Presentation by Michael Doucet

Evanta CISO Conference – Vancouver, 4 June 2014

Presentation by SIRC (M. Doucet)

Good afternoon (morning) and thank you for the opportunity to speak here today.

Building and maintaining trust in public institutions are key tenets of a democratic society. This task is especially important, but also very challenging, when an institution cannot be subject to rigorous public scrutiny because its work must be carried out under the veil of secrecy. This is the case with the Canadian Security Intelligence Service (CSIS), which has a responsibility to collect intelligence relating to threats to Canada’s national security.

In setting out the fundamental principles on which CSIS would be based, the Royal Commission that lead to its creation noted: “In a liberal society, which as a matter of principle wishes to minimize the intrusion of secret state agencies into the private lives of its citizens and into the affairs of its political organizations and private institutions, techniques of investigation that penetrate areas of privacy should be used only when justified by the severity and imminence of the threat to national security.” The task of ensuring that this balance would be met was entrusted to the Security Intelligence Review Committee, or SIRC.

For thirty years, the Security Intelligence Review Committee (SIRC) has been a core component of a system of checks and balances to keep CSIS accountable to Parliament and to all Canadians. SIRC’s mandate is to help ensure that CSIS respects the fundamental rights and freedoms of Canadians while it investigates threats to national security both domestically and abroad.

To begin, I would like to give you an overview of my organization, SIRC – who we are, what we do, and how we do it. I hope this summary will provide you with greater perspective on the assurances we provide to Parliament and the Canadian public.

SIRC is an independent, external body, meaning that it is at arms’ length from the Government. SIRC does not report to any Minister, but rather directly to Parliament. SIRC has virtually unlimited power to review CSIS’s performance: with the sole exception of Cabinet confidences, meaning deliberations among Ministers, SIRC has the absolute authority to examine all information in CSIS’s holdings, no matter how classified that information may be. Our Committee is comprised of three to five Members, all Privy Councillors, who serve part-time. It is supported by an Executive Director, as well as a dozen or so full-time research and legal staff.

SIRC is a professional organization that carries out its duties with objectivity and proficiency. It has three principal functions: to conduct reviews, to certify the CSIS Director’s classified annual report to the Minister of Public Safety and to investigate complaints. I would like to take moment to give you a very brief description of each of these activities and then I will walk you through a relevant example of the review work that we carry out.

SIRC’s reviews for any given year are designed to yield assessments across a wide range of CSIS activities. To be clear, SIRC has the ability to review any CSIS activity or operation; this means that we review why and how CSIS targets individuals, how it uses and manages human sources, how it executes very intrusive warrant powers authorized by the Federal Court, its exchanges of information with domestic and foreign partners, its operations across Canada and abroad. Given the size of our staff, we must be strategic in its selection of areas to review in order to ensure broad, representative and timely coverage of CSIS activities, operations and programs.

Our second function, the certification process, requires us to assess the CSIS Director’s annual report to the Minister of Public Safety. The Director’s report provides the Minister with information to assist him in exercising ministerial responsibility for CSIS. SIRC examines this report and then provide an assessment of the legality, reasonableness and necessity of the Service’s operational activities.

Finally, SIRC investigates complaints. Under s. 41 of the CSIS Act, SIRC investigates “any act or thing done by the Service.” Under s. 42, SIRC investigates complaints about denials or revocations of security clearances to federal government employees and contractors. Far less frequently, SIRC conducts investigations in relation to referrals from the Canadian Human Rights Commission, or Minister’s reports in regards to the Citizenship Act.

I would like to expand slightly on our review function by taking you through, as much as I can, one of our reviews. While not from this year, I feel that the subject matter and the findings and recommendations we made would be of interest to you.

In SIRC’s review of CSIS’s Use of the Internet, we set out to examine CSIS’s approach to investigative activities involving the Internet, both in terms of policy and procedure, in order to determine whether or not those policies and procedures were sound and had sufficient flexibility to adapt to the Internet’s rapidly evolving nature.

Of concern to national security is the growing contribution the Internet has on the radicalization of individuals, both in Canada and abroad, who may become threats to Canadian interests. The Internet plays an important role at every stage of radicalization, giving direct access to unfiltered extremist ideology, as well as providing an anonymous virtual meeting place for like-minded radical individuals. It also offers opportunities to build relationships and gain expertise and skills that were previously only provided in overseas training camps, thus giving potential terrorists easy access to operational information to help plan and execute a terrorist attack.

This review explored the existing strategies, policies and processes which guide CSIS’s operational use of the Internet. It examined a number of questions, such as:

• what kind of information can be obtained from the Internet that cannot be obtained through conventional means?
• What additional operational value does the collection of open information obtained on the Internet provide to CSIS investigations?
• What are some of the difficulties of using the Internet as an investigative tool, and
• how is the Service responding to these challenges?

To answer these questions, SIRC examined the role and contribution of a specialized unit. SIRC also looked at Service activities to understand how CSIS used the Internet to enhance its traditional investigative methods. SIRC examined an assortment of CSIS corporate and operational information and documentation and held briefings.

Over the course of the research, SIRC identified two considerations for CSIS when using the Internet for operational purposes.

The first consideration related to youth. Almost all youth spend time on the Internet. They are also often targets for extremist Internet propaganda. As a result, the likelihood of CSIS coming into possession of information dealing with minors in the course of its investigations has increased. CSIS interactions with young Canadians will no doubt increase as the Internet continues to be a prominent radicalizer of youth. Indeed, many of the products that have been put on the Internet for recruitment or radicalization purposes are designed to attract the youth market. In its review, however, SIRC came across several instances where CSIS collected and reported on information pertaining to minors. The volume of information pertaining to young people being entered – and therefore permanently retained – in operational reporting, is on the rise.

Ministerial Direction and internal CSIS direction have already stressed the need for CSIS to give special consideration when dealing with youth. Therefore, SIRC recommended that CSIS should impress upon its employees the need to exercise added caution when collecting and retaining information relating to a youth.

The second consideration related to open source information. CSIS derives its mandate and powers from the CSIS Act, which also sets clear limits on the type of activity that may be investigated, the ways that information can be collected, and who may view the information. For example, under s. 12, CSIS shall only collect “to the extent that is strictly necessary”, intelligence respecting activities that may “on reasonable grounds” be suspected of constituting threats to the security of Canada. These limits are echoed and further defined in ministerial direction given to CSIS.

Although a great deal of open source information can be collected from the Internet, SIRC reminded CSIS employees that such information should still be subject to the same “strictly necessary” test as information received from other sources.

Reviews such as this one highlight some of the changes in the security, intelligence, and certainly technological landscape that have taken place over the last 30 years. There is some debate now as to whether the legislation that created CSIS and SIRC is still as relevant today as it was in 1984. As we mark our 30^th anniversary this year, we will be looking at our role – where we started, where we are and where we are heading. For more on that, I will encourage you to keep an eye out for our Annual Report which will be published this fall.

I will end my introductory comments here to allow time for discussion. In closing, I would like to refer to the Royal Commission that ultimately led to CSIS’s and SIRC’s creation in the early 1980’s. In the report, there is quote from former Prime Minister Lester B. Pearson that, although dated, is still very relevant and insightful for us today. Pearson noted the importance that “the protection of our security does not by its nature or by its conduct undermine those human rights and freedoms to which our democratic institutions are dedicated.” Although the threats to our collective security have changed in nature and scope in the past thirty years, SIRC very much adheres to this viewpoint in carrying out its work.