PROC Committee Meeting

    I call the meeting to order. We are here still on the order of reference of November 29, which is in regard to a question of privilege relating to a premature disclosure of a confidential report on the pre-budget consultations of the finance committee.

    Most of our first hour today will be with Ms. Karen Shepherd, the Commissioner of Lobbying. Thank you for coming and seeing us today, and thank you for getting to us this good powerpoint presentation. It gives me a great idea of what your job is and how it works. We may save some time today by having that with us.

    Committee, in the second hour we will have with us Louis Bard, the chief information officer. We'll be talking to him about some technological issues. Also, if we can, I'd like to save 15 minutes at the end of the meeting for some committee business. I'm going to suggest that we spend not quite an hour with each group of witnesses and save some time at the end.

    Ms. Shepherd, I understand you have an opening statement. If you would make that statement, as briefly as possible, and introduce the guest with you, we'll follow up with a round of questions.

    Good morning, Mr. Chair and members of the committee.

    I am pleased to be here today to discuss my investigative process. I'm accompanied by Mr. Bruce Bergen, my senior legal counsel.

    As Commissioner of Lobbying, my mandate is to maintain a registry to educate and to ensure compliance.

    My powers of investigation are set out in the Lobbying Act. I have the authority to investigate when I have reason to believe that an investigation is necessary to ensure compliance with the Act or the Lobbyists' Code of Conduct.

    I take all allegations of a breach of either the Lobbying Act or the Lobbyists' Code of Conduct seriously. I may choose to look into a matter as a result of a complaint. In addition, I may look into a matter on my own initiative.

    Allegations of breaches of the Lobbying Act are primarily linked to registrations, including failure to register as a lobbyist and failure to register within the time limits. Knowingly making false or misleading statements in a registration is also a contravention of the act.

    The Lobbyists' Code of Conduct was instituted in 1997 to assure Canadians that lobbying is done ethically and with the highest standards. Lobbyists may be in contravention of the code by breaching either a principle or a rule.

    When I become aware of an alleged breach of the act or the code, I must determine what actually happened. I open an administrative review, which is the fact-gathering portion of the investigative process. This process is intended to provide me with sufficient information to determine whether I should pursue the matter by initiating a formal investigation or if an alternate course of action is preferable.

    An administrative review can lead to one of four possible outcomes.

     First, I may decide to close the review because the allegation is not well founded. An allegation may not be well founded if the activity was not a registrable communication or was not undertaken for payment. In these cases, I advise the subject and the complainant of the outcome in a letter.

    Second, I may decide to close an administrative review even though the allegation is well founded. In these cases, the appropriate measures may be to educate the subject or to request a correction of the Registry of Lobbyists. These files are subject to further monitoring.

    Third, I can initiate a formal investigation if I have reason to believe that an investigation is necessary to ensure compliance with the act or the code. Once an investigation is initiated, I can summon witnesses to give evidence and I can compel the production of documents. To date, my experience is that witnesses are cooperating and responding to our inquiries, and I have not had to use these powers. Since July 2008, I have initiated eight investigations.

    Finally, if I have reasonable grounds to believe that an offence has been committed under the Lobbying Act or any other act of Parliament, I must refer the matter to a peace officer. Since July 2008, I have referred six files to the RCMP. When I refer a file to the RCMP, the act instructs me to suspend my investigation until the matter has been dealt with.

    The Lobbying Act carries sanctions up to $200,000 and jail terms of up to two years. If a person is convicted, I can also prohibit the person from engaging in lobbying activities for up to two years.

    However, no charges have been laid to date under the Lobbying Act.

    If a file is returned to me by the RCMP, following consultation with the federal prosecutor, I may choose to resume the investigation of a possible breach of the Lobbyists' Code of Conduct if I have sufficient grounds to do so. The act requires that before tabling a report of investigation, I provide subjects of an investigation with an opportunity to present their views. To ensure due process, it is my policy to provide the person under investigation with a copy of the investigation director's report and give the person 30 days to respond.

    With the respect to the Lobbyists' Code of Conduct, I would like to point out that it is a non-statutory instrument, and it carries no fines or jail sentences. The act prescribes, however, that I table a report on investigations in both houses of Parliament to disclose my findings, conclusions, and reasons for those conclusions once the investigation into an alleged breach of the code is complete.

    I recently indicated that I plan to table a number of reports to Parliament before the end of this fiscal year.

    At my December 14 appearance before the Standing Committee on Access to Information, Privacy and Ethics, I stated that I would look into the matter of the five lobbyists who received a confidential document from an MP's staff. I would like to confirm today that I am looking into the matter to see if a breach of the Lobbyists' Code of Conduct has occurred.

    The Lobbying Act requires that I conduct investigations in private. I therefore do not comment on matters that are before me.

    Mr. Chair, this concludes my remarks. I look forward to answering any questions you or the committee members may have.

    Thank you very much.

     Let's start with five-minute rounds and see if we can do two rounds in the period of time we have.

    Mr. Proulx, you're up first, if you would.

    Thank you, Mr. Chair.

    Good morning, and thank you, Ms. Shepherd.

    We're looking into this problem of an MP's assistant leaking a report, a draft report of the finance committee, to a lobbyist, of course. Former Conservative Hill staffer--and now lobbyist--Andy Gibbons testified that after receiving the leaked copy of the finance committee draft report, he shared relevant portions of it with his client, Merck Frosst. His e-mail to his client actually states, and I quote: Below is language from the confidential draft report which summarizes what witnesses said about vaccines.

    Would this, in your opinion, be a prima facie breach of the Lobbyists' Code of Conduct?

    Mr. Chair, as I indicated, I am currently looking at the matter. I would also like to state that I've been involved with this office and its predecessor since June 2004, and this is the first time that this particular issue of confidentiality has arisen. I'm taking this matter quite seriously.

     I'm currently...actually, I think I indicated on the fourteenth that I would look into it. On the fifteenth, I opened my administrative review, which is my fact-finding stage. Part of that is to verify all of the information that has come out and to gather evidence that we have heard so that my investigative team will then assess all of the elements and look at all of the code's.... As I indicated in my opening remarks, it's not just a breach of one of the rules that I will be looking at, but also whether a breach of one of the principles has occurred.

    Okay. So I understand from you--you've said it in your opening statement--that you are conducting an investigation.

    I am conducting the first stage, which is my administrative review process.

    Okay.

    In regard to another Conservative staffer lobbyist, Lynne Hamilton's communications log shows that in spite of her being listed as one of Ottawa's top 100 lobbyists for the last three years and having a substantial list of recognizable high-profile clients for the year 2010, she shows only one communication with a designated public office holder. In 2009, she only had four contacts, and in 2008, three.

    Do you, Commissioner, take any steps to monitor whether or not the monthly communications reports are in any way consistent with the reports of other lobbyists?

    In terms of verifying the monthly reports, we verify roughly 5% a month. You can imagine now that MPs have been included...the last in October, I think it was reported that it was around 1,600.

    A voice: A month.

    Mrs. Karen Shepherd: Yes: a month. Thank you.

    So we are verifying with the designated public office holders in terms of the verifications of what has actually been reported.

     Okay.

    Mr. Ullyatt indicated in evidence that he was seeking an exemption from his five-year prohibition from lobbying and was expecting a letter from your office in this regard, Mrs. Shepherd. Did you receive such a request from Mr. Ullyatt? And if so, what response was he given or will he be given?

    There are two ways that an individual can be subject to a five-year prohibition. I've been asked this question in a previous committee in terms of privacy of information, but maybe I can answer the question another way.

    For individuals who are subject to the five-year prohibition, if they were designated under the conflict of interest and post-employment code—if they were exempt staff in a minister's office—and if they left prior to the Lobbying Act coming into force, they were subject to this five-year prohibition, to which there was no possibility of being granted an exemption. So depending on when an individual would have left, they could not have requested an exemption. What that means is that they would be prohibited from lobbying from the date they left office in terms of acting as a consultant lobbyist, an in-house organization lobbyist, or an in-house corporation lobbyist.

    When the Lobbying Act came into force in July 2008, it designated a number of individuals, and that would be those who worked in ministers' offices and their staff appointed under section 128 of the Public Service Employment Act. Those individuals may apply for an exemption, and as I said previously, I have taken a very strict view on that. I have only granted four, and the act requires that without undue delay I post the reasons for the four on the website. So if you were to check, the individual in question you're asking about is not on the website.

    Okay.

    Communications—

    The Chair: Okay, Mr. Proulx--

    Mr. Marcel Proulx: Am I done already?

    You are.

    I had seven minutes--

    I know, and it was exciting. I went five on this one, I'm sorry.

    We're at five. I see.

    I'm very sorry.

     Well, not truly, but....

    Voices: Oh, oh!

    The Chair: Mr. Lukiwski.

    Thank you, Ms. Shepherd, for being here.

    I understand completely the fact that because you have ongoing investigations, there is certain information on the particular lobbyist in question that you can't answer. I appreciate that, so I'll try to keep my comments general in terms and hopefully you can answer the generalities.

    If a lobbyist were to receive a piece of confidential information, under the part where lobbyists have to register their contact with public office holders, is there any obligation on the part of the lobbyist to report receiving such confidential information? In other words, I know that lobbyists, when they initiate a contact with a public office holder, have to register it.

    Right.

    What happens in the case, generally speaking, if a lobbyist were to receive a piece of confidential information from either a public office holder or one who is not a public office holder, but it was a government document? Are they required or obligated under the act to report such a transaction?

    As I indicated, while I appreciate the attempt to generalize, this is the first time this issue has come up since I've been with the office and its predecessor. That is one of the points in looking at the code that I will be addressing, and when I am issuing something on this, it will be one of the points that I will bring out at that point.

    So is it fair to say, then—

    I'm looking at it.

    I understand that it's the first time and I appreciate that. I'm just wondering, currently under the code of conduct, are you saying that this is ambiguous, that it's really not defined within the code of conduct and you're going to be making a determination? In other words, you will be setting a precedent...?

    Because there has not been anything on this particular issue before, I believe so, yes.

     All right.

    Let me ask you this, and correct me if I'm—

    Oh, I'm sorry, Mr. Bergen. Did you have...?

    Setting aside the code of conduct, there is a question, I guess, about whether something is a registrable activity. Merely receiving a document would not necessarily be a registrable activity because there is no communication by the lobbyist. That's if we look at the act, right? So....

    Well, again, let's have another hypothetical. When you say there is no contact from the lobbyist, that they just received a confidential document, what would happen in the case of a lobbyist who actually acknowledged receipt of the document?

    That doesn't seem very hypothetical.

    Voices: Oh, oh!

     Well, I'm trying to.... I mean, we're examining a question of breach of privilege here, and I know that you're constrained because an investigation is ongoing. We're trying to get a sense of which actions on behalf of of both the lobbyist we questioned before and Mr. Ullyatt, quite frankly, have maybe contravened the code of conduct.

    So I'm just asking you again, hypothetically or in general terms, if a lobbyist received a piece of confidential information without asking for it--they just received it--but then they responded to the sender acknowledging that they had received it, would that be in conflict with the code?

    Would you like to address that, Commissioner?

    As I've said, and the difficulty, I guess.... I'm trying to be forthright with the committee as much as I can be--

    Mr. Tom Lukiwski: I understand.

    Mrs. Karen Shepherd: --but I'm also trying not to prejudge where I may come out on this case. I can't say.... Unlike the conflict of interest rule, for example, for which there have not only been a number of complaints filed over the years, but for which there's actually case law now, since 2009, there hasn't been anything here.

    So prejudging where I may see this in terms of either a principle or a rule is one of the things I'm trying to determine in terms of the actual facts of the case. The allegations you're bringing up, or that the committee is bringing up and looking at, I think are serious enough that without hesitation I opened an administrative review, because I thought I needed to look at this particular issue.

    I have two other quick questions.

    How much time do I have left, Mr. Chair?

    The Chair: You have 40 or 45 seconds.

    Mr. Tom Lukiwski: Mr. Ullyatt was a member of a backbench MP's staff, so he was not designated as a...not considered, at least, to be a public office holder.

    Mr. Bruce Bergen: A designated--

    Mr. Tom Lukiwski: Not a designated public office holder.

    Mr. Bruce Bergen: Right.

    Mr. Tom Lukiwski: Does that have any impact on whether the lobbyist should register any contact with Mr. Ullyatt? He's not a designated public office holder, so if lobbyists have contact with someone like Mr. Ullyatt, do they have to register that? Do they have to notify your office that they're having that communication?

    If Mr. Ullyatt were a public office holder, as Mr. Bergen was indicating earlier, it might require an initial registration, depending on the subject matter of the discussion. But there would not be a monthly communication report, because in the position he was in with--

    Yes. What I'm trying to get at here is that we have a situation where--

    Your time is up.

    Thank you.

    I'll get back to you on the second round.

    Maybe someone else will help you get that same answer.

    Madame DeBellefeuille, it is your turn, please. You have five minutes.

    Thank you, Mr. Chair.

    Thank you for being here, Ms. Shepherd.

    From the answers you have given my colleagues, the subject you are currently investigating is a precedent. It has never been done. You are looking for a way to handle it with the tools you have, including law enforcement.

    If I am not mistaken, the Lobbying Act is going to be reviewed in another committee.

    Could you tell us whether, at present, you anticipate amendments or changes to the Act that would enable you to intervene in a case like the one we have in front of us today, to identify and analyze it better?

    We are doing a study on the Lobbyists' Code of Conduct. It came into effect in 1997. I think that when the code is reviewed, I will see that it may be time to hold consultations to improve it or change it.

    That being said, it is not something that will be happening before the Act is reviewed. It is something I would like to do afterward, because I can't hold consultations at the same time as a review of the Act.

    I would like to add: the Act was amended in 2008. The section of the Act dealing with investigations by the Commissioner was changed at the same time. It now provides that the Commissioner could conduct an investigation if she believed it was necessary to ensure compliance with the Lobbyists' Code of Conduct and the Act. Formerly, before July 2008, the powers of investigation applied only to the Code. The Commissioner's powers were broadened in 2008.

    I have no other questions.

    Thank you, Mr. Chair.

    Mr. Mulcair.

    Thank you, Mr. Chair.

    Good morning and welcome, Ms. Shepherd, Mr. Bergen. It's a pleasure to see you again.

    I would like to start where my colleague Mr. Proulx left off. I will invite you to explain your approach in greater detail in relation to the surveys you can give. I would compare one aspect of your work to what an auditor does, someone who has to have a degree of expertise to see whether the figures presented are plausible or not.

    I will go back to Mr. Proulx's example. Ms. Hamilton worked as a full-time lobbyist and made a very good living. She said she engaged in lobbying activities once or twice a year. An auditor would use a survey technique. Not a survey like CROP or Léger does, but a survey in the accounting sense. To see whether the information given is plausible.

    I respectfully submit, since this is your field and not mine, that it is not plausible that a person could earn a good living as a full-time lobbyist, that she could be regarded as one of the best and most active lobbyists, and that she would declare only a few lobbying activities in a year.

    What investigative techniques do you have for doing these surveys, an audit? How do you exercise oversight in this regard?

    Myself, I'm just gobsmacked when I see these statistics.

    In a monthly report to the Commissioner, a lobbyist should indicate the communications they have had with a designated public office holder. It is very possible there is a lot of lobbying with public office holders that is not reported monthly because there is no requirement in that regard. It is very possible that the lobbyist communicates with a lot of directors, directors general or other policy officers. This kind of communication requires that the lobbyist register as such to start with, because there are a lot of communications between a public office holder and...

    So what is missing is the ongoing obligation.

    That may be something that can be changed in the Act, if there is thought to be a problem with the monthly reports that show all communications with all public office holders.

    That being said, honestly, I don't know whether it will be transparent to put all this information in the system. It's a question that will be raised in the review of the Act.

    If it's a system question, we will help you and equip you with a system capable of taking this kind of information, Ms. Shepherd.

    Staying with the theme of the plausibility—not the truth—of what we hear when we meet with lobbyists. I know that Mr. Bergen has undoubtedly reviewed all the transcripts. What they tried to tell us was hilarious. They told us they had seen the document, but they never got as far as the passage where it said "confidential". What they told us was really just any old thing. A whole string of witnesses testified about this.

    If I am not mistaken, you will be able to place them under oath?

    Can you repeat that?

    Are you going to be able to swear them as witnesses?

    Yes, to subpoena them as witnesses.

    And once that is done, you will be entitled...

    If we conduct an investigation...

    My question was, are you are able to compel them to testify under oath? That was my question.

    If I initiate an investigation, yes.

    Do you have a polygraph?

    Voices: Oh, oh!

    No.

    You might be needing one. We've met them.

    I am finished, Mr. Chair. I will wait for the next round.

    Thank you.

    Madam Jennings, it's your turn again. It's great to have you back here today.

    It's lovely to be back, Chair.

    Thank you, Ms. Shepherd, Mr. Bergen.

    I'm going to follow my colleague Mr. Proulx's line of questioning as well. Mr. Ullyatt was fired for his part in the leaking of the confidential draft finance report, whereas the lobbyists who received the report and, in some cases, according to the testimony, used the report or parts thereof for the benefit of their clients, may not face any repercussions. Do you think this is fair?

    Again, as I've said, I'm repeating myself, but I am looking into the matter, and those are issues that I will be seriously looking at.

    Very good.

    Do you believe, Madam Shepherd, that you have enough resources to conduct in a timely manner the investigations that you undertake in the course of your work?

    I'm quite pleased with the team I have right now. One of the things over the last couple of years was building capacity and refining processes, and I have an excellent team in terms of the director of investigations and investigators. This is one of the files that I see as a priority, so we will be working on it as timely as we can....

    I mean, part of the problem that we sometimes run into is that when we're requesting information we need to get information back in a timely fashion from those as well, so if we're waiting for information to come in.... I mean, sometimes the length is what takes time, even in these fact-finding investigation...it's how available the witnesses are or how fast people respond to our written requests for information.

    Thank you.

    One of my colleagues--I believe it was Mr. Lukiwski--talked about testimony in other committees. I'd like to touch on that.

    You stated in another committee that the crown seems to have a very “high threshold” when it comes to laying charges under the lobbyists act and, as a result, prosecutions have not been commenced in 10 of the 11 cases referred to the RCMP since 2005. One case is still with the RCMP for consideration and, according to your testimony, no lobbyist has ever been convicted under the act.

     Would you, with your expert opinion, conclude that this means that possibly the enforcement provisions of the act are inadequate? Or do you believe the enforcement provisions of the act are fine, notwithstanding the testimony you gave to the fact of there being no prosecutions?

    Actually, at my December 14 appearance, because the act is under review I indicated one of the things I think would be beneficial. Right now, if I find reasonable grounds to believe something, I'm obliged to send it to the Royal Canadian Mounted Police. But it might be beneficial to have administrative monetary penalties that I could post, with hopefully then the ability to actually post the names, because I think that would be a fairly effective deterrent.

    In terms of the Lobbyists' Code of Conduct, there are no sanctions in terms of fines or jail terms, but there is a report to Parliament. When you think that the lobbyist's name and reputation are important, a report to Parliament might negatively impact the lobbyist's ability to gain clients or employment. As you may know, we were in court with one lobbyist who was fighting to have the reports taken out of Parliament because, he was claiming, it was affecting his business. So I think that's an effective deterrent.

    Do you think that's the only deterrent? Because as you've just stated in regard to breaches of the Lobbyists' Code of Conduct, you don't have any fines and you don't have any prison sentences or incarceration sentences. The only thing that is within your authority and duty is to file a report with Parliament in which you may name the lobbyist who has, in your opinion, breached the code of conduct.

     Wouldn't it be fair to say that notwithstanding this one case in the court, a lot of lobbyists would see the authority and powers of the lobbyist commissioner to enforce the code of conduct as a paper tiger?

    If I understand correctly, the suggestion is whether penalties for the Lobbyists' Code of Conduct might be beneficial as well?

    Yes.

    I think that's something I would like to examine. It becomes a question as to the purpose of the Lobbyists' Code of Conduct, which is to ensure that communications are being done ethically and at the highest standards. My concern was whether we're looking at their being corrective or punitive, and that would be something I'd like to consider further.

    Thank you.

    My time is up, according to the chair, and I have to believe him.

    Voices: Oh, oh!

    Mr. Lukiwski, did you want to finish where you were at?

    I think I'll cede some of my time to my colleague, Mr. Young, who has a question or two. If there's time left over, I will certainly--

    Certainly.

    Mr. Young.

    Thank you.

    Thank you, Madam Shepherd, for coming here today.

    I worked as a lobbyist in Ontario for a number of years when I left the provincial parliament. Occasionally I had to make some actions for a client who might have a federal issue, although it was very rare, and when I saw the new act in 2006, I was pleasantly surprised, in fact, at how tough the Lobbying Act was. I had to help train some people who were calling themselves lobbyists, and who wanted to lobby in Ottawa, on what they should actually be doing.

    The best example for me is that anyone who has met with a designated public office holder and does not report that by the fifteenth of the next month could be subject to a fine of up to $200,000 and six months in jail, which I think is very tough, and appropriately tough.

    Compared to the acts in the provinces and in fact similar acts in other jurisdictions--perhaps the United States, the U.K., or France--how does our Lobbying Act compare in being tough and dealing with the actions of lobbyists?

    Some of the provinces have the ability, although they haven't done so yet, to issue monetary penalties, but in terms of the requirement to file monthly reports, we are the only ones that are doing that at the federal level in terms of designated public office holders. There are a lot of requirements in terms of filing. We have taken out of the legislation communicating “in an attempt to influence”, which captures a lot more people than some of my provincial colleagues, for example, where that is still in the legislation.

    With regard to actually being required by law to report an oral communication--

    “Oral and arranged”, yes.

    --that is to me the highest standard. So lobbyists actually.... If you run into somebody in a restaurant or something, you don't have to report that, which is reasonable, but if you have a telephone conversation or if you meet with a designated public office holder, you have to report even the conversation. How does that compare to other jurisdictions?

    In Canada, we're the only ones who actually have that.

    And are you familiar with other jurisdictions?

    In the United States, I think they name, but they don't have that same level of reporting oral and arranged communications on a monthly basis.

    Thank you.

    Thank you, Mr. Chair.

    Mr. Lukiwski, did you have anything else?

    Thanks.

    I have a couple of questions. I'll ask the latter one first.

    Again, this is all supposition, but you're now conducting an investigation on a case that's basically unprecedented. You mentioned that you've never really dealt with a case where confidential information has been forwarded to a lobbyist. We're all obviously going to be awaiting the results of your investigation. Is it normal when conducting an investigation...or in this case are you contemplating making recommendations in terms of perhaps changing the code of conduct, strengthening it if it needs to be strengthened and that type of thing?

     If you are basically going into uncharted waters, whatever the results are, would you be prepared to come back, either to this committee or to Parliament, and make recommendations on what may need to be done to prevent this type of thing from happening again or to at least put in some further sanctions if actions similar to that ever occur in the future?

    I guess the short answer would be yes. Given the situation, if for some reason I find no breach because of the rules that currently exist, I would be prepared to come back if I think there is a need to make changes based on what I find.

    You can have a little short question, if you want to.

    If it has to be short, perhaps I'll pass to the next round.

    Now we're picky about the length--

    Voices: Oh, oh!

    The Chair: Monsieur Paquette.

    Thank you, Mr. Chair.

    Thank you for being here.

    I am going to summarize what I have understood from your answers to various questions.

    You are conducting an investigation into the situation where confidential documents were sent out by a member's employee to lobbyists who were able to use them. In fact, they even admitted to us, in some cases, that they did use them. In the investigation you are currently conducting, you are trying to determine whether there is a connection between what happened and the Lobbyists' Code of Conduct.

    So you are not yet at the stage where you are trying to establish the facts to see whether there was a breach of the Code. Rather, you are trying to understand whether, in the Code, there might be something to get hold of, for a more in-depth investigation.

    Have I understood correctly?

    The first step before deciding to initiate an investigation is an administrative review. I was in the process of doing an administrative review of the situation. I think you saw in my remarks that I said there may be four possible outcomes. One possible outcome, in this case, because we have five lobbyists, is that I would decide to conduct one or five investigations when I conclude my administrative review. At this stage, I cannot foresee whether I will have one or more than one about this.

    I would like to take advantage of your presence to improve my very rudimentary knowledge of the Lobbying Act. A number of public relations firms that I know register only one lobbyist from their team. In that situation, if a lobbyist was convicted and banned for five years, would the firm have some liability or would it be penalized in some way or another, or is it rather really an individual responsibility?

    The five-year ban applies to the lobbyist. It's possible for a person to whom the five-year ban applies to work for a lobbying firm, but not to do lobbying. So if someone works for a lobbying firm somewhere and doesn't do lobbying, but, for example, provides strategic information or does research or something else, it doesn't apply. The five-year ban applies only to the lobbying activity.

    We would have to think about that, because there may be incentives from the lobbyist's employer to violate the Code.

    I have one last question. Once again, it is out of curiosity. Some organizations like unions and churches are not required to register as lobbyists, even though they advocate for a certain vision of society and try to influence members and government ministers to have decisions go in one direction or another. I wanted to know whether this is in fact the case.

    Honestly, it depends, because some unions are registered.

    Are there any churches that are registered?

    Honestly, I would have to check. But if churches make lobbying a significant part of their functions, I think...

    I say this because a report was broadcast yesterday on this issue. It talked about an organization called My Canada, which is made up of young evangelists whose sole mission is to influence federal policies to suit their values. Would they have to register as lobbyists?

    There are volunteers who do lobbying. The law requires that if a person doing lobbying is paid, it is communication that has to be registered. For not-for-profit organizations or corporations, there is another criterion: whether it is a significant part of their functions.

    Right. Thank you.

    Thank you.

    Mr. Mulcair.

    Thank you, Mr. Chair.

    Very quickly, I would like to know whether an email returned to a public office holder amounts to a communication.

    Yes, if it is a communication with a public office holder.

    Thank you.

    As well, you do your work with us, as parliamentarians, and you honour us with your presence here and by explaining your job to us. When you met with the New Democratic Party caucus, you used the expression "practical examples" to describe the best way of looking at the Act from the practice point of view. That lines up very well with the work we are doing here today. Apart from our interest in your job, we have to determine, with regard to Mr. Ullyatt passing on confidential pre-budget information that he was not entitled to pass on, which has been admitted, whether there was reasonably diligent oversight of his work.

    We now have to look at the precedents in parliaments on the British model: Australia, New Zealand, and of course England. Mr. Lukiwski rightly said that we are awaiting the results of your investigation, in the sense that we are eager to know them, but this committee's work does not depend on your study. Properly speaking, we do not need to wait for your work, to do our own.

    In terms of best practices, or, to use your term, exemplary practices, are there things a reasonably diligent parliamentarian should do in terms of their staff, when it comes to communications with lobbyists? I would like to know what methods you recommend so we can be sure that the communication, whether by email or otherwise, is registered. As elected representatives, we have a duty to report. But you told us earlier that there were best practices in this regard. Would you be so kind as to tell the committee what they are?

    You asked me whether a written communication about a change to an act or a program, for example, could be considered to be a lobbying activity for which the person must register. I want to clarify that it is not necessary to make a monthly report if it is a written communication. However, it must be done if it is an oral communication and was organized in advance.

    My question wasn't about what came before, but about what comes after. I was trying to determine, with you, what the duties of elected members are. That is what I would like you to talk to the committee about. You spoke earlier about exemplary practices, about what has to be done to reflect that.

    Can you tell the committee what you explained to us earlier about exemplary practices?

    In the cases where you wonder whether someone is a lobbyist, you can ask them whether they know that lobbying legislation applies, and if so, whether they are in compliance. That is the exemplary practice I was talking about. I think you can use the same approach before a meeting, if it is an oral communication, or if you have questions about written information.

    On these exemplary practices, I have two questions.

    Have you set them down in writing?

    You want to know whether I have communicated them to a party in the past? No.

     Have you ever set them down in writing?

    No, not yet. I had misunderstood the question.

    Would you be so kind as to do so for this committee? You explained, in relation to meetings, what you consider to be exemplary practices. I would very much appreciate it if you would tell us what you consider to be exemplary practices for elected representatives. In the case at hand, we would not have to refer to our own notes about your last presentation and the one today. It might be very useful in the work we have to do on this committee. We are having to judge a fact situation, quite simply. It would help us a lot in this context.

    Right. I can do that.

    Thank you very much for your help, Madam Commissioner.

    Mr. Bergen?

    I just want to mention that it may take the form of an opinion of the Commissioner.

    I will let you decide the procedural questions. For our part, we are interested in knowing how to apply what you consider to be exemplary practices in a fact situation. It is a fact situation that we are dealing with. There was an unlawful communication. We want to know whether reasonable precautions were taken when Mr. Ullyatt was hired and trained.

    The precedents I alluded to are on all fours with what this committee has to do. You could help us formulate the recommendations we will eventually make. There are two kinds of recommendations: a preventive recommendation, which relates to the future, but also a recommendation that would help to assess this fact situation that we have before us.

    Thank you, Mr. Chair.

     Thank you very much.

    We'll do just a very quick short round. We have a little bit of time and we're still waiting on the Clerk and Monsieur Bard.

    Mr. Andrews, it's good to have you here today.

    Thank you. It's a pleasure to be here.

    Three minutes, I think, will work.

    I have a couple of quick questions.

    We heard testimony that a Conservative Party supporter, Mr. Tim Egan of the Canadian Gas Association, colluded with Mr. Ullyatt to provide member of Parliament Kelly Block with a softball question to Mr. Egan during the finance committee's pre-budget consultations.

    Ms. Shepherd, do you consider such actions as these actions ethical?

    Relevance, Mr. Chair...?

    It's a matter of lobbyist interaction between—

    Let's see how the answer goes.

    On a point of order, Mr. Chair, think that's unfair to ask, because it's beyond the scope--

    That's exactly where I was heading with it, but Ms. Shepherd's been doing a great job of doing the deflecting today on what--

    Voices: Oh, oh!

    The Chair: So far be it from the Chair to practice his own skill at it when the witness is doing so well at it.

    If you can go around the edge of that one, give it a shot.

    I'm not sure, to be honest, how to go around the edge of that one.

    There you go.

    Mr. Andrews, try the next one.

    Well, let me try something a little different.

    If a lobbyist had prior knowledge that a privileged document was going to be sent to him and was encouraging that behaviour, would that be considered ethical?

    Again, Mr. Chair, this goes back.... As I've said, I'm looking at the matter and I need to determine what actually happened. This is one of the reasons why I said I'm not prejudging myself or the administrative review that my staff is currently doing.

    It's a hypothetical.

    It's not.... It's too close to the actual situation to be a hypothetical.

    Your investigation into the lobbying-related activities of Rahim Jaffer is almost 10 months old. We appreciate that this is a long process, but this seems like a long period of time. When can we expect that report to be tabled for Parliament?

    As I said at my December 14 appearance, in that particular situation I have officially opened an investigation because I believe it's sufficiently in the public interest. But no matter what my findings are in that case, I will table a report to both houses of Parliament--

    You said earlier that you were going to table the reports by the end of the fiscal year. Is this one of them?

    I'm not going to state what I will be tabling, but stay tuned.

    Voices: Oh, oh!

    And you are quite a ways from what our study is today, so I caution you to try to bring it back to where we are.

    Okay.

    Well, the chair of the finance committee sent a letter to this committee on January 31 indicating that Ms. Block, without permission, had sent a copy of the draft report on pre-budget consultations. Are you at present investigating the activity of the lobbyists who received that report?

    We're talking about the financial report.... I indicated during my opening remarks that I'm looking into the situation of the five lobbyists.

    Of the five? Okay.

     Thank you.

    Very good.

    Does anyone have any other one-offs? If not, we will excuse our witnesses with our thanks.

     You did a good job today. Thank you for coming and sharing with us. I feel better. I understand a little more about what you do, and when you can talk about it specifically, I'll be anxious to read the report.

    Ms. Shepherd, this committee also has been asked to look for ways of securing documents. I recognize that it's outside the scope of your responsibility, but as you run into this and research this, if at the end of the day you also find other methods for us to be able to keep secret documents secret, I'd love it if you would also share that with this committee.

    If I find something that could be helpful, I would be pleased to.

    Thank you for coming today.

    We will suspend for a couple of minutes while we get our other witnesses in.

     I'll call the meeting back to order, please. We have our second group of helpers here today.

    Madam O'Brien, it's always great to have you here.

    Monsieur Bard, it's always great to have you too.

    As you know, we're here studying the order of reference on the breach of privilege on the leaked confidential document.

     We're hoping, Monsieur Bard, that you can help us today with perhaps some methods to prevent this from happening again--some remedies, if you will.

     I don't know if either of you has an opening statement or if you'd like to just get to questions of witnesses.

    I just have a few brief comments to make and then we can get straight into questions, if that's okay.

    That would be great. I'm at your will. Please go ahead.

    Thank you, Mr. Chair.

     We're very pleased to be here today to be able to answer the questions of the committee relating to this very important issue. I don't have an actual formal opening statement, but I simply do want to emphasize that the environment that we are working in, from the point of view of technology, is basically a business application environment. Virtually the primary competence of an MP is communication and so everything we do is to facilitate that rather than just sort of have a kind of lockdown. So that's an important consideration.

    When last we appeared before you, the CIO, Louis Bard, was explaining that there are really three components when you look at this kind of situation. There's the technology. There are the actual procedures around the technology. And then there are the people. As I say, the technology we have is a business application environment, so it's not the kind of thing that is set up for encryption and “top secret” and so forth and so on, but we do have procedures within this environment that I think adequately respond to the need for confidentiality and for great care in dealing with sensitive documents.

    The difficulty that we run into, and Monsieur Bard made that point

when we appeared before the committee the last time is that some people are not concerned about established procedures. If a cover page clearly says "confidential" and someone chooses to pay no attention to that warning and not be concerned about the confidentiality of the document in question, we are really in a bind.

    We saw with the WikiLeaks, on a far larger scale and in a quite different sort of situation, the fact that people get around even the most sophisticated of technologies and of procedures. So the whole question of people is very important, and Louis is going to be in a position to answer, I think, the questions you have about certain characteristics of the way we do the documents that would assist committees.

     I think one of the basic things we're hoping will come out of this discussion with the committee is that we would recommend that each committee, once it gets to the point of looking at drafting a report, take the time to step back and have a reflection on what the risks are if the report is leaked. This will differ from one study to another. There are certain things that are highly sensitive. There are others where, for instance, in the study of a bill, all of the sessions have been public as the witnesses have been heard and whatnot, so the report still technically is confidential until it's presented in the House, potentially, but at the same time, people are quite well aware of how the discussion is going.

    In something like pre-budget consultations, where there is this level of sensitivity, then there might be some use for the committee to stand back. I'm not suggesting that they didn't do that adequately; they were faced with a different sort of situation. But if they stood back and looked at how much security or how many features of security they wanted to embed in the report that would nonetheless still meet their needs in terms of the facility of getting to the report and so forth, then we think that would be enormously helpful.

    It's more a question of raising awareness, but we are still vulnerable to people's decision not to be concerned, as I said, about the intention of the committees they are dealing with.

    That completes what I had to say. We are available to answer questions.

     Thank you.

    I did not share with you before we started that we're trying to finish up the portion that you're in today about 15 minutes before the top of the hour so that the committee can have some committee business time before that. So we're not throwing you out early, if it looks like that at the end.

    I'll hold my tongue. You know how I can ramble on.

    Voices: Oh, oh!

    Mr. Andrews, you're up first.

    Does Mr. Bard have an opening statement?

    Oh, sorry.

    Mr. Bard? No? Okay.

    My questions are for Mr. Bard.

    With regard to the issue of PINs that are commonly known on BlackBerrys here on the Hill, quite often these PIN messages between individuals are off the grid. They're off the record. They can't be traced. Is that a fact? Have you done any investigation on how to address that so that these communications can be tracked?

    You're absolutely correct. They are not tracked. There is no log of those. There's just enough when you do a PIN to PIN...there will be a short record, just enough to send it to the person who will receive the messages. But with all those messages, it's not a secure way of communicating. It's totally unsecure. You're totally avoiding the network, the environment, and the security features. Really, I would not encourage members to use PIN to PIN for very, very confidential or important types of business. It's not a proper vehicle for conducting your business if you don't want that to be on the open air. It's a very, very unsecure environment.

    So it also cannot be tracked when two individuals communicate using that type of communication.

    No. At this point, we have no mechanism to do that. When you do a PIN to PIN it goes directly to the BES environment--again, RIM's environment--and then there's no mechanism unless you decide to do so or to put one in place some mechanism, but again, you're putting a mechanism on something that is totally unsecure.

    Mr. Bard, there is software available out there to track PIN-to-PIN communications. Some financial institutions and government agencies do use this software to track this material, these communications. In a recent CIBC court case, these records were subpoenaed for that purpose. Why have we not, in the environment we are in--government--tracked these communications? Because it's an open forum for people to communicate that would circumvent any freedom of information or ATIP request.

    Well, when you're using PIN to PIN, you are avoiding completely the current environment. That means you're using cellular technology to be on the air, wherever you are, and then you're sending that message. It's the same thing if you lose that BlackBerry and somebody uses it and can communicate on your behalf using PIN to PIN. You're totally avoiding the basic rule of why you want to use that technology. PIN to PIN is good for messaging something that is not confidential. You don't want to transmit reports using PIN to PIN. There may be some software out there, but believe me, the PIN to PIN is a very unsafe and unsecure technology.

    But people do use this, and on the Hill it's common wisdom that if you use this type of communication, it will not be tracked. It's off the grid. Is that something that concerns you and should we be looking at the technology to be able to trace that?

    I have one other question. You can track SMS text messages, though...? You can retrieve those. Is that correct?

    That's correct--

    And that's also very unsecure?

    We have provided some caucuses on that point with a good explanation about mail communications, all the communications, and what is protected and what is not protected. I would be very pleased to send this to this committee, this particular documentation, but at the same time--and Madam O'Brien mentioned this--there are questions of responsibility and of what you intend to use for which purpose.

     If you want to use those technologies to really, really do your day-to-day business, then you are completely avoiding the security measures we have in place at the House of Commons. That's why the committees and members of Parliament have to be cognizant of what is available, what is not available, and how you want to use this technology.

     Whenever you are using PIN to PIN, you are using the cellular phone environment. How many of you call us and say, “Well, I'm on my cellular phone right now, so be careful on what you're telling me or what we're talking about”? PIN to PIN is exactly the same thing. If you believe that this technology could be the right one for you, then this is where you have to assess the risk of data technologies, but for me to tell you that using PIN to PIN using some software will be very secure, it's not...I can't tell you that. It's not.

    Yes, I get that, but my question was, shouldn't we be able to track that information on a server somewhere here in this building? Because it's available to us...and people are not all ethical when they use their communications, so....

    Only the members can really answer that because, again, we've been trying to provide an open platform for members of Parliament to operate in, one that respects your uniqueness and the way you are conducting your business. Therefore, there are vehicles in place that are very secure and very organized. We do logging; we do this and we do that. There are other areas where I think we give members flexibility. There is the fact that members may have an auxiliary cellular phone and may have a separate, outside Internet address and different computers that are personal. I mean, you are the judge of that. I'm not here to impose a discipline on you.

    If I may, Mr. Chairman, with regard to the question of being able to track, which I take it is what Mr. Andrews is particularly interested in, the kinds of logs we keep and so forth really are done...again, coming back to this business application support, it's a question of recovering for people who've lost things and want a record of them. It is to recover for the sender, for the MP's office or the research bureau or whoever, what they might have lost or what they might need for archival purposes.

    So the approach, in terms of archiving and whatnot, is not one of saying that we want to systematically have a record of every communication in the event that we want to go back and forensically trace who said what to whom when. That's not what it's about. The purpose of it is to recover for people who might have lost their original communication, and that's why we've never explored the idea of trying the software you were talking about to track PIN-to-PIN numbers. That's part of the flexibility we give members, and it's up to members to decide how they want to use it.

    Thank you, Mr. Andrews. You are past seven minutes.

    We'll go to Mr. Lukiwski, please.

    Thanks, Chair.

    Thank you both, Monsieur Bard and Madam O'Brien, for being here.

    One of the things we're trying to do or at least that I think is one of the primary objectives of this committee's study is to see if we can ensure that we can develop protocols that prevent this type of situation from happening in the future. My questions to you are along that line.

    Does the House currently have the technological capability to put any locks on confidential reports? By that, I mean to prevent a confidential report from being forwarded on to someone else or printed off.

    Yes, absolutely. Some committees have used those technologies already. A lot of things currently exist that can really facilitate a lot of that.

    I was explaining to Madam O'Brien earlier that at the preplanning stage for a report, the committee clerk, with the chair, and I suppose the committee members as well, decide on the format, the preparation, etc., okay? I think that's a very good vehicle because the committee has control of its report. I think we should really be working with the committee directorate to develop extra procedures, such as a set of questions we need to answer or ask at that point about securing the report.

    If the report is of a very confidential nature, well, you may decide that you will not distribute the report electronically but will prepare physical copies and use watermark technologies--you would add a unique identifier for each member of Parliament who has a copy of that report.

    You could also decide to password-protect this particular document. You can add properties, such as no copying and no printing, and so nobody can change a document.

    You can also decide, as an example, to keep the document on a répertoire somewhere, where you can only access it from your environment. Then you can apply all kinds of protection and security and not use the e-mail system to distribute the document.

    There are numbers of vehicles that are there today at your fingertips, I think, for the approach of taking that extra step at the preplanning stage of reports to address a lot of these questions, and in addition to that, when you make those decisions, what should be some reminders for the members. Because at the end of this, if you are making copies yourself in your offices, or if you are sending a report through a Hotmail account or through your PIN devices or some other mechanism, the members also have a very important role in terms of how to participate in protecting this environment. A lot of things already exist without any investment.

    You've mentioned that some committees are engaging in some of these protocols and practices right now. You've mentioned a number of safeguards, frankly, a few of them that I'm familiar with and some that I'm not. Would you be able to provide to this committee a list, whether they be suggestions or just protocols and procedures that already exist, that we may be able to examine? Because I think this committee would have the ability, then, to advise or perhaps even recommend to all standing committees that certain protocols and procedures be put in place for future use in dealing with confidential documents.

    But it would be very helpful, I believe, if we could get that information from you so that we don't have to either reinvent the wheel or invest a lot more money technologically to adapt to some of the security provisions we may want to take a look at. Would you then be able to produce such a report for our committee for our consideration?

    We'd be happy to provide that kind of written report to the committee. Yes, we could do that.

    Chair, based on that, I'm real happy. That's kind of what I was looking to get to begin with, so I'll cede my time to the next speaker.

    Thank you. That's very good. That's exactly what we're looking for.

    Madame DeBellefeuille.

    Thank you, Mr. Chair.

    I would like to thank our guests for being here. It is always a pleasure to have a meeting like this. We are always better informed after than we were before, particularly after hearing from a computer expert.

    Mr. Pierre Paquette: He thinks he's James Bond.

    Voices: Oh, oh!

    Mrs. Claude DeBellefeuille: The question of privilege this committee is examining is very important, it raises a lot of questions. In light of the testimony we have heard, we understand that an incompetent—if I may, somewhat crooked—assistant intentionally disobeyed the law and the rules of the game and sent this information to lobbyists. They must be biting their nails today for having a friendly, affectionate relationship with him, having a drink with him at the Rideau Club or attending the same church. Today they are in difficulty because they had a relationship with this person.

    When something that serious happens, the first reaction is always to ask what could have been done to prevent something like that from happening again. On the other hand, will that make parliamentarians' work more restrictive, through electronic and technological means, because a serious thing happened?

    I think we must not forget, in doing our analysis, that the consequence of the recommendations we make, for example concerning technological tools, must not be to impede or complicate our job. We must not suddenly transform our practices just because an ambitious and incompetent assistance made a monumental mistake. That is my first thought.

    As well, I know there are relatively simple computer techniques. For example, I recently received a report send by a Bloc Québécois member to another parliamentary committee with a password. So it was impossible to delete or change the document. She sent it to the clerk. The clerk was able to open it. She had it translated. The English translation was in DOC format, so all the English-speaking members had easy access to the text. Myself, the whip, I was not even able to open the file the clerk had sent me, because I didn't have the password.

    That made me think and say to myself that we have to be careful not to fall on our technological behinds, as we might say in Quebec, and thus make our work more difficult and more restrictive. If that's the case, we will probably not achieve the intended results, because there will always be a way of getting around it. We parliamentarians took an oath to abide by our rules. Our staff are supposed to know this. There will always be dishonest people.

    In light of that, Mr. Bard, do you really think the committee should make very restrictive recommendations about technological procedures, to avoid events like these happening again? Would you say, rather, that it was bad luck and we should not make rules and require tools that are too restrictive, for all House staff and members?

    Your comments are excellent. You understand the issue and what it means very well.

    The approach I recommend stresses prevention and awareness. There is already a lot of concern about the format and composition of the report, who is going to take part in it, but there are also questions about how to protect it and how to distribute it. Certainly in the Parliamentary Publications Directorate we have to have all sorts of procedures for agreeing on how the work is organized, to be able to provide the report in the proper way. There is excellent collaboration among all the committees, chairs, clerks and so on. I think you could make great progress by being more aware of the question of the sensitivity of the information. Starting from there, you could decide whether you want to adopt rules. Maybe yes, maybe no. The rules can be very simple; there are tools that are very simple. I don't think we have to make parliamentarians' lives difficult by installing all sorts of technologies that are going to prevent them from doing their jobs and take away a lot of flexibility.

    There is another factor I will mention, if I may. We in the House of Commons administration have to be subject to rules, to codes of ethics, to what is called the Acceptable Use Policy. When we use House resources, we have to be accountable. We also have to agree on how information is to be kept secure and on our powers when it comes to using that information.

    Certainly we have security policies for information technology. I understand that this is not the role of your committee, but perhaps, someday, members' employees should also be made accountable in terms of all these practices. It's another and much larger field. You're right, you have to be prudent, and not all committees or all situations call for action to be taken. You really need to take the time to consider the subject at the planning stage, and I'm sure that a lot of measures can be implemented, as needed.

    Your words are reassuring, because admittedly reports are not confidential to the same degree. Why lock ourselves into restrictive technologies on all our committees? Your comments are reassuring and I hope they will influence all of my colleagues to focus on prevention and awareness. We have to remember our duties as members of Parliament and also remind our assistants of them. We have a code of ethics and we have rules. We have to hire people who will abide by them, and as members we have to make it our duty to remind our staff.

    Thank you, Madame DeBellefeuille.

    Mr. Mulcair.

    Thank you, Mr. Chair.

    I am going to continue what Mrs. DeBellefeuille started, because my questions are about the same thing. She referred to the responsibilities of a reasonably diligent member of the House of Commons. That is what the committee must decide, ultimately. It must decide whether the necessary precautions were taken. Part of our discussion today will be useful in future. There is a retrospective aspect,and also a retroactive aspect that we have to consider, which is what happened in the case of Kelly Brock.

    I have a question for you, Mr. Bard. Are there techniques that can be used to determine whether or not a file has been opened after it was sent? Do those techniques apply here?

    Should we get involved in techniques to be used after the fact or should we really try to prevent a situation? It's a lot easier to incorporate properties into a document to make sure it will not be altered or distributed, but after it is sent, it becomes more difficult to control it.

    As Ms. O'Brien said, the entire structure here is designed to maintain your security, and at the same time to guarantee that your information will not be lost and that it can be located. If something happens and you lose your data, we have to be able to restore it to enable you to continue working.

    To answer your question, the emphasis is really not placed on what can be done after the fact.

    Is there a technical method of including a digital tattoo in an electronic document?

    Yes.

    Conversely, if it were discovered that there was a confidential document from the Standing Committee on Finance in Lobbyist X's office, would there be a way of having a digital tattoo that identifies the copy of a particular member? Is such a technique possible?

    There is the whole watermark technique for paper documents. The same kind of technique certainly exists for electronic documents. But once you add components to limit access to the documents, you have to use much more sophisticated technologies that call for infrastructure and investment, and place a lot of access restrictions on members.

    How far do you want to go to guarantee security? I will never be able to guarantee 100%  that there will be no malicious intent on the part of someone who decides not to follow the rules.

    True, but the rules are always made for the people who want to get around them. That is somewhat the nature of...

    It will never give that assurance, because the more sophisticated it is, the more capacity for maliciousness there is. In reality, the question is always how to put together a document in the purest possible form, to be able to use it in your work. All the other aspects relate to the packaging of the document, the way the packaging and distribution of the document are overseen.

    Thank you.

    Ms. O'Brien, I have a question for you. I was elected in a by-election. So I received a condensed version of the course given to new members, because I got here when the machine was already running.

    Mr. Pierre Paquette: You were starting from the back of the pack.

    Mr. Thomas Mulcair: I was starting from the back of the pack after picking up all sorts of bad habits in another parliament.

    But I do know that orientation sessions are organized for new members. In those sessions, are documents distributed about the confidentiality of information? Are there instructions, ways of doing things, things you share with the newly elected members?

    I have to say no, there is nothing specific. But after my first appearance before the committee, and given the popularity of social media, I understood the need to address the question of confidentiality in the next orientation program for new members.

    In fact, we intend to speak with the party whips, because we would like to meet with members—not just new members but the entire caucus—to review certain basic rules, because the environment has changed. Members are sometimes elected for decades and things have changed, but some of them may not have realized it. We would like everyone to start out with the same understanding of the rules.

    Good. Thank you, Mr. Chair.

    Thank you.

    Mr. Andrews.

    Ms. O'Brien, as members of Parliament, we're responsible for the e-mail addresses that are given to us, the four, five, or 10, or whatever number it is. As a member of Parliament, we have access to monitor what our staff are sending and receiving on those e-mails if we choose to do so.

     We're also issued electronic devices. I'm going back to the PIN question. If we can monitor our staff's e-mails, why shouldn't we have the ability to monitor what our staff are sending to individuals on PIN communications?

    Well, frankly, Mr. Chair, through you to Mr. Andrews, there's no reason why you shouldn't be allowed to do that. It's just that the question has never come up. Even on the monitoring, as Mr. Andrews puts it, of e-mails, the idea is that the e-mail addresses are assigned to the various assistants in the office and then that's managed by the member. We have no role in that. That's entirely the affair of the member.

    So there are no real tools, I guess, put in place to assist the member in monitoring his or her staff. The presumption is that the member, in selecting staff, will have made judicious choices, and that such monitoring will not have to be particularly vigorous.

    Absolutely, and we are all responsible for the people we hire. It's under our name. That's why I ask. If I wanted to do this, it can't be done, so would you take into consideration that maybe this is something to which we should give some consideration as well as SMS texting and BlackBerry messaging?

    We'll certainly look into possibilities of what kinds of tools we might be able to make available to members. The committee will understand, of course, Mr. Chairman, that we have cost constraints. We have to juggle things within the question of priority, so it becomes a question of whether this is something that would have a high priority for a lot of members. Unfortunately, I suspect this is the kind of thing that one turns to in a situation where the horse has already bolted, right, and so we couldn't necessarily anticipate the horse doing that.

    No, no. That's fair enough. I understand that.

    Mr. Bard, we're also restricted from putting certain applications on our BlackBerrys. Couldn't we also be restricted from communicating by those unsecured methods?

    Again, it's much more complex than the device and the features of the device. It's the complete environment. Madam O'Brien explained at the beginning that we have an environment to conduct the usual day-to-day business of members of Parliament.

     If you were in a place like DND, as an example of those places where you want to be purely secure and confidential and you want to control everything, they have a separate environment. They don't use the network. They don't use the mail. They don't use a lot of these things, and you can go so far...it's not just one layer. You have to look at security like peeling an onion. There are many, many layers and securing the device is not helping me if I don't secure the rest of the infrastructure, if I don't secure the wireless network. For PIN to PIN, it's like putting a lot of money in something that is not secure as a technology. CSIS, DND, and the world will tell you that you don't do that. You don't do business on cellulars if it's that confidential. That's why you need to assess the risks and the investment and also manage your environment.

    My objective for many, many years has been to try to give the members as much flexibility as possible and not to put on too many constraints. I think every member is unique. You are competitive among one another and therefore I need to give you that flexibility to be who you are and to serve your constituents. Therefore, when you work in Ottawa with the institution, we already have a lot of restrictions. It is a balancing act.

    I don't disagree with you there. Thank you.

    Thank you, Mr. Andrews.

    Mr. Lukiwski, are you sharing some time with Mr. Young?

    Yes, but I have just a quick question here. A spitball kind of question just came to me. I don't want to give the impression that I think we should institute a new bureaucracy of e-police out there, because there is a certain trust factor for MPs as well as their staff, under which all of us have to work in this environment, and I appreciate that.

    From time to time, I'm sure, certain committees will be producing highly confidential documents. It is one thing to put some procedures and protocols in place to perhaps--at least I hope--prevent those documents from being forwarded or released to people who shouldn't see them, but that doesn't really stop, if someone wanted to.... Madame DeBellefeuille said that if people want to cheat, if they want to break the law, they'll always find a way.

     One way, obviously, is by examining a document closely enough, without physically forwarding it either in hard copy or electronically, and then verbally informing someone of what it contained. Currently, I understand, there is really no way to stop that from happening.

    Would there be a need--or perhaps would there be the capability within the House--if there were highly sensitive documents, to develop a secure site where the documents could be sent? Then, for anyone who wanted to examine the documents, their name and the time at which they examined those documents would be registered. That may be complete overkill. I'm the first to admit it may be out of there. But is that something that could happen?

    Yes, I think it could be a combination of things. Yes, we can isolate the document in a particular area. I call that a collaboration site. We can put all kinds of restrictions on that site and then for sure we will know who accesses that site. You can say that you cannot change the document and you cannot copy the document. All kinds of things like this can be done.

    At the same time, there are some very well established procedures that exist today in the government for secure documents and what you can do. There are all kinds of rules and decisions you need to make on whether you want to make versions of the document, number the documents, or have people sign. There's all kinds of information that exists.

     I think the best way to address that for me...I mean, we can make those available, but at the same time, you really have the key in your hands, and the key in your hands is at the preplanning stage of that report, when you have all those questions. Bring this to the attention of the committee clerk, and it will be very clear at that time, and if need be, sit down with each instance and say, “That's the proposed approach for this particular report”.

    Thank you, Chair.

    I'll certainly cede my time to any of my colleagues if they have questions.

    Mr. Young.

    Thank you.

    I'd like to ask Madam O'Brien a question. I forget what year you came to work at the House of Commons, so no offence intended, but what did they do before the Internet with such reports?

    Actually, I was musing just the other day on Micoms--

    Voices: Oh, oh!

    Ms. Audrey O'Brien: --which were the size of helicopters and had giant hoods that came down.

    We basically--

    Chiselled granite reports--

    That's right. It wasn't quite the Flintstones, but close.

    Basically, we made a certain number of copies. A copy was delivered to members' offices. It was double-enveloped, so it was addressee-only, and somebody had to sign for it when it was delivered to the office.

    What would the cost be to revert to that for draft committee reports now? What would be the added administrative cost to your budget be?

    It wouldn't add anything sort of significant.

     I should say that one of the committees, the committee on environment and sustainable development, used that approach when it was doing the study of oil sands and its effect on water, which was a very sensitive issue, obviously. What they did was watermark the copies and make the copies available each with an individual watermark. So that's always a possibility as well.

    Mr. Bard, I'm trying to understand. I haven't used the PINs because I never felt that I had that great a need for privacy and I didn't want to walk around asking my colleagues and thumbing in their PINs, so I don't use it. But my understanding was that this was the only secure way to communicate something that couldn't be requested by freedom of information. You're telling us now that it's the opposite: that it's the least secure. Can you tell me what kinds of devices—

    Both are true.

    Pardon?

    Mr. Thomas Mulcair: Both are true.

    Voices: Oh, oh!

    Mr. Terence Young: What electronic device could be used? Is it picking up those signals out of the air? Is that what you're suggesting, that people could do that?

    I can PIN to PIN with Mr. Mulcair and I'm just using the cellular systems, so I'm avoiding using the corporate network, the mail systems. There's no log, okay? Not only that--

    But how do they pick it up? Does someone have a machine or device? A scanner...?

    Yes, a scanner. It's the same kind of concern you have in using a cellular phone. When you call someone using your cellular, there are all kinds of devices to collect—

    I thought they were scrambled. You mean voice calls aren't scrambled?

    There are some levels of encryption, but again, they're very, very minimal. Anybody who has some knowledge and good tools can unlock that.

    Thank you.

    Monsieur Paquette, nothing from you?

    Mr. Mulcair, anything else?

    Are there any questions from other members?

    This has been very helpful, and Mr. Young's last question really falls on that: it's the most secure and the least secure, all in the same device. Thank you very much. I may never touch mine.

    Thank you very much for being with us today. If you could supply to us what you've suggested on the varying levels.... But I think really what you've said to us today is that committees need to sit down and say, “How secure does this document have to be?” Then you would have a nice little shopping list of security levels that you could supply to the clerks and the chairs of the committees as we do it.

     Many of the things, certainly, are in confidence. A steering committee document is still not...but how high a level of security? When we get to certain committees with more need for security, we'll have to ask for higher levels, so I would suggest that our great clerks will also have to be involved in knowing what's available to them. If you can supply us with that report, I think that would help us a lot in putting some remedies to the situation we have here today.

    Thank you again for coming here today and helping us out.

    I'm going to suspend for a couple of minutes and then we'll go in camera.

    [Proceedings continue in camera]