Some of CSIS's practices still fall outside the law: spy watchdog
'Datasets collected without a warrant have yet to be fully aligned with the law,' says SIRC report
The head of the Canadian Security Intelligence Service is taking issue with renewed allegations that the national spy agency isn't handling innocent Canadians' electronic data properly.
In its annual report, tabled in the House of Commons Wednesday, the Security Intelligence Review Committee (SIRC) called CSIS out for not fully complying with a 2016 federal court ruling that found it illegally kept potentially revealing electronic data about Canadians over a 10-year period.
The independent watchdog said that, for the most part, CSIS has "made good progress" when it comes to the illegal retention of metadata since the ruling, but has failed to deal with the broader implications. (Metadata includes information such as telephone numbers and email addresses — but not recordings of conversations or the content of those emails.)
CSIS's definitions, guidelines and training with respect to the assessment and reporting of third-party data are "currently insufficient," says the report. Third-party data is information that doesn't involve the target of a warrant.
"CSIS's policies with respect to both third-party information collected under warrant and bulk datasets collected without a warrant have yet to be fully aligned with the law," says the report.
CSIS Director David Vigneault said the agency is in the process of assessing the recommendations, but added he already disagrees with some of SIRC's conclusions about holding on to records.
"CSIS disagrees with SIRC's conclusion regarding the utility of data analytics. A modern intelligence requires the lawful authority to collect and analyse a broad range of data to detect threats and identify previously unknown trends and patterns. Datasets are important building blocks that could lead not only to initiating an investigation, but to unfolding investigations," he said in a statement.
"We must, however, implement performance measures to better demonstrate the utility of data analytics, and we are doing so as part of the efforts to implement the proposed Bill C-59."
Public Safety Minister Ralph Goodale said the spy agency is in a period of transition with pending changes in C-59, which is grinding its way through Parliament.
"The legal framework is in the process of getting far more explicit," he said in an interview.
Information-sharing issues flagged
Every year, SIRC reviews CSIS's activities to ensure the spy agency has acted appropriately and in accordance with the law. Its report was sent first to the director of CSIS and the Public Safety minister before it was tabled in Parliament.
Besides its review of the federal court findings, the committee concentrated on information-sharing practices, mental health and extremism.
It looked at four instances of CSIS sharing information with foreign entities "where a substantial risk of mistreatment existed" between 2015 and 2017.
Two of the countries involved in the four cases were known to have problematic human rights records, the report says.
In one case CSIS shared and requested information about a Canadian detained by a foreign state without proper approval, said the independent watchdog
"SIRC found that CSIS shared and requested information with respect to a Canadian detained by a foreign state without the approval of [the committee], despite evidence of an elevated risk that the caveats and assurances would not be respected," says the report.
"CSIS continued to rely on assurances it had received from this country five years prior, despite having committed to the minister of Public Safety and Emergency Preparedness to seek updated assurances due to credible allegations of torture."
In another case it reviewed, SIRC found that operational managers did not properly assess or document the risks of sharing or soliciting information, including the risk that caveats and assurances would not be respected.
A caveat, says SIRC's report, could stipulate that the information being shared is for intelligence purposes only and should not be used in a prosecution or shared with other agencies.
SIRC found no evidence that CSIS used information obtained by torture or abuse and said CSIS didn't directly contribute to human rights abuses when it shared information in these cases.
'Optics are never great'
Goodale has introduced federal directives to limit — but not outright forbid — Canada's spy, police and border agencies from using information that likely was extracted through torture. Bill C-59 would embed those directives in law.
None of the foreign states in question were named in the report.
The committee is recommending CSIS develop guidelines on assessing and documenting the risk of mistreatment in cases where it shares personal information with foreign governments, and the risk of assurances and caveats not being respected by those countries. Those assessments, says the report, should take into account the most recent and relevant information, including operational reporting.
"With respect to areas in which SIRC has made recommendations, CSIS has accepted and, in many cases, already acted on the majority of this year's recommendations," wrote Vigneault.
Former national security analyst Stephanie Carvin says the report's criticism comes as the spy agency awaits a massive legislative change which would address some of the committee's concerns.
"The optics are never great when SIRC comes out and says CSIS isn't in compliance with its recommendations or the federal court decisions, but at the end of the day we are in a serious period of legislative flux and a lot of the legislation in Bill C-59, which just passed the House, will actually fix a lot of the concerns that have been raised," she said.