I call the meeting to order. For those of you who believe in the motto “better late than never”, I am certainly glad to get this committee meeting number 42 going.
I want to welcome everybody back. I hope everybody had a great Christmas and holiday break, and I wish everyone a healthy and happy new year. It's great to see familiar faces, not only those around this table but of course those of all the folks who sit in the wings and support us as well. It's great to see all of you.
We have a continuation of our study on the , more affectionately known as SCISA. Today we have with us witnesses who have been waiting very patiently. On behalf of my colleagues, I just want to say that it's very understandable why there's a bit of delay today. A couple of seasoned colleagues in the House of Commons are doing their farewell speeches. I think members were sticking around for that. We can't fault them for that. There are a lot of friendships and good relations across party lines for those kinds of things here.
Without further ado, I will introduce our three witnesses. I'd ask you to give your testimony in the order in which I introduce you. You have up to 10 minutes for your opening remarks. Then we'll immediately proceed to questions and answers.
From OpenMedia, we are joined by video conference by Ms. Laura Tribe, who is the executive director. Welcome.
From the Canadian Bar Association, we have Mr. David Elder, executive member of the privacy and access law section. Also, of course, as an individual, we have Mr. David Fraser, who is a partner at McInnes Cooper.
Ms. Tribe, the floor is yours for up to 10 minutes please.
Good afternoon. My name is Laura Tribe, and I am the executive director of OpenMedia. We are a digital rights organization that works to keep the Internet open, affordable, and surveillance-free. Given our work, it seems pretty fitting that I'm joining you by digital link from Vancouver this afternoon.
Since Bill was first announced, OpenMedia has been actively campaigning alongside many other groups against this reckless, dangerous, and ineffective legislation. We believe Bill C-51 should be repealed in its entirety, and that the Security of Canada Information Sharing Act, or SCISA, is one of the most problematic components within Bill C-51.
OpenMedia and our community believe that when the previous federal government passed SCISA, it weakened the privacy rules that keep us all safe. SCISA contributes to an alarming privacy deficit that makes all Canadians less secure. This privacy deficit is dangerous and will have lasting consequences for the health of our democracy, for our liberty, and for our daily lives.
I want to begin by commending this committee's recently published recommendations on reforms to the Privacy Act. As you are all aware, the Privacy Act has not been meaningfully updated since its introduction in the 1980s, and OpenMedia agrees wholeheartedly with this committee and the federal Privacy Commissioner that the Privacy Act must be brought into the digital age with the addition of strong, meaningful, and modern protections.
Specifically, we support your recommendations that the Privacy Act be strengthened to require that government activities related to the collection and sharing of information be necessary and proportionate.
We also strongly support your call to impose overarching limitations on the retention of data and to strengthen transparency reporting requirements for government institutions.
We believe the recommendations set out in your December report will substantively improve privacy protection and have the potential to help mitigate at least some of the serious problems with SCISA.
As you know, the government recently concluded the public phase of its consultation into a range of national security issues, including Bill C-51 and SCISA. Unfortunately, the green paper that was published at the outset of the public consultation focused far more on the desires of police than on the privacy needs of Canadians, with many issues, including those around information sharing, being framed in a highly one-sided way that ignores the reasons the public is so concerned in the first place.
Despite the misleadingly benign portrait of SCISA painted by this green paper, from a privacy perspective there are very serious problems with this legislation. Today I will be speaking to the three main concerns brought forward by the OpenMedia community.
OpenMedia's first concern is that SCISA enables domestic dragnet information sharing that security experts warn is counterproductive. As you know, SCISA authorizes all federal institutions to disclose Canadians' private information to no fewer than 17 separate government agencies.
Anything that relates to the sweepingly broad definition of “activities that undermine the security of Canada” can be disclosed. I echo the concerns of the BCCLA's Micheal Vonn that not only does SCISA have, and I quote, “no requirement for individualized grounds for data collection”, but that it seems “likely it was enacted precisely for the purposes of bulk data acquisition.”
This is deeply problematic. To participate in modern life, citizens must share lots of information with our government. This information should not be repurposed into an open-ended intelligence dragnet.
Previous witnesses have raised specific examples that shed light on just how problematic the type of information sharing facilitated by SCISA can be: CIPPIC's Tamir Israel cited recent examples of government targeting journalists and peaceful indigenous activists and expressed concern that SCISA could be leveraged to share information about their activities in spite of the supposed exception for activities of “advocacy, protest, dissent and artistic expression”, and the BCCLA's Micheal Vonn pointed to the extraordinary data collection powers of FINTRAC and how its counterbalancing privacy protections have been “decidedly unsettled by SCISA to the point where its constitutionality may be at issue.”
OpenMedia believes the principles of necessity and proportionality are workable mechanisms for sharing or receiving threat data, and there is no need for SCISA's expanded definitions of security in this context.
To safeguard Canadians, information sharing of data entrusted to government agencies should only occur in narrow circumstances, and the Privacy Commissioner must be empowered to assess the overall necessity and proportionality of any and all information-sharing activities.
Additionally, all government institutions should be required to keep thorough records of when they disclose our private information, including to foreign governments, and information sharing in general should only occur subject to formalized agreements.
OpenMedia's second major concern with SCISA is that inappropriate information sharing with foreign governments can have a devastating impact on the lives of individual Canadians. In recent years, over 200 Canadians have publicly come forward to say their personal or professional lives have been ruined due to information disclosures with foreign governments, despite never having broken the law, and we'll never know how many others who have been impacted have chosen to stay silent.
Some have faced career limitations, while others have had to deal with travel restrictions. False charges that were subsequently dropped or dismissed, never resulting in criminal records, or even brief contact with the mental health system can create flags with life-changing consequences. These stories underline a very real threat regarding the government's handling of our sensitive data: that without safeguards in place, government bureaucrats will simply act recklessly and make life-impacting mistakes.
Canada's security agencies, the designated recipients of information under SCISA, routinely and on a large scale share information with their counterparts in the U.S. When mistakes are made, the impact on individual Canadians can be profoundly damaging. We need look no further than the case of Maher Arar to see that. These long-standing problems have been exacerbated by the Trump administration's recent decision to eliminate all U.S. Privacy Act protections for foreigners, including Canadians. As Professor Michael Geist points out,
|| the order should raise significant concerns about government data shared with U.S. authorities as well as the collection of Canadian personal information by U.S. agencies. Given the close integration between U.S. and Canadian agencies—as well as the fact that Canadian Internet traffic frequently traverses into the U.S.—there are serious implications for Canadian privacy.
These concerns are compounded by the Trump administration's expressed openness to returning to torture policies that were largely discontinued by the previous administration. Sadly, should SCISA remain in place, more examples like that of Maher Arar are not unlikely.
OpenMedia's third concern is the way that reckless information sharing harms our digital economy. Leading Canadian business figures, including the heads of Hootsuite, Slack, Shopify, and OpenText, have warned that the information-sharing provisions of SCISA will harm the Canadian economy by undermining trust in our commerce and trade. In an open letter published shortly after Bill was first proposed, these business leaders had this warning:
|| The data disclosures on innocent Canadians and those travelling to Canada for business or recreation could make our clients leave us for European shores, where privacy is valued. Duplicated data flowing between multiple unsecured federal government and foreign government databases leaves Canadians and Canadian businesses even more open to being victimized by data breaches, cyber criminals and identity theft.
A second letter from the business community, published last month in response to the government's national security consultation, reiterated these concerns and called for the legislation to be fully scrapped, saying:
|| We hope your government will listen to Canadians, the business community and experts by starting over with new legislation that respects our collective desire for security overall. Privacy and data integrity safeguards represent security in its most clear and basic sense. Let’s start with this understanding and work from there.
For all these reasons, OpenMedia believes that the Security of Canada Information Sharing Act should be completely repealed, alongside the rest of Bill . As one of our community members told us recently:
|| Repeal it completely and do it now. If the Liberal government believes some sort of bill is needed, then write a new bill from scratch only after thorough consultations with legal experts and citizens to ensure Canadian rights and freedom are preserved.
Strong privacy rights need to be at the heart of any healthy democracy because they are the foundation of many other democratic rights we hold dear. We all deserve effective legal measures to protect the privacy of every resident of Canada against intrusion by government entities or malicious actors and abuse by law enforcement. Canadians deserve at least the same high level of privacy safeguards for our digital homes as we do for our brick-and-mortar homes, if not higher, given the highly sensitive data stores and interactions that are increasingly housed online.
For many Canadians, security is privacy, in the most human sense of that word. Repeated revelations of intrusive government surveillance, whether that be spying by CSE, the new powers in SCISA, or other elements of Bill , have left Canadians fearful for their personal security. This committee's work can play a significant role in ensuring that Canada can address those fears and become a global leader in reining in excessive digital surveillance practices. Let's lead by example and help set a new global standard for privacy protection in a digital age.
Thanks very much, and good afternoon, Mr. Chair and members of the committee.
My name is David Elder. I am an executive committee member of the privacy and access law section of the Canadian Bar Association. I also co-lead the privacy and data protection practice at Stikeman Elliott LLP. I was formerly the chief privacy officer for a major Canadian telecommunications company, and I have been practising privacy law for over 20 years.
Thank you for the invitation to present the CBA's view on the Security of Canada Information Sharing Act.
The CBA is a national association of over 36,000 lawyers, law students, notaries, and academics. An important aspect of the CBA's mandate is seeking improvements in the law and the administration of justice, and it is that perspective that brings us to appear before you today.
Our submission to the committee on SCISA was prepared by a CBA national security working group, with contributions from the privacy and access law section as well as other sections. The section's membership represents lawyers with in-depth knowledge in the areas of privacy law and access to information from every part of the country, drawn from private practice, industry, and government sectors.
Our section also worked on the CBA submission this past fall in response to the government's national security green paper, and the year before that on the CBA submission to the public safety and national security committee respecting Bill , part of which contains SCISA.
I'll now address the substance of our submission.
The CBA supports information sharing for the purpose of national security when that sharing is necessary, proportionate, and accompanied by adequate measures against potential abuse. However, sharing too much information or sharing information for unrestricted purposes can lead to harmful consequences. Moreover, such oversharing is contrary to the principles underlying privacy laws in Canada.
SCISA has significantly expanded intragovernmental information sharing for national security purposes in Canada, including the sharing of potentially sensitive personal information, without precise definitions, basic privacy protections, or clear limitations on the purposes for sharing. While some helpful changes were made to SCISA before its final passage into law in 2015, the statute still causes concern on several fronts.
The CBA has four main concerns with the law as enacted.
The first is independent oversight. SCISA includes a number of useful guiding principles for information sharing, including the principle that originators should retain control over shared information and the principle that information should be disclosed under the act only to institutions carrying out responsibilities in respect of activities that undermine the security of Canada.
However, to be meaningful, SCISA must include a robust oversight and accountability mechanism to enforce these principles. In the CBA's view, any oversight body should have independence from the government institutions that will be sharing information under the act in order to avoid any potential conflicts of interest.
There may be several oversight models that could work in this regard. The committee of parliamentarians that was proposed in Bill could be one such option. Existing institutions, such as the Office of the Privacy Commissioner of Canada, might also work.
Whatever oversight mechanism is pursued, in order to better facilitate the review of activities carried out under SCISA, the CBA submits that regulations should be introduced requiring disclosing institutions to keep a record of all disclosures made under SCISA and requiring receiving institutions to maintain records of subsequent use and disclosure of information received pursuant to SCISA. If such records do not exist, it will be nearly impossible for any oversight body to determine whether the guiding principles of the act are indeed being respected.
The second concern is balanced information sharing.
The CBA notes that subsection 5(1) of SCISA permits disclosure among the 17 government institutions listed in the schedules of the act if the information is relevant to the recipient institution's jurisdiction or responsibilities under an act of Parliament or another lawful authority respecting national security. In the CBA's view, mere relevance is a very low standard for what should be an exceptional sharing of information between government institutions, and this could allow for unnecessary and overbroad sharing of information, undermining the privacy rights of Canadians. The CBA agrees with the previous submissions of the Privacy Commissioner of Canada and others that a test of necessity would better balance the objectives of SCISA with privacy rights and principles. In other words, in order for information to be shared with another institution, such sharing must not only be relevant to the receiving institution's mandate respecting national security, but also have to be necessary in order to allow the receiving institution to fulfill that mandate.
The CBA is also of the view that the existing schedule 3 to SCISA, which lists the institutions with which information may be shared under the act, should be expanded to include references to the specific sections of the statute supervised or implemented by those institutions that might relate to national security concerns. Greater specificity would assist both disclosing and receiving institutions, as well as any oversight body, in assessing whether disclosure to another institution might be appropriate.
Our third concern with SCISA is the lack of restrictions around subsequent use and disclosure of information disclosed to an institution under section 5 of SCISA. More specifically, the current provision seems to allow for the subsequent disclosure by a recipient institution to other non-designated government institutions, to individuals, to foreign governments, or even to the private sector, and for purposes unrelated to national security.
In the CBA's view, the information sharing between government institutions contemplated by SCISA should be seen as an extraordinary measure designed to fulfill an explicit narrow purpose. Accordingly, SCISA must be designed to eliminate what is sometimes called “purpose creep”, including potential disclosure to third parties.
The CBA is particularly concerned about subsequent use and further disclosures by a receiving institution when the information has been obtained by the disclosing institution through the exercise of extraordinary powers, such as powers to compel production of information or enter premises. It would be inappropriate for a receiving institution to be able to leverage, for purposes unrelated to national security, any investigation and enforcement powers not conferred on the receiving institution by Parliament. SCISA should not allow receiving institutions to obtain indirectly that which they cannot obtain directly.
Fourth, the CBA is concerned about reliability of information.
The CBA is concerned that SCISA includes few effective checks and balances on information sharing or safeguards to ensure that shared information is reliable. The Arar commission stressed the importance of precautions to ensure that information is accurate and reliable before it is shared. Omitting safeguards in SCISA ignores lessons learned through the Arar saga and the recommendations of the Arar commission, and risks repeating the same mistakes.
In conclusion, once again the CBA appreciates the opportunity to share our views on SCISA. We support balanced information sharing for the purpose of national security when it is necessary and proportionate, and is accompanied by safeguards that are adequate to protect individual privacy rights and to ensure the reliability of any information shared pursuant to the act.
I'd be pleased to respond to any questions the committee members may have.
Thank you very much to the committee and to the chair for the opportunity to speak with you today about this very important subject.
I will introduce myself. I am a privacy lawyer practising with McInnes Cooper in Halifax. I've been practising law in this area for more than 15 years, and in that time I've had the benefit of advising clients on a full range of privacy, access to information, and technology issues. I've worked with clients who regularly have contact with the police and with the national security authorities looking for information, both through regular lawful channels and, shall we say, informal channels.
I am here in my personal capacity, so I'm not speaking on behalf of any of my clients or any of the associations that I am a member of—I'm a proud CBA member—nor am I speaking on behalf of my firm. This is just me.
This committee has a very important opportunity, and I think we are at a turning point in global history. We have the chance, right now, to take a deep breath, take a step back, and ask some very important questions: who are we as Canadians, and what do we want to be? What kind of country do we want to live in, and are we taking positive steps to make that happen?
Looking south of the border, I am very mindful of a phrase that I first heard said by William Binney, who was one of the first whistle-blowers from the U.S. National Security Agency. He left because he was afraid that what he was being asked to create within that organization was something he called “turnkey totalitarianism”.
If you build an intrusive tool for the most benevolent institution, you can have faith in the people for whom you build it, but you can't be sure that it won't fall into the wrong hands. Setting aside the cynicism I've developed over the last dozen years, even if you absolutely believe what the leaders of our national security and policing agencies say to you—and I understand there will be further testimony from them—you can't be sure that their replacements will necessarily have the same good faith and concern about the rights of citizens. You can't be sure about the good faith and commitment to Canadian values of the next government.
The new U.S. administration has at its disposal the most significant surveillance apparatus ever assembled, and it's being built with Canadian collaboration. This committee needs to look at the here and now, but also look over the horizon for what may come next. The Anti-terrorism Act of 2001 and the Anti-terrorism Act of 2015 are, or could be, the foundation of what could become a massive abuse of Canadian rights.
We also need to look at whether any of this is really necessary or proportional in the first place. We need to look at what we have here and what is going on. On the one hand, recently we've seen that CSIS, with the assistance of Department of Justice lawyers, has lied to courts in order to feed CSIS databases. We've also seen that CSIS has refused to delete the information that it unlawfully retains. Most recently, we've seen that CSIS has been working within government to try to justify its data mining practices and has actually been looking to get more data to put into its massive databases.
Then we have the Security of Canada Information Sharing Act, which is, in my view, a privacy disaster. The privacy of Canadians was previously connected by information silos. Departments could collect information that was reasonably necessary for their purposes. They could share it with other departments for purposes that were consistent with those purposes, and they could share it with law enforcement in other circumstances. There were rules around that. You knew that the information about your Canada Pension Plan contributions or EI claims would not be used for any other purpose, unless the relatively weak hurdles of the Privacy Act—with which everybody here is familiar—were complied with, or unless a judge determined that it was appropriate in those circumstances that the public interest in disclosure outweighed the privacy interest.
Now we have a system whereby CSIS can ask any government department for virtually any data, as long as they think it's relevant to their task. You can try to get insight into how they would calculate that; I'm not sure. They can then get it, and it is no longer covered by the privacy protection of the originating institution.
They might think, for example, that people who visit bad guys are probably bad guys themselves, so let's get all the visitor logs from Correctional Service of Canada and then let's match that up against the Canada Border Services Agency records of people leaving and returning to Canada, and passport applications—and why not all the records of people receiving EI, and then everyone else's tax returns to see who has donated to Muslim charities? This law would allow CSIS or the RCMP to collect, in one massive database, all the information that every other government department has about you, based on the linchpin of that extremely low threshold of relevance.
SCISA does not contain any limit on what organizations like CSIS or the RCMP can do once they build those databases. There is nothing built into SCISA that does that. There is also no internal limit on how much information can be transferred between any government department and any of those institutions listed in the schedule to the act. On top of this, all of this happens in the shadows: there is no oversight within this statute.
As parliamentarians, all you know are the evasive non-answers given to you. There is no oversight, no accountability within this framework. This is essentially a blank cheque giving national security agencies access to some of the most sensitive personal information about Canadians. This is a real problem, and the act should be repealed.
In closing, I would also highlight the presence of section 9 in the statute. It should raise a flag. It should raise a flag very high. It says, “No civil proceedings lie against any person for their disclosure in good faith of information under this Act.”
If a statute has to provide immunity for otherwise unlawful conduct, we should be very careful about authorizing that conduct in the first place and we should be very careful about granting that immunity.
Thank you very much again for this opportunity. I very much look forward to the discussion.
To Mr. Fraser's point, I think we've seen no strong evidence that there is any problem with scrapping it. We haven't seen the evidence that it was necessary in the first place.
I think there has been a lot of information coming in. I'm very excited to see the results of the national security consultation that Public Safety Canada has conducted, as well as the findings of this committee, and to learn from law enforcement what they think they need and what they need to retain.
I think those are the elements, with more detail, that need to be reintroduced, either through updating the Privacy Act or through separate legislation, and that require proportionality when information is shared.
Really, the ultimate problem we have with what has been introduced is that, to the point about what has gone wrong so far, it could be years before we know what has gone wrong. There is no way for us, as citizens, to actually know what information is being shared about us, who it's being shared with, and whether it's even accurate.
I think it really removes people from the accuracy of their data. It removes them from having any control over their information and an understanding of where it's going, which has some really long-lasting effects, both in terms of negative ramifications and also on people's ability to express themselves.
It's good to be back in committee with all of you.
Thank you to the three witnesses. I'm sorry we were late getting here.
I want to quickly clarify, in response to some of the comments that were made earlier in part of the presentation, that we're talking about information sharing. That's the focus of this study.
I'll quickly read into the record the purpose and principles of SCISA: SCISA is intended to protect Canadians against activities that undermine the security of Canada by encouraging and facilitating the sharing of information related to such activities among federal institutions. Some of the conversations seemed to take a bit of a different direction there.
I'll open up with my first question, which concerns the Five Eyes.
We know that it's important to the Government of Canada to have allies across the world. I would like to break it down into three separate questions for all three of you.
Do you believe these types of allied relationships better protect Canadians? If so, do you believe it is important that our national security organizations have tools similar to those of our allies? Are any of you aware of any of the information-sharing laws and oversight mechanisms of any of these allied countries?
I'll open it up to conversation.
Yes, I am in favour of collaboration with our allies. I think, in fact, that being a member of NATO has kept us safe since the Second World War. In this age when borders are less relevant, I think that's important when it comes to international crime, which includes terrorism. I think collaborating with our allies is important.
It's a matter of checks and balances within that. It's a matter of proportionality when it comes to intrusive measures. I think that is ultimately the key to it. I think the thing that caused.... When you cast your mind back to the kind of revelation associated with Mr. Snowden, it was not so much that the National Security Agency, the CSE, and others existed and that they were doing their published jobs related to signals intelligence; what was problematic was the bulk data collection, the collecting and analyzing of information about people for whom there was no reasonable suspicion that they were doing anything wrong.
At least for me, it's not an objection to the existence of CSIS. I think it's good. Actually, I'm glad that those powers were taken away from the RCMP following the McDonald commission. I don't have a problem with the existence of the Communications Security Establishment. It's all a matter of proportionality and keeping it all entirely within check.
When it comes to the third question that you asked with respect to information sharing, I don't think I have enough specific information to illuminate you, unfortunately.
I would suggest it's exactly as Mr. Elder referred to. It's a matter of trusting. You're going to have to trust. If you're going to enter into these bilateral or multilateral information-sharing arrangements, you're going to have to trust.
We can also put in place general limitations on what kind of information we share. What is the nature of the information we share? Also—and this is one of the things that might sound a little bit repetitive—what's the magnitude of the information we share? If the RCMP receives a query from the Department of Homeland Security regarding an individual that they have under investigation, that's a very different thing than giving the FBI full access to the Canadian Police Information Centre, which is currently the case. They're allowed almost unsupervised access to a massive trove of data. We don't have a whole lot of insight, accountability, or oversight, or even an understanding of what is happening with that information.
If it's on a case-by-case basis so that it's much more limited or it's much more controlled, then you have a much better sense of why they're asking. What's the nature of the information? Is it particularly sensitive? Is it something that's stigmatizing? Does it relate to, for example, religion or protected expression under our charter or all these other sorts of things? Shared databases and massive troves of information seem to be the trend these days. Instead of using knowledgeable investigative insight and individuals with the proper skills, they're throwing in technology, collecting a lot of information to create a haystack as big as they can, and then using technology to go through it looking for needles.
The problem is that the haystack is information about individuals who are 99.999% innocent. Technological scanning, for example, will produce false positives, will result in individuals wrongly ending up on no-fly lists and other things, or worse, ending up being tortured in a basement somewhere. That's what we need to protect. You don't share sensitive information that could cause harm to our citizens with somebody that you don't absolutely trust in terms of what's going to happen with that information.
Unfortunately, as Mr. Elder said, no Canadian law can tie the hands of any foreign government once they have that information. It needs to be a two-way street. It needs to be a relationship built on trust, but trust that's verified. Keep an eye on their track record. Has the information gone elsewhere? Be prepared to kind of pull back on the leash if there's any sign of trouble.
I'm happy to answer that.
Part of it relates to the question of relevance: what is relevant to investigations related to activities that undermine the security of Canada? Relevance is a very low threshold. If you're going to tinker with it, I would adopt “necessary”, because that's stricter.
Another problem is going to be that there's no oversight. There's no mechanism by which you can test whether or not something is, in fact, reasonable; reasonable is in the eye of the beholder.
Then also, we're now in the 21st century, when investigative means aren't simply following up leads but are analyzing databases and taking massive amounts of information and running them against algorithms in order to try to make information surface. If you are investigating to try to find the next person who's going to commit murder in a mosque, for example, if you have the mindset that the best way to do that is to analyze massive data sets because doing that is relevant to dealing with situations that would undermine the security of Canada, you can justify that in that sort of circumstance. When your mindset is that you operate by analyzing bulk data sets, then you can very easily see and connect those dots and take something that way. It might not have been the intention, but in this day and age, that is how a lot of investigations and a lot of intelligence work are being done, so we need to have the limitations that are in it.
As I said, I'd be happy to have the whole thing thrown out and rewritten and to have these things dealt with in the Privacy Act. The four recommendations made by the Canadian Bar Association would dramatically improve it, but we need to have the proportionality in it. It's the use of bulk data that troubles me the most.
I would be broadly in favour of oversight over the entire national security and intelligence functions within the Government of Canada, which would include the law enforcement components as well. What we're seeing is that they all work as a group. When we have 17 organizations, some of which you'd think would have no national security role whatsoever, somebody has to have oversight over that.
I think that's absolutely critical, because most national security and intelligence activities are obviously top secret. Obviously they can't put all the information about what they're doing on their website. Because they are in the shadows, the only way you can make sure they conduct themselves in accordance with our expectations in a democratic society is to have confidence in the oversight, confidence that somebody is watching and keeping an eye on them, somebody who can keep the secrets but who can also blow the whistle when necessary.
I would suggest that it should be an officer of Parliament who has oversight and virtually unlimited powers of investigation, of her own initiative or in response to complaints, to deal with whistle-blowers and all that other sort of stuff over the entire apparatus. What's happened previously—and I think this is all part of the overarching discussion we're having on the green paper and everything else—is that, for example, the RCMP has been subject to one level of accountability, CSIS is subject to a different level of accountability, and CSE is subject to a different one, and I've no idea what's happening in some of these other departments. Nobody has a line of sight into the overall big picture other than perhaps the , but even then, perhaps not. Somebody needs to be able to keep an eye on this.
The only way we can have confidence in it is by having confidence in the overseer. We have to trust that the overseer is acting on our behalf, because we, as citizens, can't have visibility into all of these things that really have to happen in the shadows. We're making a leap of faith, but we have to trust the supervisor.