Mr. Chair and honourable members, thank you for giving me the opportunity of discussing with you the Arar report, which was presented by Justice O'Connor in September 2006, and part two was delivered in December 2006.
In that regard I acted as his commission counsel in the Arar inquiry, which was conducted over a period of two and a half years. In the limited time I have today in my presentation, I want to focus on the recommendations that were made by Justice O'Connor in parts one and two.
Now I'll give a little background.
As you know, Maher Arar is a Canadian citizen who was stopped at the Kennedy Airport in New York City in September 2002, where he was flying through on his way back to Montreal. He was detained by American officials for 12 days and was subsequently removed to Syria, which is the country of his birth. He was interrogated, tortured, and held in inhumane conditions in Syria for close to one year. On October 5, 2003, he was released and returned to Canada.
To this time, he has never been charged with any offence by Canadians, Americans, or the Syrians. In January 2004 the federal government called a public inquiry because of the political pressure that had been building up in respect of the role of Canadian officials regarding the treatment of Mr. Arar in the United States and Syria.
The public inquiry had two parts. Part one was the factual inquiry, wherein Justice O'Connor looked at what happened and reported on the role of Canadian officials in respect of Mr. Arar's treatment. Part two was the policy review, wherein he was called upon to recommend an independent arm's-length review mechanism for the RCMP in respect of its national security activities.
Now, as far as part one is concerned, the what, why, where, and how, just focusing on the main conclusions, an important part of part one was the information sharing that was conducted by Canadian authorities and in particular by the RCMP. After reviewing all of the evidence, Commissioner O'Connor concluded that the RCMP provided American authorities with information that was inaccurate, unreliable, misleading, and that certainly viewed Mr. Arar in a very negative sense. You must contemplate the context of this. This is a year after 9/11, where the American authorities obviously—as was put by one witness—had a great deal of adrenalin as far as alleged terrorists were concerned.
It was also found that the front-line investigators gave the American authorities, the FBI, information on Mr. Arar that was misleading while he was detained in the United States and while the Americans were interrogating him.
Now, as far as his stay in the United States is concerned, there was no evidence that Canadian officials played any role in the decision of the American authorities to detain Mr. Arar. However, the evidence was clear that American authorities relied upon misleading information that was given to them by the RCMP and that no doubt played a role in his detention by the Americans.
As I said before, after about 12 days they removed Mr. Arar to Syria. Even though they had the option of sending him 200 miles to the border outside of Montreal, they preferred to send him 3,000 miles to Syria because of their view that they didn't want Mr. Arar walking on the streets of Canada.
In Syria, as I said before, it was found that Mr. Arar was tortured and was kept in inhumane conditions for close to a year, and unfortunately, even though Canadian officials, consular officials, had access to Mr. Arar on eight occasions during that time, it was not recognized that he was being tortured at that time because of the manner in which the interviews occurred. Syrian officials were present during the interviews, and unfortunately because of lack of training they did not recognize that he was being tortured.
Upon his return to Canada in October 2003, unfortunately, a lot of information was put out about Mr. Arar that was misleading, that violated national security principles because it was confidential information, and it was made to look as if Mr. Arar was somewhat dangerous and somewhat of a terrorist. Unfortunately, that leaked information has never been reviewed in terms of a criminal prosecution. To this day nothing has happened.
As far as the recommendations of part one are concerned, Justice O'Connor made 23 recommendations. I'll focus on the most important ones.
The first one is on information sharing. Obviously Canada must continue to share information with our foreign partners, but he said that surely we have to screen such information for relevance, reliability, accuracy, and to ensure it complies with our privacy laws.
He also said the RCMP individuals or investigators who are involved in national security must be better trained. They might be great police officers, but that does not mean they're competent to conduct a national security investigation.
He also stated that the RCMP should never provide information to a country with a poor human rights record if the information will cause or contribute in any way to the torture or inhumane treatment of a Canadian held abroad. In other words, Canadians should not be complicit in torture.
The other point he makes in terms of torture is that if we are going to accept information from a country with a poor human rights record, we have to look at the political and the human rights implications of that; and if we are going to accept such information, we had better ensure and assess its reliability, because by definition, such information is usually very unreliable.
Moving to part two of the mandate of the Arar inquiry, which was to make policy recommendations concerning a review mechanism for the RCMP, Justice O'Connor concluded that the existing mechanism for review of the RCMP activities is totally inadequate, for a number of reasons.
Over time, the amount of information sharing the RCMP does has increased immensely. The RCMP now has increased police powers, particularly in the area of national security. A number of practices, such as integrated policing along with other partners, require a more effective review mechanism.
He said that because of the secret nature of national security activities or investigations, it's difficult to monitor that by a complaints-based approach, because people, Canadian citizens, really don't know, for the most part, whether these activities are violating policies and the law and so on.
As a result of that, he recommended that the new review mechanism have the authority to initiate a review of RCMP activities in the national security area on its own. This would be very similar to the power that currently exists with respect to the security intelligence review committee with respect to CSIS operations.
Once again, this kind of power is necessary because these national security investigations are beyond judicial scrutiny, for the most part.
The other important enhancement in terms of a review mechanism that he recommended was that the new review body should be given broad investigatory powers, similar to the powers of a public inquiry. He reviewed the interrelationship between the present CPC and the RCMP and found that it was ineffective because of the limited access to RCMP information the CPC had.
He recommends that this new body have the authority to determine what information it needs to effectively fulfill its mandate. This would involve the power to subpoena, the power to compel testimony, and so on.
The new body, which he called the Independent Complaints and National Security Review Agency for the RCMP--ICRA is the acronym, I guess--would have jurisdiction to review all of the RCMP's activities, not only its national security activities. He said that it's a judgment call, but it's better to have one body reviewing all of the activities of the RCMP, because we need a body that is expert in police work and law enforcement, and so on, and there may be jurisdictional problems if you created separate bodies to review its national security activities and its other activities.
Because of the highly integrated nature of most national security investigations--and the Arar inquiry was a good example of that; we had to review the activity of the RCMP, of CSIS, of the CBSA and so on--he said that other agencies that are involved in national security should be subject to review as well, such as the CBSA, DFAIT, and so on.
Finally--I see my time is running out--he recommended the creation of an overall committee, an independent committee that would be composed of the chair of the new RCMP body, SIRC, the CSIS body, the CSE commissioner, and an independent person, which would review all of the national security review that is done by these bodies, as well as being the place where a citizen would go to file a complaint. Any national security complaint would be filed with this new committee, which would determine which of the three bodies should be involved in its review and also make recommendations concerning national security review policy in the future to the government.
I could go on, but I think it's better to leave more matters for questions.
In conclusion, I would suggest that if we do ever get this kind of effective mechanism for a review of national security activities, there will no longer be a need for these expensive public inquiries and ad hoc inquiries that we have had over the last five years. It's going to be a restructured body, not a completely new bureaucracy, and in our view it'll be effective, efficient, and most importantly, will respect our human rights.
Thank you.
:
Thank you very much, Mr. Chairman, honourable members.
I'm here as the Privacy Commissioner of Canada, and the relevance to the topic we're discussing today is that under the Privacy Act my organization has the authority to take complaints, to investigate, and to audit the personal information practices of more than 250 agencies and departments, including the RCMP, CSIS, and other national security agencies, such as FINTRAC.
Accompanying me today is Chantal Bernier, who is assistant commissioner for the Privacy Act. Madame Bernier was formerly assistant deputy minister in the Department of Public Safety and Emergency Preparedness. And with me as well is senior adviser Mr. Carman Baggaley, who accompanied me when I appeared before the inquiries of Mr. Justice O'Connor and Mr. Justice Major.
I believe all the honourable members have two documents that my office provided to you last week. The first piece is an overview, a backgrounder, of national security and surveillance laws passed in several countries since 2001, and it shows how much the social and political terrain has shifted dramatically after 9/11.
I'd like to talk a bit about how privacy laws apply to national security agencies.
In the various cases you were reviewing, this application is all too clear. The men who became the subjects of the inquiries that you were studying, as we just heard, suffered terribly, but as well as all the other harms they endured, the first violation was to their privacy.
To begin with, as Mr. Cavalluzzo has quoted, Justice O'Connor noted that inaccurate and misleading intelligence about them was compiled. That means their personal information, in terms of the Privacy Act, was shared inappropriately. Finally, this information was used to justify their detention, deportation, and subsequent torture.
[Translation]
Privacy rights under Canadian law are not simply about who is allowed to collect information. Privacy laws also set out who is accountable for protecting that information, ensuring it is accurate and limiting its disclosure to third parties. The findings of the O'Connor and Iacobucci reports call into question the practices of Canadian security agencies in all these areas. Both reports underscore how critical it is for officials in these departments to properly manage the collection, validation, sharing and careful review of the exchange of personal information.
[English]
Commissioner Iacobucci concluded in his inquiry that inaccurate information was collected on the individuals in question, that inaccurate information was shared with other states, and that safeguards for these files were not properly observed. Misleading, inaccurate, or out-of-date information was kept on file and shared too broadly, with few or no caveats on the use of that intelligence.
Privacy practices in government must be better defined, and sensitive information must be protected. This has never been more urgent than in light of the national security challenges we face. To address this question, the second piece that we have provided to this committee presents our views on how oversight, privacy practices, and data protection in government could be improved.
[Translation]
While I have several suggestions for your consideration, if I can leave you with one over-arching message, it would be this—in an era of networked intelligence and surveillance, Canada needs a networked approach to oversight and review. Proper oversight and accountability for national security provide a vital check for Canadians' privacy rights.
[English]
In our recent history, rights and security are often pitted one against another. Margaret Bloodworth, who was Canada's former national security adviser, noted this tension just prior to her recent retirement. She said that safeguarding the privacy rights of citizens while also securing their physical security is not simply a question for the Canadian intelligence community, it is the question. It is the question, the single greatest issue that they must confront. I'd also add that security and privacy are not, as we often say, mutually exclusive. We need not, nor should we not in Canada, trade one for the other.
[Translation]
As you have heard from other expert witnesses, a fundamental question for national security in the 21st century is data governance. In a fully wired, networked world, how does any organization exercise quality control and oversight? Given the complexity of inter-agency, inter-jurisdictional, international, inter-sector intelligence operations—who can exercise that level of global review?
[English]
A recent report from the Office of the Auditor General in March 2009 on intelligence and information sharing stressed this point, that review bodies “must look beyond individual agencies to reflect the integrated nature of national security activities”. These are the main points that I hoped to raise in our submission.
Now I'll just take you quickly through the recommendations. There are seven of them.
First of all, we recommend adopting an integrated approach to security review that allows for more coordination and more cooperation on investigations and reports across the system. This is the network approach recommended by Justice O'Connor. In my experience and in the experience of my office, this has worked to great effect. We do joint investigations with provincial privacy commissioners' offices. We do collaborative reporting with the Office of the Auditor General, for example. All of the review community, in my opinion, could benefit from similar powers.
Second, I think we have to address the privacy practices within security agencies. The approach of departments and agencies to information sharing and data management has to change. Without proper attention to internal controls, new layers of oversight will not address front-line problems. Enhanced training around the theory and the practice of privacy, fair information practices, and data protection could affect great change here.
Third, appoint chief privacy officers across the government, but in particular for departments and agencies where collection of sensitive personal information is widely required by their mandate.
Fourth, provide the Commission for Public Complaints Against the RCMP with the resources and legal authority required to exercise more meaningful review. I believe Mr. Cavalluzzo has spoken quite completely to this question.
Fifth, request that the Treasury Board and ministers issue new policy requirements for departments and agencies on privacy. Robust information-sharing agreements through privacy impact assessments, well-developed privacy directions, and guidance must become part of how these organizations operate. We cannot have the informal, unstructured, and basically ungrounded sharing of information anymore.
[Translation]
Six, reform—as I have said before several other committees of the House of Commons—the Privacy Act, which dates back to 1983. In light of all that we have learned, I believe government departments must be held to a higher standard of privacy protection, information handling and data protection. I have recently put forward 10 “quick fixes“ for government's consideration which could tighten controls on international information sharing, require departments to test the necessity of the information they collect and allow the Federal Court a wider role in reviewing violations of the act.
[English]
Seventh and finally, we urge Parliament to increase the resources and involvement of this House committee and its counterpart in the Senate. These bodies can provide active oversight of national security agencies and their operations. By pooling expertise, coordinating reviews, and sharing information, existing mechanisms for parliamentary review could be augmented.
Briefly, Mr. Chairman, I'd like to leave you with a few final thoughts.
While Canada's system of review and oversight functioned throughout the 1980s and 1990s, the stresses on the system after 9/11 have become tragically apparent. This needs to be addressed. When networks of intelligence sharing are global, oversight cannot remain rigid and localized. While I recognize that there's no silver bullet fix given these complex issues, I'm also keenly aware that there are very real human consequences that spring from poor information handling and governance. My office deals with them daily through our complaints process.
Thank you very much, Mr. Chairman, for your time and consideration. My office staff and I would be happy to answer your questions.
And thank you, again, for being with us today.
With all due respect to my colleagues across the way, without wanting to get into a sermon, I wanted to quickly raise three points.
Despite having read the report...this report is simply not about sharing of information in general that may be government information; this is about sharing wrong information, misleading information, inaccurate information, and damaging information that has hurt people's lives. Recommendation after recommendation in Justice O'Connor's report is about people who are Canadians.
That falls into my second point, which is that not only are privacy and security not mutually exclusive, they're intimately bound together and cannot be released from each other. We are not safe if we do not have the ability to have our privacy protected. We have a false sense of security. It's not that they're possibly not mutually exclusive; they are absolutely entwined with each other or our Canadians are not safe.
That's the end of my sermon. Excuse me. Amen. I want to preach.
I'll get to my question. The bulk of this report is about privacy and information. The bulk of the recommendations have to do with information and inaccurate sharing of information. That puts us into the concept of labelling and what happens when people are labelled, which is bad enough, but when we share the labelling with either agencies within this country or, worse, outside this country with partners who are not dependable, we have a huge problem. And the report is very clear, in recommendation 5 I think it is, that the minister should be issuing ministerial directives to ensure that labelling does not take place by the RCMP or any of the other agencies that are involved in this.
Are you aware of any ministerial directives that have been released since 2006--we're now in 2009--since this report was issued?
It's funny, but at the very end, if I had had the time, I would have asked the question that my colleague just asked. Perhaps I could talk to you about this right now.
The O'Connor report does not contain any suggestions in this regard. Even so, there was a bill tabled by Ms. McLellan of the previous government, which was intended to set up this kind of committee. Since then, nothing has happened.
Concerning the questions from Mr. Oliphant, I think it is essential for us to categorize people that police officers are investigating. Be it investigations into organized crime or more of an investigation relating to national security, when the police suspect people, it is important for the other police forces to know that these people are under suspicion. Even if the police officers do not yet know whether the suspicions are justified or not, suspects must be categorized when criminal intelligence is being analyzed.
For example, we talked about persons of interest. In my opinion, Mr. Arar was one. However, there are thousands of people of interest who are not terrorists. If we met them under other circumstances, or if we observed them, we could verify if there was something else that could justify taking them from the "person of interest" category and placing them in the "suspect" category, or moving them from the "suspect" category to the “confirmed person" category or the "people we are sure of" category.
I would like to hear Ms. Stoddart's opinion on this. In my opinion, such categories should remain secret, because if the person has been put in the wrong category, and if we want investigations to go somewhere, we must not let people know that they have been slotted into a particular category and are under investigation. Such suspicions can be passed on to other countries or to agencies of other countries.
:
Thank you. I appreciate your being here today.
Obviously privacy issues are very important; privacy is one of the important rights that we as Canadians enjoy. Of course, we have to balance this right with others, such as the right to safety and security. I'm sure you're well aware of that. I appreciate the detail and the thought you've put into some of the recommendations you've brought forward to us today.
Of course, when we look at recommendations such as these, we always have to be mindful of the costs involved. When I say that, I talk about not only financial and logistical costs, but also the opportunity cost. As an example, for every minute that the RCMP spends on paperwork or ensuring that we're not unduly invading anyone's privacy, there is an opportunity cost to it; it gives away some of their time that could be spent investigating. We always have to be mindful to make sure we find the right balance.
That's where I want to go with my questions to you. I'm sure someone who has put as much thought and detail into recommendations as you has certainly thought about those logistics and the costs, including opportunity costs, involved.
I will point to just a few of the recommendations in your report: talking about requiring within security agencies enhanced training around the theory and practice of privacy; appointing chief privacy officers across government; providing the Commission for Public Complaints Against the RCMP with the resources required to deal with privacy issues; talking about the Treasury Board and ministers issuing new policy requirements for their departments, especially around thorough privacy impact assessments; talking about increasing the resources of committees such as this one and the Senate committee. These things all have costs, be they financial costs or opportunity costs.
I'm wondering how much thought you have put into what kind of new resources would be required to implement these recommendations and how much these recommendations would cost, and whether you have thought about their implications in terms of balancing privacy with other activities that these bodies and agencies can and should be doing as well. Give me a bit of a sense as to what you see the cost here being, in terms of resources, finances, and also opportunity costs.