Evidence of meeting #40 for Access to Information, Privacy and Ethics in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was sharing.
A recording is available from Parliament.
12:15 p.m.
Liberal
Bob Bratina Liberal Hamilton East—Stoney Creek, ON
It's good to hear. It always raises the question for review bodies when there's someone in another office: “I've got this; do I give this to Blais or do I give this to Plouffe or not?”
12:15 p.m.
Conservative
The Chair Conservative Blaine Calkins
I'm going to give the microphone to Mr. Kelly, because your five minutes are up, or even 10 minutes. You're over already, sir.
12:15 p.m.
Conservative
Pat Kelly Conservative Calgary Rocky Ridge, AB
I'm going to return to where I was with my first question.
I think we had a good discussion. I heard plenty of emphasis on the necessity and the importance of accuracy, but I think we also had agreement that it's not a reasonable premise to start from that agencies can achieve a perfect state where mistakes are not made and inaccurate information is never shared.
I understand, Mr. Evans, that breach of privacy is a matter for the Privacy Commissioner to investigate, but if information is shared and you want to correct and update or take back or somehow deal with something that has been shared with another agency, what is the process? How do you do that? How do you improve on...?
It may not be clear that a breach has been made or that there are clear damages to somebody from a breach of privacy, but simply that a mistake has been made. Some information has been conveyed that shouldn't have been, or perhaps if it had been accurate information, it should have been, but it's been found to be inaccurate.
How do you update another agency and ensure that they are not then re-sharing or not keeping their file in good order?
12:15 p.m.
Senior Director, Operations, Civilian Review and Complaints Commission for the Royal Canadian Mounted Police
If I understand your question, it's simply a matter of the best practice. If we're looking at an RCMP file and we discover that some erroneous information has been provided to another agency, we'd certainly expect that information to be corrected. We have the authority to make recommendations to the RCMP.
It's a difficult scenario without knowing the specific context, but we have the ability to make recommendations. I would hope that the RCMP would have corrected this on their own initially. They certainly would be able to go after the information, pull it back, and make the corrections. If we did a review of a file and found that they didn't do that, we would certainly have the authority then to make the same recommendations.
12:15 p.m.
Commissioner, Office of the Communications Security Establishment Commissioner
If I could comment on this very point, you mentioned that if there's a breach of privacy, in essence it would be for the Privacy Commissioner to investigate, but I want to stress that with regard to CSE, under the law in my mandate, I have also a mandate to protect the privacy of Canadians.
Therefore, every time we conduct a review, this is part of my mandate. I have to investigate whether or not CSE activities are considered a breach of privacy. If it is the case, I have to inform both the Minister of National Defence and the Attorney General of Canada that they are acting illegally, in essence.
12:15 p.m.
Executive Director, Office of the Communications Security Establishment Commissioner
If I could just add to that, Commissioner and Mr. Kelly, we review on a regular basis a privacy incident file that CSE maintains.
12:15 p.m.
Commissioner, Office of the Communications Security Establishment Commissioner
It's called the PIF.
12:15 p.m.
Executive Director, Office of the Communications Security Establishment Commissioner
In that, there may be, for example, the issuance of a report that may have had a name wrong or a named Canadian, and the reports will be retracted and re-issued and an assessment made of whether or not any consequences would be expected from that. We're reviewing that on a regular basis.
12:20 p.m.
Conservative
Pat Kelly Conservative Calgary Rocky Ridge, AB
Mr. Evans, what proportion of the complaints that you receive regarding RCMP conduct are privacy-based?
12:20 p.m.
Senior Director, Operations, Civilian Review and Complaints Commission for the Royal Canadian Mounted Police
It's relatively small, because there's a provision in our legislation that allows us to refer a complaint to another body if it would be more appropriately dealt with elsewhere. When we receive those types, we give them to the Privacy Commissioner or the Access to Information Commissioner as well.
12:20 p.m.
Conservative
Pat Kelly Conservative Calgary Rocky Ridge, AB
Then I'll ask Mr. Blais one final question.
We've heard about real-time oversight, but that real-time oversight of CSIS's activities is simply not a reasonable expectation. Given that—and I assume you agree with that position—how close in time are your oversight actions related to CSIS operations? If information was improperly collected or inaccurate information is collected and shared, how soon would you be able to catch it and correct it through your oversight activities?
12:20 p.m.
Chair, Security Intelligence Review Committee
It's interesting, your question, because our name in English is “review committee” and in French it's
Intelligence Oversight Committee.
It's not the same. It's been there for 31 years, and I know that the first day I was appointed, I said, “What is that? It's not surveillance. Surveillance is oversight?”
Just to mention this point, we try in our review to get as close as we can to the factual points that are raised. For example, if there is an issue that is in the public domain, we try to put a team in quickly to look into the matter, but we cannot, I would say for obvious reasons, oversee when there are operations. It would be against all the rules and even the capacity of CSIS.
At the same time, we understand that our report is a little bit delayed compared to when things happen. We should remember nevertheless that in our report we mention when we did it, when CSIS reacted, and what the reaction was to it, which is the best we can do.
Maybe the committee of parliamentarians will have a little bit of oversight. I don't know, but it's the best we can do.
12:20 p.m.
Conservative
12:20 p.m.
Liberal
Wayne Long Liberal Saint John—Rothesay, NB
Thank you, Chair.
Thanks to the witnesses today.
I read a very informative article this past week. It was entitled “Canada's spy services should be more accountable”. In that article Michael Doucet was quoted a lot. Some of this may be covered, and I'll throw this out for you, Mr. Blais. I'll try to stay on topic so my colleague across the way doesn't have a coronary today.
12:20 p.m.
Voices
Oh, oh!
12:20 p.m.
Liberal
Wayne Long Liberal Saint John—Rothesay, NB
There are 17 government agencies that can share information, and then there are three—CSIS, the RCMP, and the CSE—that have independent review bodies. I quote:
“Today nobody has the ability to look at those 17 organizations from a real perspective, that is, across all organizations,” he said. The problem is not just the lack of review bodies, but the inability of these bodies to share information with each other. SIRC cannot cooperate with other bodies to review other agencies despite them sharing intelligence with CSIS. “In my opinion, it's a failing of the system....”
Can you elaborate on that and tell me if there's anything new you would do to change that?
12:20 p.m.
Chair, Security Intelligence Review Committee
You're talking about sharing information with other organizations—
12:20 p.m.
Chair, Security Intelligence Review Committee
—in Canada or elsewhere.
It remains important all the time. I precisely mentioned with my colleague Mr. Plouffe that the two organizations, CSIS and CSE, share information, but the two bodies that are looking at them cannot.
12:20 p.m.
Chair, Security Intelligence Review Committee
This is a problem that is there.