5 June 1999. Thanks to JG.
Cover graphics omitted.
of the Communications Security
|The Year in Brief
Reviewing CSE's Activities: A Permanent Model
|This is my second Annual Report, and it covers the period ending
March 31, 1998. It was a busy year that included extensive meetings and briefings
with officials at the Communications Security Establishment (CSE) and other
government departments, submitting periodic classified reports to the Minister
of National Defence on my study findings, and forging new relationships and
cementing old ones both in Canada and internationally.
I was ably represented at the first International Meeting of Inspectors General of Intelligence and Security in Canberra, Australia, in November and at follow-up discussions in Washington, D.C., in April 1998. I also had the pleasure of meeting and briefing members of the Parliamentary Intelligence and Security Committee of the United Kingdom in March 1998.
The capabilities of my Office were expanded during this period. I have a small professional staff and contractors with expertise in a variety of areas including high technology.
I discuss these topics in greater detail further on in this report, along with other matters that have captured my attention since my last report.
|Each year, the Government establishes its intelligence
requirements, including its foreign intelligence priorities. These priorities
are then communicated in writing to the Chief of CSE, by the Security and
Intelligence Coordinator, Privy Council Office. As part of its response,
CSE develops a business plan that guides the signals intelligence (sigint)
I examined the foreign intelligence priorities and the sigint business plan and I am able to confirm that for the fiscal year 1997/98, CSE's activities were consistent with these priorities.
|In the course of my review activities, I had occasion to look
at CSE's framework for sigint policies with lawfulness implications. I wanted
to examine specific CSE policies to determine whether they provided adequate
guidance to employees in the performance of their duties. I was particularly
interested in policies related to privacy issues.
I found CSE's sigint policies to be sound. The policies in place, as well as the system under which they are developed, appear to be well conceived. Moreover, the procedural documentation drafted in support of these policies is comprehensive and clearly stated.
During my examination of these policies, I did observe that while CSE has an appreciable amount of policy, it is not always at the right organizational level. However, I did not encounter any major sigint policy gaps, and I can provide my assurance that none of the gaps related to the lawfulness of CSE's activities or to the privacy of Canadians.
I noted that a cornerstone of CSE's sigint policies deals with safeguarding the privacy of Canadians. It applies to information in the possession of CSE, for the purpose of providing the government with foreign signals intelligence, in support of its foreign and defence policies.
I was able to observe that the policies require CSE employees to conduct their operational activities in strict recognition of, and adherence to, federal legislation governing the protection of the rights, privacy and freedoms of Canadians. The policies affirm CSE's commitment to respect the corresponding procedures of its close and long-standing allies, Australia, New Zealand, the United Kingdom and the United States (also known as the Second Parties). However, these procedures must conform first to the laws of Canada.
CSE undertakes explicitly to treat the communications of Second Party nationals in a manner consistent with the procedures issued by the agency of that country, provided such procedures do not contravene the laws of Canada. This is a reciprocal undertaking to ensure that the Second Parties do not target each others' communications or circumvent their own legislation by targeting communications at each others' behest. In other words, they do not do indirectly what would be unlawful for them to do directly.
During discussions, CSE officials referred to their key sigint policies as "living, breathing documents." In this regard, I noted that these policies are the subject of ongoing internal review. I also found that the policy design includes indicators to measure the effectiveness of the policy, one of which is the result of any audit carried out by the Privacy Commissioner. (I referred to his most recent findings on this topic in my last report.) Historically, these indicators have been used to guide subsequent iterations of the policy.
Among the mechanisms used to ensure that employees acquire the knowledge they need to discharge their duties lawfully are training on policies and on-the-job mentoring. I learned that over the past year, employees were also brought together to participate in an exercise to identify, among other things, the organization's core values. CSE officials stated that, without exception, all focus groups of employees identified the value of lawfulness as a core CSE value.
|I was interested to learn about internal investigations and
complaints at CSE. I examined reports and documents pertaining to all incidents
involving employees since my appointment in June 1996. I wanted to know whether
any of the incidents involved unlawful activity in the delivery of CSE's
mandate. To protect the privacy rights of the individuals involved, procedures
were adopted to ensure that their names and any other identifiers were shielded
The incidents I reviewed involved a variety of matters such as miscellaneous internal security violations and infractions; however, there were no discernible trends. None of the incidents involved unlawful activity in relation to CSE's mandate, or infringements on the privacy of Canadians.
I also wanted to know what procedures were in place for employees who resign or are released. I learned that CSE had identified, and is in the process of implementing, a comprehensive program to address these and other matters. This is a positive first step, and I intend to look at it again at a future date.
|During the year under review, my office refined its procedures
for examining the electronic gateway to the information collected and held
by CSE. Based on the results of this review and analysis, I am of the opinion
that CSE has acted lawfully in the performance of its mandated activities
since my last report. I am also satisfied that CSE has not targeted Canadian
citizens or permanent residents.
In giving assurance that CSE does not target the communications of Canadians, I would like to add, for greater certainty, that this applies to all Canadians, including the people of Québec. CSE does not target Québec communications, or the Québec sovereignty movement, and it does not have a "French Section".
The Order in Council appointing me CSE Commissioner appears in an appendix to this report. Paragraph (c) authorizes me to submit a report containing classified information to the Minister of National Defence any time I consider it advisable. Since my last report, I have submitted three classified reports to the Minister. None of these reported on unlawful activity on the part of CSE.
|The first International Meeting of Inspectors General of
Intelligence and Security was held in Canberra, Australia, in November 1997.
Office holders responsible for reviewing the activities of all or parts of
the security and intelligence community of their respective countries were
present from Australia, New Zealand, the United Kingdom, the United States,
South Africa and Canada. The South African delegates were afforded a warm
welcome given that their country's national institutions, particularly their
security and intelligence agencies, are in transition following the end of
The meeting was held at the initiative of the former Australian Inspector General, in honour of the tenth anniversary of his Office. It provided a welcome opportunity for participants to exchange information and ideas, to discuss trends and to compare models for effective review and oversight.
A broad array of options and alternatives was apparent in the mandates and organizational arrangements of the Inspectors General represented at the meeting. Some have legislated mandates, such as those in Australia, New Zealand and Canada's Inspector General of the Canadian Security Intelligence Service (csis). Others are independent of, or embedded in, the agencies they oversee. The mandates of Inspectors General in the United States run the gamut of these alternatives, and there do not appear to be hard and fast rules regarding the scope of their responsibilities or their degree of independence from the agency under their review.
It was also interesting to note the array of options for parliamentary review and oversight mechanisms. Representing the parliamentary review model were members of the United Kingdom's Parliamentary Intelligence and Security Committee, described as a committee of parliamentarians rather than a formal statutory committee of Parliament; Canada's Security Intelligence Review Committee, composed of three to five Privy Councillors appointed by the government to review the activities of csis; and members of the Joint Standing Committee on Intelligence, a committee of parliamentarians in South Africa where the government is in the process of identifying a model for intelligence oversight. In addition, participants met with Australia's Parliamentary Joint Committee on the Australian Security Intelligence Organization (asio) as part of the program.
While there were obvious commonalities, a wide range of mandated review or oversight activities was evident among the participants. These included such responsibilities as
Some participants had responsibilities as diverse as investigating fraud, waste and abuse of resources and uncovering criminal activity.
Each country's review and oversight mechanisms tend to be structured according to the division of roles, mandates and powers between their parliamentary and non-parliamentary bodies, or their executive and legislative branches of government. The division of these elements is influenced by a variety of factors, such as
It was clear that in each country represented, a determination had been made regarding the best means of achieving effective review or oversight, drawing from the pool of expertise represented by elected officials, parliamentary appointees and bureaucrats.
There was consensus that review and oversight had evolved over the years and would continue to evolve, particularly in those countries where enabling legislation has been enacted most recently. Of particular note was the general agreement that the very presence of review and oversight mechanisms tends to alter the dynamics of security and intelligence agencies, causing them to assess and, if necessary, modify the way they conduct business. Over time, these agencies have begun to appreciate that there are benefits to review and oversight, including the capability to identify and resolve problems within their own walls.
Despite the differing review and oversight mandates of those present, a number of common issues and themes emerged. For example, increased demands for greater transparency and accountability in government were a common backdrop to the activities of all participants.
Independence and objectivity were identified as essential to successful review. Overall, relationships between the review or oversight bodies and their respective agencies were characterized as formal, proper and generally cordial. All participants agreed that maintaining independence and building confidence and credibility, not only with the agency being reviewed but with the public, is a constant and delicate balancing act. They also acknowledged the inherent difficulty of maintaining public confidence on those occasions when they find no fault in the activities of the bodies they oversee or review. There was consensus, however, that maintaining the right balance was facilitated by time and experience.
The Canberra meeting opened the door for further discussions during the year. In March, I had the opportunity to pursue some of these themes in further detail when the members of the United Kingdom's Parliamentary Intelligence and Security Committee visited Ottawa as part of their North American agenda of consultations. Subsequently, in April, my staff had fruitful discussions with some of my American counterparts in Washington, D.C.
To sum up, it was clear from these discussions that review and oversight mechanisms are relatively new features in the security and intelligence community worldwide, and that they continue to evolve. They play an important role in responding to calls for greater transparency and accountability in government. By their very presence, these mechanisms encourage security and intelligence agencies to assess and, if necessary, modify the way they conduct business.
I am of the opinion that our small community of independent monitors can continue to reap significant benefits by sharing their collective wisdom on these topics.
|As I explained in my last report, I am precluded from reviewing
CSE-related matters for which other avenues of redress are established by
statute. Moreover, my review is confined to those issues that relate to CSE's
mandate. Furthermore, and as I stated at the time of my appointment, I will
not review incidents that occurred before my appointment.
I also referred, in my last report, to a limitation in my mandate regarding complaints. While I can review allegations about certain of CSE's activities, I am unable to follow up with individual complainants to tell them about my examination of their allegations and my findings.
This situation remains unchanged today. As a result, I must once again ask those concerned to derive some comfort from the general assurances I have provided elsewhere in this report on the lawfulness of CSE's activities.
It is clear that this is not a satisfactory situation. Individuals who are concerned about the activities of an agency of government ought to have recourse to an independent office where their complaints can be heard and examined.
I am optimistic, however, that this matter will be resolved in the near future, and hopefully before my next report.
|As I approach my third year as Commissioner I am frequently
asked what will happen to my Office at the end of my mandate in June 1999.
While this decision ultimately rests with the Government, I anticipate that
a number of opinions will be voiced by a variety of interested parties, along
with ideas on the best model for a permanent review mechanism.
Over the past two years, I have had many opportunities to reflect on this subject, and to consider a possible structure. As my starting point, I looked at my own Office and the attributes and requirements that I identified to discharge my current mandate. Among them are
I have also identified four elements that could have an impact on the model selected, even if they go beyond the immediate requirements and structure of a review mechanism.
|While it is clear that enabling legislation is not required to establish a permanent review mechanism for CSE, the review mechanism itself ought to be incorporated eventually in a constituent act. This raises a number of policy and related questions for the drafters of the legislation, as is evident from the array of options represented at the meeting in Australia.|
|Under the provisions of my Order in Council, I submit my reports to the Minister of National Defence. Based on my experience to date, I am of the opinion that this arrangement works well. However, I have also observed that some of my counterparts, both in Canada and abroad, report directly to Parliament. This alternative should also be examined for the permanent review mechanism.|
|My mandate is set out in the Order in Council, reproduced in an appendix to this report. It was evident from my discussions with colleagues that I have a very focused mandate. While I believe it is adequate under the present circumstances, consideration should be given to exploring alternatives for the mandate of a permanent review mechanism. It is important to ensure any permanent mechanism gives the Government, and the public, an appropriate degree of comfort with respect to CSE's activities.|
|I found great value in the exchange of ideas and experiences with my colleagues in other countries. A review of their legislation and further consultations might be of benefit. While I believe that this might reveal the need for a uniquely Canadian solution, there is often much to be learned from other countries, particularly the parliamentary models of the United Kingdom, Australia and New Zealand.|
|In my last report, I indicated that there was support in a
number of circles for enabling legislation for CSE, and this continues to
be the case. I also identified several policy issues that I thought should
be studied or revisited prior to drafting, including the scope and structure
of a legislative framework, control and accountability issues, and the scope
and structure of enshrined review mechanisms.
During the past year, I have observed a great deal of hard work to grapple with fundamental issues affecting CSE and its place in government. Moreover, I have noted increased efforts toward greater openness on matters related to CSE. I applaud these initiatives because they help build public confidence in an agency that makes an important, if secret, contribution to the government's priorities and to Canada's security and defence interests.
Drafting legislation for CSE will be a challenge that should not be underestimated, in view of the rapid pace of change in the worlds of security and intelligence and technology. I anticipate animated debates on the topic.
|My annual budget allocation remained unchanged at $500,000
for the 1997/98 fiscal year. I am able to report that during my office's
second year of operation, I discharged my mandated activities within budget.
I have a full-time working staff of two as well as a complement of people on contract who bring many years of experience in a variety of fields related to the work of my office. Some of my staff are well versed in the workings of Canada's security and intelligence community; others have special expertise in research, policy development, writing, editing and communications. More recently, I have engaged an adviser on high technology.
The year 1997/98 was my Office's first full year of operations, and it was filled with challenges and opportunities. I am satisfied with the structure and operation of my Office, and I believe that I have both the resources I need and the access to CSE that I require to discharge my responsibilities in the year ahead.