Backgrounder
The National Security and Intelligence Review Agency (NSIRA) completed a review of how the Communications Security Establishment (CSE) and the Canadian Security Intelligence Service (CSIS) collaborate. As Canada’s two main intelligence organizations, responsible for signals intelligence and human intelligence respectively, their collaboration is critical to national security.
This review is the first to examine CSE and CSIS collaboration across both departments. NSIRA’s predecessor review bodies did not have the authority to assess activities across multiple institutions. NSIRA reviewed operational activities, information sharing, and compliance under both organizations’ enabling legislation.
The review also enabled NSIRA to meet its annual requirement under section 8(2) of the National Security and Intelligence Review Agency Act to review an aspect of CSIS’s Threat Reduction Measures (TRM).
Why This Matters
Collaboration between CSE and CSIS plays an important role in keeping Canada safe. When collaboration is not clearly structured or properly governed, it can create legal risks and reduce the effectiveness of intelligence activities.
NSIRA’s review highlights the need for clearer rules, better planning, and more consistent communication to ensure collaboration remains lawful, accountable, and effective. This oversight helps protect Canadians’ rights while supporting strong national security outcomes.
Purpose of the Review
NSIRA’s review examined whether CSE and CSIS:
- Collaborated in a way that respected the differences in their legal mandates
- Had clear policies, procedures, and planning in place to manage legal and compliance risks arising from collaboration
- Shared information in a manner that was lawful, appropriately limited, and supported by clear governance and accountability
- Met legal requirements to consult and share information when CSIS undertook Threat Reduction Measures (TRM) involving or affecting CSE
The review examined a sample of collaborative operational activities and information sharing between CSE and CSIS, including assistance provided by CSE to CSIS, joint operations, and coordination related to Threat Reduction Measures.
What NSIRA Found
Context
CSIS is authorized to collect and share information about Canadians in support of its intelligence and threat reduction mandates. CSE, by contrast, is prohibited from directing its foreign intelligence activities at Canadians or at any person in Canada. This difference creates risks when the two organizations collaborate and requires careful planning and clear rules.
At the same time, CSE and CSIS have complementary capabilities. When collaboration is properly planned and governed, it can support stronger intelligence outcomes for Canada.
Findings
- Operational collaboration: NSIRA found that collaboration was not always supported by sufficient advance planning or risk mitigation. In some cases, CSE did not adequately account for the increased risk of directing its activities at Canadians when collaborating with CSIS. NSIRA identified two instances of non-compliance with the law.
- Information sharing: NSIRA found that some information-sharing practices lacked clear governance and consistent procedures. These gaps increased the risk that Canadian information could be used in ways that were not aligned with CSE’s mandate. NSIRA identified one instance of non-compliance related to information sharing.
- Threat Reduction Measures (TRM): NSIRA found that while CSIS consulted CSE when planning Threat Reduction Measures, consultation and information sharing were not always sufficiently detailed or timely throughout the process. NSIRA also found that information sharing could be improved when compliance issues arise in activities involving both organizations.
- Departmental cooperation: NSIRA found that communication and cooperation between CSE and CSIS were inconsistent and, in some cases, limited the ability to fully use domestic collaboration to advance Canadian intelligence priorities.
What NSIRA Recommends
NSIRA made several recommendations aimed at improving collaboration and compliance, including:
- Strengthening joint planning, policies, procedures, and training
- Improving governance and consistency in information-sharing practices
- Enhancing consultation and information sharing related to Threat Reduction Measures
- Supporting more effective communication and cooperation between the departments