CSE's Ministerial Authorization
Accountability and Mandate
The Communications Security Establishment (CSE) is a civilian agency within the Minister of National Defence's portfolio lawfully mandated to provide and protect information for the Government of Canada. These activities are increasingly focused on supporting the Government's national security priorities, as embodied in the Anti-Terrorism Act and the National Security Policy.
The Minister of National Defence is accountable to Cabinet and Parliament for CSE’s activities while providing direction on how CSE carries out its mandate. The Chief, CSE reports directly to the Minister of National Defence.
CSE adheres to all Canadian laws, including the Canadian Charter of Rights and Freedoms, the Criminal Code, the Canadian Human Rights Act and the Privacy Act. Since 1996, the CSE Commissioner, appointed under Part V.1 of the National Defence Act, has reviewed CSE's activities to ensure their compliance with Canadian law. Guaranteed access to all CSE personnel, information and documentation, the Commissioner submits an annual report to the Minister of National Defence which is then tabled in Parliament. If the Commissioner encounters any activity that he believes is not compliant with the law, he is obligated to inform both the Minister of National Defence and the Attorney General. Each of the reports submitted to date has confirmed the lawfulness of the wide range of activities reviewed.
CSE's mandate was codified and continued in the Anti-Terrorism Act, wherein amendments to the National Defence Act (NDA) authorize CSE to engage in three broad areas of activity. The first is to provide foreign signals intelligence (SIGINT) in accordance with Government priorities. The second involves providing advice, guidance and services to ensure the protection of electronic information and information infrastructures of importance to the Government (IT Security). Third, CSE provides technical and operational assistance to federal law enforcement and security agencies in the performance of their lawful duties.
Before passage of the Anti-Terrorism Act, the Criminal Code had prohibited CSE from intercepting any communication that originates or terminates in Canada and where the originator has an expectation of privacy, defined as a "private communication". In order to address the new security environment and respond to rapid changes in technology, the Act's amendment of the NDA served to shield CSE from criminal prosecution by explicitly creating two new narrowly defined authorities within the context of CSE's SIGINT and IT Security operations. These new authorities permit CSE to undertake activities that would previously have been prohibited.
The first new authority enables CSE to collect the communications of foreign intelligence targets even if those communications go into or out of Canada. The overriding condition for the collection of such private communications is that the interception must be directed at foreign entities abroad. The second new authority enables CSE to intercept private communications in the course of assisting the Government in safeguarding its computer systems and networks. Similarly, CSE may not direct any of these activities at Canadians or any persons in Canada, and satisfactory measures must be in place to protect the privacy of Canadians. This legislative shield is essential for CSE to effectively carry out its foreign intelligence and information protection mandates.
CSE's new authorities are exercised under Ministerial Authorization, the central mechanism created by the Anti-Terrorism Act to ensure that all activities involving the potential interception of private communications are governed by measures designed to protect the privacy of Canadians. The Minister of National Defence must issue his written authorization before any activities that may result in the interception of private communications can occur.
A Ministerial Authorization is valid for up to one year, and may be renewed. In each case, the Minister of National Defence must be satisfied that certain explicit conditions have been met, namely that: the interception is either directed at foreign entities located outside Canada (in the case of SIGINT) or is necessary to identify, isolate or prevent harm to the Government's computer systems or networks (in the case of IT Security); the information obtained could not reasonably be derived by other means; the value of the information justifies the interception; and measures exist to ensure that the privacy of Canadians is protected should CSE incidentally acquire private communications.
Strict measures are in place to ensure compliance with these conditions. They include: executive control and oversight; a dedicated group of CSE personnel focused exclusively on the development and implementation of operational policy and procedures; an embedded legal team from the Department of Justice that works closely with and provides advice to CSE staff; active monitoring of internal processes; and external review by the CSE Commissioner as well as the Privacy Commissioner.
Benefits of the Regime
CSE's Ministerial Authorization regime has yielded a wide range of operational benefits in the last three years. Authorizations have allowed CSE to improve its understanding of the global communications environment, a vital step in acquiring foreign intelligence and protecting Canada's most sensitive information and infrastructure. CSE's new authorities have also encouraged it to develop independent, cutting-edge Canadian collection and protection programs that would have been impossible without the legal shield provided by the Authorizations. These capabilities have been welcomed by CSE's clients and partners as crucial to the Government's collective national security efforts, and have led to expanded cooperation and information sharing at home and abroad.
At the same time, CSE is cognizant of its legal and moral duty to protect the privacy of Canadians, and continues to strengthen its controls through the rigorous application of policies, procedures and active monitoring of operations even as it builds additional capacity. Indeed, through greater knowledge and hands-on experience, CSE has refined its techniques so as to significantly reduce the chances of inadvertently intercepting private communications. Clearly, CSE is committed to fulfilling its mandate in the most effective and efficient manner possible while adhering to all laws and the highest standards.