Annex A - The CANCIT Functional Directive
Special Report on the Collection, Use, Retention and Dissemination of Information on Canadians in the context of the Department of National Defence and the Canadian Armed Forces Defence Intelligence Activities
(available only in English)
Unclassified
Chief of Defence Intelligence Functional Directive: Guidance on the Collection of Canadian Citizen Information
1.0 Identification
File number: 2003-0
Effective Date: 31 August 2018
Supersedes: N/A
Office of Primary Responsibility: Director General Intelligence Policy and Partnerships (DGIPP)
Approval Authority: Chief of Defence Intelligence (CDI)
References:
- Charter of Rights and Freedoms
- National Defence Act
- Privacy Act
- Citizenship Act
- Immigration and Refugee Protection Act
- Security of Information Sharing Act
- Treasury Board Directive on Privacy Practices
- Ministerial Directive on Defence Intelligence, September 2013
- Ministerial Directive on Defence Priorities, February 2017
- Ministerial Directive on Avoiding Complicity in Mistreatment by Foreign Entities, November 2017
- DAOD 1000-10, Policy Framework for Corporate Administration Management
- DAOD 1002-0, Personal Information
- DAOD 1002-3, Management of Personal Information
- CDI Functional Directive: Intelligence and Intelligenct-derived Information Sharing with External Entities,June 2010
Purpose
1.1. The purpose of this directive is to:
1.1.1 Ensure clarity on the legal and policy constraints around the collection of Canadian citizen (CANCIT) information when conducting defence intelligence activities;
1.1.2 Provide guidance for instances where CANCIT information is inadvertently collected by the Department of Natfonal Defence (DND) and the Canadian Armed Forces (CAF) when conducting defence intelligence activities; and
1.1.3 Establish general parameters for the collection of CANCIT information for defence intelligence purposes in operational and umning environments.
1.2 This functional directive does not deal with personal information management procedures or requirements relating to the collection of CANCIT information.
Application
1.3 This CDI directive is an order for all officers and non-commissioned members of the CAF and a directive for all employees of DND.
Approval Authority
1.4 This Functional Directive is issued on the authority of the CDI, under the delegated authority of tihe Deputy Minister (DM) and the Chief of the Defence Staff (CDS) to issue functional direction in respect of defence intelligence matters. In accordance with refs H (Ministerial Directive on Defence Intelligence) and K. (DAOD 1000-10 Policy Framework for Corporate Administration Management).
Office of Primary Responsibility
1.5 DGIPP is the Office of Primary Responsibility for this directive, and all issues pertaining to the collection of CANCIT information when conducting defence intelligence missions and/or activities.
Table of Contents
1.6 This document contains the following subjects:
- 1.0 Identification
- 2.0 Introduction
- 3.0 Definitions
- 4.0 Legal Authority
- 5.0 Policy Direction
- 6.0 Gender Perspectives
- 7.0 Information Management
- 8.0 Roles and Responsibilities
- 9.0 Approval
2.0 Introduction
2.1 Emerging technologies and capabilities are increasing the possibility that CANCIT information may be inadvertently collected as part of mandated CAF missions and/or activities. The use of the Internet to conduct open source intelligence (OSINT) collection, for example, is a valuable intelligence enabler that may also raise privacy considerations in relation to the collectionof social media information.
2.2 Technological developments have also changed the information flow related to intelligence sharing with allies and partners. Information movement is being facilitated through multinational interagency centres, enabling rapid sharing between points of collection to military and other government departments and agencies fur further action. This construct increases the chance of DND/CAF inadvertently collecting CANCIT information incidental to mission mandates and areas of opetation.
3.0 Definitions
- 3.1 Canadian citizen
- refers to a Canadian citizen within the meaning of s.3 of the Citizenship Act (R.S., 1985, c. C-29); or a permanent resident within the meaning of the s.2(1) of the Immigration and Refugee Protection Act (2001, c.27).
- 3.2 Collection
- the exploitation of sources by collection agencies and the delivery of the information obtained to the appropriate process unit for use in the production of intelligence (Defence Terminology Bank record number 3796).
- 3.3 Defence intelligence
- all intelligence from the tactical to the strategic level in support of military operations and planning (Defence Terminology Bank record number 47286).
- 3.4 Dissemination
- the timely conveyace of intelligence, in an appropriate form and by any suitable means, to those who need it (Defence Tenninology Bank record number 4100).
- 3.5 Exploitation
- the systematic retrieval and ananlysis of equipment, documents, and media (definition retained from the CDI Functional Directive: Exploitation of Captured Equipment and Documents).
- 3.6 Information
- unprocessed data of every description which may be used in the production of intelligence (Defence Tenninology Bank record number 18621).
- 3.7 Intelligence
- the product resulting from the collection, processing, analysis, integration and interpretation of available information concerning foreign states, hostile or potentially hostile forces or elements, geography and social and cultural factors that contributes to the understanding of an actual or potential operating environment. The term "intelligence" also applies to the activities that result in the product and to the organizations engaged in such activities (Defence Terminology Bank record number 738)
- 3.8 Operations
- the carrying out of service, training, or administrative military mission; the process of carrying out combat (or non-combat) military actions (Defence Terminology Bank record number 27068).
- 3.9 Sanitizing
- Removing sensitive information from a document to reduce its sensitivity; or, erasing sensitive data from storage media (Defence Terminology Bank record number 12139 and 20963)
4.0 Legal Authority
4.1 The authority to conduct defence inteiligence is implicit when the CAF is legally mandated to conduct military operations and other defence activities pursuant to legislation or an exercise of the Crown Prerogative, and where a clear nexus has been established between the nature and scope of the defence intelligence activity and the mandated mission. However, any means and methods used in the conduct of defence intelligence activities remain subject to applicable Canadian and international laws, as well as Government of Canada and Ministerial policies and directives.
4.2 DND/CAF operations and acttvities shall not involve the collection of CANCIT information for defence intelligence purposes except where:
4.2.1 Collection occurs in support of mandated defence operations and activities; or
4.2.2 Collection, in support of another department or agency, is subject to the authority, mandate and requirements, as prescribed by law, of the supported Canadian department or agency to collect the information.
5.0 Policy Direction
General
5.1 DND and CAF personnel are tasked with employing intelligence capabilities as required to support mandated defence operations and activities. The paragraphs below provide direction on variou conditions with respect to CANCIT information that must be met while employing defence intelligence capabilities.
5.2 Operational Commanders authorizing defence intelligence activities must coordinate planning with CDI to assess the risk of encountering CANCITs and/or CANCIT information as part of the activity and/or mission being supported.
5.3 CANCIT information collected must have a direct and immediate relationship with, and be demonstrably necessary to, an authorized operation or activity.
Inadvertent Collection
5.4 Where CANCIT information has been inadvertently collected as part of defence intelligence activities, the responsible J2, designated Release and Disclosure Authority (RDA), or force employing. Command J2 will advise the chain of command and the Canadian Forces Intelligence Command (CFINTCOM) Release and Disclosure Coordination Office (RDCO), except where:
5.4.1 The collection activity has existing reporting protocols under a CDI Functional Directive or other CDI-issued direction.
5.5 CANCIT infonnation coillected inadvertently shall be deleted from DND/CAF database once it is confirmed that the information cannot be held for defence intelligence purposes to support mandated defence operations and activities, or lawfully passed to another Canadian government department or agency. In addition:
5.5.1 Instances of inadvertently collected CANCIT information shall be logged. A copy of the log(s) shall be sent to the CFINTCOM RDCO upon completion of the relevant tour or activity; or at least once per year.
5.6 DND/CAF training exercises involving defence intelligence components must include mitigation plans for the inadvertent collection of CANCIT information, to be developed in consultation with CDI, and include the folloWing general principles:
5.6.1 Commanders are responsible for ensuring that risks associated with defence intelligence collection for training purposes are assessed and mitigated prior to the commencement of exercises;
5.6.2 The deployed J2 or designated RDA is responsible for overseeing investigations into incidents of inadvertent collection of CANCIT information during training exercises, and reporting these incidents to CDI; and
5.6.3 The deployed J2 or designated RDA is responsible for assessing content collected during traniing exercises to determine the requirements for sanitization and/or deletion as appropriate.
Information Sharing
5.7 CANCIT information may be shared with other Canadian government departments and agencies if the disclosure is authorized by law, including the Privacy Act, the Security of Information Sharing Act, as the case may be, and the Charter of Rights and Freedoms.
5.8 Logs documenting all sharing of CANCIT information collected through defence intelligence activities to other domestic government departments and foreign entities must be maintained. A copy of the log(s) shall be sent to the CFINTCOM RDCO upon completion of the relevant tour or activity, or at least once per year.
5.9 Inadvertently collected CANCIT information that is shared with other Canadian government departments and agencies and foreign entities shall be managed in accordance with para 5.5.
6.0 Gender Perspectives
6.1 In accordance with Treasury Board Secretariat requirements, this directive has been considered, for its potential impact on various groups of women and men. There are no foreseen impact differentials based on gender.
7.0 Information Management
7.1 All applicable domestic laws and Government of Canada policies pertaining to infonm1tfon collection and and management apply to the information holdings of all elements of the defence intelligence community.
7.2 Information management of personal information collected for defence intelligence purposes must comply with the Privacy Act where applicable. Appropriate care must also be taken to ensure that the collection, use, retention and disposal of personal information is conducted in accordance with the Treasury Board Directive on Privacy Practices; DAOD 1002-0 Personal Information; and DAOD 1002-3 Management of Personal Information.
8.0 Roles and Responsibilities
| The… | is responsible and accountable for… |
|---|---|
| Chief of Defence Intelligence |
|
| Assistant Deputy Minister (Policy) |
|
| DND/CF Legal Advisor |
|
| Judge Advocate General |
|
| Operational and Environmental |
|
| Commanders |
|
9.0 Approval
9.1 This functional direction takes immediate effect and shall remain in effect until otherwise directed.
S.E.G. Bishop
Rear-Admiral
Chief of Defence Intelligence
August 2018