Supervising Surveillance: Oversight and the Communications Security Establishment Canada – by Paul Meyer

In the aftermath of NSA contractor Edward Snowden’s revelations on the agency’s wide ranging surveillance of electronic communications, there has been a chorus of concern voiced over the appropriate limits of such surveillance at home and abroad. President Obama, for example, in remarks on the conclusion of a review of signals intelligence that he had ordered acknowledged the “danger of government overreach” and the risk that “we lose some of our core liberties in pursuit of security.” As part of the inner circle of signals intelligence agencies known as the Five Eyes, the Communications Security Establishment Canada (CSEC) has also come under renewed scrutiny. Snowden-originated revelations of CSEC operations directed against the Mining and Energy ministry of Brazil as well as a major metadata collection experiment conducted at a Canadian airport have generated questions as to both the legality and the utility of CSEC operations.

The Canadian government has tried to assure Canadians that adequate safeguards are in place by way of the office of the CSE Commissioner which has a mandate to conduct reviews of CSEC activity to ensure its compliance with the law. Commissioners are supernumerary or retired judges of a Superior Court and are appointed for a term not exceeding five years. The Commissioner is required to submit a public annual report of review activities to the Minister of Defence who in turn tables the report in Parliament. In reviewing the 2012-2013 annual report submitted by the out-going Commissioner, Robert Décary, CSEC appears to get good grades: the Commissioner commends the 92% acceptance rate of the recommendations that he and his predecessors have submitted and affirms that in the past year all CSEC activities (except one on which he was unable to reach a definitive conclusion) complied with the law. At the same time, the Commissioner flagged his concerns that there was no legislative authorization for his office to cooperate with the review bodies of Canadian partner agencies (e.g., the Security intelligence Review Committee overseeing CSIS) and the Government’s failure to act upon legislative amendments proposed by the office to address ambiguities in the legal mandate for CSEC. It is important to bear in mind that the Commissioner conducts an ex-post review, activities that have already occurred, rather than a prior screening to confirm that a proposed activity would be legally compliant.

If the CSEC Commissioner does not take issue with the scope of the mandate he operates under, the former head of CSEC from 2005 to 2012, John Adams, sees a need for additional measures to ensure a democratic check on CSEC’s work. He has suggested a special, security-cleared parliamentary committee that could receive briefings on CSEC operations and represent a “third party” between the government and the agency that could “assure Canadians that what is going on is right for Canada.” Given real world timelines for operations, Adams would still see this parliamentary body performing a “review” rather than an “oversight” function.

A significant contribution to this embryonic debate over CSEC activities and the public interest has been made by the Office of the Privacy Commissioner of Canada and its special report to Parliament entitled Checks and Controls: Reinforcing Privacy Protection and Oversight for the Canadian Intelligence Community in an Era of Cyber-Surveillance. The report is meant to assist Parliament “…in addressing the question as to whether Canada still has proper privacy protection in the context of national security.” Major developments in the political, security and technological spheres have increased exponentially the capacity for surveillance and intelligence collecting, while blurring the territorial and jurisdictional boundaries that had hitherto contained this activity. The increased potential for intrusion upon privacy within this contemporary context requires a commensurate enhancement of privacy protection.

The Office recommends several remedial actions that should lead to better accountability from CSEC. These range from enhanced transparency to legislative amendments to promote effective cooperation and coverage by the review bodies. Among the most important are calls for: i) an annual disclosure of statistics on cases where CSEC has assisted other federal agencies with interception; ii) CSEC to produce an annual public report of its own with generic descriptions of its policies, operations and practices; iii) the Government to produce a white paper clarifying the mandates of Canada’s intelligence agencies, including CSEC, and how they cooperate with foreign partners; iv) removing legislative impediments to joint action by existing federal review bodies; and v) clarifying key terminology in the National Defence Act and empowering the CSEC Commissioner to determine whether Ministerial authorizations for intercepts are themselves in conformity with the law. The Office’s report also suggests greater parliamentary involvement in studying oversight and review mechanisms for intelligence agencies, but interestingly does not propose a new parliamentary body comprised of members with the security clearances required to engage with the substance of CSEC activity. Legislation and engaged legislators are necessary ingredients for effective oversight of agencies with great inherent powers. The CSE Commissioner may assure us that these powers have not been abused, but Canadian parliamentarians would be well to heed the affirmation of the American president that “our system of government is built on the premise that our liberty cannot depend on the good intentions of those in power; it depends on the law to constrain those in power.”

The recommendations set out in the Privacy Commissioner’s report certainly represent a good menu for action by the executive and legislative branches of government in upgrading the safeguards and privacy protections that Canadians deserve. In my view, an appropriately cleared select parliamentary committee (along the lines of the UK’s Intelligence and Security Committee) should also be added to the monitoring mechanisms. In addition, the prevailing pattern of post-facto review of operations should be supplemented by selected prior compliance assessments when new programs or operations are being considered which might cross statutory “red lines.” Of course an expansion of these review functions will likely require additional resources for the office of the CSEC Commissioner. The current Commissioner, Jean-Pierre Plouffe, may not find his staff of ten as sufficient for the tasks at hand as did his predecessor, given CSEC’s current budget of almost half a billion and a staff complement of over 2100. Most Canadians, I suspect, would be ready to invest a little in enhanced oversight of CSEC in return for greater confidence that both our security and privacy were being well looked after.

About Paul Meyer

Paul Meyer is a former Director-General of the Security & Intelligence Bureau at DFAIT (2007-2010). He is currently an Adjunct Professor of International Studies and Dialogue Fellow, Simon Fraser University and a Senior Fellow, The Simons Foundation.

This entry was posted in Blog, News and tagged , , , . Bookmark the permalink.

Comments are closed.