Communications Security Establishment Canada is following a federal policy on the risks of ill-treatment when sharing information with other countries, says Ryan Foreman a spokesman for the spy service.
The policy is intended to guide security agencies when seeking or sharing information puts someone in foreign custody at serious risk of being tortured.
Human-rights advocates and opposition MPs have roundly criticized the policy, saying it effectively sanctions torture and violates Canada's international commitments.
Records released through the access-to-information law have shown that several agencies — including the Canadian Security Intelligence Service, RCMP and federal border organization — were directed to follow the policy.
However, until now there was no explicit confirmation that the policy applied to the Ottawa-based eavesdropping agency, known as CSEC.
"The Communications Security Establishment Canada (CSEC) was consulted in the development of the Framework for Addressing Risks of Mistreatment in Sharing information with Foreign Entities," Foreman said in an emailed response to questions.
"CSEC applies the framework" and has "rigorous internal processes in place" to ensure it is followed, he added.
CSEC, with an annual budget of about $400 million, monitors foreign communications — including email, phone calls and satellite transmissions — for a wide array of intelligence of interest to Canada. It employs specialists in codebreaking, languages and data analysis.
As a member of the Five Eyes intelligence alliance, CSEC exchanges considerable information with counterparts in the United States, Britain, Australia and New Zealand.
For instance, court documents say information gleaned from the Five Eyes network helped build the case against three men arrested in Canada in 2010 on terrorism charges.
Public Safety Canada began work on the information-sharing policy in 2009, leading to a series of secret directives to federal security agencies.
The four-page framework document, previously released under the access law, says when there is a "substantial risk" that sending information to — or requesting information from — a foreign agency would result in torture, the matter should be referred to the responsible deputy minister or agency head.
In deciding what to do, the agency head — in CSEC's case, chief John Forster — will consider factors including:
— the threat to Canada's national security and the nature and imminence of the threat;
— the status of Canada's relationship with — and the human-rights record of — the foreign agency;
— the rationale for believing that sharing the information would lead to torture;
— the proposed measures to lessen the risk, and the likelihood they will be successful — for instance, the agency's track record in complying with past assurances;
— the views of Foreign Affairs and other agencies.
Critics of the policy note that in 2006 a federal commission of inquiry into the case of Maher Arar recommended that information never be provided to a foreign country where there is a credible risk that it will cause or contribute to the use of torture.
The inquiry found that faulty information the RCMP passed to U.S. officials very likely led to the Ottawa engineer's torture in a Damascus prison.
The latest revelation comes amid mounting concern about widespread surveillance by the National Security Agency, CSEC's American partner.
Former NSA contractor Edward Snowden recently leaked documents showing the agency runs a top-secret data-mining program known as Prism that provides the U.S. government access to a huge quantity of emails, chat logs and other information from major Internet companies.