Chapter 3: Lawful Access Challenges
Special Report on the Lawful Access to Communications by Security and Intelligence Organizations

Managing the Lack of Legislation for Intercept Capability

115. CSIS and the RCMP claim to have mitigated the challenges presented by the voluntary approach to intercept capability by closely coordinating their activities. CSIS and the RCMP sign annual memoranda of understanding in support of intercept capability development, support, and maintenance, and share the costs of CSP service agreements. ^{Footnote 270} *** ^{Footnote 271} *** ^{Footnote 272} *** ^{Footnote 273}

116. In 2023, CSIS and RCMP informally created the National Lawful Access Centre (NLAC), to serve as the central coordination point for lawful access in Canada for all domestic law enforcement and intelligence agencies. ^{Footnote 274} As of November 2024, the government has not yet formally established the NLAC, but it is intended to be responsible for “establishing national lawful access processes and standards; managing common lawful access data collection and network infrastructure technology; and, coordinating with CSPs, all levels of law enforcement, and federal partners on behalf of law enforcement and national security agencies in Canada.” ^{Footnote 275}

117. In 2023, CSIS and the RCMP also created the Lawful Access Advisory Committee (LAAC), which first met in November 2023. The committee is co-chaired by the RCMP and the director of security at a leading CSP, and includes seven leading CSPs. According to CSIS and the RCMP:

The creation of the LAAC formalizes the intention and dedication of government and private industry alike to work collaboratively to develop long-term solutions to address long-standing lawful access challenges….The LAAC will discuss challenges and explore solutions related to lawful access such as the development of a Canadian lawful access governance framework; the creation of a compensation model for CSP services; the development and integration of new lawful access technical solutions and capabilities; and, the implementation of a national strategy to ensure a common understanding of lawful access across all members of the Canadian lawful access community. ^{Footnote 276}

118. In its governance framework, the LAAC sets out a number of guiding principles, the first of which identifies privacy as a foundational pillar of lawful access, and the commitment to ensuring lawful access practices “will balance Canadians’ safety and security, with privacy and the protection of personal information.” ^{Footnote 277} The principles also include standardization by default, which means that security agencies and CSP will seek to standardize their technical solutions and processes. Another key principle includes a commitment to a cost neutral and fair compensation model:

The lawful access community acknowledges that CSP are private or semi-private companies and deserve fair compensation for the effort required to develop, maintain, and operate capabilities that is not part of their normal business processes. CSPs will aim to perform lawful access operations based on a cost neutral principle (i.e. they do not financially benefit nor lose money while providing legally authorized support to the requesting agencies). These costs account for the development of technical solutions, the maintenance and operation of these solutions, and other related services. ^{Footnote 278} According to the CSP co-chair, there has been more cooperation between security agencies and CSPs in the year since the creation of the LAAC than during the entire previous decade. ^{Footnote 279}

119. Between 2012 and 2024, privacy advocates repeatedly criticized legislative proposals and consultations to create intercept capability legislation on the grounds that the government had not presented sufficient evidence of the problem or failed to accurately estimate the potentially significant projected cost (described further in Chapter 4). More recently, Professor Geist cautions about focusing too narrowly on traditional telecommunications infrastructure when considering modernizing lawful access legislation. He points to the diminished role of CSPs in being able to provide the content of the communications due to the increasing prevalence of end-to-end encrypted over-the-top Internet-based messaging services: “Lawful access policy has long focused on the role of communications intermediaries such as internet service providers and wireless providers. However, today’s reality is such that communication is no longer exclusively mediated primarily through their infrastructure.” ^{Footnote 280}

120. According to the RCMP, new legislation is needed that includes requirements for Canadian CSPs, including “over-the-top applications, satellite service providers, communications service resellers, and certain vehicle manufacturers whose products have integrated communications capabilities.” ^{Footnote 281}