Highlights of the Seven Reviews Submitted to the Minister in 2011–2012
1. CSEC's retention and disposal of intercepted or copied communications
Background
The ever-increasing amount of electronic information being generated in our interconnected world has created challenges for CSEC in managing the retention (storage) and disposal (destruction) of the information it acquires. CSEC's foreign signals intelligence and IT security programs recently made significant technological changes impacting on their respective retention and disposal practices for acquired communications.
Paragraph 273.64(2)(b) of the National Defence Act requires CSEC to take measures to protect the privacy of Canadians. It includes the manner in which CSEC retains and disposes of communications that it intercepts in the conduct of its foreign signals intelligence collection and IT security activities. In this review, I paid particular attention to CSEC's retention and disposal of unintentionally intercepted private communications and Canadian identity information.
As a Government of Canada institution, CSEC also has a legal requirement to keep certain records. The Access to Information Act and the Privacy Act both recognize that citizens have the right, under specified conditions, to access government records. Federal institutions, such as CSEC, must also protect any personal information that they may collect or transmit. These legal requirements reinforce the obligation for CSEC to maintain a comprehensive and complete inventory and description of its information holdings. The unauthorized destruction of a record could result in an inability to document an activity, and consequently, an inability to demonstrate compliance.
My predecessors and I have always monitored CSEC's information management practices because the creation and retention of records is one of the main means by which CSEC can account for its activities and provide assurance that its activities comply with legal, ministerial and policy requirements. My predecessors made a number of recommendations that resulted in significant developments in CSEC's information management practices and related systems to strengthen compliance.
Findings
I found that both CSEC's foreign signals intelligence collection and IT security programs have incorporated into the digital architectures of their respective programs a number of legal, ministerial and policy requirements relating to retention and disposal. I acquired detailed knowledge of and documented this policy-based and technology-assisted approach to CSEC information management practices. During this review, I found that CSEC built a number of automated compliance requirements into its systems to permit monitoring and auditing of its activities, as well as providing one level of proof of that compliance.
CSEC's policies and procedures for retention and disposal of acquired communications provide sufficient direction to CSEC employees respecting these activities and the protection of the privacy of Canadians. The retention and disposal periods set out in CSEC policies are reasonable. However, CSEC's inconsistent use of certain terminology in foreign signals intelligence and IT security policies is confusing and should be clarified. I will monitor CSEC efforts to clarify these policies.
I also found that CSEC had implemented recommendations made by my predecessors to establish records management authorities and retention and disposition schedules.
Conclusion
I concluded that CSEC conducted its retention and disposal activities during the period under review in accordance with legal and ministerial requirements and its policies and procedures.
2. CSEC's operations centre and particular foreign signals intelligence collection activities conducted in 2010
Background
CSEC's operations centre serves as the primary point through which CSEC interacts with Government of Canada clients, international partners and various internal CSEC sections during times of significantly elevated or unexpected activity. During such periods, the centre provides increased coordination. As part of its routine duties, the centre coordinates and produces a daily operational brief for the Chief of CSEC and provides other information to management, as required.
Findings
My review focused on an examination of the centre through an assessment of some of its activities conducted in 2010 under CSEC's mandates for foreign signals intelligence collection and assistance to federal law enforcement and security agencies. My highest priority was to assess the potential for risk posed to privacy in the conduct of these activities.
I also paid particular attention to CSEC's processing of requests from Government of Canada clients for releases of Canadian identity information suppressed in foreign signals intelligence reports produced by the centre. CSEC conducted these activities appropriately.
In novel or uncertain circumstances characteristic of an operations centre, I found that CSEC's use of temporary policy instruments to streamline approval processes in particular situations was appropriate. More broadly, CSEC managers and employees were aware of all relevant policies and procedures. CSEC managers routinely monitored their teams' activities to ensure compliance with both law and policy.
However, CSEC's operational instructions for some activities provided only limited direction specific to the nature of the operations centre. CSEC recognized this gap and is developing an operational instruction tailored to the centre's activities. I will monitor the implementation of this solution.
Conclusion
I concluded that CSEC conducted the examined activities in accordance with the law and ministerial requirements. A primary factor affecting my decision to review CSEC's operations centre was the potential for error in situations of increased pressure and time constraints. I found that, despite these circumstances in which the centre operated, the activities examined did not present any greater risk to compliance or to the privacy of Canadians than activities conducted by other sections of CSEC during routine business.
3. Update on an ongoing review of CSEC's foreign signals intelligence sharing with international partners
Background
It is common knowledge that Canada is a net importer of intelligence. CSEC's ability to fulfill its foreign signals intelligence collection and IT security mandates rests, in part, on building and maintaining productive relations with its foreign counterparts. CSEC's long-standing relationships with its closest allies — the United States' National Security Agency, the United Kingdom's Government Communications Headquarters, the Australian Defence Signals Directorate, and the New Zealand Government Communications Security Bureau — continues to benefit CSEC, and, in turn, the Government of Canada. This cooperative alliance may be more valuable now than at any other time, in the context of increasingly complex technological challenges.
The global nature of terrorism requires security and intelligence agencies to cooperate and share information with one another. The Government of Canada's response to the Report of the Standing Committee on Public Safety and National Security Review of the Findings and Recommendations Arising From the Iacobucci and O'Connor Inquiries, recognized that:
the exchange of information with foreign partners raises unique challenges — policy, legal and operational — that are examined on a case-by-case basis in the context of Canada's national security environment. The cumulative result of successive commissions of inquiry, reports and lessons learned has been the refinement of policies and practices surrounding the exchange of information between foreign partners and Canada's national security and intelligence and law enforcement communities. (page 4)
The need for information sharing is vital. However, information must be exchanged in compliance with the laws of Canada and must include sufficient measures to protect the privacy of Canadians. Although these cooperative arrangements include a commitment by the partners to respect the privacy of each others' citizens, it is recognized each partner is an agency of a sovereign nation that may derogate from the agreements, if it is judged necessary for their respective national interests.
Past Commissioners have also examined specific aspects of CSEC's foreign signals intelligence collection cooperation and sharing with international partners. This year, as part of this focused review, I provided the Minister with an update on my ongoing review of these activities.
Findings
Thus far, I have found that CSEC does take measures to protect the privacy of Canadians in what it shares with its international partners. For example, CSEC suppresses Canadian identity information in what is shared with its international partners. In addition, open and ongoing communications among the partners helps to limit the potential to affect the privacy of a Canadian.
However, my review has also identified some important questions that I will continue to examine in the coming year, including: how does CSEC assure itself that its international partners follow the long-standing agreements and practices that provide a foundation for CSEC's foreign signals intelligence information sharing?
I will complete my review in 2012–2013.
4. Annual combined review of CSEC foreign signals intelligence ministerial authorizations
Background
Subsection 273.65(8) of the National Defence Act requires me to review CSEC activities carried out under ministerial authorizations "to ensure they are authorized and report annually to the Minister [of National Defence] on the review". An annual combined review of the foreign signals intelligence collection ministerial authorizations is one way that I fulfill this part of my mandate. This year, I examined the five foreign signals intelligence ministerial authorizations in effect in 2009–2010 relating to five activities or class of activities. The purpose of this annual combined review of the five foreign signals intelligence collection ministerial authorizations is to:
- identify any significant changes to the ministerial authorization documents themselves or to CSEC's activities described in the authorizations;
- assess the impact, if any, of these changes on the risk of non-compliance and on the risk to privacy, and, as a result, identify any subjects requiring follow-up review; and
- examine a sample of my choosing of any resulting private communications unintentionally intercepted by CSEC during the conduct of the activities under the ministerial authorizations.
Findings
Within this approach, I assessed whether CSEC's foreign signals intelligence collection activities complied with the law and protected the privacy of Canadians. I found that the activities carried out by CSEC under these ministerial authorizations were authorized. I also reviewed a sample of private communications retained by CSEC but that were not used in CSEC reports. I found that CSEC retained only those private communications essential to international affairs, defence or security, as required by paragraph 273.65(2)(d) of the National Defence Act.
For each of the five foreign signals intelligence collection activities, I examined certain key information relating to interception and to the privacy of Canadians, to permit comparison of the activities and to identify any significant changes or trends over time.
The 2009–2010 foreign signals intelligence collection ministerial authorizations did not contain any significant changes from the previous year and CSEC did not make any significant changes to the technologies used for these activities. CSEC did, however, clarify and enhance associated operational policies, including direction relating to the protection of the privacy of Canadians.
In addition, the effective periods for the ministerial authorizations changed — starting and ending on different dates from previous years' authorizations. This affected my ability this year to examine year-to-year changes in certain metrics relating to interception and to the privacy of Canadians. In addition, certain information on intercepted communications involving CSEC's international partners was not readily available. I will examine this issue as part of my ongoing review of CSEC's foreign signals intelligence information-sharing activities with these partners.
I examined CSEC's activities in response to a 2009 recommendation that CSEC establish formal management processes for when CSEC considers undertaking certain proposed foreign signals intelligence collection activities and for the recording of the resulting decision. I found that CSEC addressed this recommendation in an amendment to an operational policy.
As of the end of the 2011–2012 reporting period, I am awaiting a response from the Minister of National Defence to a recommendation I made in last year's report that CSEC be required, in a ministerial authorization, to report to the Minister certain information relating to privacy. This requirement would support the Minister in his accountability for CSEC, including for the measures CSEC takes to protect the privacy of Canadians. The Minister had initially supported CSEC's rejection of this recommendation. However, I sent the Minister further information and I understand that CSEC is now reviewing this matter. I remain of the view that CSEC should implement this recommendation.
CSEC implemented a compliance validation program for its foreign signals intelligence activities. Changes to associated operational policy are also under development to address a recommendation in my review last year on this subject, as well as in response to a related audit report by CSEC's internal auditors. Next year, I will begin a detailed review of CSEC's management control framework and how this program helps CSEC document and demonstrate compliance with legal and policy obligations.
Conclusion
Apart from the instance on maintaining a recommendation from 2010–2011, my review contained no recommendations.
5. Annual review of a sample of disclosures of Canadian identity information to Government of Canada clients for calendar year 2011
Background
My predecessor directed in 2010 that an annual review of a sample of disclosures of Canadian identity information to Government of Canada clients be conducted, to verify that CSEC continues to comply with the law and maintains measures to protect the privacy of Canadians.
Canadian identity information may be included in CSEC's foreign signals intelligence reports if it is required to understand or use foreign intelligence. However, any information that identifies a Canadian must be suppressed in the reports — that is, replaced by a generic reference such as "a named Canadian". When receiving a subsequent request for disclosure of the details of the suppressed information, CSEC must verify that the requesting client has both the authority and operational justification for obtaining the Canadian identity information. Only then may CSEC provide that information.
Findings
I examined a sample representing approximately 20 percent of the total number of requests approved during the period under review. The sample included disclosures made to all of the Government of Canada departments and agencies that had requested Canadian identity information during the period under review. My officials examined: the requests documenting the clients' authority and justification for obtaining the Canadian identity information; associated CSEC foreign signals intelligence reports; and the actual disclosures of Canadian identity information.
I found that CSEC's disclosure of suppressed Canadian identity information to Government of Canada clients was conducted in compliance with the law. Operational policies and procedures are in place and provide sufficient direction to CSEC employees respecting the protection of the privacy of Canadians and CSEC employees were knowledgeable about, and acted in accordance with, the policies and procedures.
I also examined CSEC's progress since last year to address my 2010 recommendations relating to tools that could support the tracking of disclosures of Canadian identity information and improve the consistency and accuracy of related reporting. CSEC provided my officials with a demonstration of the capabilities of a new system for disclosures that has been introduced and will address the recommendations. I will continue to monitor the implementation of this system, and will ensure that it sufficiently incorporates safeguards to protect the privacy of Canadians.
Conclusion
My review did not result in any recommendations. However, my officials observed and communicated to CSEC that the section responsible for processing disclosure requests did not show its usual meticulousness during the period under review. Nevertheless, my officials found during their examination clear evidence that the activities were lawful and conducted in accordance with policies and procedures. While the gaps in CSEC's records did not lessen the protection of the privacy of Canadians in respect of those disclosures, I alerted CSEC to these gaps for the purpose of eliminating them.
6. and 7. Annual review of incidents identified by CSEC in 2010 and annual review of incidents identified by CSEC in 2011 that affected or had the potential to affect the privacy of Canadians and the measures taken by CSEC to address them
Background
In 2007, the Chief of CSEC wrote to the Commissioner to inform him that CSEC had created a central file describing CSEC operational incidents that did or could impact the privacy of Canadians. The Chief indicated that the file would be made available to the Commissioner for review as a proactive means to demonstrate CSEC's commitment to protecting privacy, helping ensure transparency and enhancing public confidence in CSEC.
According to CSEC, it records in this central file any incidents that put at risk the privacy of a Canadian in a manner that runs counter to or is not provided for in its operational policies. CSEC policy requires CSEC foreign signals intelligence and IT security employees to report and document privacy incidents in order to demonstrate compliance with CSEC policies and legal requirements, and to prevent further incidents. Incidents could include the inadvertent inclusion of Canadian identity information in a report, or mistakenly sharing certain reports with the wrong recipient.
My reviews of CSEC activities include an examination of any privacy incidents relating to the subject under review. The objectives of such annual reviews are to: acquire knowledge of the incidents and of corrective actions; and inform development of my work plan, by determining if there are any systemic issues or issues about compliance with the law or the protection of the privacy of Canadians that should be subject to follow-up review. The review of these privacy incidents identified by CSEC also assists me in evaluating CSEC's management control framework. My employees are vigilant during other reviews about identifying this type of error, so we can confirm whether CSEC also identified and addressed them.
2010 findings
In early 2011, I conducted an initial review of all of the 2010 privacy incidents in CSEC's central file, but did not complete the review in time to report last year. I examined all foreign signals intelligence and IT security privacy incidents and the subsequent actions taken by CSEC to correct the incidents, focusing on those incidents not examined in detail in my other reviews.
I was satisfied that CSEC took appropriate corrective actions in a timely manner in response to the privacy incidents it recorded during 2010. My review did not reveal any systemic deficiencies or issues that required follow-up review. I also noted that CSEC revised guidance about how to respond to certain privacy incidents.
2010 conclusion
My review of the privacy incidents in 2010 did not result in any recommendations. However, my officials identified and communicated to CSEC suggestions to make CSEC's central file complete and consistent, in particular concerning the assessment of potential consequences flowing from the privacy incidents, and verifying whether and when corrective actions had been taken.
2011 findings
In 2012, I examined all foreign signals intelligence and IT security privacy incidents recorded by CSEC in calendar year 2011, and the subsequent actions taken by CSEC to correct the incidents.
I was particularly interested in the remedial actions CSEC plans to take to address three particular privacy incidents. One involved CSEC issuing guidance to address a policy gap relating to CSEC exchanges of information containing Canadian identity information. This gap was identified during one of my ongoing reviews. For two other privacy incidents relating to certain IT security activities, I am also pleased to note that CSEC will issue guidance for handling certain information and associated reporting. I will monitor CSEC's efforts to address these follow-on activities.
2011 conclusion
I am satisfied that CSEC took appropriate corrective actions in response to the privacy incidents it recorded in 2011. My review of the privacy incidents in 2011 did not reveal any systemic deficiencies or issues that require follow-up review. I did not make any recommendations.
I was generally satisfied that CSEC addressed the suggestions I made about it's central file in 2010 to make it complete and consistent. Most entries for 2011 contained sufficient information, including corrective and mitigation actions taken by CSEC or by its partner agencies.
- Date modified: