Mr. Chair and members of Parliament, thank you very for the invitation to appear here this afternoon.
It’s my distinct pleasure to speak to you today about the Security of Canada Information Sharing Act, or SCISA.
Before I speak about SCISA and provide my organization's perspective on it, I'd like to provide some background on the role of my organization because I think it is perhaps not as well known as some of the others.
The chief of defence intelligence, or CDI, is the functional authority for defence intelligence in Canada. The CDI is also the commander of the Canadian Forces intelligence command, or CFINTCOM, an organization with a mandate to provide credible, timely, and integrated defence intelligence capabilities, products, and services to the Canadian Armed Forces, the Department of National Defence, the Government of Canada, and our allies in support of Canada's national security objectives.
Defence intelligence is a key element in the ability of the Government of Canada to make informed decisions on defence issues, national security, and foreign affairs. You can be assured that our intelligence capability is world class, boasting a strong team of dedicated professionals and benefiting from productive relationships with other government departments as well as our partners in the Five Eyes community
CFINTCOM focuses the vast majority of its energy on foreign military threats and support to CAF operations abroad. However, I appreciate the opportunity to discuss domestic information sharing under SCISA and turn now to the subject at hand.
First, please allow me a word concerning our current information-sharing authorities outside of SCISA and the measures we take to protect personal information when it comes into our care. Department of National Defence and the Canadian Armed Forces information-sharing activities are generally conducted under the crown prerogative for National Defence, and we have in place a robust governance regime that includes numerous policies, memoranda of understanding, and other information-sharing arrangements as well as oversight and accountability mechanisms related to the handling of that information.
The majority of the information that National Defence and the CAF share and receive is operational and not personal in nature. This can include information regarding deployed CAF assets, defence intelligence in support of operations such as satellite imagery products, or imagery in support of activities undertaken with foreign defence partners.
However, although SCISA could be used to receive and share that type of information, the Crown prerogative also serves as the legal basis to receive and share personal information in the national security field as part of the mandate of the national counter-intelligence program.
Under this program, the Canadian Armed Forces ensure that threats to the security of National Defence and the Canadian Armed Forces in Canada or on deployments abroad are identified, investigated and countered.
In fulfilling this mission, the Canadian Forces national counter-intelligence unit shares and receives information, including personal information, with police and security intelligence agencies under the auspices of the security intelligence liaison program. Activities conducted under this program are authorized by an internal oversight to ensure compliance and consistency with the national counter-intelligence program's mandate, including that the receipt and dissemination of information is carried out in accordance with National Defence and CAF policy and access to information and privacy legislation.
With respect to SCISA, let me first point out that the act does not create or expand the collection mandates of any federal departments or agencies, including those who use the act. Any information that will be shared with listed departments or agencies will have been collected lawfully and in accordance with the collector's mandate. The type and nature of information that is being shared with listed departments and agencies are the same as they have been receiving in the past. Only the sharing has been facilitated.
The main contribution of SCISA is the following. A department that will have collected information in accordance with its mandate, and therefore for a certain purpose, is now able to share that information with another department, even though the recipient will use it for a different purpose, as long as it is in line with its mandate and the information relates to an activity that undermines the security of Canada.
Further, only the head of an institution listed in the schedule or his or her delegate can receive this information. This is a marked departure from normal business where anyone in an organization can be part of a sharing arrangement. Having the head of the institution involved helps ensure that the requirements will be followed.
At the time of our last communication to the Privacy Commissioner in September 2016, DND and the CAF had not shared or received any information under SCISA. Since then, there has been a single instance in which we shared information under the act.
In addition to the authority found under SCISA, other forms of authority, notably the crown prerogative, can and will continue to be used by DND and the CAF. Note that SCISA does not in any way limit or affect the information-sharing authorities provided under the prerogative. For clarity, this is stated in the act itself in section 8. SCISA does, however, assist other government organizations in sharing with DND and the CAF. For this reason, we remain supportive of SCISA and wish to remain on the list of recipient organizations in schedule 3 of the act.
Should a government institution wish to share information with DND or the CAF under SCISA, we will adhere to the following process for receipt. Discussions with the providing institution will take place to establish whether the information is relevant and within our mandate to receive and whether it relates to activities that undermine the security of Canada. Once received, the information will be examined to determine which internal organizations in DND and CAF should have access to it.
Any information received under SCISA will be assessed in accordance with the requirements of the Privacy Act, the Access to Information Act, and all associated Treasury Board Secretariat policy and direction.
This concludes my presentation.
Thank you for your attention, and I look forward to answering your questions.