National Defence committee  —right, it's strictly for defending computer networks.

National Defence committee  It's law enforcement and security, so it tends to be mostly RCMP and CSIS. It may also include CBSA, but those would be the primary ones.

National Defence committee  We're subject to the same parliamentary agents as any other department, so the Auditor General, Privacy Commissioner, etc. As well, within CSE we have our own audit evaluation function that does internal reviews, evaluations, and audits similar to other departments. We also have an audit committee of people external to the government that reviews those reports.

National Defence committee  There would be an authorization for cyber-defence activity that risks the interception of a private communication.

National Defence committee  I wouldn't have the number with me. Last year there were, I believe, four or five authorizations. They are related to the class of activities that risk incidental interception, as when you're targeting a foreign target who may be in conversation with somebody in Canada. That's when you need an authorization, and it has to meet a number of criteria in the act that are spelled out there, such as that it has to be a foreign target and that you couldn't reasonably obtain the information in another way, and it has to have foreign intelligence value.

National Defence committee  No, he reviews—

National Defence committee  Yes, sir. He reviews—

National Defence committee  No, I think we've reduced and consolidated them, but to be honest, I don't have the numbers with me over the last five years.

National Defence committee  Yes, sir, and as I said, any private communications that were retained and used by us—the number is quite small—the commissioner reviewed each and every one of those to make sure they were in compliance with our act and with the authorization by the minister.

National Defence committee  Thank you. As an intelligence agency, it's very important that we share intelligence with our closest allies, which we do. However, in sharing any intelligence we still must comply with Canadian laws, our act, the Privacy Act, and the charter in doing that. We have to put in place measures to protect the privacy of Canadians.

National Defence committee  Even if we were sharing metadata we still must take steps to make sure that any information that would lead to the identity of a Canadian in that data is minimized and reduced so that it's not possible to identify them.

National Defence committee  Well, as I mentioned, our target and our focus is foreign intelligence collection.

National Defence committee  We collect in areas around the global networks where we're going to be most successful in finding our foreign targets. I can't really disclose our methods and capabilities in that collection. Suffice it to say that where there's any risk of incidental instance of private communication, those are authorized by the minister; and then the commissioner reviews all of our collection activities and verifies that they're in compliance with Canadian law and that we have measures in place to protect the privacy of the Canadian—

National Defence committee  The ones you're referring to are actually ministerial directives, so they were directives brought in to focus and provide additional direction to the agency about how it's going to collect and protect metadata. Metadata has been used by the agency and by second agencies for decades.

National Defence committee  Our ministerial authorizations are used for any collection activities where we might risk the incidental interception of a private communication. So, if I'm targeting a foreign target who's in communication with somebody in Canada—I'm not targeting the Canadian but in targeting a foreign target they may be having an email conversation with someone in Canada.