Office of the Information Commissioner of Canada
November 24, 2016
Check against delivery
Good afternoon honorable members. Thank you for inviting me to appear during your study of Bill C-22. I am here today with Nadine Gendron, Legal Counsel.
First, I wish to commend the government on tabling legislation to create a parliamentary oversight body of our national security agencies. The recommendation to create such an oversight committee dates back many years. The Committee could, with a properly designed legal framework, do much to increase public trust in our national security agencies.
However, I do have some concerns with the Bill. These concerns are based on my own experience in an oversight role as the Information Commissioner of Canada.
My comments today will be directed first to the review function of the proposed Committee and second to the application of the Access to Information Act to the newly created Secretariat that will support the Committee.
With respect to the review function of the Committee, I have concerns with the following six areas:
The Committee will have a broad mandate to review matters related to national security and intelligence. A broad mandate is important as it will allow the Committee to direct its inquiries as it sees fit.
However, clause 8(b) of the Bill undercuts this mandate by providing that the Minister of a department may override a review where the Minister determines it would be injurious to national security.
This override essentially turns the Committee’s broad mandate into a mirage. It will undermine any goodwill and public trust that may have built up towards the Committee, and by extension, the national security agencies it oversees.
My next area of concern with Bill C-22 is the exclusions to the Committee’s right to obtain information. These are found at clauses 14 and 16 of the Bill.
I can tell you, based on my seven years’ experience as Information Commissioner, that exclusions to oversight undermine the review function.
Under the Access to Information Act, but for a few exclusions, I have access to all records during my investigations so that I may independently review decisions on disclosure.
The notable exception to my review power is Cabinet confidences. Cabinet confidences are excluded from the application of the Access to Information Act. This means that when I investigate a complaint about Cabinet confidences, I cannot require that those records be provided to my office. I cannot independently assess whether they are in fact Cabinet confidences and therefore not subject to the right of access. This severely curtails my ability to provide effective oversight of this exclusion.
I still investigate complaints about Cabinet confidences to the best of my abilities. In fact, in 2015-2016, I was able to conclude that 12% of complaints closed that year about the Cabinet confidences exclusion were well founded, even without being able to see those records. Imagine what I might be able to conclude if I could see the records.
Based on this experience, I am of the view that the Committee will face difficulties in fulfilling its mandate if it cannot obtain relevant records.
In contrast to the Committee, as the Information Commissioner of Canada, I have the authority to review records related to national security and intelligence. There is, in fact, a large discrepancy between the records that I can see and what the Committee will be able to see. I have prepared a chart setting out those differences.
Based on my experience viewing these records, there is a tendency for institutions to interpret exemptions in an over-broad manner.
To give you a sense of how exemptions to disclosure related to national security and intelligence can be over-applied, let me give you a few examples.
In my first example, CSEC was asked to release in graph form information about its Support to Lawful Access program. Specifically, the requester wanted to know the number of requests CSEC had received to provide technical and operational assistance to federal law enforcement and security agencies, and whether it had accepted or rejected those requests. It initially refused this request, citing the national defence exemption. Eventually, I was able to convince CSEC that releasing aggregate totals and categorical information would not result in injury to national defence.
In my second example, CSIS used the exemption for national defence to withhold from disclosure the amount it had contributed to a conference at Université Laval and the annual budget of its Academic Outreach program. In my investigation, I found that CSIS’s involvement in the event was publicly known – its logo had appeared on the conference program, which was posted on the Internet. I also determined that CSIS had not demonstrated that releasing this information would harm national defence. Eventually, CSIS agreed to release the amount of its contribution to the conference, but it continues to withhold its Academic Outreach budget figures.
My final concern related to the exclusions at clauses 14 and 16 is that they include no explicit consideration of the public’s interest in providing the Committee with this information. This would require that the Minister balance the public interest against the national security interest when deciding whether to disclose the information to the Committee.
My third area of concern with the Bill is found at clause 15(3). This provision states that after the appropriate Minister receives a request for information, he or she must provide or cause the information to be provided to the Committee “in a timely manner.”
Similar language to this is used in the Access to Information Act, which provides that extensions in responding to access requests may be taken for a “reasonable period of time”.
I have found language like this to be vague and open to abuse. In the access world, delay is a frequent subject of complaint by requesters. Where timeliness is at issue without resolution, requesters and I can seek redress from the Federal Court. Under Bill C-22, there is no such dispute resolution mechanism.
My fourth concern with the Bill relates to the private nature of the Committee’s meetings. Clause 18 provides that the Committee’s meetings are to be private “if any information that a department is taking measures to protect is likely to be disclosed during the course of the meeting or if the Chair considers it to be otherwise necessary.”
This strikes me as an unclear threshold for the Committee to go in camera and could easily result in nearly all of these meetings being private. This does not bode well for transparency.
I next wish to discuss clause 22 of the Bill. This clause provides that the review bodies of the RCMP, CSIS and CSEC may provide information under their control to the Committee related to the fulfilment of its mandate. In fact, these bodies are directed to cooperate with the Committee at clause 9 of the Bill.
However, this direction to cooperate and share information is weakened by clause 22(2) of the Bill. This clause prevents the review bodies from sharing with the Committee all the information listed in the mandatory exclusions at clause 14. It also prevents the review bodies from sharing information that a Minister had decided to withhold from the Committee, per clause 16.
I have already voiced my concerns with clauses 14 and 16. It is my view that clause 22 compounds those issues, and will prevent the review bodies from cooperating in a meaningful way with the Committee.
The sixth area of concern I have with this Bill is the final nature of decisions made by ministers. The Bill prohibits the Committee from seeking judicial review of a Minister’s decision. This can be found at clause 31 of the Bill.
I have concerns that giving the Minister final decision making authority could lead to overly-broad interpretations of the law that favour non-disclosure to the Committee.
I am also concerned with how the Access to Information Act will apply to the Secretariat of the Committee. Bill C-22 proposes to extend coverage of the Act to this institution, which is designated with assisting the Committee in fulfilling its mandate.
The purpose of the Access to Information Act is to provide a right of access to all records under the control of institutions that are subject to the Act, subject to limited and specific exceptions. Balancing the right of access against claims to protect certain information is at the core of the access to information regime.
Extending coverage of the Access to Information Act to the Secretariat is a positive aspect of Bill C-22 in ensuring transparency and accountability of this institution.
However, it is not clear to me how much information requesters will actually be able to obtain from this institution. Bill C-22, at clause 35, adds an exemption to the Access to Information Act that is, in my view, overly broad and could result in the Secretariat having only the veneer of transparency.
The Bill proposes to exempt from the right of access any record that contains information created or obtained by the Secretariat or on its behalf in the course of assisting the Committee in fulfilling its mandate. This is a mandatory exemption, which means that once the Secretariat has determined that the exemption applies, it is under a legal obligation to refuse access.
My issue with the breadth of this exemption is three-fold.
First, the proposed exemption is mandatory. Discretionary exemptions are preferable because they allow for a balancing of factors, including the public interest in disclosure.
Second, it applies to any record that contains the protected information. When language like this is used in an exemption, it means that once it has been determined that a record contains protected information, the entire record is protected. This is the case even if only a small portion of the record actually contains information that legitimately requires protection. This essentially nullifies an institution’s otherwise mandatory obligation to sever and disclose non-protected parts of a record.
Third, the exemption applies to any information obtained or created in the course of assisting the Committee in fulfilling its mandate. This begs the question: what is considered “assisting the Committee in fulfilling its mandate”? Does it encompass assistance of a more administrative, technological or financial nature?
In my view, the exemption as currently drafted goes beyond protecting national security.
I have raised several concerns about Bill C-22 that I believe will impede the Committee in carrying out its mandate.
Fortunately, I also believe that there are relatively simple solutions to address these concerns.
First, there should be no ministerial override of the Committee’s review function.
Second, the Committee should have robust access to records, with no limitations. This is necessary in order for the Committee to properly fulfill its mandate.
I do not recommend giving the Committee broad access to national security and intelligence information lightly. I am acutely aware of the security risks posed in sharing information like this. However, I would point out that at my office, we are entitled to review records of all security classification, up to and including records that relate to signals intelligence. For all investigation files, security measures are put in place to meet the security classification of the records. In the thirty plus years my office has seen these records, we have never had a security breach. It is my belief that similar security measures could be put in place for the National Security and Intelligence Committee and its Secretariat. It is important to understand that giving access to information to the Committee does not mean disclosure of the information to the public.
In the event that limitations on the Committee’s access to information are determined to be necessary, then I recommend that a public interest override be added. This way, Ministers will be required to determine if non-disclosure to the Committee is necessary and proportionate as compared to the public interest in having the Committee review the information, bearing in mind the accountability function the Committee plays.
Third, there should be a precise number of days to provide information to the Committee. In my experience, thirty days is generally sufficient time. Extensions should be available, but only with the permission of the Committee.
Fourth, it should be clearly stated in the Bill that the Committee’s meetings will be public by default. Meetings should only go in camera where a clear threshold is met, such as where disclosure of the information during a public meeting would be “injurious to national security”, and only for the length of time necessary to prevent injury.
Fifth, there should be no limitations placed on other review bodies when collaborating and sharing information with the Committee.
Sixth, decisions made by ministers should be reviewable by the Federal Court.
Hand in hand with this recommendation, I would also recommend that if it is determined that some exclusions to the Committee’s access to information are necessary, any disputes about the application of exclusions should be subject to judicial review. This will limit over-claiming of exclusions.
Finally, the exemption under the Access to Information Act for the Secretariat should be discretionary and focused on protecting only the information that is subject to the review function of the Committee. I also recommend that the exemption only protect information, and not “any” record that contains such protected information. This will result in meaningful access to the Secretariat.
Events such as the recent Federal Court decision regarding CSIS’s retention of Canadians’ metadata, the revelation that Quebec’s provincial police have been spying on journalists and the Snowden affair have eroded the public’s trust in its security and intelligence agencies.
The work of the Committee will be a key pillar in regaining that trust and increasing the accountability framework of our national security agencies.
However, if we want the Committee to be successful, it must function under an appropriate legal framework. At present, Bill C-22 does not strike the right balance between protecting the national security interest, and transparency and accountability. In its current form, the Committee will not be able to achieve its goal.
In closing, I would like to thank this committee for the opportunity to present my views on Bill C-22. I would be pleased to answer any questions you might have.
Thank you, Mr. Chair.