Amendments to the CSIS Act - Data Analytics
Today’s threats to Canada’s national security are fast, complex and dynamic, and threat actors are highly connected and mobile. The ease of movement across international borders and spread of social media networks and modern communications technology can be used by individuals and groups seeking to harm Canada. This creates some very real challenges for CSIS.
Three decades ago when the CSIS Act was first drafted, the principal threat was espionage. The intelligence community had the luxury of watching spies over a long period of time, perhaps years. A foreign spy’s objectives in Canada were typically incremental and predictable.
Modern technology can now be exploited to promote extremism and facilitate threat activity, even as the perpetrators remain anonymous. At the same time, no one could predict the value of technology for investigations.
When it was written, the CSIS Act could not have anticipated the technological changes of the last 30 years. The Federal Court acknowledged the age of the CSIS Act and that it may not be keeping pace with changing technology. As such, legislative amendments must be advanced to modernize the CSIS Act and address these gaps.
The acquisition of large volumes of information for analysis where relevant to an agency’s mandate has become an indispensable tool in intelligence work. Indeed, the Federal Court recognized the intelligence value of data analysis in October 2016.
A strong framework is needed for CSIS to undertake data analytics. This would enable CSIS to focus its investigations in a manner that is less intrusive than traditional methods of investigation. Traditional subject interviews, human source reporting and physical surveillance requires significantly more time, effort and intrusion.
While data exploitation programs are increasingly regarded as essential to support modern intelligence investigations, ensuring that CSIS can rely on this capability requires that it have clear legal authority to collect and retain information.
To ensure transparency, the amendments will include a number of safeguards and clarify existing authorities to collect, retain and query/exploit datasets that are required to support CSIS operations.
CSIS will be required to seek authorization from the Federal Court to retain datasets that contain personal information that predominantly relates to Canadians (or persons within Canada) that are not publicly available.
The legislation will introduce a robust authorization regime for foreign datasets. Foreign datasets contain personal information and predominantly relate to non-Canadians outside of Canada. The legislation would also create a new oversight body, the office of the Intelligence Commissioner (IC). IC authorization would be needed for the retention of foreign datasets and, in exigent circumstances, the querying of Canadian or foreign datasets before their retention is authorized. For CSIS to retain Canadian datasets, an application to the Federal Court would be required. With the appropriate approval, CSIS would have the authority to query and exploit datasets.
CSIS will continue to apply safeguards regarding the access and management of Canadian and foreign datasets, including the conditions for retention and destruction, and specific review requirements. The framework would also include review by the National Security and Intelligence Review Agency (NSIRA), including the authority for NSIRA to refer its finding and recommendations to the Federal Court if it is of the view that CSIS has not acted lawfully when querying or exploiting datasets.
The legislation will provide a transparent and accountable framework within which CSIS would be able to rely on leads generated from the query of datasets authorized by designated CSIS employees subject to these safeguards. The results of such queries are only integrated into CSIS’ investigative holdings as strictly necessary for the performance of its duties and functions where specific thresholds can be met.
Under this legislation, CSIS can continue to use data analytics to perform automated analysis of datasets, which also enables CSIS to authoritatively determine that information and activities may not need further investigation.
The objective of these legislative amendments is to modernize the CSIS Act, ensuring transparent legal authorities in support of existing intelligence collection and data analytics programmes. These amendments would include more robust judicial oversight where appropriate and significant enhancements of review and accountability measures.
Report a problem or mistake on this page
- Date modified: