caveats, and/or the seeking of assurances, including on low-risk cases in order to err on the side of caution.

Annex H: FINTRAC

Framework Updates: The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) did not make any changes to their framework for the 2020 review year.

Triage: Who does the initial assessment will depend on the risk level classification of the country. If it’s green, the intelligence analyst (IA) does the risk assessment. If it’s yellow, the IA’s team leader does the risk assessment. If it’s red, Senior Level does the risk assessment. Regardless of the determined risk level, Senior Level must ultimately approve or decline the information exchange/use.

Partnerships and Working Groups: FINTRAC makes use of external organizations, such as the Egmont group, to ensure that member organizations are adhering to global standards against mistreatment. If one of these groups is found to have breached their duty of care, and is expelled from the group, then FINTRAC will cease to exchange information until the matter has been rectified. FINTRAC enters Memoranda of Understandings (MOUs) with nations who wish to exchange information with them. To do so, each nation is assessed using a variety of criteria to determine their risk rating and whether an MOU should be established.

FINTRAC also regularly participates in ISCG meetings alongside other departments.

Senior Management Committee: FINTRAC does not have a senior management committee to determine risk like other departments. Instead, they rely on senior management and the Director to make final decisions on cases.

Country Assessments: FINTRAC established its own country assessments. Establishing each country assessment involves gathering pertinent information on the human rights situation in the country and using indicators to assess the risk level of mistreatment of each country. During the development of the country assessment process, FINTRAC consulted with other agencies/government departments captured under the ACA.

The Manager of International Relationships is responsible for monitoring and assessing the human rights profile of countries with which FINTRAC shares an MOU.

Mitigation Measures: Caveats and assurances are established at the signing of an MOU and repeated whenever sharing information with any foreign entity. The sharing of information is not allowed without a signed MOU.

Annex I: Global Affairs Canada

Framework Updates: Global Affairs Canada (GAC) indicated that no changes to their framework was made during the current review period.

Triage: There is not one unified set of processes at GAC for determining whether information being used by the department is likely to have been obtained through the mistreatment of an individual by a foreign entity. If an official determines that information that he or she has received is likely to have been obtained through the mistreatment of an individual by a foreign entity and that official still wants to use the information, they are instructed in their training to consult with their Program management at HQ. Should that manager be unable to make a determination on their own as to whether the use would comply with the Act, they will consult the relevant departmental policy group and the department’s Legal Services Unit.

Working Groups: The Ministerial Direction Compliance Committee Secretariat

Senior Management Committees: The Ministerial Direction Compliance Committee (MDCC) meetings focuses on the following:

Has the information, the use of which is being sought, likely been derived from mistreatment?
What are the proposed measures to mitigate the risks? What is the likelihood of their success?
Consider the justifications for and proportionality of any potential involvement with the foreign state or entity that may result in mistreatment.

The MDCC Secretariat will create a record of decision and circulate it for comment by MDCC members. Once finalized, it will be kept by the Secretariat for future reporting. The MDCC Secretariat follows up with the requesting official for updates on the outcome of the situation and requests a final update from the requesting official once the situation is resolved. Currently the MDCC Secretariat consists of one person.

Country Assessments: Global Affairs Canada’s human rights reports provide an evidence-based overview of the human rights situation in a particular country, including significant human rights-related events, trends and developments and include a section focused on mistreatment. There are no scores for countries however, and it is up to the officials to assess the risk based on the information in the reports.

Mitigation Measures: The Legal Services Unit and/or Intelligence Policy and Programs division will provide guidance on the limitations and the prohibitions of the use of information obtained through mistreatment. They are also able to propose potential mitigation measures, such as sanitization of the information, if there is a risk of further mistreatment; of depriving someone of their rights or freedoms; or if the information could be used as evidence in any judicial, administrative or other proceeding.

Annex J: IRCC

Framework Updates: Immigration, Refugees and Citizenship Canada (IRCC) indicated that there were no changes to its procedures regarding the disclosure of information to foreign entities.

Triage: The initial assessment is done by the employee/officer receiving a request to disclose information. Officers are provided with a country assessment tool that provides a country-level risk assessment. If the country is listed as low-risk and the employee does not believe there are any risks of mistreatment, they may proceed with the exchange and record the details of that exchange (i.e., what information was exchanged; to which country, etc) into the Global Case Management System (GCMS). If the country is high-risk, or the officer believes that there is any risk of mistreatment and they wish to pursue with the case, then the officer is required to refer the case to IRM and Admissibility to assess the risk of the exchange.

Senior Management Committee: IRCC has the Avoiding Complicity Assessment Committee. The Committee is comprised of executives representing relevant policy, operations, legal and privacy branches within the Department. The purpose of the Committee is to reassess whether the circumstances of the case meet the “substantial risk” threshold, and to determine whether mitigations could be sufficiently imposed to allow for the disclosure. If the Committee is unable to unanimously determine if the risk can be mitigated, and there remains a need to disclose the information to the requesting foreign entity, then the case will be referred to the Deputy Minister for final decision.

Country Assessments: IRCC officers are instructed to refer to an initial country assessment tool when they are contemplating any disclosure or request for information from a foreign entity. This tool provides a general assessment of the country’s risk. If the country is identified as a high-risk country, then the officer is required to make a Consultation Request before disclosing, requesting or using information. If the country is identified as medium-risk, then it is recommended that the officer make a Consultation Request.

Mitigation Measures: Possible mitigation measures for a case where a substantial risk of mistreatment has been determined, if available, would be established in the Consultation Request assessment and, if necessary, in the Avoiding Complicity Assessment Committee’s recommendation. In either case, the mitigations will be manually recorded in the case file where they can be later recalled and noted in the Annual Report.

Annex K: Public Safety

Please note that the above flow charts are draft and have not yet been approved.

Framework Updates: Public Safety (PS) does not yet have a framework for deciding whether an exchange of information with a foreign entity would result in a substantial risk of mistreatment of an individual. PS noted, however, that it has drafted a departmental policy to support the department’s implementation of the Directions but it has not yet been approved by senior management.

Triage: PS officials at the operational level are responsible for identifying whether the disclosure of or request for information would result in a substantial risk of mistreatment of an individual. Prior to the disclosure of or request for information to/from a foreign entity, PS officials, as per the draft policy, are expected to:

review risk assessments and information sharing arrangements/agreements to determine risks;
identify mitigation measures as needed; and
seek DG approval for the disclosure or request; and the DG would determine whether the risk can or cannot be mitigated and whether the case should be referred to the DM for determination and decision.
PS officials at the operational level are responsible for identifying whether information for potential use was likely obtained through the mistreatment of an individual. As per the draft policy, prior to the use of information, PS officials are expected to:
conduct an assessment to determine if the information was likely obtained through the mistreatment of an individual, if not previously completed by PS officials or another government department, and mark it accordingly, based on DG-level determination;
assess and characterize the accuracy and reliability of the information; and,
advise their DG of the circumstance; and the DG would determine whether the information would be used as per section 3 of the Directions and refer the decision to the DM to determine if the use of information in any way that deprives someone their rights or freedoms is necessary to prevent the loss of life or significant personal injury.

For PS program areas where responsibilities for program delivery are shared among multiple Government of Canada departments, PS officials may use accuracy and reliability assessments conducted by another Government of Canada department for the express purpose of the specific information exchange. In these cases, and where PS does not have sufficient information (such as the source of the information) to conduct an assessment, it will require Government of Canada departments to attest to having conducted the assessment. This same principle applies risk assessments and assessments as to whether information was likely obtained through the mistreatment of an individual.

Working Group: The ISCG is the primary interdepartmental forum for supporting interdepartmental collaboration and information-sharing between members as they implement the Act and Directions and is regularly attended by all members.

PS participates in the ISCG in three ways as the:

chair, coordinator and PS policy lead;
area responsible for implementing the ACA;
legal counsel representative.

PS has also made progress with ISCG guidance. However, due to COVID-19, the ISCG was limited in its capacity to convene meetings.

Senior Management Committee: PS does not have a formal senior management committee to review high-risk cases. The Investigative Authorities and Accountability Policy (IAAP) unit supports program areas in the referral process to the Senior Assistant Deputy Minister (SADM) of the National and Cyber Security Branch for further examination. Acting as a senior Public Safety official, the SADM is responsible for referring cases to the Deputy Minister if they are unable to determine whether the risk of mistreatment can be mitigated.

Country Assessments: PS currently does not have any country assessments completed and plans to use other department’s assessments, but as outlined in its draft policy, PS expects to conduct country and entity assessments as part of its annual risk assessment process. The risk assessment process will ensure that an agreement with the foreign entity is in place prior to information sharing exchanges; review risk and country assessments developed by portfolio agencies (e.g. CSIS) and other departments (e.g. GAC), and consider human rights reporting from non-government entities.

The IAAP will coordinate, on an annual basis, risk assessments. To do so, IAAP may, for example, review human rights reports developed by Global Affairs Canada (GAC), country assessments prepared by portfolio agencies (e.g. CSIS), human rights reporting from non-government entities and country/entity specific material.

Mitigation Measures: PS currently has developed a draft policy to address mitigation measures and caveats. The draft policy will provide guidance to officials on how to assess risk and apply mitigation measure, while also defining approval levels and country assessment responsibilities.

Once a risk of mistreatment has been identified, the PS official is required to undertake a risk mitigation assessment prior to requesting the information. Approved risk mitigation mechanisms include:

the caveating of information,
obtaining assurance and/or
disclosing a limited amount of the information.

The policy also outlines requirements regarding the use of congruent mitigation mechanisms to collectively reduce the risk.

Annex L: Royal Canadian Mounted Police

Framework Updates: There were no changes to the Royal Canadian Mounted Police’s (RCMP) framework in 2020. RCMP has undertaken a number of internal reviews of its information sharing framework and continues to refine and optimize its processes.

RCMP also noted that it was in its final stages of rolling out an online training course specifically tailored to the ACA.

Triage: The Foreign Information Risk Advisory Committee (FIRAC) process may be initiated if and when an information exchange involves a country identified as high or medium risk. A low-risk case would only be sent if an official believes there is the potential for mistreatment.

All RCMP personnel are required to consider the risk of mistreatment before requesting, disclosing or using information and to engage the FIRAC process if there is a substantial risk identified to a specific individual(s) with a country of exchange.

An employee is almost always the one to perform the initial risk assessment. When an entity is green, the employee may exchange or use information without consulting FIRAC, unless they express doubts. When an entity is yellow, the employee must consider whether or not there is a substantial risk of mistreatment by looking at a list of criteria (similar to CSIS). If one or more of these criteria is present, the employee must send the case to FIRAC. If the entity is red, the employee must send the case to FIRAC for the initial assessment, unless no personal information is exchanged.

Working Group: Law Enforcement Assessment Group (LEAG). Full-length LEAG assessments include classified information from other Federal departments and agencies. The FIRAC Portal was developed to allow RCMP employees to access the assessments, and to further support compliance with the directions.

Senior Management Committee: FIRAC was established to facilitate the systematic and consistent review of RCMP files to ensure information exchanges do not involve or result in the mistreatment of any person.

FIRAC holds the responsibility to determine if a substantial risk exists and in cases where a substantial risk of mistreatment exists, make a recommendation on whether the proposed mitigating measures are adequate to mitigate the risk.

FIRAC’s recommendations are made by the Chair, upon the advice of the Committee, to the appropriate Assistant Commissioner / Executive Director responsible for the operational area seeking to disclose, request or use the information.

FIRAC determines if the risk is mitigatable or not. If it is, the case goes to the Assistant Commissioner. If it is not, FIRAC declines the exchange or use of information.

Country Assessments: An in-house country assessment model has been completed.

Countries are listed in alphabetical order, along with any specific foreign entities (i.e. police forces, military units, etc.) that have been assessed. For each entity, the risk level (Red-High, Yellow-Medium, Green-Low) is provided, as are the specific crime types and conditions.

Mitigation Measures: The RCMP leverages existing MOU’s with specific partners to partially mitigate underlying risk, in particular where mutually agreed standards around human rights exist as well as having a good track record for respecting caveats. Similarly, officials work with Liaison Officers to identify any relevant assurances or strategies, factors or conditions that could mitigate the risk of mistreatment posed by the information exchange, request for information or use of information.

All mitigation measures used are tracked through the FIRAC by filling in a FIRAC Request Form. Noting which mitigations/caveats are used is a mandatory part of the process.

Annex M: Transport Canada

Does not have a departmental framework for assessing ACA considerations, outside of the Passenger Protect Program (PPP).

Changes: Transport Canada (TC) developed a corporate policy in September 2020 to highlight the department’s ACA-related requirements, roles and responsibilities and remains a participant in PS framework.

Triage: Relies on PS’ framework for the Passenger Protect Program.

Should they have any concerns about a request for information from a foreign partner they will consult with other agencies, such as CSIS or GAC.

Working Group: TC is a voting member of the PPP Advisory Group but does not have any responsibility for drafting case briefs. At each meeting of the PPP Advisory Group, TC has ensured that all other voting members have acknowledged TC’s SATA-legislated responsibility for sharing the List with domestic and foreign air carriers, and its associated responsibilities under the ACA.

Senior Management Committee: TC does not have any senior management committee in place to further review cases with a potential for mistreatment.

Country Assessments: Rely on other government departments.TC relies on assessments by other departments such as PS and GAC.

Mitigation measures: The framework was established by Public Safety (lead on PPP), with consultations with the PPP partners (RCMP, CSIS, CBSA). TC has worked with PS to integrate mitigation measures into the operating procedures and protocols of PPP partners.

Date Modified:: 2023-11-15

Statement from NSIRA on its Review of the GOC’s Production and Dissemination of Intelligence on Foreign Interference in the 43rd and 44th Canadian Federal Elections

Ongoing Reviews

Statement from NSIRA on its Review of the GOC’s Production and Dissemination of Intelligence on Foreign Interference in the 43rd and 44th Canadian Federal Elections

Table of Contents

No header Tag found

Date of Publishing:

June 26, 2023

Download PDF

NSIRA considers transparency and independence to be fundamental values at the core of its mandate. While safeguarding information that could compromise national security, NSIRA is committed to transparency and promoting democratic accountability in every possible way through its work. Through its reviews, NSIRA acts as proxy for the public and serves to enhance the trust in Canada’s oversight and review mechanisms. NSIRA has designed, scoped, and begun its review on foreign interference in the 43^rd and 44^th Canadian federal elections exercising this independence. In the spirit of transparency and clarity, NSIRA underscores that while the subject matter of NSIRA’s review overlaps with matters contained in NSICOP’s ongoing review and the Independent Special Rapporteur’s (ISR) report of 23 May 2023, NSIRA’s review has a different scope and follows NSIRA’s own methodology as demonstrated by its published Terms of Reference . While there may be an opportunity in NSIRA’s final report to note any observations or findings related to the ISR’s work, the purpose of NSIRA’s report is to present findings and recommendations from NSIRA’s review.

NSIRA notes that the ISR suggested that “all the documents that were provided to (him) should be provided to NSICOP and NSIRA for them to review comprehensively and identify any different conclusions than (his).” Subsequently, the government provided NSIRA with a limited number of documents originally withheld for Cabinet Confidence. In all its reviews, NSIRA requires reviewees to adhere to the NSIRA Expectations for Responsiveness in Reviews. This expectation goes to NSIRA’s independence and to the integrity of its reviews. If NSIRA is to review Cabinet confidences, it must be able to review all Cabinet confidences relevant to its review. The NSIRA Chair has sent a letter to the Prime Minister requesting that all Cabinet confidence documents related to NSIRA’s review be released to the Review Agency, and that all documents provided during the course of the review be without redaction for Cabinet confidence. A copy of that letter is published on NSIRA’s website, available online here.

Contact

For more information, please contact:

Media Relations
NSIRA
media-medias@nsira-ossnr.gc.ca

Date Modified:: 2023-07-17

Access to Cabinet Confidences for Foreign Interference Review

Ongoing Reviews

Access to Cabinet Confidences for Foreign Interference Review

Table of Contents

No header Tag found

Date of Publishing:

June 7, 2023

Download PDF

Dear Prime Minister,

The National Security and Intelligence Review Agency (NSIRA) has initiated a review of the production and dissemination of intelligence on foreign interference in the 43rd and 44th Canadian federal elections, including how intelligence was communicated across agencies, departments and other groups in the Government of Canada.

The Right Honourable David Johnston, in his capacity as the Independent Special Rapporteur on Foreign Interference (ISR), noted in his May 23, 2023 report that he was “given access to any Cabinet documents relevant to the foreign interference issues” in the scope of his review. He further recommended that the government disclose to NSIRA those Cabinet confidences provided to him for his review. The government has accepted this recommendation.

The scope of NSIRA’s review is distinct from the scope of the ISR’s review. In order to ensure the integrity of our review and not limit or influence our evidence base, NSIRA must have access to all documents contained in any class of documents provided, rather than a subset of these documents.

Therefore, NSIRA respectfully requests that all Cabinet confidence documents related to our review be released to us, and that all documents provided during the course of this review be without redaction for Cabinet confidence.

NSIRA recognizes the exceptional nature of this request and appreciates the significance of disclosing the requested documents. We look forward to your assistance in enabling NSIRA to access all requested documents, and to fulfilling the objectives of our independent review.

Yours sincerely,

The Honourable Marie Deschamps, C.C.
Chair, National Security and Intelligence Review Agency

Date Modified:: 2023-07-14

NSIRA Review of the Government of Canada’s production and dissemination of intelligence on foreign interference in the 43rd and 44th Canadian federal elections

Ongoing Reviews

NSIRA Review of the Government of Canada’s production and dissemination of intelligence on foreign interference in the 43rd and 44th Canadian federal elections

Context

Terms of Reference, May 23, 2023

Table of Contents

Context
Introduction
Legislative Authorities
Background
Scope
Objective
Methodology and Information Requirements

Date of Publishing:

June 7, 2023

Download PDF

Introduction

The National Security and Intelligence Review Agency (NSIRA) has initiated a review of the production and dissemination of intelligence on foreign interference in the 43^rd and 44^th Canadian federal elections, including how intelligence was communicated across agencies, departments and other groups in the Government of Canada.

The review will include the agencies and departments responsible for the production and dissemination of intelligence about foreign interference in Canada; these organizations inform government decision-makers regarding foreign interference threats to Canadian democratic institutions and processes.

Legislative Authorities

This review is being conducted pursuant to section 8(1)(a) and 8(1)(b) of the National Security and Intelligence Review Agency Act.

Background

Beginning in the fall of 2022, a series of reporting by the Globe and Mail and Global News cited classified Canadian Security Intelligence Service documents on People’s Republic of China (PRC) foreign interference into Canadian democratic institutions and processes, including the 43rd and 44th federal elections. This reporting raised concerns regarding the government’s response to the threat of foreign interference and, consequently, the integrity of Canada’s democratic institutions and processes.

On 9 March 2023, NSIRA announced that it would initiate a review of the production and dissemination of intelligence on foreign interference with respect to the 43rd and 44th federal elections. NSIRA’s expertise and mandate will allow it to examine the flow of crucial information in the relevant period within and across all implicated agencies, departments, and government bodies. This flow – the process by which the security and intelligence community produced, disseminated, and communicated intelligence – is fundamental to the broader conversation regarding foreign interference into Canadian democratic processes and institutions over the last five years. NSIRA’s ability to review the entire security and intelligence community, and to access highly sensitive information held by each department and agency, render the present review imperative.

Scope

The timeframe of the review will be September 2018 to March 2023. The review includes the following departments and agencies:

• Canadian Security Intelligence Service
• Communications Security Establishment
• Royal Canadian Mounted Police
• Global Affairs Canada
• Public Safety Canada
• Privy Council Office

The scope will include intelligence on foreign interference in federal democratic institutions and processes produced and disseminated during the review period.

If deemed necessary, NSIRA may request and review information outside of the parameters identified above.

Objective

The objective of the review is to:

• Document and evaluate the production and dissemination of intelligence on foreign interference, including the communication of intelligence within and across agencies and departments in the Government of Canada.

Methodology and Information Requirements

Various methods will be used to gather and analyze the information required to meet the objective identified for this review. These may include, but need not be limited to, requests for documentation, oral briefings and/or interviews, site visits, access to relevant databases and information repositories, and requests for written responses to questions and/or clarifications.

NSIRA has published its Expectations for Responsiveness in Reviews on its website, which includes expectations regarding access to information. A verification exercise will be conducted for NSIRA to be able to test the completeness or accuracy of the information reviewed. The outcome of the verification exercise will inform a ‘Responsiveness Statement’ that will be attached to the report upon the review’s completion.

NSIRA will disseminate a completed review report to all implicated departments and agencies, and publish a redacted version on its website.

Date Modified:: 2023-07-14

Review of Information Sharing Across Aspects of CSE’s Mandate

Executive Summary

Authorities

Introduction

Background

What is IRTC?

Internal Sharing of IRTC at CSE

Findings and recommendations

Compliance with the CSE Act and the Privacy Act

What Acts Apply to the Internal Sharing of Information?

CSE Directorate of Legal Services’ (DLS) Legal Analysis

Compliance with the Privacy Act

The Ministerial Authorizations

Assessment of Essentiality, Necessity, and Relevancy

Conclusion

Annexes

ANNEX A: Objectives, Scope, and Methodology

ANNEX B: Meetings and Briefings

ANNEX C: Findings and Recommendations

ANNEX D: Partner and client information and publicly available information shared between the fi and cybersecurity aspects

ANNEX E: Approval Process and Sharing Release Approvals

Approval Processes for Sharing IRTC

Cybersecurity IRTC to Foreign Intelligence

Foreign Intelligence IRTC to Cybersecurity

Internal Reviews of Information Sharing

ANNEX F: Methods and processes of sharing

Cross-Aspect Access to both SIGINT and Cyber Centre Raw Data

Reporting – RCPs and RSPs

Receiving Suppressed Identifiers from Reporting

Joint-Reporting

Automated Sharing (forms of RSP or RCP)

Other Methods of Sharing

ANNEX G: Policy Thresholds for Internal Sharing

Foreign Intelligence Aspect to Cybersecurity Aspect

Cybersecurity Aspect to Foreign Intelligence aspect

ANNEX H: Internal Sharing of IRTC at CSE

Review of Information Sharing Across Aspects of CSE’s Mandate – CSE Responses

Review of Global Affairs Canada’s Global Security Reporting Program

Backgrounder

Executive Summary

Authorities

Introduction

History of the GSRP

Findings and recommendations

Utility of GSRP

Legal Authorities

Duties and Functions under the Vienna Convention on Diplomatic Relations

Remedies for abuse of diplomatic privileges and immunities

Perceptions

Diplomatic vs. Intelligence Functions

Risk

Risk to the Government of Canada and its Allies

GAC-CSIS Operational Partnership

Risk to Officers

Case Study: Accepting and reporting on classified information

Risk to Contacts

Conclusion

Annex A: Findings and Recommendations

Review of Air Passenger Targeting by the Canada Border Services Agency (CBSA)

Executive Summary

Front matter

Lists of acronyms

Lists of figures

Authorities

Introduction

About the review

Confidence statement

Orientation to the Review Report

Background and content

Air Passenger Targeting and the CBSA’s Mandate

How Air Passenger Targeting works

Key Information Relied Upon in Air Passenger Targeting

Figure 1. Advance Passenger Information and Passenger Name Record Elements

Step by Step Process of Air Passenger Targeting

Figure 2. Steps in the Air Passenger Targeting Process

Figure 3. Process for Developing Scenarios for Scenario Based Targeting

Figure 4. What is a “High Risk” Flight or Passenger?

Findings and Recommendations

The CBSA’s Compliance with Restrictions Established in Law and Regulations

Restrictions that Apply to Air Passenger Targeting and Why They Matter