DAOD 8002-1, National Counter-Intelligence Program
Date of Issue: 2003-03-28
Application: This is a directive that applies to employees of the Department of National Defence (DND) and an order that applies to officers and non-commissioned members of the Canadian Forces ("CF members").
Approval Authority: This DAOD is issued under the authority of the Deputy Chief of the Defence Staff (DCDS).
Enquiries: Director General Intelligence (DG Int)/J2 Plans and Policy 4
- Counter-Intelligence (contre-ingérence)
- Counter-intelligence means activities concerned with identifying and counteracting threats to the security of DND employees, CF members, and DND and CF property and information, that are posed by hostile intelligence services, organizations or individuals, who are or may be engaged in espionage, sabotage, subversion, terrorist activities, organized crime or other criminal activities.
- Security Intelligence (renseignement de sécurité)
- Security intelligence means intelligence on the identity, capabilities and intentions of hostile intelligence services, organizations or individuals, who are or may be engaged in espionage, sabotage, subversion, terrorist activities, organized crime or other criminal activities.
The CF National Counter-Intelligence Program (NCIP) is a centrally controlled series of activities designed to safeguard the security interests of DND and the CF in or outside of Canada.
The NCIP is designed to assist the Deputy Minister (DM) and the Chief of the Defence Staff (CDS) in meeting their security obligations.
The mandate of the NCIP is to:
- identify and monitor threats to the security of DND and the CF (see DAOD 8002-0, Counter-Intelligence, for a list of such threats);
- direct the collection, collation and assessment of counter-intelligence (CI) security threat information at the national level to provide security intelligence, threat assessments and early warnings to DND senior managers and commanders;
- provide a national level specialist CI unit to implement and co-ordinate NCIP CI security activities, including CI investigations and operations, based on national priorities; and
- provide CI support to local DND managers, commanders and commanding officers (COs) in accordance with the objectives of the national program.
The following activities shall be provided as part of the NCIP:
- security intelligence threat assessments in support of DND and CF domestic and foreign interests and operations;
- CI security investigations, operations and security briefings and debriefings to counter threats to, or to preserve, the security of DND and the CF;
- CI activities and products in support of the force protection responsibilities of commanders and COs;
- coordination of security investigations into information operations (IO) activity targeting DND and the CF;
- liaison with Canadian police and security agencies and, as appropriate, with allied and host national military and civilian police and security authorities, where CF members are or may be deployed, e.g., as part of an anticipated or actual United Nations deployment or in support of a NATO commitment;
- the Security Intelligence Liaison Program (SILP) to provide early warning of potential threats against DND and CF interests, and to support the preparation of the CF for, and conduct in response to, requests for assistance during public welfare or public order emergencies under the Emergencies Act; and
- the security screening of foreign persons attending DND and CF programs in Canada.
J2/DG Int is responsible for overseeing the annual verification of the NCIP through a Counter-Intelligence Verification Team (CIVT) headed by J2 Plans and Policy 4. The CIVT shall consist of appropriately security cleared representatives from the Director Law/Operations (D Law Ops), DND and CF Legal Advisor (LA) (as required) and Director Financial Operations (D Fin Ops) and Canadian Security Intelligence Service (CSIS).
The CIVT shall:
- review all NCIP-related policies, doctrine, procedures, reports, memoranda of understanding (MOUs), duties and functions;
- compile and analyze statistics on NCIP-related investigations and operations;
- conduct annual verifications of CF National Counter-Intelligence Unit (CFNCIU) headquarters and CI Oversight Committee (CIOC) procedures, reports, duties and functions;
- conduct investigations into allegations of inappropriate activities by the CFNCIU or National Defence Command Centre Security Intelligence (NDCC 2) associated with the NCIP. Allegation of illegal activities shall be referred for investigation to the Canadian Forces National Investigation Service (CFNIS);
- make recommendations to J2/DG Int concerning the NCIP; and
- provide a written report to J2/DG Int concerning each CIVT activity.
CIVT members shall have, as required, complete and unhindered access to all relevant CFNCIU and NDCC 2 files and records, except for Close Hold files, which shall not be verified until completion of the relevant investigation or operation. The Close Hold designation is assigned at the discretion of J2/DG Int.
Verification of DND and CF CI activities during the course of a foreign deployment shall be as directed by J2/DG Int, with the concurrence of the DCDS. A final CIVT verification shall be performed upon completion of any foreign deployment.
All DND employees and CF members shall report to the CIVT, wherever possible through the chain of command, any incident of inappropriate or illegal activity associated with the NCIP.
CI investigations are designed to identify and exploit information regarding the extent and nature of threats to the security of DND and the CF, which may include special or sensitive debriefing initiatives.
CI operations are designed to:
- conceal or deny information in order to protect DND employees and CF members, and DND and CF property or information, from threats to the security of DND and the CF;
- counter threats to the security of DND and the CF; or
- obtain details, as part of a covert operation or other counter human intelligence activities, about adversaries posing threats to the security of DND and the CF.
CI investigations and operations shall focus on the threat to the security of DND and the CF. Issues related to the criminality of an activity or event shall be referred to the civil or military police (MP) agency with jurisdiction for investigation.
CFNIS has overall DND and CF responsibility for criminal intelligence, i.e., information relative to criminal activity that has been subject to the process of planning, direction, collection, evaluation, collation, analysis, reporting and dissemination. Criminal intelligence is used to:
- reveal the existence of criminal organizations or other significant criminal activities;
- identify the members of such organizations; and
- establish their criminal activities, internal administration, movements, sources of income and vulnerabilities.
Prior to the authorization of any CI investigation or operation, DND and the CF shall determine that:
- the investigation complies with the law;
- any investigative techniques used are related to the threat posed and the probability of its occurrence;
- the need to use intrusive techniques is weighed against any possible breach of constitutionally protected rights and freedoms; and
- the least intrusive techniques of information collection are used, taking into account the specific circumstance.
Investigations Outside Canada
In the conduct of DND and CF CI investigations outside of Canada, all deployed DND employees and CF members shall conform to Canadian law as well as respect the rights, obligations and restrictions imposed by the host nation's government.
Availability of Personnel
Subject to higher priority operational commitments, DND senior managers and commanders and COs shall ensure their subordinates are made available from their duties when required to assist with CI security investigations or operations.
Designation of Investigations
Active CI investigations and operations are designated as Level I, II or III according to the degree of intrusiveness. A preliminary assessment, which may be conducted under the authority of a CFNCIU Regional Counter-Intelligence Officer (CIO), is to be conducted in order to determine the potential requirement for an investigation or operation. Such an assessment includes a non-intrusive validation of the information received and confirmation of a DND or CF nexus (see the Context block in DAOD 8002-0, Counter-Intelligence, for the meaning of "DND or CF nexus" in respect of CI activities).
The preliminary assessment does not include the conduct of formal interviews. Should the assessment not support the requirement for an investigation or operation, the CIO shall report the circumstances to the CO, CFNCIU.
The tasking authority and procedure for each level of investigation or operation are set out in DAOD 8002-2, Canadian Forces National Counter-Intelligence Unit.
The levels of investigation or operation are determined as indicated in the following table:
|A||is used for the purpose of …||and uses the following techniques:|
Exceptional circumstances may require action by the CFNCIU before authority for a Level I, II or III investigation or operation has been received. Under such circumstances, activities taken in support of the NCIP shall be as non-intrusive and limited as possible in keeping with protecting against a serious and present threat to the security of DND and the CF. The appropriate authorization for these actions is to be obtained as soon as possible. A full report on the circumstances for such activities shall be forwarded to J2/DG Int within three calendar days.
In addition to active CI investigations and operations, there are a number of passive activities that contribute to the security of DND and the CF, such as defensive security briefings/debriefings and threat awareness programs.
Some passive CI-related activities do not fall under the lead of the NCIP, including:
- physical security measures;
- personnel security measures, such as security clearances; and
- information technology security.
If a DND or CF nexus exists but the subject of the investigation or operation is not a DND employee or CF member, the lead agency is the civil, MP or security agency with jurisdiction.
While a CI investigation or operation may focus on the loyalty of a DND employee or CF member, the responsibility for assessing loyalty rests with the DND manager or CO, and the Deputy Provost Marshal Security (DPM Secur).
A CI investigation or operation into the misuse or loss of classified equipment or material, or related to information operations or technology, is warranted only if there is a threat to the security of DND or the CF.
Information collected under the NCIP shall be managed carefully to preserve the integrity of the program and respect individual rights and the laws of Canada. To this end, the collection, storage and management of all CI, SILP and related CI reports and assessments shall be carefully controlled.
Collection of CI, Police and Security Information
In accordance with the NCIP, only the CFNCIU is authorized to investigate and collect information to support the SILP. This does not preclude DND senior managers, commanders and COs, or their staffs, from keeping abreast of the environment within their area of responsibility or their responsibility to establish open, harmonious working channels of communication with all elements of the public with whom they interact, including law enforcement and security agencies. However, the collection of security intelligence for integration into national or local threat assessments remains the primary responsibility of the CFNCIU.
Except for NDCC 2, which may gather security intelligence and information from police and security agencies in support of the threat assessment process, no other line or staff organization shall attempt to meet or communicate with law enforcement or security agencies to obtain security intelligence that is otherwise collected under the mandate of the SILP.
Routine security intelligence requirements to support a CF regional commander's domestic planning are included in the annual National CI Standing Intelligence Requirements. New or specific local requirements consistent with the objectives of the NCIP may be referred to the CFNCIU in accordance with DAOD 8002-2, Canadian Forces National Counter-Intelligence Unit.
The CFNCIU is the DND and the CF point of contact for security intelligence liaison and shall be included in all relevant meetings and activities.
A DND employee or CF member who obtains information of potential security intelligence value in the performance of their duties shall provide the information to the CFNCIU.
Joint Intelligence Centre
During a domestic operation, the CFNCIU participates in any joint intelligence centre (JIC) formed to gather and share police or security information and intelligence. Through participation in the JIC, the CFNCIU is responsible for providing DND senior managers, commanders and COs, and their staffs, with the security intelligence needed to develop accurate security threat assessments.
Retention of CI Information and Intelligence Data
All information collected under the NCIP shall be retained in Information Bank Security Intelligence Records, DND PPU 060, established for purposes of the Privacy Act by DND and the CF, and controlled and administered through J2 Plans and Policy.
Copies of CI information received from civil authorities and counter-intelligence assessment and reports generated by DND and CF intelligence staffs or other DND or CF entities shall be forwarded to CFNCIU HQ so that Access to Information Act obligations may be exercised centrally on behalf of DND and the CF.
CFNCIU may retain CI information as authorized under DND PPU 060 and is responsible for access requests for matters under unit control. CFNCIU disposes of dated files or material no longer required for the unit in accordance with established administrative practices.
The following table identifies the primary responsibilities for this instruction:
|The …||is/are responsible for …|
J2 Plans and Policy 4
DND senior managers, commanders and COs
- Government Security Policy
- DAOD 8002-0, Counter-Intelligence
- Access to Information Act
- Canadian Charter of Rights and Freedoms
- Canadian Security Intelligence Service Act
- Criminal Code
- Emergencies Act
- Privacy Act
- Security Offences Act
- DAOD 8002-2, Canadian Forces National Counter-Intelligence Unit
- DAOD 8002-3, Security Intelligence Liaison Program
- Information Bank Security and Intelligence Records, DND PPU 060.