Treasury Board of Canada Secretariat
Symbol of the Government of Canada

 

ARCHIVED - Office of the Communications Security Establishment Commissioner - Report

Warning This page has been archived.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.





2009-10
Departmental Performance Report



Office of the Communications Security Establishment Commissioner





The original version was signed by
The Honourable Peter Gordon MacKay, P.C., M.P.
Minister of National Defence





Table of Contents



Commissioner's Message

I am pleased to present to Parliament and Canadians the Departmental Performance Report of the Office of the Communications Security Establishment Commissioner (Commissioner's office) for the fiscal year ending March 31, 2010.

Like the 2009-10 Report on Plans and Priorities that preceded it, this is the first Departmental Performance Report of the Office of the Communications Security Establishment Commissioner. It should be noted, however, that the Commissioner's office has been in existence since the appointment of the first Commissioner on June 19, 1996. The Commissioner's office was funded since its creation in 1996 by the Department of National Defence (DND) but it received administrative and other support from the Privy Council Office (PCO). In April 2008, the Commissioner's office was granted its own appropriation, ending the funding from DND and moving away from reliance on PCO for administrative support. The Commissioner's office has established its own financial office and has entered into agreements with other government departments to provide, on a part-time basis, both its human resources and informatics services.

This performance report is on the activities and results of the Commissioner's office under my two predecessors, the Honourable Peter deC. Cory and the late Honourable Charles D. Gonthier. The office was without a Commissioner for five months following the untimely death in July of the Honourable Charles D. Gonthier. The Honourable Peter deC. Cory was appointed as Commissioner on December 14, 2009 but resigned March 31, 2010. I was appointed Commissioner on June 18, 2010.

Reviews planned were undertaken, reviews in progress were moved towards conclusion or finished. Given the period of time without a Commissioner and the time required to brief a new Commissioner (Cory) on the mandate and activities of the Commissioner's office, just three reports were provided to the Minister (2 reviews and 1 study). Review methodologies were updated and review approaches were expanded to allow for more effective review. Newly installed internal services are functioning well and the requirements of the Commissioner's office and the central agencies are being met.

Considering the absence of a Commissioner for more than five months, the past year was relatively successful for the Commissioner's office. There is, however, more to be done. Operational capacity has to be increased to meet the increasing demands for review and to continue to allow the Commissioner to be able to provide the necessary reassurances to the Minister regarding the Communications Security Establishment Canada's compliance with the law and the protection of the privacy of Canadians. Additional secure office space has to be acquired to allow operational and administrative capacity to be reached. Satisfactory progress is being made on both fronts.

I would like to thank the former Executive Director, Joanne Weeks, for all of her hard work and dedication to the Commissioner's office since it was formed in 1996. The Commissioner's office has come a long way in fourteen years, thanks in no small part to her efforts.  

Finally, I would like to remember the late Honourable Charles Gonthier and his contribution to this Office over three years. Monsieur Gonthier passed away on July 17, 2009 while still Commissioner. The 2009/2010 Annual Report was dedicated to his memory. He leaves a very rich legacy.

The Honourable Robert Décary, Q.C.
Commissioner

9 September 2010

Section I: Overview of the Office of the Communications Security Establishment Commissioner

Raison d'être

The Communications Security Establishment Commissioner is to ensure that the Communications Security Establishment Canada performs its duties and functions in accordance with the laws of Canada. This includes having due regard for the privacy of Canadians. The Commissioner's office exists to support the Commissioner in the effective discharge of his mandate.

Responsibilities

The duties of the Commissioner are set out under the following subsections of the National Defence Act:

273.63(2)

a) to review the activities of the Communications Security Establishment Canada to ensure they comply with the law;

b) in response to a complaint, to undertake any investigation that the Commissioner considers necessary;

c) to inform the Minister of National Defence and the Attorney General of Canada of any activity of Communications Security Establishment Canada that the Commissioner believes may not be in compliance with the law;

273.65(8)

to review and report to the Minister as to whether the activities carried out under a ministerial authorization are authorized;

273.63(3)

to submit an annual report to the Minister on the Commissioner's activities and findings within 90 days after the end of each fiscal year;

and under the Section 15 of the Security of Information Act:

to receive information from persons who are permanently bound to secrecy and who seek to defend the release of classified information about Communications Security Establishment Canada on the grounds that it is in the public interest.

The first Commissioner of the Communications Security Establishment was appointed by Order in Council pursuant to Part II of the Inquiries Act on June 19, 1996. The original mandate of the Commissioner was to review the activities of the Communications Security Establishment Canada (CSEC) to ensure that they were in compliance with the law and to investigate complaints about CSEC's activities. Following the terrorist attacks in the United States, Parliament adopted the Anti-terrorism Act, which came into force on December 24, 2001. This Act amended the National Defence Act (NDA) by adding Part V.1 and creating legislative frameworks for both the CSEC and the Commissioner. The Commissioner was also given a new duty pursuant to the Security of Information Act.

The Office of the Communications Security Establishment Commissioner can be most aptly described as a micro-agency. Operating out of Ottawa, the Office of the Commissioner currently has 8 employees and an operating budget of $2.124 million. It should be noted that the National Defence Act provides the Commissioner with independent hiring authority, and accordingly, the Commissioner's office functions as a separate employer.

Strategic Outcome and Program Activity Architecture (PAA)

The strategic outcome of the Office of the Communications Security Establishment Commissioner is that the CSEC performs its duties and functions in accordance with the laws of Canada. This includes safeguarding the privacy of Canadians. The OCSEC has two program activities – its review program and internal services.  

The relationship of the program activities, the priorities and the strategic outcome is illustrated in the diagram below.

Program Activity Architecture (PAA)
[Description of the image]

Summary of Performance  

2009–10 Financial Resources ($millions)

Planned Spending Total Authorities Actual Spending
1.5 2.3 1,5

2009–10 Human Resources (FTEs) 

Planned Actual Difference
9 8 1

The Commissioner's office increased its total authorities by $.8 million in 2009-10. The increase was to allow for additional staff as well as increased operational and administrative support for the Commissioner in the discharge of his mandate and for the establishment and maintenance of the Commissioner's office as an independent and autonomous agency. The actual spending lags behind the total authorities as planned staffing increases are still underway and costs related to increases in office space and administrative overhead have yet to be incurred.

Strategic Outcome: Improving the effectiveness and efficiency of the review program
Performance Indicators Targets 2009–10 Performance
Level of compliance Increase level of compliance There were no instances of non-compliance.
% of recommendations implemented Increase the % of recommendations implemented

All of the findings and recommendations made during 2009-10 were accepted and were or are being implemented.

The Commissioner's office is working on developing additional meaningful indicators and targets for its review program
Privacy of Canadians is protected The Commissioner's office is working on developing and implementing relevant and meaningful targets and indicators for the protection of the privacy of Canadians.
Program Activity 2008–09 Actual Spending ($millions) 2009–10[1]  Alignment to Government of Canada Outcome
Main Estimates Planned Spending Total Authorities Actual Spending

Review Program

 1.2 1.3 1.3 1.7 1.0

Safe and secure Canada

Internal Services

 0.2 0.2 0.2 0.6 0.5  
Total 1.4 1.5 1.5 2.3 1.5  

Contribution of Priorities to Strategic Outcome(s)

Operational Priorities Type Status Linkages to Strategic Outcome(s)
Improving the effectiveness and efficiency of the review program Ongoing

Met

The 2009-10 year is not truly representative owing to the period of time the office was without a Commissioner. Only three reports (two reviews and one study) were submitted to the Minister.

The two reviews found that CSEC complied with the law and ministerial requirements and, for the activities that were reviewed, protected the privacy of Canadians.

The study provided assurance that there were no significant areas of potential non-compliance and identified areas of potential risk to privacy for follow-up review
Management Priorities Type Status Linkages to Strategic Outcome(s)
Transitioning effectively to independent status Ongoing Mostly Met Transitioning is still underway as the Commissioner's office is still in the process of staffing and has yet to lease and occupy its additional space requirements. Fully transitioned, internal services will be better able to support the Commissioner in the discharge of his mandate.

Risk Analysis

Commissioners have stated that amendments to the NDA are necessary to clarify ambiguities relating to foreign intelligence ministerial authorizations. The Minister of National Defence had indicated to Commissioner Gonthier that clarification of ambiguities and other amendments to the NDA were a legislative priority. The Commissioner anticipates the introduction of a bill to amend the NDA and the opportunity to comment on these amendments at Committee stage. The Commissioner will continue to push for these amendments to the NDA.

CSEC's resources have increased dramatically over the past decade in response to the increased threat from terrorism and to the engagement of Canadian Forces in Afghanistan. The increased resources and operational activities of CSEC mean the Commissioner's office must maintain its own resource level and review programmed proportionally. The Office must also ensure that its risk management process provides adequate guidance for selecting reviews of CSEC activities where the risks to compliance and to the privacy of Canadians are most significant,

The Commissioner's office must ensure that it maintains its capacity to conduct timely, comprehensive and effective reviews. Recruiting and retention of qualified resources is essential to the effectiveness of reviews. The skills being sought are in high demand and short supply. Review programs and methodologies need to be constantly updated and improved upon to ensure that reviews fulfill the Commissioner's mandate and allow him to provide the Minister, and ultimately all Canadians the assurance that CSEC is complying with the law.    

Key to the success of the Commissioner's office is maintaining an effective working relationship with CSEC. The relationship between the parties is based on transparency and professionalism. For example, the work plan of the Commissioner's office is shared with CSEC. Throughout the review process, there is opportunity for each party to provide comment and input. The success of the relationship is dependent in large measure on ensuring recruitment and retention of qualified and capable individuals. The Commissioner's office has been successful in this regard.

The Commissioner's office has completed its first full year of functioning as a separate agency of government without financial support being provided by DND and administrative support being provided by the Privy Council Office. Administrative and financial practices must continue to be developed and strengthened to ensure that the policies, procedures and information requirements of the Commissioner's office and the central agencies are met.  

Expenditure Profile

The Commissioner's office has operated as a separate agency with its own appropriation for two years only. Prior to that, the Commissioner's office was part of DND and receiving administrative and financial support from the Privy Council Office. (Expenditure comparisons with these years would be of little value.) The change in total expenditures from 2008-09 to 2009-10 was from $1.4 million dollars to $1.5 million dollars, or $100 thousand. The increase between these two years is primarily due to the increased cost of administrative and financial operations. As the Commissioner's office transitioned from dependence on the PCO for administrative and financial support to being fully responsible for its own administrative and financial operations, the costs increased. It should be noted as well that there are still additional base costs to be incurred (for the most part, additional FTEs to reach operational and administrative capacity and additional secure accommodations to support capacity.) These additional costs to be incurred explain the difference between the total authorities available for use and the actual authorities used in the current year.

Voted and Statutory Items

($ millions)

Vote # or Statutory Item (S) Truncated Vote or Statutory Wording 2007–08 Actual Spending 2008–09 Actual Spending 2009–10 Main Estimates 2009–10 Actual Spending
25

Operating expenditures

 N/A 1.3 1.4 1.4
(S)

Contributions to employee benefit plans

 N/A 0.1 0.1 0.1
Total N/A 1.4 1.5 1.5


Section II: Analysis of Program Activities by Strategic Outcome

Strategic Outcome

The Office of the Communications Security Establishment Commissioner exists to support the Commissioner in ensuring that the CSEC performs its duties and functions in accordance with the laws of Canada. This includes safeguarding the privacy of Canadians. This is the sole strategic outcome for the Commissioner's office.

In support of the achievement of this strategic outcome, the Commissioner's office has two program activities – the review program and internal services program. The review program directly supports the achievement of the strategic outcome; the internal services program directly supports the review program and in so doing indirectly support the achievement of the strategic outcome.

During fiscal year 2009-2010, the Commissioner's office had established two priorities to support the achievement of the strategic outcome: for the review program, to improve its effectiveness and efficiency; and for the internal services program, to transition effectively to independent status.

The performance measurement framework for these priorities matches that presented in the Commissioner's office Report on Plans and Priorities for 2009-10. The performance results are reported below the following table, which summarizes them.

Program Activity by Strategic Outcome

Program Activity: Review Program  
2009-2010 Financial Resources ($millions) 2009-2010 Human Resources (FTEs)
Planned Spending Total Authorities Actual Spending Planned Actual Difference
1.3 1.7 1.0 6 6 0
Expected Results Performance Indicators Targets Performance Status Performance Summary
CSEC's activities and operations are conducted in accordance with the law while respecting the privacy of Canadians. % of recommendations implemented Increase the % of recommendations implemented Exceeded Although not a representative year in terms of the number of reviews submitted to the Minister, all of the findings and recommendations made were accepted and were or are being implemented.

Performance Analysis

Program Activity: Review Program

The following logic model provides a graphic description of how the review program functions.

Commissioner's Office Review Program — Logic Model
[Description of the image]

It is important at the outset to state that 2009-10 was not a normal operating year for the Commissioner's office. There was no Commissioner for a period of five months following the passing of Commissioner Gonthier. Work that had been approved by former Commissioner Gonthier could begin as planned; work that had already started could be continued. However, in the absence of a Commissioner, review reports could not be forwarded to the Minister, as that responsibility rests solely with the Commissioner.

Three classified reports were submitted to the Minister during the past year. One was a comprehensive study relating the CSEC information technology security activities and two were reviews relating to foreign signals intelligence collection activities.

The results of the two review reports indicated that CSEC activities that were reviewed were in accordance with the law and that the privacy of Canadians was protected. These are the results that the Commissioner's office is trying to achieve. The target established by the Commissioner's office was to increase the % of recommendations implemented but no specific target was set. Past performance, however, has been very good. The Commissioners have, since 1997, submitted to the Minister of National Defence 55 classified review reports and studies. In total, these reports have contained 129 recommendations. CSEC has accepted and implemented or is working to address 121 (94%) of these recommendations. During 2009-10, the previous rate of implementation has been exceeded. All findings and recommendations resulting from the two reviews were agreed to by CSEC and 100% of the recommendations have been or are in the process of being implemented.

The study identified areas that will be incorporated into the Commissioner's three-year work plan. The updating of the work plan based on the results of reviews and studies was one of the priorities set out in the 2009-10 RPP.

The three-year work plan is also updated, based on an ongoing assessment of risk. Detailed criteria established by the Commissioner's office for the identification and prioritization of CSEC activities that should be subject to review are constantly examined with a view to updating them. For example, significant changes to authorities, authority structures and technologies are identified and factored into the risk determination process to ensure that the work-plan remains current and relevant.

The Commissioner's office is still developing targets for the performance of its reviews to ensure that they are timely. It is not likely that standards can be set because the number of reviews completed is not large and each review differs from the other. However, it is agreed that it is necessary to incorporate precise review planning into the budgetary process.

One of the priorities set was for the Commissioner's office to continue to look at the review process to identify opportunities to be more efficient. Training is being provided to individual employees and will continue to be provided. The Commissioner's office is now in the process of developing a training course for review officers in the security environment that would be applicable to other intelligence review agencies as well.

Two new approaches to the conduct of reviews are realizing efficiencies in the review process, addressing another priority of the Commissioner's office. A new approach for the conduct of a review, called horizontal review, is being instituted. It will provide the Commissioner's office a more comprehensive understanding of the activities under review, lead to more meaningful review results and provide a higher degree of assurance the Commissioner can provide to the Minister of National Defence that CSEC is complying with the law and protecting the privacy of Canadians. In addition, foreign intelligence ministerial authorizations are reviewed annually and simultaneously. Detailed review will be instituted only if significant changes are noted that have a potential to impact negatively on CSEC's compliance with the law and its protection of the privacy of Canadians.

The Commissioner's office has and will continue to work with the security and intelligence community, both domestically and internationally. These collaborations (meetings, associations, conferences, etc.) allow information and experience to be shared, differing methodologies to be studied and best practices to be adopted. In October 2009, staff participated in the annual Canadian Association of Security and Intelligence Studies (CASIS) conference held in Ottawa. As well, in March 2010, the Executive Director attended and lead a discussion group on effective review at the International Intelligence Review Agencies Conference (IIRAC) in Sydney, Australia. The meetings allow the exchange of ideas, experience and best practices, aiming to enhance the effectiveness of review.

The Review Agencies Forum continues to meet at least annually to discuss matters of common interest to its members. The Commissioner's office, who initiated this group, remains an active participant along with the Security Intelligence Review Committee (SIRC), the Inspector General of CSIS, the RCMP Public Complaints Commission and now also the Office of the Privacy Commissioner.

Program Activity: Internal Services Program

Program Activity: Internal Services 
2009-2010 Financial Resources ($millions) 2009-2010 Human Resources (FTEs)
Planned Spending Total Authorities Actual Spending Planned Actual Difference
0.2 0.6 0.5 3 2 1

As mentioned previously, the Commissioner's office became an independent agency in April, 2008. Until then, administrative and financial support were provided by the Privy Council Office. As an independent agency, the Commissioner's office had to establish its own internal services activity – administration, finance, and human resource systems in order to meet the information and compliance requirements of the Commissioner's Office as well as the central agencies. The priority established for internal services was to transition effectively to independent status. This year, 2009-10, is the second year of operations and the transition has been effective. The systems are in place and functioning well. Service agreements have been signed to supplement internal resources in the provision of required services to meet the demands of management.

The majority of the transitioning has been completed without significant problem. But there is still work to be done. Policies and procedures need to be further documented, either updated or created in response to requirements that did not exist prior to becoming an independent agency. Additional office space needs to be acquired and upgraded to provide for existing as well as future additional personnel and to provide the appropriate level of security. The process is underway but it will take time to acquire and upgrade the space to meet the required security requirements. Staffing is still required in both the review and internal services programs; however, it is being somewhat delayed by the absence of office space to accommodate the new employees.  

Lessons Learned

Reviews and review methodology must change and adapt to a dynamic technological and policy environment within CSEC. The Commissioner's office must be able to respond in a timely manner to this dynamic environment. In the past year, the Commissioner's office has applied a new approach to review, to be more comprehensive, more focussed and more effective.

Collaboration is essential to the success of the Commissioner's office. The Commissioner has no authority to directly affect change in CSEC. However, the Commissioner can recommend changes that strengthen compliance and the protection of privacy. The responsibility for implementing changes as a result of those recommendations rests, of course, with the management of CSEC. It is by striving for a positive, professional working relationship with CSEC that opportunities to improve upon the review and reporting processes can be identified and implemented.

The absence of a Commissioner over a period of time restricts the ability of the Commissioner's office to effectively discharge its mandate. Without a Commissioner, review reports cannot be signed and forwarded to the Minister, thus depriving the Minister, Parliament and Canadians of the assurance that CSEC is complying with the law and protecting the privacy of Canadians. In addition, the Commissioner's office is unable to initiate new reviews or press for new information without the authority of a Commissioner. Finally, the legislative requirement to submit an annual report to the Minister cannot be met.

Benefits for Canadians

The Office of the Communications Security Establishment Commissioner was created in June 1996. The mandate has grown since the Commissioner's office was created; today the Commissioner's Office exists to ensure that the operations of CSEC are in compliance with the law and that the privacy of Canadians is protected. Through its efforts, the Commissioner's office provides assurance to the Minister of National Defence, the whole of government and to all Canadians that CSEC is in compliance with the law and that the privacy of Canadians is being protected.



Section III: Supplementary Information

Financial Highlights

The following financial tables are extracted from the (unaudited) financial statements of the Commissioner's office for the year ended March 31, 2010.

Condensed Statement of Financial Position at March 31 ($ millions)

  % Change 2008–09  2009–10 
ASSETS      
Total Assets   0.022 0.018
TOTAL (18%) 0.022 0.018
LIABILITIES      
Total Liabilities   0.649 0.383
EQUITY      
Total Equity   (0.627) (0.365)
TOTAL (18%) 0.022 0.018

Condensed Statement of Operations for the Year Ended March 31 ($ millions)

  % Change 2008–09  2009–10 
EXPENSES      
Total Expenses (.03%) 1.693 1.643
REVENUES   - -
Total Revenues   - -
NET COST OF OPERATIONS (.03%) 1.693 1.643

There has been little change in the overall cost of operations for the Commissioner's office from 2008-09 to 2009-10. The drop in the net cost of operations ($50 thousand) is related almost entirely to changes in salaries and professional services costs. Salary costs are down ($166 thousand) owing to a late in the year retirement, employee departure (2), slight delays in recruitment and staffing, and the absence of a Commissioner for 5 months. Professional services costs are up ($120 thousand) as the costs of resourcing the financial and human resource operations are now being fully absorbed by the Commissioner's office.

Financial Statements

The financial statements can be found on the web site of the Office of the Communications Security Establishment Commissioner

http://www.ocsec-bccst.gc.ca/finance/2009-2010/index_e.php

Other Items of Interest

For further information on the Office of the Communications Security Establishment Commissioner (its mandate, function and history, annual reports etc.) please visit our website: http://www.ocsec-bccst.gc.ca

Contact for Further Information

The Office of the Communications Security Establishment Commissioner can be reached at the following address:

Office of the Communications Security Establishment Commissioner
P.O. Box 1984, Station "B"
Ottawa, ON K1P 5R5

The Office may also be reached:

Telephone: 613-992-3044
Facsimile: 613-992-4096
Email: info@ocsec-bccst.gc.ca

[1] Commencing in the 2009-10 Estimates cycle, the resources for Program Activity: Internal Service is displayed separately from other program activities; they are no longer distributed among the remaining program activities, as was the case in previous Main Estimates. This has affected the comparability of spending and FTE information by Program Activity between fiscal years.