In its annual report, the watchdog that keeps an eye on CSIS flags concerns about what happens to intelligence the spy service passes to the national eavesdropping agency, which in turn shares the details with foreign allies.
The report underscores the fact CSIS is collaborating ever more closely with Communications Security Establishment Canada, which has come under scrutiny lately due to its participation in the international Five Eyes alliance.
CSEC, which monitors foreign telephone, satellite and Internet traffic, shares information with the U.S. National Security Agency and counterparts in Britain, Australia and New Zealand.
The American NSA has been the subject of almost daily headlines due to leaks from former contractor Edward Snowden that have revealed the agency's vast surveillance of worldwide communications.
In its report, presented to Parliament on Thursday, the Security Intelligence Review Committee recommends CSIS develop "clearer and more robust" principles of co-operation with CSEC to ensure appropriate information sharing.
"These principles should address the growing volume of challenges that have arisen between the two bodies, while respecting the individual mandates of each organization."
The review committee says CSIS, which largely gathers intelligence through human sources, normally attaches caveats to the information it shares, stipulating that the information cannot be forwarded to another agency or altered without CSIS's consent.
Such caveats are intended to ensure information is properly used and does not put someone detained overseas at risk of torture.
CSEC, on the other hand, gathers electronic signals intelligence, which is "more of a collective undertaking" with its closest allies and does not necessarily involve the same sort of caveats, the report says.
The different approaches can therefore pose a problem when CSIS shares material with CSEC — particularly in counter-terrorism cases that often involve international overlap, the committee found.
"How can you be sure, and how can you assure us that the information is being used specifically for the purpose it was gathered?" committee chairman Chuck Strahl said in an interview.
"We're just flagging the concern that, before this becomes a systemic problem, let's have a systemic solution."
The concern extends to CSIS's own dealings with Five Eyes partners.
The review committee looked at the spy agency's use of a new warrant power that allows it to keep tabs on suspected threats to Canada when they travel overseas.
The committee says that creates a possibility one of the Five Eyes partners could act independently on information supplied by Canada. "This, in turn, carries the possible risk of detention or harm to a target based on information that originated with CSIS."
In other areas, the review committee also found:
— A "noted lack of co-operation" between CSIS and CSEC on cybersecurity, despite a 2010 federal policy that says there should be no ambiguity as to which agency does what;
— A need for a long-term CSIS strategy for security in Canada's North;
— A lack of detail on the spy services' foreign operations in the CSIS director's annual report to the minister.
CSIS had no immediate comment on the report.