The best example would be, again, that of travellers. The information about travellers, many of whom are not a risk to national security, may be relevant and may contribute to the mandate of the receiving agency, to use the words of the new section 5, because in the mass of travellers there might be some who are a threat. To have information on a more permissive relevancy or contribution standard may be acceptable at the front end. However, when that information is then received and analyzed by the national security agency and the agency determines that the individual is not a threat, on what basis should the information be used and, moreover, retained by the agency? The retention of information about 99.9% of the travellers who are not a threat is not necessary to its work, to its mandate.
In looking at Bill C-59 as a whole with all of its parts, I'm struck by the fact that parts 3 and 4 have essentially the standards. I understand that relevance and necessity are somewhat esoteric notions, but in parts 3 and 4, the government and you as parliamentarians are seized with a bill that recognizes that there is a need for the higher necessity threshold in some circumstances.
CSIS and the CSE will not be able to use and exploit the personal information of individuals unless it meets a necessity test. If it's good for parts 3 and 4, I'm saying it should be good for part 5.