I guess I'd start by saying--and maybe you would expect me to say this--that this kind of balance, in fact, very much informed the whole process of the birth of CSIS. As you probably know, we had four years of the McDonald commission. It spoke about the need for agencies like ours to meet both the requirements of security and the requirements of democracy. The parliamentary committee that reviewed us talked about the delicate balance between collective rights and individual rights. So that has been built in, I would argue, from the get-go, but that's the sort of surface answer.
I think the more difficult question to answer is what kinds of things can you spell out for certain, and what kinds of things lend themselves to a process answer? Frankly, we went through that with the birth of CSIS. We defined our mandate in quite general terms. If you look at section 2 of our act, it talks about activities directed toward or in support of espionage or sabotage--the most general statement. But we built in a whole system of controls and review that then provide the process part to the substance. As you know--and it was quite unusual for its day--SIRC, the Security Intelligence Review Committee, and the inspector general both have complete access to all of our records, and report on a regular basis.
I think part of the answer to that balance is to define what you can, but build in a process to ensure that the world behaves properly. Presumably, that's why, for example, under section 59 of the act, both the Privacy Commissioner and the access commissioner review us. They have complete access to all of our records, and there are only four employees--as you probably know--under section 59 of the act who have the permission to look at all of our stuff. So it's isolated, but there's a system.