Accountability And Transparency

On August 1, 2019 the Communications Security Establishment Act (CSE Act) came into force. The CSE web site is being updated to reflect the changes in CSE’s authorities and the accompanying accountability and transparency measures.

What will change?

CSE is currently reviewed by the Office of the Communications Security Establishment Commissioner (OCSEC). Under proposed legislation, CSE’s review and accountability framework will evolve to enhance the way in which CSE is reviewed, alongside the broader security and intelligence community. The legislation also strengthens CSE’s Ministerial Authorization regime.

The Government is proposing to establish two new independent bodies through new legislation.

  • the National Security and Intelligence Review Agency (NSIRA)
  • the Intelligence Commissioner (IC).

What does that mean?

NSIRA: The NSIRA would assume responsibility for reviewing all national security activities across the Government of Canada, including all of CSE’s activities. NSIRA would review CSE’s activities for lawfulness and to ensure that CSE’s activities are reasonable, necessary and compliant with ministerial direction. In addition, the NSIRA would serve as the new review body for any complaints against CSE.

The NSIRA would be led by a committee of up to seven members, appointed on the advice of the Prime Minister, in consultation with the leaders in the House of Commons and Senate. The NSIRA would have unfettered access to information necessary to review all national security activities across the federal government. The NSIRA would provide classified reports of its findings and recommendations to relevant ministers and would produce an annual unclassified public report to Parliament summarizing these findings and recommendations. The NSIRA would be fully independent of government and of CSE.

IC: The IC would have a mandate to approve foreign intelligence and cybersecurity Authorizations issued by the Minister of National Defence. IC approval would be required for the Authorizations to come into effect. The IC would be fully independent of government and of CSE. Given the nature of the office’s mandate, the position of the IC would be filled by a retired judge of a superior court.

In issuing a foreign intelligence or cybersecurity Authorization, the Minister must be satisfied that the conditions set out in law are met, including that the activities are reasonable, necessary and proportionate, and that appropriate privacy protections are in place. In order to approve an Authorization, the IC would have to be satisfied that the ministerial conclusions in this regard are reasonable. The IC would be reviewing CSE’s Ministerial Authorizations before CSE could conduct any operations under those Authorizations. The approval of the IC would be binding, meaning that CSE must have the IC’s approval to proceed with those activities.

The Chief of CSE would be required to report to the Minister of National Defence on the outcomes of Ministerial Authorizations. The Minister would then be required to provide the NSIRA and the IC with a copy of that report.

Why are these changes needed?

Successive CSE Commissioners have called on the governments of the day to clarify ambiguities in CSE’s legislation and increase transparency. Canadians have also been clear that they are looking for increased accountability and transparency of their security and intelligence agencies.

The establishment of NSIRA and the IC respond directly to those requests for clarity, accountability and transparency, and would create a more robust and coordinated review of CSE’s activities along with new independent oversight of CSE’s Ministerial Authorization regime. This proposed model recognizes the increasingly interconnected nature of the Government of Canada’s security and intelligence activities and replaces the current siloed approach to review and accountability. Information sharing authorities between review bodies, and with the IC, would add to the depth of review as well as prevent the duplication of efforts.

These proposed changes would enhance transparency and provide as much information about national security activities to Canadians as possible, without compromising the national interest or the effectiveness of operations.

Additional Accountability

In addition to these proposed enhancements to how CSE’s activities are reviewed, CSE would continue to be accountable to the Privacy Commissioner of Canada, the Auditor General, the Information Commissioner of Canada, the Canadian Human Rights Commission, and the Commissioner of Official Languages. CSE would also be subject to review by the proposed National Security and Intelligence Committee of Parliamentarians.

All of these proposed and existing forms of review and accountability will help ensure that CSE continues to respect and follow the law, and protect the privacy of Canadians, while at the same time conducting its critical intelligence and cybersecurity activities.

CSE Accountability Before and After the CSE Act

Before the CSE Act:

The Minister of National Defence approves Ministerial Authorizations and Ministerial Directives, which direct CSE’s activities and operations.

CSE’s activities and operations are reviewed for lawfulness by the Office of the Commissioner of CSE. This office can review all activities, including activities performed under Ministerial Authorizations and Ministerial Directives. They also investigate complaints against CSE.

 

After the CSE Act:

The Minister of National Defence approves Ministerial Authorizations and Ministerial Directives, which direct CSE’s activities and operations.

Ministerial Authorizations on foreign intelligence and cybersecurity must be approved by the Intelligence Commissioner before CSE can conduct collection activities under those authorizations.

Ministerial Authorizations issued for active cyber operations would require the approval of the Minister of National Defence and the Minister of Foreign Affairs. Ministerial Authorizations issued for defensive cyber operations would require the approval of the Minister of National Defence and consultation with the Minister of Foreign Affairs.

CSE’s activities and operations are reviewed for lawfulness by the National Security and Intelligence Review Agency (NSIRA). The NSIRA can review all activities for compliance with Ministerial Directives, for reasonableness and necessity of exercise of its powers. They also investigate complaints about CSE.

CSE activities and operations are also subject to review by the proposed National Security and Intelligence Committee of Parliamentarians.