Evidence of meeting #38 for Procedure and House Affairs in the 40th Parliament, 3rd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was may.
A recording is available from Parliament.
Chief Information Officer, House of Commons
It is in the member's account. So I assume that Ms. Block had access to the document through...
Liberal
Marcel Proulx Liberal Hull—Aylmer, QC
So that email was given to the employee by a person in her office.
Chief Information Officer, House of Commons
Each member organizes things as they choose. Some delegate everything to their employees, give them access to everything, while others allow them limited access. It depends on the member, how they manage their office, who they give the keys to and don't give the keys to.
Liberal
Marcel Proulx Liberal Hull—Aylmer, QC
Right. So that means that this email did not get to the employee directly from the clerk of the Standing Committee on Finance, is that right?
Chief Information Officer, House of Commons
I can't answer that question. I really don't know the answer. I haven't analyzed the data. We replied to a request.
Liberal
Conservative
Harold Albrecht Conservative Kitchener—Conestoga, ON
Thank you, Mr. Chair.
And thank you, Mr. Bard, for being here.
In his testimony earlier today the Speaker indicated that in the distant past we had this mechanism with sheets of paper with numbers and so on.
Is there no way that a clerk of a committee could put some kind of a lock on a specific e-mail that would prevent that e-mail from being forwarded? I know we could still have the cutting and pasting and those kinds of things. It seems to me that the ease with which e-mails are sent has created a lot of problems. In fact, MPs around this table get much more communication today from their constituents because it's easy to hit “send”. We get a lot more volume.
Do you know if there are any studies being done in the technological world as to how we could make some of these documents more secure, similar to what we did with the numbering system with paper, so that it would be impossible to go forward?
Chief Information Officer, House of Commons
From the questions, I think all of you have touched on part of the answer today. There are three elements to moving documents around. It's always the technology, but a protocol and a process are the most important ones. Technology will try to adapt to that, not the other way. The critical portion, the weak link of any systems are the people—the users.
We've been helping members. We've seen behaviours where members are sending stuff all over the place. Members are sending stuff to their homes.
The objective is to allow members to communicate, not to restrict members from communicating. You can go from a very simple approach like locking a document, not an e-mail. You can decide not to send dotmail e-mail and use maybe a collaborative approach, where you go to a site to access a document, to look at a document--
Conservative
Harold Albrecht Conservative Kitchener—Conestoga, ON
And you have to have a password to get into it?
Chief Information Officer, House of Commons
That's correct. But if the member gives the password to all the staff, or the member decides to copy that document to their BlackBerry and send that out, or decides to take a copy and bring that with him on a USB key or something else, those are all the weak links. I forget my USB key in my car or at a restaurant...it's all those weak links.
And then you can go to very complex solutions. I mean, PKIs and digital right management, so if a document is classified secret, we won't allow it to get out of the precinct. But then you're adding a lot of sophistication and a lot of burden on the MPs. The process becomes very, very complex.
I think in between there is a balance of good process and good protocol, and then technology can add to that very quickly, as opposed to very, very expensive and tedious solutions you have to deal with every day. I mean, that's part of the equation.
The other aspect is the people side of things. For House employees, we have an information management policy. We have a policy on information access and security, how to classify documents, how to give access to those documents. These policies do not apply to members or their staff, and that's something you may wish to consider.
We also have an acceptable use policy on the responsibilities when you use technology resources of the House, which is also not extended to employees of the honourable members.
Conservative
Clerk of the House of Commons, House of Commons
Yes, Mr. Chairman, if I may just pick up on what Mr. Lukiwski was suggesting earlier, one of the things we've been doing over the course of this Parliament is gathering information about the restructuring of the orientation for new members and for new staff in the next Parliament.
I realize that's like the horse is gone and the barn door is closed, but nonetheless the idea is that it's the people portion of this that's the weakest link. The idea that confidentiality, especially in an era of Facebook, when privacy counts for nothing, you have to sort of.... I almost had to spell the word “confidential” when I briefed the pages this year because it was so foreign to them. So perhaps it becomes the kind of thing that all of a sudden you have to pay extra attention to, because it's just not part of people's mindset. So we will definitely be addressing that.
And it's the kind of thing where the protocols that members themselves decide to put in place in their offices, how they delegate the authority to.... Well, Mr. Albrecht was suggesting and Monsieur Bard was saying you might have a password-protected site or something like that. Well, who you trust with the password and what the understanding is between you and the employee to whom you're giving this special access of working in your name, in a sense.... But at the same time, as Monsieur Bard was saying, we don't want to get into a situation where we have so cumbersome a process that it just impedes people from doing their work and doing it well and quickly.
Bloc
Pierre Paquette Bloc Joliette, QC
I just want to be sure about one thing. The request you received for the 18th and the 19th related to the "assistant 1" account, and not the member's account or the "assistant 2" account. Is that right?
Bloc
Pierre Paquette Bloc Joliette, QC
I'm not a specialist. In fact, I am more of Mr. Milliken's school. My computer is steam powered. From what I've been told, the photocopiers in our offices have a memory function, and even if you haven't centralized the information, the information relating to the photocopies we make is stored in the computer.
NDP
Thomas Mulcair NDP Outremont, QC
Mr. Chair, it's important that we all get the message list. As a member of the committee, I have it, but because it's part of the entire process that has been put under a microscope, I can't repeat the mistake. So you should get our committee the complete list of who received the text sent on the 18th. Then we will be able to ask the questions that are needed, to find out what was sent by one assistant to another or in the member's account. We are going to have to have that list.
Clerk of the House of Commons, House of Commons
Mr. Chair, I could send the list of messages to the committee and let it know how the clerk of the committee proceeded for the distribution of the draft report.
Conservative
The Chair Conservative Joe Preston
Excellent. We were discussing whether that was possible. It wouldn't be confidential who was on the list. It's just the stuff that was in the report that's confidential.