OTTAWA—The Canadian Security Intelligence Service repeatedly obtained taxpayer information from the Canada Revenue Agency without presenting a court-approved warrant for the data.

That revelation was among several concerns raised in the latest annual report of the Security Intelligence Review Committee, which monitors CSIS compliance with law and policy.

The report tabled Thursday said the spy service must do more to ensure insiders don’t pilfer secret material. It also urged CSIS to inform the Federal Court how it uses metadata — the telltale digital trails that accompany messages and phone calls — collected from cyberspace.

The findings came the same day the watchdog over the Communications Security Establishment, Canada’s electronic spy agency, found the CSE had improperly shared metadata about Canadians with key foreign allies.

The reports prompted the NDP to express concern about erosion of civil liberties.

Public Safety Minister Ralph Goodale stressed the Liberal government was embarking on a comprehensive review of Canada’s national security and intelligence framework with the twin aims of effective security and respect for rights.

More on thestar.com

Canadian charged with spying, stealing secrets in China

Canada’s electronic spy agency broke privacy laws

Far from being an isolated incident, there were “multiple instances” of a CSIS regional office getting warrantless access to taxpayer data from the federal revenue agency, the review committee said in its report for 2014-15.

Questions about the practice were first raised by the Federal Court, prompting CSIS to ask the review committee to look into the matter.

Following the incident, there were assurances the sensitive revenue agency information had been purged from a CSIS database when, in fact, it was still there, the review committee’s report says.

Spy service management issued a “stern reminder” to employees of the need for a warrant to collect taxpayer information, but the review committee says that may not be sufficient.

The committee made several recommendations, calling on CSIS to assess its own handling of the incident after it became clear information had been improperly collected. The spy service complied with that request.

Review committee chairman Pierre Blais said CSIS had made “a mistake” but he expressed confidence the committee would not “see that in the future.”

The Canada Revenue Agency had no immediate explanation as to why it gave CSIS the data.

The review committee says it also found shortcomings in the spy service’s training, investigation and record-keeping practices intended to manage so-called insider threats.

Concern about such threats has grown due to recent breaches by intelligence employees in the United States and Canada, the committee noted.

Former U.S. spy contractor Edward Snowden leaked a trove of files revealing widespread surveillance by the U.S. National Security Agency, while Jeffrey Paul Delisle, a Canadian naval intelligence officer in Halifax, sold sensitive secrets to the Russians.

The review committee found insufficient training, gaps in policy and procedures, and a lack of managerial feedback for those at CSIS working on internal security investigations.

It also concluded procedures governing internal probes were unclear. In addition, the committee found CSIS did not properly document decision-making about investigations.

Loading... Loading... Loading... Loading... Loading... Loading...

The review committee singled out one particular internal investigation, finding CSIS “had failed to give the case the appropriate level of attention and scrutiny, and to take follow-up action.”

The committee recommended CSIS re-examine the case due to concerns about internal policy violations and “possible information breaches.”

Though CSIS agreed with some aspects of the committee’s recommendations, it refused to reopen the case in question, saying it was satisfied there were no lingering security concerns.

Read more about: