Background
Special Report on the Lawful Access to Communications by Security and Intelligence Organizations

1. In July 2023, Statistics Canada reported that 95% of Canadians aged 15 years and older used the Internet, with a growing number of Canadians becoming more acquainted with newer technologies and incorporating them into their daily routine every year. ^{Footnote 1} Advancements such as the use of smartphones and instant messaging applications have made communicating with each other easier and instantaneous, and have generated significant economic and social benefits.

2. These technologies also generate a significant amount of personal information, which in certain circumstances is of interest to the state. Specifically, Canada’s security and intelligence organizations may need to access this information in support of national security investigations, because they are used in the planning, coordination, financing and perpetration of threats to public safety and the national security of Canada, such as terrorism, serious organized crime, and foreign interference.

3. The judicially authorized practice of the interception of electronic communications, and the search and seizure of electronic information, is known as lawful access. ^{Footnote 2} Canada’s security and intelligence organizations state that they have been for some time facing mounting challenges to their ability to employ lawful access techniques. They state that encryption and the increasing volume, variety, and velocity of digitally generated data make it difficult and sometimes impossible to gather the information needed to carry out effective investigations. Additionally, they state that the global nature of the Internet challenges legislation drafted at a time when information and communications service providers (CSPs) largely resided within Canada’s borders.

4. However, privacy advocates, civil society groups, academics, and cyber and legal experts state that the government has not effectively made the case to modernize lawful access for security and intelligence organizations, who, they state, are equally able to benefit from the investigative capabilities provided by new technologies. ^{Footnote 3} They also warn that efforts to make it easier for police and intelligence organizations to access or circumvent encrypted communications or data fundamentally weaken cybersecurity overall, erode public trust, and threaten fundamental democratic values. ^{Footnote 4}

5. In 2011, two competing narratives emerged. One described a “golden age of surveillance” where technological advancements allowed governments to have unprecedented access to information about individuals, as well as the ability to store and mine this information for even more detail than communication content could reveal on its own. ^{Footnote 5} The other warned of the phenomenon of “going dark,” which security and intelligence practitioners referred to as the widening gap between the legal authority to access electronic communications pursuant to judicial authorization and the practical ability to obtain those communications. ^{Footnote 6} Often framed as a zero-sum game, the debate set the government’s responsibility to prevent and respond to national security threats against Canadians’ right to privacy. The debate has been largely stalled since that time.

6. One objective of this review is to move the debate beyond this stalemate and prompt a renewed discussion. Security and intelligence organizations are often reluctant to publicly describe highly sensitive operational vulnerabilities, such as those they say are caused by lawful access challenges, so as not to provide adversaries with more information on how to conceal their activities. The National Security and Intelligence Committee of Parliamentarians (the Committee) has access to this information. This access allows the Committee to examine the degree to which lawful access challenges impede the ability of security and intelligence organizations to fulfil their mandates, and to review the government’s efforts to respond to these challenges.

Scope and Approach

7. On August 18, 2022, the Committee announced its review of the legislative, regulatory, policy and financial framework for the lawful access to communications by security and intelligence organizations, the challenges of new and emerging technologies, and any limitations of the current framework, set out in the Terms of Reference found in Annex A. ^{Footnote 7} The objectives of this review are to examine:

• The current state of lawful access, including the challenges identified by the national security and intelligence community;
• Concerns and criticisms raised by civil society and privacy experts with respect to modernizing authorities in this area;
• The technological challenges relating to lawful access, including interception of communications and the search and seizure of communications-related data;
• The extent to which the security and intelligence community has mitigated the challenges of “going dark” through technology, policy and cooperation with CSPs; and
• The extent to which gaps remain to address the impact of new and emerging technologies on the lawful access of communications.

8. This review examined information from January 1, 2012, to January 9, 2025, and included the following organizations:

• Canadian Security Intelligence Service (CSIS);
• Communications Security Establishment (CSE);
• Department of Justice (DoJ);
• Department of Public Safety and Emergency Preparedness (Public Safety); and
• Royal Canadian Mounted Police (RCMP).

9. In support of the review, the Committee requested material from CSIS, CSE, DoJ, the RCMP, and PS, and relied on Secretariat briefings and departmental responses to written questions. Senior officials from CSIS, CSE, the RCMP, PS, and DoJ appeared before the Committee, sometimes more than once. In the final stage of its review, the Committee held appearances with the Minister of Justice and the Minister of Public Safety, Democratic Institutions and Intergovernmental Affairs. The Committee also sought input from stakeholders outside the federal government, including representatives from CSPs, civil society, and the legal community. The Committee extends its gratitude to Ministers, officials, and all presenters for their time and expertise. The full list of witnesses and participants can be found in Annex B.

10. To better understand concerns about lawful access, the Committee commissioned or requested research papers from privacy, legal, and cybersecurity experts further to a call for papers. It wishes to acknowledge and thank Professor Benjamin J. Goold, Professor Vivek Krishnamurthy, Professor Michael Geist, and Professor Ron Deibert of the Citizen Lab for their contributions. ^{Footnote 8}

11. In examining the material presented over the course of this review, the Committee considered the following questions:

• Are Canada’s lawful access challenges for national security investigations as serious as the security and intelligence organizations claim?
• Has the government been effective at mitigating or developing solutions to these challenges?
• How does the government facilitate and enable national security investigations while at the same time protect Canadians’ right to privacy?

12. This review is ultimately about the exercise of state power. The Committee’s mandate narrows its scope to the national security activities of the federal government. ^{Footnote 9} While the Committee recognizes that Canadian and foreign commercial entities collect Canadians’ personal information online, and that these practices raise important privacy questions for legislators, these issues are beyond the scope of this review.