Presentation by Michael Doucet

Ryerson University, Toronto – 17 September 2014

Presentation by Michael Doucet, Executive Director, SIRC

Intelligence Versus Privacy: A False Dichotomy?

Good afternoon (morning) and thank you for the opportunity to speak here today. I am Michael Doucet and I serve as the Executive Director of the Security Intelligence Review Committee.

The subject of this talk raises two important questions. 1. How can our governments manage both the requirement for a strong national security foundation and the privacy rights of our citizens; and 2. Are we forced to choose between privacy and freedom?

Building and maintaining trust in public institutions are key tenets of a democratic society. This task is especially important, but also very challenging, when an institution cannot be subject to rigorous public scrutiny because its work must be carried out under the veil of secrecy. This is the case with the Canadian Security Intelligence Service (CSIS), which has a responsibility to collect intelligence relating to threats to Canada’s national security.

In my time here with you, I would like to give you an overview of my organization, the Security Intelligence Review Committee, or SIRC – our history and mandate, our functions and responsibilities. Then I would like to discuss privacy and security in the context of technology and information sharing. I hope this information will provide you with greater perspective on SIRC’s role, the value we provide to CSIS and the intelligence community, and the assurances we provide to Parliament and the Canadian public.

In setting out the fundamental principles on which CSIS would be based, the Royal Commission that lead to its creation noted: “In a liberal society, which as a matter of principle wishes to minimize the intrusion of secret state agencies into the private lives of its citizens and into the affairs of its political organizations and private institutions, techniques of investigation that penetrate areas of privacy should be used only when justified by the severity and imminence of the threat to national security.” The task of ensuring that this balance would be met was entrusted to the Security Intelligence Review Committee, or SIRC.

For thirty years, the Security Intelligence Review Committee (SIRC) has been a core component of a system of checks and balances to keep CSIS accountable to Parliament and to all Canadians.

SIRC’s mandate is to help ensure that CSIS respects the fundamental rights and freedoms of Canadians while it investigates threats to national security both domestically and abroad. In doing so, the Committee ensures that CSIS does not undermine Canadians’ fundamental rights and freedoms while it carries out its mandate to guard against threats to national security.

I would like to underline the three main principles of SIRC, which, I believe, are at the heart of the work we carry out.

Independence - SIRC is an independent, external body, meaning that it is at arms’ length from the Government. SIRC does not report to any Minister, but rather directly to Parliament. Although Committee Members have diverse political and regional backgrounds, they sit on SIRC in positions of trust where partisan predispositions are unwelcome.

A highly competent and professional workforce – SIRC has a small, but dedicated staff with a great deal of diverse education and experience. Copies of our classified reports are sent to CSIS and the Minister of Public Safety and, historically, roughly 70% of our recommendations are accepted by CSIS, even though they are non-binding.

A productive and informed member of the national security community – SIRC staff, whenever possible and appropriate, liaise with academic, legal, intelligence, auditing and policing professionals. This helps to ensure SIRC staff stays well informed on issues related to our work. SIRC also continues to play an important role alongside Canada’s intelligence community by contributing to both the classified and non-classified dialogue on national security and evaluation/oversight.

SIRC has virtually unlimited power to review CSIS’s performance: with the sole exception of Cabinet confidences, meaning deliberations among Ministers, SIRC has the absolute authority to examine all information in CSIS’s holdings, no matter how classified that information may be.

SIRC also regularly reviews CSIS regional and international offices. These may include an examination of surveillance, targeting authorizations, community interviews and other matters. Regional and international reviews give SIRC an opportunity to examine how Ministerial Direction and CSIS policy actually affect the day-to-day work of investigators in the field.

SIRC is a professional organization that carries out its duties with objectivity and proficiency. It has three principal functions: to conduct reviews, to certify the CSIS Director’s classified annual report to the Minister of Public Safety and to investigate complaints. I would like to take moment to give you a very brief description of each of these activities and then I will walk you through a relevant example of the review work that we carry out.

SIRC’s Annual Report, which covers the 2013–2014 fiscal year, will be released in a few weeks. I recommend that you keep an eye out for it as it contains several very important reviews.

SIRC’s reviews for any given year are designed to yield assessments across a wide range of CSIS activities. To be clear, SIRC has the ability to review any CSIS activity or operation; this means that we review why and how CSIS targets individuals, how it uses and manages human sources, how it executes very intrusive warrant powers authorized by the Federal Court, its exchanges of information with domestic and foreign partners, its operations across Canada and abroad. Given the size of our staff, we must be strategic in its selection of areas to review in order to ensure broad, representative and timely coverage of CSIS activities, operations and programs.

Our second function, the certification process, requires us to assess the CSIS Director’s annual report to the Minister of Public Safety. The Director’s report provides the Minister with information to assist him in exercising ministerial responsibility for CSIS. SIRC examines this report and then provide an assessment of the legality, reasonableness and necessity of the Service’s operational activities.

Finally, SIRC investigates complaints. Under s. 41 of the CSIS Act, SIRC investigates “any act or thing done by the Service.” Under s. 42, SIRC investigates complaints about denials or revocations of security clearances to federal government employees and contractors. Far less frequently, SIRC conducts investigations in relation to referrals from the Canadian Human Rights Commission, or Minister’s reports in regards to the Citizenship Act.

In Canada, we have three review bodies which cover the major organizations involved in security – SIRC, which reviews CSIS, the Office of the Communications Security Establishment Commissioner (OCSEC) which reviews the Communications Security Establishment Canada, and the Commission for Public Complaints which reviews the RCMP. All three agencies also investigate complaints against the organizations they review.

I wish to stress that in this information age, SIRC is acutely mindful of the need for CSIS to respect its legislated information collection limits. Clearly, it is not because vast amounts of information are easily and publicly available that such information should be collected and retained by our security intelligence service.

I would like to use an example from a couple of years ago to illustrate the point I have just made about the delicate balance that must be struck.

In this particular review, SIRC chose to pay close attention to CSIS’s operational use of the internet. In our review, we set out to examine CSIS’s approach to investigative activities involving the Internet, both in terms of policy and procedure, in order to determine whether or not those policies and procedures were sound and had sufficient flexibility to adapt to the Internet’s rapidly evolving nature.

Of concern to national security is the growing contribution the Internet has on the radicalization of individuals, both in Canada and abroad, who may become threats to Canadian interests. The Internet plays an important role at every stage of radicalization, giving direct access to unfiltered extremist ideology, as well as providing an anonymous virtual meeting place for like-minded radical individuals. It also offers opportunities to build relationships and gain expertise and skills that were previously only provided in overseas training camps, thus giving potential terrorists easy access to operational information to help plan and execute a terrorist attack.

This review explored the existing strategies, policies and processes which guide CSIS’s operational use of the Internet. It examined a number of questions, such as:

• what kind of information can be obtained from the Internet that cannot be obtained through conventional means?
• What additional operational value does the collection of open information obtained on the Internet provide to CSIS investigations?
• What are some of the difficulties of using the Internet as an investigative tool, and
• how is the Service responding to these challenges?

To answer these questions, SIRC examined the role and contribution of a specialized unit. SIRC also looked at Service activities to understand how CSIS used the Internet to enhance its traditional investigative methods. SIRC examined an assortment of CSIS corporate and operational information and documentation and held briefings.

Over the course of the research, SIRC identified two considerations for CSIS when using the Internet for operational purposes.

The first consideration related to youth. Almost all youth spend time on the Internet. They are also often targets for extremist Internet propaganda. As a result, the likelihood of CSIS coming into possession of information dealing with minors in the course of its investigations has increased. CSIS interactions with young Canadians will no doubt increase as the Internet continues to be a prominent radicalizer of youth. Indeed, many of the products that have been put on the Internet for recruitment or radicalization purposes are designed to attract the youth market. In its review, however, SIRC came across several instances where CSIS collected and reported on information pertaining to minors. The volume of information pertaining to young people being entered – and therefore permanently retained – in operational reporting, is on the rise.

Ministerial Direction and internal CSIS direction have already stressed the need for CSIS to give special consideration when dealing with youth. Therefore, SIRC recommended that CSIS should impress upon its employees the need to exercise added caution when collecting and retaining information relating to a youth.

The second consideration related to open source information. CSIS derives its mandate and powers from the CSIS Act, which also sets clear limits on the type of activity that may be investigated, the ways that information can be collected, and who may view the information. For example, under s. 12, CSIS shall only collect “to the extent that is strictly necessary”, intelligence respecting activities that may “on reasonable grounds” be suspected of constituting threats to the security of Canada. These limits are echoed and further defined in ministerial direction given to CSIS.

Although a great deal of open source information can be collected from the Internet, SIRC reminded CSIS employees that such information should still be subject to the same “strictly necessary” test as information received from other sources.

As we have seen recently with the public concern surrounding privacy and information collected and sold by large internet companies and social media, simply being able to collect information does not necessarily mean that you should have it, and having it does not necessarily mean that you can do with it what you will. In the future, citizens and consumers will start to seek the types of assurances from businesses that they currently receive from government in the form of review, evaluation and audit.

For SIRC, there have been many changes in the security, intelligence, and certainly technological landscape over the last 30 years. There is some debate now as to whether the legislation that created CSIS and SIRC is still as relevant today as it was in 1984. As we mark our 30^th anniversary this year, we will be looking at our role – where we started, where we are and where we are heading. For more on that, I will encourage you to keep an eye out for our Annual Report which will be released in coming weeks.

I will end my introductory comments here to allow time for discussion. In closing, I would like to refer to the Royal Commission that ultimately led to CSIS’s and SIRC’s creation in the early 1980’s. In the report, there is quote from former Prime Minister Lester B. Pearson that, although dated, is still very relevant and insightful for us today. Pearson noted the importance that “the protection of our security does not by its nature or by its conduct undermine those human rights and freedoms to which our democratic institutions are dedicated.” Although the threats to our collective security have changed in nature and scope in the past thirty years, SIRC very much adheres to this viewpoint in carrying out its work.