Amendments to the CSIS Act

Disclosure

Former state: CSIS lacked authority to disclose information to partners outside the Government of Canada to build resiliency against threats.

The amendments enable CSIS to:

• Disclose information to build resiliency against threats.
• With the approval of the Minister of Public Safety, disclose personal information when it is essential in the public interest and clearly outweighs privacy invasion.
• Disclose information to any person with jurisdiction to investigate someone suspected of breaking the laws of Canada or a province.

Rigorous safeguards, including the limit on disclosing personal information and Canadian corporate names ensure privacy is protected. Disclosures in the public interest must be reported to the National Security and Intelligence Review Agency.

Example: CSIS may rely on the new resiliency disclosure authority to provide comprehensive information to the premier of a province or Indigenous government or diaspora community that may be a likely target of foreign interference activities of the proxies of a foreign state. This would enable them to better recognise the threat if it presents itself and build resiliency against foreign interference.

Warrants and Orders

Former state: The absence of a range of judicial authorizations impeded, delayed, and at times halted, national security investigations. This diminished CSIS’ ability to protect all Canadians.

The amendments enable CSIS to:

• Conduct a single collection activity (i.e. single-use warrant to examine a USB key).
• Compel a third party to keep information without deleting it, to allow time for CSIS to seek a production order or warrant.
• Compel a third party to produce information.
• Remove a thing previously installed with permission (removal warrant).
• Require assistance for the single-use and removal warrants.

Federal Court approval is still required for all warrants and orders, with review and robust oversight by the Minister and the National Security and Intelligence Review Agency.

Example: If a foreign interference threat actor is transiting through a Canadian airport, CSIS may only have a small window to examine their smartphone, making it nearly impossible to demonstrate investigative necessity. The single-use warrant could be used for a one-time examination of their electronic device while the threat actor is in transit.

Datasets

Datasets are groups or collections of information about a common topic that are stored in electronic form. They can vary in size from a few entries to billions of records.

Former state: Advances in digital technology gave threat actors the advantage, and CSIS lagged behind partners and adversaries alike.

The amendments:

• Increase overall timelines. For example, from 90 to 180 days to decrypt, translate and assess datasets (evaluate) before seeking permission to retain.
• Clarify that datasets support CSIS’ core mandate.
• Enable sharing of datasets, with appropriate approvals.
• Enable use of Canadian datasets for Government and immigration security screening investigations.
• Enable broader use of data analytics in exigent (i.e. urgent) circumstances.
• Allow foreign datasets to be treated as Canadian datasets, which are subject to the most stringent safeguards.

All of the safeguards remain, including the critical role of the Intelligence Commissioner.

Example: CSIS could have a dataset of individuals in Canada who have lived in a country known to engage in foreign interference, and which happens to contain past educational information for each person. CSIS could query and exploit this dataset for the purpose of a screening investigation for a government clearance. In doing so, it could learn that the individual studied at a university associated with a foreign military, which is relevant but was not disclosed in the application.

Foreign Intelligence

Former state: The borderless nature of information had reduced CSIS' visibility on the activities of foreign states or foreign individuals within Canada's borders.

The amendments:

• Close the technical gap so CSIS can collect information from within Canada that is located outside Canada, when the information is about the activities of foreign individuals in Canada.
• Enable CSIS to continue collection from within Canada when a foreign individual is temporarily outside Canada.

Collection of foreign intelligence will continue to be at the request of the Minister of National Defence or Foreign Affairs and can only target-non-Canadians, in Canada.

Statutory Review

• Require the CSIS Act to be reviewed by Parliament every five years, ensuring CSIS can continue to protect and remain accountable to Canada and all Canadians.

Technical Amendment

• Made a technical amendment to clarify that, with emergency designations, employees may be justified in committing or directing another person to commit acts or omissions that would otherwise constitute offences.