Coordination

Control Delegation (CDel)

The CDel invited the OA-IA to two hearings. The topics under discussion included the audit report for ‘22-13 Legended financial flows’ (payments to undercover sources), the experiences of the OA-IA head during her first year in office, the development of the OA-IA’s practice of issuing recommendations and the 2024 audit plan.

Federal Administrative Court (FAC)

As in previous years, the OA-IA met with representatives of the FAC. Topics for discussion included current FIS operations that had come before the FAC for authorisation of information gathering measures and current developments in cable communications intelligence.

«Case law is continually evolving and the FAC is increasingly confronted with cyber-related technical issues. The OA-IA is also confronted with this challenge.»

Case law is continually evolving and the FAC is increasingly confronted with cyber-related technical issues. The OA-IA is also confronted with this challenge, as continuing digitalisation means that auditing activities are increasingly focused on information systems. The FAC and the OA-IA concluded that without information from the intelligence services on the technical context, it would be impossible for the FAC to make decisions on FIS requests for authorisation or for the OA-IA to carry out adequate audits.

Swiss Federal Audit Office (SFAO)

In addition to the abovementioned audit of the OA-IA, the following meetings were held with the SFAO:

• 20 February 2023: At this meeting, the Institute of Internal Auditors was presented to the OA-IA and the advantages and disadvantages of membership were discussed.
• 13 March 2023: Discussion of the protection criteria for employees who report harmful conduct in the Federal Administration (whistleblowing).
• 6 December 2023: The new mandate head for the DDPS introduced himself. Various aspects of coordination were discussed; if necessary, a coordination agreement should be developed in order to record the shared or diverging aspects of the various audit powers and thus avoid partial aspects of intelligence activities never being audited due to misunderstandings.

Independent Control Authority for Radio and Cable Communications Intelligence (ICA)

The OA-IA took part in all five ICA meetings.

«The integration of its supervisory activities into the OA-IA, as planned by the revision of the IntelSA, has been delayed.»

The integration of its supervisory activities into the OA-IA, as planned by the revision of the IntelSA, has been delayed. For this reason, the OA-IA continues to support the work of the ICA within the framework of coordination and is currently refraining from further preparatory activities.

Federal Data Protection and Information Commissioner (FDPIC)

As part of its audit activities, the OA-IA reviews the information systems and data processing of the supervised authorities. It can also check the supervised bodies’ retrieving of data that other, non-supervised federal authorities are responsible for processing. The FDPIC is the supervisory authority responsible for examining data processing by the federal authorities. The responsibilities of the FDPIC and the OA-IA – two authorities that are independent of the Federal Administration in the performance of their respective tasks – overlap to some extent. In order to avoid unclear responsibilities or duplication for the supervised authorities, the OA-IA and the FDPIC coordinate their activities at meetings and through regular exchange.

At a coordination meeting between the FDPIC and the head of the OA-IA in February 2023, it was agreed to formalise the current practice, which had been functional and expedient. In May 2023, the OA-IA and the FDPIC signed a coordination agreement.

Enquiries from the public

The OA-IA received 20 enquiries from the public in 2023.

Other meetings

In 2023, the director of the OA-IA met at least once with the following people to discuss various matters:

• Head of DDPS
• Chief of the Armed Forces
• Head of DDPS General Secretariat
• Director and deputy director of FIS
• Head of MIS
• Head of EOC
• Head of DDPS Internal Audit
• Head of Operations Command
• Head of Cyber Command
• IS Advisor of DDPS
• ICA member

The OA-IA can share oversight methods, processes and experiences with other oversight authorities working in the same field. This brings continuous benefits to audit activities. However, the OA-IA (unlike intelligence services) has no legal basis for substantive information sharing with foreign partner authorities. The following international meetings took place in 2023:

Online meeting with Canada’s National Security and Intelligence Review Agency (NSIRA) on 27 April 2023

Following on from an NSIRA delegation visit to Bern on 17 November 2022, the two supervisory authorities held an online meeting on 27 April 2023.

At this meeting, the NSIRA presented its history, mandate and structure. The supervisory authority was created in 2019 and is an independent body that reports to Parliament. Its main tasks are to carry out inspections and process complaints. It reviews the legality, suitability, necessity and effectiveness of the national security and intelligence activities of all ministries and agencies of the Canadian government. It concludes reviews by issuing recommendations. The activities of the NSIRA are similar to those of the OA-IA. However, the NSIRA secretariat has more than 70 members of staff and its remit is much broader than that of the OA-IA. From an organisational point of view, given the evolution of technology and its use in intelligence activities, the NSIRA benefits from the support of a specialised unit in this field.

Intelligence Oversight Working Group (IOWG)

The IOWG is an international working group comprised of representatives of the oversight authorities of Belgium, Denmark, the Netherlands, Norway, England, Sweden and Switzerland. Since November 2023, the Canadian authority NSIRA has had observer status in this working group for 2024.

IOWG staff level meeting, 25–26 May 2023, The Hague

The event began with participants presenting what had happened in their countries since the previous meeting in 2022. In future, the Netherlands will provide IOWG members with a digital platform to store presentations and administrative documents. Norway presented its communication methods and work procedures. Another topic concerned the use of cyber agents and member states’ various legal regulations in this field. Particular attention should be paid here to the distinction from OSINT. Finally, a technical expert from the Dutch supervisory authority presented his thoughts on AI and automated decision-making. There was a consensus that the services and their supervisory bodies need to address this topic in more detail.

IOWG staff level meeting, 8 November 2023, Oslo

On 8 November 2023 the staff level of the IOWG met for a preparatory meeting for the chair level meeting the following day. Work focused largely on drafting an agenda proposal for the next year’s meetings. The following topics were proposed:

• Commercially acquired datasets used by supervised services.
• Organisation of an online exchange on certain topics between the IOWG meetings.
• Exchange on the rules and practices of personnel security screening in the different IOWG countries.
• Discussion of possible international forms of cooperation between the supervisory bodies.
• Presentation of general oversight methods in the different countries.

IOWG chair level meeting, 9 November 2023, Oslo

The heads of the various supervisory bodies met on 9 November 2023. The proposed agenda at staff level was approved and all sides especially welcomes an in-depth discussion of methodology. At their request, the Canadian supervisory authority will be granted observer status within the IOWG.

IOWG meeting with a US authority and various non-governmental organisations (NGOs) on 27 November 2023, Washington DC

The IOWG organised a meeting with the Privacy and Civil Liberties Oversight Board (PCLOB) on the margins of the International Intelligence Oversight Forum (IIOF) (see below). The PCLOB is an independent agency within the executive branch established by the 9/11 Commission Act of 2007. The bipartisan, five-member board is appointed by the President and confirmed by the Senate. The Chairman is a full-time member of staff, while the four other members of the committee serve in a part-time capacity. The committee’s task is to ensure that the federal government’s efforts to prevent terrorism are reconciled with the need to protect privacy and civil liberties. Of particular interest was the exchange on the term ‘open’ in open-source intelligence (OSINT) and the rapid development and use of AI resources.

In the afternoon, meetings took place at the Center for Democracy & Technology and other NGOs. OSINT-related information gathering, in particular the use of data brokers, was also widely discussed here. The exchange then focused on the question of whether or how the intelligence services could share information and thereby circumvent the authorisation requirement for such information gathering.

European Intelligence Oversight Conference (EIOC), 9–10 November 2023, Oslo

This year’s varied conference programme included topics such as:

• Oversight methods in general;
• intelligence services’ disproportionate use of publicly available data and measures to be taken;
• fundamental exchange on the recent case law of the European Court of Human Rights;
• technical oversight methods;
• aspects of communication by supervisory authorities.

The event offered the OA-IA a good opportunity for in-person dialogue with fellow conference participants on oversight methods and legal conditions.

International Intelligence Oversight Forum (IIOF), 28–29 November 2023, Washington DC

The sixth IIOF meeting took place at the American University Washington College of Law on 28 and 29 November 2023. In addition to the OA-IA head and a member of staff, forum participants included members of administrative and parliamentary intelligence oversight authorities and representatives of intelligence services, data protection authorities and NGOs.

Discussion topics included:

• Necessary and appropriate oversight: protecting private life and national security on both sides of the Atlantic;
• the significance and consequences of the 14 December 2022 OECD Declaration on Government Access to Personal Data Held by Private Sector Entities;
• good practices on integrating guarantees into intelligence services’ operations;
• similar challenges, different framework conditions: comparing how countries regulate the activities of their intelligence services.
• Article 11 of the Council of Europe’s Convention 108+: current status, challenges and findings.

After numerous presentations and discussions, forum participants visited the Intelligence Community Campus in Bethesda. The visit included a discussion of the resources employed by the US intelligence service to ensure the consistent balance between national security interests and respect for citizens’ fundamental rights in accordance with the law.

The forum’s thematic scope and the opportunities it provides to interact with other services and authorities are enormously valuable for the OA-IA. It also allows the oversight authorities to learn from the critical and often constructive perspective of the research community (universities, NGOs, etc.). The diversity of approaches to supervisory activities – stemming from the different legal and cultural framework conditions – as well as the limitations and challenges associated with supervisory work enable the OA-IA to analyse, develop and improve its practice.