Good morning, Mr. Chair and members.
Thank you for providing this opportunity to appear before you today in the context of your study of SCISA—I will not repeat the long name, either in French or in English—and specifically its impact on privacy and any desired changes in light of the national security consultation and review process that is currently under way.
Today, I hope to enrich your study by focusing on three key points.
First, I will briefly outline SIRC's work in reviewing CSIS's information sharing practices with domestic partners. Second, I will provide insight into SIRC's current review examining the impact of the Security of Canada Information Sharing Act, or SCISA, on CSIS's information sharing with domestic partners.
Third, I will explain SIRC's limitations when examining these exchanges, including those made under SCISA.
I will not take much time now to describe SIRC's mandate and responsibilities. I will be pleased to answer any questions about our work following my remarks.
I will simply state that SIRC is an independent external review body that reports directly to Parliament, as you know, on CSIS activities through an annual report. SIRC has three core responsibilities: to certify the CSIS director's annual report to the Minister of Public Safety, to conduct investigations into complaints from the public that happen from time to time, and to carry out in-depth reviews of CSIS activities. Simply put, SIRC is key in providing accountability to CSIS.
The issue of information sharing was thrust in the spotlight post 9/11 as greater integration became the new modus operandi of intelligence work. As such, information sharing has been, and remains, at the forefront of SIRC's review work. In fact, I would say this issue is an integral component of almost every review we undertake: whether through the lens of a review of a particular CSIS investigation, activity or program, in Canada or abroad, SIRC must invariably examine exchanges of information with domestic or foreign partners.
SIRC assesses these exchanges against a number of criteria. We ask ourselves the following questions.
First, did CSIS act in a manner that complies with Canada's laws and legal obligations? Second, did this exchange fall within the scope of the established framework for co-operation, such as a memorandum of understanding or a foreign arrangement? Third, was the information shared factually correct and did it accurately reflect the nature and extent of the threat? Fourth, what were the disclosure risks of sharing this information, and did CSIS take appropriate action to mitigate these risks? For example, did CSIS take into consideration the human rights records of the foreign agency? Finally, did CSIS collect and retain information only to the extent that was “strictly necessary”? My colleague spoke about this idea of “strictly necessary” earlier.
As a result of this work, SIRC has put forward a number of recommendations in recent years aimed at enhancing CSIS's information sharing practices. To give you an idea, with respect specifically to domestic partners, SIRC recommended that CSIS develop clearer and more robust overarching principles of co-operation with CSEC, that CSIS finalize the completion of sections of a memorandum of understanding with CBSA, and that it develop deconfliction guidelines and renegotiate a protocol with Global Affairs Canada, which is the new Department of Foreign Affairs.
Let me move to my second point. Consistent with our ongoing scrutiny of CSIS's information-sharing practices, this year SIRC committed to a review of SCISA to gain an understanding of SCISA's impact on CSIS's information sharing with domestic partners.
As part of this work, SIRC will review all exchanges of information involving CSIS that have taken place under the authority of SCISA. This will give us an appreciation of the nature and scope of these exchanges. More broadly, SIRC will seek to assess whether existing practices were altered by the new legislation and, if so, the direction of these changes.
SIRC also intends to examine CSIS's engagements with federal partners as they move forward with the implementation of SCISA. In this context, I will echo the views of others in underscoring the importance of putting in place a supporting framework, such as specific formalized agreements between and among the various government partners involved in exchange of information under SCISA.
You have heard from witnesses who have commented on the broad nature of the threshold for sharing contained in SCISA. On this point, SIRC is of the opinion that formalized agreements to address the finer points of what information will be shared, how it will be shared, and what safeguards are attached to the information once it is shared are especially important. For this reason, in our review we will be attentive to these formalized agreements, where much of the work of determining the precise balance of security and privacy concerns will inevitably take place.
Indeed, insofar as there is always a level of interpretation, an important emphasis must be on review as a safeguard against unreasonable exchanges. For that reason, the role of review bodies such as SIRC is essential in ensuring that the proper balance is maintained.
I should end by noting that our broad access to CSIS information is key to allowing us to review CSIS's exchanges of information with partners. As you may know, SIRC—and it's important to remember this—has the absolute authority to examine all information under CSIS's control, no matter how classified or sensitive, with the only exception of cabinet confidences. Therefore, SIRC can examine all information that is shared with CSIS and, equally, all information that is shared by CSIS to its partners.
There remain blind spots, however, and this brings me to my last point. Although SIRC has great powers to review CSIS, this ability does not extend beyond CSIS. This means that SIRC cannot assess the source, validity or reliability of the information provided to CSIS by its domestic partners, nor how CSIS information or advice is used by these partners. In short, SIRC cannot follow the thread of information to allow for a more comprehensive review of CSIS's interactions and exchanges with domestic partners. We have already outlined this in previous reports.
This limitation is compounded by two other interrelated issues, which we discussed in the context of debate surrounding the Anti-terrorism Act, 2015, and SCISA. Seventeen departments with a national security nexus, including CSIS, are listed in the legislation as the recipients of information sharing in respect “of activities that undermine the security of Canada”.
The first issue is that of those 17 departments, only three—CSIS, CSE and the RCMP—are subject to a dedicated review body. There is no review mechanism to scrutinize the exchanges of information of the other 14 departments.
The second issue is that the three review bodies in question, namely, SIRC, the Office of the Communications Security Establishment Commissioner—my colleague's organization—and the Civilian Review and Complaints Commission for the RCMP, cannot carry out joint work as their legislation extends only to the respective organizations they review.
In fact, we can share some information on our results generally and on operating practices, but we cannot share information, even if our relationship is very close.
In the absence of a body with jurisdiction over the broader national security community, or to a lesser extent an ability for review bodies to work together, there will be clear accountability gaps regarding domestic information sharing.
As many have commented on, considerations of SCISA cannot be separated from an assessment of the strength of the safeguards in place to monitor the exchanges that take place under its authority.
Let me conclude by thanking you for your work on this matter. Bringing this forward in this place is important for everybody, I would say.
The government has made a firm commitment to enhancing accountability. There is no doubt, in my view, that information sharing within Canada’s national security community should be subject to appropriate scrutiny. SIRC’s work no doubt helps to further this goal.
With respect to SCISA, SIRC looks forward to communicating the results of its SCISA review when they are finalized. As I mentioned, we are in the process of doing that right now. At the same time, I will take the opportunity to affirm to the committee that information sharing has always been a priority for SIRC and that we will continue to be alive to issues of information sharing.
With my colleague, I will be happy to answer any questions you have.
Thank you, Mr. Chairman.
