Skip to main content Start of content

OGGO Committee Meeting

Notices of Meeting include information about the subject matter to be examined by the committee and date, time and place of the meeting, as well as a list of any witnesses scheduled to appear. The Evidence is the edited and revised transcript of what is said before a committee. The Minutes of Proceedings are the official record of the business conducted by the committee at a sitting.

For an advanced search, use Publication Search tool.

If you have any questions or comments regarding the accessibility of this publication, please contact us at accessible@parl.gc.ca.

Previous day publication Next day publication
Skip to Document Navigation Skip to Document Content






Standing Committee on Government Operations and Estimates


NUMBER 073 
l
1st SESSION 
l
42nd PARLIAMENT 

EVIDENCE

Thursday, February 23, 2017

[Recorded by Electronic Apparatus]

  (0845)  

[English]

     Colleagues, I think we'll begin. It's 8:45 a.m. We are missing one of our witnesses, but I'm sure Madam Campbell is on her way.
    I have a couple of quick notes before we begin our testimony. First, with your permission, colleagues, I would like to take about 10 minutes, perhaps 15 minutes, at the end of this meeting to discuss future business and potential future witnesses as we continue our study on the whistle-blowers protection act.
    Second, I want to announce that Mr. Clarke will not be with us for the next two to three weeks. He is at home in his riding awaiting the arrival of his second child, so Monsieur Gourde will be with us for the next few weeks. Monsieur Gourde is an experienced parliamentarian, and also an experienced parliamentarian in government operations. He sat on the previous government operations and estimates committee for about four years, so his learning curve is not quite as steep as it would be for others.
    To our witnesses, thank you very much for being here.
    Colleagues, today's meeting is pursuant to Standing Order 108(2), Briefing on the Use of National Security Exceptions.
    I understand all of our witnesses here have brief opening statements.
    Mr. Breton, if you have your opening statement, the floor is yours.

[Translation]

    Shared Services Canada, or SSC, was created in 2011 to build a modern, secure and reliable information technology infrastructure for the digital delivery of programs and services to Canadians.
    After its creation, SSC began reviewing the security requirements that would be necessary to meet its mandate and the needs of its customers.

[English]

    At the time, Canada’s security and intelligence community had recognized the strategic importance of SSC’s procurements to establish a secure, centralized IT infrastructure for the Government of Canada. This includes procurements related to email, data centre infrastructure, and network and telecommunications systems and services.
    Ultimately, the department concluded that these types of procurements are indispensable to national security, and that steps were necessary to protect Canada’s national security interests, including invoking the national security exception.

[Translation]

    A main justification was that email, networks and data centres play a central role in every aspect of the government's operations, and that these systems have repeatedly been the target of hostile cyber threats.
    I would underline that the decision was made together with a number of other federal partners, including Public Services and Procurement Canada, the Canadian Security Intelligence Service, the Communications Security Establishment, the Treasury Board Secretariat, the Department of National Defence and the Privy Council Office.

[English]

    These organizations all endorsed SSC’s request to seek a national security exception in support of its mandate. This endorsement is not normally part of the already rigorous process that my colleagues will describe from PSPC, but it was added to ensure that our rationale was supported by the key departments responsible for protecting Canada’s national security. Canada’s decision to invoke the NSE for all procurements of goods and services related to email, networks, and data centre infrastructure was announced on the government electronic tendering service in May 2012. SSC also invoked the NSE for procurements related to workplace technology devices, software, and related services, which were added later to the department’s mandate.
    In our notice to suppliers, it was explained that workplace technology devices and software are the gateway to most of the government’s infrastructure and are the means by which employees send and receive email, transmit information across networks, and access information stored in data centres. This therefore makes them attractive targets for those intent on exploiting the government’s infrastructure. The invocation related to these types of procurements was announced on the government electronic tendering service in 2014.
    Let me now turn to some of the steps Shared Services Canada is able to take to protect Canada’s national security by invoking the NSE. This includes applying the supply chain integrity assessment process. This security screening process, which involves analysis by the Communications Security Establishment, is intended to ensure that no equipment, software, or services procured by Shared Services Canada, or used in the delivery and support of services, could compromise the security of Canada’s systems, software, or information.

  (0850)  

[Translation]

    Other steps include “in-Canada” requirements for housing data to protect Canada's sovereignty over its data.
    Shared Services Canada is also able to direct the architecture of its network or other systems to ensure the design achieves appropriate security standards and controls.
    These are just some examples of how the NSE enables Shared Services Canada to procure the goods and services required to fulfill its mandate in a way that protects national security in the face of increasing cyber threats.

[English]

     I would like to state at this point that the invocation of the NSE does not mean that procurements will be non-competitive. To illustrate this, for fiscal year 2015-16, Shared Services Canada conducted 725 procurements that were subject to the NSE for a total value of $1 billion. Of that total, $920 million was sourced competitively. This volume represents 29% of all of SSC's procurement transactions for 2015-16. It also represents about 77% of the total dollar amount we procured in that fiscal year.
    In addition, the invocation of the NSE is not intended to insulate Shared Services Canada from challenges by suppliers. Challenges to the Federal Court and to the provincial superior courts remain available with respect to all of the department's procurements.
    Let me close by emphasizing that Shared Services Canada is committed to conducting fair, equitable, and competitive procurement processes.

[Translation]

    We recognize that market-based competition is the best vehicle to deliver the highest value solutions and best value for Canadian taxpayers. This includes procurements conducted under a national security exception.
    Thank you, Mr. Chair.

[English]

    Thank you very much, Mr. Breton.
    Now representing Public Services and Procurement Canada, we have Madam Campbell. Thank you for being here.
    You have the floor for your opening statement, please.

[Translation]

    I'm sorry for being late this morning, Mr. Chair. There was some confusion about the room we were supposed to be in.
    Thank you for the opportunity to appear here today to discuss how PSPC invokes the national security exceptions.

[English]

    PSPC procures goods and services on behalf of departments and agencies at the best value for Canadians. Our acquisitions program provides federal organizations with procurement solutions such as specialized contracts, standing offers, supply arrangements, and memoranda of understanding for acquiring a broad range of goods and services, including construction services.
    This program delivers acquisitions and related common services using procurement best practices, early engagement, effective governance, independent advice. It benefits Canadians through an open, fair, and transparent process to ensure best value for Canadians in the federal government.

[Translation]

    In order to ensure that Canada's national security interests are not compromised when procuring goods and services, the trade agreements allow all parties to take whatever action they consider necessary by invoking the national security exception.

[English]

    By including national security exception provisions, signatories to the trade agreements made a conscious decision to allow discretion in determining their national security requirements. This discretion is essential in view of the evolving and shifting nature of sources of threat to national security. Recognizing that it's very difficult to predict how threats to national security will evolve and change, the trade agreements give Canada and its trading partners the flexibility to invoke NSE when they consider it necessary.
    A national security exception is considered when the procurement is essential for any of the following: national defence and military threat, sovereignty, protection of security intelligence, environmental security, human security, and economic security. Invoking an NSE, as my colleague said, does not remove procurements from the obligations of the government contract regulations to compete the requirement unless there is a valid reason to direct the procurement. Canada's contracting framework and laws favour robust competition as a way of ensuring choice and innovation for the government.

[Translation]

    When PSPC is the contracting authority, an NSE can only be invoked by either myself in my capacity as assistant deputy minister of defence and marine procurement, or by my colleague Arianne Reza, assistant deputy minister of procurement. This is because matters pertaining to national security must be addressed at the senior management level.

  (0855)  

[English]

     PSPC's acquisition program invokes on average 20 national security exceptions per year. A total of 55 NSEs have been invoked over the past three fiscal years, with the Department of National Defence being our major client, representing 45% of the total number of invocations. Other client departments include the Royal Canadian Mounted Police with 16%; Canada Border Services Agency with 7%; Immigration, Refugees and Citizenship Canada with 5%; and PSPC with 4%.
    To date, for the current fiscal year, PSPC has invoked a total of 18 NSEs.

[Translation]

    The process for invoking an NSE is rigorous and sound. A client department determines the national security risks to be managed and mitigated in a procurement.
    A request must be in the form of a letter from the responsible assistant deputy minister at the client department that explains the nature of the proposed procurement and shows a clear rationale of why an NSE should be invoked in relation to the trade agreements.

[English]

    PSPC implements a rigorous review process to vet the client department's request in consultation with our legal services and the relevant procurement sector. We also follow Treasury Board's guidelines in this respect. As with any other procurement process, this is done with great diligence and scrutiny.
    Procurements for which an NSE is invoked remain subject to all other relevant government regulations and policies, including the industrial and technological benefits policy and the value proposition. The NSE is invoked only when the crown considers the procurement indispensable for the protection of Canada's national security interests. As well, invoking an NSE is not by definition meant to restrict competition to Canadian suppliers.

[Translation]

    There may, however, be a legitimate need to maintain or establish a Canadian source of supply.
    For example, when Canada contracted for a pandemic vaccine supplier, the government was required to invoke the NSE for various reasons, including ensuring a domestic supply of the vaccine was readily available and manufactured within its borders.

[English]

    Typically, an NSE is invoked for a project or a specific procurement. However, there are situations in which an omnibus NSE may be required. For example, in November 2015, I invoked an omnibus national security exception to assist in the relocation of 25,000 Syrian refugees to Canada. This NSE applied to all procurements carried out by my department on behalf of all federal government departments, agencies, and crown corporations.
    In 2008, PSPC invoked an omnibus NSE on behalf of the Department of National Defence to support Canada's military operations in Afghanistan. In this situation, invoking this NSE ensured that the Department of National Defence met its immediate operational requirements in an active war zone, and protected our national security interests.

[Translation]

    To conclude, PSPC recognizes the seriousness of invoking an NSE, and, as I have previously mentioned, the department has a rigorous process to ensure that any request meets the high standard we have established for invoking the exception and managing our overall procurement responsibilities for the Crown.

[English]

    Thank you, Mr. Chair and committee members. My colleagues from other departments also have remarks to offer, after which we'd be pleased to answer your questions.
    Thank you very much for your comments.
    Colleagues, before I introduce our last two witnesses, for your information, we had originally invited officials from Public Safety Canada. They had suggested that, since we are dealing with national security exceptions, the RCMP and CSIS would be better positioned to answer any questions we may have, and that's why we have representatives from those two organizations before us.
    Mr. Watters, you're representing the Royal Canadian Mounted Police. Please go ahead with your opening statement.

[Translation]

    Good morning, Mr. Chair and distinguished committee members.
    My name is Dennis Watters and I am the acting chief financial administration officer for the Royal Canadian Mounted Police.
    Thank you for the opportunity to speak with you today about the RCMP's procurement activities, and more specifically the use of national security exceptions as they relate to providing Canada's national police service with the most appropriate and effective equipment to ensure the safety and security of Canadians.

[English]

     The RCMP's procurement activities are conducted directly in support of the RCMP's operational priorities, including but not limited to the following: enable RCMP members to detect and prevent organized crime, ensure Canada's security interests, and protect Canada's economic integrity, while also providing for the safety of RCMP officers who are entrusted with the security of Canadians.
    The RCMP uses the services of PSPC and Shared Services Canada for procurement requirements that exceed the contracting authority of the RCMP and for specialized requirements. The RCMP also procures goods, services, and constructions under its own delegated authorities through open, fair, and transparent processes to ensure best value for Canadians while meeting the RCMP's operational priorities.
    In order to meet these and other operational priorities, the RCMP requires a wide range of goods and services. The bulk of these items are procured through open and competitive processes. As reported against the 2015–16 management accountability framework, the RCMP used competitive processes for 84% of contracts valued at over $25,000.
    For calendar year 2014, the RCMP had more than 7,000 contracts awarded, for a total value of $395 million. As indicated by my colleague from PSPC, the number of NSEs invoked by PSPC for the RCMP is very low in each fiscal year. I believe it was 16%. In addition, the RCMP invokes the NSE for some of the procurements that it carries out under its own authorities. However, the use is very limited.
    Even though the use is quite limited, the RCMP has a robust framework in place for the use of NSE, including an internal guideline for national security exceptions. All requests to PSPC to apply the NSE must first be approved at the deputy commissioner level at the RCMP, and they are reviewed by the corporate procurement branch that reports to me. In addition, for contracts within the RCMP's own delegated authority, the requests have to be approved by the chief financial officer, me. Invoking the NSE does not by itself allow the RCMP to sole-source procurement.
    The RCMP does rely on the national security exception from the application of trade agreements, generally for two main reasons. The first is when the requirement cannot be published on the public-facing government electronic tendering systems because revealing technical requirements or specifications would compromise the operational requirements of the equipment being procured. Furthermore, depending on the purchase, disclosing the specifications of the equipment could have serious consequences on the safety of our members.
    The second is when the minimum publication timeline under Canada's trade agreements cannot be met due to the urgent nature of the requirement. For example, solicitations subject to the North American Free Trade Agreement must be published for a minimum of 40 calendar days. Due to the operational nature of the RCMP, it is not always possible to plan procurement requirements in sufficient time to meet these posting requirements. As an example, the national security exception was invoked in advance of the North American leaders' summit in 2016. The rationale for using the exception was in part to protect the details of the operations to ensure the security of leaders, but also because of the short timelines that were available to procure the equipment ahead of the summit.
    The national security exception is a key tool that enables the RCMP to meet its operational requirements for the protection of Canada's national security.
    Mr. Chair and honourable members of the committee, I thank you for inviting the RCMP here today, and I would be pleased to answer any of your questions.

  (0900)  

    Thank you, Mr. Watters.
    Colleagues, our last witness is representing the Canadian Security Intelligence Service, Karen Robertson.
    Madam Robertson, the floor is yours.

[Translation]

    Good morning, Mr. Chair and members of the committee.
    My name is Karen Robertson and I am the assistant director of finance and administration at the Canadian Security Intelligence Service. I am responsible for managing CSIS' financial functions as well as administrative functions pertaining to acquisitions, asset management, disposals and infrastructure requirements.
    As my colleagues from Public Services and Procurement Canada, PSPC, and Shared Services Canada, SSC, have already provided an explanation of national security exceptions, I hope to provide you some insight into the rationale for applying these exceptions to CSIS' procurement contracts.
    Although CSIS' procurement-related expenditures constitute a relatively small piece of the government's overall procurement budget, our mandate and operational activities create distinct requirements as they relate to the procurement of goods and services. As such, to contextualize my statements today, I would like to provide the committee with a brief overview of CSIS' authorities and why special consideration is required to protect the integrity of our work.

  (0905)  

[English]

     Everything we do at CSIS is grounded in the CSIS Act, which clearly articulates our mandate and authorities. Pursuant to section 12, CSIS is authorized to collect information, to the extent that is strictly necessary, on activities suspected of being threats to the security of Canada. These threats are explicitly defined in section 2 of the act, and are limited to terrorism, espionage, sabotage, and foreign interference.
    CSIS collects information to detect, assess, and respond to threats to the security of Canada. A core function of our mandate is to report to and advise government on matters of national security. In principle, competitive and transparent government procurement practices are a healthy component of a democratic society. However, given CSIS' duties and functions, members of the committee will understand that the goods and services we acquire to support our activities are sensitive in nature and, as a result, must be protected from becoming widely known.
     The main reason CSIS applies national security exceptions to the majority of our procurement contracts is to limit the disclosure of information about our practices, transactions, and vendors. If the targets of our investigations knew details about the equipment we procure and our technological capabilities, they could defeat or counter our investigative efforts.
     In addition, knowledge of CSIS' procurement needs, even of seemingly innocuous contracts, may enable hostile actors to better understand our existing capabilities and resources. This is due to the potential mosaic effect of aggregating publicly released information about our procurement requirements, costs, and practices. As such, protecting how CSIS purchases goods and services matters just as much as protecting what we procure. Revealing any link to CSIS in a public tender may reveal our operational techniques, jeopardize our operations, and endanger employee safety. It could also risk the reputation and safety of those entities that supply us with goods and services.
    The ability to apply national security exceptions to CSIS' procurement permits us the flexibility to define the requirements for a particular contract or vendor in light of our operational considerations and awareness of the threat environment.
     Given these considerations, CSIS actually procures the majority of its contracts in-house as a result of exceptional contracting authorities that have been granted to us by the Treasury Board. CSIS has operated using these exceptional authorities since 1987. Very few goods and services are procured through the regular government process managed by PSPC and SSC. There are, however, certain circumstances in which we would manage contracts through PSPC and SSC, such as when the purchase exceeds our contracting authorities. National security exceptions would apply to all these contracts because of CSIS involvement.
     CSIS is excluded from SSC's email, data centre, and network mandate. A minimal proportion of CSIS' network services and IT-related infrastructure are procured through SSC. With regard to SSC's mandate for end-user IT, CSIS works very closely with SSC to process IT procurements in a manner that aligns with security requirements.
     CSIS does not apply national security exceptions to avoid undertaking competitive methods of procurement. While I cannot enter into much detail, it is important to note that CSIS' associated exceptional procurement authorities are backed by a rigorous internal control framework and oversight.
    We leverage government-wide best practices to ensure the appropriate management of government resources. Our procurement practices are also subject to internal audit and evaluation functions, as well as to external review by the Office of the Auditor General.

  (0910)  

[Translation]

    Ladies and gentlemen, the application of national security exceptions is one way of adapting government-wide standards to accommodate the realities of CSIS' work. These exceptions allow us to be more responsive and agile in acquiring what we need to better investigate threats to the security of Canada. Keeping Canadians safe is our foremost concern and responsibility.
    And with that, Mr. Chair, I will conclude my remarks and welcome any questions committee members may have.

[English]

     I would just like to add that this is my first time appearing in front of a committee in Canada, and it's truly an honour to be here with you today.
    Thank you.
    Thank you for being here. You did very well.
    Colleagues, looking at the time, I think we have enough time for one complete round of questions, plus a second seven-minute round. That should take us approximately to the bottom of the hour, about 10:30, and it will leave us 10 to 15 minutes for committee business.
    With that, we'll start our seven-minute round of questioning.
     Madame Ratansi, you're up.
    Thank you, all, for being here and briefing us on the processes you use, because the security of Canada is of paramount importance.
    Despite invoking the NSE where it concerns sensitive purchasing, have your security services ever been compromised? If you can't answer, say, “No, we can't answer”.
    Mr. Chair, there have been a few publicized episodes within the federal government over the last number of years where, from an IT perspective, our systems have been compromised. Most recently, I could mention the National Research Council. There have been some examples, yes.
    Did you find out why they were compromised, despite your invoking the NSE?
    Mr. Chair, getting into root cause analysis from a cybersecurity perspective is a little far afield from a procurement perspective, but I can comment on the general nature of the question.
    The work of SSC, in terms of transforming the government's infrastructure, is a work in progress. We are slowly evolving different facets, whether from a network or a data centre perspective. As this committee is aware, through previous testimony, we are also maintaining legacy infrastructure and legacy systems. We are doing our utmost to secure the perimeter as we go.
    Ms. Robertson, has it ever affected your department? Are you comfortable that the NSE protects the purchasing and the security and safety of Canadians when you are doing your procurement?
    Absolutely. I think the national security exception is vital in protecting CSIS infrastructure, as well as its employees, its vendors, and everyone in the supply chain, but I can't sit here today and assure you that there has never been a compromise. I am not aware of a compromise, but it's hostile actors and a heightened threat environment right now, so I wouldn't want to guarantee you that.
     I am very confident that we use the national security exception appropriately, and it's necessary.
    Ms. Campbell, we look at the supply manual and the guiding principles, and then there is the North American Free Trade Agreement and WTO. Do you find it challenging to match requirements and to make people understand when to invoke the NSE?
     I think our discussion here today illustrates why procurement is a complex business. I'll just give you a sense of how we apply it. The total value of procurement awarded by the Government of Canada amounted to about $23 billion annually; over 75% of that was managed by our department. We navigate applying the trade agreements and dealing with requests for invocation of NSEs. As we said earlier, the request for invocation of NSEs, and their invocation, doesn't mean we don't still compete. We still apply Canada's contracting framework.
    About 87% of our business value—the money that was procured—was awarded competitively by us. The vast majority of our work, even with the application of NSEs, is competed. It is a complex job for procurement officers. They're specialized, and we train them rigorously. We bring them through a development program, and it takes five to six years to get them to the stage where they are handling these big procurements and dealing with NSE invocations.

  (0915)  

    How much would 13% translate to, in dollars?
    Again, it's $23 billion annually that the Government of Canada awards in procurement, which is a slice of the $100 billion at all levels of government in Canada. Of that, 75% is managed by PSPC, and the rest is delegated to government departments. As you're aware, the lower-level, higher-volume contracts are delegated to other government departments. We handle 12% of the contracts, but that's 80% of the money.
     We see this when we're reading some of the reports.
    Does the national security exception ever allow you to circumvent competition?
    No, it does not at all.
    Have you ever done it?
    Au contraire, we are very interested in competition. Invoking the NSE doesn't for a moment mean that the government contracting regulations, the default for which is competition, don't apply. In fact, I can give you several recent examples in which we have had an NSE invoked, and there has been competition.
     Fixed-wing search and rescue, as you'll see in the news this morning, was competed. One of the unsuccessful bidders has brought some legal action.
    We competed the Arctic offshore patrol ships and joint support ships contract. A national security exception was invoked. We had four bidders. We have a successful bidder with whom we've concluded negotiations, and we're waiting to award the contract.
    There have been a number of recent examples in which an NSE was in play and we competed successfully.
    Could you explain to me why you had to use the blanket NSE when you were trying to get the relocation of the 25,000 Syrians?
    I should explain how the NSEs work.
     I talked about the statistics regarding specific requests we've received over the past year, but I want to make sure that I'm clear for committee members. There are those requests that we receive from government departments as well as the omnibus ones, which you've heard described, that apply broadly.
    When an NSE is granted, it applies to an entire project. For example, for Canadian surface combatants, which some of you have heard about, a national security exception has been invoked, and it will apply throughout the life of that project.
    There are also blanket NSEs that apply for a certain duration of time. It's not that these exist forever; they are for the needs of a specific project. They simply ensure, as my colleagues were saying, integrity of the process and supply chain throughout, and you also avoid having to go back and ask every time you're issuing a contract.
    Thank you very much.
    Mr. McCauley, go ahead for seven minutes.
    Welcome, everyone.
    I just want to touch upon the non-disclosure agreement signed regarding the jets. Were you involved in that process at all?
    I'm happy to answer the question.
    I think what the member is referring to is a read-in process.
    I'm referring to the lifetime ban on discussing that. There were 145 people in the public service, spread out among DND and other departments, and there is a lifetime ban on discussing the project. It's the NDA.
    I'm happy to describe it, if you'll allow me to answer—
    I'm not looking for a description. I'm sorry, but we're short of time. Were you involved in it?
    Understood, but it's just that it's not a non-disclosure agreement. It's called being read in. It is an agreement that is signed by officials when they're going to be party to highly sensitive official information or secret information.
    For many of our files, the Department of National Defence requires it, even if you have a security clearance, which I do. For specific files, if you're going to be privy to sensitive information, you have to sign an agreement saying that you have been read in, you will abide by the security procedures, and you will respect the classification of information. It's very important. I should say that you are also read out at the end of that.
    To answer your question, yes, I was.
    Are you part of that?
    I answered that. Yes, I was read in.
    Okay.
    Have you been involved with one of these before, in which you've been read in for life?
    Read in for life—no, that's never happened to me, but I have been read in before on various projects—
    But this one is for life.
    No, as I described, sir, you are read out.
    Regarding the Super Hornet purchases—and anyone can correct me if I'm wrong—I think there were 145 public servants spread out through DND and the public service who were told to sign something that prevented them from discussing the project for life. You are now saying that you're read out when you're done with that.
    I'd be happy to describe how this works.
    People are read in and they are privy to confidential information, which they may never disclose. Once they are read out, that means that security classification doesn't apply. In this case, the project has been made public, so there's a great deal of information that is now made public and in the public domain, and it can be shared.

  (0920)  

    Is it correct to say that they've been banned for life from discussing it?
    Not at all. It's akin to—
    So you're not read out then if you're banned for life. When you receive your last rites, I guess you can be read out.
    Not at all. It's akin to solicitor-client privilege. I'm a lawyer by training, and some of the things that clients have told me over the years, I may never disclose. It's similar to that.
     Have you seen this before in other procurement deals where people have been muzzled for life from discussing it?
    I have seen read-in processes where people are privy to confidential information that they may never disclose for reasons of the integrity—
    For the rest of their life?
     People never disclose by reason of the sensitive nature, yes. That's quite common.
    It is very common. Alan Williams, who I think used to do your job, or a very similar—
    Not my job, but the job at National Defence.
    —or similar, just let me finish, said it's very odd, and he's not familiar with anything like this, but you say it's very common. Can you give us examples of other projects you've done when public servants have been banned, muzzled for life to discuss...? What we're getting at, this is all about the whistle-blower and whistle-blower protection. If they're banned for life, are they still covered by whistle-blower protection? If they are, and we've been told they are, has it been communicated to these people who have been muzzled for life that they can come forward with any wrongdoing that they're finding on a procurement project?
    The Public Servants Disclosure Protection Act is a different matter than being read in for security reasons on a national security file. Mr. Williams, whom you described, was the assistant deputy minister, I believe, many years ago at National Defence. It's not a procurement function. PSPC is the sole purchaser of defence materiel.
    But this ban goes beyond just PSPC. It goes to DND people as well.
     For the sake of argument, I work for Public Works, I signed this ban for life on discussing that. We'd been told earlier that they're still protected by the whistle-blower act. Is that correct?
    They are different matters. One is a statute to protect public servants—
    You're not answering my question...please.
    I am, sir.
    For the sake of argument, I'm one of the people covered by the non-disclosure agreement, banned for life from discussing the Super Hornet. I see some wrongdoing. We've been told they can go to the whistle-blower and be protected under the whistle-blower act. Is that your understanding?
    They are different matters. Being read in and being privy to national security restricted information for the officials' purposes of doing their job is a necessary part of our function—
    I understand that.
    —and it's time-limited and it's different from the Public Servants—
    If you're banned for life, it's really not time-limited. It's until you die. That's a rather lengthy period. Again, I have a simple question. You've signed this NDA for the Super Hornets, correct?
    The read-in process, yes, I signed a document. It's not an NDA.
    Okay. You've signed that, and you're banned for life from discussing it. You see some wrongdoing. Do you believe that you're covered by the whistle-blower protection act to bring that out?
    I have signed a read-in process document, which says that certain national security information, which I had to be privy to, to do my job, I may not disclose, and that relates to the interim fighter procurement process.
    If you see some wrongdoing with the project, do you believe that you're covered by the whistle-blower protection act? This is a big concern of ours, that these public servants and their rights are protected under the whistle-blower act. From what you're saying It doesn't sound as if they are. If you see—
    The public service—

  (0925)  

    If one of your people covered by this sees wrongdoing, do you believe they're aware they can come forward and report that wrongdoing under the whistle-blower protection act?
    The Public Servants Disclosure Protection Act applies to all public servants, regardless of the circumstances, and it does protect them, yes.
    That was a long way to get around to “yes”.
    Mr. McCauley, you've got about 15 seconds.
    That's great.
    This NDA or the read-in, where did the direction come from: the PMO, the minister's office, or your own direction? Was that standard procedure?
    The Department of National Defence, like other government organizations that deal with national security interests, will decide with highly sensitive information, who requires access, for what purposes, what their security classification is, and whether read-in—
    So does DND decide—
    I'm afraid you're out of time, Mr. McCauley.
    Could you just let me finish?
    —procedures are required.
    For DND.
    Thank you.
    Mr. Weir, you have seven minutes.
    Thank you, Mr. Chair.
    I think it's fair to say that the concern many of us had about national security exceptions was that they could prevent an open and competitive process, so I appreciate that in your presentations you've made the point that even where the national security exception is invoked, there still can be a competitive process.
    To explore that a little more, I'd like to raise one of the specific procurements that motivated me to suggest that our committee study this matter. There was a supercomputer for Environment Canada to make weather forecasts. I think it cost about a billion dollars. It was procured through Shared Services. I think there probably was some kind of competitive process because part of the way we know about it is that one of the companies that might have been interested in supplying the computer wasn't successful. I wonder, Mr. Breton, if you can talk to us a little about that specific case, given that it was such a major procurement where the national security exemption was used.
     I'd very much like to do that. I'll just caution the committee that this is a file now before the courts, so I'll disclose and discuss as much as I can.
    The honourable member is correct that the procurement of a supercomputer was part of a competitive process, and it was also part of an SSC process we share with PSPC, part of our collaborative process. We issued an invitation to qualify in 2013, and we pre-qualified four vendors we then worked with over the course of the next 18 months to refine our requirements and develop an RFP. It was a very collaborative, very open, very public process that resulted in three bids and a contract award to IBM in May 2016.
    It might have been a competitive process, but it doesn't strike me that it was a terribly open or transparent process. The government didn't even really announce that it was purchasing the computer. It was the media that uncovered that this purchase had happened.
    The purchase was disclosed through regular government processes, through our quarterly proactive disclosure. The procurement itself was initially posted on GETS, I believe. It's now on Buyandsell. So it was a public procurement. As to media announcements, that is something that isn't within my purview.
    So you have no sense of why the government wouldn't have wanted to tout this major investment it was making?
    No, I would leave that to members of the committee and their colleagues to discuss, the pros and cons of communications.
    Fair enough. Could you speak to why the national security exemption was invoked for that specific purchase?
     I should say that there's a history on this file. The previous procurement for a supercomputer—the computer we were replacing—was also subject to an NSE. This specific computer is a massive system. It not only provides detailed information with regard to the weather but also supports a number of other departments in executing their missions, including National Defence, Health Canada, and the monitoring of emissions—potentially nuclear emissions. It's deeply integrated with other elements like our transportation system, so it is of vital importance to Canada and its national security.
    It strikes me that a lot of things are vital to our national security. The army could come here and say that the gasoline we have is vital to national security, and it is, but no one would accept that the procurement of gasoline should be subject to an NSE. We would all say there should be a totally open and transparent tendering process.
    That's what I want to get into. It seemed, Mr. Breton, in your opening presentation that you made the point that all sorts of email systems and IT infrastructure are important to national security, and they are, but that doesn't mean that all of the hardware and software that forms part of that system needs to be subject to a security exception. Surely even if the overall system has a lot of secret information in it, many of its components could be procured through the normal, open, transparent process, with no exception.

  (0930)  

    These procurements are subject to open and transparent procurement. What the NSE allows us to do, with the supply chain integrity process, which I mentioned previously, is go in and check regular equipment for how it has been sourced, what its component pieces are, and whether it meets the security profile of the federal government.
    To address your larger comment, I think our cybersecurity perimeter is only as strong as every link in the fence, and all it takes is one vulnerability for a hostile actor to gain access to our systems, to our network, to our infrastructure. So it is one where we do need an all-encompassing perspective. SSC is working with our colleagues in Public Safety, and there is a cybersecurity study under way right now to reassess what these threats are and what the government's response needs to be. We are participating in that.
     To open things up a bit more to the rest of the panel, one of the questions in my mind is whether the extensive use of national security exceptions reflects the fact that the procurement provisions of some of Canada's trade agreements might be excessively stringent. I know you're not trade negotiators, but is that the fundamental problem? Are the trade agreements just too stringent to begin with?
    To our witnesses, unfortunately we're out of time. However, I see you taking note of the question. Perhaps you can incorporate the answer to that in one of our other interventions.
    Now we'll go to Mr. Whalen for seven minutes, please.
    Thank you, all, for coming today.
    The reason we're having this briefing on the national security exemption is because another member of the committee had brought forward some concerns that a large number of procurements were occurring. When I read some of the materials, it makes it sound like it's not a lot, but then when I hear some of the numbers that were presented, it sounds like about 13% of $23 billion of procurement falls under the national security exemption. Is that correct?
    I'm happy to address the question.
    No, the point that I was making is 13% is non-competitive, so 87% of the business value of what PSPC awards is competitive. As my colleagues and I have said, the NSE doesn't mean we don't compete; we do, and I've given—
    Sure, but you're saying 13% of the procurement, so $3 billion of procurement is sole-sourced.
    Strategic sourcing or sole-source, as we call it, yes.
    Okay. So just within the confines of the national security exemption, that's what we're talking about. Or is this 13% of all government procurement?
    It's 13% of the business value of what PSPC does. Keep in mind that other government departments do a lot of their own contracting, the low-level contracts. It's about 85% of all of the contracts, but a lot less of the money. We do 12% of the contracting. We do all the complex stuff and it's most of the money. It's 80% of the money.
    If someone in another department, other than defence or public safety, wanted to use a national security exemption, does the process require that they clear it with your department first?
    In many instances, yes, and I've talked about the number that we've received in the last year—18 this fiscal year—but there are also omnibus or blanket NSEs in place that you've heard my colleagues describe that they need for their business purposes. Sometimes, the mandate of a department means that the very nature of its work means that national security has to apply, but, again, I reiterate that competition is still the norm under our laws and regulations.

  (0935)  

    I guess this is a question for Mr. Breton and maybe Mr. Watters as well. Mrs. Robertson, I can see that in your unique circumstances this might not apply.
    I'd always learned in my electrical engineering studies that the stronger and more robust security systems are the ones that are open and vetted and open to scrutiny so that they can be protected. Obviously, when we're talking about things that have very tight timelines, that might not be the case, but open, honest security systems that are designed to protect against people who know the systems are the best ones.
    Mr. Breton, you used the analogy of the weakest link in the fence. If we're only buying all of our links in the fence from sole-source providers in a country with only 0.5% of the population, maybe we're not buying the best links, especially for something like email, which is ubiquitous. Maybe you can talk to us about why you feel that a closed security architecture in your organizations makes any sense when most experts say that it's an open security architecture that provides the best security.
    Mr. Chairman, maybe I'll start by building off the point of my colleague, in that from an SSC perspective, in terms of procurements that were subject to our NSE, 8% of them were sole-sourced, so 92% of them were competitive. Out of that 8%, I can say that the lion's share approaching 100% were for IP reasons, not for national security reasons. Our default is open, fair, transparent, and looking for world class, best in class.
    So it's not limited just to certain suppliers; it's just limited in the information that's available.
    At times, it can be limited to certain suppliers, but that's from a security standpoint as opposed to a technology standpoint.
    In your world, there are many hundreds of suppliers. It's ubiquitous, and all countries have it, so I wonder why you're sole-sourcing the contracts or you're limiting the number of bidders that can bid on these contracts. Could you describe that?
    Yes. In most cases, we wouldn't be limiting the bidders, but we'd be evaluating the technology that the bidders are proposing for a security profile.
     Okay. That makes a lot more sense.
    Mr. Watters, from the police services perspective, every country, every province, and some municipalities have police services. What is so special about the RCMP that they would need to sole-source procurement or use a national security exemption to protect their members through limiting the disclosure of their operational specs? In terms of operational specs, all around the world, any criminal organization that wants to access them would have access. It wouldn't be difficult. You can't hide what gun or walkie-talkie a police services member is using. Someone just has to look at the service member to know what that is.
    Why exactly did you go this route, and why not an open security network?
    It's very rare that the RCMP does invoke the NSE. I was mentioning the amount of procurement we've done. Through our system I tried to get the numbers for what we spent on NSE the last fiscal year, for example, but my system didn't track by NSE. It was a manual effort, so I don't want anybody to rely totally on this number, but in 2015 it was about $1.8 million and I think in 2016 it was $3 million. It was quite low relative to all our procurement.
    I can honestly say that it's really the exception. Before an NSE gets requested, the deputy commissioner, for example, in charge of the IT sector or the federal policing that oversees organized crime and national security must provide a business case, a rationale, a justification, as to why in that case it is needed. For example, for the North American leaders' summit, there were some issues about buying some fences.
    This is about making sure our vulnerabilities are not disclosed, are not out there, so that other people, citizens as well as our officers, remain well protected. With body armour, for example, sometimes we don't want everybody to know what it's made out of, what the components are, in order to not give the other people an advantage.
    Mr. Watters, is it really—
    Mr. Whalen, you're down to about five seconds.
    Okay.
    Maybe you could respond with some information just to justify the fact that this information is actually secret after you make your procurement and that this is a true justification. It would seem to me that the type of equipment police officers use would be immediately known as soon as the police officers have the material, so I don't see how that would be a justification in your particular instance.

  (0940)  

    You may want to respond in writing, Mr. Watters, if you care to give a little more elaboration on that.
    We'll go now to a five-minute round, starting with Mr. McCauley.
    Thank you.
    I have two quick questions for you, Ms. Campbell, on the NDA, which you referred to, and the special security accountability form. This was what was signed for the 145 people regarding the Super Hornet.
    Do you know if we have made information available to those people who have signed the special security accountability form? Have we made it very clear to them that they are covered by the whistle-blower act, and that, yes, they've signed this form, but they are still protected and can still come forward?
    There are a number of acts and regulations that apply to us as public servants—
    I know. I'm asking about whether we have made any special.... Have we gone out of our way to make these public servants aware that they are still protected? Yes or no.
    I'm not aware of any special effort.
    Perfect.
    Just very quickly, you mentioned that there was legal action in regard to one of the contracts involved in a procurement made under the NSE—
    That would be fixed-wing search and rescue.
    Yes. Is that a common thing or a one-off, or is it a sore loser using the NSE as an excuse to sue us?
    That's an excellent question—
    I'm sorry, I'm taking up Mr. Gourde's time, so please be brief.
    Of the total procurements that we do, we get legal challenges in about 1% of cases.
    So it's very rare.
    Some of those go to the Canadian International Trade Tribunal, which was set up with regard to our trade agreements. It has a limited jurisdiction, however. When NSEs are invoked, companies still have recourse, but it's to the Federal Courts. In this instance, with fixed-wing search and rescue, it's to the Federal Courts. I won't comment on what they're seeking, given that it's before the courts—
    But it's rare, though, right?
    It is, if you look at the total volume.
    That's all I wanted to know. Thanks very much.
    Thanks, Mr. Gourde.

[Translation]

    Thank you, Mr. Chair.
    Ms. Campbell, could the national security exception cover up financial abuses?
    Could you repeat your question, please?
    Could the national security exception we are talking about right now cover up financial abuses that would not come to Canadians' attention at all?
    Thank you for the question.
    In my view, the answer is no. As my colleagues have explained, the national security exception ensures the integrity of the supply chain and protects Canada's national interests. Furthermore, competition is very important to us. I think I should first explain one thing about it.
    Before we acquire most of our procurements, we consult with Industry Canada to find out who the suppliers are, which ones can supply us and what their finances are. Our goal is to find out whether there is a wide range of suppliers who could help us meet our needs.
    Afterwards, we try to find the best way for the procurement to occur. What is our procurement strategy? As I mentioned, in 97% of cases, the competition plays a role, despite the national security exception.
    I understand that the national security exception protects Canadians, but could it also protect some suppliers, meaning that there would be no way to check how competitive they are compared to others?
    Thank you for the question.
    For some time now, in addition to looking at the financial records of companies, we have been looking into all their connections around the world. The integrity of the chain of suppliers and companies is very important for us, regardless of whether there is a national security exception or not. We want to make sure that Canada is protected from financial risks, jurisdiction- and capacity-related risks as well as technical risks. Our contracts with the companies ultimately protect us from those risks.
    In your presentation, you said that, in 2015, you invoked the exception for the refugees.
    That's right.
    I saw in Quebec City and even in Gatineau, across from my apartment, a village of mobile homes that were built to receive the refugees. It took two weeks of work around the clock to finish everything. However, no one ever stayed in those homes. After three days, everything was gone.
    Is there a way to find out the cost of that project or whether it involved a national security exception?
    It is impossible to find out the cost of the operation. A private contractor certainly did not set up a village of mobile homes for fun.
    Your request is different from the application of the national security exception. All the procedures to access government information apply. This means that, if there were secret information and confidential reasons, they would be kept secret. However, the information that can be made public will be, as much as possible.
    How much money is involved in this national security exception? Is it hundreds of millions of dollars, a few billion dollars or tens of billions of dollars? If we consider the entire program, what amount of money are we talking about?
    I don't have that data with me, but I would be happy to send it to you in writing.
    We would like to have that.
    Thank you.
    Thank you.

[English]

     Thank you very much.
    Mr. Peterson, you have five minutes.

[Translation]

    Thank you, Mr. Chair.
    Good morning, everyone. I have a few questions.
    My first question is for Mr. Breton.

  (0945)  

[English]

    I want to talk a bit about process, and I hope I have time to ask all of you this question. First of all, I think there's some confusion in our committee in terms of distinguishing between the NSEs and the sole-sourcing or non-competitive process. They're obviously not the same thing. There's some overlap, I suspect.
    We were talking about invoking an NSE, and I want to get at the crux of it. How does that process work in your department? Who is making the decision? What test is applied to that request for an NSE? Obviously, “national security exception” is not readily defined in any legislation. What test does your department put on it before determining whether or not to invoke it?
    In my opening remarks, Mr. Chair, I mentioned the process we went through for our initial invocations. At that time, our procurement functions still resided with PSPC, so that went back and forth between SSC, in its newborn state, and PSPC.
     Currently, that decision rests with the senior assistant deputy minister of corporate services, who is also our CFO. That decision is taken in consultation with business-line ADMs, including our ADM responsible for cybersecurity and IT security. It includes our legal services, and it also includes our national security colleagues from the Communications Security Establishment.
    I should say that right now we are in the process of reviewing and renewing our national security exemptions.
    Thank you.
    Ms. Campbell, can you elaborate on the process? You have a lot of clients, obviously, who come to you and at times ask for the exception. What test do you put on before deciding?
     I've been in the job for two years. My predecessor signed some of the omnibus NSEs that are in place now. I've described to you the ones that I have signed since I have been there, such as the Syrian refugee one, as well as about 20 requests per year from individual departments for projects. As I said, they cover large projects, such as fixed-wing search and rescue, interim fighter procurement, and Canadian surface combatants, where there is a whole series of procurements that flow under that.
    As for the process that we apply, again, I've talked about robust industry engagement, so we look at what companies are out there to furnish the service. The client departments go through a rigorous process to determine whether a national security exception should apply. That's challenged at several levels in my department. If it withstands those challenges—and those include our legal services, looking at Treasury Board guidelines—eventually I will get a letter of request from my counterpart at the client department, whether it's the RCMP, National Defence, or other departments that have these needs. They will write to me. I will go through the entire thing, look at the reasons, look at the rationale, and look at the type of procurement. If I am in agreement, I will invoke the national security exception, and I write them a letter back. It's all documented and processed and on the file.
     Okay. Thank you.
    Go ahead, Mr. Watters.
    I represent Newmarket—Aurora. We have an RCMP detachment in Newmarket, so I was happy I could be here.
    That's good to know.
    An hon. member: He had to slip it in there.
    Essentially our process within the RCMP mirrors the one at PSPC. As I was mentioning earlier, the deputy commissioner who is in charge of the program has to provide the rationale, the justification and reports to the director general of procurement, who is responsible to provide a challenge function.
    Is this consistent with the others that we've had? I could honestly say we haven't had many, but is this consistent to make sure that we're not deviating and applying our processes in an inconsistent manner? From there, the DG of procurement will reach out to our colleagues at Public Works—I call you all the time. I'm sorry—
    It's Public Services and Procurement Canada. It rolls off the tongue.
    They will even challenge us, while we're having the discussion ongoing, so we have two sets of subject matter experts challenging the process. This provides me with a lot of confidence that the proper rigorous process is put in place to limit the use of the NSE.
    Thank you.
    Do we have time for Ms. Robertson briefly?
    We're out of time, Mr. Peterson, but we will have another round of questioning.
    Mr. McCauley.
     Ms. Robertson, you mentioned that a lot of your procurements are covered. What percentage generally—not photocopy paper, but CSIS-specific procurement— do you cover under NSE? Is it a large amount?

  (0950)  

    Actually, we invoke the national security exception for 100% of our procurement and for very good reasons. We're very concerned about the security of Canadians, which includes our employees working domestically across the country and in many of your ridings, but also those who are posted abroad. Therefore, due to the heightened threat environment right now, we invoke NSE on every transaction.
    Our budget is large. I'm responsible for finance, so I take the stewardship function very seriously. I don't take it lightly. Our total budget is half a billion dollars. We have 3,200 employees, so the majority of our expenditures go toward salaries, which is not in procurement but still, we take the procurement budget we have seriously. I have a very capable procurement team that ensures our procurement process follows the government contracting regulations.
    Really, when you're taking out your salary levels, it's a very small amount though, in the grand scheme of things.
    It's not very small. It's still over $100 million, but it's a very small amount of the government's total procurement budget, yes. I acknowledge that, but we take it very seriously and my procurement officers realize they are spending taxpayers' money, so we compete everything to the extent possible. I'd just like to make one other comment because it's come up a few times. When I talk about the supply chain, or when my colleagues do, we vet every single supplier for criminality, bankruptcy—that connects to the honourable member's question—as well as links to hostile actors, so it's a very thorough process.
    That's great. Thanks.
    Go ahead, Monsieur Gourde.

[Translation]

    I have a question for all the witnesses.
    Who has the power to invoke the national security exception? Is it the deputy ministers, assistant deputy ministers or anyone in the government who needs that program?
    Thank you for the question, Mr. Gourde.
    Usually, in the departments, as you have seen, the assistant deputy ministers have that responsibility. We follow the Treasury Board guidelines, which indicate that the most senior person in charge of procurement has that responsibility.
    In the case of Public Services and Procurement Canada, it is my colleague Arianne Reza and I. I specialize in defence and marine procurement, and she handles the rest of the procurement. Basically, it's the people at the top in the departments.
    If there was a trial on one of the procedures, could you invoke the exception to avoid participating?
    I think that national security exceptions really have to do with the procurement process. However, we can talk to you about the process and about application, as I am doing today.
    As I was saying earlier, the idea is really to protect the supply chain integrity so as to help Canada protect its national interests. That does not mean we cannot publicly discuss the process and the work we are doing.
    For example, let's say that, in a $100-million program, only a significant portion of $2 million—or 2% of the budget—should benefit from the national security exception. Would the exception be applied to the entire program or only to that portion?
    The application is very targeted. As you heard, certain procurements are quite targeted. We are really trying to use them only when there is a real need.
    So, for example, if the Department of National Defence needed non-military equipment, the national security exception would not apply. There are no national security issues when the department needs paper or office supplies. In such a case, the measure would not apply.
    On the other hand, for other procurements—such as our warships—the national security exception applies throughout the process because we are talking about warships.
    Can the measure be abused? Can the national security exception be used to conceal certain budgets?
    My colleagues and I feel that we protect ourselves against such abuse through stringent procedures that constitute a challenge at every step. By the time all the steps of the process get to our level, we have made sure that the national security exception has not been applied excessively and that it really exists for the purposes of this process. We comply with our trade agreements.
    Moreover, as I have already said, competition is very important to us. We ensure that the process is competitive even when the national security exception is invoked.

[English]

     Thank you very much.
    Mr. Drouin.
     Ms. Robertson, you're off the hook, so it was easy with me.
    I understand why CSIS and RCMP would invoke NSE. You are security organizations, so I completely understand.
    Ms. Campbell and Mr. Breton, help me understand. When sole-sourcing a contract, there are a few conditions. If they are under $25,000, you can do that. If nobody else in the business can claim that they're doing that, you can issue an advance contract award. Then, if it's deemed in the national interest, you can invoke the national security exemption, which allows you to sole-source, but it doesn't mean that you have to sole-source.

  (0955)  

    National security exceptions have nothing to do with competing or non-competing out. If there's anything we can achieve today, I really want to leave the committee with that. It's an important message that we all want to convey.
    I'm looking now at the government contracting regulations. Our default is competition in Canada. We will always compete. There are certain exceptions, which are the needs of pressing emergency in which delay would be injurious to the public interest. This is a very high test. There's jurisprudence on this that cannot be abused.
    Next is that the expenditure doesn't exceed $25,000, or $100,000 where it's for architectural engineering. There are certain different financial limits if it's Privy Council and the rest of it. The nature of the work is such that it wouldn't be in the public interest to solicit bids, so there are some where there's a lot of national security interest in play, and it has to be justified, or where there's only one person capable of performing a contract. You mentioned an advanced contract award notification, ACAN. We issue those often just to make sure there is no other person who can do it.
    As I said, directed sourcing or sole-sourcing is rare for us. Our default is competition also when a national security exception is applied, so they are two distinct things. National security exceptions are applied, and we go ahead and compete, and I've given you many recent instances.
    What happens in the organization when you've decided to invoke an NSE or move towards that? What happens with procurement officers? What goes on in the department versus perhaps a procurement that wouldn't invoke an NSE?
    For NSEs, again, we do industry engagement, and a client department may start to form the opinion that, because of the nature of the procurement, because of what they're buying, because of concerns about national security, they may want to invoke a national security exception.
    Our lawyers are involved. We have a group dedicated to reviewing these requests, to looking at precedents, and to making sure that this is in line with government policy. They look at the Treasury Board guidelines and they will challenge it all along the way. If they are satisfied that the request is valid, it will go all the way to the assistant deputy minister or equivalent in that organization who will then write to me and make the request, setting out all of the reasons for it and seeking my permission to invoke.
    I will also then do my own challenge function and, if satisfied, I will invoke the NSE.
    To answer your question about a request to sole-source, that is also challenged very vigorously. If a government department wishes to sole-source, they have to provide a rationale to us that is challenged very vigorously. In many instances, we will go back to industry and say that there are other business solutions out there, and this should be competed.
    On the supplier side, what happens when you invoke NSE versus when you don't invoke it?
    We will tell suppliers during industry engagement. This is a common feature for us now, because we do industry engagement often for years in advance. They're aware of it. They're used to it. They're increasingly used to having to prove the integrity of their supply chains and really make sure that the vendors who are coming to us meet Canada's national security standards and also help us meet our international obligations through NATO and other security agreements.
     I know Shared Services had supply chain integrity as well on contracts that I don't think had NSE. It's a good thing to prove that, yes, your product or your software is being produced or created in a place where we don't have security issues. I'm just trying to understand. What is the difference, and what is the impact on suppliers when NSE is invoked? What extra steps do they have to do?
    Give a very brief answer, if possible.
    Five minutes is not a lot.
    If I may, Mr. Chair, invoking the NSE allows the Government of Canada to ask certain questions and require certain information that the trade agreements otherwise wouldn't allow, but as my colleague mentioned, it doesn't impact our sourcing strategy or our ability to sole-source. Those decisions are separate. From an officer perspective and an industry perspective, the sourcing strategy and the way the procurement rolls out are nearly identical, with the exception of some of those requirements during the procurement with regard to supply chain integrity.

  (1000)  

    Thank you very much.
    Mr. Weir, you have three minutes, please.
    I'd like to give the panel a chance to answer the question about whether the underlying issue here is that trade agreements are too stringent in their procurement provisions.
    I'm happy to answer the question, thank you.
    We look at the Canada-Europe trade agreement that is in place. It's actually common for countries to ask for this kind of exception. It's what all the signatories agreed to. Regarding our national security exceptions, our counterparts in the trade agreements also have similar provisions for their purposes as well. In our view, it strikes the right balance between promoting global competition and trade, and allowing countries, for valid national security purposes, to pull out of the trade agreements for restricted purposes when they need to.
    I'm glad you brought up the Canada-Europe agreement, because for the first time it extends these procurement disciplines to provinces and municipalities. Would they have any opportunity to invoke the national security exception?
    I'm here on behalf of the federal government and won't be able to speak to provinces and municipalities. But I can tell you that for CETA it's article 19.3 that has a security and general exception clause:
Nothing in this Chapter shall be construed to prevent a Party from taking any action or from not disclosing any information that it considers necessary for the protection of its essential security interests....
    It's similar to the other trade agreements.
    I raise the issue because it seems that the federal government uses national security exceptions as a bit of safety valve from some of these trade agreement requirements, whereas I think it would be very difficult for a province or a municipality to ever invoke this exception.
    We often deal with provinces and municipalities because of the links between our work, and they, like us, favour competition. I'd reiterate that the invocation of the NSEs doesn't mean we don't compete globally; in fact, we do, which is the principle that the trade agreements are all about.
    You've made the point that, even when the national security exception has been invoked, there can be competition. I wonder if you could speak to the possibility of sole-sourcing without invoking the national security exception.
    They are again distinct, so the request for sole-source may arise in those circumstances that I've described. We look very carefully at the government contracting regulations, and again, because our default is competition, if there's any other supplier out there that can offer the business solution.... We also look very carefully at client departments' requirements to make sure they're not overly tailored to one supplier. So there is a really robust challenge function in Public Services and Procurement Canada, again to default to competition, because in our view that maximizes choice and innovation, as well as providing best value for government.
    Thank you very much.
    We'll go into our final seven-minute round.

[Translation]

    Mr. Ayoub, go ahead for seven minutes.
    Thank you, Mr. Chair.
    I want to thank the witnesses for providing us with as much information as possible on these issues. Information dissemination may not always be easy.
    I would like to know whether a list of authorized suppliers is publicly available. Is there a public list of the contracts that have been put in place and of the expenses incurred by each of your sectors? Has such a list been disclosed, or did the department just disclose budget and expenditure totals?
    Thank you for your question.
    I would invite all the committee members to visit our website, which contains a lot of information that could answer your questions. All of our standing offers, as well as lists of suppliers, are published in the “buying and selling” section of our website.
    We have created lists of pre-approved suppliers across government. As part of procurement modernization, we are currently updating those lists to make it easier for suppliers to sell in Canada and for Canada to buy.
    There is already a lot of public information on our website. It would be our pleasure to send you specific links where you could find answers to your questions, should you be interested.
    I will also let the other witnesses answer.
    Let's start with you, Ms. Robertson.

[English]

     The CSIS information isn't available anywhere online, because we don't publicly share any information about our business. However, that information is very much maintained internally and is available to many oversight bodies. That could be the Treasury Board Secretariat, the Security Intelligence Review Committee, or the Office of the Auditor General. Anybody with appropriate clearance has access to that information. We follow all of the disclosure rules; we just keep the information in-house.
    With respect to vendors, we absolutely maintain a list of vendors, because, similar to my colleagues, we compete absolutely everything that we can. We're always looking for vendors. We also liaise with one another. We make sure that if we clear a vendor, SSC is aware of it, and we're also aware of their vendor list. I think, from a procurement perspective, we're actually working from the same lists.

  (1005)  

[Translation]

    Do you know what percentage of purchases made in Canada involve Canadian suppliers and what percentage of those purchases involve foreign suppliers? Is that information available?
    Ms. Campbell can probably answer this question.
    My question also concerns security clearances for urgent purchases, which comply with administrative rules, but do not comply with routine procurement rules. I am dividing the purchases into two categories, and my question concerns both of them.
    Do you have that information?
    Thank you very much for the question.
    I can tell you that small and medium-sized businesses in Canada have been awarded contracts totalling $5.5 billion a year. That accounts for 35% of the total value of procurements awarded by our department. Over the same period, procurements under $1 million have accounted for nearly 80%. So to answer your question, I would say that the percentage is significant. Averaged out, it's about 40%.
    Our department does a lot of outreach to small and medium-sized businesses. Annually, we have about 4,000 contracts with them. We want to make sure that they have access to procurement, that it is easy for them to do business with the federal government and that global competition benefits them. That is very important to us.
    Do you have that information concerning the portion outside Canada?
    Do you mean exports?
    I am talking about purchases made outside Canada involving external suppliers, either because of competitive requirements, or because those kinds of purchases cannot be made in Canada.
    Thank you for the question.
    We are looking at that a little more closely. I will talk to you a bit about the policy on industrial benefits.
    In Canada, we are trying to attract companies from around the world and thereby provide industrial benefits when those companies do business in Canada. Our policy has been in effect for a number of years. Since December 2015, $24 billion has been invested in Canada. A $9-billion investment is underway, and we anticipate another investment of $5 billion. Those are contracts that have been awarded and that require companies to invest in Canada—in other words, they require businesses to provide work for Canadian suppliers, invest in our universities and invest in research and development.
    Should the information become available, let us know. I would really like to have it.
    I would be happy to do it.
    The idea behind my question has to do with competitiveness. The public, including us, does not really have all the information, but it must trust in the process and in your recommendations. Given that lack of information, how can we ensure that there is competitiveness? Not everyone is the auditor general or has the required security clearance to access that information. What mechanism can be used to restore the confidence of Canadians and the rest of MPs by enabling them to evaluate the data and to ensure that, regardless of your security level, there is full compliance?
    As in the RCMP's case, every department has an internal audit committee that develops a risk-based plan annually. By year's end, those committees are capable of reviewing practically all the activities in a department. Although the audits themselves are not conducted in all the branches, people know that auditors can come at any time, including those from the Office of the Auditor General of Canada.
    Is that information available?
    What information are you talking about?
    I am talking about the auditor general's report, requests for changes or improvements and loopholes you see in any procurement contract. There is a process for when the government or a department makes a purchase. Over time, recommendations are made to improve things.

  (1010)  

    All auditors' reports are published on our agency's website. In addition, all reports of the Auditor General of Canada are published and are accessible to the public, after being presented to the appointed committee. I also want to point out that we have developed internal control mechanisms to ensure that the process is transparent.

[English]

     Thank you very much.

[Translation]

    Mr. Gourde, you have seven minutes
    Thank you, Mr. Chair.
    I will probably share my time.
    Ms. Campbell, considering what kind of a world we currently live in, Canadians want to feel safe. Has the number of cases where the national security exception is used increased over the past five or 10 years?
    Thank you very much for the question.
    Your invitation gave us an opportunity to look at the statistics, and they have been fairly stable. I have given you a few recent examples where the national security exception was used, including in the cases of Syrian refugees and Afghanistan. Those cases aside, the number of requests we have been receiving from other departments has been fairly stable over the past five years.
    You receive requests from other ministers. Do you also receive requests from the Privy Council Office or recommendations on some sensitive issues that require the use of the national security exception?
    The two examples I have mentioned—Afghanistan and Syrian refugees—are the only cases. The other cases consist of letters that I receive from my counterparts from other departments who wish to invoke the exception for a specific purpose.
    Is the Privy Council one of those departments?
    I have not received any request from the Privy Council Office.
    Thank you.
    Let's come back to the purchase of aircraft. We know that a national security process is in place. However, Canadians would like to know what the price of the aircraft is, be it $300 million, $350 million, or $400 million per unit, and be it accompanied or not by a service contract for the next 25 years. Is there any danger in the public knowing the aircraft's price?
    To clarify, are you talking about the interim purchase of fighter jets?
    Yes.
    As you know, the government made its decision public and announced that it was beginning discussions with the American government. Our Washington office specializes in military procurement. We are in discussions with the U.S. government and Boeing to determine whether they can supply, within a reasonable time frame for the government and at an affordable cost, a few aircraft on a provisional basis until we issue a call for tenders to replace the permanent fleet. The tendering process to replace the permanent fleet is already under way, and a dedicated team is working on it. We hope to soon give you some news on that.
    So the aircraft have hot yet been bought. I am talking about the first batch of fighter jets. I believe it consists of 18 aircraft.
    You are still talking about the interim purchase.
    Exactly.
    We are beginning discussions with the U.S. government and Boeing.
    However, the purchase has not been made.
    Not at all.
    We heard something different. We heard that the purchase has already been made.
    I will share the rest of my time with my colleague.

[English]

    Thanks.
    I just want to get back, Ms. Campbell, to why we're here: the PSDPA, the whistle-blowers.
    If people within your department were to report wrongdoing, what would the chain be? Would it be to you? Would it be outside of your department? Where would they go?
    As I mentioned, the Public Servants Disclosure Protection Act is an important statute for the federal public service. We encourage transparency, we—
     I know. Where would they go, please?
    I don't need a lecture on it. Where would they go if they had a problem, if they saw wrongdoing?
    May I answer?
    Employees are encouraged to report wrongdoing when they see it. We actually have a branch that specializes in this work. It's the departmental oversight branch within my organization. They are also responsible for the controlled goods program for the integrity regime.
    Does that branch report to you or to someone else?
    It reports to the deputy minister.
    Okay.
    Do you think it would be wise for us to do a follow-up with the people covered by the special security accountability form that they signed, just to reinforce that they are still protected under the whistle-blower act even though they've signed this rather ominous form?
    If I was approached and told, “Sign this form. You can't discuss anything for life”, I hope that I would also be informed. “By the way, you're still protected if you see wrongdoing.” You've mentioned that we haven't told these people. Should we be reinforcing it?

  (1015)  

    Public servants are aware of all the laws that apply to them and that protect them. I have no opinion on the question.
    Okay.
    We've heard consistently that there's a culture of fear, a culture of intimidation—
    I'm sorry, Mr. McCauley.
    I have a point of order. My understanding was that today's exercise was not part of the whistle-blower act study, but in fact a different study, just a briefing on the national security exemption. I don't know where Mr. McCauley is getting his information that this is part of that study. My belief is it's not.
    It's true, but he's connecting the NSEs with what he wants to know on the whistle-blower protection act study. It's not irrelevant.
    And pleasantly, they're aligned, but he actually expressly said this is part of that study, and I don't believe it is.
    I'll withdraw those couple of words.
    I just wanted to make sure we were all clear. Sorry.
    I was just confused; I thought maybe it was.
    Mr. McCauley
    I've completely lost my train of thought. Thank you, Mr. Peterson.
    Voices: Oh, oh!
    Mr. Kelly McCauley: We've heard repeatedly from different departments a culture of fear with the PSDPA. I'm curious if that fear is being grown by anything involved with what we're discussing today with the various security...the NSEs and that.
    Workplace wellness and an environment where employees can challenge and can speak their mind is hugely important to me and to our deputy minister, Marie Lemay. We take it very seriously and we encourage that throughout the procurement workforce. It's even more important now that we're modernizing procurement. I need people's innovations, I need their good ideas, and I want them to be able to tell me at all times, “This is what I think is happening on this file. This is the best way to go forward.”
    We really do encourage an environment of transparency, open communication, and a challenge function.
    Mr. Watters, I know Mr. Whalen was asking about some of the purchases that you made specifically for the leadership conference. It makes sense. The leadership conference is now a year old. Is there any information on the purchases you made? Does it ever get released later, or is it just considered abandoned until the end of time or until the next purchase is made?
    I understand the purpose of not disclosing it for that specific conference, but, say we bought x amount of stuff. As Mr. Gourde was talking about with the Syrians, we bought some housing that was never used. It was just left there. Do you ever disclose afterwards, or do you try to keep it, I don't want to say covered up but...?
    It's not covered up. Essentially, it depends on the type of information there is. If it's classified information, obviously there are restrictions to it. If it's not classified, because sometimes something can be classified for a while after it stops being classified, so then it's opened, it's recorded in our system.
    The problem is that we track those things separately in the system. Sometimes when there is information that's requested, we have to always look at it from an ATIP...to see if it's in the public interest to release it under the access to information laws.
    Thank you.
    Mr. Weir, you have seven minutes, please.
    Do your organizations have a definition of national security that you use in deciding whether to invoke the exception?
    In the CSIS case, we invoke NSE on every transaction, so there's no discretion applied.
    As I mentioned earlier, there are conditions under which we will apply it, for example, if it puts at risk our members or puts the public at risk. Some of these situations are what we ensure for consistency. I think what you're looking at is how it's applied in a consistent manner. We have every request that comes from a deputy commissioner level down to our procurement specialist. They are there to ensure that we're applying it in a consistent manner irrespective of the products we acquire.
    Mr. Chair, our invocation was an omnibus invocation, but we're in constant dialogue with our security partners to do that threat assessment and ensure where we have an eye on the vulnerabilities and what we need to do.
    Mr. Chair, if I may, national security today is multi-dimensional in nature. It incorporates a range of traditional and non-traditional perspectives. It's about more than military, territorial integrity and traditional concepts of national sovereignty. It's also about threats to economic security, environmental security, and human security as societies and democratic institutions become targets of threats. We need to be protected and defended. For example, governments also have to consider how to best prepare for biological weapons and their use against not just military targets. Should terrorism take the form of a health pandemic, for example, other countries would face the same situation as us, thus the need to be prepared and have ready access to medication if we need it.

  (1020)  

     Ms. Campbell, you've mentioned a couple of times the use of the exception for Syrian refugees. Is it fair to say that something like jackets for refugees isn't really about security, that it was more using the exception because the procurement had to be done quickly?
    Really, the focus for national security purposes is economic security, environmental security, human security, sovereignty, national defence and military threat, as well as the protection of intelligence. We look at all of those factors in considering whether to grant a national security exception.
    Okay, but I mean the reason this exception was used in buying something like winter coats for refugees was mostly that it needed to be done on a rapid schedule.
    Again, schedule alone would not be enough to justify a national security exception. We look at all of the factors I described in deciding whether or not to grant a national security exception.
    Based on the definition or framework of national security that you've laid out, do you believe it would be possible for provincial and municipal governments to invoke this exception?
    Again, I can't speak for my counterparts in provinces and territories. I can only speak to the federal experience. If you are interested in information about that, I'm sure they'd be happy to come and answer your questions.
    Okay, but I think they probably don't have much experience with it, because they haven't been subject to trade agreements that cover procurement until now.
    We are working very closely with the provinces, territories, and municipalities, as CETA comes into force, to make sure they are equipped and ready, and ready to do business as well.
    Right, so your department would have the expertise on the national security exception. Are you sharing that with the provinces and municipalities? Are you explaining to them how they might be able to invoke it?
    We are talking to the provinces and territories about a number of things, including procurement modernization, and all of our processes. So yes, we are very transparent with them about how we do our business and ways that they could either emulate or use our practices just to make sure that it is a standard way of doing business in Canada.
    Okay. You described the process whereby an ADM would need to send a letter to your department requesting the use of the national security exception, so I'm wondering how often Public Services and Procurement Canada turns down those requests.
    At my level, I have not turned down one. However, there are a couple of cases where I have questioned whether it should have been applied. In other words, procurements came forward and in retrospect I've said to client departments that they might have wanted to think about a national security exception in a case where they didn't apply it.
    It is challenged at several levels in my department before it gets to me, so there are many instances where government departments have been told it does not apply in this case for these reasons, or there is no need. There is a robust challenge function throughout, and by the time it gets to me, I do ask several questions and perform a challenge function, but in the two years I have been there, I have not said no to one, and there about 20 a year in total.
    Can colleagues add to this, perhaps?
    Mr. Chair, if I may speak, I recently wrote one of those letters to PSPC and we strongly justified in the case of infrastructure why the national security exception was so important, and we were heavily challenged. I would say the robust function that Ms. Campbell speaks about is very true. We were CSIS. We had been accustomed to.... This was just a refreshing of an authority we already had, because we have a number of infrastructure projects and PSPC is the procurement authority for our infrastructure projects. I can attest that it is a sound process.
    It's good to hear that there's a robust challenge function happening, but can you quantify the number of requests that do actually get rejected? Maybe it's not at your level, but at any level within the department?
    If you don't have that information at this point in time, Ms. Campbell, perhaps you could forward that to the clerk.
    Thank you, Mr. Chair. I would ask if it could be circumscribed in time, because it will require manually going back to government departments and asking when they made requests and when they didn't, unless you wanted a specific time period or sample.

  (1025)  

    Let's say the past year. One of the things that I think motivated this study was the report that Shared Services had invoked the national security exception 1,000 times in the last year, so if it's being used 1,000 times it would be surprising if it was approved every single time. That's why I ask how often it's rejected.
     So the time frame would be one year. Thank you.
    We will go now for our final intervention to Madam Shanahan.
    Go ahead for seven minutes, please.
    Thank you, panel, for being here this morning. One of the virtues of being the last person to ask questions is that I can use the time to clarify my thoughts and learn something along the way. I thank Ms. Campbell for bringing us through the differences between invoking the national security exception and using sole-sourcing.
    My question is this. Once the national security exception has been invoked, is there a way to know whether or not the competitive process has been used?
    As I described, we engage in industry discussions. I'll give you an example of one that we're doing right now. It's a request for information, which we usually put out. When we know a government department has a need, even before they've thought about the procurement strategy, we go to the market. We talk to industry. We'll have open engagement with industry, in both groups and one on one, and we'll find out who out there has a solution. We have one out right now for the Canadian Coast Guard as part of its fleet renewal. We'll talk to up to 50 companies. If the client department is thinking about invoking a national security exception, we'll tell those companies and we'll continue on with the competition, so it doesn't impact the competitive nature of the process. In fact, I offered a couple of examples this morning of many high-level, high-profile military procurements for which the national security exception has been invoked and we have proceeded competitively and awarded contracts in a competitive environment.
    That information, if not immediately, is public in some way.
    It is very public, yes.
    I pulled up the template letter that is used by a department that wants to request a national security exemption. It makes it very clear that it has to do with Canada's trade agreements, current and future, and that the letter is asking for the exception to be made on that basis. It has nothing to do with sole-sourcing as far as I could see.
    I want to turn my attention now to Mr. Breton and follow up on my colleague's questions around the invoking of the national security exception by Shared Services. That's with reference to the cases that were brought to the Canadian International Trade Tribunal, the Dalian Enterprises and the Eclipsys Solutions case. The tribunal did find in Shared Services' favour but it had a big question regarding the integrity and fairness of SSC's procurement process. Is it common, as the tribunal said, to have “too wide an exclusion from the disciplines of the trade agreements for reasons seemingly unrelated to national security”?
    I'd like to have your comments on that and on what your process has been since then to make sure that future procurements are more open, fair, and honest.
    If I may, I'll start with a clarification that we've invoked the NSE on two occasions, not 1,000 occasions. There have been two invocations, and in the last fiscal year there have been 725 contracts subject to that invocation. All of those have been declared publicly on Open Government. We do proactively disclose our contracts. Despite the national security exception being applied, they are open, public, and transparent, and they are, to a 92% degree, competitive. I think we do adhere to the rules of open, transparent, and competitive as we are obligated to through the government contracting rules and regulations, wherever and whenever possible.
    As mentioned previously, the national security exception is a very important tool for SSC in order to ensure supply chain integrity and some of the other aspects that are required to ensure our national security from an IT infrastructure perspective. But those do not impact our sourcing strategy and whether we're competitive or whether we're sole-sourcing.

  (1030)  

    Can you describe to the committee a bit more how you go about sourcing suppliers and the kinds of discussions that you have before awarding a contract?
     Certainly. The process begins with an initial sourcing strategy conversation between our business line, our internal client or even our external clients, the procurement officer, and other elements of our organization that are relevant stakeholders.
    At that point in time, a needs assessment is done, including a landscape analysis of what the market offers, to determine whether there is a competitive marketplace, or whether it is a specific need that only one supplier could satisfy. As my colleagues mentioned, if it is one supplier, that is challenged internally quite vigorously. It is often in the public's best interest to have an open and competitive procurement. We have seen evidence of a very competitive marketplace from an IT and IT services standpoint.
    Once that procurement strategy is established, the procurement then goes through an internal governance framework where it is reviewed. Quite often, our complex enterprise procurements are subject to the open collaborative procurement process, in which we begin with either a request for information, RFI, or an invitation to qualify.
    Then, as mentioned previously, we work with those pre-qualified bidders to establish the RFP, and then publish it.
    Concerning cybersecurity, what role does the national security exception play in the overall cybersecurity strategy? Could you talk a bit about our Five Eyes allied countries and their use of the NSE?
    That is an interesting question, and he is going to have to give a very brief answer or I'll ask him to respond in writing.
    That goes a bit outside of my realm, but I can say that from a procurement perspective, it underpins the infrastructure that we're able to stand up for the Government of Canada.
    To speak to the broader interests of cybersecurity and Canada's cybersecurity strategy, I might invite the committee to spend some time specifically on that, potentially with some non-procurement folks and maybe with some security-related folks.
    Thank you very much.
    Ladies and gentlemen, thank you very much for your attendance here today. You've been very informative. It has been very helpful to us. Should you have any additional information that you wish to provide to the committee for our benefit, we invite you to do so in writing to our clerk.
    Also, many times we have additional questions that we couldn't get to here. We can get those to you directly, but Mr. Whalen I know has one he would like to pose before you leave the table today.
    Mr. Whalen, if you could, do so briefly, please.
    Ms. Campbell, on page 3 of your remarks, you say that there were 55 NSEs invoked over the past three fiscal years. That seems like a manageable number for us to review.
    Could you provide us with a spreadsheet of those 55, whether or not they're still open, whether or not they were project-specific or open, and the dollar value of contracts awarded under them? Then we could have a better sense for the continuation of this study of the environment and the universe of the NSEs. If it's only 55, that would be great.
    Thank you, Mr. Chair. I'll respond.
    Thank you very much.
    To our witnesses, thank you again. You're excused.
    We'll suspend for only a couple of moments, colleagues. We will come back quickly for some very brief committee business in camera.
    [Proceedings continue in camera]
Publication Explorer
Publication Explorer
ParlVU