Can CSIS run overseas spy operations? Can Canada?
Or, risk assessment and risk aversion
The Globe and Mail’s investigative team of Bob Fife and Steve Chase have called attention to the publication of a special report by the National Security and Intelligence Review Agency (NSIRA), detailing concerns about accountability and decision-making around a CSIS overseas spy operation involving a human source. Credit to them for spotting the significance of this review.
Their news story is here:
Unless you lurk on the NSIRA web site (maybe a basement hobby for some?) this story might have gone unnoticed. NSIRA has no regular communications strategy, no process for engaging stakeholders and getting the word out into the public domain. They just wait and see if anyone notices their work. This reflects the fact that the review body has retreated, since its inception in 2019, from really trying to reach a public audience or advance public education goals—instead it sees its main readership as the departments and agencies it reviews. This reflects a sense of its main mission—to retrospectively catch and potentially correct missteps and abuses by the national security and intelligence community. Readers in the agencies, of course, get to see the classified version.
For the rest of us, the story of the controversial CSIS spy mission will remain in many respects mysterious. Unsurprisingly, the details of the spy operation in question are redacted in the published version of the NSIRA report. [1] Inevitably, there will be the temptation to try to read between the [redacted] lines and speculate. Speculation is further fueled by the details of a legacy CSIS spy operation from 2015, which hangs over the NSIRA report. It provides an important back-story and lesson.
In February 2015, the Turkish authorities arrested a human smuggler named Mohammed al-Rashed. Turkish intelligence uncovered the fact that al-Rashed had been involved in an operation to help ISIS recruits—both potential foreign fighters and a stream of Western jihadi brides—to cross from Turkey into Syria to join the Islamic State group. During their interrogation of al-Rashed they also learned that he had been recruited by CSIS as an informant to help the Canadian Service, and its allies, track the movement of Westerners determined to join the Caliphate. The information about the Canadian connection was leaked to the Turkish media and eventually confirmed by Turkish authorities. Somehow the story didn’t really make an impact back home.
A cone of silence descended on the case and held for nearly a decade. But then along came an enterprising British TV journalist, Richard Kerbaj, who, while researching for a book loosely based on the history of the Five Eyes intelligence alliance, managed to get some people to talk about it, even on the record. His star source was none other than a retired British head of Scotland Yard’s counter-terrorism command (SO15), Richard Walton. Walton, in 2015, was leading efforts by the UK to track and try to stop the flow of British foreign fighters and jihadi brides to ISIS. He told Kerbaj that he had a visit from two CSIS officers who came to give him intelligence on a high-profile case involving the disappearance of three British teenage girls. CSIS intelligence derived from their informant, al-Rashed. He knew about the fate of the three teenagers because he had been paid by ISIS to personally smuggle the girls into Syria.
According to Kerbaj, the Canadians were trying to cover-up their involvement and avoid it becoming public. [2]Kerbaj also revealed that the Service’s deputy director (of operations) was “deployed to Ankara to beg forgiveness for failing to inform the Turkish authorities that they had been running a counter-intelligence operation in their territory.” This reveal came from an unnamed Canadian source.
Kerbaj passed this detail on to the Globe and Mail. Bob Fife was able to confirm with sources that the CSIS officer who went to Ankara (apparently on more than one occasion to deal with the aftermath of the case) was Jeffrey Yaworksi, the Service’s then deputy director of operations. [3] Yaworski retired from CSIS in 2019.
This is where the back story becomes part of the front story, or so it would seem. In the same month (September 2022) as the publication of the Globe and Mail story and the circulation in the Canadian media of the Kerbaj account (his book was not published in Canada until January 2025), the then Public Safety Minister, Marco Mendicino, asked NSIRA to conduct a review into whether CSIS and the Public Safety department were “effectively supporting Ministerial responsibility.” [4] In plain speak, something had aroused the Minister’s concern about whether CSIS and his own senior officials were providing him with adequate information to allow him to fulfill his duty of Ministerial accountability.
NSIRA undertook the review, starting work on it in 2022 and publishing in May 2025. The immediate cause that prompted the review was a CSIS overseas intelligence operation involving a human source. The time frame of the operation is not revealed but the NSIRA study covered the period January 1, 2015 to July 31, 2023. [5] The contemporary CSIS op of concern was not the al-Rashed affair coming back to life somehow, but something that came to a head during 2022 when Jody Thomas was the serving National Security and Intelligence Adviser to the Prime Minister. While all references to operational dates are redacted in the NSIRA review the 2022 time-frame is essentially confirmed in Jody Thomas’ responses to questions put to her by The Globe and Mail.[6]
However, lurking in the background to this recent CSIS operation was the older al-Rashed affair. The NSIRA review does not confirm this explicitly, but in unredacted passages talks about a previous review conducted by its predecessor, the Security Intelligence Review Committee (SIRC) into a legacy “case” that informed its study. The legacy case is further analysed in the mostly redacted Annex A of the NSIRA study.
There is very little reason to be so coy about the SIRC review. It was undertaken in 2015 on the topic of “CSIS’s Investigation of Canadian Foreign Fighters.” A version released under ATIP in 2019 was very heavily redacted but stated that “this review examined the initiatives and challenges related to CSIS’s overseas collection activities, with particular attention on how intelligence is obtained on foreign fighters entering conflict zones such as Syria and Iraq.” [7] The key focus was “the direction and parameters surrounding the handling of sources overseas.” [8] A passage states that “a detailed case study was devoted to the [redacted].” [9] I’ll take that as an al-Rashed Bingo.
SIRC found “multiple failings in policy, process and managerial direction.” [10] It advanced five recommendations (one is redacted in its entirety). Among these was the creation, “on a priority basis,” of a “risk analysis framework to operationalize the 2015 Ministerial Direction for Operations and Accountability, which requires CSIS to consider operational, political, foreign policy and legal factors when assessing risk.” [11]
Clearly, whatever went down in 2022 raised the ghost of the al-Rashed human source affair and prompted renewed thinking about whether sufficient information was being provided to the Minister about CSIS operations, and whether the risk assessment function had worked properly--issues that were meant to have been fixed by the previous SIRC study and recommendations.
It may even be possible--though this is pure speculation--that the public reporting from 2022 on the al-Rashed affair, especially in the Kerbaj book and the follow-on Globe reporting raised some questions about details of how the legacy case was handled not previously known by the Public Safety Minister and his officials. The Minister might have felt a sense of ‘here we go again,’ which lent urgency to his unusual decision to ask for a review by NSIRA.
Time to dive into the gist of the NSIRA review published on May 29.
NSIRA studied the decision-making and risk assessment around the unspecified overseas spy operation, with particular attention to the causes and consequences of a process that led to the operation being temporarily halted because of concerns. The halt, it found, had unspecified [because redacted] damaging consequences.
The NSIRA review, in its redacted public version, is clear on two points. One is that neither the Minister of Public Safety nor the Director of CSIS made the decision to halt the intelligence operation. The other was that the halt caused harm to Canada’s reputation as an intelligence ally. Both are pretty startling findings.
If those with clear authority to halt an intelligence operation—that is either the CSIS Director or the Minister of Public Safety--didn’t hit the kill switch, then who did?
The Globe reporters, mistakenly in my view, thought responsibility for halting the spy operation was clear from the NSIRA review. They write that:
“an active spy service operation was abruptly halted by a top adviser to former prime minister Justin Trudeau.” “Abruptly” is their qualifier—not one that appears in the NSIRA report. As to who this top adviser was, Fife and Chase say that NSIRA identifies the person responsible as the national security and intelligence adviser, who “stopped the active operation.” Jody Thomas filled that post in 2022.
Fife and Chase interviewed Ms. Thomas for their story. They quoted her as saying “she didn’t personally halt the operation.” She clarified this by saying that “she was asking questions about the operation on behalf of many parts of the government, including the departments of Global Affairs and Public Safety.” She was, in her words, “the conduit of that information as opposed to me personally stopping the operation.” Once the questions were answered, she told the Globe, the operation “proceeded and concluded.” The question of who decided on the restart is not raised in the Globe and Mail story.
OK, what to believe? Here, we have to rely on a close reading of the redacted NSIRA review, appreciate the art of redaction, and understand some of the limitations of NSIRA’s reach.
The first thing to note is that at no point in the redacted version of the NSIRA review does it actually identify who ordered a halt to the CSIS spy op. Jody Thomas may have conveyed the decision to halt the operation. But there is nothing in the NSIRA report to indicate that she was the author of the decision to halt and there is evidence against her having played such a role. There were other forces, other actors, at play.
To follow this thread, it is important to understand how redaction of sensitive information works and how redaction is communicated in NSIRA reviews. NSIRA operates on a principle that redactions to its classified report, in keeping with the requirements of the Security of Information Act, are always indicated (plenty of black ink gets spilled in the process) and, where possible, a very concise summary of the content of the redaction is provided. In the text that I quote below I place that summation in italics after [redacted]
There are numerous passages in the NSIRA review where redactions eliminate precise knowledge of the author or authors of the halt order, but also where the general identity of the author/authors is conveyed. The clearest expression of this is the following passage, which Fife and Chase also relied on but misinterpreted:
“The direction to halt [redacted] operation occurring [redacted] was the result of [redacted—political level discussions] and first came from the National Security and Intelligence Adviser to the Director of CSIS.” [12]
Clearly, the NSIA (Jody Thomas) was the messenger. But where did the message originate? For an answer we have only frustrating clues, again shrouded in redactions. But the clues all point in one direction—that the decision to halt the operation was made by “political-level” stakeholders. At one point, the NSIRA review states that “with sufficient forewarning and preparation [redacted—the political level may have decided] not to halt this operation.” [13] There are also references to “political” in the decision to halt the operation elsewhere in the report. [14]
Can we winnow this further to determine what “political-level” might mean?
The only reference to who actually made the decision to halt the operation is contained in redacted text marked with a single asterick. Thus at Finding 2 we read:
NSIRA found that [*] halted an active operation. [15]
This mysterious entity [*] is also indicated as the author of the decision to halt the CSIS operation at p. iii, and p. 5.
It may be that NSIRA itself did not know who was actually behind the decision to halt the operation. Why? Simply because, under its legislation, NSIRA does not have any right of access to Cabinet confidences and so could not penetrate discussions at Cabinet, or advice to Cabinet about the decision.
Equally, NSIRA may have identified the author of the halt order but felt this was classified information that could not be released in a public report. We can speculate that [*] represents a Cabinet Minister or set of Ministers, or the PM, or a senior political staffer at the Prime Minister’s Office (PMO). But this, I must emphasize, is mere speculation.
What is not speculation, and why all this clue hunting matters, is that the decision to halt the operation was primarily a political one. On that hook hangs an important issue.
The halt order became a political-level one in the view of NSIRA primarily because of the inadequacy of the risk assessment process and communications conducted by CSIS. The Deputy Minister of Public Safety also comes in for a fair share of blame.
The NSIRA review contains a brief history of the evolution of the risk assessment process at CSIS for overseas intelligence operations. A critical role was played by lessons learned from the al-Rashed affair in 2015, so we circle back to that. Out of the SIRC review of that matter came a recommendation for a more holistic framework to understand operational risks and a renewed Ministerial Directive on Accountability issued to CSIS in 2019. This Ministerial direction is one of three that currently exists (along with newer ones on “Threats to the Security of Canada directed at Parliament and Parliamentarians;” and “Operations,” both issued in 2023).
The Accountability Directive is available on the Public Safety website. [16] Its pretty high-level. NSIRA believes the entire set of MDs should be reformed to make them more concise and “harmonized,” to avoid misinterpretation, but I am not sure that is real-world advice. Some flexibility plus good judgement will always be required.
What the current Ministerial Directive on Accountability does say is that the CSIS Director is responsible for the “control and management of the Service,” but should advise the Minister of issues on a “case-by-case” basis. A requirement exists for the Service to notify the Minister and the Deputy Minister of Public Safety “prior to undertaking operational activities assessed as high-risk.”
The Directive also lays out the general principles of how the risk of CSIS operations is to be determined. The lessons of previous failures, including the al-Rashed case, took decision-making on risk out of the singular hands of CSIS and instead involved multiple players performing their own specialised part of the calculation. In theory at least they, in combination with CSIS, would come to a common perspective.
The risk matrix to be employed involved four “pillars,” each to be determined by a different sets of consultations. The risk pillars included:
Legal risk, to be determined by the Department of Justice and communicated through embedded legal staff at CSIS.
Operational risk, primarily determined by CSIS. You know, things going south.
Reputational risk, to be determined jointly by CSIS and Public Safety.
If you are wondering, “reputational risk” included the potential for public controversy, discredit to CSIS, or discredit to the Government of Canada. In other words, the embarrassment factor, but with a harder edge in terms of calculations of Canada’s standing as an intelligence ally.
Foreign policy risk, to be assessed in consultation with Global Affairs. Foreign policy risk had a broad footprint to include severe damage to Canadian relations; risks associated with covert operations involving a foreign state’s embassy; severe damage to Canada’s interests; the security and safety of Canadian officials and Canadians abroad.
NSIRA was highly critical of how the risk matrix was operationalized and essentially blamed the halt to the CSIS operation on failures, especially by CSIS, to properly consult and convey the risk involved to decision-makers. Three of its six recommendations stemming from its review argued for a stronger and more effective risk assessment process, involving CSIS, Public Safety, Global Affairs and the DOJ, all working together, tickety-boo. Another recommendation was in a similar vein but laid a duty at the feet of the deputy minister of Public Safety to ensure an independent (from CSIS) capacity to advise the Minister about CSIS operations. That’s a tall, possibly impossible, order. Better to encourage smart judgement.
The NSIRA reform proposals sound like a nice bureaucratic solution, getting everyone to play together. But the niceness overlays what will often be complex and fast-changing circumstances behind any overseas spy operation, compounded by the inevitable absence of full information. It also ignores the likelihood of divided views about risk on the part of officials and at the “political level.” At the end of the day, it may only serve to obfuscate leadership responsibility and even diminish actual accountability. On whose desk, actually, does the buck stop?
Any overseas spy operation must be subject to contestation. There must be appropriate consultations between the actors holding part of the risk equation. The Minister of Public Safety, responsible for CSIS operations, must be fully informed.
Equally, what the process must resist are political interventions that might be over-sensitive to “reputational risk” especially, and under-sensitive, or even ignorant, about the realities of the conduct of intelligence. GAC may have a very different, potentially parochial, view of foreign policy risk. DOJ will bring legal arguments into a world which, when it comes to conducting overseas spy operations, is all about breaking the law of the target country.
To the extent that the NSIRA review brings any clarity it appears that political-level intervention to halt the CSIS overseas operation was primed by concerns about reputational risk to the Government of Canada. The Public Safety contribution to the reputational risk assessment was deemed “inadequate” by NSIRA who found that a better way was needed to determine reputational risk. [17] Perhaps we get closest to the nub when the NSIRA review noted that:
“ [redacted, after other circumstances transpired] the Minister of Public Safety] raised additional concerns about reputational harm to the Government” [18]
Later in the review we read:
“following the [redacted, operation] Public Safety believed that the [redacted] reputational risk rating assigned to the operation was flawed and that the timing of the assessment failed to provide the Minister with sufficient warning.” [19]
I worry that the risk assessment approach advocated by NSIRA as a strengthened version of current policy, with multiple “pillars” and consultative parties, will inevitably lean towards risk aversion. This too, must be resisted or there will be little point in even attempting overseas spy operations of anything more than the most mundane kind.
This bring us back to the unanswered questions in the redacted version of the NSIRA review. Who actually forced a stop to the CSIS operation, and why? The only answers we have are generic—"political level” and—“reputational risk” to the Government of Canada.
The so-what is…
The NSIRA review raises an important question that it was impervious to. Namely—is CSIS the right entity to conduct overseas spy operations, under the authority of the Public Safety Minister? Or, is the conduct at the heart of its review another indication that Canada should either get out of the overseas (HUMINT) spy game altogether, or more realistically, finally create an independent foreign intelligence service, accountable to a different minister (maybe the Foreign Affairs Minister; maybe, gulp, the PM), with a different calculus about risk.
The question of should Canada spy abroad and how, may ultimately be subsumed by the question of: do we have the political appetite to take risks inherent in the spy game? That’s the big question that goes begging in the NSIRA review.
[1] NSIRA, “Review of Public Safety Canada and the Canadian Security Intelligence Service’s Accountability Mechanisms,” published version (classified version marked Top Secret/CEO), May 29, 2025. The operational details are at pp. 31-37 and are completely redacted. https://nsira-ossnr.gc.ca/wp-content/uploads/22-12_EN.pdf
[2] Richard Kerbaj, The Secret History of the Five Eyes: The Untold Story of the International Spy Network (London: Blink Publishing, 2024), pp. 228, 230. The al-Rashed story is the centre-piece of Chapter 12, “A Delayed Admission.”
[3] Robert Fife, Globe and Mail, “CSIS persuaded Turkey to hide recruitment of operative who trafficked teens to Islamic state,” September 29, 2022, https://www.theglobeandmail.com/politics/article-csis-isis-agent-turkey/
[4] NSIRA, “Backgrounder: Public Safety and Canadian Security Intelligence Service Accountability Mechanisms,” May 29, 2025, https://nsira-ossnr.gc.ca/en/reviews/our-reviews/ps-and-csis-accountability-mechanisms/backgrounder/
[5] NSIRA, “Review of Public Safety Canada and the Canadian Security Intelligence Service’s Accountability Mechanisms,” published version (classified version marked Top Secret/CEO), May 29, 2025, p. 1, https://nsira-ossnr.gc.ca/wp-content/uploads/22-12_EN.pdf [hereafter cited as NSIRA]
[6] Robert Fife and Steven Chase, “Halting active CSIS operation in 2022 put team at risk, watchdog says,” May 29, 2025, https://www.theglobeandmail.com/politics/article-halting-active-csis-operation-in-2022-put-team-at-risk-watchdog-says/
[7] Security Intelligence Review Committee, SIRC Review 2015-09, “CSIS Investigation of Canadian ‘Foreign Fighters,’ Summary, p.1, http://www.sirc-csars.gc.ca/opbapb/lsrlse/2015/2015-09-eng.pdf
[8] Ibid., p. 3
[9] Ibid., p. 4
[10] Ibid., p. 1
[11] Ibid., p. 26
[12] NSIRA, p. 5
[13] Ibid, p. 11
[14] Ibid, pp. 2, 4
[15] Ibid, p. 6
[16] Ministerial Direction to the Canadian Security Intelligence Service: Accountability,” September 10, 2019, https://www.publicsafety.gc.ca/cnt/trnsprnc/ns-trnsprnc/mnstrl-drctn-csisacc-en.aspx
[17] NSIRA, p. iv
[18] Ibid, p. 11
[19] Ibid, p. 24
Editorial note: the word is asterisk, not asterick.
Sir, you ask whether "... is CSIS the right entity to conduct overseas spy operations, under the authority of the Public Safety Minister?"
Allow me to ask that question differently: At what point should the damned politicians and near politicians [e.g. deputy minister class, political appointees, etc.] be directing/overseeing spy operations? I will then answer my question: At no point should politicians be involved with supervising/directing/etc. spy operations. Politicians should leave such matters to professional spies and should supervise the management of the agency - whichever agency - that conducts the spying.
If something goes hysterically awry then it is completely fine to lop off the heads of the particular agency. But, under no circumstances should the politicians or near politicians be formally involved in the process as that would make such decisions, you know, POLITICAL. And a political decision is a changeable decision like the blowing of the wind. Damned politicians!