This is an area of some confusion.
I mentioned briefly a few moments ago that there is a lot of uncertainty in this area as to how various statutory rules are being construed by the government. One area of uncertainty is over the practice of what's known as deminimization. CSE, as part of its foreign intelligence conduct and its activities, may acquire metadata and that metadata may include metadata from a Canadian source because of the nature of the Internet. It's not directing its activities at Canadians, but it's sweeping up some of this Canadian data in its operations.
Thereafter, when it shares its analytical work products dealing with that metadata, it is supposed to minimize Canadian identifying information. In other words, it redacts the Canadian identifying information. Those redactions can be lifted in relation to CSIS and the RCMP on request.
The question that remains unanswered in my mind is, what is the legal basis for that request? From what I've seen, it's clear that it has to comply with the Privacy Act in that all parties agree that it has to comply with the Privacy Act. There is an investigation, and CSIS is entitled to ask for the redactions to be lifted as part of its investigation.
What is unclear to me is whether they also come with a warrant, because if they don't come with a warrant, then information that CSIS could not lawfully collect itself is nevertheless put in play within CSIS by virtue of the inadvertent collection by CSE, and that CSE collection has never been supervised by an independent judge. Therefore, it's an open question in my mind as to whether, when CSIS or the RCMP comes looking for those redactions to be lifted, they comes supplied with a warrant. In other words, I don't know.