Privacy Impact Assessment (PIA) Executive Summary
Archived - Federal Bureau of Investigation–Canada Border Services Agency Information Sharing
Memorandum of Understanding

The current information sharing framework between the Canada Border Services Agency (CBSA) and the United States (US) falls within the parameters of three instruments, namely: a Customs Mutual Assistance Agreement (CMAA) for the exchange of customs information; a Statement of Mutual Understanding (SMU) for the exchange of traveler information; and a Mutual Legal Assistance Treaty (MLAT) for the exchange of criminal evidence. Although all of these agreements are between Canada and the US, the CMAA and SMU allow for the direct sharing of information between the CBSA and its natural US partners within the Department of Homeland Security (i.e. US Customs and Border Protection (CBP) and the US Immigration and Customs Enforcement (ICE)). The MLAT, however, requires national level liaison which, for the CBSA, is conducted through Canada's Department of Justice. The type of information that can be shared under each of these agreements is limited to information that pertains to active files. Canada and the US also share information under the Immigration Information Sharing Treaty, but this arrangement involves an automated process that occurs when a third country national applies to Canada for a visa or permit or seeks asylum.

In addition to sharing information with partners from the US Department of Homeland Security, the CBSA has a need to share information with the US Federal Bureau of Investigation (FBI), regarding matters relevant to the shared mandates of these two organizations. As Canada and the US share the longest non-militarized border in the world, the sharing of information between intelligence and criminal investigations programs on both sides of the border becomes imperative for the protection of its citizens. Business and traveler volumes traversing the Canada-US border justify the necessity to have well established, real-time intelligence and investigative links. The FBI's national mandate allows for the collection of data on individuals from all US states, and the MOU allows the CBSA to have access to that information in a single location.

On a daily basis, the CBSA's Border Service Officers (BSOs) engage with individuals as they attempt to cross the land, air, and marine border. Under its mandate, the CBSA is required to identify and respond to transnational border crimes while simultaneously gathering information and intelligence from the significant volume of travelers arriving at points of entry (POE). While the FBI is not a customs organization, the two organizations do share a limited mandate (combatting transnational border criminal activities) and a formal arrangement between the FBI and the CBSA will facilitate information sharing of persons or groups engaging in transnational criminal activity. Sharing intelligence and investigative information with the FBI regarding the identity, location, structure, financing, and methods and means of any person or group already suspected of engaging in transnational criminal activity, increases the likelihood that potential criminals will be stopped and facilitates a more secure border between Canada and the US.

The CBSA is already sharing information with the FBI by way of written requests, through the MLAT i.e. third parties. Third party information sharing with the FBI is primarily conducted through CBP and ICE and, to a much lesser extent, the Royal Canadian Mounted Police (RCMP). The instruments currently in place, however, are not sufficiently meeting the CBSA's mandate needs, for the following reasons:

• the parameters of the CMAA, SMU, and MLAT are restrictive and do not allow for the exchange of certain types of intelligence information (e.g. specific trend-based, intelligence information that requires analysis in order to validate whether a threat exists);
• under a third party arrangement, the CBSA or FBI may make a request through the third party(ies), who then verifies whether they hold any relevant information from the other party(ies), and relay the request to the other party for any additional, relevant information. Authority for the third party to share the information, however, is subject to any restrictions that exist in any information sharing arrangements between the third party(ies) and the other party;
• the inclusion of a third party(ies) introduces unnecessary privacy risks by virtue of having an entity through whom the information must transit;
• the current arrangements do not allow for the exigent exchange of perishable information (i.e. the usefulness of the information expires). In this regard, timelines are impacted by: processing times; additional time required for third party involvement and approvals; and competing priorities of all parties involved in the process;
• although the Criminal Investigations Division currently adheres to and stays within the confines of the MLAT, criminal investigators could benefit from the acquisition of information from the FBI that is not available from its Department of Homeland Security partners (e.g. information on firearms, alcohol, and some immigration issues). This information could provide a more thorough picture for ongoing investigations; and
• the current arrangements do not allow for the pro-active disclosure of information that may be critical to the protection of both nations, and their people.

The CBSA is thus seeking to set up a process for information sharing with the FBI, pursuant to a memorandum of understanding (MOU), allowing for timely information sharing, or the proactive disclosure, under exigent circumstances (i.e. when a threat is deemed to be imminent), of : information about individuals and organizations for which reasonable grounds exist to suspect that they may pose a border-related threat to the safety or security of individuals in either Canada or the US. As such, it is incumbent upon the CBSA to ensure all aspects of the enforcement and intelligence process are privacy compliant with domestic legal and privacy requirements, with a specific focus on the disclosure to the FBI.

Within this context, the CBSA will take the necessary steps to ensure that it respects the laws intended to protect the privacy of individuals and organizations. The CBSA will leverage the privacy protection controls that are currently in place within the existing information sharing regime (e.g. written requests; review and validation controls; transmission security controls; record keeping; and authorization protocols). Furthermore, a privacy impact assessment (PIA) has been completed, and identified risks which will be mitigated by protecting personal information through necessary technical, security and organizational procedures and measures. These safeguards will protect against the following risks: loss; corruption; misuse; unauthorized access, alteration, disclosure or destruction; or any other risks to the security, confidentiality or integrity of the information. Only authorized individuals with an identified purpose will be permitted to have access to personal information collected as a direct result of this MOU.

In addition to sharing information with partners from the US Department of Homeland Security, the CBSA has a need to share information with the US Federal Bureau of Investigation (FBI), regarding matters relevant to the shared mandates of these two organizations. As Canada and the US share the longest non-militarized border in the world, the sharing of information between intelligence and criminal investigations programs on both sides of the border becomes imperative for the protection of its citizens. Business and traveler volumes traversing the Canada-US border justify the necessity to have well established, real-time intelligence and investigative links. The FBl's national mandate allows for the collection of data on individuals from all US states, and the MOU allows the CBSA to have access to that information in a single location.

On a daily basis, the CBSA's Border Service Officers (BSOs) engage with individuals as they attempt to cross the land, air, and marine border. Under its mandate, the CBSA is required to identify and respond to transnational border crimes while simultaneously gathering information and intelligence from the significant volume of travelers arriving at points of entry (POE). While the FBI is not a customs organization, the two organizations do share a limited mandate (combatting transnational border criminal activities) and a formal arrangement between the FBI and the CBSA will facilitate information sharing of persons or groups engaging in transnational criminal activity. Sharing intelligence and investigative information with the FBI regarding the identity, location, structure, financing, and methods and means of any person or group already suspected of engaging in transnational criminal activity, increases the likelihood that potential criminals will be stopped and facilitates a more secure border between Canada and the US.

The CBSA is already sharing information with the FBI by way of written requests, through the MLAT i.e. third parties. Third party information sharing with the FBI is primarily conducted through CBP and ICE and, to a much lesser extent, the Royal Canadian Mounted Police (RCMP). The instruments currently in place, however, are not sufficiently meeting the CBSA's mandate needs, for the following reasons:

• the parameters of the CMAA, SMU, and MLAT are restrictive and do not allow for the exchange of certain types of intelligence information (e.g. specific trend-based, intelligence information that requires analysis in order to validate whether a threat exists);
• under a third party arrangement, the CBSA or FBI may make a request through the third party(ies), who then verifies whether they hold any relevant information from the other party(ies), and relay the request to the other party for any additional, relevant information. Authority for the third party to share the information, however, is subject to any restrictions that exist in any information sharing arrangements between the third party(ies) and the other party;
• the inclusion of a third party(ies) introduces unnecessary privacy risks by virtue of having an entity through whom the information must transit;
• the current arrangements do not allow for the exigent exchange of perishable information (i.e. the usefulness of the information expires). In this regard, timelines are impacted by: processing times; additional time required for third party involvement and approvals; and competing priorities of all parties involved in the process;
• although the Criminal Investigations Division currently adheres to and stays within the confines of the MLAT, criminal investigators could benefit from the acquisition of information from the FBI that is not available from its Department of Homeland Security partners (e.g. information on firearms, alcohol, and some immigration issues). This information could provide a more thorough picture for ongoing investigations; and
• the current arrangements do not allow for the pro-active disclosure of information that may be critical to the protection of both nations, and their people.

The CBSA is thus seeking to set up a process for information sharing with the FBI, pursuant to a memorandum of understanding (MOU), allowing for timely information sharing, or the proactive disclosure, under exigent circumstances (i.e. when a threat is deemed to be imminent), of : information about individuals and organizations for which reasonable grounds exist to suspect that they may pose a border-related threat to the safety or security of individuals in either Canada or the US. As such, it is incumbent upon the CBSA to ensure all aspects of the enforcement and intelligence process are privacy compliant with domestic legal and privacy requirements, with a specific focus on the disclosure to the FBI.

Within this context, the CBSA will take the necessary steps to ensure that it respects the laws intended to protect the privacy of individuals and organizations. The CBSA will leverage the privacy protection controls that are currently in place within the existing information sharing regime (e.g. written requests; review and validation controls; transmission security controls; record keeping; and authorization protocols). Furthermore, a privacy impact assessment (PIA) has been completed, and identified risks which will be mitigated by protecting personal information through necessary technical, security and organizational procedures and measures. These safeguards will protect against the following risks: loss; corruption; misuse; unauthorized access, alteration, disclosure or destruction; or any other risks to the security, confidentiality or integrity of the information. Only authorized individuals with an identified purpose will be permitted to have access to personal information collected as a direct result of this MOU.

Date modified:

2016-08-31