Government of Canada / Gouvernement du Canada
Symbol of the Government of Canada

Search

Communications Security Establishment Act (S.C. 2019, c. 13, s. 76)

Act current to 2020-10-05 and last amended on 2019-08-01. Previous Versions

Activities (continued)

Marginal note:Measures to protect privacy

 The Establishment must ensure that measures are in place to protect the privacy of Canadians and of persons in Canada in the use, analysis, retention and disclosure of

  • (a) information related to them acquired in the course of the furtherance of the foreign intelligence and cybersecurity and information assurance aspects of the Establishment’s mandate; or

  • (b) publicly available information related to them acquired under paragraph 23(1)(a).

Marginal note:Technical and operational assistance activities

  •  (1) If the Establishment provides assistance in furtherance of the technical and operational assistance aspect of its mandate, then the Establishment, in the course of providing the assistance, has the same authority to carry out any activity as would have the federal law enforcement or security agency, the Canadian Forces or the Department of National Defence, as the case may be, if it were carrying out the activity, and is subject to any limitations imposed by law on the agency, the Canadian Forces or that Department, including requirements with respect to any applicable warrant.

  • Marginal note:Exemptions, protections and immunities

    (2) If the Establishment provides assistance in furtherance of the technical and operational assistance aspect of its mandate, then persons authorized to act on the Establishment’s behalf benefit from the same exemptions, protections and immunities as would persons authorized to act on behalf of the federal law enforcement or security agency, the Canadian Forces or the Department of National Defence, as the case may be, if those persons were carrying out the activity.

Authorizations

Foreign Intelligence and Cybersecurity Authorizations

Marginal note:Foreign Intelligence Authorizations

  •  (1) The Minister may issue a Foreign Intelligence Authorization to the Establishment that authorizes it, despite any other Act of Parliament or of any foreign state, to carry out, on or through the global information infrastructure, any activity specified in the authorization in the furtherance of the foreign intelligence aspect of its mandate.

  • Marginal note:Activities authorized

    (2) Activities and classes of activities that a Foreign Intelligence Authorization may authorize the Establishment to carry out may include any of the following:

    • (a) gaining access to a portion of the global information infrastructure;

    • (b) acquiring information on or through the global information infrastructure, including unselected information;

    • (c) installing, maintaining, copying, distributing, searching, modifying, disrupting, deleting or intercepting anything on or through the global information infrastructure;

    • (d) doing anything that is reasonably necessary to maintain the covert nature of the activity; and

    • (e) carrying out any other activity that is reasonable in the circumstances and reasonably necessary in aid of any other activity, or class of activity, authorized by the authorization.

Marginal note:Cybersecurity Authorizations — federal infrastructures

  •  (1) The Minister may issue a Cybersecurity Authorization to the Establishment that authorizes it, despite any other Act of Parliament, to, in the furtherance of the cybersecurity and information assurance aspect of its mandate, access a federal institution’s information infrastructure and acquire any information originating from, directed to, stored on or being transmitted on or through that infrastructure for the purpose of helping to protect it, in the circumstances described in paragraph 184(2)(e) of the Criminal Code, from mischief, unauthorized use or disruption.

  • Marginal note:Cybersecurity Authorizations — non-federal infrastructures

    (2) The Minister may issue a Cybersecurity Authorization to the Establishment that authorizes it, despite any other Act of Parliament, to, in the furtherance of the cybersecurity and information assurance aspect of its mandate, access an information infrastructure designated under subsection 21(1) as an information infrastructure of importance to the Government of Canada and acquire any information originating from, directed to, stored on or being transmitted on or through that infrastructure for the purpose of helping to protect it, in the circumstances described in paragraph 184(2)(e) of the Criminal Code, from mischief, unauthorized use or disruption.

Marginal note:Approval of Commissioner

  •  (1) An authorization issued under subsection 26(1) or 27(1) or (2) is valid when — if it is approved by the Commissioner under paragraph 20(1)(a) of the Intelligence Commissioner Act — the Commissioner provides the Minister with the written decision approving the authorization.

  • Marginal note:No activities until authorization valid

    (2) For greater certainty, no activity that is specified in an authorization issued under subsection 26(1) or 27(1) or (2) is authorized until the authorization is valid under subsection (1).

Cyber Operations Authorizations

Marginal note:Defensive Cyber Operations Authorizations

  •  (1) The Minister may issue a Defensive Cyber Operations Authorization to the Establishment that authorizes it, despite any other Act of Parliament or of any foreign state, to carry out, on or through the global information infrastructure, any activity specified in the authorization in the furtherance of the defensive cyber operations aspect of its mandate.

  • Marginal note:Minister of Foreign Affairs

    (2) The Minister may issue the authorization only if he or she has consulted the Minister of Foreign Affairs.

Marginal note:Active Cyber Operations Authorizations

  •  (1) The Minister may issue an Active Cyber Operations Authorization to the Establishment that authorizes it, despite any other Act of Parliament or of any foreign state, to carry out, on or through the global information infrastructure, any activity specified in the authorization in the furtherance of the active cyber operations aspect of its mandate.

  • Marginal note:Minister of Foreign Affairs

    (2) The Minister may issue the authorization only if the Minister of Foreign Affairs has requested the authorization’s issue or has consented to its issue.

  • Marginal note:Request or consent in writing

    (3) The request or consent of the Minister of Foreign Affairs may be oral, but in that case he or she must provide written confirmation of the request or consent to the Minister as soon as feasible.

Marginal note:Activities authorized

 Activities and classes of activities that an authorization issued under subsection 29(1) or 30(1) may authorize the Establishment to carry out may include any of the following:

  • (a) gaining access to a portion of the global information infrastructure;

  • (b) installing, maintaining, copying, distributing, searching, modifying, disrupting, deleting or intercepting anything on or through the global information infrastructure;

  • (c) doing anything that is reasonably necessary to maintain the covert nature of the activity; and

  • (d) carrying out any other activity that is reasonable in the circumstances and reasonably necessary in aid of any other activity, or class of activities, authorized by the authorization.

Marginal note:Prohibited conduct

  •  (1) In carrying out any activity under an authorization issued under subsection 29(1) or 30(1), the Establishment must not

    • (a) cause, intentionally or by criminal negligence, death or bodily harm to an individual; or

    • (b) wilfully attempt in any manner to obstruct, pervert or defeat the course of justice or democracy.

  • Marginal note:Definition of bodily harm

    (2) In subsection (1), bodily harm has the same meaning as in section 2 of the Criminal Code.

Procedure

Marginal note:Applications for authorizations

  •  (1) The Minister may issue an authorization under subsection 26(1), 27(1) or (2), 29(1) or 30(1) only on the written application of the Chief.

  • Marginal note:Contents of application

    (2) The application must set out the facts that would allow the Minister to conclude that there are reasonable grounds to believe that the authorization is necessary and that the conditions for issuing it are met.

  • Marginal note:Written request of infrastructure owner or operator

    (3) If the application is for an authorization to be issued under subsection 27(2), the application must include the written request of the owner or operator of the information infrastructure to the Establishment to carry out the activity that would be authorized.

  • Marginal note:Minister of Foreign Affairs’ request or consent

    (4) If the application is for an authorization to be issued under subsection 30(1), the application must include the request or consent referred to in subsection 30(2) if it is in writing.

 
Date modified: