That's a good question.
Let me start with how it begins. For example, when I was a field officer in the region—I worked in three regions—I would want to talk to someone, and let's say they had an interesting contact with someone, so I would make a disclosure. I would say what organization I'm with and, “I'm Dan.” At some point during an interview, without my saying too much, they're going to know that I'm interested in “Mr. Blah-blah”.
In order to carry out their mandate, CSIS people themselves, in various capacities, can make disclosures. In many ways it's to carry out the mandate; it could be a bit of gaining someone's confidence or at some point getting support and maybe even eventually having a source relationship. They can do that. However, the day-to-day stuff that's reported to government is going to government readers, and it won't be a high-up sign-off, really. It will be just a regular process, as we've seen with these inquiries, in which there are all sorts of intelligence products going to various government departments—assessments, raw material—and it won't be much higher than a middle manager decision.
It gets really dicey when you get into things like intelligence being provided to law enforcement. That's when people start getting nervous and when you're going to have higher involvement. A director general will have input into it, or something even more sensitive is obviously going to be bounced up to the executive level.
There are protocols in place.