Getting to the other protection, which is the threshold of relevance versus necessity, Mr. Fraser, you indicated that maybe the government hasn't made its case.
We had an official before us who said there was a problem they were trying to tackle that was referenced in a 2009 Auditor General's report, which was that departments had information they thought might be relevant, but they were hesitant to disclose the information, perhaps, because it wasn't clear to them that it was necessary.
They reiterated—and perhaps the legislation should be a lot clearer—that the recipient institutions remain subject to their own rules. In the case of CSIS, for example, they remain subject strictly to a test of necessity, and it's only the disclosing institutions that are subject to relevance. Is that something we ought to make crystal clear in the law, given that there seems to be a lot of confusion?