How is CSE held accountable?
How are CSE activities reviewed?
CSE’s activities are continuously reviewed by an external and independent review body – the Office of the CSE Commissioner. The Commissioner is mandated to review CSE’s activities to determine whether our activities are in compliance with the law and to review how we protect the privacy of Canadians – including verifying that CSE’s SIGINT and IT security activities are not targeting the communications of Canadians anywhere or any person in Canada. He also ensures CSE is following its policies and procedures on the handling of information collected.
The Commissioner also verifies that we are following any additional restrictions or requirements established by the Minister through Ministerial Directives, Ministerial Authorizations and operational policies. He must inform the Minister as well as the Attorney General of Canada if he believes that CSE may not have acted lawfully.
The Commissioner and his staff are cleared to review classified material. They have access to all CSE’s premises, can access and review any information held by CSE and question any of our staff. The CSE Commissioner also holds all the powers of a Commissioner under Part II of the Inquiries Act, including the power of subpoena, and the power to summon witnesses to give evidence under oath or solemn affirmation.
In exercising his duties, the Commissioner regularly reviews CSE’s operational activities, and examines CSE’s legal and ministerial authorities, requirements and limitations, and policies and procedures. Reviews of CSE activities have included extensive testing, sampling, first-hand observations and interviews with CSE personnel at all levels and in all of CSE's operational functions.
The Commissioner provides classified reports on specific reviews to the Minister of National Defence, to whom the Chief CSE reports and from whom the Chief takes direction. The Commissioner also provides an unclassified annual report for Parliament that summarizes the classified reports. The Minister must by law table the report, as received, in Parliament. These reviews provide the Government, Parliament, and the public with information about whether CSE’s activities comply with the law and the extent to which CSE protects the privacy of Canadians in the conduct of those activities.
Who is the CSE Commissioner?
By law, the CSE Commissioner must be a supernumerary or a retired judge of a Superior Court. The Commissioner’s office also retains independent legal counsel. This ensures that CSE’s primary review body is well versed in Canadian law, particularly as it affects CSE’s operations. Further information and details about the Commissioner, his mandate, his office, his review process and responses to issues of current public interest can be found on the Commissioner’s website.
It is important to note that the CSE Commissioner is completely independent of the Government. While he provides reports to the Minister of National Defence, who is responsible for CSE, he does not take direction from the Minister, the Government, or CSE. In addition, the office of the Commissioner is independently funded by its own budgetary appropriation from Parliament.
How does CSE respond to the CSE Commissioner’s recommendations?
In the course of the Commissioner’s review work, he has made important recommendations to strengthen compliance and privacy protections, as well as more general operational improvements. The Commissioner’s reports, including any recommendations, are submitted to the Minister. The Chief of CSE must respond in writing to each of the Commissioner’s recommendations through the Minister of National Defence. The Commissioner also reviews our progress on implementing recommendations.
Since 1997, the Commissioner has made 150 recommendations, and CSE has accepted, implemented or is acting on over 93% of them. Our responses to these recommendations have led to: improvements in record-keeping, increased level of approvals and sign-off protocols; strengthened privacy protections; better annotation and destruction protocols for electronic and print documents; enhanced management monitoring and internal audit and evaluation; more comprehensive reporting to the Minister and Chief CSE regarding privacy issues; more training and annual testing of operational staff; and in rare cases, even the suspension of activities until appropriate policies were in place.
In the rare cases where CSE does not implement a recommendation, it may be because the issue has already been addressed by other means, or the recommendation is no longer relevant as a result of events or circumstances.
How else is CSE accountable?
CSE’s activities are subject to review by various bodies, similar to other federal departments or agencies. These include the Privacy Commissioner of Canada, the Auditor General, the Information Commissioner, the Canadian Human Rights Commission, and the Commissioner of Official Languages.
For example, a recent review of CSE was included in the 2013 Spring Report of the Auditor General of Canada in the status report on security in contracting. The audit found that CSE adheres to the Policy on Government Security and that our policies provide assurances beyond the level required.
In November, 2011, CSE became a stand-alone agency in the National Defence portfolio. With this new place in Government came new responsibilities. For example, on April 1, 2013, CSE assumed responsibilities for activities related to privacy and access to information, including the task of reporting on CSE’s Personal Information Banks (PIB). CSE takes these responsibilities seriously and has published a full PIB listing in InfoSource, enabling CSE to adhere to the Privacy Act and achieve greater accountability and transparency.
In addition to external review, CSE’s internal Directorate of Audit, Evaluation, and Ethics plays an important role in our accountability by conducting regular audits and evaluations of CSE activities, programs and practices. CSE’s external Departmental Audit Committee, which includes members and a Chair external to government, reviews all internal Audit reports and, if the Committee agrees, recommends their approval. The Committee also reviews CSE’s Action Plans and monitors our progress in implementing actions in response to each of the internal Audit’s recommendations. The Committee also oversees CSE’s audit function, financial controls, risk management, values and ethics, and reviews our financial statements and submissions to the Public Accounts of the government. The Departmental Audit Committee submits an annual report on its activities, including any issues or concerns, to the Comptroller General of Canada of the Treasury Board Secretariat.
All of these forms of review and accountability help ensure that CSE and its staff respect and follow the law, and protect the privacy of Canadians and persons in Canada while performing the important roles of collecting foreign signals intelligence, helping protect information infrastructures of importance to the Government of Canada, and providing technical and operational assistance to federal law enforcement and security agencies in the performance of their lawful duties.