Findings
Special Report on the Lawful Access to Communications by Security and Intelligence Organizations

F1

Canada’s security and intelligence organizations do not systematically track how often they encounter technological challenges in their national security investigations and whether they are successful in mitigating these challenges.

F2

The RCMP and CSIS face significant challenges in accessing communications content, for which metadata is not necessarily a substitute.

F3

There was consensus across appearances that legislation to compel the creation of exceptional access or “backdoors” to encryption platforms was neither required nor desired.

F4

Canada’s public position on lawful access to encrypted communication is unclear. National security practitioners, cybersecurity experts and privacy advocates do not have a common understanding of the problem.

F5

The government’s failure to develop and implement a solution to the Supreme Court’s decision in Spencer is impeding CSIS and the RCMP’s ability to respond to national security threats.

F6

Without a general legal requirement on CSPs to retain metadata for a specified period of time, there is a risk that data sought pursuant to a warrant will be unavailable.

F7

The government’s inability to make progress on the intelligence and evidence dilemma, particularly with respect to the protection of investigative techniques, has contributed to a situation in which the RCMP is forced to choose either to not use sensitive tools and techniques during an investigation because of the potential disclosure issues, or risk not being able to rely on evidence obtained through their use at trial or having a prosecution stayed because of a court order to disclose.

F8

The government lacks formal policies to address the procurement, regulation and use of commercial On-Device Investigative Tools, and ensure transparency in reporting with respect to their use by law enforcement and CSIS.

F9

The absence of legislation requiring communications service providers (CSPs) to maintain lawful intercept capability creates unnecessary risks for all stakeholders, including CSIS, federal, provincial, territorial and municipal law enforcement, CSPs and ultimately the Canadian public. It also impedes Canada’s ability to work with international partners. The failure to address this issue at a strategic policy level has resulted in operational agencies themselves developing foundational policies and procedures, notably compensation models, geared toward ensuring continued cooperation from CSPs, rather than a principled approach based on input from Ministers and Parliament.

F10

The risks associated with the absence of legislation requiring communications service providers to be intercept capable is compounded by the absence of a centralized national authority to coordinate, develop, and maintain lawful intercept capabilities in Canada.

F11

The Canada-U.S. Data Access Agreement would remove long-standing jurisdictional barriers to judicially-authorized access to U.S. communications service providers, including major social media platforms, without compromising privacy or encryption.