Canada's spy agency CSIS improperly obtained taxpayer information from the Canada Revenue Agency without a warrant. And it happened more than once.
That's according to the annual report of the Security Intelligence Review Committee (SIRC), the independent office that oversees the activities of CSIS.
The report, tabled Thursday morning in the House of Commons, outlines how, during an application for a warrant from the federal court, a judge raised questions about a regional CSIS intelligence officer's access to confidential taxpayer information.
- CSEC stops sharing some metadata with partners
- Canada signs on to OECD plan to share tax data to curb avoidance
In August 2014, Canadian Security Intelligence Service director Michel Coulombe asked SIRC to investigate, after determining that the officer accessed the information improperly. Coulombe asked SIRC to figure out what happened and make recommendations about how to stop employees from doing it again.
According to SIRC, its examination found "that this was not an isolated incident of a single intelligence officer obtaining information improperly from CRA. In fact, SIRC found there were multiple instances of a particular CSIS office obtaining information from CRA absent a warrant."
SIRC also determined that the overall management of the first incident was inadequate, because CSIS operated, "under the assumption that this was an isolated event until SIRC apprised them of its findings."
'Most of the information remained within the database until brought to CSIS's attention by SIRC.' - SIRC annual report 2014-15
As well, SIRC learned that CSIS told the federal Court and the minister of public safety that all of the taxpayer information obtained without a warrant had been deleted from its operational database.
That was not the case.
"In fact, most of the information remained within the database until brought to CSIS's attention by SIRC," the report states.
The oversight body has told CSIS to address its "substandard" managerial and communication practices in the specific regional CSIS office, admit its error to the federal court and public safety minister, and disclose what happened to the privacy commissioner.
While it couldn't come up with specific suggestions on how to prevent this from happening again — other than more training — SIRC suggests the spy agency conduct an internal review of the flow of information from CRA every five years.
Public Safety Minister Ralph Goodale released a statement Thursday in response to the tabling of the SIRC report.
"We believe more can be done to strengthen scrutiny, and the government is currently developing legislation that will strengthen our system of accountability for national security."
For its part, CSIS said it will toughen up its compliance-reporting regime and that in "the interest of full transparency," it will tell the court and minister exactly what happened.
As for informing the privacy commissioner, the report states that CSIS has already done so.