Some snooping from Canadian spies needs better justification: commissioner

The defence minister's reasons for allowing Canada's foreign signals intelligence agency to perform otherwise illegal activities were sometimes "insufficient," according to the new intelligence commissioner in a first-of-its-kind report.

Jean-Pierre Plouffe, the man who helps review the activities of Canada's two spy agencies, said the linkages used by the minister to justify his conclusions were sometimes lacking, although in the end the commissioner ultimately gave spying requests the green light. 

While many of the details about what clandestine activities actually involved are omitted from the report, it offers a glimpse into the back-and-fourth in deciding when Canada's cyber spies can intercept private communications.

"In some instances, the [intelligence commissioner] determined that the ministerial conclusions were insufficient or non-existent," reads the report, tabled in the House of Commons this week.

The position of intelligence commissioner is relatively new to Canada and was created to offer an independent, quasi-judicial review of the justification used to clear intelligence agencies' of otherwise illegal activity. 

The position was born out of the Liberal's national security overhaul legislation in 2019. The first report looked at a small window: just nine authorization requests from Aug. 1, 2019 to the end of that year.

The Communications Security Establishment's mandate allows it to collect signals intelligence on foreign targets — including information about the "capabilities, intentions or activities" of actors — but they can't spy on Canadians or contravene the Charter.

Due to the line of work, the agency sometimes performs acts that would otherwise break the law. The agency then needs a "foreign intelligence authorization" from the minister, in this case Defence Minister Harjit Sajjan, before moving ahead. 

Those activities are typically "offences in the Criminal Code, such as the interception of private communications, or the conduct of certain activities necessary to enable the acquisition of information for providing foreign intelligence or to keep an activity covert," notes the report, a first of its kind for the new office. 

With a special authorization in hand, CSE can then, despite Canadian law or laws of any foreign states, carry out "any activity specified in the authorization to further its foreign intelligence mandate."

The intelligence commissioner, a retired superior court judge, is responsible for reviewing the reasons behind why the defence minister issued this kind of special authorization. 

Plouffe's report found that while all of the minister's authorizations for CSE's activities, five during the short time period, were reasonable, there were issues in the applications.

"The intelligence commissioner found some inconsistencies in the application records for foreign intelligence authorizations. Notably, the minister's conclusions did not address certain authorized activities and some authorized activities were not supported by facts in the chief of CSE's written application," it reads.

"In addition, a condition imposed by the minister in one of the authorizations was neither addressed in his conclusions nor rationalized elsewhere in the application record."

The 23-page report did not include details of the activities or what the intelligence commissioner felt was missing from the original applications.

CSE says process 'rigorous'

CSE also has the authority to launch certain cybersecurity activities to help protect the government's electronic information and infrastructure from cyber threats. It offers similar protections to critical infrastructure including, energy, finance, and information and communications technology.

If while defending that infrastructure from disruption the agency feels that it needs to intercept private communications, it requires a special cybersecurity authorization. 

Plouffe found two inconsistencies in the application records for that special approval.

"Notably, an activity was not explicitly addressed in the minister's conclusions despite being described in the chief of CSE's application," it reads.

"Further, a condition imposed by the minister in his authorization was neither explained in his conclusions nor supported by information found in the application record."

It then fell to Plouffe to review the evidence to supplement the authorization.

Sajjan said the CSE will take the commissioner's comments into account for future ministerial authorization.

"We will continue to work with the intelligence commissioner to ensure that CSE continues to live up to the high expectations that all Canadians expect," he said in a statement.

"The work that he does provides transparency and is an important part of the oversight of the robust system of checks and balances that our government has put in to place."

A spokesperson for CSE said the agency has already addressed the commissioner's comments.

"It was noted that there were some opportunities in the future for additional information to be included to supplement the minister's conclusions. In each case, the IC recognized the minister's expertise in authorizing these activities and approved all five authorizations without amendment," said Evan Koronewski.

"The process of drafting ministerial authorizations is rigorous. This process involves extensive consultations with key stakeholders across CSE, including operational areas, compliance, and legal services to ensure that all activities and classes of activities are described accurately and in sufficient detail."

Commissioner also looked at CSIS

The review also looked at the datasets — electronic archives of information —  the Canadian Security Intelligence Service can maintain.

CSIS has the authority to "collect, by investigation or otherwise," analyze and retain information regarding activities that could pose a threat to national security.

The commissioner reviewed four authorizations and at first only found two were reasonable.

In one case, he determined that the rationale behind the classes of acts or omissions— the bureaucratic term for the broad categories of CSIS activities — was unreasonable. In another case, he only partially approved the classes.

After receiving more information from the minister, the commissioner approved the classes.

A spokesperson for Public Safety Minister Bill Blair said the intelligence commissioner's recommendations have been given "careful consideration."

'The dataset and justification frameworks provide comprehensive authorities to balance the Canadian Security Intelligence Service's operational needs with its obligation to protect the private information of Canadians," said Mary-Liz Power.

"The results of this report ... represent additional layers of accountability and protection for Canadians and their information."