Review of CSIS Threat Reduction Measures (Review of 2021)

Report

Date of Publishing:

Executive Summary

This review is the third annual review of Canadian Security Intelligence Service (CSIS) threat reduction measures (TRMs) completed by the National Security Intelligence Review Agency (NSIRA).

The review had two main objectives. First, to provide an overview of TRMs in 2021, contextualizing the data as appropriate by comparison with data from preceding years and noting any trends or patterns that emerge. Second, to conduct a review of a selection of TRMs implemented in 2021.

NSIRA found that CSIS’s use of its TRM mandate in 2021 was broadly consistent with its use in preceding years. Overall, CSIS implemented El TRMs during the review period, covering a range of threats to the security of Canada (as defined by section 2 of the CSIS Act), including espionage/sabotage, foreign interference, and violence/terrorism. Of note, 2021 marks the first time since the inception of the regime that TRMs involving Ideologically Motivated Violent Extremism (IMVE) threats outnumbered those stemming from Religiously Motivated Violent Extremism (RMVE).

In terms of trends over time, NSIRA observed that the year 2018 was an inflection point for CSIS’s use of the TRM mandate. In that year, CSIS proposed nearly as many TRMs as were proposed in the preceding three years – the first three of the mandate – combined. In the following year, however, the number dropped slightly, before a more significant reduction in 2020. This downward trend plateaued during the review period, even rebounding gently. The number of proposed TRMs in 2021 went up as compared to the previous year, as did both approvals and implementations.

NSIRA selected three TRMs implemented in 2021 for review, assessing the measures for compliance with applicable law, ministerial direction, and policy. At the same time, NSIRA considered the implementation of each measure, including the alignment between what was proposed and what occurred and, relatedly, the role of legal risk assessments for guiding CSIS activity, as well as the documentation of outcomes.

For all the cases reviewed, NSIRA found that CSIS met its obligations under the law, specifically the Canadian Charter of Rights and Freedoms and sections 12.1 and 12.2 of the CSIS Act. In addition to general legal compliance, NSIRA found that CSIS sufficiently established a “rational link” between the proposed measure and the identified threat.

For one of the three cases reviewed, NSIRA found that CSIS did not meet its obligations under the 2015 Ministerial Direction for Operations and Accountability and the 2019 Ministerial Direction for Accountability issued by the Minister of Public Safety.

The TRM in question [**redacted**] NSIRA believes that the presence of these factors ought to have factored into the overall risk assessment of the measure. [**redacted**]. In addition, however, are the risks [**redacted**]. These risks are not, and in this instance were not, captured by CSIS’s reputational risk assessment.

Similarly, the legal risk assessment for this TRM did not comply with the ministerial direction that “legal risk is to be assessed in accordance with the Department of Justice risk criteria.” [**redacted**] Under CSIS’s “TRM Modernization” project, implemented in January 2021, [**redacted**]. NSIRA recommended that LRAs be conducted for TRMs [**redacted**] and, further, that CSIS consider and evaluate whether legal risk assessments under TRM Modernization comply with applicable ministerial direction. NSIRA may revisit this issue – and TRM Modernization as a whole – in a future review.

A comparative analysis of the two LRAs provided for the other TRMs under review underscored the practical utility of clear and specific legal direction for CSIS personnel. Clear direction allows investigators to be aware of, and understand, the legal parameters within which they can operate and, subsequently, allows after-action reporting to document how implementation stayed within said bounds.

With respect to documenting outcomes, NSIRA further noted issues with, and made recommendations for, when CSIS produces certain reports following implementation of a TRM. Specifically, NSIRA recommended specifying in policy when the Intended Outcome Report and Strategic Impact Report are required. While cognizant that overly burdensome documentation requirements can unduly inhibit CSIS activities, NSIRA nonetheless believes that the recommendations provided are prudent and reasonable. Relevant information, available in a timely manner, benefits CSIS operations.

NSIRA review is an important part of the TRM regime. The CSIS Act requires CSIS to notify NSIRA after it has implemented a TRM, while the NSIRA Act requires NSIRA to review, each calendar year, at least one aspect of CSIS’s performance in undertaking TRMs. The result is enhanced likelihood that CSIS will use the TRM mandate lawfully and responsibly. In this vein, it bears underscoring the general finding of compliance – with law, ministerial direction, and policy – at the core of this review, noted issues notwithstanding.

NSIRA employees directly and independently accessed the relevant CSIS database to review and verify information. Following an initial analysis, follow up Requests for Information (RFIs) targeted specific documents identified as missing or potentially relevant. NSIRA shared a preliminary draft of the report with CSIS to verify its factual accuracy. NSIRA has high confidence in the information it examined in the course of this review, and consequently in the findings and recommendations emerging therefrom.

List of Figures

List of Tables

List of Acronyms

Authorities

This review was conducted under the authority of subsection 8(2) of the National Security and Intelligence Review Agency Act (NSIRA Act).

Introduction

Background

This review is the third annual review of CSIS threat reduction measures (TRMs) completed by the National Security Intelligence Review Agency (NSIRA). NSIRA’s predecessor, the Security Intelligence Review Committee (SIRC), examined CSIS’s use of threat reduction measures between 2016 and 2019.

NSIRA review is an important part of the TRM regime.2 The CSIS Act requires CSIS to notify NSIRA after it has implemented a TRM, while the NSIRA Act requires NSIRA to review, each calendar year, at least one aspect of CSIS’s performance in undertaking TRMs. In this way, the significant power conferred by the creation of the TRM mandate in 2015 is countervailed by regular and rigorous independent review.

NSIRA’s 2020 Review examined a sample of TRMs to assess their compliance with law, policy, and ministerial direction. The review found that, in a limited number of cases, individuals were included in a TRM without a rational link between the individual and the identified threat. Relatedly, NSIRA cautioned that overly broad rational link criteria could affect a measure’s reasonableness and proportionality. The review also noted that more consideration was needed with respect to the possible existence of an agency relationship between CSIS and third parties receiving information from CSIS.

NSIRA’s 2021 Review focused on the latter dynamic, examining cases involving the disclosure of information from CSIS to external parties with their own levers of control and the extent to which CSIS appropriately identified, documented and considered any plausible adverse impacts such measures could have on individuals. The review made recommendations in these areas, including that CSIS “comply with its record-keeping policies related to documenting the outcomes of TRMs.

This recommendation was further to SIRC’s 2016 Review, which emphasized the importance of documenting TRM outcomes. SIRC commended CSIS for developing guidance with respect to outcome reporting, but urged continued refinement – suggesting, inter alia, “timeframes for reporting on all outcomes” – moving forward. CSIS agreed with the recommendation, and successive versions of CSIS’s governing policy for TRM have included greater specificity in this regard.

A benefit of yearly review is the ability to identify and assess such challenges over time. To this end, each previous NSIRA review, in addition to the particular objectives noted above, tracked and described the overall use of the TRM mandate in the relevant review period. The 2020 review established a dataset of all TRMs since the inception of the mandate in 2015, which in turn helped inform case selection for the 2021 review. Supplemented on an ongoing basis by information provided to NSIRA pursuant to subsection 12.1(3.5) of the CSIS Act, this dataset allows NSIRA to identify trends, patterns, and emerging issues of relevance with respect to CSIS’s use of threat reduction measures, including through the quantification of data. Data from a specific year/review period can be contextualized (e.g., was the mandate used more, less, or in a qualitatively different way as compared to previous years?) and topics for future review identified.

The present review builds on the above work in two ways. First, we compare the use of the TRM regime in the relevant review period to its use in previous years and identify overall trends and patterns since the inception of the regime. Second, we focus on outcomes by selecting cases of implemented (as opposed to simply proposed or approved) TRMs for review. This speaks not only to the challenges associated with the documentation of outcomes, but also the “rational link” requirement that undergirds a given TRM’s reasonableness and proportionality, and globally the alignment of what the measure did with the threat it was intended to reduce. All of these issues have been, to one extent or another, subject to comment, findings, and/or recommendations in previous reviews.

Scope & Objectives

The review period covers 1 January 2021 to 31 December 2021. NSIRA also examined information from outside of this period in order to make a full assessment of relevant TRM activities.

The review had two main objectives:

  1. Provide an overview of TRMs in 2021, contextualizing the data as appropriate by comparison with data from preceding years and noting any trends or patterns that emerge from the analysis.
  2. Conduct a review of a selection of TRMs implemented in 2021.

With respect to this second objective, three TRMs were selected according to criteria designed to maximize the utility of NSIRA’s findings and recommendations to CSIS (see the discussion of case selection strategy in Annex C). These TRMs were subject to two lines of inquiry: a compliance review against applicable law, ministerial direction, and policy; and, a review of implementation, including the alignment between what was proposed and what occurred, the documentation of outcomes, and the crucial role of legal risk assessments for guiding CSIS activity.

Sources & Methodology

NSIRA examined and considered all relevant legislation and documentation pertaining to the objectives of the review, including:

  • The Canadian Charter of Rights and Freedoms.
  • The CSIS Act.
  • Ministerial directions issued by the Minister of Public Safety to CSIS.
  • CSIS’s internal governance framework for TRMs, which included policies, procedures, guidance and training material, tracking systems and cooperation agreements.
  • All pertinent TRM documentation, including Requests for Approval (RFAs), Legal Risk Assessments (LRAs), Implementation Reports, Intended Outcome Reports, Strategic Impact Reports, email communications, consultation reports, operational messages, I6(i)(c)(iii) targeting authorities, [**redacted**] and other relevant documents as available in particular cases.

NSIRA employees directly accessed the relevant CSIS databases on 4 March 2022 to collect this information. Subsequent requests (RFIs) for additional documents identified by the review team were issued in March, April and May 2022.

The review also analyzed data compiled under previous TRM reviews as well as provided to NSIRA by CSIS pursuant to subsection 12.1(3.5) of the CSIS Act.

Confidence Statement

NSIRA has high confidence in the information it examined in the course of this review, and consequently in the findings and recommendations emerging therefrom.

As noted above, NSIRA employees directly and independently accessed the relevant CSIS database to review and verify information. NSIRA’s familiarity with the TRM regime meant that the review team was able to pre-identify relevant TRM documentation and then confirm its existence in CSIS holdings. Following an initial analysis, follow up RFIs targeted specific documents identified as missing or potentially relevant. In some instances, CSIS was able to produce the requested documents; in others, they confirmed that said documents did not exist. This process gave the review team confidence as to the completeness of the documentation necessary to satisfy the objectives of the review. That NSIRA personnel directly retrieved the majority of documents from CSIS databases similarly gives high confidence that the information is valid and accurate. Finally, NSIRA shared a preliminary draft of the report with CSIS to verify its factual accuracy.

Analysis

The first objective of the review was to document and describe how CSIS used its TRM mandate in 2021, and to contextualize that use by comparison to previous years.

Finding 1: NSIRA finds that CSIS’s use of its TRM mandate in 2021 was broadly consistent with its use in preceding years.

In 2021, CSIS proposed [**redacted**] measures (i.e., TRMs designated [**redacted**] of which [**redacted**] were approved and [**redacted**] implemented. Of the [**redacted**] TRMs which were approved but not implemented in 2021, all remain valid, and implementation rates from previous years suggest that many are likely to be implemented in 2022 (see Figure I).

[**redacted table**]

In addition, [**redacted**] TRMs that had been proposed in 2020 (designated [**redacted**] were 15(l)(d)(ii) ultimately implemented in 2021. Overall, therefore, CSIS implemented [**redacted**] TRMs a total of [**redacted**] times during the review period (for an overview, see Table 1 in Annex C).

Section 2, paragraphs (a) through (d) of the CSIS Act identifies four basic categories of threats to the security of Canada:

  • Espionage or sabotage (2a)
  • Foreign interference (2b)
  • Serious violence for the purpose of achieving a political, religious, or ideological objective (2c); and
  • Subversion (2d).

A range of threats were addressed by measures during the review period, including a rough balance between 2a (espionage/sabotage), 2b (foreign interference), and 2c (violence) threats. [**redacted**] 2d (subversion) threats, [**redacted**].

This distribution is in keeping with how CSIS used the mandate in previous years. Figure 2 plots the number of proposed TRMs by threat type since 2015.

[**redacted table**]

Since 2015,2c (violence) threats have most frequently been the subject of TRMs [**redacted**] followed closely by 2b (foreign interference) threats.

While CSIS’s overall focus on 2c threats has been consistent over the years, the underlying composition of those threats (that is, the specific targets within that broader category) has evolved. From 2015-2017, for example, the overwhelming majority of TRMs aimed at reducing 2c threats involved targets associated with religious extremism (what would now be categorized as Religiously Motivated Violent Extremism, or “RMVE”). More recently, and beginning in 2018, there has been an increase in TRMs aimed at targets in the Ideologically Motivated Violent Extremism (IMVE) milieu. Figure 3 shows the number of TRMs in each of these categories year by year.

[**redacted table**]

Of note, the present review period marks the first time since the inception of the regime that TRMs involving IMVE threats outnumber those stemming from RMVE. [**redacted**]. This shift in the threat environment is reflected in Figure 3, above, which shows [**redacted**] with respect to RMVE and IMVE overtime.

Date Modified: