Update on CSE Efforts to Address Recommendations
CSE has accepted and implemented, or is working to address, 94 percent (152) of the 161 recommendations made since 1997, including the four recommendations in reports this year. Commissioners track how CSE addresses recommendations and responds to negative findings as well as areas for follow-up identified in reviews. The Commissioner's office is monitoring 14 active recommendations that CSE is working to address — 10 outstanding recommendations from previous years and four from this year.
This past year, CSE advised the office that work had been completed in response to six past recommendations.
In its 2014–2015 ministerial authorizations year-end report, CSE implemented two recommendations to provide more precise information to the Minister:
-
the fluctuation in the number of collected communications and unintentionally intercepted private communications that CSE acquires and retains is reported throughout the period that a ministerial authorization remains in effect, and not just at the end of the period (from the review of foreign signals intelligence ministerial authorizations summarized in the 2013–2014 annual report); and
-
the difference is highlighted between private communications unintentionally intercepted under cyber defence activities — which often involve malicious code and a lowered or no expectation of privacy — and under foreign signals intelligence collection activities (from the review of information technology security activities conducted under ministerial authorization summarized in the 2014–2015 annual report).
CSE implemented two other recommendations by issuing policy guidance to:
-
specify the circumstances and treatment of a particular type of one-end Canadian communication (also from the review of foreign signals intelligence ministerial authorizations summarized in the 2013–2014 annual report); and
-
formalize and strengthen existing practices for addressing potential privacy concerns with second party partners (from review of the activities of the CSE Office of Counter Terrorism summarized in the 2013–2014 annual report).
CSE addressed a recommendation from the review of its assistance to the Canadian Security Intelligence Service (CSIS) under section 16 of the Canadian Security Intelligence Service Act (summarized in the 2014-2015 annual report) by developing a caveat to attach to specific operational material that may be shared with second party partners to make clear that the material should not be used without the express authorization of CSE.
Finally, CSE has already adjusted the format of its Privacy Incidents File to address the Commissioner's recommendation in this year's report to make certain that future records contain adequate information to describe and document each incident in a thorough manner in order to demonstrate compliance and that appropriate actions have been taken to correct or mitigate any consequences of an incident. The Commissioner's office will assess the new record format as part of next year's annual review of privacy incidents.
The Commissioner has encouraged the Chief of CSE to hasten work on one important outstanding recommendation summarized in the 2013–2014 annual report: that the Minister issue a new general directive to CSE that sets out expectations for the protection of the privacy of Canadians when CSE shares foreign intelligence. While information sharing with second party partners is an essential component of CSE foreign signals intelligence and other activities, it has the potential to directly affect the privacy and security of a Canadian when a private communication or Canadian identity information is shared.
- Date modified: