Treasury Board of Canada Secretariat
www.tbs-sct.gc.ca
Common menu bar links
Breadcrumb Trail
ARCHIVED - Office of the Communications Security Establishment Commissioner - Report
This page has been archived.
Archived Content
Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.
Section II: Analysis of Program Activities by Strategic Outcome
Strategic Outcome
The Office of the Communications Security Establishment Commissioner exists to support the Commissioner in ensuring that the CSEC performs its duties and functions in accordance with the laws of Canada. This includes safeguarding the privacy of Canadians. This is the sole strategic outcome for the Commissioner's office.
In support of the achievement of this strategic outcome, the Commissioner's office has two program activities – the review program and internal services program. The review program directly supports the achievement of the strategic outcome; the internal services program directly supports the review program and in so doing indirectly support the achievement of the strategic outcome.
During fiscal year 2009-2010, the Commissioner's office had established two priorities to support the achievement of the strategic outcome: for the review program, to improve its effectiveness and efficiency; and for the internal services program, to transition effectively to independent status.
The performance measurement framework for these priorities matches that presented in the Commissioner's office Report on Plans and Priorities for 2009-10. The performance results are reported below the following table, which summarizes them.
Program Activity by Strategic Outcome
| Program Activity: Review Program | |||||
|---|---|---|---|---|---|
| 2009-2010 Financial Resources ($millions) | 2009-2010 Human Resources (FTEs) | ||||
| Planned Spending | Total Authorities | Actual Spending | Planned | Actual | Difference |
| 1.3 | 1.7 | 1.0 | 6 | 6 | 0 |
| Expected Results | Performance Indicators | Targets | Performance Status | Performance Summary |
|---|---|---|---|---|
| CSEC's activities and operations are conducted in accordance with the law while respecting the privacy of Canadians. | % of recommendations implemented | Increase the % of recommendations implemented | Exceeded | Although not a representative year in terms of the number of reviews submitted to the Minister, all of the findings and recommendations made were accepted and were or are being implemented. |
Performance Analysis
Program Activity: Review Program
The following logic model provides a graphic description of how the review program functions.
It is important at the outset to state that 2009-10 was not a normal operating year for the Commissioner's office. There was no Commissioner for a period of five months following the passing of Commissioner Gonthier. Work that had been approved by former Commissioner Gonthier could begin as planned; work that had already started could be continued. However, in the absence of a Commissioner, review reports could not be forwarded to the Minister, as that responsibility rests solely with the Commissioner.
Three classified reports were submitted to the Minister during the past year. One was a comprehensive study relating the CSEC information technology security activities and two were reviews relating to foreign signals intelligence collection activities.
The results of the two review reports indicated that CSEC activities that were reviewed were in accordance with the law and that the privacy of Canadians was protected. These are the results that the Commissioner's office is trying to achieve. The target established by the Commissioner's office was to increase the % of recommendations implemented but no specific target was set. Past performance, however, has been very good. The Commissioners have, since 1997, submitted to the Minister of National Defence 55 classified review reports and studies. In total, these reports have contained 129 recommendations. CSEC has accepted and implemented or is working to address 121 (94%) of these recommendations. During 2009-10, the previous rate of implementation has been exceeded. All findings and recommendations resulting from the two reviews were agreed to by CSEC and 100% of the recommendations have been or are in the process of being implemented.
The study identified areas that will be incorporated into the Commissioner's three-year work plan. The updating of the work plan based on the results of reviews and studies was one of the priorities set out in the 2009-10 RPP.
The three-year work plan is also updated, based on an ongoing assessment of risk. Detailed criteria established by the Commissioner's office for the identification and prioritization of CSEC activities that should be subject to review are constantly examined with a view to updating them. For example, significant changes to authorities, authority structures and technologies are identified and factored into the risk determination process to ensure that the work-plan remains current and relevant.
The Commissioner's office is still developing targets for the performance of its reviews to ensure that they are timely. It is not likely that standards can be set because the number of reviews completed is not large and each review differs from the other. However, it is agreed that it is necessary to incorporate precise review planning into the budgetary process.
One of the priorities set was for the Commissioner's office to continue to look at the review process to identify opportunities to be more efficient. Training is being provided to individual employees and will continue to be provided. The Commissioner's office is now in the process of developing a training course for review officers in the security environment that would be applicable to other intelligence review agencies as well.
Two new approaches to the conduct of reviews are realizing efficiencies in the review process, addressing another priority of the Commissioner's office. A new approach for the conduct of a review, called horizontal review, is being instituted. It will provide the Commissioner's office a more comprehensive understanding of the activities under review, lead to more meaningful review results and provide a higher degree of assurance the Commissioner can provide to the Minister of National Defence that CSEC is complying with the law and protecting the privacy of Canadians. In addition, foreign intelligence ministerial authorizations are reviewed annually and simultaneously. Detailed review will be instituted only if significant changes are noted that have a potential to impact negatively on CSEC's compliance with the law and its protection of the privacy of Canadians.
The Commissioner's office has and will continue to work with the security and intelligence community, both domestically and internationally. These collaborations (meetings, associations, conferences, etc.) allow information and experience to be shared, differing methodologies to be studied and best practices to be adopted. In October 2009, staff participated in the annual Canadian Association of Security and Intelligence Studies (CASIS) conference held in Ottawa. As well, in March 2010, the Executive Director attended and lead a discussion group on effective review at the International Intelligence Review Agencies Conference (IIRAC) in Sydney, Australia. The meetings allow the exchange of ideas, experience and best practices, aiming to enhance the effectiveness of review.
The Review Agencies Forum continues to meet at least annually to discuss matters of common interest to its members. The Commissioner's office, who initiated this group, remains an active participant along with the Security Intelligence Review Committee (SIRC), the Inspector General of CSIS, the RCMP Public Complaints Commission and now also the Office of the Privacy Commissioner.
Program Activity: Internal Services Program
| Program Activity: Internal Services | |||||
|---|---|---|---|---|---|
| 2009-2010 Financial Resources ($millions) | 2009-2010 Human Resources (FTEs) | ||||
| Planned Spending | Total Authorities | Actual Spending | Planned | Actual | Difference |
| 0.2 | 0.6 | 0.5 | 3 | 2 | 1 |
As mentioned previously, the Commissioner's office became an independent agency in April, 2008. Until then, administrative and financial support were provided by the Privy Council Office. As an independent agency, the Commissioner's office had to establish its own internal services activity – administration, finance, and human resource systems in order to meet the information and compliance requirements of the Commissioner's Office as well as the central agencies. The priority established for internal services was to transition effectively to independent status. This year, 2009-10, is the second year of operations and the transition has been effective. The systems are in place and functioning well. Service agreements have been signed to supplement internal resources in the provision of required services to meet the demands of management.
The majority of the transitioning has been completed without significant problem. But there is still work to be done. Policies and procedures need to be further documented, either updated or created in response to requirements that did not exist prior to becoming an independent agency. Additional office space needs to be acquired and upgraded to provide for existing as well as future additional personnel and to provide the appropriate level of security. The process is underway but it will take time to acquire and upgrade the space to meet the required security requirements. Staffing is still required in both the review and internal services programs; however, it is being somewhat delayed by the absence of office space to accommodate the new employees.
Lessons Learned
Reviews and review methodology must change and adapt to a dynamic technological and policy environment within CSEC. The Commissioner's office must be able to respond in a timely manner to this dynamic environment. In the past year, the Commissioner's office has applied a new approach to review, to be more comprehensive, more focussed and more effective.
Collaboration is essential to the success of the Commissioner's office. The Commissioner has no authority to directly affect change in CSEC. However, the Commissioner can recommend changes that strengthen compliance and the protection of privacy. The responsibility for implementing changes as a result of those recommendations rests, of course, with the management of CSEC. It is by striving for a positive, professional working relationship with CSEC that opportunities to improve upon the review and reporting processes can be identified and implemented.
The absence of a Commissioner over a period of time restricts the ability of the Commissioner's office to effectively discharge its mandate. Without a Commissioner, review reports cannot be signed and forwarded to the Minister, thus depriving the Minister, Parliament and Canadians of the assurance that CSEC is complying with the law and protecting the privacy of Canadians. In addition, the Commissioner's office is unable to initiate new reviews or press for new information without the authority of a Commissioner. Finally, the legislative requirement to submit an annual report to the Minister cannot be met.
Benefits for Canadians
The Office of the Communications Security Establishment Commissioner was created in June 1996. The mandate has grown since the Commissioner's office was created; today the Commissioner's Office exists to ensure that the operations of CSEC are in compliance with the law and that the privacy of Canadians is protected. Through its efforts, the Commissioner's office provides assurance to the Minister of National Defence, the whole of government and to all Canadians that CSEC is in compliance with the law and that the privacy of Canadians is being protected.
