Chapter 3: The Canada Border Services Agency's National Security and Intelligence Activities — National security and intelligence partners
National Security and Intelligence Committee of Parliamentarians Annual Report 2019
National security and intelligence partners
334. CBSA is a core part of Canada's security and intelligence community because management of the border is a core security issue for Canada. Footnote 42 CBSA’s role in that community is to support national security and public safety priorities by determining the admissibility of persons or goods to Canada on security grounds and by addressing contraventions of border legislation. CBSA has stated that in the execution of its mandate, several of its programs may have national security "outcomes," that is, direct or indirect national security benefits that are a consequence of CBSA’s work to identify and interdict high-risk people or goods before they enter Canada. Footnote 43 CBSA works with both Canadian and international partners.
335. CBSA maintains key partnerships in the security and intelligence community. Its core relationships are with IRCC , the RCMP and CSIS. These relationships involve the majority of CBSA’s national security and intelligence activities, including those of higher risk or sensitivity. Pursuant to various sections of the CBSA Act, CBSA enters into agreements with other departments or agencies and international partners in the fulfillment of its mandate. Footnote 44 The agreements are formalized through official memoranda of understanding between the organizations, which describe roles and responsibilities, authorities for operational cooperation, administrative procedures for dispute resolution, and parameters and authorities for information sharing.
336. Information sharing is key to CBSA’s relationships. CBSA’s authority to share national security related information stems from four main elements: the Customs Act; IRPA and its regulations; the Security of Canada Information Disclosure Act (SCIDA); and the Privacy Act. Footnote 45 The specific types of information that CBSA may share, pursuant to these acts, are listed in Table 13.42
| Statute | Type of Information | Sharing in Practice |
|---|---|---|
| Customs Act, s. 107 | Customs information | This includes information of any kind that relates to the enforcement and administration of the Customs Act, including information about commercial shipments or conveyances, Advance Passenger Information, importation and exportation information, and customs infractions. It may also include any other information gathered in the context of CBSA’s routine customs examinations, including officer questions and passenger responses as part of a customs examination. |
| IRPA, s.150.l(l)(b), and associated Immigration and Refugee Protection regulations Footnote 46 | Immigration information | This authorizes the making of regulations to permit information sharing, including any information collected, pursuant to IRPA, which may be shared for the purposes of national security, the defence of Canada or the conduct of international affairs. |
| Security of Canada Information Disclosure Act, s. 5(1) | Information that is relevant to 16 other agencies and departments' responsibilities in respect of activities that undermine the security of Canada | This includes relevant information concerning interference with the capability of the Government of Canada; espionage, sabotage or foreign-influenced activities; terrorism; and the proliferation of nuclear, chemical, radiological or biological weapons. This Act applies to sharing with other government departments. |
| Privacy Act, s. 8 | Personal information | This may include an individual's name, contact information, biographical information, date and place of birth, criminal history, identity documentation, signature, traveller history, and immigration enforcement. It may also include information pertaining to an individual's biometric data, credit, education and finances. Pursuant to the Privacy Act, this information may be disclosed solely for the purpose for which it was obtained or for a use consistent with that purpose (see paragraph 337). Footnote 47 This means that information may only be collected if it is related to CBSA’s program legislation, and shared under Section 8(2) of the Privacy Act. |
Source: Security of Canada Information Disclosure Act, S.C. 2015, c. 20, s. 2; Privacy Act. R.S.C., 1985, c. P-21. 5.3.; and www.cbsa-asfc.qc.ca/aqency-aqence/reports-rapports/pia-efvp/atip-aiprp/infosource-enq.html.
337. The Privacy Act includes a number of safeguards that limit the sharing of personal information. As noted in Table 13, information may be disclosed for the purpose for which it was obtained or for a use consistent with that purpose. The Treasury Board Policy on Privacy Protection defines "consistent use" as "a use that has a reasonable and direct connection to the original purpose(s) for which the information was obtained or compiled." Moreover, "[t]his means that the original purpose and the proposed purpose are so closely related that the individual would expect that the information would be used for the consistent purpose, even if the use is not spelled out." Footnote 48 The Privacy Act also requires the designated minister to publish a personal information index at least once per year. This index must contain descriptions of all personal information banks, the purpose for which the personal information was obtained or compiled, a statement of consistent uses for which information may be disclosed, and a statement on the retention and disposal standards applied to information in the bank. Footnote 49
338. CBSA collects information specific to the purposes of administering and enforcing its program legislation. Regarding CBSA support of national security and public safety priorities, Table 14 illustrates types and purposes for sharing collected information, authorities for disclosure, and policies to guide employee conduct and to mitigate risks in the sharing of information. In all areas, CBSA may share information with its domestic and international partners, pursuant to its specific purpose and authority regime for disclosure.
| Type of Information and Purpose for Sharing | Authority for Disclosure | CBSA Policy Guidance |
|---|---|---|
| Information regarding national security screening | Privacy Act (s. 8) | Policy on the Disclosure of Personal Information: s. 8 of the Privacy Act |
| IRPA information relevant to a threat to the security of Canada | Privacy Act (s, 8) and Security of Canada Information Disclosure Act (SCIDA) (s. 5(1)) | Policy on the Disclosure of Personal Information: s. 8 of the Privacy Act |
| Customs information relevant to a threat to the security of Canada | Customs Act (s. 107) and SCIDA (s. 5(1)) | Policy on the Disclosure of Customs Information: s. 107 of the Customs Act |
| General checks for criminality | Privacy Act (s. 8) | Policy on the Disclosure of Information: s. 8 of the Privacy Act |
Sources: CBSA, Review of CBSA National Security and Intelligence Activities: Joint Hearing with RCMP and CSIS, May 16, 2019; and Review of the CBSA National Security and Intelligence Activities, Presentation to NSICOP, May 7, 2019.
339. Information collected under the Customs Act may be used or shared for many purposes, including supporting national security and public safety priorities or administering and enforcing the following acts:
- IRPA for exercising the powers or performing the duties and functions of the Minister of Public Safety and Emergency Preparedness, including establishing a person's identity and determining that person's inadmissibility to Canada;
- the Criminal Code or for use in the preparation of criminal proceedings under an act of Parliament;
- the Special Economic Measures Act regarding the enforcement of economic sanctions;
- the Proceeds of Crime (Money Laundering) and Terrorist Financing Act regarding currency seizures and terrorism financing; and
- the Export and Import Permits Act relating to the movement of dual-use or restricted goods and technology. Footnote 50
340. CBSA has a number of controls over the collection and sharing of information. The CBSA Chief Privacy Officer leads an internal centre of excellence on information sharing, which includes a 24/7 office to provide operational guidance to border services officers. CBSA also has a number of policy and operational guidelines to control information collection and sharing, including guidelines regarding the Ministerial Direction on Avoiding Complicity in Mistreatment by Foreign Entities, and policies on information security, records retention and disposal. The Chief Privacy Officer works with the Office of the Privacy Commissioner to develop privacy impact assessments for CBSA operational activities. Footnote 51
Immigration, Refugees and Citizenship Canada
341. CBSA works with IRCC at all points along the travel continuum to make admissibility evaluations and determinations for individuals seeking to enter Canada. Footnote 52 IRPA makes both the Minister of Immigration, Refugees and Citizenship and the Minister of Public Safety and Emergency Preparedness responsible for the administration of the Act. Footnote 53 IRCC is responsible for "facilitating the arrival of people and their integration into Canada in a way that maximizes their contribution to [Canada] while protecting the health, safety and security of Canadians." CBSA is responsible for "managing the flow of travellers at Canadian ports of entry, security screening, intelligence, interdiction of irregular migration and immigration enforcement. This includes responsibility for arrests, detentions, removals and representing [both Ministers] at hearings before the Immigration and Refugee Board." Footnote 54
342. Under IRPA, CBSA conducts security screening on all cases referred to it, including incoming temporary or permanent resident applicants, and all adult refugee applicants, either abroad or at ports of entry. In this role, CBSA is the enforcement, intelligence and investigative arm of IRPA. CBSA also uses the IRCC database, the Global Case Management System, for aspects of its security screening risk assessment determinations, including for trusted traveller programs such as Nexus.
343. CBSA and IRCC updated their memorandum of understanding (MOU) in 2017 to maintain a common understanding of the basis for cooperation on the implementation and delivery of programs and information sharing in support of various acts. Footnote 55 The MOU details the parameters and purposes for information sharing between the organizations, and the lawful authorities and policies under which the two organizations share personal information to fulfill their respective responsibilities. Footnote 56 The MOU states that CBSA and IRCC may share information where it is relevant to their respective jurisdictions and responsibilities related to national security, pursuant to SCISA, and defines the intelligence products, services and support that CBSA provides IRCC in regards to the immigration program. Footnote 57 Governance and oversight of the CBSA-IRCC relationship is provided through a deputy minister-level committee and subcommittees.
344. For this review, the Committee sought to identify challenges related to the organizations' shared responsibility for the administration and enforcement of IRPA. Both CBSA and IRCC stated that the authority basis for respective activities and responsibilities are clear. They described having a well established governance structure that support complementary but distinct roles and responsibilities. Footnote 58
345. Table 15 provides a breakdown of the CBSA-IRCC areas of cooperation on border-related activities that have national security outcomes.
| Point In the Border Continuum | Activity Area | Collaborative Activities and Information Sharing | National Security Outcomes |
|---|---|---|---|
| Pre-border | Liaison officer network |
|
|
| Pre-border and post-border | Immigration security screening |
|
|
| Post-border | Intelligence and inland enforcement Footnote 59 |
|
|
Source: CBSA and IRCC, Joint NSICOP hearing, May 9, 2019.
346. Immigration security screening is a collaborative process. Immigration security screening begins with IRCC's receipt of an application for permanent or temporary residency or refugee protection. Footnote 60 Go IRCC visa officers assess applications and may refer an applicant's file to CBSA or CSIS for further screening based on national security indicators, officer discretion or mandatory system referral requirements. Footnote 61
347. When an application is referred to CBSA, its National Security Screening Division is responsible for screening applicants seeking temporary and permanent residence in Canada. It is also responsible for making recommendations of inadmissibility to IRCC , under IRPA sections dealing with terrorism, espionage and subversion, crimes against humanity and genocide, and organized criminality. In 2016-17, 2017-18 and 2018-19, respectively, CBSA provided IRCC with *** recommendations regarding individuals being inadmissible to Canada under subsection 34(1) of IRPA, which relates to terrorism, espionage and subversion. This represents approximately ***% of the total number of immigration security screening files that IRCC referred to CBSA in each year. Footnote 62
The Royal Canadian Mounted Police
348. CBSA and the RCMP share responsibility for protecting Canada's borders through the administration and enforcement of the Customs Act, IRPA, the Criminal Code, and other relevant acts and regulations. CBSA and the RCMP established an MOU in 2014 to delineate their areas of shared responsibility and cooperation for border security. Both organizations report directly to the Minister of Public Safety and Emergency Preparedness. Footnote 63
349. CBSA exercises its responsibilities at designated ports of entry. This includes "managing the flow of travellers and goods at (ports of entry), investigations of contraventions of the Customs Act and IRPA, and immigration enforcement activities." Footnote 64 The RCMP is responsible for investigations and monitoring the border between those designated ports, including primary responsibility for border security between and outside of ports of entry. Footnote 65 Cooperation between the RCMP and CBSA is strategic (development of policies, programs and procedures and program evaluation), operational (information sharing, providing mutual assistance) and tactical (joint operational activities and information sharing for specific investigations).
350. The CBSA-RCMP MOU details divisions of responsibility and specific areas of cooperation and investigative responsibility related to border enforcement and administration, public safety, and support of national security outcomes. These include investigative responsibilities for counter proliferation, joint force operations and covert operations.
351. The MOU describes the authorities, parameters and conditions under which information can be shared between the organizations. CBSA may disclose information to the RCMP if it relates to accreditation of foreign visitors to major events held in Canada and customs information for criminal investigations, including information about the identity of a person, a commercial shipment or conveyance, or a Customs Act offence or seizure at the border. Footnote 66 The RCMP may disclose information to CBSA that is relevant to investigations or threats pertaining to the security of Canada; chemical, biological, radiological and nuclear incidents; critical infrastructure; proliferation of weapons of mass destruction; terrorism financing; threats against protected persons; and trafficking or smuggling of firearms, weapons, prohibited devices or ammunitions. Footnote 67 The RCMP may also provide CBSA with information relevant to other aspects of the CBSA mandate, including the security screening program, admissibility determinations under IRPA, the targeting of high-risk travellers, covert operations or controlled deliveries (that is, the intentional delivery of prohibited goods, intercepted at the border or elsewhere, to the intended recipient in order to identify or arrest the recipient or further a criminal or security investigation). Footnote 68
The Canadian Security Intelligence Service
352. CBSA and CSIS share information on domestic and overseas cases to identify threats to the security of Canada and to assess admissibility under IRPA. In early 2015, CBSA and CSIS agreed to an MOU to identify "the basis for cooperation between the CBSA, which is responsible for administering and enforcing border-related legislation, and the CSIS in conducting national security investigations as well as sharing information in accordance with their respective mandates and applicable law." Footnote 69 In areas of joint operations, operational assistance and collaboration, the CBSA-CSIS MOU states that activities undertaken by each organization can "take the form of investigative techniques, the provision of equipment, the sharing of information, resources or personnel and the facilitation of conditions to allow the other Participant to safely and effectively meet its operational requirements." Footnote 70 The MOU further states that while activities conducted under the MOU may be performed jointly, or by one entity on behalf of the other, they must, in all cases, be subject to each organization's respective mandate and authorities. The CBSA-CSIS MOU notes that specific areas of cooperation (such as joint operations, areas of operational assistance and collaboration, and information sharing) will be identified in specific annexes to the MOU. Those annexes are expected to be finalized in 2019. Footnote 71
International partnerships
353. The CBSA Act authorizes CBSA to enter into arrangements and agreements with foreign states and international organizations. Footnote 72 CBSA stated that the dynamism of border-related threats necessitates strong relationships with international partners. As a result, CBSA works with foreign counterparts to share best practices, tradecraft and, where applicable, intelligence, to facilitate admissible travellers and trade, and to identify those deemed high-risk and interdict if inadmissible. Of CBSA’s many international partnerships, its relationships with the United States, the Border Five (B5) group of states (Canada, United States, United Kingdom, Australia and New Zealand), and the European Union are the most pertinent to this review of CBSA’s national security and intelligence activities.
354. CBSA has strong relationships with American security agencies. In 1997, representatives of the governments of Canada and the United States signed an aide-memoire on procedures by which watch list data on suspected terrorists, derived from U.S. intelligence and law enforcement reports, may be shared with Canadian authorities responsible for visa operations and border security. Under this agreement, Canadian officials receive the names, dates of birth, passport numbers and nationalities (or countries of origin) of terrorist suspects listed on the U.S. Department of State's TIPOFF program. Footnote 73
355. This Canada-U.S. agreement was later named TUSCAN (TIPOFF U.S.-Canada) and formalized in a 2016 arrangement. TUSCAN provides CBSA with information from the U.S. Terrorist Screening Center, including information related to Canadian citizens. (*** Three sentences were revised to remove injurious or privileged information. These sentences describe the sharing of information between Canada and the US under the TUSCAN agreement. ***) Footnote 74 *** Footnote 75 *** Footnote 76
356. Further to TUSCAN, CBSA shares information with the United States for a multitude of reasons across its Intelligence and Enforcement, Traveller and Commercial branches. As discussed in paragraph 384, CBSA shares information with U.S. Customs and Border Protection in the area of scenario-based targeting. Specifically, CBSA shares the biographical data of all travellers identified through a targeting scenario. In turn, U.S. Customs and Border Protection shares previous enforcement and travel history information on those individuals to inform CBSA’s risk management process. CBSA may also share with its U.S. partners information related to immigration or high-risk travellers. Immigration-related information is shared on a case-by-case basis. CBSA shares information related to high-risk travellers with its American partners where there is a clear link to the United States. However, CBSA stated that this type of sharing is rare, as most CBSA high-risk traveller cases involve Criminal Code investigations of Canadian citizens and information would therefore be provided to the RCMP or CSIS. Footnote 77
357. Beyond its bilateral relationship with the United States, the majority of CBSA’s information sharing is with the B5 group of states. Footnote 78 CBSA engages with its B5 counterparts in multiple fora to share tradecraft and best practices for border security. On scenario-based targeting, for example, [*** The rest of this sentence was revised to remove injurious or privileged information. The sentence names B5 fora for sharing. ***] Footnote 79
358. CBSA also works closely with counterparts in the European Union. In 2005, Canada and the European Community signed an agreement to ensure that Advance Passenger Information (API) and Passenger Name Record (PNR) data is provided consistent with fundamental rights and freedoms, including the right to privacy. The agreement commits both parties to process API/PNR data in accordance with applicable laws and constitutional requirements. Footnote 80 In 2014, Canada and the European Union added additional guidance on privacy protections and the provision and use of API/PNR data, including information related to police or judicial authorities. Footnote 81 In July 2019, Canada and the European Union concluded negotiations for a new PNR Agreement. Both parties have agreed to finalize the new Agreement following legal review. Footnote 82