Information & Ethics Committee on May 13th, 2008

There are several answers to that. One is that in some cases the Privacy Commissioner, frankly, wouldn't like us to get rid of it, because you want to leave a paper trail or a trail so that someone can check up afterwards as to whether you were collecting it properly or not, if you see what I mean. That's the first answer.

Yes, I know. But in fact what happens is the first time, frankly, you destroy something, someone comes along and says, “Why did you destroy it? We wanted to review it to ensure that you collected it properly.” So there is again that balance, and we're subject to the archives act, and all of those kinds of things.

In terms of communications that we intercept pursuant to warrants, we debrief them, put in operational reports, and then the tapes are destroyed after a certain length of time. And that length of time varies according to the investigation.

Well, in terms of the ten, I have reviewed them. I confess that I don't have written notes.

The first recommendation is about the necessity test. You will see, from my opening remarks, that we actually have a necessity test for collection in our act. Section 12 of our act says that the “Service shall collect, by investigation or otherwise, to the extent that it is strictly necessary”, information and intelligence respecting activities we suspect of being threats to the security of Canada.

Now, the devil is in the details, and the devil is in how you interpret that. Frankly, the British have, I think, quite a good phrase. They talk about information they collect being necessary and proportional. Those are judgment calls, in some ways. I think what Chief Superintendent Paulson and I are saying is that we have to be able to exercise our judgment, subject to review, but not be hamstrung. Now, we have learned to live with that strictly necessary test. But if you drill down--and I'm sorry, because the devil is in the details--it helps if you look at specifics.

Frankly, what we collect that may be strictly necessary when we are attempting to look at someone.... In the case of a foreign diplomat, for instance, who we believe is a member of or may be engaged in espionage, our goal would be to recruit that person. Therefore, what we would collect and what we would think of being collection that is strictly necessary could be immense. We would want to know where he goes in his off hours, whether he fishes, and whether his children take skating lessons. We would want to look at ways in which we could make an approach. I think you would argue that in a different kind of investigation, one in which you were looking at a different kind of potential threat, this kind of extensive collection might not be appropriate. So it's difficult.

So that's the comment on recommendation 1.

Recommendation 2 I'm not an expert on in terms of the power to award damages.

Recommendation 4, having a clear public education mandate, seems fine.

With regard to greater discretion of the Office of the Privacy Commissioner to report publicly, again, we wouldn't have concerns about that, obviously, within the bounds of our security concerns. Yet we vet documents that are made public all the time. So hopefully, that would be fine.

On amending the Privacy Act to align it with PIPEDA by eliminating the restriction, I confess that lawyers could say much better than I whether access is sufficient now. Frankly, when I read the act, it seems to me that the intent is that she or he should have access to information--and I read out part of that section--however recorded. I don't know what the problem is, frankly.

The final one, which is strengthening the provisions governing the disclosure of personal information to foreign states, we've talked about. I believe that the CSIS Act, with SIRC and the inspector general and the requirement for them to review all the arrangements, and the fact that two ministers of the crown have to approve every single one of our foreign arrangements, builds in those kinds of protections, frankly.

I would be wary, again, of something that could be interpreted as restricting as opposed to something being an important subject that has to be reviewed on an ongoing basis.

So those are, in many ways, my general comments. My general comment at the beginning was that we're all engaged in national security: the RCMP from a law enforcement point of view, CSIS from an intelligence point of view, CBSA from a borders point of view, Transport Canada, and so on and so forth. Each of us has slightly different powers and mandates. CSIS has no powers of arrest and no ability to take measures to enforce security. We have a broad mandate: Reason to suspect an activity. So I think one has to look at the individual mandates when you're making the kinds of difficult judgments you have to make.

Mr. Zed asked me at the beginning what I would look at. I wasn't smart enough to recommend to him a book that I think is particularly good. It's a Canadian book that was written recently by Stan Cohen, from the Department of Justice. He's sort of “Mr. Charter”. He's probably been seen on the Hill a number of times testifying about the charter standards with respect to particular bits of legislation. He wrote a book called Privacy, Crime and Terror: Legal Rights and Security in a Time of Peril. There are chapters on privacy, privacy in the Privacy Act, information sharing as it affects the interests of law enforcement, national--

It's a very good discussion and a very thoughtful book. I highly recommend it.

Yes. We exchange all sorts of information. At times we have to make judgment calls.

Again, the answer is in part a process answer and in part a substance answer. First of all, we have to have an arrangement with the country. Second of all, we have to have had enough experience with them that we know they are going to respect our caveats that we've put on the information. In other words, we've had a history with them in which information has not been abused. Then we have a process by which within the service, individuals sign off as that information is sent abroad, and it's signed off by a director general.

Frankly, it depends on the situation.

We have situations--and perhaps we could take the O'Connor report as an example--where there is a seizure of hard drives. Because we're not capable of processing it, we may give a copy on CD of that hard drive to our allied services to assist us in the processing. That could contain a huge amount of information. On the other hand, it may simply be a request such as “What do you know about this person?”

Again--I'm speaking for CSIS--we would rarely answer a question that was not put into the context of why the question is being asked and for what purpose.

Indeed, it has happened that we have lost information here in Canada. Over the course of their work, some officers lost a piece of paper or a USB key. It has happened but not during an exchange with another country

It depends on the type of information.

Each case is different. If it is personal information on people who are not involved in criminal activity, yes.

Yes.