Language selection

Government of Canada / Gouvernement du Canada

Search

DAOD 8002-2, Canadian Forces National Counter-Intelligence Unit

Table of Contents

  1. Introduction
  2. Abbreviations and Acronyms
  3. Definitions
  4. CFNCIU Organization
  5. Concept of Support
  6. Counter-Intelligence Oversight Committee
  7. Investigation Management
  8. Information Management
  9. Responsibilities
  10. References

1. Introduction

Date of Issue: 2003-03-28

Application: This is a directive that applies to employees of the Department of National Defence (DND) and an order that applies to officers and non-commissioned members of the Canadian Armed Forces (CAF members).

Supersession: CFAO 22-3, Special Investigation Unit Services

Approval Authority: This DAOD is issued under the authority of the Deputy Chief of the Defence Staff (DCDS).

Enquiries: Canadian Forces National Counter-Intelligence Unit (CFNCIU)

2. Abbreviations and Acronyms

Abbreviation or Acronym Complete Word or Phrase

ABCA

America, Britain, Canada and Australia

ADM (HR-Mil)

Assistant Deputy Minister (Human Resources - Military)

CFNCIU

Canadian Forces National Counter-Intelligence Unit

CFNIS

Canadian Forces National Investigation Service

CFPM

Canadian Forces Provost Marshal

CFSTG

Canadian Forces Support Training Group

CI

counter-intelligence

CIO

counter-intelligence officers

CIOC

Counter-Intelligence Oversight Committee

CIVT

Counter-Intelligence Verification Team

CO

commanding officer

CSIS

Canadian Security Intelligence Service

DCDS

Deputy Chief of the Defence Staff

DND/CF LA

DND/CF Legal Advisor

D Strat Int

Directorate Strategic Intelligence

J2/DG Int

J2/Director General Intelligence

JAG/D Law/Ops

Judge Advocate General/Director Law/Operations

MP

military police

NCIP

National Counter-Intelligence Program

NCIO

National Counter-Intelligence Officer

NDCC 2

National Defence Command Centre - Security Intelligence

NDSI

National Defence Security Instructions

NDSP

National Defence Security Policy

PVA

port vulnerability assessments

SIRs

standing intelligence requirements

SILP

Security Intelligence Liaison Program

3. Definitions

counter-intelligence (contre-ingérence)

Counter-intelligence means activities concerned with identifying and counteracting threats to the security of DND employees, CAF members, and DND and CAF property and information, that are posed by hostile intelligence services, organizations or individuals, who are or may be engaged in espionage, sabotage, subversion, terrorist activities, organized crime or other criminal activities.

security intelligence (renseignement de sécurité)

Security intelligence means intelligence on the identity, capabilities and intentions of hostile intelligence services, organizations or individuals, who are or may be engaged in espionage, sabotage, subversion, terrorist activities, organized crime or other criminal activities.

4. Overview

Mandate

4.1 The CFNCIU is a national level unit, specializing in security and CI activities. The unit is assigned to the DCDS and is under the functional control of J2/DG Int.

4.2 The mission of the CFNCIU is to provide security and CI services in support of DND and the CAF during peace, crisis and war. The mandate of the unit includes:

  1. providing CI advice to senior DND and CAF leadership and assistance with strategic, theatre, operational and tactical CI planning; and
  2. implementing CI security activities to support the NCIP on behalf of the DCDS/J2/DG Int.

Activities

4.3 CI activities conducted by CFNCIU in support of the NCIP include:

  1. identifying, investigating and countering threats to the security of the DND and the CAF from espionage, sabotage, subversion, terrorist activities, and other criminal activity;
  2. identifying, investigating and countering the actual or possible compromise of highly classified or special DND or CAF material;
  3. conducting CI security investigations, operations and security briefings and debriefings to counter threats to, or to preserve, the security of DND and CAF interests;
  4. implementing the SILP on behalf of DND and the CAF to:
    1. provide early warning of potential threats against DND or CAF interests and monitor potential or actual threats;
    2. support CF preparation for, and deployment in support of, public order or welfare emergencies declared under the Emergencies Act and, to a lesser extent, the provision of services or resources to assist other government departments or agencies; and
    3. share information obtained through the SILP, as applicable, with appropriate MP elements, NDCC 2, G2/N2/A2 staff and others as required to preserve DND and CAF security interests
  5. participating in joint police or security intelligence centres formed to gather and share police and security information, and security intelligence, in support of domestic operations;
  6. liaising with NATO, ABCA, CI, police and security agencies of other countries to ensure a continuous flow of CI information and co-ordination of effort; and
  7. conducting CI activities in support of the responsibilities of DND senior managers and commanders for force protection and operations security.

CFNCIU Organization

General

The CFNCIU includes CI investigators and support personnel, who contribute to unit activities within the scope of their respective duties and security clearances, and specific skill sets and appointments.

The CFNCIU identification card (NDI 53) is issued only to eligible CFNCIU members and is the identifier and authority to conduct NCIP activities.

MP members serving as CI investigators remain subject to the MP Professional Code of Conduct. MP members serving within the CFNCIU shall retain their MP credentials and authority under section 156 of the National Defence Act for the sole use of identification under the SILP. As a result, they are subject to the MP complaint process as it pertains to their use of those credentials and authority under section 156. Additionally, should exceptional circumstances require such members to act in a policing role during the routine performance of their duties, e.g., they happen upon a traffic accident and render assistance, then the MP complaint process under Part IV of the National Defence Act applies.

Support Personnel

Support personnel are posted or attached to the CFNCIU to assist with administrative, operational or intelligence functions. Unit support personnel may assist investigators but do not perform investigative functions.

Conduct

If a CI investigator is under criminal, service or professional standards investigation or review, the CO CFNCIU may withdraw the NDI 53 card of that member. The member may then serve in an administration role. J2/DG Int shall be informed of any decision to withdraw a member from investigative duties.

Recruitment

To be eligible for a posting to the CFNCIU, a CF member must:

Each prospective member shall complete an overseas screening and be available for immediate deployment.

Training

The CFSTG sponsors the national CI course that is normally conducted annually.

Successful completion of the CI course is a pre-requisite for service as a CI investigator within the unit and for foreign deployment in a CI capacity.

Duty Dress and Identification

The normal duty dress for CFNCIU personnel is civilian attire, and CF members are to receive a clothing grant as directed in J2/DG Int Administrative Instructions. CF members may be directed by their supervisor to wear other orders of dress as may be appropriate and as authorized by the CO CFNCIU.

In exceptional circumstances, J2/DG Int may authorize CFNCIU members to wear the uniform, rank, element or trade insignia of any unit or military branch (other than medical, dental, chaplain or legal) at public expense. Moreover, in support of special operations, and with J2/DG Int concurrence, ADM(HR - Mil) may authorize defence identification cards to preserve CI investigator anonymity.

Conflicting Orders

CFNCIU investigators in Canada are under the direction of CFNCIU HQ. If a CI investigator is given orders that may conflict with those of a base, station, unit or element, the base or station commander or CO may address any concerns to the CO CFNCIU.

CFNCIU personnel on foreign deployment are subject to the command structure as outlined below and shall resolve conflicting orders within the applicable chain of command.

Access and Liaison

CFNCIU investigators are authorized to visit and access all DND and CF premises, as required by their duties, subject to appropriate security clearance and briefings.

As required in the performance of assigned duties, the CFNCIU is authorized direct liaison with:

Top of Page

5. Concept of Support

General

5.1 The CFNCIU operates worldwide to preserve and safeguard national security interests within the scope of the unit's mandate and the NCIP. A preliminary assessment of information brought to the attention of the CFNCIU may be performed under the authority of the CIOs.

5.2 Level I CI investigations and operations by the CFNCIU may be authorized by the CO CFNCIU following consultation with the JAG/DLaw/Ops, who shall provide a written report to J2/DG Int within three working days detailing the requirement for such activities. The CIOC shall authorize all Level II and III CI investigations and operations conducted by CFNCIU.

5.3 CFNCIU functions do not differ significantly between operations in Canada and abroad. The main differences are the nature of potential threats or adversaries and the types of investigative sources and means available. Domestically, CFNCIU Regional CIOs and detachments operate with standing force protection, security and information collection tasks, which are updated periodically to meet national and command requirements. These are based upon CI SIRs, which are approved annually by the DCDS and are subject to review by the CIOC. Within the scope of the standing task list, there is some latitude for direct communication and investigative action to meet the needs of locally supported DND senior managers, commanders and COs. As outlined below, requests for CI support and activities outside of the scope of the SIRs shall be forwarded for the appropriate authorization.

5.4 During domestic operations, the control relationship for CFNCIU members may be devolved to operational commanders.

Foreign Deployments

5.5 CFNCIU members who conduct CI investigations and operations during foreign deployment are under the operational command of the theatre commander. At such times, the CO CFNCIU remains the technical authority on CI matters and personnel.

5.6 On foreign deployment, mission-specific CI requirements shall be identified to satisfy the theatre commander's force protection, security and information collection needs. These may be changed upon the authority of the theatre commander, but shall be subject to legal oversight by the senior JAG representative in-theatre and subsequent review by the CIVT.

Standing Tasks

5.7 Standing tasks are normally directed on the authority of the CO CFNCIU within Canada (excluding in support of domestic operations) and by J2/DG Int in support of domestic operations and for outside of Canada. These standing tasks provide sufficient flexibility to meet most time-sensitive issues in support of security planning. Standing tasks include:

  1. collection of information from civilian police and security agencies under the auspices of the SILP for the production of threat assessments (see DAOD 8002-3, Security Intelligence Liaison Program);
  2. protective security advice, co-ordination and support;
  3. CI activities in support of the force protection mandate of DND senior managers and CAF commanders;
  4. security screening of foreign persons attending DND or CAF programs in Canada;
  5. defensive security briefings and debriefings;
  6. security vulnerability assessments to provide DND senior managers and CAF commanders and COs with an overview of their force protection requirements. Depending on the scope and activity, this function may require a special tasking, including a PVA;
  7. monitoring events under the auspices of the SILP and through open sources, which eventually may involve the DND and the CAF as a means of providing early warning and identifying potential threats to the security of DND and the CAF. This is a normal operating activity for CFNCIU but any such activity beyond the mandate provided by the SILP requires specific task authority; and
  8. communication with Canadian and allied CI security and police agencies to support the NCIP.

5.8 In addition to these standing tasks, J2/DG Int may authorize requests for CI support for domestic operations, such as intelligence gathering and co-ordination. An example of support would be in respect of domestic operations under DCDS Instruction 2/98. Where moderately or more intrusive means (see DAOD 8002-1, National Counter-Intelligence Program) are required to support such domestic operations, CIOC authority is required.

Tasking Relationships

5.9 With the exception of PVAs, routine support requests from DND senior managers, commanders and COs within the scope of the standing task list may be communicated directly to the supporting Regional CIO/CFNCIU Detachment, with an information copy to CFNCIU HQ. A request for a PVA is to be forwarded, wherever possible, two months in advance of the requirement to the D Strat Int. Other requirements by DND senior managers, commanders and COs for CI support beyond the scope or intent of the standing task list are to be referred to CFNCIU HQ. The procedures for handling requests for CI investigations or operations by DND senior managers, commanders and COs are addressed below.

5.10 DND senior managers, commanders, COs, intelligence or MP advisers, and CFNIS representatives may request information or assistance directly from CFNCIU. However, requests for CI activities beyond the DCDS-approved CI SIR list shall still be referred to higher HQ for approval as appropriate.

5.11 Requests for support by DND and CAF units or elements outside Canada, except those in a special duty area, are essentially the same as for forces in Canada. Requirements for CI support within a special duty area normally are referred to the designated Canadian authority, for national matters, or to the supporting multinational CI unit for general support. CFNCIU members posted to a special duty area are under the operational command of the theatre commander. The CO CFNCIU remains the technical authority of the CAF for CI matters. Should circumstances require that a CI investigation and operation be mounted from NDHQ into a special duty area under the authority of the DCDS, CFNCIU assets on temporary duty in the special duty area would be placed under the tactical control of the theatre commander.

Top of Page

6. Counter-Intelligence Oversight Committee

Purpose and Mandate

6.1 The CIOC is responsible for ensuring that CFNCIU requests for authority to conduct investigations and operations are consistent with the NCIP's mandate and policy, and reflect, where appropriate, current annual planning requirements. It shall explicitly give direction on the level of investigation or operation authorized. Should CIOC not provide authority for a Level II or III investigation or operation, it shall direct whether Level I activities may be used or if the investigation or operation shall be terminated. The CIOC shall also consider the reliability of the information supporting the request and the implications, magnitude, seriousness and immediacy of the activities suspected of constituting the threat to the security of DND and the CAF (see DAOD 8002-0, Counter-Intelligence for threats to the security of DND and the CAF).

6.2 CIOC authority is not required for the collection and retention of open source information.

6.3 The CIOC shall also annually review and recommend the National CI SIRs prepared by J2 Plans Pol 4-2 for DCDS approval. These National CI SIRs shall be used to focus and limit CFNCIU activities under the auspices of the SILP (see DAOD 8002-3, Security Intelligence Liaison Program).

Membership and Voting

6.4 CIOC membership shall consist of a Chairperson (J2/DG Int), and representatives from JAG/D Law Ops, DND/CF LA if the activity under the NCIP involves a DND employee, DCDS, the CSIS and a non-voting Secretary. A quorum consists of the Chairperson and either two or three voting members dependent upon whether there is DND/CF LA involvement. The CIOC meets at the discretion of the Chairperson and provides written authority for the conduct of Level II and III CI investigations and operations.

Approval of Activities

6.5 CIOC approval for investigative and operational activities is for a period of six months, but this may be renewed with justification. After authorization has been provided by the CIOC, the CFNCIU shall provide a monthly progress report on each investigation or operation, which shall be used by the CIOC to perform oversight. CIOC review of these progress reports may be used to upgrade, downgrade or terminate any CI investigation or operation. The CFNCIU shall advise the CIOC upon completion of the investigation or operation, indicating that the approved activities are no longer required.

Procedure

6.6 In support of its activities, CIOC may require appropriate persons to appear before it if:

  1. justification advanced for an investigation or operation is unclear or appears unsound;
  2. there are reasons to question the sufficiency or interpretations of facts as stated in a request for authority or progress report; or
  3. there is a requirement for additional information or explanation to enable the CIOC to reach a decision.

Minutes and Records

6.7 The CIOC Secretary is responsible for:

  1. recording the minutes and decisions of CIOC meetings;
  2. maintaining a record of all CIOC approvals for CFNCIU investigations or operations; and
  3. staffing CIOC authorization, including any conditions, for CI investigations or operations to the CO CFNCIU.

6.8 All CIOC minutes and records shall be accessible to the CIVT except, as detailed in DAOD 8002-1, National Counter-Intelligence Program, those associated with an ongoing Close Hold investigation or operation.

7. Investigation Management

General

7.1 The aim of CI and security investigations conducted by the CFNCIU is to:

  1. identify threats to the security of DND and the CAF;
  2. recommend countermeasures for security vulnerabilities; and
  3. assess the extent of damage resulting from a security incident, rather than developing a case for prosecution.

7.2 CI security investigations normally are subject to restricted handling and distribution practices. When deemed appropriate from a security perspective, matters concerning security breaches or violations investigated by the CFNCIU may be referred to the concerned DND manager or CO for administrative resolution as a part of the NCIP.

7.3 Generally, CFNCIU CI security investigations are conducted parallel to, and not in lieu of, any criminal or disciplinary investigation conducted by civilian police, MP, CFNIS, or the unit of a DND employee or CAF member in relation to a minor security infraction. The decision as to whether a criminal investigation is required rests solely with the police entity with jurisdiction. In the absence of joint J2/DG Int and Canadian Forces Provost Marshal (CFPM) direction to the contrary, any criminal investigation has priority over any parallel security investigation.

7.4 The CFNCIU is authorized to conduct internal disciplinary investigations in respect of the performance of CI security investigation duties of CFNCIU members, and their on or off duty conduct. J2/DG Int shall be informed of the results of all internal disciplinary investigations.

Initiating CI Investigations and Operations

7.5 DAOD 8002-1, National Counter-Intelligence Program describes the nature and limitations of Level I, II and III CI investigations and operations. The authority to initiate such investigations and operations is outlined above in the "Concept of Support" map.

7.6 Requests for CI security investigations or operations initiated by DND senior managers or commanders should be made through the Regional CIO. They also may be made directly to the J2/DG Int or the CO CFNCIU by an appropriately classified, exclusive message: action CFNCIU Ottawa/CO and information NDHQ Int Ottawa/J2/DG Int. Alternatively, the requirement for a CI investigation or operation may be identified through the receipt of information from a police or security agency, or some other source. Regardless of the source, the CO CFNCIU is responsible for staffing requests for J2/DG Int or CIOC authorization as appropriate. A separate administrative instruction provides direction on this procedure.

7.7 When rapid access to witnesses or information in support of an investigation is an issue, the request may be made verbally. However, written confirmation must follow within three working days. Similarly, in the event perishable information must be collected, investigators may take action prior to formal receipt of a J2/DG Int task; however, the CO CFNCIU or a designate is to be notified at the first opportunity for the purpose of obtaining a verbal task authority.

Obligatory Investigations

7.8 DND senior managers, commanders, COs, MP and members of the CFNIS shall request the CFNCIU to conduct a CI security investigation if they become aware of any of the following:

  1. on reasonable grounds there is suspicion that sabotage, espionage, subversion, terrorist activity, organized crime or other criminal activity resulting in a threat to the security of DND employees, CAF members, or DND or CAF property or information has or is likely to occur. If such an activity has occurred or is believed to have occurred, the responsibility for any criminal investigation rests with the police or security agency with jurisdiction, while the CFNCIU is responsible for conducting a parallel investigation in order to assess the ongoing threat to, or the impact for, the security of the DND and the CAF;
  2. the operational preparedness or effectiveness of a CAF operation is affected by damage to its resources and it is suspected on reasonable grounds that the damage is associated with a threat to the security of DND and the CAF;
  3. individuals, groups or organizations whose intentions or purposes include interfering with departmental operations, or the security interests of DND employees or CAF members, or DND or CAF property or information, may be involved, and there is a need to assess the actual or potential threat to the security of the DND and the CAF;
  4. a security breach or violation of highly sensitive information or classified equipment, including but not limited to, TOP SECRET, COSMIC, ATOMAL, Cabinet confidences or special material, has or may have occurred; or
  5. an attempt to penetrate security measures protecting the confidentiality, reliability or accessibility of sensitive information may have occurred.

7.9 Security breaches and violations that result from error, accident or pure neglect are investigated in accordance with the NDSP or NDSI. Normally, general security breaches and administrative violations are dealt with by summary investigation, board of inquiry or conventional MP investigation.

7.10 The nearest CFNCIU detachment should be consulted when the requirement for a CFNCIU investigation is not clear.

Other Security Concerns

7.11 Other matters that are essentially criminal in nature investigated by MP or the CFNIS may be of interest to the NCIP due to the potential security ramifications. In accordance with CFPM direction, the MP or CFNIS entity with jurisdiction may report the following to the CFNCIU:

  1. unauthorized paramilitary activity by DND employees or CAF members;
  2. theft or attempted theft of DND or CAF weapons, explosives, communications equipment or other like supplies;
  3. bomb threats involving DND or CAF facilities;
  4. illegal events involving DND or CAF facilities or operations that are deemed likely to result in the interruption of the operational capability of the facility or operation;
  5. the creation and distribution of inappropriate propaganda or hate literature by DND employees or CAF members or on a defence establishment;
  6. DND and CAF conferences, meetings and activities that could pose a security concern;
  7. suicides and attempted suicides by DND employees or CAF members with a Level III or higher security clearance, or if MP uncover possible related security concerns;
  8. missing DND employees or CAF members with a Level III or higher security clearance and when MP inquiries uncover possible related security concerns;
  9. sensitive or serious offences involving DND employees or CAF members serving outside of Canada so that an assessment for security implications may be made; or
  10. all offences other than those of a minor disciplinary nature involving DND employees or CAF members serving in listed countries of security concern so that an assessment for security implications may be made.

CI Activities Revealing Issues of Criminal or Disciplinary Interest

7.12 Relevant criminal information or intelligence obtained by the CFNCIU is to be passed without delay to the MP or CFNIS element with jurisdiction.

7.13 In the event that a CI security investigation reveals evidence of a potential criminal or disciplinary offence, the MP entity with jurisdiction is to be notified to begin a parallel but separate investigation, and to act as the exclusive collector of evidence for prosecution. As noted above, the criminal investigation normally has precedence over the security investigation.

7.14 Although infrequent, J2/DG Int may request through the CFPM that an investigation by MP be delayed pending completion of the CI investigation. Examples of such CI cases are:

  1. a very sensitive Close Hold CI file; or
  2. matters of such sensitivity that national security interests may be threatened or compromised by separate or concurrent investigative action.

Criminal or Disciplinary Investigations Revealing CI Security Information

7.15 DND employees, CAF members and MP who obtain information of potential security intelligence interest during an investigation or in the course of their day-to-day duties shall advise the CFNCIU.

Investigative Primacy Considerations

7.16 Whether the CFNCIU or a MP entity has primary investigative jurisdiction is generally determined by the nature of the incident. The MP entity with jurisdiction normally has primary jurisdiction. However, should national security interests be paramount, joint J2/DG Int and CFPM direction may allow for security investigation primacy.

7.17 In any case, the decision as to which investigative activity should take precedence shall focus on the relative importance of either establishing criminal fault or determining and limiting damage to national security interests.

Top of Page

8. Information Management

Medical Information

8.1 While conducting a CI security investigation, CFNCIU investigators may request a medical summary, similar to that provided to the CO of a member.

Retention of Intelligence Data

8.2 See DAOD 8002-1, National Counter-Intelligence Program, for instruction in respect of the handling of intelligence data.

Disclosure of Security Information

8.3 CFNCIU members shall not disclose security information obtained during an investigation or the identity of a person providing such information, except:

  1. to a superior officer of the CFNCIU or the CIOC on a need-to-know basis; or
  2. as required by law, for example, disclosure of records under the auspices of the Access to Information Act or the Privacy Act, or under a judicial order.

8.4 CFNCIU members are obliged to report criminal or service offences in accordance with standard DND and CAF policy.

CI Security Investigation Reports

8.5 After a CI security investigation is completed, CFNCIU HQ normally authorizes the case investigator to brief the concerned DND senior managers, commanders or COs. The withholding of any investigative details from applicable DND senior managers, commanders or COs must be approved by J2/DG Int.

8.6 Only CFNCIU HQ distributes CI security investigation reports outside the unit. Reports are distributed through CIOs and supporting CFNCIU detachment. Reports shall be returned to the supporting CFNCIU detachment for retention on completion of unit action.

8.7 No organization outside of the CFNCIU may make copies of any portion of a CI security investigation report nor forward the document to another addressee without the permission of CFNCIU HQ.

9. Responsibilities

Responsibility Table

9.1 The following table identifies responsibilities for investigations and services:

The … has/have responsibility for …

J2/DG Int
  • having functional control of the CFNCIU;
  • providing oversight for Level I investigations and operations; and
  • acting as the Chairperson of the CIOC.

CIOC members
  • authorizing and overseeing Level II and III CI investigations and operations; and
  • recommending annually the National CI SIRs for DCDS approval.

CIVT members
  • providing verification of CFNCIU, NDCC 2 and CIOC activities.

J2 Plans Pol 4-2
  • producing the annual National CI SIRs.

CO CFNCIU
  • acting as the NCIO and managing the line functions of the NCIP on behalf of DCDS and J2/DG Int;
  • exercising command and control of CFNCIU members, and CI security investigations and operations outside of any special duty areas in accordance with approved policy and directives;
  • acting as technical authority for CI personnel, operations and activities within special duty areas;
  • managing the SILP and the Security Briefing and Debriefing Program; and
  • liaising with other intelligence and security agencies on CI activities as required.

DND senior managers, commanders, COs
  • requesting CI security investigations and briefings and debriefings, as required.

CFNCIU investigators
  • except when prohibited for reasons of operational security, identifying themselves as CFNCIU investigators when introducing themselves;
  • unless otherwise required for CI investigative or operational reasons, informing appropriate COs of the intent and general nature of any investigation. The decision to withhold information from DND senior managers, commanders and COs shall be taken only with the specific concurrence of the CO CFNCIU; and
  • unless otherwise required for CI investigative or operational reasons, informing DND senior managers, commanders and COs of any threat to the security of DND or the CF that should be addressed quickly to prevent or limit further damages or offences. The decision to withhold such information from commanders shall be taken only with the specific concurrence of J2/DG Int.

DND employees and CAF members
  • participating and assisting in the NCIP through supporting CI and security investigations, security briefings and debriefings, and other activities as required.

10. References

Acts, Regulations, Central Agency Policies and Policy DAOD

Other References

Page details

Date modified: