Procedure and House Affairs Committee on Oct. 3rd, 2024

Mr. Chair, members of the committee, thank you for your invitation to appear today regarding Bill C‑377, An Act to amend the Parliament of Canada Act (need to know), which has been referred to the committee after second reading in the House.

As you said, Mr. Chair, I am joined today by Marie‑Sophie Gauthier, senior legal counsel and acting team leader in my office.

We hope our testimony today will assist the committee in its consideration of this legislative initiative.

My office provides legal services and legislative drafting services to the House of Commons, its committees, members of Parliament, the Board of Internal Economy and the House administration. Our legislative drafting services include the drafting of private members’ bills, such as Bill C-377, and motions and amendments at committee and report stages. Our legislative drafting services are provided confidentially to members of Parliament, and the information I will provide today to the committee will factor in these expectations with regard to my office.

Bill C-377 proposes to amend the Parliament of Canada Act so that members of Parliament and senators who apply for a security clearance from the Government of Canada are, for the purposes of the consideration of their application, deemed to need access to the information in respect for which the application is made.

Access to information of the Government of Canada that is either protected or classified is a two-step process. First, there must be a need or justification to initiate the security screening process, which will result in the individual receiving a reliability status for protected information or a security clearance for classified information. Such a need or justification is traditionally identified by a government department or agency.

Second, there is the need-to-know principle, which restricts access to sensitive information to those whose duties and functions necessitate access to the information. A person is not entitled to access information classified at a certain level merely because they have the appropriate level of classification or clearance. They need to know the information as part of their functions, regardless of their clearance. I note that the unauthorized releasing of classified information may lead to legal consequences such as prosecution under the Security of Information Act.

A distinction must be made between access to protected or classified information on a need-to-know basis by individuals holding the appropriate level of clearance and the House of Commons parliamentary privilege to send for persons and records.

This power, generally exercised by committees, supports the role of the House as the grand inquest of the nation and is essential to the proper exercise of the House’s right to institute and conduct inquiries.

The power to send for persons and records would be unaffected by Bill C‑377. Moreover, new proposed subsection 13.1(2) of the Parliament of Canada Act would make this unambiguously clear by stating that the proposal is not to be construed as a way of “limiting in any way the powers, privileges, rights and immunities of the Senate or the House of Commons or their members.”

The privilege of freedom of speech would also be untouched by Bill C‑377 and members speaking in the House and committees would continue to benefit from a criminal and civil immunity for their words spoken as part of parliamentary proceedings.

That said, this immunity does not apply outside of parliamentary proceedings and members would be, as any other citizens, amenable before courts of law for words spoken or communication outside the House and committees.

This concludes our opening remarks. We would be happy to answer questions.

In your speeches in the House of Commons and before the committee, you referred to some examples.

There is, of course, the Winnipeg lab documents precedent. That was a few years ago. It led to a ruling from the Speaker. Eventually, there was an agreement reached between the government and the opposition as to how those documents would be made accessible to members of Parliament. As part of this process, a panel of parliamentarians was created. One of the conditions was that they get a security clearance.

This precedent was inspired by another one in 2009-10, during the previous government: the Afghan detainee documents. Similarly, there was an order for production and some resistance. There was dialogue between the opposition and the government, and the same deal was struck between them.

I'm not aware of any concerns that have been expressed.

The two precedents I referred to were limited to a number of members who received the declassified documents. Since then, there have also been other precedents. The Johnston report and related information was made available to some members who agreed to receive a security clearance. The government agreed to provide it to them, provided they went through the process.

In such cases, what is important is that members be made aware and have the relevant information, so they can take appropriate measures to protect themselves.

Now, whether the information required to achieve that objective is provided on a case-by-case basis, and whether there's a need to share classified information with members so they can protect their security, I think this is a genuine need that should be addressed.

It is important to underline that, in the government security screening process, the House of Commons is not involved. It's a process led by the government.

Once a person has demonstrated that, as part of their function, they need access to classified information, they go through the screening process and receive the clearance. Then there is a second step: the need to know regarding specific information. The custodian of the information that is classified will assess whether or not this person needs to know the information.

It's a process that belongs with the government. Our office and House administration will not be involved in that process.

This is indeed something that I noted when I was reviewing the bill as I was preparing for this appearance.

As I mentioned, access to classified information is a two-step process. You were very clear in the House and before this committee that you want to address the first step of the process, so that members of Parliament are deemed, as part of their function, to require access to classified information from time to time. The second step of the process is the need to know, which is on a case-by-case basis.

I think there might be some confusion or some ambiguity with the bill because, while you're addressing the first step of the process, the need to know is really terminology that is used for the second step of the process.

If there's a will to address this ambiguity or if the committee feels that there's ambiguity, we'll be pleased to assist the committee in proposing and preparing the appropriate motions and amendments.

As I said in my opening remarks, there is the parliamentary privilege to send for persons to question them and the parliamentary privilege of ordering the production of records. When those privileges are exercised, they enable the House of Commons or a committee to access documents.

However, the exercise of those privileges requires the decision of a committee and a decision of the House. A parliamentarian may not exercise those privileges as an individual.

Bill C‑377 would mean that members who so request would be able to follow the process provided to get a security clearance. There is a clear saving provision in the bill, to avoid weakening the privileges.

The purpose of the bill is neither to claim nor to create new privileges. It would therefore not allow members to get more rights to access information, but it would allow them to get the necessary security clearance for accessing the information the government might disclose to them. It would still be the government that made these decisions, because it is still information that belongs to the government.

It is therefore up to the government to decide whether or not it wants to disclose information to members that they ask for, because the information belongs to the government.

Certain precedents have already been discussed before the committee. Special groups of parliamentarians have already been set up to provide access to certain information on certain conditions. One of the conditions that had to be met in order for the records to be made available was that the members be able to get a security clearance.

If there were cases of foreign interference, the government would certainly be able, if it wanted, to disclose more information to the members affected if they have the necessary clearances.

That is essentially a government exercise. The House of Commons is not involved.

In the House of Commons, when an employee has to get a security clearance, our contact is the Privy Council Office, and CSIS, the Canadian Security Intelligence Service, is also involved in the process.

It is the government's information. It is a clearance from the government. It is government policies, government practices and rules, that apply. For example, if we are talking about information classified top secret, the measures put in place are very stringent. You have to go to a special room, and not take a cellphone or a computer, to get access to it.

It would still be the government's processes and parameters that would apply. You have to understand that Bill C‑377 is not an exercise of the privilege of parliamentarians in the House of Commons. It is really about access to information that belongs to the government.

There is often confusion regarding the nature of the National Security and Intelligence Committee of Parliamentarians. It is not a parliamentary committee, properly speaking.

Although its name suggests that it is, it is not a parliamentary committee; it is actually a statutory committee that was created by the National Security and Intelligence Committee of Parliamentarians Act. Yes, it is composed of parliamentarians, but it operates within a framework that is not parliamentary. In fact, the parliamentarians who sit on the NSICOP have to get the appropriate clearance. There is also an express exception in the act regarding parliamentary privilege, which means that members who receive information classified as secret in the course of their work on the NSICOP could not then disclose the information in the House of Commons, since there is a provision stating that parliamentary privilege cannot protect them in that case.

Each parliamentary institution has its own measures, its own relationship with the government, that depend on the culture, laws and practices of the state in question. I have not looked into the other states.

I thank the member for her question.

I think this question puts an issue on the floor that is more general than what is before the committee right now, that is, the relationship between Parliament and the government when it comes to obtaining information. The bill sponsored by Mr. Ruff is about a very specific policy that would enable members to have access to the clearance process, while not guaranteeing a clearance.

If Bill C‑377 is enacted, I presume that some governance process will be established within the parties. The whips may have a role to play in selecting the members who will request clearances and determining what is done if a clearance is denied. I don't think that 338 requests would be sent to the government as soon as the bill is passed. I presume that the parties would exercise governance.

The NSICOP's process is really parallel to any parliamentary process. There are statutory rights to obtain information, but the parliamentarians who are members of that committee are bound by their clearance and the Security of Information Act. There is also the exception relating to parliamentary privilege.

So we are still in the realm of parliament, of government, that is, parliamentary privileges do not apply. A member of the NSICOP could not rise in the House to disclose information. An exception is provided.

First, you're correct that in the legislative proposal, there's no exception that is created for parliamentary privilege. If a member of Parliament were to receive classified information and then disclose that information in parliamentary proceedings, there could be no prosecution under the Security of Information Act. That parliamentary privilege would protect the member, and this has been established. There are precedents in the U.K., and it's the state of the law as it stands.

That's why, for the NSICOP committee, there is a quid pro quo in that they make available more information to some members of Parliament, provided that they essentially forfeit their parliamentary privilege and that they go through the screening process and get the proper clearance.

It's a policy decision, ultimately. There is always the need-to-know principle that is applicable, so that it's the government that will decide what information it will share with members of Parliament.

If this bill is adopted, there is information that is disclosed as part of parliamentary proceedings. Regardless of the clearance that some members of Parliament have, the government could decide to simply stop sharing any classified information with members of Parliament.

There have been some precedents. There might be scenarios where, as part of a parliamentary function, there is a need to share classified government information. In those cases, the members of Parliament receiving the information would have to go through the process before receiving the information.

If there are, within each caucus, certain members who already have security clearances—because of their particular position, because of their role on specific committees, or maybe because they're more subject to foreign interference—and if there's a need to know, the government could share this information with those members without having them go through the process again, because they will already have received their security clearances.

It's really about the government; it's not about committees. When a committee is requesting information from the government, whether its members have clearance or a level of clearance is no longer relevant. The committee and the House of Commons are entitled to documents that they request.

The bill is very specific to members of Parliament and does not include members' staff. If this bill were to go through and eventually you were to receive top secret information, for example, you wouldn't be allowed to share it with your staff.

This is correct.

That's correct.

That's in reference to those two...?

No, I'm not aware of any incident.

I will say that generally that is correct, but in the intelligence or information world, the need-to-know principle or terminology is used in the second step of the process. That's why I was referring earlier to some confusion.

That's generally correct, but if I may clarify, the need-to-know principle or test will apply in relation to specific information in the two-step process that I described earlier.

There are different ways to say the same thing. I think the intention behind the bill is very clear. Mr. Ruff, in his speech before the committee and in his speech in the chamber, made it very clear.

Now, I understand—and there was a question asked along this line—that there could be some questions raised about the language. I'm just saying that if the committee feels that should be clarified, then my office is available to prepare the appropriate motion and amendment.

Just the status of being a member does not give them access to classified information.

The process is a government process. It's the government that will decide if it's required for specific members of Parliament.

It becomes a member's decision to apply, and because of the proposed provision, the government will not be able to say they do not need this access to classified information in their functions.

My understanding is that those applications are not processed currently.

It is a possibility, except you jumped a step. If they apply, first there's the screening process. They need to receive the appropriate clearance, whether secret or—

Once they have the clearance, it would be on a case-by-case basis. The government would decide whether or not there's a need to know.

That's correct.

I know that the committee has officials from the government in the second hour. Those questions may be more appropriate for the government.

I will also say, and I alluded to this earlier, that should this bill be adopted, my assumption is that there will be some kind of governance established within each caucus, so that not all members will necessarily apply to receive a clearance.

Parliamentary privilege will protect the members if they disclose information as part of proceedings. There will be no legal consequences. Parliamentary privilege will not, however, protect any members if they disclose information outside of proceedings.

There will also be political considerations. If this bill is adopted and the members start disclosing classified information in the chamber, I suspect that the government will just stop sharing any information with members of Parliament.

That's for the government; we're speculating here.

I agree that if members have access to classified information, and then there's a forum in which they can disclose that information with immunity, that's certainly something that the government will take into consideration when assessing the need-to-know principle.

We had examples in the past of two panels where classified information was made available to members of Parliament. To my knowledge, there was no leaking of this information.

This is a subject that goes well beyond the legislative initiative that is before the committee right now. The proposal is very specific about allowing members to request a clearance, while that is a much broader question of public policy, which raises the question of the all-inclusive approach to protecting information and clearances.

The committee is going to move in that direction, but that is not what is under consideration today.

In the context of Bill C-377 there is a “saving clause” for parliamentary privilege, and parliamentary privilege is not affected, so the intent of the bill—

No. If members gain access to more classified information, there's no exception to privilege in the same way that is created for the NSICOP members. NSICOP members cannot disclose information to the chamber and committees, because they will be subject to the Security of Information Act. Here the information that will be provided is not subject to the same exception, so a member could disclose the information to the chamber and committees.

That said, and I think this is relevant to the example that the sponsor of the bill refers to when talking about the bill, we have certain recent examples—for example, specific briefings at which there might be foreign interference and there's a need to disclose classified information. I don't believe that this is the type of information that the member will then disclose to the chamber if it's very personal about the member. Again, there's always the need-to-know test or principle that is applicable, so it's the government, ultimately, that decides what information it is comfortable sharing with any specific member.

I think those are two different subjects. NSICOP has a very specific mandate, and the bill, if passed, will allow certain members to have the secret clearance accreditation. If committees were to undertake more studies in relation to national security and to exercise their right to send for records and papers, that will be a parliamentary order, a parliamentary decision. It has nothing to do with the clearances the members of the committee may have.

Good morning, Chair and members of the committee. It's an honour to join you today and to have the opportunity to discuss Bill C-377.

We hope to provide some insight to this committee on government security screening processes and policies, as well as on access to classified information and the importance of protecting it.

In the interest of time, as the chair mentioned, I have the honour of providing opening remarks on behalf of the entire panel of witnesses.

Security screening is a fundamental practice that makes it possible to establish and maintain a relationship of trust within the government, between the government and Canadians, and between Canada and foreign countries.

Security screening involves the collection of personal information from individuals with their informed consent, as well as information from law enforcement, intelligence sources and other sources, using methods to assess their reliability and loyalty to Canada. My colleagues here from TBS and PCO will be very pleased to expand upon these issues.

A security clearance is sometimes misunderstood or portrayed as a special designation, a set of privileges or an earned qualification like a rank. It is none of these. Simply put, in the Government of Canada, it is an administrative decision taken by the deputy head of an organization that an individual is an acceptable security risk when accessing government information, assets and facilities, and when working with others in government.

The deputy head makes their decision based on the information and advice provided by the police and intelligence services, including the RCMP and CSIS. A security clearance may be granted, denied or revoked by the deputy head at any time.

Since clearance holders work in every part of government, a security clearance does not automatically grant the holder access to all information or assets at that level of clearance.

Safeguarding sensitive information is critical to the Government of Canada's ability to function and to keep Canada and Canadians safe. There are rigorous measures in place to prevent the release of classified information to anyone who does not strictly require it.

These measures are imposed with very good reason. The inadvertent release of sensitive information can result—and, very sadly, has resulted—in serious harm to individuals, even costing lives, Canada's national interest and our international relations. Mitigating this risk underpins everything that members of the security and intelligence community do. The release of information could mean risking the safety of human sources, exposing the tradecraft and other methodologies used to conduct investigations, and threatening the stability of indispensable allied relationships upon which Canada depends so heavily for intelligence. Put simply, if partners cannot trust Canada with their information, they will no longer provide it to us.

Similarly, if human sources do not trust that CSIS can protect them by safeguarding the information that they provide to us, our ability to recruit sources and collect information vital to Canadian security will be seriously impeded. We could also lose access to a valuable technical collection source that took years and expensive investments to develop.

What may appear in the first instance as information that's not especially sensitive or harmful, when viewed in conjunction with other publicly released information, can be used by adversaries to make inferences with very serious consequences. This is called the mosaic effect. Our adversaries carefully watch and track every word we say and release publicly, and we're very confident that they are watching now. They put together many pieces of information to identify our sources, our methodologies, our tradecraft and intelligence gaps. Many adversaries are very good at their jobs.

There are important principles that reinforce this system and that lie at the foundation of safeguarding all sensitive information. This is the need-to-know principle. An individual's specific duties and functions and the files they were working on at that particular moment in time are what establish their need to know for relevant sensitive information. Even the most senior officials at CSIS, who have the highest possible clearance levels, do not receive sensitive information that is not relevant to the current job and files that they're working on. In other words, there is no deemed need to know.

We need to ensure that sufficient information is disclosed to hold the government to account while also ensuring that classified information is protected. There are several critical avenues for review and oversight of classified information, including the National Security and Intelligence Committee of Parliamentarians, the National Security Intelligence Review Agency, the intelligence commissioner and the Federal Court, among others.

The people who work for these organizations have the necessary security clearances; they will receive the information classified as secret that they need for performing their specific jobs.

There are safeguards in place to ensure that no national security injury occurs as a result of disclosure of that information. These individuals are bound to secrecy under the foreign interference and security of information act, formerly known as the Security of Information Act, SOIA, and they must not knowingly disclose any information they obtained or to which they had access in the course of their duties and that a department is taking measures to protect.

At the same time, CSIS is making efforts to enhance its transparency, including in its public annual reports, which now say more than ever about its operations and the threat overview, and in its discussions with the media and the information it communicates to the public proactively.

We have taken extensive efforts to “write for release” information, for example in the proactive provision of chronologies of events to parliamentary committees. We've done that in the last couple of months.

Recent amendments to the CSIS Act through Bill C-70 further enhance CSIS's ability to share information, and we look forward to working more closely with parliamentarians as we up the national security conversation in this country.

We will be happy to answer your questions.

Mr. Chair, I think those are excellent observations, and I have perhaps two comments to offer.

First of all, one of the changes that was made to section 19 of the CSIS Act as part of Bill C-70 really removed what essentially was a prohibition from CSIS sharing any information or analysis outside the federal government, including unclassified information. Those amendments enable us to also provide a lot more unclassified information, advice and expertise in a way that we couldn't before.

That's enabling us, for example, to participate with allies in multibranded security advisories in a way that perhaps we couldn't before. It's also to enable sharing unclassified information that we previously couldn't provide. As the member mentioned, this gives us a great opportunity to have a far more sophisticated national security conversation.

Now, in some particular cases there will be specific pieces of information that are classified that we would like to be able to share outside the federal government to those who have the appropriate clearance. For example, there could be a situation where a parliamentarian is representing a particular constituency where we know a foreign interference actor might be interested, given the natural resources in the area or a particular ethnic or minority community that makes up the riding.

What we would like to be able to do is provide that specific and perhaps classified information to the parliamentarian to enable the parliamentarian to build their resiliency by being able to recognize and then, as a result of that, manage the threat.

That's the purpose of the changes to the CSIS Act. It is to allow us to do those resiliency disclosures.

Sometimes it will be unclassified information. Sometimes it would be classified, but classified information would be provided to only those who do have the requisite clearance.

In each of those cases there would need to be a determination by the owner of the information as to whether there was a specific need to know for that particular specific piece of information.

Thank you very much.

Through the chair, I'm not sure that I would go and criticize Mr. Wark for his opinion. Obviously, that's his opinion.

I would say that what he's getting at, if I were to interpret his remarks, is the issue around safeguards. In fact, Parliament has discussed safeguards in the context of NSICOP before. You'll recall, Mr. Ruff, that you went through a clearance, which is what we're discussing here.

There is more to security in the Government of Canada than just a clearance, as you well know. If you look at NSICOP, for example, every member there is permanently bound to secrecy. They have given up their parliamentary privilege. In fact, if they divulge something in Parliament, that information can be used against them in a court of law. They've taken an oath.

The other thing I would emphasize, though, is that Parliament allowed the Governor General to pass regulations. Those regulations set in place all the very safeguards that I think Ms. Giles covered very well. That is around who can do what, when they can share the information, how they can process it and what they need to use. All of those safeguards are what I think make up—and I hate this word—the ecosystem of security in the Government of Canada, of which security clearance is one part.

I'm not sure I'd agree that it's fatal. We already give clearances in certain circumstances to MPs. The NML issue is one and NSICOP is another. I think that all of those were buttressed with the safeguards that we're talking about.

I can't say that this has been the case.

I would also just remind everyone here that they also took an oath not to do so.

Chair, I'll answer that question.

Parts of that are correct. For other parts I can provide a bit more clarity, perhaps. I'll be brief, because at times it's not a short, simple process, but other times it can be.

The easiest thing to say is that with security screening, the way it's conducted in the federal government is as per a Treasury Board standard. That standard lays out the responsibilities of those who actually take security in a department. One of their jobs will be to do security screening.

Essentially, the process starts—you are correct—when a person is considered for a position, or will be going into a position, or is being hired by the Public Service of Canada. Therefore, they are deemed...but that may not be the right word. They need to require access to a facility, access to assets, access to information technology, and so on. They must have a need in order to have a clearance.

Basically, the process begins when you're considered for a position. There are information assets and facilities. You don't ask for a clearance. Your department has decided that you need it. Then you as a candidate provide a range of information about yourself. You fill out forms. Some of you may have done that in the past. The department then collects that information about you. You are aware of this. In fact, you have to consent to all that. That's a key part. You're consenting to sharing your personal information and so on. You can look at things like work history, financial information records, maybe records of engagement with law enforcement in the past, your habits, your personal habits and your behaviours. There are searches of intelligence databases. There could be searches of the Internet, for example. There could be searches of national security holdings, some of your social media behaviour and so on.

All of this will be captured, or more, depending on what level you are looking at getting. It could be a top secret. It could be a secret. It could just be what's called a reliability status, which is the lowest.

Essentially, then, the decision-maker, like in administrative law, takes in all of this information and will send off a CSIS assessment, if required; a request for or a law enforcement check; or a request for or a financial check, if that's required. Basically, we'll take all this information and put that person through a judgment process. We'll take the totality of the information and think it through. Is there something that is causing concern? Is there something that would cause us to question their judgment, their trustworthiness or their reliability? If you're going to secret or top secret, you will then have questions around loyalty to Canada and reliability as it relates to loyalty.

If you come up to something where there is a concern, you may be called in for further security screening or questions. If not, you will proceed through the process.

It's important to say that if you do not get a security clearance, there is a right of redress. There are steps one must follow in order to address that redress, and the applicant has steps to follow if they disagree with the redress process.

As officials we're never in a position to provide policy advice on specific pieces of legislation, but there is often some confusion around language and vocabulary. The term “need to know” is understood differently in different contexts.

When we talk about need to know, that applies to each and every individual specific piece of information. Therefore, in our work, there is no deemed need to know on any piece of information. It's the originator and owner of the information that determines who gets access to it. To give you an example, when we get information from an international partner and we want to provide it to the RCMP for a law enforcement investigation, we at CSIS have to go back to the international partner, ask if we can use these exact words, and give this exact information to the RCMP for the purposes of a criminal investigation. It's very regimented.

From our perspective, there's always value in being very precise about the language that's used. In our business, in our world, there is no deemed need to know on pieces of information. It's determined on the basis of that very specific circumstance.

Every day, for example, there are a number of meetings that I'm not allowed to attend, because, despite my position, I don't have a need to know for that specific operation.

Oh, oh! (laughter)

I thank the member for her question, Mr. Chair.

The answer is not simple. It is not up to the RCMP to choose what members should have access to, or not, and how their laws should be written. We enforce the law. That was very clearly stated by my colleagues in the opening remarks. One of the concerns we have in our work is that sometimes the definitions are a bit vague.

As well, the international side of things is not the only thing that might worry us; there is also the internal side. As the national police service, we are in contact with every police force in Canada and with other law enforcement agencies. As was very clearly stated, the owner of information is entitled to decide where and when it should be used.

In the RCMP, every day, we look after the information we have. We make sure we protect it, because we do not want to damage our ability to do our job and the ability of our internal and international partners to do theirs.

Mr. Chair, I can start and my colleague will be able to add to my answer.

From the perspective of our international partners, what they require from us in order to continue providing information and critical intelligence is the confidence that the information they give us will be protected and—if we choose and get their permission to pass that information on to others in the Canadian government or those external to the Canadian government—that there are appropriate frameworks and measures in place to ensure against the distribution of that information even further onward.

From our perspective, the really critical piece is ensuring that with those intelligence-sharing agreements that we have, we can live up to our obligations and protect the information. This is something that's so critically important to us. We are a double-headed intelligence service. We do both domestic and foreign. We are a relatively small intelligence service, so we are very dependent upon the information that our intelligence allies give us to be able to do our job and protect Canadians.

What we produce is very much desired by our partners and allies, but we ultimately are also net importers of intelligence, so we need to be able to provide those assurances and have those frameworks in place, and that's why that need-to-know principle is so important for us.

The one piece I'll add to Dr. Giles's comments is that with our international partnerships, when we develop the sharing frameworks and mechanisms, how we use the information is spelled out as part of those mechanisms at the start, but it is also contained in each piece of intelligence that we exchange.

The intelligence will come to us or, conversely, our intelligence will be shared with a partner. It will say the security level at which it must be kept, but it will also say how that information can be used.

Often, when we receive a piece of intelligence, it will say, “This may be used by your department or by appropriately cleared members of the Government of Canada for investigation or for intelligence, but not for court proceedings,” for example. For each piece of intelligence, it is specified how it may be used and by whom, which I think is a critical element in all of this. If we want to use it differently, that's where we go back to the partners to say, “Now we may want to use this as part of a court proceeding. Can we use it in an affidavit?” for example.

I'll answer very briefly, and then I can ask colleagues to comment.

CSIS's role in the security clearance, the government security screening process.... We also do immigration security screening; it's a separate program. However, our government security screening colleagues provide advice to the deputy head who has requested that the security clearance be undertaken and done.

We're not a decision-maker. We don't keep track of who has clearances. We provide advice on each individual case to the deputy head who has requested that we do so.

Here are the statistics as best we can gather them, because you have to remember that each deputy head of an organization controls the clearances and the reliability status that are given in an organization.

I can say this: With regard to government employees, every person in the public service of Canada has to have a reliability status, which is good for 10 years. That's 100%, so you're at 360,000 plus. Roughly 51% of individuals will have only a reliability or an enhanced level of that. Roughly 40% of the public service of Canada has secret clearance, and then roughly 8% or 9% will have top secret clearance or top secret enhanced clearance, so the pyramid gets smaller the higher up you go.

Now, we do know that roughly 110,000 to 130,000 contractors are screened per year by PSPC as part of its program, and the last bit of data that we do have a good sense of is for new hires coming into the public service. About one in 400-plus to 500 actually don't get a clearance. That's for new hires, but again, this is not absolute data. This is the best that we can glean. That's for new people who are coming in and making an application into the public service.

In other words, denials are given. With regard to secret clearances, I believe you have 10 years, and it's five-year renewals for top secret. That's how the system operates, very briefly.

If you don't mind, I'll take that.

I must say that that's an area that is ambiguous in the bill right now. Up until this point, it's been the Privy Council Office that has done that, so, for MPs who come in for the NML or for NSICOP, it goes through my shop. Then, the decision to grant or revoke rests with me, or if it's a revocation or denial, it would rest with the clerk of the Privy Council.

That's another good question. It's not clear in the bill whether, essentially, an application would be going through the process that was set up and built for the public service. If that is the case, then it would last for 10 years. The revocation is another question that I think the committee would want to think about. What would be the implications if a member of Parliament were denied a clearance or, through whatever case, had their clearance revoked? What implications would that have for the individual member of Parliament, for their party, for the caucus, for the leader of that party and for Parliament more generally?

Authority.

Once you leave Parliament, your clearance remains valid for a year in the event that, for example.... This is how it works in the public service: If you come back to a job, it would be renewed. Otherwise, you'd have to get the clearance done again.

Again, it's unclear, but there are processes that enable a public servant to challenge the revocation or the denial of a clearance, and that happens at the reliability level—a different group. For a secret or a top secret, it goes to NSIRA.

That is correct—

No.

I'm sorry. That is a mistake on my part. That is true. You need a secret.

A security clearance doesn't give you a right to know—

Yes, sir. We need to make sure, though, that the person who is employed in that position can be trusted with the information that they may overhear.

I'll take your word for that.

You do, sir.

I apologize if I left any misunderstanding. I did not say, at any point, that my team cannot do this. We absolutely can do this. It will take some time, but that's true across the government. I want to leave the fact that I have not said we have an issue with responding to this type of demand.

Mr. Chair, I can take a crack at that. It's an excellent question.

What I can speak to, perhaps, is how our closest intelligence partners manage similar situations. The way they do that is also by facing independent scrutiny by designated parliamentarians, similar to how we do it in Canada. For example, the U.S.'s FBI is overseen by specialized congressional intelligence committees. The U.K.'s security service is overseen by the Intelligence and Security Committee of Parliament. The Australian Security Intelligence Organisation is overseen by the Parliamentary Joint Committee on Intelligence and Security. It's similar for New Zealand, but with a different acronym.

What you'll see is the consistency in how allied partners manage this. There are designated parliamentarians who are cleared to the appropriate levels to receive—based on the reviews, specific files and issues they're looking at—the information they need to be able to carry out that function. It's very much about entrusting a designated group of individuals to carry out that function, similar to what NSICOP does for us.

We would be in a bit of a difficult position if we tried to speak to the views of all of our international colleagues. However, I think it would be fair to say that there would be concern, and there always is, when there's a possibility that they or we, as a designated intelligence service within Canada, would lose control over who gets access to specific pieces of information. That's where it circles back to being very clear about the vocabulary around “need to know” and that having a right to apply does not equal having a need to know.

From the CSIS perspective, whenever there are not frameworks in place to prevent the onward disclosure of intelligence, we're concerned about our own information and the protection of our own technical and human sources and our analysis, for the reasons I explained. There are also the concerns that our allies, who give us specific pieces of intelligence for very specific purposes, would have.

We are always concerned about the onward distribution of information. We spend a lot of time thinking about it and making sure that we have frameworks in place to prevent it.

Our current understanding of the bill as constructed is that there are not currently those frameworks built in. That might be something that Parliament and this committee want to consider.

Whenever the frameworks are not in place to prevent onward disclosure, the risks are increased.

As the bill is currently written, there's an opportunity to put frameworks in place that would help mitigate risks. I think Mr. Jorgensen spoke very eloquently about the measures in place for parliamentarians and NSICOP, and how that onward distribution is prevented.

Are you talking about a document classified as secret?

A document with a secret classification.

To Mr. Jorgensen's point, and going back to other procedures in place for other parliamentary committees, if there is a requirement for a parliamentarian to see a specific piece of information, and if the need to know has been established, a conversation would ensue about how the documents will be provided and the best mechanism to provide them.

One of the things we're also very concerned about is how the information is protected once it's received.

We certainly would not want to be involved in how parliamentary committees request information and how that information is provided. We work in collaboration with Parliament and the Privy Council.

You've heard a lot about the need to know today, so I won't go through that again.

I think the issue you're getting at is this: If a member of Parliament has a clearance, does it allow the government to provide the information being requested more quickly? The answer to that would be yes, it would.

The determination of the need to know, though, still rests with the government of the day, but that's not what the bill says.

That's a great question.

If this is going to be the way we currently use it under the TBS guidelines, you'll get your secret clearance, and then you'll get a briefing on how to handle that information.

The other thing I would point out to you is this: There's an obligation, thereafter, for the CSO—the person who gave you that clearance—to monitor your compliance with the obligations you have under the SOIA, for example. Those are things this committee will want to think about, because that is part and parcel of it. When we give a clearance, we want to make sure people who have it are abiding by their obligations. It can be a cause for revocation.

It's an ongoing obligation of the individual who has the clearance and of me and other CSOs like me to continue to monitor their compliance with the regulations.

Your comments are clear. As we read it, we have concerns about the ambiguity of parts of the bill.

The point I would make, again, Mr. Ruff, is that we see in other legislation that has been passed by Parliament the safeguards and the follow-up that would give this table more assurances that Parliament has done this before.

I think an observation you've heard from the panel of witnesses is that there may be an opportunity to clarify some of the vocabulary, and separating the concept of applying for the security clearance from the concept of need to know might give an opportunity to clarify some of the language surrounding that.

It is in part, sir. I think we've raised a number of questions of, for example, whether this standard you're talking about is the public service standard, because if it is, then that reduces the ambiguity quite a lot. There's ambiguity about the safeguards and ambiguity about the implementation afterwards.

Parliamentary privilege is an important question for this committee to deliberate further on.

Every time you get a secret or a top secret clearance, it's because of the position you hold and the responsibilities you have.

They did not.

No.

Oh, oh!