Backgrounder

Following the coming in to force of the Communications Security Establishment Act (CSE Act), CSE received a new set of Ministerial Authorizations (MA) – written documents by which the Minister of National Defence authorizes CSE to engage in activity that risks contravening an “Act of Parliament or interfering with a reasonable expectation of privacy of a Canadian or person in Canada.” The CSE Act also created a legislative authority for the Minister of National Defence to “designate electronic information or information infrastructures or classes of electronic information or information infrastructures as being of importance to the Government of Canada” through a Ministerial Order (MO).

NSIRA’s Foundational Review of CSE’s Ministerial Authorizations (MAs) and Ministerial Orders (MOs) represents a different approach to reviewing MAs than that of the Office of the Communications Security Establishment Commissioner (OCSEC), CSE’s former independent external review body. While OCSEC previously reported on the number of private communications, we leave this matter to CSE’s classified annual report to the Minister. Further, it is not necessary to review whether Ministerial Authorizations are based on reasonable conclusions, which is now the responsibility of the Intelligence Commissioner. NSIRA chose to approach the Ministerial Authorizations as an opportunity to learn about CSE’s operational activities, and the Ministerial Orders were reviewed as supplementary to the Ministerial Authorizations.

This foundational review highlighted the need to focus on Active and Defensive Cyber Operations immediately following the completion of this review, given that the Intelligence Commissioner does not approve these activities and that they represent a new aspect of CSE’s mandate.