Information & Ethics Committee on Feb. 2nd, 2017

No, absolutely not.

I would echo that no.

What do we do to ensure that the privacy of Canadians remains paramount? Like Mr. Rochon, most of our work, as I said, is directed overseas, and it's part of Canadian operations abroad.

Where we do deal with Canadians is on our counter-intelligence program, but there it really has to be restricted to something that directly affects the security of National Defence or the CAF, so it has to deal with our employees, Canadian Armed Forces personnel, our property assets, and whatnot.

In circumstances where there is a nexus to that, we generally work with partners in law enforcement and national security. The mandate of our counter-intelligence unit is very focused. It can investigate, but it is not a law enforcement agency in its own right, so generally, those circumstances are ones where we are working in co-operation with law enforcement agencies or other partners, and their rules apply.

As you said at the beginning, SCISA doesn't actually change our ability to collect information. It doesn't change the mandate under which we can use that information. All it does is provide a very useful framework to move that information between departments when it seems like that might be necessary. The protections in place are all the usual protections in terms of the charter, the Criminal Code, and the protections that are in place within the various mandates of organizations like the RCMP, CSIS, and whatnot.

We actually have a foundational operational policy, and that policy is entitled “Protecting the Privacy of Canadians and Ensuring Legal Compliance in the Conduct of CSE Activities”. I'm responsible for operational policy within our organization, and that's the foundational policy. All other policies stem from that. This shows you the importance we attach to the privacy of Canadians.

We're required by law to implement measures to protect the privacy of Canadians. That is stipulated in the National Defence Act. We have ministerial directives and ministerial authorizations that then further emphasize that. We have training in place for anyone who would be accessing information within our systems, etc. This is extensive training that we don't just produce for people who work within our organization. We actually go to partner organizations and provide them with training to make sure that they understand exactly what our mandates are, etc.

Beyond that, we have compliance regimes. We have internal oversight. We have our own audit and evaluation shop that reviews our information sharing and privacy practices. As I mentioned in my opening remarks, we have our own legal unit that reviews these practices, as well. Provided by the Department of Justice, they're there to provide us with legal advice.

Then we also have external review where we have.... I think you've had our commissioner appear before you here as a witness. We have independent and expert oversight with regard to our activities, and as I mentioned in my opening remarks, our commissioner produces an annual report that looks at our privacy practices.

Thank you very much.

To my colleagues here at Transport Canada, of course, privacy is paramount, and I will give you one example. On top of all the training we provide to our people, we run different programs within the safety and security group and with Transport Canada writ large. Within the transportation security clearance program, we receive applications from individual workers who desire to work in restricted areas within ports and airports, for example. When they sign their application, they sign a consent.

Privacy is, of course, paramount in how we share the information, but when individuals willingly come with their applications and consent, we will share the information with, let's say, the RCMP for the benefit of background checks. That's just an example from within our own programs of how individuals have to consent. It's the same thing in the air cargo security program. Businesses that wish to be part of the program have to consent to share some of the information with, let's say, the CBSA, for example.

Yes. Because we have long-standing practices of information sharing with, for example, the RCMP and CSIS, we offer people who are experts in our operational policies to go and meet with people within their shops.

We have protocols set up, so exchange of information just doesn't happen from any employee to another employee. There are strict protocols in terms of how that information is shared. As for the people who are involved in that sharing, there's an exchange and training process involved where we'll go and give sessions to explain to people exactly what the handling process is, and in some cases, there may even be testing.

I wouldn't necessarily draw that conclusion. I think Mr. Roussel mentioned that the legislation is still recent. Of course, we haven't used the legislation yet. It's difficult for me to tell you, after a year, if the legislation is very useful. However, I think it could be useful. I told Mr. Bratina earlier that we still aren't sure that people understand our mandate. There may be opportunities later for other departments to gain a better understanding of the two parts of our mandate and maybe to find situations where sharing information under SCISA would be beneficial with regard to our mandate and the mandate of other departments.

I'll just break into English, if you'll allow me, because I'm a bit more familiar with some of the terminology and how we do things.

In terms of our disclosure of information, we have a clear mandate—in part (a) of our mandate—to collect foreign signals intelligence. We do that and we don't just do it for our own purposes. We obviously do it for Government of Canada departments and agencies. As we collect information, we assess that information and disseminate it to people who are authorized and need to receive it within the departments and agencies.

There is no need for SCISA in that instance. We're going to be continuing that practice, which we've always had and which it is clear in our mandate that we can do, and it's clear that other departments and agencies have people who are in need of that information in order to receive foreign intelligence. For our disclosure, I don't foresee any usefulness, particularly. However, for people to disclose information to us—whether to help in that foreign intelligence mandate or indeed in part (b) of our mandate—I foresee that there may be some usefulness. I can't tell you for sure. I certainly wouldn't say that it's a foregone conclusion that we would never use it. I think it's too early.

Let's first go back to the aviation transportation security clearance program.

Every year, we have a data bank of approximately 20,000 applications. These are people who have security clearances to work in the restricted areas of ports and airports. Once the clearance has expired, we keep it for two years. We then dispose of it in keeping with the normal procedures. We keep it for two years in case we need to verify things and we then dispose of the information.

Yes.

The Department of Transport doesn't collect information, but uses the information of other agencies. When we have information on individuals in particular, the policy mentioned by Ms. Paquet applies.

We also don't collect information on Canadians. When we receive information of that nature, it's usually part of a judicial inquiry conducted by the RCMP, for example, that concerns a member of the Canadian Armed Forces or a National Defence employee. In these cases, we determine what we can do and how we can be useful to the inquiry. The fact remains that all this is managed by that organization's legislation and regulations. On our own, we don't have a role in collecting information on Canadians.