Procedure and House Affairs Committee on Dec. 9th, 2010

Evidence of meeting #38 for Procedure and House Affairs in the 40th Parliament, 3rd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was may.

A recording is available from Parliament.

On the agenda

Question of Privilege Relating to the Premature Disclosure on November 18, 2010, of the Confidential Draft Report on the Prebudget Consultations of the Standing Committee on Finance by an Employee of the Member for Saskatoon—Rosetown—Biggar.

MPs speaking

Joe Preston
Yasmin Ratansi
Peter Milliken
Tom Lukiwski
Pierre Paquette
Claude DeBellefeuille
Thomas Mulcair
Judy Foote
Harold Albrecht
Marcel Proulx

Also speaking

Audrey O'Brien  Clerk of the House of Commons, House of Commons
Rob Walsh  Law Clerk and Parliamentary Counsel, House of Commons
Louis Bard  Chief Information Officer, House of Commons

12:25 p.m.

Clerk of the House of Commons, House of Commons

Audrey O'Brien

Mr. Chair, perhaps I could just say something before Monsieur Bard goes into the more technical aspect, if he has anything to suggest. He certainly, as the CIO, and I are extremely preoccupied at all times with security and we have a lot of discussions about technological security, especially given the proliferation of devices, and so forth. But as the WikiLeaks business indicates to everybody, regardless of the level of security attached to particular documents, ultimately it comes down to the integrity and the trust of people who are using the system.

One of the things we are always trying to balance is to have security of the system but at the same time to leave it sufficiently flexible so that members are not impeded by many protocols to get through to do their daily business. You can go overboard where you have so many protocols in place that it impedes business but it doesn't actually make that much difference to the security.

We think we have a secure network. Perhaps Louis, as the CIO, and his officials could come up with some suggestions for the committee in terms of better approaching these confidential documents, but it becomes a question of how far we can go without locking down the whole system.

As Monsieur Mulcair has been pointing out, the fact is that for the distribution of this document, on the very first page it says in black and white to everybody that this is a confidential document and any kind of distribution might leave you open to a charge of contempt or a question of privilege. That is a big warning right there. As I see it, the value of this committee and of its eventual report is really to sensitize both the members and the staff of members and staff at the House to how seriously we have to take this business of secure information and the confidentiality thereof.

12:30 p.m.

Conservative

Tom Lukiwski Conservative Regina—Lumsden—Lake Centre, SK

I agree totally. As I mentioned, I don't know if there is any kind of fail-safe protocol that we could put in place that would prevent this from happening again. Quite frankly, it may be something where we have to spend more time on the mentoring aspect of things. When I first came to Parliament, we had a brief orientation session on a number of things. This wasn't one of them.

One might argue that it's common sense, and sure, a lot of it is common sense. If you see a confidential stamp on a document, I don't think there are too many stupid people working on this Hill in members' offices, and you should know right away that this isn't something you can distribute. By the same token, it might be wise for us as an institution to engage in a better mentoring program or a more vigorous mentoring program for all of our members when they come in, and talk about things such as security.

I'll leave it at that. I think the time has expired anyway.

12:30 p.m.

Conservative

The Chair Conservative Joe Preston

Two seconds and you're done.

Madame DeBellefeuille.

12:30 p.m.

Bloc

Claude DeBellefeuille Bloc Beauharnois—Salaberry, QC

Thank you, Mr. Bard. Your appearance at our committee always gives us a better understanding of computers.

If I am not mistaken, you told Mr. Proulx earlier that you didn't keep a record of everything sent on the Hill from the fax machines in our offices. That applies to photocopiers too, I imagine.

12:30 p.m.

Chief Information Officer, House of Commons

Louis Bard

Absolutely.

12:30 p.m.

Bloc

Claude DeBellefeuille Bloc Beauharnois—Salaberry, QC

And telephones?

12:30 p.m.

Chief Information Officer, House of Commons

Louis Bard

Certainly all calls are recorded, but that is done by the service provider. We don't really have access to that information.

12:30 p.m.

Bloc

Claude DeBellefeuille Bloc Beauharnois—Salaberry, QC

Right.

I am not very familiar with the PIN to PIN system. I think it doesn't allow for sending files as attachments.

Yes, you can do that?

12:30 p.m.

Chief Information Officer, House of Commons

Louis Bard

You can't attach a document, but you can do a copy and paste and send virtually the entire document.

12:30 p.m.

Bloc

Claude DeBellefeuille Bloc Beauharnois—Salaberry, QC

Right.

I think the memory capacity we have on the Hill for storing data on our computers is not very high. We often have to delete documents so our BlackBerrys don't get full, for example. If we want those files to be truly deleted, we delete them once, and then permanently.

When we check the "delete", "empty trash" and "delete permanently" options, do the files disappear from your sight? You no longer have access to them? If I call you less than a month later and ask you to recover what I permanently deleted, will you be able to do that?

12:30 p.m.

Chief Information Officer, House of Commons

Louis Bard

As I explained earlier, given that we take the equivalent of a snapshot every evening, somewhere in time, that information will be available.

12:30 p.m.

Bloc

Claude DeBellefeuille Bloc Beauharnois—Salaberry, QC

Even if I have removed it.

12:30 p.m.

Chief Information Officer, House of Commons

Louis Bard

Even if it has been completely removed, we can go back to try to recover that item. However, it is a lot of work. When we receive millions and millions of emails and documents, it isn't easy to do, but there is always a way of searching and doing searches to try to help a member.

12:30 p.m.

Bloc

Claude DeBellefeuille Bloc Beauharnois—Salaberry, QC

But your success isn't guaranteed, if I have deleted everything once and for all before your snapshot. Is that right?

12:30 p.m.

Chief Information Officer, House of Commons

Louis Bard

That is very probable.

12:30 p.m.

A voice

What is very probable?

12:30 p.m.

Chief Information Officer, House of Commons

Louis Bard

It is very probable that the document has been lost. And if I sent it out externally, I will at least be able to have a log as proof it was sent.

12:30 p.m.

Bloc

Claude DeBellefeuille Bloc Beauharnois—Salaberry, QC

I'm not sure I understand. My knowledge is not very extensive. If I'm not mistaken, I can send a file, for instance, to a lobby outside the Hill, and even if, right after I send it, I delete it once and for all...

December 9th, 2010 / 12:30 p.m.

Chief Information Officer, House of Commons

Louis Bard

I will have at least a log that will tell me you sent something externally and the title of the document.

12:30 p.m.

Bloc

Claude DeBellefeuille Bloc Beauharnois—Salaberry, QC

There will be the title of the document even if I deleted it permanently.

12:30 p.m.

Chief Information Officer, House of Commons

Louis Bard

When I talk about the title, you have to be careful. I can send something externally and I may have changed the title, I may have changed the name, I may have passed myself off as someone else.

When we analyze the data and we think there has been malicious intent, there is an investigation. The data can be observed in a thousand and one ways. Someone may have sent an email several times with the same document title, but that doesn't mean the document is still attached.

This involves communications, correspondence. It takes a much more in-depth analysis. If we wanted to know whether something malicious happened, would we want to investigate all committee members? Would we want to search in the text or just the title? There are all sorts of ways to examine and analyze information. It becomes an enormous exercise that has to be done by qualified people.

12:35 p.m.

Bloc

Claude DeBellefeuille Bloc Beauharnois—Salaberry, QC

I would like to be sure I have understood properly. If we wanted to get access to a member's emails, we would absolutely have to have permission from the member in question.

12:35 p.m.

Chief Information Officer, House of Commons

Louis Bard

Under the protocol, whether with the caucuses or with the whips, the house leaders or members, I always have great respect for confidentiality. I work for every member. If a member asks me to help search through their drawers, I am going to help them.

However, once we get outside that situation and someone else—it may be the whip, the Speaker—asks me, it is enough to clarify the situation for me. Personally, in 18 years, I have never had to respond to a committee asking me to go and search the office of a member to see what's there.

12:35 p.m.

Bloc

Claude DeBellefeuille Bloc Beauharnois—Salaberry, QC

Thank you.

12:35 p.m.

Conservative

The Chair Conservative Joe Preston

Thank you.

Mr. Mulcair.