Mandate of the Communications Security Establishment Commissioner

My mandate under the National Defence Act consists of three important functions:

  1. reviewing CSEC activities to determine whether they comply with the law;
  2. undertaking any investigation I deem necessary in response to a written complaint (more information on the Commissioner's responsibilities for conducting investigations into complaints is available on the office's website); and
  3. informing the Minister of National Defence (who is accountable to Parliament for CSEC) and the Attorney General of Canada of any CSEC activities that I believe may not be in compliance with the law.

Legislative basis for CSEC activities

When the Anti-terrorism Act came into effect on December 24, 2001, it added Part V.1 to the National Defence Act, and set out CSEC's three-part mandate:

  • part (a) authorizes CSEC to acquire and use foreign signals intelligence in accordance with the Government of Canada's intelligence priorities;
  • part (b) authorizes CSEC to help protect electronic information and information infrastructures of importance to the Government of Canada; and
  • part (c) authorizes CSEC to provide technical and operational assistance to federal law enforcement and security agencies, including helping them obtain and understand communications collected under those agencies' own lawful authorities.

(CSEC's website provides more information on CSEC's mandate)

With the emphasis on reviewing the lawfulness of CSEC activities and the protection of the privacy of Canadians, the legislation requires that the CSE Commissioner be a supernumerary or retired judge of a superior court.

The Commissioner's legislative mandate includes:

CSE Commissioner

The Commissioner is an independent statutory officer and is not subject to general direction from the Prime Minister, the Minister of National Defence (who is accountable to Parliament for CSEC) or any other minister on how to carry out his mandate. The Commissioner assists the Government of Canada in its control of CSEC by providing advice to the Minister of National Defence to support the Minister's decision making and accountability for CSEC. The Commissioner's unclassified annual report for Parliament states whether CSEC has acted lawfully and the extent to which it protected the privacy of Canadians in the conduct of its activities, as do his classified reports to the Minister.

To be effective, reviewers need specialized expertise to be able to understand the technical, legal and privacy aspects of CSEC activities. They also need security clearances at the level required to examine CSEC records and systems. They are bound by the Security of Information Act and cannot divulge to unauthorized persons the specific information they access.

I also have a mandate under the Security of Information Act to receive information from persons who are permanently bound to secrecy if they believe it is in the public interest to release special operational information of CSEC. (More information on the Commissioner's responsibilities for public interest defence is available on the office's website.)

Annex A contains the text of the relevant sections of the National Defence Act and the Security of Information Act relating to my role and mandate as CSE Commissioner.

Our approach

The purpose of my review mandate is:

Protection of Canadians' privacy

CSEC is prohibited by law from directing its foreign signals intelligence collection and IT security activities at Canadians – wherever they might be in the world – or at any person in Canada. My review of CSEC activities includes determining whether CSEC takes satisfactory measures to protect every Canadian's reasonable expectation of privacy in CSEC use and retention of collected communications. I examine CSEC use, disclosure and retention of private communications. I verify that Canadian identity information is protected and only shared with authorized partners when needed for understanding the foreign signals intelligence or cyber defence information. I also verify that metadata is used to understand the global information infrastructure, obtain foreign intelligence or protect cyber systems, but not to obtain information about a Canadian. I am required under the National Defence Act to report to the Attorney General of Canada and to the Minister of National Defence any activities that I believe may not be in compliance with the law, with a particular emphasis on privacy.

Using a variety of methods, we are continuously conducting reviews of:

(More information on the Commissioner's risk-based and preventative approach to selecting and prioritizing reviews is available on the office's website).

Each review includes an assessment of CSEC activities against a standard set of criteria:

(More information on the Commissioner's review methodology and criteria is available on the office's website.)

Reporting on our findings

My classified review reports document CSEC activities, contain findings relating to the review criteria, and disclose the nature and significance of any deviations from the criteria. Where and when appropriate, I make recommendations to the Minister of National Defence aimed at improving privacy protections or correcting discrepancies between CSEC activities and my expectations.

I determine the content of my reports, which are based on facts and conclusions drawn from those facts. The reports are free of any interference by CSEC or any Minister.

The results of individual reviews are the subject of classified reports to the Minister of National Defence. Following the standard audit practice of disclosure, draft versions of review reports are presented to CSEC for confirmation of factual accuracy. This is essential to the review process given that my recommendations are based on the facts as uncovered in my reviews.

The Commissioner's annual report for Parliament is a public document. CSEC reviews the draft to verify that it does not contain any classified information according to the Security of Information Act. In the interest of transparency and better public understanding, I push the limits to include as much information as possible in my report. The report is provided to the Minister of National Defence who must by law table it in Parliament.

In the interest of transparency within a stringent security framework, my office publishes on our website the titles of all review reports submitted to the Minister of National Defence (with any classified information removed) – 81 to date – to demonstrate the depth and breadth of Commissioners' reviews.

The logic model in Annex B provides a flow chart of the review program.

Date modified: