The National Security and Intelligence Review Agency (NSIRA) of Canada announced that the Communications Security Establishment’s (CSE) use of polygraphs for security screening during the hiring process likely breaches the privacy rights of prospective employees.
Although the CSE claims that its method of assessment is consistent with the Privacy Act, the NSIRA found that it “falls short of these requirements.” For one, it is necessary under Section 4 of the Privacy Act that any personal information collected be related “directly to an operating program or activity of the institution.” The NSIRA found that the CSE had been wrongfully using polygraph results to decide whether a candidate should be hired, rather than for the limited purpose of assessing a candidate’s loyalty towards the nation.
The NSIRA also found that Section 7 of the Privacy Act had not been complied with, which requires that the use of an individual’s personal information be restricted to the express purpose for which it was collected. In addition, the NSIRA was concerned that the hiring practice may violate applicant’s privacy rights under the Charter of Rights and Freedoms.
The polygraph assessment is intended to assess an “individual’s criminality and/ or loyalty to Canada”, as employment at the CSE would involve exposure to sensitive information of national importance. The NSIRA has urged the government to either get rid of, or modify the assessment so that it is in line with constitutional standards.
Though the polygraph evaluation is used by the CSE, security clearances in the Canadian federal government are mandated by the Treasury Board of Canada Secretariat (TBS). The polygraph assessment standard was implemented by the Standard on Security Screening which was set by the TBS in 2014.
Concerns over the viability of the polygraph assessment were also flagged in the review, wherein the potential flaws of the test were pointed out.
The investigation and review of the CSE’s practices fall within a parliamentary mandate granted to the NSIRA by Sections 8(1)(a) and 8(1)(b) of the National Security and Intelligence Review Agency Act. This law mandates that the body is to “review any activity carried out by the Canadian Security Intelligence Service or the Communications Security Establishment” and “review any activity carried out by a department that relates to national security or intelligence.”
The CSE is Canada’s digital intelligence agency, responsible for foreign signals intelligence and the protection of government data and information.