PACP Committee Report

INTRODUCTION

A number of organizations within the federal government collect, analyze, and share information related to the country’s security. This includes the Canadian Security Intelligence Service (CSIS), Royal Canadian Mounted Police (RCMP), National Defence, Communications Security Establishment Canada, Canada Border Services Agency, Foreign Affairs and International Trade Canada, and Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).

The threat and reality of terrorist attacks, such as the Air India disaster in 1985, demonstrate the need for these organizations to effectively manage security intelligence. At the same time, the government must maintain a balance between protecting the privacy of citizens and ensuring national security. The decisions and activities of intelligence agencies should be legal, consistent, appropriate, and subject to examination by independent review agencies.

In March 2009, the Office of the Auditor General (OAG) presented to Parliament a follow-up audit on National Security: Intelligence and Information Sharing.^[1] This audit assessed the progress the government had made in implementing previous recommendations from audits in 2003 and 2004.

Given the importance of national security, the Standing Committee on Public Accounts held a meeting on this audit on 26 May 2009.^[2] At this hearing, the Office of the Auditor General was represented by Sheila Fraser, Auditor General of Canada; Hugh McRoberts, Assistant Auditor General; and Gordon Stock, Principal. The Committee heard from several government officials. Public Safety Canada was represented by Suzanne Hurtubise, Deputy Minister. Transport Canada was represented by Louis Ranger, Deputy Minister, and Marc Grégoire, Assistant Deputy Minister. The RCMP was represented by Tim Killam, Deputy Commissioner, Policing Support Services, and Guylaine Dansereau, Director, Canadian Criminal Real Time Identification Services. The Committee also heard from Marie-Lucie Morin, National Security Advisor to the PM and Associate Secretary, Privy Council Office.

BACKGROUND

In 2003, the OAG examined the level of independent review in place for each agency with the power to collect intelligence on Canadian citizens.^[3] The OAG reported that independent reviews of security and intelligence agencies and their reporting to Parliament varied significantly among agencies.

In 2004, the OAG examined intelligence management across the government, from setting priorities for intelligence to coordinating and sharing information between departments and agencies.^[4] The OAG found deficiencies in the assessments of lessons learned following critical incidents, in information and communications systems, in security screening for airport personnel, and in the use of watch lists and lookouts.

The 2009 follow-up audit examined progress made against the recommendation made in 2003 and selected recommendations from 2004. The OAG concluded that the government had made satisfactory progress in only 8 of the 12 recommendations examined. The OAG also made three new recommendations in the follow-up audit, and the Committee fully supports these recommendations.

As the various government organizations affected by the recommendations in the 2009 follow-up audit agree with the recommendations, the Committee expects that they will have a plan of how they will implement the recommendations. As requested, an action plan was provided to the Committee prior to the hearing; however, it did not contain the level of commitment, detail, or timelines that the Committee would like to see and has received from other organizations.

INDEPENDENT REVIEW OF INTELLIGENCE AGENCIES

In recent years, there have been several inquiries and reports about the actions of Canada’s security and intelligence agencies, such as the Commission of Inquiry into the Actions of Canadian Officials in Relation to Maher Arar; the Internal Inquiry into the Actions of Canadian Officials in Relation to Abdullah Almalki, Ahmad Abou-Elmaati and Muayyed Nureddin; and the Commission of Inquiry into the Investigation of the Bombing of Air India Flight 182. These inquires have raised concerns about how Canada’s security and intelligence agencies use and share intelligence information. This leads to questions about the level of independent, external review of security and intelligence agencies.

In 2003, the OAG found that the level of independent review in place for each intelligence agency varied greatly. For example, CSIS has a relatively strong external review regime, but the RCMP does not, as the Commission for Public Complaints Against the RCMP can investigate only specific complaints or occurrences. Additionally, some agencies involved in security intelligence or enforcement, such as the Canada Border Services Agency, are not subject to independent review. The OAG recommended that the government ensure that security and intelligence agencies be subject to levels of external review and disclosure proportionate to the level of intrusion.

In its study of wrongdoing in the administration of the RCMP’s pension and insurance plans, the Public Accounts Committee was also concerned about the limited nature of the external review of the RCMP and recommended that the government strengthen the legislative authority of the Commission for Public Complaints Against the RCMP to enable it to conduct self-initiated reviews, as well as to guarantee it the full access to documents and persons that is included in the powers of subpoena.^[5]

The OAG’s 2009 follow-up audit noted that Public Safety Canada had taken the lead in coordinating an assessment of the independent review regimes of intelligence agencies and had completed several background papers, including principles for an improved review model. However, at the time of the audit, no decisions had been taken to ensure that agencies are subject to a level of review proportionate to their intrusive powers. The OAG deemed progress was satisfactory because the government had completed its assessment.

The government’s action plan indicates that it is undertaking two separate initiatives: “the Government is currently developing a proposal to strengthen the RCMP’s review and complaints body,” and, “The Government is also developing options to enhance the broader national security review framework.” However, these comments do not provide a timeline for taking action on the security review framework. At the hearing, officials told the Committee that a considerable amount of work has been done on this issue, and the government was waiting for the Air India inquiry to report before taking action. The Committee appreciates the need to do research and analysis on the options available and the need to allow the Air India inquiry to report, but the Committee believes that this issue has been outstanding for a number of years, and the government needs to make progress on both of these initiatives. The Committee recommends:

RECOMMENDATION 1

That Public Safety Canada report to the Public Accounts Committee by 31 December 2009 on progress in strengthening the RCMP’s review and complaints body.

RECOMMENDATION 2

That Public Safety Canada report to the Public Accounts Committee by 31 December 2009 on progress in enhancing the national security review framework.

BALANCING PRIVACY WITH NATIONAL SECURITY

In its 2004 audit, the OAG found that departments and agencies were not sharing some intelligence information due to concerns over violating provisions of the Privacy Act or the Charter of Rights and Freedoms. While the Act appears to accommodate the sharing of information for national security reasons, departments and agencies could not support their interpretation of the law for not sharing information. The OAG noted that officials could not provide any legal opinions, specific references to legislation, or judgments as a basis for that opinion.

The 2009 follow-up audit found little progress since 2004 in balancing privacy concerns with information sharing. The Department of Justice Canada had been tasked by the Deputy Minister Committee on National Security, which includes representatives from the Privy Council Office, the Treasury Board of Canada Secretariat, and Public Safety Canada, to prepare an inventory of legal problems related to the sharing of national security data. The Treasury Board of Canada Secretariat collected 16 instances where departments and agencies reported potential legal barriers to information sharing. Department of Justice Canada officials told the OAG that a potential solution to information sharing problems would be to amend departments’ and agencies’ legislative mandates. However, the Department of Justice Canada and the Treasury Board Canada Secretariat had provided little direction to government departments and agencies.

The OAG recommended that the Privy Council Office and Public Safety Canada, with the assistance of Justice Canada and Treasury Board Secretariat, should increase their efforts to examine and provide guidance on the sharing of information. The departments’ responses primarily committed to continuing current efforts related to sharing information. The action plan notes that, “The Department of Justice is leading an initiative to review the legal challenges that arise in the sharing of information for national security purposes.” This may be a promising initiative, but there is no timeline for its completion, nor a proposed objective for the initiative. Additionally, the OAG’s recommendation was directed primarily at the Privy Council Office and Public Safety Canada as the OAG had determined that actions taken to date had been inadequate, but it is not clear what increased efforts these organizations will take to examine and provide guidance on the sharing of information. The Committee recommends:

RECOMMENDATION 3

That the Department of Justice Canada report to the Public Accounts Committee by 31 December 2009 on the results of its review of the legal challenges that arise in the sharing of information for national security purposes.

RECOMMENDATION 4

That the Privy Council Office and Public Safety Canada indicate what increased efforts they will take to examine and provide guidance on the sharing of information among government departments and agencies while balancing privacy concerns with national security concerns.

AIRPORT SECURITY

Transport Canada grants clearances to employees who wish to work in the restricted areas of Canada’s airports. Transport Canada screens applicants to ensure that persons who may cause unlawful interference with civil aviation do not receive a clearance pass. Transport Canada relies on the RCMP to check applicants for criminal records, and the Canadian Security Intelligence Service to check for terrorist links.

The 2004 audit found that some individuals that had been granted clearance to work in restricted areas of airports had a criminal record and others were involved in criminal conspiracy. The 2009 follow-up audit found a case where a pass had been granted to an individual who had assault and weapons convictions and was under investigation for a murder relating to drug smuggling at a large airport. Additionally, an RCMP analysis released in 2008 found that there were more than 60 employees at Canada’s largest airports with criminal links, and many organized crime groups were found working within or using these airports.

The OAG expressed concern in the follow-up audit that the RCMP may receive incomplete information on applicants from Transport Canada, and the RCMP may not give full information to Transport Canada. Also, Transport Canada had not developed criteria for reviewing applications for restricted area passes. The OAG recommended that Transport Canada and the RCMP increase efforts to share information on individuals who have applied for security clearance, and Transport Canada should clarify its criteria and procedures for granting security clearance to individuals with previous criminal links.

In his opening statement to the Committee, the Deputy Minister of Transport informed the Committee of various activities his organization was taking in response to the audit. He said:

First, on April 8th, Transport Canada and the RCMP entered into a new information sharing agreement to provide expanded criminal background checks on individuals working in restricted areas of Canada's transportation system. Transport Canada will share more complete data with the RCMP, and the RCMP in turn will perform expanded background checks using multiple criminal databases available to the RCMP. Second, we are developing strengthened guidelines and criteria against which applicants will be assessed. Thirdly, we are amending the Transport Security Clearance Application Form to address new consent and new criteria requirements. Fourthly, Transport Canada will review all current security clearance holders, all of them, based on these improved procedures to identify any previously unknown adverse information that could suggest that an individual may pose a risk to civil aviation.^[6]

These look like promising steps that may address many of the OAG’s concerns. However, the action plan only makes reference to the Memorandum of Understanding with the RCMP on intelligence sharing, and notes that these organizations will meet at a minimum of every six months to review the security and screening process and implementation of the interim plan. The Committee would have expected the action plan to list the actions noted by the Deputy Minister in his opening statement, as well as include timelines for their completion.

More importantly, a significant gap remains with respect to Transport Canada’s mandate, which the Deputy Minister described to the Committee: “Our mandate is quite clearly defined in the Aeronautics Act. It relates to making regulations respecting prevention of unlawful interference with civil aviation. We're always ready and more than happy to help other processes deal with the broader issues but we deal strictly with the unlawful interference with civil aviation.”^[7] However, as the Auditor General noted, this means that, “Transport Canada does not see its role as preventing criminal organizations from infiltrating airports. If it does prevent unlawful activity at airports as a result of its screening process for airport workers, this is seen as a side-benefit.”^[8] Thus, risks of drug smuggling and other criminal activity are not necessarily grounds for denial of security clearance, and Transport Canada may be granting clearance to high-risk individuals for work in secure areas of Canada’s airports. The 2004 audit and the RCMP analysis noted above indicate that this may indeed be the case.

While the Committee understands that Transport Canada is limited by its current legislative mandate, the Committee is concerned that insufficient actions are being taken by federal government organizations to prevent unlawful activity at Canada’s airports. If there are indeed barriers, then these need to be overcome. Legislation should empower government organizations to act rather than become an excuse for inaction. It may be necessary to change Transport Canada’s mandate, to interpret its mandate more broadly, or to ensure that other organizations assume responsibility. Regardless, action needs to be taken. The Committee recommends:

RECOMMENDATION 5

That Transport Canada work with other federal organizations to ensure that individuals with a high risk of conducting criminal activity do not receive clearance to work in restricted areas of Canada’s airports, and that Transport Canada report to the Public Accounts Committee by 31 December 2009 on the progress of this initiative.

COMMUNICATIONS SYSTEM

A barrier to information sharing is the lack of a government-wide system allowing communication at the “secret” level among departments and agencies. The 2004 audit found that a previously proposed system had been abandoned when it was found it could be vulnerable to attack.

Public Safety Canada is the lead department for developing a new communications system.  The Deputy Minister of Public Safety told the Committee about progress made to date. She said:

With respect to the secure communications project that you're referring to, I can certainly say that we were given sufficient budget, about $34 million, to implement this pilot, to create it, devise it, and implement it, which we have done to develop the technical specifications, to develop the protocols for use, to test it, to make sure that it could then be rolled out. That has been done. We did have sufficient funds to do that. Parliament voted sufficient funds for us to do that and that phase is now complete. The issue now and I don't believe we referred to it explicitly, but the next phase now is whether or not it gets implemented and how it gets implemented. For it to be implemented, additional funds will be required, but we certainly had the funds to do the pilot we were responsible for.^[9]

In other words, the government has developed and tested a pilot project of the communications system. The OAG rated progress on this issue as satisfactory because while progress was slow to start, better progress had been made in the latter period under examination. However, as the Auditor General noted, “at the time of our audit the project was still in the limited implementation stage, and its success was contingent upon its receiving additional funding and user acceptance.”^[10]

The action plan did not indicate a possible direction forwards for this initiative. It states, “Since the summer of 2008, Public Safety Canada has successfully completed the testing of the system and has validated the security of the system. The Department has engaged federal departments and central agencies to discuss further deployment of the system.” From this, it is not clear whether this project will proceed and what its timeline for completion would be. The Committee recommends:

RECOMMENDATION 6

That Public Safety Canada report to the Public Accounts Committee by 31 December 2009 on progress in completing the government-wide communications system at the secret level.

CONCLUSION

Overall, the OAG concluded that the government has made satisfactory progress since the 2003 and 2004 audits. The OAG found progress in the organization and coordination of priorities, in the reduction of the fingerprint backlog, in developing a computerized system to analyze digitized fingerprints, and in improving the reliability of watch lists of individuals considered to be of interest. However, in other areas, there was little or no progress or it was slow.

The government needs to move forwards with revising the independent review framework for intelligence agencies, resolve potential legal barriers to information sharing, ensure that high-risk individuals do not have access to restricted areas at airports, and complete a government-wide communications system at the secret level. Work has been done in all these areas, but it is not complete. The action plan developed in response to the follow-up audit could have specified in more detail what actions the government intends to take and when it hopes to complete them, but it did not. A more thorough action plan would have made many of the recommendations in this report redundant. The Committee hopes that the government will take these issues seriously and provide more clarity and precision of how and when it will resolve them.