Evidence of meeting #43 for Procedure and House Affairs in the 40th Parliament, 3rd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was report.
A recording is available from Parliament.
Noon
Liberal
Scott Andrews Liberal Avalon, NL
So it also cannot be tracked when two individuals communicate using that type of communication.
Noon
Chief Information Officer, House of Commons
No. At this point, we have no mechanism to do that. When you do a PIN to PIN it goes directly to the BES environment--again, RIM's environment--and then there's no mechanism unless you decide to do so or to put one in place some mechanism, but again, you're putting a mechanism on something that is totally unsecure.
Noon
Liberal
Scott Andrews Liberal Avalon, NL
Mr. Bard, there is software available out there to track PIN-to-PIN communications. Some financial institutions and government agencies do use this software to track this material, these communications. In a recent CIBC court case, these records were subpoenaed for that purpose. Why have we not, in the environment we are in--government--tracked these communications? Because it's an open forum for people to communicate that would circumvent any freedom of information or ATIP request.
12:05 p.m.
Chief Information Officer, House of Commons
Well, when you're using PIN to PIN, you are avoiding completely the current environment. That means you're using cellular technology to be on the air, wherever you are, and then you're sending that message. It's the same thing if you lose that BlackBerry and somebody uses it and can communicate on your behalf using PIN to PIN. You're totally avoiding the basic rule of why you want to use that technology. PIN to PIN is good for messaging something that is not confidential. You don't want to transmit reports using PIN to PIN. There may be some software out there, but believe me, the PIN to PIN is a very unsafe and unsecure technology.
12:05 p.m.
Liberal
Scott Andrews Liberal Avalon, NL
But people do use this, and on the Hill it's common wisdom that if you use this type of communication, it will not be tracked. It's off the grid. Is that something that concerns you and should we be looking at the technology to be able to trace that?
I have one other question. You can track SMS text messages, though...? You can retrieve those. Is that correct?
12:05 p.m.
Chief Information Officer, House of Commons
We have provided some caucuses on that point with a good explanation about mail communications, all the communications, and what is protected and what is not protected. I would be very pleased to send this to this committee, this particular documentation, but at the same time--and Madam O'Brien mentioned this--there are questions of responsibility and of what you intend to use for which purpose.
If you want to use those technologies to really, really do your day-to-day business, then you are completely avoiding the security measures we have in place at the House of Commons. That's why the committees and members of Parliament have to be cognizant of what is available, what is not available, and how you want to use this technology.
Whenever you are using PIN to PIN, you are using the cellular phone environment. How many of you call us and say, “Well, I'm on my cellular phone right now, so be careful on what you're telling me or what we're talking about”? PIN to PIN is exactly the same thing. If you believe that this technology could be the right one for you, then this is where you have to assess the risk of data technologies, but for me to tell you that using PIN to PIN using some software will be very secure, it's not...I can't tell you that. It's not.
12:05 p.m.
Liberal
Scott Andrews Liberal Avalon, NL
Yes, I get that, but my question was, shouldn't we be able to track that information on a server somewhere here in this building? Because it's available to us...and people are not all ethical when they use their communications, so....
12:05 p.m.
Chief Information Officer, House of Commons
Only the members can really answer that because, again, we've been trying to provide an open platform for members of Parliament to operate in, one that respects your uniqueness and the way you are conducting your business. Therefore, there are vehicles in place that are very secure and very organized. We do logging; we do this and we do that. There are other areas where I think we give members flexibility. There is the fact that members may have an auxiliary cellular phone and may have a separate, outside Internet address and different computers that are personal. I mean, you are the judge of that. I'm not here to impose a discipline on you.
12:05 p.m.
Clerk of the House of Commons, House of Commons
If I may, Mr. Chairman, with regard to the question of being able to track, which I take it is what Mr. Andrews is particularly interested in, the kinds of logs we keep and so forth really are done...again, coming back to this business application support, it's a question of recovering for people who've lost things and want a record of them. It is to recover for the sender, for the MP's office or the research bureau or whoever, what they might have lost or what they might need for archival purposes.
So the approach, in terms of archiving and whatnot, is not one of saying that we want to systematically have a record of every communication in the event that we want to go back and forensically trace who said what to whom when. That's not what it's about. The purpose of it is to recover for people who might have lost their original communication, and that's why we've never explored the idea of trying the software you were talking about to track PIN-to-PIN numbers. That's part of the flexibility we give members, and it's up to members to decide how they want to use it.
12:10 p.m.
Conservative
The Chair Conservative Joe Preston
Thank you, Mr. Andrews. You are past seven minutes.
We'll go to Mr. Lukiwski, please.
12:10 p.m.
Conservative
Tom Lukiwski Conservative Regina—Lumsden—Lake Centre, SK
Thanks, Chair.
Thank you both, Monsieur Bard and Madam O'Brien, for being here.
One of the things we're trying to do or at least that I think is one of the primary objectives of this committee's study is to see if we can ensure that we can develop protocols that prevent this type of situation from happening in the future. My questions to you are along that line.
Does the House currently have the technological capability to put any locks on confidential reports? By that, I mean to prevent a confidential report from being forwarded on to someone else or printed off.
February 10th, 2011 / 12:10 p.m.
Chief Information Officer, House of Commons
Yes, absolutely. Some committees have used those technologies already. A lot of things currently exist that can really facilitate a lot of that.
I was explaining to Madam O'Brien earlier that at the preplanning stage for a report, the committee clerk, with the chair, and I suppose the committee members as well, decide on the format, the preparation, etc., okay? I think that's a very good vehicle because the committee has control of its report. I think we should really be working with the committee directorate to develop extra procedures, such as a set of questions we need to answer or ask at that point about securing the report.
If the report is of a very confidential nature, well, you may decide that you will not distribute the report electronically but will prepare physical copies and use watermark technologies--you would add a unique identifier for each member of Parliament who has a copy of that report.
You could also decide to password-protect this particular document. You can add properties, such as no copying and no printing, and so nobody can change a document.
You can also decide, as an example, to keep the document on a répertoire somewhere, where you can only access it from your environment. Then you can apply all kinds of protection and security and not use the e-mail system to distribute the document.
There are numbers of vehicles that are there today at your fingertips, I think, for the approach of taking that extra step at the preplanning stage of reports to address a lot of these questions, and in addition to that, when you make those decisions, what should be some reminders for the members. Because at the end of this, if you are making copies yourself in your offices, or if you are sending a report through a Hotmail account or through your PIN devices or some other mechanism, the members also have a very important role in terms of how to participate in protecting this environment. A lot of things already exist without any investment.
12:10 p.m.
Conservative
Tom Lukiwski Conservative Regina—Lumsden—Lake Centre, SK
You've mentioned that some committees are engaging in some of these protocols and practices right now. You've mentioned a number of safeguards, frankly, a few of them that I'm familiar with and some that I'm not. Would you be able to provide to this committee a list, whether they be suggestions or just protocols and procedures that already exist, that we may be able to examine? Because I think this committee would have the ability, then, to advise or perhaps even recommend to all standing committees that certain protocols and procedures be put in place for future use in dealing with confidential documents.
But it would be very helpful, I believe, if we could get that information from you so that we don't have to either reinvent the wheel or invest a lot more money technologically to adapt to some of the security provisions we may want to take a look at. Would you then be able to produce such a report for our committee for our consideration?
12:10 p.m.
Clerk of the House of Commons, House of Commons
We'd be happy to provide that kind of written report to the committee. Yes, we could do that.
12:15 p.m.
Conservative
Tom Lukiwski Conservative Regina—Lumsden—Lake Centre, SK
Chair, based on that, I'm real happy. That's kind of what I was looking to get to begin with, so I'll cede my time to the next speaker.
12:15 p.m.
Conservative
The Chair Conservative Joe Preston
Thank you. That's very good. That's exactly what we're looking for.
Madame DeBellefeuille.
12:15 p.m.
Bloc
Claude DeBellefeuille Bloc Beauharnois—Salaberry, QC
Thank you, Mr. Chair.
I would like to thank our guests for being here. It is always a pleasure to have a meeting like this. We are always better informed after than we were before, particularly after hearing from a computer expert.
12:15 p.m.
Voices
Oh, oh!
12:15 p.m.
Bloc
Claude DeBellefeuille Bloc Beauharnois—Salaberry, QC
The question of privilege this committee is examining is very important, it raises a lot of questions. In light of the testimony we have heard, we understand that an incompetent—if I may, somewhat crooked—assistant intentionally disobeyed the law and the rules of the game and sent this information to lobbyists. They must be biting their nails today for having a friendly, affectionate relationship with him, having a drink with him at the Rideau Club or attending the same church. Today they are in difficulty because they had a relationship with this person.
When something that serious happens, the first reaction is always to ask what could have been done to prevent something like that from happening again. On the other hand, will that make parliamentarians' work more restrictive, through electronic and technological means, because a serious thing happened?
I think we must not forget, in doing our analysis, that the consequence of the recommendations we make, for example concerning technological tools, must not be to impede or complicate our job. We must not suddenly transform our practices just because an ambitious and incompetent assistance made a monumental mistake. That is my first thought.
As well, I know there are relatively simple computer techniques. For example, I recently received a report send by a Bloc Québécois member to another parliamentary committee with a password. So it was impossible to delete or change the document. She sent it to the clerk. The clerk was able to open it. She had it translated. The English translation was in DOC format, so all the English-speaking members had easy access to the text. Myself, the whip, I was not even able to open the file the clerk had sent me, because I didn't have the password.
That made me think and say to myself that we have to be careful not to fall on our technological behinds, as we might say in Quebec, and thus make our work more difficult and more restrictive. If that's the case, we will probably not achieve the intended results, because there will always be a way of getting around it. We parliamentarians took an oath to abide by our rules. Our staff are supposed to know this. There will always be dishonest people.
In light of that, Mr. Bard, do you really think the committee should make very restrictive recommendations about technological procedures, to avoid events like these happening again? Would you say, rather, that it was bad luck and we should not make rules and require tools that are too restrictive, for all House staff and members?
12:15 p.m.
Chief Information Officer, House of Commons
Your comments are excellent. You understand the issue and what it means very well.
The approach I recommend stresses prevention and awareness. There is already a lot of concern about the format and composition of the report, who is going to take part in it, but there are also questions about how to protect it and how to distribute it. Certainly in the Parliamentary Publications Directorate we have to have all sorts of procedures for agreeing on how the work is organized, to be able to provide the report in the proper way. There is excellent collaboration among all the committees, chairs, clerks and so on. I think you could make great progress by being more aware of the question of the sensitivity of the information. Starting from there, you could decide whether you want to adopt rules. Maybe yes, maybe no. The rules can be very simple; there are tools that are very simple. I don't think we have to make parliamentarians' lives difficult by installing all sorts of technologies that are going to prevent them from doing their jobs and take away a lot of flexibility.
There is another factor I will mention, if I may. We in the House of Commons administration have to be subject to rules, to codes of ethics, to what is called the Acceptable Use Policy. When we use House resources, we have to be accountable. We also have to agree on how information is to be kept secure and on our powers when it comes to using that information.
Certainly we have security policies for information technology. I understand that this is not the role of your committee, but perhaps, someday, members' employees should also be made accountable in terms of all these practices. It's another and much larger field. You're right, you have to be prudent, and not all committees or all situations call for action to be taken. You really need to take the time to consider the subject at the planning stage, and I'm sure that a lot of measures can be implemented, as needed.
12:20 p.m.
Bloc
Claude DeBellefeuille Bloc Beauharnois—Salaberry, QC
Your words are reassuring, because admittedly reports are not confidential to the same degree. Why lock ourselves into restrictive technologies on all our committees? Your comments are reassuring and I hope they will influence all of my colleagues to focus on prevention and awareness. We have to remember our duties as members of Parliament and also remind our assistants of them. We have a code of ethics and we have rules. We have to hire people who will abide by them, and as members we have to make it our duty to remind our staff.
12:20 p.m.
Conservative
