2004-2005 Activities

Each year, my office undertakes extensive reviews of CSE activities in areas that were identified as priorities as part of a multi-year workplan. Most often, these are areas within the intelligence production cycle where there is the potential for privacy issues to be raised. I report to the Minister of National Defence on all my reviews, either to provide assurance of the lawfulness of CSE activities or to bring his attention to specific concerns that arise as a result of the reviews. My activity as Commissioner properly remains confined to ex post review, and not to oversight, which entails a role in relation to CSE's ongoing activities.

During 2004-2005, I submitted a total of five classified reports to the Minister – two under my general review mandate and the remainder in compliance with my mandate to review specific activities authorized by the Minister.

The review process

As in all my work, I place a high priority on collaboration during the review process. In practice, this means sharing any concerns with relevant personnel in CSE at the earliest possible stage so that appropriate corrective action can be taken, if required. As part of my office's efforts to effect change in a timely way, my staff now provide a summary briefing to all concerned CSE personnel following the review process.

One of the underlying principles guiding review is the anticipation of problem areas before they arise. That means looking beyond the issue of whether an unlawful activity has occurred, to whether one might occur and what measures can be put in place to prevent it. I believe this type of proactive and preventive approach is essential in balancing the undisputable need for security and intelligence activities with the fundamental privacy rights we have come to expect in Canada.

Reviews under the Commissioner's general mandate

In the period covered by this report, I submitted two classified reports to the Minister of National Defence on subjects related to my general mandate[1] to review CSE's activities to ensure they conform with the law.

One of the reports involved a review of an operational program conducted by CSE under the authority of subsection 273.64(1)(a) of the NDA, often referred to as CSE's foreign intelligence mandate. In this instance, my findings indicated that CSE had acted lawfully in respect of this program. Moreover, employees assigned to this program demonstrated knowledge and awareness of the relevant law and policy that governed it.

The other classified report to the Minister concerned my review of a subset of activities conducted by CSE under the authority of subsection 273.64(1)(c) of the NDA, in response to requests for assistance received from federal law enforcement agencies.[2] In this regard, the RCMP is CSE's primary client. When providing assistance to the RCMP, the scope of which is limited and defined in policy, CSE does so as an agent. Before agreeing to act in that capacity, however, CSE must first satisfy itself that the RCMP is authorized to make the request and then be satisfied that it has the authority to provide the assistance the RCMP has requested.

My office examined CSE's assistance to the RCMP under mandate (c) for the year 2003. Based on the activities reviewed, CSE's assistance was found to be in compliance with the law.

That being said, however, both reports included recommendations, many of which concerned certain weaknesses in CSE's policies and procedures, an area that has drawn similar attention and mention in previous reviews. I have also recommended that CSE accelerate efforts to improve and update existing information and records management systems. At the time of writing, CSE had resolved some of these issues and had committed to address the remainder in the coming months.

Reviews of activities under ministerial authorization (MA)

As stated, it is my practice to conduct ex post review. In the case of CSE's MA-related activities, my reviews are undertaken once the authorizations in question expire.

My focus for the year under review was on activities conducted by CSE under the authority of three MAs, all of which concerned foreign intelligence collection and were the subject of classified reports to the Minister.

In conducting review activities for MAs, my office is guided directly by the legislation, which dictates what activities CSE can and cannot undertake. Specifically, my reviews in this area focus on the interception of private communications, which is what an MA authorizes. A private communication is defined in section 183 of the Criminal Code as

For the purpose of foreign intelligence collection, the NDA authorizes CSE to intercept private communications as long as the interception was the result of its having directed activities at a foreign entity located outside Canada. Over the past two years, I have focused much of my attention on foreign intelligence MAs because of their broad scope and potential degree of intrusiveness on the privacy of Canadians. While information technology security (ITS) MAs also authorize the interception of private communications, CSE seeks such authority in every instance at the request of the client agency whose systems and networks are being verified.

In my last annual report, I observed that a number of my concerns had been resolved, while some others remained. During this past year, I have been able to bring clarity to points of law and interpretation with respect to CSE's activities conducted under the authority of these provisions. My office engaged in discussions with staff and officials at CSE throughout this process.

For jurists who are accustomed to dealing with warrants issued by judges, a foreign intelligence MA is a strange sort of creature. However, one must take into account that, when collecting foreign intelligence, CSE is directing its interception efforts at foreign communications, or at least at the foreign end of communications, and a warrant issued by a Canadian court has no jurisdiction outside Canada in this instance.

Foreign intelligence MAs are a unique solution to an equally unique set of circumstances that can arise when CSE recognizes that an intercepted communication either leads into, or flows out of, Canada. While the interception has not been directed at a communication in Canada, one end of the communication is in Canada and is therefore, by law, a private communication. If this communication contains information essential to international affairs, defence or security, as specified in CSE's legislation, it is reasonable that the Government of Canada would want CSE to retain and report on it.

The foreign intelligence MA provisions in Part V.1 of the NDA include four conditions that must be met before the Minister of National Defence will authorize the interception of a private communication. I am of the opinion that their inclusion is both reasonable and consistent with other legislation that establishes an authority to engage in activities that would, in the absence of adequate justification, be judged an infringement on the rights of individuals as protected by the Charter of Rights and Freedoms.

In my view, these MA provisions are an exception to Part VI of the Criminal Code that protects against the invasion of privacy. I have no doubt as to their purpose because the NDA explicitly authorizes the interception of private communications subject to the threshold established by the four conditions, and to ministerial review. From my examination of private communications intercepted by CSE, I am able to determine if CSE has met the conditions imposed in the MA – for example, I know if the interception was a result of activities directed at a foreign entity outside of Canada. I can also determine if the communication was lawfully used, retained or destroyed – that is to say, whether or not it was essential to the international affairs, defence or security of Canada.

In light of the above, I believe my review of activities that CSE has conducted under a foreign intelligence MA must focus on the intercepted private communications that CSE identifies to me as having been recognized and retained during the term of the authorization.

The Minister of National Defence is aware of how I have interpreted and will continue to discharge my mandate in respect of foreign intelligence MAs. I have also provided the Minister with my interpretation of the MA provisions, as currently written, and what they allow for in law. Further, I have made specific suggestions as to what could be done to remove ambiguities and to ensure a common understanding of the operational application of these provisions.

Review of past recommendations

There is substantial evidence that I believe supports my office's review function and the impact it has had on CSE's internal processes over the years. When warranted by the review findings, I may include recommendations for action on the part of CSE. My recommendations are, appropriately, non-binding. Binding recommendations would usurp the prerogative of both the Minister, who has overall responsibility for CSE, and of the Chief of CSE, who is responsible under Part V.1 of the NDA for the management and control of the organization. However, one of the concerns with a review body whose recommendations are non-binding is whether that review is effective or not. I can say with confidence that review works, based on my experience with CSE's response to the recommendations made by my office.

As I outlined in my previous annual report, last year we began a process to track CSE's response to the recommendations my predecessor and I made in classified reports submitted to the Minister of National Defence since 1996. I am pleased to provide an update. A process has also been put in place to ensure a timely response to recommendations made in upcoming reports from my office.

Over the past year, my staff worked closely with CSE to monitor their response and subsequent actions with respect to the recommendations – including establishing timetables and target dates for completion. Of the 77 recommendations made from 1996 to the end of the current fiscal year, the majority have been accepted and implemented, and I am awaiting what I believe will be a positive response from CSE on a number of others. Many of the recommendations address broad policy issues such as formalizing relations, while others focus on technical and operational practices, including ensuring consistent definitions and appropriate accountability structures. That being said, the ultimate goal of all recommendations I make is to prevent conditions or practices that have the potential to lead to unlawfulness or that could affect the privacy of Canadians. I believe that this tracking process for recommendations is fundamental to achieving this goal.

I commend the Chief of CSE on the extent to which he has accepted review as an integral part of the vision for his organization. As well, I would like to express my appreciation to CSE for their co-operation and willingness to monitor the recommendations.

2004-2005 findings

Each year, I state my findings about the lawfulness of CSE's activities based on the reviews my office has conducted over the past year. I am able to report that I am satisfied that the CSE activities examined during the period under review complied with the law. Moreover, I am satisfied that the intercepted private communications I examined were lawfully acquired, used and retained.

Complaints and concerns about CSE Activities

Under Paragraph 273.63 (2)(b) of the National Defence Act, I am required to respond to a complaint by undertaking any investigation I consider necessary to determine whether CSE is engaging in unlawful activity. At various fora, people have expressed their surprise at the limited number of complaints directed toward my office over the years.

To my mind, the likelihood of a public complaint is diminished by the nature and focus of CSE's activities, which are technology-based and directed at foreign entities outside Canada. Unlike other federal intelligence or law enforcement agencies, CSE neither has a public profile nor engages in activities that place it in the public domain. During 2004-2005, I received no complaints about CSE activities from any source.

---

[1] See Annex A.

[2] 273.64(1) The mandate of the Communications Security Establishment is: (c) to provide technical and operational assistance to federal law enforcement and security agencies in the performance of their lawful duties.