Review Methodology
In the conduct of a review, the Commissioner's staff examine relevant written and electronic records, files, correspondence and other documentation, including policies, procedures and legal advice. CSEC provides briefings and demonstrations of its activities as well as detailed answers in response to written questions from the Commissioner's office.
Commissioner's staff may test the information obtained against the contents of CSEC systems and databases. In addition, Commissioner's staff interview CSEC managers and other personnel involved in activities under review and observe firsthand CSEC operators and analysts to learn exactly how they are conducting their work.
The Commissioner's office may also refer to the work of CSEC's internal auditors and evaluators. In some cases, this may lead to identifying an activity for review.
Review criteria
Reviews conducted by the Commissioner's office include an assessment of CSEC's activities against a standard set of criteria respecting legal requirements, ministerial requirements, and CSEC policies and procedures. Other criteria may be added to each review, as appropriate.
Legal requirements: The Commissioner expects CSEC to conduct an activity in accordance with the NDA, the Canadian Charter of Rights and Freedoms, Privacy Act, Criminal Code, any other relevant legislation and Justice Canada advice.
Ministerial requirements: The Commissioner expects CSEC to conduct an activity in a manner that is in accordance with ministerial direction, namely any requirements and limitations set out in a ministerial authorization or directive.
Policies and Procedures: The Commissioner expects CSEC to have appropriate policies and procedures in place to guide an activity and to provide sufficient direction respecting legal and ministerial requirements and the protection of the privacy of Canadians. The Commissioner expects CSEC employees to be aware of and comply with policies and procedures. The Commissioner also expects CSEC to utilize an effective management control framework to ensure that the integrity and lawful compliance of an activity is maintained on a routine basis. This includes appropriate accounting for decisions taken and for information relating to compliance and the protection of the privacy of Canadians.
A new approach to reviewing foreign intelligence activities
CSEC's foreign intelligence collection activities conducted under ministerial authorization involve a number of distinct methods of acquiring information from the global information infrastructure. Nevertheless, there are a number of common processes and associated tools, as well as common systems and databases, which support these collection methods and which CSEC uses to deal with the information obtained. For example, common to all of the collection methods are the processes by which CSEC: selects foreign entities located outside Canada that are of foreign intelligence interest; shares reports and information with its clients and international partners; and retains or disposes of intercepted communications.
Rather than examine thoroughly individual ministerial authorizations, it was assessed as more effective to examine thoroughly each process common to CSEC's foreign intelligence collection activities under ministerial authorization. This new approach, which cuts across the collection methods, is referred to as horizontal review.
Why horizontal review?
The horizontal review approach, born of years of accumulated review experience on the part of the Commissioner's office, is designed to provide the Commissioner's staff with an even more comprehensive understanding of how CSEC conducts its activities. Ultimately, its objective is to increase the degree of assurance the Commissioner can provide to the Minister of National Defence that CSEC is complying with the law and protecting the privacy of Canadians.
In addition to the horizontal review approach, the Commissioner's office now reviews all foreign intelligence ministerial authorizations together, on an annual basis. This review will identify any significant changes to the activities covered by the ministerial authorizations or in the authorizations themselves. Any significant changes will be assessed in terms of their impact on risks of non-compliance and risks to the privacy of Canadians. If appropriate, a detailed review will be conducted. This annual review of foreign intelligence ministerial authorizations will also examine used and retained intercepted private communications to ensure they are communications essential to international affairs, defence or the security of Canada, as required by paragraph 273.65(2)(d) of the NDA.
- Date modified: