Annex B – Recommendations of Prior Reviews
The National Security and Intelligence Committee of Parliamentarians 2022 Annual Report

Special report into the allegations associated with Prime Minister Trudeau’s official visit to India in February 2018

Description

A special report on the allegations raised in the context of the Prime Minister’s trip to India in February 2018 relating to foreign interference in Canadian political affairs, risks to the security of the Prime Minister, and the inappropriate use of intelligence.

Recommendations

Foreign interference

R1.

In the interest of national security, members of the House of Commons and the Senate should be briefed upon being sworn-in and regularly thereafter on the risks of foreign interference and extremism in Canada. In addition, Cabinet Ministers should be reminded of the expectations described in the Government’s Open and Accountable Government, including that Ministers exercise discretion with whom they meet or associate, and clearly distinguish between official and private media messaging, and be reminded that, consistent with the Conflict of Interest Act, public office holders must always place the public interest before private interests. ***

R2.

The Minister of Public Safety and Emergency Preparedness should consider revising the *** to include a formal role for the National Security and Intelligence Advisor. The information provided to the Committee demonstrates that the NSIA played a significant role ***. The Committee believes that the NSIA has a legitimate role to provide advice as coordinator of the security and intelligence community and advisor to the Prime Minister. ***

Security

R3.

Drawing on the Committee’s findings, an interdepartmental review should be undertaken to identify key lessons learned following these events.

R4.

The Government should develop and implement a consistent method of conducting background checks by all organizations involved in the development of proposed guest lists for foreign events with the Prime Minister.

The use of intelligence

R5.

The Prime Minister should review the role of the NSIA in the area of countering threats to the security of Canada. The Committee already made one recommendation with respect to the role of the NSIA in the area of ***. The Committee notes that a number of other government departments and agencies have statutory authority to take measures to protect Canada from threats to its security. The role of the NSIA should be clarified for those organizations, as well.

Status

As of December 31, 2022, the government has not provided a status update regarding the implementation of these recommendations.

Review of the Process for Setting Intelligence Priorities

Description

A review of the Government of Canada’s process for establishing the national intelligence priorities, focusing on the governance of the process, the participation of the organizations involved, and performance measurement and resource expenditures.

Recommendations

R1.

The National Security and Intelligence Advisor, supported by the Privy Council Office, invest in and take a stronger managerial and leadership role in the process for setting intelligence priorities to ensure organizational responses to the intelligence priorities are timely and consistently implemented.

R2.

The security and intelligence community develop a strategic overview of the Standing Intelligence Requirements to ensure Cabinet is receiving the best information it needs to make decisions.

R3.

Under the leadership of the National Security and Intelligence Advisor and supported by the Privy Council Office, the security and intelligence community develop tools to address the coordination and prioritization challenges it faces in relation to the Standing Intelligence Requirements.

R4.

The security and intelligence community, in consultation with the Treasury Board Secretariat, develop a consistent performance measurement framework that examines how effectively and efficiently the community is responding to the intelligence priorities, including a robust and consistent resource expenditure review.

Status

As of December 31, 2022, the government has not provided a status update regarding the implementation of these recommendations.

Review of the Department of National Defence and the Canadian Armed Forces’ Intelligence Activities

Description

A review of the intelligence activities of the Department of National Defence and the Canadian Armed Forces. The Committee examined the scope of these activities, their legal authorities and the existing oversight mechanisms for their control and accountability.

Recommendations

R1.

The Department of National Defence/Canadian Armed Forces (DND/CAF) review and strengthen its administrative framework governing defence intelligence activities, particularly with respect to the Ministerial Directive on Defence Intelligence, to ensure that it meets its own obligations on governance and reporting to the Minister of National Defence, and is properly tracking the implementation of those obligations. In particular:

• devise a standard process, or principles, for determining a nexus between a defence intelligence activity and a legally authorized mission;
• document its compliance with obligations in the Directive, including in areas of risk specified in the Directive not currently included in annual reports to the Minister; and
• implement a standardized process for interdepartmental consultations on the deployment of defence intelligence capabilities, including minimum standards of documentation.

R2.

The Government amend Bill C-59, National Security Act, 2017, to ensure that the mandate of the proposed National Security and Intelligence Review Agency includes an explicit requirement for an annual report of DND/CAF activities related to national security or intelligence.

R3.

Drawing from the Committee’s assessment and findings, the Government give serious consideration to providing explicit legislative authority for the conduct of defence intelligence activities.

Status

As of December 31, 2022, the government has not provided a status update regarding the implementation of these recommendations.

However, the Mandate Letter sent to the Minister of Defence on December 13, 2019, included:

• “With the support of the Minister of Public Safety and Emergency Preparedness, introduce a new framework governing how Canada gathers, manages and uses defence intelligence, as recommended by the National Security and Intelligence Committee of Parliamentarians.” ^{Footnote 7}

The Committee recognizes that recommendation R2 was overtaken by events when Bill C-59, the National Security Act, 2017 received Royal Assent on June 21, 2019, and did not include a requirement for NSIRA to produce an annual report of DND/CAF activities related to national security or intelligence.

Diversity and Inclusion in the Security and Intelligence Community

Description

A review that provides a baseline assessment of the degree of representation of women, Aboriginal peoples, members of visible minorities and persons with disabilities within the security and intelligence community, and examines the goals, initiatives, programs and measures that departments and agencies have taken to promote diversity and inclusion.

Recommendations

R1.

The Committee conduct a retrospective review in three to five years to assess the security and intelligence community’s progress in achieving and implementing its diversity goals and inclusion initiatives, and to examine more closely the question of inclusion, including issues of harassment, violence and discrimination, through closer engagement with employees.

R2.

The security and intelligence community adopt a consistent and transparent approach to planning and monitoring of employment equity and diversity goals, and conduct regular reviews of their employment policies and practices (that is, employment systems reviews) to identify possible employment barriers for women, Aboriginal peoples, members of visible minorities and persons with disabilities.

R3.

The security and intelligence community improve the robustness of its data collection and analysis, including GBA+ assessments of internal staffing and promotion policies and clustering analyses of the workforce. In this light, the Committee also highlights the future obligation for organizations to investigate, record and report on all occurrences of harassment and violence in the workplace.

R4.

The security and intelligence community develop a common performance measurement framework, and strengthen accountability for diversity and inclusion through meaningful and measurable performance indicators for executives and managers across all organizations.

Status

As of December 31, 2022, the government has not provided a status update regarding the implementation of these three recommendations (R2 to R4; R1 relates to the Committee).

The Government Response to Foreign Interference

Description

A review of the breadth and scope of foreign interference in Canada; the government’s response; the implicated organizations and their response capabilities; the extent of coordination and collaboration among these organizations; the degree to which the government works with other levels of government and targets of foreign interference; and government engagement with allies abroad.

Recommendations

R1.

The Government of Canada develop a comprehensive strategy to counter foreign interference and build institutional and public resiliency. Drawing from the Committee’s review and findings, such a strategy should:

• identify the short- and long-term risks and harms to Canadian institutions and rights and freedoms posed by the threat of foreign interference;
• examine and address the full range of institutional vulnerabilities targeted by hostile foreign states, including areas expressly omitted in the Committee’s review;
• assess the adequacy of existing legislation that deals with foreign interference, such as the Security of Information Act or the Canadian Security Intelligence Service Act, and make proposals for changes if required;
• develop practical, whole-of-government operational and policy mechanisms to identify and respond to the activities of hostile states;
• establish regular mechanisms to work with sub-national levels of government and law enforcement organizations, including to provide necessary security clearances;
• include an approach for ministers and senior officials to engage with fundamental institutions and the public; and
• guide cooperation with allies on foreign interference.

R2.

The Government of Canada support this comprehensive strategy through sustained central leadership and coordination. As an example of a centralized coordinating entity to address foreign interference, the Committee refers to the appointment and mandate of the Australian National Counter Foreign Interference Coordinator.

The Committee reiterates its recommendation from its Special report into the allegations associated with Prime Minister Trudeau’s official visit to India in February 2018:

• In the interest of national security, members of the House of Commons and Senate should be briefed upon being sworn-in and regularly thereafter on the risks of foreign interference and extremism in Canada. In addition, Cabinet Ministers should be reminded of the expectations described in the Government’s Open and Accountable Government, including that Ministers exercise discretion with whom they meet or associate, and clearly distinguish between official and private media messaging, and be reminded that, consistent with the Conflict of Interest Act, public office holders must always place the public interest before private interests.

Status

As of December 31, 2022, the government has not provided a status update regarding the implementation of these recommendations.

The Canada Border Services Agency’s National Security and Intelligence Activities

Description

A review of the national security and intelligence activities of the Canada Border Services Agency, focusing on CBSA’s governance over national security and intelligence activities in CBSA’s Enforcement and Intelligence Program; CBSA’s conduct of sensitive national security and intelligence activities; and CBSA’s relations with its key partners in the areas of national security and intelligence.

Recommendations

R1.

The Minister of Public Safety and Emergency Preparedness provide written direction to the Canada Border Services Agency on the conduct of sensitive national security and intelligence activities. That direction should include clear accountability expectations and annual reporting obligations.

R2.

The Canada Border Services Agency establish a consistent process for assessing and reporting on the risks and outcomes of its sensitive national security and intelligence activities.

Status

As of December 31, 2022, the government has not provided a status update regarding the implementation of these recommendations.

However, on February 16, 2022, the Minister of Public Safety issued the Ministerial Direction to the Canada Border Services Agency on Surveillance and Confidential Human Sources, which directs it to establish risk management and reporting mechanisms related to surveillance and confidential human sources. ^{Footnote 8}

Special Report on the Collection, Use, Retention and Dissemination of Information on Canadians in the context of the Department of National Defence and Canadian Armed Forces Defence Intelligence Activities

Description

A special report on the collection, use, retention and dissemination of information on Canadian citizens by the Department of National Defence and the Canadian Armed Forces in the conduct of defence intelligence activities, focusing on the operational context, legal framework, the CANCIT Function Directive, and the treatment of this information before the Directive.

Recommendations

The Committee makes the following recommendations:

R1.

The Department of National Defence / Canadian Armed Forces (DND/CAF) rescind the Chief of Defence Intelligence Functional Directive: Guidance on the Collection of Canadian Citizen Information and, in consultation with the Privacy Commissioner, review all of its functional directives and other DND/CAF policy instruments that are relevant to the collection, use, retention and dissemination of information about Canadians to ensure consistent governance of these activities.

R2.

To resolve the issue of the extraterritorial application of the Privacy Act, the Minister of National Defence should ensure DND/CAF complies with the letter and spirit of the Privacy Act in all of its defence intelligence activities, whether they are conducted in Canada or abroad.

R3.

The Minister of National Defence introduce legislation governing DND/CAF defence intelligence activities, including the extent to which DND/CAF should be authorized to collect, use, retain and disseminate information about Canadians in the execution of its authorized missions.

Status

As of December 31, 2022, the government has not provided a status update regarding the implementation of these recommendations.

Special Report on the Government of Canada’s Framework and Activities to Defend its Systems and Networks from Cyber Attack

Description

A special report that describes the threat to government systems from malicious cyber actors; examines the evolution of the Government of Canada’s cyber defence policies and laws; assesses the roles and responsibilities of relevant government organizations; and examines relevant case studies where government systems were compromised in cyber attack.

Recommendations

R1.

The government continue to strengthen its framework for defending government networks from cyber attack by ensuring that its authorities and programs for cyber defence are modernized as technology and other relevant factors evolve, including to align them with the horizontal framework for cyber defence that has emerged over the last decade.

R2.

To the greatest extent possible, the government:

• Apply Treasury Board policies relevant to cyber defence equally to departments and agencies;
• Extend Treasury Board policies relevant to cyber defence to all federal organizations, including small organizations, Crown corporations and other federal organizations not currently subject to Treasury Board policies and directives related to cyber defence;
• Extend advanced cyber defence services, notably the Enterprise Internet Service of Shared Services Canada and the cyber defence sensors of the Communications Security Establishment, to all federal organizations.

Status

The government provided the following responses to the recommendations made by the Committee:

Response to R1:

Agreed. Public Safety, Communications Security Establishment, and Treasury Board of Canada Secretariat agree that the government continue to strengthen its framework for defending government networks from cyber attack, ensuring that its authorities and programs for cyber defence are modernized as technology and other relevant factors evolve.

Public Safety, in collaboration with Communications Security Establishment and Treasury Board of Canada Secretariat, will continue to work together to align with the horizontal framework for cyber security to ensure that an appropriate governance structure is in place to advance cyber security policy.

Responsible organizations: Public Safety, in consultation with Communications Security Establishment and Treasury Board of Canada Secretariat.

Response to R2.1:

Agreed. The Treasury Board of Canada Secretariat will review the Treasury Board policy framework to ensure that cyber defence is applied equally to departments and agencies to the greatest extent possible. This includes alignment between the scope of the Policy on Government Security and the Policy on Service and Digital.

Responsible organization: Treasury Board of Canada Secretariat.

Response to R2.2:

Agreed. The Treasury Board of Canada Secretariat will undertake a review of the Treasury Board policy framework to explore and identify potential options to extend Treasury Board policies relevant to cyber defence to all federal organizations, including small organizations, Crown Corporations, and other federal organizations not currently subject to Treasury Board policies and directives related to cyber defence. This review will take into consideration the Financial Administration Act and the authorities under that Act, as well as any legal considerations.

Responsible organization: Treasury Board of Canada Secretariat.

Response to R2.3:

Agreed. Treasury Board of Canada Secretariat, in consultation with Shared Services Canada and Communications Security Establishment agree that the government should extend advanced cyber defence services, notably the Enterprise Internet Service of Shared Services Canada and the cyber defense sensors of the Communication Security Establishment, to all federal organizations to the greatest extent possible. Treasury Board of Canada Secretariat will continue to strengthen cyber defence measures as part of the updates to the Policy on Service and Digital, specifically through the mandatory procedures outlined under Appendix G: Standard on Enterprise IT Service Common Configurations of the Directive on Service and Digital which will be published in Early 2022.

Shared Services Canada, in consultation with Treasury Board of Canada Secretariat and Communications Security Establishment, and as part of a funded study, is evaluating the current posture of small departments and agencies (SDAs) that have not adopted the Enterprise Internet Service of Shared Services Canada. The goal of the evaluation is to produce a costed business case outlining the funding necessary to migrate SDAs to the Enterprise Internet Service of Shared Services Canada, eliminate the use of non- Shared Services Canada managed internet services, and provision other enterprise services (including the cyber defense sensors of the Communication Security Establishment), which will help to improve the security posture of SDAs and reduce the threat exposure of the government’s enterprise networks.

Communications Security Establishment, in consultation with Treasury Board of Canada Secretariat, will explore options to extend the cyber defense sensors of the Communications Security Establishment to all federal organizations.

Responsible organizations: Treasury Board of Canada Secretariat, in consultation with Shared Services Canada and Communications Security Establishment.