Backgrounder
The National Security and Intelligence Review Agency (NSIRA) examined how the Canadian Security Intelligence Service (CSIS) manages data collected under a Federal Court warrant. This review focused on the entire lifecycle of warranted information, meaning the full journey of data from the moment it is collected, through its processing, analysis, use, storage, and eventual retention or disposal.
What the Review Looked At
NSIRA followed how CSIS handled data collected through a specific technology, beginning with its initial acquisition under a warrant, continuing through how the information was processed and used to support intelligence activities, and ending with how and where it was stored, retained, or disposed of.
The purpose of the review was to assess whether CSIS respected all relevant legal requirements, ministerial directions, policies, and internal procedures at each stage of this lifecycle.
What NSIRA Found
- Weak data management practices: CSIS did not have strong enough planning or systems in place to properly manage and store the data. This led to the agency keeping data without a clear legal authority to do so.
- Lack of required consultation: CSIS used a new technology without first consulting Public Safety Canada, as required by the Ministerial Direction on Accountability.
- Incomplete information to decision-makers: CSIS described this new technology as simply an update to an existing one. As a result, it did not inform Public Safety Canada or the Federal Court in time about how much more data it could collect.
- Failure to notify the Federal Court: CSIS did not inform the court about the new technology before using it under a warrant.
Why This Matters
After the Federal Court approves a CSIS warrant, NSIRA is the only agency that can independently review how these powers are used and make sure CSIS follows the conditions set out in the warrant, as well as applicable law and policies. These reviews help the Federal Court make sure its decisions are being followed properly.
As CSIS continues to adopt new and more advanced technologies, NSIRA highlighted the need for strong data management, clear governance, and timely communication with both the Minister and the Federal Court.
The review contains 9 recommendations to help strengthen CSIS’s governance, accountability, and compliance in managing collected data. If these measures are not followed, it could lead to legal non-compliance and a loss of public trust.
