Key Takeaways:
- The Communications Security Establishment (CSE) violated a law that prohibits it from focusing on Canadians when analyzing information from an electronic device.
- The National Security and Intelligence Review Agency found that the CSE’s actions were directed at a Canadian, which is not permitted under its foreign intelligence mandate.
- The CSE has agreed to update its policies to prohibit the analysis of information relating to a Canadian or person in Canada for the purposes of identifying foreign intelligence.
- The Canadian Security Intelligence Service (CSIS) disagreed with a recommendation to stop making requests to the CSE for action or further information in relation to Canadians or people in Canada.
- The spy watchdog emphasized the importance of effective collaboration between the CSE and CSIS, while also establishing clear guardrails to ensure that their differing mandates and legal frameworks are respected.
Introduction to the Issue
The National Security and Intelligence Review Agency has released a report that highlights a significant lapse in the actions of the Communications Security Establishment (CSE), Canada’s cyberspy agency. The report reveals that the CSE violated a law that prohibits it from focusing on Canadians when analyzing information from an electronic device. This violation occurred when the CSE analyzed information from a Canadian’s device, which was obtained by the Canadian Security Intelligence Service (CSIS) through a warrant. The CSE’s actions were intended to gather foreign intelligence information, but the watchdog agency found that this was not a valid justification for directing its activities at a Canadian.
The Role of the CSE and CSIS
The CSE and CSIS are two core pillars of Canada’s security and intelligence community. The CSE is responsible for gathering foreign intelligence in the online world and protecting Canada from cyber threats, while CSIS investigates threats to Canada such as espionage, terrorism, and foreign interference. The two agencies have different mandates and legal frameworks, which can create tension and complexity in their collaboration. The CSE is prohibited from directing its activities at Canadians, while CSIS is authorized to collect and share information about Canadians. This tension is highlighted in the report, which notes that the CSE’s actions in analyzing the Canadian’s device were not permitted under its foreign intelligence mandate.
The Watchdog’s Findings
The National Security and Intelligence Review Agency’s report found that the CSE’s actions were not justified under the exception for incidental collection. The exception allows the CSE to acquire and use Canadian information if it is collected incidentally, meaning that it was not deliberately sought and its collection was not directed at a Canadian or a person in Canada. However, in this case, the CSE conducted the analysis on Canadian information with the intent to obtain foreign intelligence information, which is not permitted. The watchdog agency concluded that the CSE’s actions were directed at a Canadian, which is a violation of its enabling legislation.
Recommendations and Responses
The review agency made several recommendations to address the compliance issue, including that the CSE update its policies to prohibit the analysis of information relating to a Canadian or person in Canada for the purposes of identifying foreign intelligence. The CSE agreed with this recommendation and stated that it would adjust its policy training material for operational analysts to address any ambiguity about which actions are permitted. However, CSIS disagreed with a recommendation to stop making requests to the CSE for action or further information in relation to Canadians or people in Canada through CSIS lead information messages. CSIS argued that a complete cessation of such requests would have a negative impact on its ability to investigate threats to Canada’s national security.
Importance of Collaboration and Guardrails
The spy watchdog emphasized the importance of effective collaboration between the CSE and CSIS, while also establishing clear guardrails to ensure that their differing mandates and legal frameworks are respected. The report noted that structures for governance, clear demarcation of roles and responsibilities, and information-sharing must be paramount in each effort involving the two spy agencies. This is critical to protecting national security and advancing Canada’s interests, while also ensuring that the rights of Canadians are respected. The report highlights the need for careful planning and coordination between the CSE and CSIS to avoid similar compliance issues in the future.
Conclusion
The report by the National Security and Intelligence Review Agency highlights a significant lapse in the actions of the Communications Security Establishment and emphasizes the importance of effective collaboration and clear guardrails between the CSE and CSIS. The CSE’s agreement to update its policies and the CSIS’s disagreement with the recommendation to stop making requests for action or further information in relation to Canadians or people in Canada highlight the complexity and challenges of balancing national security with the protection of Canadians’ rights. The report underscores the need for ongoing vigilance and oversight to ensure that Canada’s security and intelligence agencies operate within their legal frameworks and respect the rights of Canadians.
