Avoiding Complicity in Mistreatment by Foreign Entities Act 2024

2024 Annual Report

Introduction

Exchanging information with foreign agencies is an integral part of the Canadian Security Intelligence Service (CSIS)’s mandate, and is a crucial component of Canada’s ability to effectively investigate, assess, and counter threats to Canada and its interests. Many of the national security challenges facing Canada originate from or have a strong nexus to events, foreign governments, individuals and groups overseas. This is even more true today, given the increasingly complex geopolitical climate our world is facing. In order to fulfil its mission to protect Canada from threats to our national security in this context, CSIS relies on timely information sharing with foreign partners.

CSIS recognizes the need to share information in accordance with Canadian values, the rule of law, the Canadian Charter of Rights and Freedoms, and international legal obligations. These obligations are captured in the July 2019 Avoiding Complicity in Mistreatment by Foreign Entities (ACMFE) Act, which recognizes that foreign information-sharing is “fundamental to the Government of Canada’s national security requirements.” The ACMFE Act requires that exchanges between Canadian federal government departments and agencies and our foreign counterparts do not result in a “substantial risk” of mistreatment against individuals.

The ACMFE Act requires the Governor in Council to issue directions to certain deputy heads of federal government departments and agencies that conduct information sharing activities with foreign entities. The related Order-in-Council (OiC), issued to the Director of CSIS in September 2019, outlines CSIS’ responsibilities when disclosing, requesting, or using information from foreign entities and is consistent with requirements outlined in the prior 2017 Ministerial Direction (MD) on ACMFE. The ACMFE Act requires deputy heads to whom directions have been issued to submit to the appropriate minister a report on the implementation of those directions during the previous calendar year. This report outlines the key components of CSIS’ implementation of the ACMFE Act and related OiC during the 2024 calendar year. 

CSIS foreign information sharing and human rights

CSIS has more than 300 foreign relationships in over 150 countries, each authorized by the Minister of Public Safety after consultation with the Minister of Foreign Affairs, in accordance with s.17(1)(b)  of the CSIS Act. The process to establish new arrangements with foreign agencies is stringent and takes into consideration a wide range of issues, including Canadian security requirements, as well as the reliability of the foreign agency and its human rights track record.

CSIS regularly assesses all of its arrangements with foreign entities, including the relevant human rights considerations. This practice has been in place since CSIS’ founding in 1984. CSIS summarizes key human rights considerations based on a range of classified and open source material, including CSIS reporting, Global Affairs Canada (GAC) country human rights profiles, and unclassified US State Department country reports. CSIS also reviews relevant and credible opensource reporting from established nongovernmental entities such as Amnesty International and Human Rights Watch for all countries where CSIS has implemented arrangements. This includes a review of the human rights environment of each country’s security community, and more specifically the human rights reputations of the foreign agencies with which CSIS has established such arrangements.

In 2024, CSIS continued to implement its revised human rights assessment methodology, a process which began in 2023. CSIS’ new approach includes updated indicators with an associated numerical rating system and a more consistent and objective review process.

Information sharing with foreign partners is carefully documented by CSIS. All exchanges are assessed against the threshold of whether there is a substantial risk of mistreatment to an individual if CSIS information is shared with a foreign partner, and, if risk exists, whether it can be mitigated through a variety of potential measures (see below). As required in the ACMFE Act and related OiC, if a substantial risk of mistreatment cannot be mitigated, the information is not shared.

CSIS foreign agency restrictions mechanism

Prior to the 2017 MD, CSIS, on a case-bycase basis, suspended its engagement with foreign entities where serious human rights issues arose. The 2017 MD on ACMFE required CSIS to impose “restrictions” on information sharing if it was assessed that a foreign country or entity was engaging in, or contributing to, mistreatment. Restrictions do not mean information cannot be shared; rather, a higher level of approval is required for information sharing to take place. In 2018, CSIS assessed all of the entities in countries rated as “high” on CSIS’ Human Rights Country Risk Ratings and then assigned one of three levels of restriction to the bulk of the affected agencies. With the introduction of CSIS’ new Foreign Information Sharing Framework in January 2021, the three levels were combined into one overarching set of foreign information procedures, resulting in two categories: “suspended” or “restricted.” Currently, over 70 foreign entities are subject to restrictions.

Notable changes during the period under review include the addition of restrictions to four foreign partners. CSIS removed the “restricted” status from one partner due to an improvement in the human rights environment.

Mitigation measures

When it is assessed that a proposed disclosure to a foreign partner would give rise to a substantial risk of mistreatment, CSIS can consider a range of measures to mitigate the risk below the “substantial” threshold. Mitigation efforts can include obtaining updated human rights assurances from a foreign agency, placing caveats on information shared, and using a redacted version of the information (e.g. a form of words).

In 2024, CSIS continued seeking human rights assurances from foreign agencies regarding their use of CSIS information,  a practice which began in 2009. Human rights assurances are sought to ensure that the foreign agency understands and  abides by CSIS expectations (and those of the broader Government of Canada) regarding the use of information provided by CSIS vis-à-vis human rights, including the treatment of detainees. These assurances outline expectations to foreign agencies that individuals will not be mistreated in any way as a result of CSIS information exchanges with the foreign agency, and that individuals will be treated in a manner consistent with domestic and international law, including the United Nations Convention against Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment.

CSIS also applies appropriate human rights caveats on case-specific information shared with foreign partners. These caveats provide clear expectations with regard to human rights and the specific information being exchanged. In brief, the caveats state that CSIS expects the recipient foreign agency will respect and adhere to human rights requirements and international law. Separate caveats on third party rule expectations regarding dissemination of information are also included to ensure the recipient foreign agency is not disseminating CSIS information to third parties without prior consent.

Caveats and assurances are among the key measures considered by CSIS to mitigate risks of mistreatment stemming from information sharing with foreign entities. CSIS tracks the receipt of assurances received for each individual foreign agency, as well as instances where CSIS may suspect that a foreign agency may not have adhered to such assurances or violated caveats. While violations of CSIS caveats or assurances provided by a foreign entity are very difficult to confirm or corroborate, CSIS regularly seeks updated assurances from foreign entities.

For foreign entities that are restricted, CSIS approaches like-minded allies to compile their experience and feedback about the local practices when sharing information with the entities in question, including their human rights practices broadly and as it relates to information sharing. This feedback assists CSIS in making its own assessment about the likelihood of mistreatment by a restricted partner. 

Collaboration with other government departments

CSIS continued to be involved in Information Sharing Coordination Group (ISCG) discussions and other interdepartmental initiatives to understand respective frameworks in the spirit of the recommendations from the National Security and Intelligence Review Agency’s 2021 Avoiding Complicity in Mistreatment by Foreign Entities Act review.

The ISCG, chaired by Public Safety Canada, is the primary interdepartmental forum for supporting collaboration and information sharing between the departments and agencies that received, or were considered for receipt of, Governor-in-Council directions. The ISCG was convened on multiple occasions in 2024, continuing discussions on the implementation of the ACMFE Act, associated directions, reporting requirements, methodologies, and responses to external review body recommendations.

In late 2024, select members of the ISCG, including the Department of National Defence, the Communications Security Establishment and CSIS once again participated in a human rights summit. This was the third year the summit ran. Through these discussions, CSIS learned more about other organizations’ methodologies and ratings concerning human rights assessments. These conversations continued to be invaluable in assisting CSIS with bolstering its own program.

CSIS also continued to share its human rights assessments, upon request, with other Canadian government departments that are subject to the ACMFE Act, in order to support greater coordination of shared assessments. 

Information Sharing Evaluation Committee

CSIS’ Information Sharing Evaluation Committee (ISEC) was created in 2011 to ensure senior-level review, when applicable, of specific CSIS informationsharing cases that may pose a higher risk of mistreatment. The ISEC is composed of director general-level employees from CSIS. Representatives from the Department of Justice and GAC also attend as observers to provide input on legal, foreign policy, and human rights considerations. ISEC is responsible for assessing and deciding on potentially high-risk information-sharing requests by determining whether requests meet the “substantial risk” threshold and if so, what mitigation measures may reduce the risk below that threshold. When applicable, ISEC may also be convened to assess and make determinations on use of information obtained from foreign agencies. This is to ensure both that the information received was not the result of mistreatment and that the use of such information will not lead to the mistreatment of individuals.

If ISEC determines there is no “substantial risk,” or that such a risk can be mitigated, the request to share is approved. If ISEC determines there is a “substantial risk”, which cannot be mitigated, the request is not approved. If a “substantial risk” is identified but ISEC cannot determine whether the risk can be mitigated, the matter is referred to the Director of CSIS for decision. If, based on all information available, the Director assesses that the risk can be mitigated, the request for the exchange is approved or conversely, not approved if the Director assesses the “substantial risk” cannot be mitigated. 

Changes to CSIS’ Foreign Information Sharing Framework

As noted in the 2021 report on CSIS’ implementation of the ACMFE Act and OiC requirements, CSIS implemented changes to its procedures and processes related to its foreign information sharing framework. The updated procedures were accompanied by reference tools and training. 

Training initiatives

CSIS continued to provide numerous inperson information sessions to program areas, all new intelligence officers, and foreign officer classes (to ensure robust familiarity before deployment oversees). This strengthened and reinforced employee knowledge of key elements of the ACMFE Act and related OiC, as well as CSIS’ Foreign Information Sharing Framework, and associated policies and procedures.

As noted in the 2023 report, CSIS has been working to develop and implement an internal online training course. The training would be required for all employees in affected program areas, ensuring CSIS employees in these areas fully understand how to practically apply the assessment and decision-making policies and procedures associated with foreign information sharing, while ensuring full compliance with the ACMFE Act and related OiC. CSIS continues to work with CSIS’ internal developers to create this course, which is expected to be launched in 2025.

CSIS will continue to ensure that resources and learning material are available to employees in those program areas who regularly need to apply the associated policies and procedures in the course of their duties and functions when considering dissemination of information to, or requests for information from, foreign agencies, as well on the use of information obtained from foreign entities. 

Integrated Threat Assessment Centre

The Integrated Threat Assessment Centre (ITAC)^{Footnote 1} is a specialized organization in the Canadian Intelligence Community responsible for providing timely, relevant and objective assessments based on allsource information that enable decision makers and security partners to safeguard Canadians and advance Canadian interests at home and abroad. It actively monitors intelligence collected by partners and a variety of open sources of information to make recommendations to the Director of CSIS on the National Terrorism Threat Level and to produce reports containing data, trend analysis and strategic assessments.

A component of CSIS, ITAC is subject to ministerial direction, and related internal CSIS corporate and operational policies, including its foreign information-sharing policies and procedures, such as those associated with the ACMFE Act, as well as corresponding CSIS policies and procedures.

Where required, the ITAC Executive Director has authority to develop policy and practices specific to ITAC’s circumstance. Because of the regular rotation of seconded personnel, and due to its specific mandate, ITAC has unique training and practices in place to ensure compliance.

Finally, ITAC does not directly disseminate its intelligence products outside of the Five Eyes. The sharing of ITAC assessments to foreign entities beyond the Five Eyes is governed by CSIS operational policies and procedures to ensure compliance with information-sharing requirements. 

Conclusion

In keeping with the ever-evolving nature of our legal, policy and geopolitical landscapes, CSIS will continue to manage foreign information sharing dynamically and in a spirit of continuous improvement. CSIS will continue to implement the updated policy framework, develop new and better tools to enhance objectivity in decision making, and increase awareness of responsibilities under the ACMFE Act.

CSIS intends to continue implementing its internal training, to ensure its human rights methodology remains appropriate and robust, and continue to contribute to interdepartmental coordination to support and promote the protection of human rights in information sharing with foreign entities.