Exactly. So when Professors Forcese and Roach say as one of their recommendations “to make crystal clear that receiving recipients must operate within their existing mandates and legal authorities and that agencies put in place protocols for ensuring the reliability of shared information, as per the Arar commission recommendations”, I presume you would agree, but it might also make sense to go further. CSIS obviously has a necessity test built into its mandate in terms of receiving information, and it might be even better, when we look at the 17 recipient institutions, to actually subject all of them, in order to receive information, to prove the necessity of it to their mandate. Therefore we want to allow for the government's concern with respect to disclosing institutions. They're obviously not going to get into the nuts and bolts to understand necessity. They could be subject to proving relevance on disclosure, but recipient institutions wouldn't be required to show that it was necessary to their mandate.
On November 22nd, 2016. See this statement in context.