Presentation by Michael Doucet

SIRC Executive Director

15^th Annual Security and Privacy Conference

February 6^th 2014, Victoria, BC

Building and maintaining trust in public institutions are key tenets of a democratic society. This task is especially important, but also very challenging, when an institution cannot be subject to rigorous public scrutiny because its work must be carried out under the veil of secrecy. This is the case with the Canadian Security Intelligence Service (CSIS), which has a responsibility to collect intelligence relating to threats to Canada’s national security.

In setting out the fundamental principles on which CSIS would be based, the Royal Commission that lead to its creation noted: “In a liberal society, which as a matter of principle wishes to minimize the intrusion of secret state agencies into the private lives of its citizens and into the affairs of its political organizations and private institutions, techniques of investigation that penetrate areas of privacy should be used only when justified by the severity and imminence of the threat to national security.” The task of ensuring that this balance would be met was entrusted to the Security Intelligence Review Committee, or SIRC.

For thirty years, the Security Intelligence Review Committee (SIRC) has been a core component of a system of checks and balances to keep CSIS accountable to Parliament and to all Canadians. SIRC’s mandate is to help ensure that CSIS respects the fundamental rights and freedoms of Canadians while it investigates threats to national security both domestically and abroad. It is therefore quite appropriate for SIRC to be present at a conference that aims to stimulate dialogue on the interaction, and perhaps perceived tension, between security and privacy.

In recent months, there has been widespread media reporting on the US National Security Agency’s (NSA) surveillance activities. As expected, these allegations have fuelled worldwide public criticism about intelligence activities encroaching on citizens’ privacy. Closer to home, questions about whether our intelligence agencies may have been collecting the private communications of ordinary Canadians also sparked concerns about privacy. Unfortunately, much of this discussion has overlooked the fact that there are dedicated review bodies, which are represented here today, that work diligently to ensure that Canada’s two largest intelligence agencies carry out their work lawfully and appropriately.

To begin, I would like to give you an overview of my organization, SIRC – who we are, what we do, and how we do it. I hope this summary will provide you with greater perspective on the assurances we provide to Parliament and the Canadian public.

SIRC is an independent, external body, meaning that it is at arms’ length from the Government. SIRC does not report to any Minister, but rather directly to Parliament. SIRC has virtually unlimited power to review CSIS’s performance: with the sole exception of Cabinet confidences, meaning deliberations among Ministers, SIRC has the absolute authority to examine all information in CSIS’s holdings, no matter how classified that information may be. Our Committee is comprised of three to five Members, all Privy Councillors, who serve part-time. It is supported by an Executive Director, as well as a dozen or so full-time research and legal staff.

SIRC is a professional organization that carries out its duties with objectivity and proficiency. It has three principal functions: to conduct reviews, to certify the CSIS Director’s classified annual report to the Minister of Public Safety – which is a fairly new responsibility for us - and to investigate complaints. I would like to take moment to give you a very brief description of each of these activities.

SIRC’s reviews for any given year are designed to yield assessments across a wide range of CSIS activities. To be clear, SIRC has the ability to review any CSIS activity or operation; this means that we review why and how CSIS targets individuals, how it uses and manages human sources, how it executes very intrusive warrant powers authorized by the Federal Court, its exchanges of information with domestic and foreign partners, its operations across Canada and abroad. Given the size of our staff, we must be strategic in its selection of areas to review in order to ensure broad, representative and timely coverage of CSIS activities, operations and programs.

Our second function, the certification process, requires us to assess the CSIS Director’s annual report to the Minister of Public Safety. The Director’s report provides the Minister with information to assist him in exercising ministerial responsibility for CSIS. SIRC examines this report and then provide an assessment of the legality, reasonableness and necessity of the Service’s operational activities.

Finally, SIRC investigates complaints. Under s. 41 of the CSIS Act, SIRC investigates “any act or thing done by the Service.” Under s. 42, SIRC investigates complaints about denials or revocations of security clearances to federal government employees and contractors. Far less frequently, SIRC conducts investigations in relation to referrals from the Canadian Human Rights Commission, or Minister’s reports in regards to the Citizenship Act.

I would like to expand slightly on our review function, which offers the most tangible opportunity for SIRC to examine whether, in collecting information on threats to national security, CSIS respected Canadians’ rights, such as privacy.

CSIS derives its mandate and powers from the CSIS Act, which also sets clear limits on the type of activity that may be investigated, the ways that information can be collected, and who may view the information. For example, under s. 12, CSIS shall only collect “to the extent that is strictly necessary”, intelligence respecting activities that may “on reasonable grounds” be suspected of constituting threats to the security of Canada. These limits are echoed and further defined in ministerial direction given to CSIS. For example, CSIS must ensure that “techniques of investigation that penetrate areas of privacy [are] used only when justified by the severity and imminence of the threat to national security.”

These considerations are chief among our concerns when we review an investigation or activity. In carrying out our reviews, we ask questions related to whether CSIS’s activities and information collection was “strictly necessary”, “reasonable”, and “proportionate”. To give a concrete example, when reviewing CSIS’s activities vis-à-vis an authorized target of investigation, SIRC will assess, among other things, whether the investigative activities were proportionate to the threat posed by that individual; whether the information collected pertained only to threat-related activity; and whether related exchanges of information were carried out and tracked appropriately. As you can imagine, all these considerations have some privacy implications.

Our most recent Annual Report contains declassified summaries of the nine reviews we completed in 2012–2013. Many of these reviews had a privacy nexus as they examined, for example, CSIS’s information sharing practices with domestic and foreign partners or information collection via intrusive warrant powers.

I wish to stress that in this information age, SIRC is acutely mindful of the need for CSIS to respect its legislated information collection limits. Clearly, it is not because vast amounts of information are easily and publicly available that such information should be collected and retained by our security intelligence service.

I would like to use an example from a couple of years ago to illustrate the point I have just made about the delicate balance that must be struck.

In this particular review, SIRC chose to pay close attention to CSIS’s operational use of the internet. The review explored the strategies, policies and procedures that guide CSIS’s use of the Internet, and also set out to answer a number of essential questions. What kind of information can be obtained from the Internet that cannot be obtained through conventional means? What additional operational value does the collection of open information obtained on the internet provide to CSIS investigations? What are some of the difficulties of using the Internet as an investigative tool, and how is the Service responding to these challenges?

SIRC’s conclusion was that CSIS’s approach, in terms of policy and procedure, appeared to be sound, and allowed for the flexibility required to adapt to the challenge of a changing technological landscape. However, we also raised concerns, and made important comments, with respect to CSIS’s interaction with youth and the challenge of collecting and retaining only information that meets the “strictly necessary” test.

I will end my introductory comments here to allow time for discussion. In closing, I would submit to you that the so-called “tension” between collective security and privacy is perhaps more hyperbole than a real dichotomy. In the report of the Royal Commission that ultimately led to CSIS’s creation in the early 1980’s, there is quote from former Prime Minister Lester B. Pearson that, although dated, is still very relevant and insightful for us today. Pearson noted the importance that “the protection of our security does not by its nature or by its conduct undermine those human rights and freedoms to which our democratic institutions are dedicated.” Although the threats to our collective security have changed in nature and scope in the past thirty years, SIRC very much adheres to this viewpoint in carrying out its work.