Government of Canada / Gouvernement du Canada
Symbol of the Government of Canada

Search

Communications Security Establishment Act (S.C. 2019, c. 13, s. 76)

Act current to 2020-10-21 and last amended on 2019-08-01. Previous Versions

Authorizations (continued)

Procedure (continued)

Marginal note:Conditions for authorizations

  •  (1) The Minister may issue an authorization under subsection 26(1), 27(1) or (2), 29(1) or 30(1) only if he or she concludes that there are reasonable grounds to believe that any activity that would be authorized by it is reasonable and proportionate, having regard to the nature of the objective to be achieved and the nature of the activities.

  • Marginal note:Conditions for authorizations — foreign intelligence

    (2) The Minister may issue an authorization under subsection 26(1) only if he or she concludes that there are reasonable grounds to believe — in addition to the matters referred to in subsection (1) — that

    • (a) any information acquired under the authorization could not reasonably be acquired by other means and will be retained for no longer than is reasonably necessary;

    • (b) any unselected information acquired under the authorization could not reasonably be acquired by other means, in the case of an authorization that authorizes the acquisition of unselected information; and

    • (c) the measures referred to in section 24 will ensure that information acquired under the authorization that is identified as relating to a Canadian or a person in Canada will be used, analysed or retained only if the information is essential to international affairs, defence or security.

  • Marginal note:Conditions for authorizations — cybersecurity

    (3) The Minister may issue an authorization under subsection 27(1) or (2) only if he or she concludes that there are reasonable grounds to believe — in addition to the matters referred to in subsection (1) — that

    • (a) any information acquired under the authorization will be retained for no longer than is reasonably necessary;

    • (b) the consent of all persons whose information may be acquired could not reasonably be obtained, in the case of an authorization to be issued under subsection 27(1);

    • (c) any information acquired under the authorization is necessary to identify, isolate, prevent or mitigate harm to

      • (i) federal institutions’ electronic information or information infrastructures, in the case of an authorization to be issued under subsection 27(1), or

      • (ii) electronic information or information infrastructures designated under subsection 21(1) as being of importance to the Government of Canada, in the case of an authorization to be issued under subsection 27(2); and

    • (d) the measures referred to in section 24 will ensure that information acquired under the authorization that is identified as relating to a Canadian or a person in Canada will be used, analysed or retained only if the information is essential to identify, isolate, prevent or mitigate harm to

      • (i) federal institutions’ electronic information or information infrastructures, in the case of an authorization to be issued under subsection 27(1), or

      • (ii) electronic information or information infrastructures designated under subsection 21(1) as being of importance to the Government of Canada, in the case of an authorization to be issued under subsection 27(2).

  • Marginal note:Conditions for authorizations — defensive and active cyber operations

    (4) The Minister may issue an authorization under subsection 29(1) or 30(1) only if he or she concludes that there are reasonable grounds to believe — in addition to the matters referred to in subsection (1) — that the objective of the cyber operation could not reasonably be achieved by other means and that no information will be acquired under the authorization except in accordance with an authorization issued under subsection 26(1) or 27(1) or (2) or 40(1).

Marginal note:Content of authorizations

 An authorization issued under subsection 26(1), 27(1) or (2), 29(1) or 30(1) must specify

  • (a) the activities or classes of activities that it authorizes the Establishment to carry out;

  • (b) the activities or classes of activities referred to in paragraph (a) that would otherwise be contrary to any other Act of Parliament;

  • (c) the persons or classes of persons who are authorized to carry out the activities or classes of activities referred to in paragraph (a);

  • (d) any terms, conditions or restrictions that the Minister considers advisable in the public interest, or advisable to ensure the reasonableness and proportionality of any activity authorized by the authorization;

  • (e) in the case of an authorization issued under subsection 26(1) or 27(1) or (2), any other terms, conditions or restrictions that the Minister considers advisable to protect the privacy of Canadians and of persons in Canada, including conditions to limit the use, analysis and retention of, access to, and the form and manner of disclosure of, information related to them;

  • (f) in the case of an authorization issued under subsection 26(1), whether the activities authorized include acquiring unselected information, and any terms, conditions or restrictions that the Minister considers advisable to limit the use, analysis and retention of, and access to, unselected information;

  • (g) the day on which the authorization is issued;

  • (h) the day on which the authorization expires; and

  • (i) anything else reasonable in the circumstances and reasonably necessary in aid of any other activity, or class of activities, authorized by the authorization.

Marginal note:Period of validity of authorizations

  •  (1) An authorization issued under subsection 26(1), 27(1) or (2), 29(1) or 30(1) may be valid for a period not exceeding one year.

  • Marginal note:Extension — foreign intelligence or cybersecurity

    (2) The Minister may extend the period of validity of an authorization issued under subsection 26(1) or 27(1) or (2) by up to a period not exceeding one year from the day referred to in paragraph 35(h).

  • Marginal note:No review by Commissioner

    (3) The Minister’s decision to extend a period of validity is not subject to review by the Commissioner under the Intelligence Commissioner Act.

  • Marginal note:Extension — authorization

    (4) The Minister must, as soon as feasible, notify the Commissioner of any extension of an authorization.

Repeal and Amendment

Marginal note:Significant change — Minister to be notified

  •  (1) If there is a significant change in any fact that was set out in the application for an authorization issued under subsection 26(1), 27(1) or (2), 29(1) or 30(1), the Chief must notify the Minister of the change as soon as feasible.

  • Marginal note:Commissioner notified

    (2) If the Minister concludes that the change in the fact is significant and the authorization was issued under subsection 26(1) or 27(1) or (2), the Minister must notify the Commissioner of his or her conclusion.

  • Marginal note:Review Agency notified

    (3) If the Minister concludes that the change in the fact is significant and the authorization was issued under subsection 29(1) or 30(1), the Minister must notify the Review Agency of his or her conclusion.

Marginal note:Repeal of authorization

 The Minister may repeal an authorization issued under subsection 26(1), 27(1) or (2), 29(1) or 30(1) at any time.

Marginal note:Amendment

  •  (1) The Minister may amend an authorization issued under subsection 26(1), 27(1) or (2), 29(1) or 30(1) if the Minister concludes that there has been a significant change in any fact that was set out in the application for the authorization.

  • Marginal note:Conditions for amendment

    (2) The Minister may amend an authorization only if he or she concludes that there are reasonable grounds to believe that, taking into account the significant change,

    • (a) the conditions referred to in subsections 34(1) and (2) are met, in the case of an authorization issued under subsection 26(1);

    • (b) the conditions referred to in subsections 34(1) and (3) are met, in the case of an authorization issued under subsection 27(1) or (2); or

    • (c) the conditions referred to in subsections 34(1) and (4) are met, in the case of an authorization issued under subsection 29(1) or 30(1).

  • Marginal note:Amendment takes effect on approval — foreign intelligence and cybersecurity

    (3) An amended authorization issued under subsection 26(1) or 27(1) or (2) continues to be valid in its unamended form until — if the amendment is approved by the Commissioner under paragraph 20(1)(a) of the Intelligence Commissioner Act — the Commissioner provides the Minister with the written decision approving the amendment.

  • Marginal note:Activities under amended authorization — foreign intelligence and cybersecurity

    (4) For greater certainty, an activity that is specified in an amended authorization issued under subsection 26(1) or 27(1) or (2) in respect of which the Commissioner has provided the Minister with the written decision approving the amendment is authorized only to the extent that it is carried out in accordance with the authorization as amended.

  • Marginal note:Activities under amended authorization — cyber operations

    (5) For greater certainty, an activity that is specified in an amended authorization issued under subsection 29(1) or 30(1) is authorized only to the extent that it is carried out in accordance with the authorization as amended.

 
Date modified: