Below is a copy of the contents of the following Government of Canada webpage as it appeared on May 8, 2012: http://www.publicsafety.gc.ca/abt/wwa/igcsis/cert2007-eng.aspx.

Click here to return to the menu of the Archive of CSIS Inspector General Annual Certificate reports.


Submitted to the Minister of Public Safety pursuant to Subsection 33(2) of the Canadian Security Intelligence Service Act

Note: This is the text of the Inspector General of the Canadian Security Intelligence Service’s 2007 Certificate made public in May 2008 pursuant to a request under Canada’s Access to Information Act
(The 2007 Certificate was classified TOP SECRET when submitted to the Minister of Public Safety in November 2007. The symbol [—] represents classified information removed from the document.)

Introduction

Section 33 (2) of the Canadian Security Intelligence Service Act requires that I submit to you a Certificate stating the extent to which I am satisfied with the Director’s Annual Report to you.  It also requires that I state whether, in my opinion, the Service has done anything in the course of its operational activities, in the time period covered by the Annual Report, which is not authorized by the Act, has contravened any Ministerial Directions, or has involved the unreasonable or unnecessary use of its powers.  The mandate and functions of the Inspector General are described in an appendix to this Certificate.

This is my fourth Certificate that I am submitting since my appointment in 2003. It is, however, my second Certificate for you as Minister. You may recall that, last year, I provided you with background information on the role and raison d’être of the Inspector General. While I will not provide such detail again this year, I do believe that it is important to re-iterate that this Office was created, in large part, to provide independent assurance to the Minister to support Ministerial responsibility for CSIS.  The Office carries out independent reviews of CSIS for you. The Inspector General can be directly tasked by you to carry out reviews or studies of CSIS. The independence of the work is what lends to the office value and credibility for you, as Minister, in what is submitted and reported to you.

To provide you with this independent perspective and assurance about the work of CSIS, my office undertakes a variety of review activities, which I will report on in more detail in the following pages.

As in previous years, I have sought and obtained briefings on a variety of matters from the senior executive at CSIS Headquarters and the associated operational branches and have undertaken and completed one-day visits to all regions of CSIS, in order to meet with regional management and select investigators.  Last year, some of these meetings were held in district offices and this year I expanded this approach in Prairies, Atlantic and Toronto where I visited [—] Windsor [—] Visiting regional and district offices provides me the opportunity for first hand discussions with front-line managers and staff. This allows me, in my role, to support your Ministerial responsibility, a true window into the daily operational work of employees of the Service, their environment, and the challenges that they face. Some of the messages I noted from these visits were an appreciation for the support of the government for the work of the Service as reflected through recent funding decisions, the continued challenge of the changing demographic with increased retirements [—]  Rapid advances and increased sophistication in technology [—] challenges for the work of the Service.  Employees are keenly waiting for the related legislative provisions they view will be an invaluable tool to aid their intelligence gathering capabilities.

As in my previous years, I have maintained an active interest in staying abreast of international developments in part by maintaining contacts and consulting the larger intelligence review community.  In June, I was invited by the Review Committee on the Dutch Intelligence and Security Services to attend a Symposium on “Accountability of the Intelligence and Security Agencies and Human Rights”. This afforded me the opportunity to meet other Inspectors General, Parliamentarians, as well as academics and practitioners, in the security and intelligence community. This year as well, the Federal Court, in partnership with Carleton University, hosted a Conference here in Ottawa on “The Administration of Justice and National Security in Democracies” bringing together an exceptional group of justices with first hand experience in dealing with security and intelligence matters.  In addition, I met this year with Ian Carnell, the Inspector General of Australia and Sir Peter Gibson, the Intelligence Services Commissioner of the UK during their respective visits to Ottawa.  Also, while conducting a review of the CSIS Foreign Office (FO) [—] I met with [—] to discuss, generally, intelligence liaison [—] and the threat environment in the region.

As always, I wish to note that I place the utmost importance on maintaining a healthy working relationship with CSIS, at all levels of contact, while at the same time making clear and respecting our separate and distinct roles in the national security system. We both share the mutual objective of working to continuously improve the effectiveness of CSIS operations while enhancing democratic accountability.  I can state, without reservation, that is what both parties have strived to do during this period of reporting.

Certification

Minister, let me begin by stating the following:

In respect of all the reports and information that I, and my Office, have obtained and reviewed and of all the discussions held, and subject to the concerns raised below, I am as satisfied as I can be with the Director’s Annual Report to you on the Service’s operational activities for the period 2006-2007.  In that respect, it is my opinion that the Service has not acted beyond the framework of its statutory authority, has not contravened any Ministerial Directions, and has not exercised its powers unreasonably or unnecessarily.

In order to ensure that every statement in the Director’s section 33 (1) Report is fully supported and documented, my Office reviews all the pertinent information and intelligence collected and retained by the Service.  At a minimum, this involves examining Branch accountability reports and the ‘facting’ intelligence reports on which they are based.  This baseline is supplemented by exchanges of questions and answers in writing, by discussions, briefings and interviews.  The extent of the Inspector General’s satisfaction, as set out in the Certificate, is based on this comprehensive process of validation. Given the significant re-alignment of the organization in May 2006, I had assumed that this process would be somewhat more challenging and possibly difficult this year.  This was not the case.  The Service’s capacity to facilitate the review process, in spite of the significant changes, remained quite satisfactory and I wish to acknowledge this.

My Certification process is based not only on the Director’s report to you dated 25 July 2007, but also on reviews of CSIS operational activities and monitoring of compliance with CSIS operational policy conducted during the annual reporting period.  This year, the following reviews were completed:

1. reviews of a sample of warrants and targets as well as of human source case management;
2. review of investigative activity abroad [—]
3. review of CSIS [—] Canadian interests in Afghanistan;
4. review of the Government Security Screening Program;
5. review of CSIS Exchanges of Information with the Canada Border Services Agency;
6. review of British Columbia Region; and
7. review of the CSIS Security Liaison Post [1] [—]

I, or my Office, also received a number of comprehensive briefings during the past year including, but not limited to: the Passenger Protect Program, the realignment of roles and responsibilities and the revised targeting process.

[1]. The title of this review reflects the formal name for posts during the review.  The title has since been changed to Foreign Office and this change will be reflected throughout the report.

General comments

With respect to the Director’s Report, I have determined that it complies with section 33 (1) of the Canadian Security Intelligence Service Act and with Ministerial Directions reporting requirements. While I have determined that the report does meet these requirements, my office has identified two errors, which will be detailed in the next section.  I informed the Director of these errors, as well as additional errors, in the Accountability Reports that are used by the Service to prepare the Director’s Report for his review.  A revised report dated 14 November 2007 has now been submitted to you by the Director.  If you wish additional information regarding these errors, I would be pleased to provide it to you.

As Inspector General, I am also responsible for identifying areas where operational activity has not been in compliance with the operational policies of the Service and for reviewing the operational activities of the Service.  As noted above each year the office completes a number of reviews of Service operational activities. These reviews most often overlap the Director’s reporting period by a few months, but to ensure my Office does not interfere with ongoing operations, the review period cannot equate exactly with the fiscal year to which the Director is reporting.  The results of these reviews are shared with CSIS and action in most instances is taken immediately to correct errors or strengthen compliance with Service operational policy.

I define non-compliance as a non-adherence to the rules, procedures, principles and guidelines set out in operational policy, without any qualification as to the degree of significance of such non-compliance.  While some instances can be termed administrative or clerical errors, it is also evident that errors such as these can lead to, and have led to, significant or substantive issues.  For this reason, I judge that it is far more appropriate to report all cases of non-compliance to operational policy without importing any pre-judgments as to importance.  I have determined that it is through this approach that I am best able to support your Ministerial responsibility for CSIS.

Areas of concern

The reviews conducted by my office this year have identified a larger number of instances of non-compliance with CSIS operational policy than noted in my three previous Certificates and also a level of transcription errors in reporting that cause me some concern.

These instances of non-compliance and transcription errors cannot be isolated to one program or one set of processes. They do appear however in some of the core activities of the Service such as [—] Warrant Application.

A second area of concern to me is the length of time taken to develop or amend operational policies to reflect changing requirements and operational activities of the Service.  This issue is apparent in a number of areas but most evident and arguably most urgent in the area of [—]  I view a sound, up-to-date operational policy framework as essential to the functioning of the Service, given the strategic focus of Ministerial Directions and the requirement placed on the Service to provide specific instructions to guide operations.  This is even more critical in light of the changing nature of operational activities in response to the actual threat environment and [—]

Director’s Annual Report 2006-2007

As I have noted, my Office completed a thorough validation of the Director’s Report to you dated 25 July 2007 and identified 2 errors. One is a transcription error relating to the date when ETA, a terrorist organization, was listed as an entity pursuant to the Criminal Code of Canada. The report noted that it was listed in 2002; however, it was actually listed in 2003.  The second error is more worrisome. The Report notes [—] A review of the facting materials on which this statement was based confirms only that there was a threat against the facilities and not an actual attack.  As noted, the Director has subsequently revised the report.

[—]  For this reason, I am concerned with some of the findings of my Office through our review [—]  In addition, on June 11, 2007, the Director wrote to me with a Compliance Statement for 2006-2007 in which he sets out four cases where employees were found to be in non-compliance.  [—]

[—]  I will speak more to this issue under Information Management, suffice to say now accuracy in reporting must be a cornerstone of CSIS reporting.

[—]  I am satisfied that the action taken in all 3 instances was designed to correct the errors.

[—]  The matter was treated by the Service as non-compliance with operational policy, the appropriate level of approval was obtained after the fact and the importance of [—] policy was stressed with managers and the staff who were implicated.

While each of these actions may be reasonable and certain steps that were necessary were taken, I am concerned that the Service did not apply their established policy to this matter.  [—]

[—]  In reviewing the matter, and following my discussions with the Deputy Director Operations, I am reasonably confident that the end result in this case would have been the same [—]  That being said, I remain of the view that [—] policy guiding this non-compliance matter should have been followed.  [—]  I would encourage the Service to reinforce this message with their managers. Adherence to the policy contributes to the overall integrity of the Service.

While I am satisfied that the Service does respond to matters of compliance when they are identified, taken in sum, the issue of compliance and regard for the program [—] may speak to a larger issue of training.  [—] suggests that these problems demand ongoing scrutiny.  I understand that the Service is in the process of rewriting the Service operational policy [—]  results may resolve some compliance issues in the longer term, but the issues of compliance and accuracy of reporting [—]  I consider a priority and, as such, will continue to be an area of review by my Office.

Warrant Acquisition and Execution Process

The review of this process by my Office, both within the context of the core review and our regional review this year, noted 12 cases of non-compliance with operational policy. These non-compliance issues largely related to late 90-day evaluation reports for special operations or distribution of these reports. In addition, one late report was also noted in the Director’s Letter of Compliance to me. The operational policy on execution of warrant powers has now been amended and, as a result, I expect that the level of compliance in this area should improve.

With regard to acquisition of warrants, my Office noted one non-compliance issue related to an amendment to a draft affidavit which was not brought to the attention of your Department.  While it is recognized that the facts in an affidavit are subject to change constantly and that an affidavit must be amended to reflect these changes, the policy is quite clear that the Department must be informed of any changes to an affidavit prior to a warrant being approved.

[—]  As you will recall, the Federal Court dismissed an application for a warrant in 2005 that had been duly approved by the Minister.  The reason for this dismissal related to the Service’s failure to disclose full, fair and accurate information.  [—] the need for accuracy in documents submitted to the court is self-evident.

The importance of precision was made clear in the case of warrants concerning [—]  A Federal Court judge signed these warrants on May 3, 2006. [—]  The Region was advised to refrain from executing the particular [—] power, until the matter had been fully resolved with the Federal Court.

Documents on file indicate that this omission occurred in the original draft warrant.  The words were therefore missing from the version sent to the regions for review.  The omission was not identified in the regional review, and the truncated version of the [—] Warrant was included as an Exhibit of the affidavit submitted to the Federal Court for approval.  The Federal Court did not note the omission and issued the [—] warrant based on the Service’s submission. An amended warrant was subsequently signed by the Federal Court. My office determined that there were no unauthorized [—] a result of these events and I must commend the Service for its expeditious actions in resolving this situation. Nevertheless, errors such as these could easily undermine the credibility that the Service has with the Federal Court and, as a result, have a negative impact on the Service’s ability to obtain decisions expeditiously.

At the time of the dismissal in 2005 of a warrant application by the Federal Court, the Service undertook a number of steps to enhance the efficacy and timeliness of the process including a review of the process by their General Counsel.  This review has been completed and recommendations have been made but, to the best of my knowledge, the application process has not been revised more than 2 years later.

Information Reporting and Holding

In my Certificate last year, I shared with you concerns about information handling by the Service. I must report that the matter of information reporting and holdings by the Service, and the accuracy of information, continue to be an area of concern.

Accuracy of reporting persists as an issue, whether it is something as simple as inaccurate dates which were identified in a number of reviews by my office, the Director’s Report and the associated Accountability Reports, or material facts such as, for example, confirming an attack by a terrorist entity occurred when, in fact, it was a threat.  When these errors are identified, the Service responds on a priority basis; however, given the number of errors identified they should be treated more seriously than simple typographical errors.

Earlier this year, I was informed by the Assistant Director, Secretariat of CSIS that a transcription error [—] had resulted in this erroneous information being used to support a request for approval of an investigative authority in May 2003, a request for TARC ratification in June 2003 and in submissions to TARC in February 2004 and August 2004.  [—]  I raise this one example as it clearly shows how a transcription error could have potentially profound impacts.  It is to the credit of the Executive that I was informed of this error and reflects the level of importance that the Executive places on accuracy.  I realize that the Service must process an enormous amount of information, but the potential consequences, if action is taken by the Service, their interlocutors or the government based on these inaccuracies, could be grave.  In view of this potential, accuracy is essential.

Information management was identified also as a significant issue in the review by my office of the Foreign Office [—]  The Service invests a great deal of resources in the establishment of Foreign Offices and the development of effective liaison relations with other security intelligence agencies. Without question, these relationships are important, particularly in today’s environment and will arguably be of increasing importance during the coming years.  At the end of the reporting period this year, the Service had 271 section 17 arrangements, 7 more than last year, in 147 countries and Foreign Offices [—] locations.

With respect to the [—] Office, the Service had active section 17 arrangements with [—] agencies in the Office’s area of responsibility, and dormant or restricted arrangements with another [—]  The [—] Office also maintained several Conscious Relationships with local representatives of other [—] agencies with which the Service has section 17 arrangements. For this reason, I was disturbed to discover that, during the first half of the review period, the [—] system was not used at the [—] Office.  As a result, there is a gap in the [—] Office’s records for that period and there are insufficient records available for my Office to verify if the [—] Office consistently carried out tasking assigned by CSIS HQ, and whether this was done in compliance with the CSIS Act, Ministerial Direction and operational policy. During the latter part of the review period, the new CSIS officer assigned to [—] used the [—] system and provided regular data uploads to CSIS HQ.  The OIG found no gaps in electronic records retained at the [—] Office during this period; however, [—] entries were not logged according to established [—] standards.  As a result, the [—] records at Headquarters for this period are incomplete.  Given the important role of this system as a means of records management and accountability, it is important that it be used as intended. While I am not in a position to say whether the same situation existed or exists at other Foreign Offices, I am hopeful that the realignment undertaken by the Service last year will ensure that this situation is not replicated elsewhere.

Government Security Screening Program

As you are aware, the Service is responsible for conducting security assessments in support of government security screening for all federal government departments and agencies with the exception of the RCMP.

Both the Government Security Policy and Service operational policy define a security assessment as consisting of an appraisal of the loyalty to Canada and, so far as it relates thereto, the reliability and trustworthiness of an individual. The criteria for evaluating such information is as follows:

  • Loyalty: individual is engaged, or may engage, in activities that constitute a threat to the security of Canada within the meaning of the CSIS Act; and
  • Reliability: individual has personal beliefs, features of character, association with persons or groups considered a security threat, or family or other close ties to persons living in certain countries; and the individual may act or may be induced to act in a way that constitutes a “threat to the security of Canada”; or may disclose, may be induced to disclose, or may cause to be disclosed in an unauthorized way, classified information.

The review of security assessment briefs identified [—] briefs to DFAIT, which report on subjects’ features of character only and for which the causal link to reliability as it relates to loyalty was tenuously demonstrated.

These [—] briefs resulted from DFAIT requests for Level III security clearances for positions with the Foreign Service.  [—] the Service conducted full investigations during which features of character were identified but assessed as being not significant enough in terms of reliability/loyalty to provide DFAIT with [—] briefs in first place.  CSIS provided [—] assessments to DFAIT during separate conversations.  Following these conversations, DFAIT requested CSIS to provide [—] briefs expanding on the features of character raised during the conversations.

While features of character may be identified and reported to departments, it can only be so if assessed as having an impact on a subject’s reliability as it relates to loyalty.  In these [—] cases, it had to be demonstrated that the subjects “may act or may be induced to act in a way that constitutes a ‘threat to the security of Canada’; or may disclose or may be induced to disclose classified information” because of the alleged features of character.

I acknowledge that, in some cases, the causal link between the subjects’ features of character and their reliability as it relates to loyalty could be made. While not wishing to second judge the Service, this causal link was not evident in these [—] cases. In fact, there were indications, according to CSIS’s own assessment, that the [—] subjects did not meet the threshold for the issuance of a [—] brief.

Since security screening investigations have to be addressed from the perspective of a level of clearance and not from the position which is sought by a subject, caution should be applied by the Service to ensure that CSIS investigations are not being used by departments to obtain information for purposes other than security assessments.

Gaps in CSIS policy framework

A matter of increasing concern and potential vulnerability for CSIS is the delays in developing, updating and implementing operational policy. As I noted last year, policy is one of the cornerstones to governance of the activities of CSIS. It provides the framework within which all operational work is undertaken and establishes the standard for measuring compliance. As the threat environment changes and CSIS activities enter new and more challenging situations, it is essential that the policy framework accurately reflects the requirements of this work.

Last year, in my Certificate, I identified policy gaps or inconsistencies in a number of areas of operation including information sharing authorities, [—] Reporting, interviews [—] and investigative activities abroad. While some policy issues have been addressed this past year, these and others remain outstanding.

[—] I raised this issue last year and I must raise it again.  [—] policy changes have not kept pace.  [—]  I was informed last year [—] policy was being revised to address these gaps; however, I continue to wait to see this policy one year on.

As noted in your Ministerial direction on National Security Requirements for 2006-2008, Afghanistan is the primary focus of Canada’s current international security efforts and is a fundamental intelligence priority. Service operations reflect this priority.

As you are aware, the Service has been in Afghanistan [—]  As such, the Service’s role in Afghanistan is relatively new but I am impressed with [—] on which I am informed. This is essential work in an extremely challenging environment and those who serve there are to be commended. [—]

The Service should now be well positioned to develop a suitable policy framework to guide future [—] activities in this theatre. I do believe that those who serve in this environment deserve to be equipped with the policy framework to guide their work.

[—] These are responsive to a number of policy issues and I have been informed that the latter will form an Appendix [—] pertaining to the Service’s activities outside Canada, but this policy remains under development.

In addition, the MOU with DFAIT and the [—] Letter of Agreement between CSIS and DND/Canadian Forces in Afghanistan both are out of date and represent a lacuna in the operational policy framework.  I understand that both are being addressed.  In this regard, I would hope that the MOU resolves issues related to [—]

Conclusions

As I complete my fourth year in office as Inspector General, I can say to you, Minister, with some degree of confidence, that I believe that CSIS exercises its duties and functions effectively and professionally and serves Canadians very well. As I indicated last year, I continue to be impressed with the dedication, competence and commitment of employees at all levels and with varying lengths of service.

CSIS, as with any organization with a twenty-year plus existence, is experiencing what might be called a “changing of the guard” and a significant growth simultaneously. The organization has reached a point of maturation and experience that demands some re-thinking of processes, policies and procedures. I know that senior management at CSIS is seized with these issues and is working to bring about the needed changes. I commend them for these efforts.  These factors, coupled with the increased threat environment, increased demands for intelligence and rapidly evolving technology, all present considerable challenges.

I do believe that the observations of this office, in support of your Ministerial responsibility, have and do assist the Service in focusing their attention on areas for improvement and thus contribute to making the Service continue to be a highly professional and effective arm of government. I see the Office of the Inspector General working in concert with, not in opposition to, CSIS. The concerns and observations raised in this Certificate are not presented to in any way detract from the good work performed by CSIS employees, but are offered in this light to contribute to the continuous improvement of CSIS as an organization that strives for excellence and to support and assist you in your responsibility for CSIS.