Recommendations
Special Report on the Lawful Access to Communications by Security and Intelligence Organizations

R1

The Canada-U.S. Data Access Agreement would remove long-standing jurisdictional barriers to judicially-authorized access to U.S. communications service providers, including major social media platforms, without compromising privacy or encryption.

• Affirm key principles, such as legitimacy, necessity, and proportionality;
• Identify, track, and report on key lawful access challenges and associated risks;
• Include communications, stakeholder engagement and transparency commitments; and
• Consider challenges that may arise due to emerging technology, e.g., artificial intelligence.

R2

The government publicly clarify its position on exceptional access to communications information protected by encryption.

R3

The government table legislation creating new authorities in the Canadian Security Intelligence Service Act and the Criminal Code to enable the production of basic subscriber information, and the government consider legislation with respect to data retention.

R4

Further to the Committee’s 2024 recommendation in its Special Report on Foreign Interference in Canada’s Democratic Processes and Institutions that the government address intelligence and evidence challenges, the government develop and implement a solution to address concerns about the protection of investigative tools, which may include revisions to the relevant provisions of the Canada Evidence Act.

R5

The government develop policies and guidelines on the procurement, use and reporting requirements for commercial On-Device Investigative Tools.

R6

The government table legislation to compel intercept capability for communications service providers (CSPs). The legislation should be encryption neutral and not include a decryption requirement. The government must also decide on a compensation model for compliance costs, i.e., whether CSPs should be compensated for the development, maintenance, and operating costs associated with lawful access.

The legislation should:

• establish and identify the national authority (i.e., the National Lawful Access Centre) for the coordination of lawful interception initiatives;
• define communications service provider so as to include any service provider operating in Canada offering electronic communications services or capabilities;
• define intercept capability to include support for computer network exploitation; and
• set mandatory technical standards, including those related to cybersecurity

R7

The government prioritize the signing and implementation of the Canada-U.S. Data Access Agreement.