Presentation by Michael Doucet

SIRC Executive Director

Annual Meeting of the Federal, Provincial and Territorial Information and Privacy Commissioners

October 27 – 29, 2014 – Ottawa, Ontario

Slide 1: Title Slide

Good afternoon (morning) and thank you for the opportunity to speak here today. I am Michael Doucet and I serve as the Executive Director of the Security Intelligence Review Committee.

Slide 2: Overview

I would like to discuss a few important issues today regarding managing both the requirement for a strong national security foundation and the privacy rights of our citizens.

Building and maintaining trust in public institutions are key tenets of a democratic society. This task is especially important, but also very challenging, when an institution cannot be subject to rigorous public scrutiny because its work must be carried out under the veil of secrecy. This is the case with the Canadian Security Intelligence Service (CSIS), which has a responsibility to collect intelligence relating to threats to Canada’s national security.

In my time here with you, I would like to give you an overview of my organization, the Security Intelligence Review Committee, or SIRC – our history and mandate, our functions and responsibilities. Then I would like to discuss privacy and security in the context of our Annual Report which was released earlier this week. I hope this information will provide you with greater perspective on SIRC’s role, the value we provide to CSIS and the intelligence community, and the assurances we provide to Parliament and the Canadian public.

Slide 3: History

In setting out the fundamental principles on which CSIS would be based, the Royal Commission that lead to its creation noted: “In a liberal society, which as a matter of principle wishes to minimize the intrusion of secret state agencies into the private lives of its citizens and into the affairs of its political organizations and private institutions, techniques of investigation that penetrate areas of privacy should be used only when justified by the severity and imminence of the threat to national security.” The task of ensuring that this balance would be met was entrusted to the Security Intelligence Review Committee, or SIRC.

For thirty years, the Security Intelligence Review Committee (SIRC) has been a core component of a system of checks and balances to keep CSIS accountable to Parliament and to all Canadians.

Slide 4: Mandate

SIRC’s mandate is to help ensure that CSIS respects the fundamental rights and freedoms of Canadians while it investigates threats to national security both domestically and abroad. In doing so, the Committee ensures that CSIS does not undermine Canadians’ fundamental rights and freedoms while it carries out its mandate to guard against threats to national security.

I would like to underline the three main principles of SIRC, which, I believe, are at the heart of the work we carry out.

Independence - SIRC is an independent, external body, meaning that it is at arms’ length from the Government. SIRC does not report to any Minister, but rather directly to Parliament. Although Committee Members have diverse political and regional backgrounds, they sit on SIRC in positions of trust where partisan predispositions are unwelcome.

A highly competent and professional workforce – SIRC has a small, but dedicated staff with a great deal of diverse education and experience. Copies of our classified reports are sent to CSIS and the Minister of Public Safety and, historically, roughly 70% of our recommendations are accepted by CSIS, even though they are non-binding.

A productive and informed member of the national security community – SIRC staff, whenever possible and appropriate, liaise with academic, legal, intelligence, auditing and policing professionals. This helps to ensure SIRC staff stays well informed on issues related to our work. SIRC also continues to play an important role alongside Canada’s intelligence community by contributing to both the classified and non-classified dialogue on national security and evaluation/oversight.

Slide 5: Access

SIRC has virtually unlimited power to review CSIS’s performance: with the sole exception of Cabinet confidences, meaning deliberations among Ministers, SIRC has the absolute authority to examine all information in CSIS’s holdings, no matter how classified that information may be.

SIRC also regularly reviews CSIS regional and international offices. These may include an examination of surveillance, targeting authorizations, community interviews and other matters. Regional and international reviews give SIRC an opportunity to examine how Ministerial Direction and CSIS policy actually affect the day-to-day work of investigators in the field.

Slide 6: Functions and Responsibilities

SIRC is a professional organization that carries out its duties with objectivity and proficiency. It has three principal functions: to conduct reviews, to certify the CSIS Director’s classified annual report to the Minister of Public Safety and to investigate complaints. I would like to take moment to give you a very brief description of each of these activities and then I will walk you through a relevant example of the review work that we carry out.

Slide 7: Annual Report Cover

Slide 8: Reviews

SIRC’s reviews for any given year are designed to yield assessments across a wide range of CSIS activities. To be clear, SIRC has the ability to review any CSIS activity or operation; this means that we review why and how CSIS targets individuals, how it uses and manages human sources, how it executes very intrusive warrant powers authorized by the Federal Court, its exchanges of information with domestic and foreign partners, its operations across Canada and abroad. Given the size of our staff, we must be strategic in its selection of areas to review in order to ensure broad, representative and timely coverage of CSIS activities, operations and programs.

Slide 9: Certificate

Our second function, the certification process, requires us to assess the CSIS Director’s annual report to the Minister of Public Safety. The Director’s report provides the Minister with information to assist him in exercising ministerial responsibility for CSIS. SIRC examines this report and then provide an assessment of the legality, reasonableness and necessity of the Service’s operational activities.

Slide 10: Complaints

Finally, SIRC investigates complaints. Under s. 41 of the CSIS Act, SIRC investigates “any act or thing done by the Service.” Under s. 42, SIRC investigates complaints about denials or revocations of security clearances to federal government employees and contractors. Far less frequently, SIRC conducts investigations in relation to referrals from the Canadian Human Rights Commission, or Minister’s reports in regards to the Citizenship Act.

Slide 11: Privacy Vs Security

I wish to stress that in this information age, SIRC is acutely mindful of the need for CSIS to respect its legislated information collection limits. Clearly, it is not because vast amounts of information are easily and publicly available that such information should be collected and retained by our security intelligence service.

I would like to use an example from this year’s Annual Report.

In our 2013–2014 review cycle, SIRC examined the operations of the Security Screening Branch of CSIS. Security Screening is one of CSIS’s primary responsibilities and also one of its most visible. In fact, most, if not all, of you will have some level of security clearance. As part of this function, CSIS advises and assists the Government in preventing individuals who may pose a threat to Canada from obtaining either status or entry into Canada, as well as individuals who represent such threats from accessing sensitive sites, assets or information.

So, how does a review about security screening relate to privacy?

Slide 12: Findings and Recommendations from SSB Review

This review examined not only the operations of the Security Screening Branch, but how the information collected was used within CSIS. SIRC believes that the secretive nature of CSIS’s information collection is precisely the reason why CSIS must be diligent in its use of personal information. For this reason, SIRC identified a serious concern that changes to the internal use by CSIS of the information it collects for security screening purposes could be in contravention of the Privacy Act, or could leave room for abuse regarding the use of such information.

SIRC noted in the review that no Privacy Impact Assessment had been performed even though CSIS had made large systemic changes to how it shares and uses personal information.

SIRC recommended that CSIS consult with the Office of the Privacy Commissioner before the end of 2013 on the changes affecting the internal use of information collected for security screening purposes. The Committee felt that this was a significant enough issue to make this review a Section 54, which is a special report that goes directly to the Minister of Public Safety.

CSIS responded by informing SIRC that it wrote to the OPC in December of 2013 to advise that a PIA was being prepared on a broader CSIS information-management initiative. According to CSIS, the OPC will be able to examine the privacy issues raised by SIRC in this review within the context of this larger Assessment.

To be honest, we were disappointed with this response. We have on-going concerns that this information continues to be accessed and used in a way that may be in contravention of the Privacy Act and delaying an assessment by the OPC may only serve to exacerbate the problem.

Slide 13: Looking Forward

As we have seen recently with the public concern surrounding privacy and information collected and sold by large internet companies and social media, simply being able to collect information does not necessarily mean that you should have it, and having it does not necessarily mean that you can do with it what you will. In the future, citizens and consumers will start to seek the types of assurances from businesses that they currently receive from government in the form of review, evaluation and audit.

For SIRC, there have been many changes in the security, intelligence, and certainly technological landscape over the last 30 years. There is some debate now as to whether the legislation that created CSIS and SIRC is still as relevant today as it was in 1984. As we mark our 30^th anniversary this year, we will be looking at our role – where we started, where we are and where we are heading. For more on that, I will encourage you to keep an eye out for our Annual Report which will be released in coming weeks.

Slide 14: Questions?

I will end my introductory comments here to allow time for discussion. In closing, I would like to refer to the Royal Commission that ultimately led to CSIS’s and SIRC’s creation in the early 1980’s. In the report, there is quote from former Prime Minister Lester B. Pearson that, although dated, is still very relevant and insightful for us today. Pearson noted the importance that “the protection of our security does not by its nature or by its conduct undermine those human rights and freedoms to which our democratic institutions are dedicated.” Although the threats to our collective security have changed in nature and scope in the past thirty years, SIRC very much adheres to this viewpoint in carrying out its work.