National Defence Committee on March 21st, 2017

Thank you, Chair and honourable members.

I'm pleased to appear before this committee, and as mentioned by the chair, I'm accompanied by Mr. Bill Galbraith, the executive director of my office.

Good afternoon, everyone.

I'm pleased to be here today to meet with you and to speak about my work as the commissioner of the Communications Security Establishment, or CSE.

You have a copy of my CV, my resumé, so I won't repeat that, but I would like to emphasize two points to start.

The first point is the value I place on the first decade of my career as a legal officer in the office of the judge advocate general of the Canadian Armed Forces, and subsequently in the active reserves for about 20 years as both defending officer and military judge at courts martial. This experience has helped me to understand CSE’s role, particularly where it involves support for the armed forces.

The second point I would make is that I have found that my decade-long experience as a judge, where independence and impartiality are paramount, has stood me in good stead during more than three years as the CSE commissioner. Determining questions of compliance with the law based on facts—the real facts, not alternative facts—as a result of reviewing CSE activities, is consistent, I would submit, with a judicial career.

If you have looked at my resumé, I have devoted a good part of my life to public service.

Being a retired or supernumerary judge of a superior court in Canada is a requirement set out in the National Defence Act, the legislation that mandates both my office and CSE.

A few key points about the role and mandate of the office I hold are, first, the commissioner is independent and at arm's length from the government. My office has its own budget granted by Parliament. I have all the powers under part II of the Inquiries Act, which give me full access to CSE facilities, files, systems, and personnel, including the power of summons or subpoena should that be necessary.

That is why I'm called a commissioner. It goes back to the Inquiries Act when the office was created back in 1996. At that time the executive director was called the commission secretary. It stayed like that for a few years until the National Defence Act was amended in 2001.

My mandate has three components. The first component is to review CSE activities to determine whether they're in compliance with the law, including with regard to the protection of privacy. This is the largest portion of my work. I have a role in protecting privacy. I know that, in Canada, we have a Privacy Commissioner who looks after all federal departments and agencies. In my case, I simply need to look after CSE, and I focus on this agency.

The second component enables me to receive complaints and to conduct any investigations I consider necessary. I must admit that complaints are rare, which reflects the foreign focus of CSE activities.

The third component gives me the duty to inform the Minister of National Defence and the Attorney General of Canada of any CSE activity I believe may not be in compliance with the law. The Commissioner's external and independent role is focused on CSE. The Commissioner assists the Minister of National Defence, who is responsible for CSE, in his accountability to Parliament for that agency and also to Canadians.

Let me provide you now with four key issues that have my attention.

My primary concern is part V.1 of the National Defence Act, the section that mandates both CSE and my office, and that came into effect as part of the Anti-terrorism Act, when it received royal assent in December 2001. That legislation is now almost 16 years old and needs, in my humble opinion, revision. Let me briefly explain.

First, there are ambiguities in part V.1 that were identified, long go, after that part came into effect. This is not surprising given that it was written in haste in the aftermath of the tragic events of September 11, 2001. My predecessors began calling for amendments over 12 years ago to remove those ambiguities. The ambiguities are, in my mind, straightforward and not controversial.

Since 2001, on the other hand, technology, the threat environment, and the legal landscape have all evolved. The law has not kept up. During the course of reviews of CSE activities, other recommendations for amendments have been made. For example, in the fall of 2015, I recommended that the law give explicit authority to CSE to collect, retain, use, and share metadata. Both the Minister of National Defence and the Minister of Justice accepted this recommendation.

The questions surrounding metadata and privacy, along with the value accorded metadata by the intelligence agencies for their work, make this a more complex issue that must be considered carefully. The challenge for the legislative drafters will be to have language that is technology neutral, so that the law will not become quickly outdated as technology changes.

My second key issue is the broader national security accountability framework and what impact it will have on the role of the CSE commissioner and the office.

The government introduced legislation to create a national security and intelligence committee of parliamentarians. I spoke about Bill C-22 before another committee last fall. I believe the greater involvement of parliamentarians who are cleared for access to classified information will help strengthen accountability and public trust. Will this happen overnight? No, but it is, in my view, an important beginning. We have considered how we might begin a productive relationship with the committee and its secretariat. This would, of course, involve the direction provided in the bill as it was presented, that the committee and each review body will take all reasonable steps to co-operate with each other to avoid any unnecessary duplication of work.

There remain, of course, many other departments and agencies that have some role in national security, but are not currently subject to reviews. I think we are talking about 17 departments and agencies right now that are not subject to any type of review.

It's 14.

There are 14. We await further information about the government's intentions for national security accountability mechanisms following the national consultations.

The main point I would make is that regardless of structure and the overall accountability framework, expert review, the type of review conducted by my office, the Security Intelligence Review Committee, known as SIRC, and by the Civilian Review and Complaints Commission for the RCMP, also known as the CRCC, is a necessary and key component.

My third key issue is related to the previous one.

Bill C-22 defines cooperation, or information sharing, between the committee of parliamentarians and the existing review bodies. However, the creation of a national security and intelligence committee of parliamentarians will entail, and even require, greater cooperation among the existing review bodies, in addition to our cooperation with the committee of parliamentarians.

At this time, a certain amount of cooperation can occur between review bodies. For example, my predecessor and I have sent letters to my colleague, the chair of SIRC, with recommendations or findings from our reviews of CSE activities that implicate CSIS. SIRC must then follow up on those issues as it deems appropriate. However, as I said before, there should be an explicit authority in the legislation for cooperation among review bodies.

If intelligence agencies must work together, I don't see why we, the oversight bodies, can't work together officially. At this time, we can work together to a certain extent, but when operational information is involved, we can't share it. For example, if we want to conduct a joint review with SIRC, it's very difficult because we can't share operational information.

My fourth key issue deals with transparency. Since the disclosures of highly classified documents stolen from the U.S. National Security Agency by Mr. Snowden, public trust in the activities of the intelligence agencies and the effectiveness of review or oversight mechanisms have been put into question.

Greater information and explanations of why certain activities are conducted by the agencies would help the public debate, as it has in the United Kingdom. There, public reports by the Intelligence and Security Committee of Parliament and by the Independent Reviewer of Terrorism Legislation have provided a great deal of detail that has, among other points, presented an operational case for use of certain authorities and powers.

I believe that most people engaged in this debate accept that secrecy is a fact of life in national security. The intelligence agencies would not be effective if they could not work in secrecy. It is important to point out that it is because of this fact that the review bodies were established in the first place, with security-cleared staff, to monitor what is going on inside the secret agencies and to assess whether activities comply with the law, including the protection of the privacy of Canadians.

Secrecy and the Snowden disclosures have raised scepticism. When the public learns of mass data collection, they want to know whether it is really necessary and whether there are adequate privacy safeguards. Explanations, indeed, would help.

The four issues I’ve described briefly will all help strengthen the accountability of national security activities and strengthen public trust.

In particular, I look forward to working soon with the committee of parliamentarians when it becomes a reality.

Thank you for this opportunity to appear before you today. My executive director and I would be pleased to answer your questions. Anyway, we'll try.

Thank you, Mr. Chair. We're ready to answer questions.

Thank you, Mr. Robillard.

I'll start by talking about my own organization.

Most, if not all, our employees are bilingual. Our office isn't large, but most employees and the executive director are bilingual. I'm bilingual, as are most of the investigators or review officers. In our meetings, French has a place, especially since the commissioner is francophone. He is bilingual, but he is of francophone origin.

It's difficult for me to talk about what happens at CSE, because I don't participate in its activities. The question should instead be addressed to the chief of CSE. I have an oversight role. I monitor and investigate CSE activities to ensure that they comply with the law and that the privacy of Canadians is protected.

First, I would say the government or Parliament should answer this question, since the government decided to build the buildings in that location. Since the two agencies are side by side, it's easier for CSIS and CSE to meet and hold discussions. This is especially true since, according to the National Defence Act, CSE—which I monitor—can assist CSIS, under part (c) of its mandate. The two agencies are side by side, which facilitates discussions and meetings.

With regard to Bill C-22 and the provision in that bill where we talk about the duplication, this is the suggestion that I've made. I'm not saying I'm the only one who has made that suggestion, but I made that suggestion a long time ago. If we want to be effective, the committee of parliamentarians and the expert review committees must not duplicate each other. As a matter of fact, more than that, we should be complementary to each other.

For the time being, not having seen how this new committee will operate, it's pretty difficult for me to tell you exactly how we will do it, but we have already made the offer so that when the secretariat is created, we will be there to assist them in any way, shape, or form, so that we can help them with regard—

Thank you very much. When you say I'm the expert, I think we should qualify that. I'm the expert in law. I'm a retired judge.

No. I'm a retired judge. I'm not an expert in technology, and I'm not an expert with regard to CSE activities. To give you an example, when I was sitting as a judge and presiding at a murder trial, let's say, I had expert witnesses who would come around and explain to me what it was all about. It's the same thing here. In my office I have all kinds of expertise to advise me on what to do.

Again as I said, we want to co-operate with this new committee because it'll need some assistance to start with, I suspect. We want to assist it, but as I said, right now it's pretty difficult for me to tell you exactly in what form we will do it.

All I can say is, in my case, last year I met with my counterpart in the States, the NSA inspector general, with regard to privacy protection. As you probably know, between the Five Eyes there is an agreement that nobody will spy on the others' citizens, and therefore, they will respect the privacy of Canadians in the other countries. I wanted to receive assurances from the NSA inspector general, who is my counterpart, in that regard. I did receive assurances that the Americans would treat Canadians as their own citizens. Therefore, they would not spy on them. They would protect the privacy of Canadians.

Am I answering your question?

If I might respond, that would be up to the American inspectors general, our counterparts there. Our focus is CSE's activities and the information that CSE shares with its counterpart, the National Security Agency in the United States. The commissioner's office has conducted an in-depth review several years ago on the sharing of SIGINT information. A number of recommendations that the commissioner made addressed some of the concerns that were identified in that.

As far as the CIA goes, that is not something that we would be dealing with. We're dealing with CSE and its sharing of information with its allies and ensuring that Canadians' privacy is protected in the course of that sharing.