ARCHIVED - Office of the Communications Security Establishment Commissioner - Report

Warning This page has been archived.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.

2010-11
Departmental Performance Report

Office of the Communications Security Establishment Commissioner

The original version was signed by
The Honourable Peter Gordon MacKay, P.C., M.P.
Minister of National Defence

Commissioner’s Message

I am pleased to present to Parliament and Canadians the Departmental Performance Report of the Office of the Communications Security Establishment Commissioner (Commissioner’s office) for the fiscal year ending March 31, 2011.

I was appointed Commissioner on June 18, 2010 and so, to a large extent, this report is on the activities and results under my leadership. As we have reported before, the Commissioner’s office has been in existence since appointment of the first Commissioner on June 19, 1996. Since its creation, and until April 2008, it was funded by the Department of National Defence (DND) but received administrative and other support from the Privy Council Office (PCO). It was only as of April 2008 when the Commissioner’s office was granted its own appropriation from Parliament, ending the funding from DND and the reliance on PCO for administrative support, that it became truly independent.

During the year, I submitted six reports to the Minister of National Defence and I was able to report that the activities of the Communications Security Establishment Canada (CSEC) examined during the year complied with the law. As well, there are several reviews well underway in this current fiscal year that will be reported upon in 2011-12.

Part of my mandate includes responding to complaints, by investigation if need be, that CSEC has or is engaging in unlawful activity or is not taking measures to protect the privacy of Canadians. During fiscal year 2010-11, there were no complaints that warranted investigation.

I also have a duty under the Security of Information Act to receive information from persons who are permanently bound to secrecy seeking to defend the release of special operational information on the grounds that it is in the public interest. No such matters were reported during 2010-11.

As part of my ongoing efforts to improve the quality of review, my office reaches out to other review bodies, in Canada and abroad. During the year, I met with the British Intelligence and Security Committee of Parliamentarians in Ottawa for discussions and information exchange on review methodologies and practices. I also met with the Security Intelligence Review Committee. For the seventh year, the Review Agencies Forum, met to discuss issues of common interest involving review and review methodology. My office developed and held a review workshop for personnel of organizations dedicated to the review of agencies involved in security and intelligence.

My office has and must continue to “keep up”. The technological environment in which we operate is ever-changing, ever complex. Threats, both internal and external, are not diminishing, nor is the intelligence requirement of government. As CSEC evolves and adapts to keep pace, so must my office. The attraction, development and retention of review staff continues to be one of my priorities. In this regard, two additional staff were engaged during the year. Part of “keeping up” requires constant effort to refine my office’s comprehensive review methodology, from the identification of activities for review, through the conduct of reviews, to the reporting of the results.

I mentioned in last year’s DPR that additional, secure space had to be acquired to allow operational and administrative capacity to be reached, particularly in the wake of the complete independence achieved by the office. I am pleased to report that after many months of meetings and negotiations with both Public Works and the building manager, the additional office space should become a reality in 2011-12.

I wish to thank CSEC and its Chief for the cooperation extended to me and my staff during the planning and conduct of reviews. The working relationship is professional and there is mutual respect for the important roles that our respective organizations fulfill.

I wish, as well, to thank both my review staff, for the professional manner in which they conducted themselves in carrying out the reviews as well as my corporate services team for the excellence in the provision of support services to the office. Overall efforts are a demonstration of their high level of commitment and dedication to supporting the mandate with which I am charged.

I am pleased with the results achieved on all fronts by my office in 2010-11. I have been able to provide to the Minister of National Defence, and to all Canadians, assurance that CSEC is complying with the law. I have also made recommendations that I believe will help strengthen both compliance with the law and the protection of the privacy of Canadians.

The Honourable Robert D�cary, Q.C.
Commissioner
August 29, 2011

Section I: Organizational Overview of the Office of the Communications Security Establishment Commissioner

Raison d’�tre

My mandate is to ensure that CSEC performs its duties and functions in accordance with the laws of Canada. This includes having due regard for the privacy of Canadians. The Commissioner’s office exists to support the Commissioner in the effective discharge of his mandate.

Responsibilities

The duties of the Commissioner are set out under the following subsections of the National Defence Act:

273.63(2)

a) to review the activities of the CSEC to ensure they comply with the law;

b) in response to a complaint, to undertake any investigation that the Commissioner considers necessary;

c) to inform the Minister of National Defence and the Attorney General of Canada of any activity of Communications Security Establishment Canada that the Commissioner believes may not be in compliance with the law;

273.65(8)

to review and report to the Minister as to whether the activities carried out under a ministerial authorization are authorized;

273.63(3)

to submit an annual report to the Minister on the Commissioner’s activities and findings within 90 days after the end of each fiscal year;

and under the Section 15 of the Security of Information Act:

to receive information from persons who are permanently bound to secrecy and who seek to defend the release of classified information about Communications Security Establishment Canada on the grounds that it is in the public interest.

The first Commissioner of the Communications Security Establishment was appointed by Order in Council pursuant to Part II of the Inquiries Act on June 19, 1996. The original mandate of the Commissioner was to review the activities of the Communications Security Establishment Canada (CSEC) to ensure that they were in compliance with the law and to investigate complaints about CSEC’s activities. Following the terrorist attacks in the United States, Parliament adopted the Anti-terrorism Act, which came into force on December 24, 2001. This Act amended the National Defence Act (NDA) by adding Part V.1 and creating legislative frameworks for both the CSEC and the Commissioner. The Commissioner was also given a new duty pursuant to the Security of Information Act, as noted above.

The Commissioner’s office can be most aptly described as a micro-agency. Operating out of Ottawa, the office currently has 8 employees with an operating budget slightly in excess of $2 million. It should be noted that the National Defence Act provides the Commissioner with independent hiring authority, and accordingly, the Commissioner’s office functions as a separate employer.

Strategic Outcome and Program Activity Architecture (PAA)

Strategic Outcome and Program Activity Architecture
[Description of the image]

The strategic outcome of the Office of the Communications Security Establishment Commissioner is that the CSEC performs its duties and functions in accordance with the laws of Canada. This includes safeguarding the privacy of Canadians. The OCSEC has two program activities – its review program and internal services.

The relationship of the program activities, the priorities and the strategic outcome is illustrated in the diagram below.

Organizational Priorities

For 2010-2011, the Commissioner’s office had two priorities - improving the effectiveness and efficiency of the review program and improving governance. For each priority, performance status assigned is based on the following performance status legend:

Performance Status Legend

Exceeded: More than 100 percent of the expected level of performance (as evidenced by the indicator and target or planned activities and outputs) for the expected result or priority identified in the corresponding Report on Plans and Priorities (RPP) was achieved during the fiscal year.

Met: 100 percent of the expected level of performance (as evidenced by the indicator and target or planned activities and expected outputs) for the expected result or priority identified in the corresponding RPP was achieved during the fiscal year.

Not met: Less than 60 percent of the expected level of performance (as evidenced by the indicator and target or planned activities and outputs) for the expected result or priority identified in the corresponding RPP was achieved during the fiscal year.

Priority	Type^[1]	Strategic Outcome and Program Activities	Status
Improving the effectiveness and efficiency of the review program	Ongoing	CSEC operating in accordance with the law and safeguarding the privacy of Canadians Review Program	Met The effectiveness and efficiency of the review program has improved. Improved review methodology and increased review coverage of CSEC activities. There is a need to increase review capacity.

Priority

Type^[1]

Strategic Outcome and Program Activities

Status

Improving the effectiveness and efficiency of the review program

Ongoing

CSEC operating in accordance with the law and safeguarding the privacy of Canadians
Review Program

Met

The effectiveness and efficiency of the review program has improved. Improved review methodology and increased review coverage of CSEC activities. There is a need to increase review capacity.

Priority	Type	Program Activities	Status
Improving governance	Ongoing	Review program Internal services	Met Management practices continued to improve in both activities.

Priority

Type

Program Activities

Status

Improving governance

Ongoing

Review program
Internal services

Met

Management practices continued to improve in both activities.

Risk Analysis

The need continues for legislative amendments to the National Defence Act, to eliminate ambiguities identified by my predecessors and myself. As noted in a previous annual report of this office, “…the length of time that has passed without producing amended legislation puts at risk the integrity of the review process.”

An area of significant concern to the Commissioner’s office is its ability to sustain capacity - having the proper number of competent professionals to ensure operational continuity. CSEC must respond to a constantly changing environment – technology, international and foreign affairs, and terrorism to name but a few. And the Commissioner’s office must respond to changes in CSEC in order to be able to continue to perform the reviews necessary to provide assurances to the Minister and ultimately to all Canadians that CSEC activities are in compliance with the law and the privacy of Canadians is protected. In addition, the Commissioner’s office must continue to ensure that its risk management process provides adequate guidance in the selection of CSEC activities for review where the risks to compliance and to the privacy of Canadians are most significant. To be able to effectively deliver on its mandate, the office must manage its resources so that it has the “right” resources at the “right” time and in the “right” place. Human resource planning will continue to address recruitment, retention, and learning.

The success of the review process depends to a great extent on the cooperation of CSEC. As mentioned in the 2010-11 Communications Security Establishment Commissioner Annual Report, the Commissioner was “… impressed with the degree of transparency and spirit of cooperation displayed by CSEC and its Chief.” The Commissioner’s office will continue to work closely with CSEC to maintain this level of cooperation in order that the individual reviews will proceed as efficiently as possible and that the overall program will be as effective as possible.

The Commissioner’s office will also continue to work closely with Public Works and Government Services Canada and building management to help ensure that additional secure office space is made available in 2011-12 in order that the planned expanded level of review activity can become a reality.

The needs of the Commissioner’s office for financial, administrative, information, security and human resource services are changing. The requirements of the central agencies for information are changing and growing and are increasingly consuming the limited resources of the office. In 2010-11, the systems were examined and stream-lined to help ensure that the needs of management and the requirements of the central agencies were met in a timely fashion. These efforts will continue.

Summary of Performance

**2010–11 Financial Resources ($millions)**
Planned Spending	Total Authorities	Actual Spending
2.1	2.3	1.6

**2009–10 Human Resources (FTEs)**
Planned	Actual	Difference
10	8	2

**Strategic Outcome: The Communications Security Establishment Canada performs its duties and functions in accordance with the laws of Canada. This includes safeguarding the privacy of Canadians.**
Performance Indicators	Targets	2010-11 Performance
Degree of CSEC compliance with the laws of Canada	Maintain or improve the degree of compliance	The activities of CSEC examined this year complied with the law.
Extent to which privacy of Canadians is safeguarded	Maintain or strengthen the privacy of Canadian identity information	Measures are being maintained to protect the privacy of Canadians

Program Activity	2009-10 Actual Spending ($ millions)	2010-11 ($ millions)				Alignment to Gov’t of Canada Outcomes
Program Activity	2009-10 Actual Spending ($ millions)	Main Estimates	Planned Spending	Total Authorities	Actual Spending	Alignment to Gov’t of Canada Outcomes
Review Program	1.0	1.6	1.6	1.6	1.1	Safe and secure Canada

Program Activity	2009-10 Actual Spending ($ millions)	2010-11 ($ millions)
Program Activity	2009-10 Actual Spending ($ millions)	Main Estimates	Planned Spending	Total Authorities	Actual Spending
Internal Services	.5	.5	.5	.7	.5

Expenditure Profile

The actual spending is in line with the previous year’s expenditure. It, however, lags behind the total authorities, as planned staffing increases have been delayed pending the fit-up of additional office space that has just now been approved for tender. Once the additional accommodation is available for use, spending can be expected to increase for personnel, rent and internal services.

Departmental Spending Trend

Expenditure Profile
[Description of the image]

(2008-09 was the first year that the Commissioner’s office had its own authorities; however, as the spending in that first year was not representative of the office, it has not been included in the profile.)

Estimates by Vote

For information on our organizational Votes and/or statutory expenditures, please see the 2010–11 Public Accounts of Canada (Volume II) publication. An electronic version of the Public Accounts is available on the Public Works and Government Services Canada website.^[2]

Section II: Analysis of Program Activities by Strategic Outcome

Strategic Outcome

The Office of the Communications Security Establishment Commissioner exists to support the Commissioner in ensuring that the CSEC performs its duties and functions in accordance with the laws of Canada. This includes safeguarding the privacy of Canadians. This is the sole strategic outcome for the Commissioner’s office.

In support of the achievement of this strategic outcome, the Commissioner’s office has two program activities – the review program and internal services program. The review program directly supports the achievement of the strategic outcome; the internal services program directly supports the review program and in so doing indirectly support the achievement of the strategic outcome.

During fiscal year 2010-2011, the Commissioner’s office had established two priorities to support the achievement of the strategic outcome: for the review program, to improve its effectiveness and efficiency; and for the internal services program, to improve governance.

The performance measurement framework for these priorities matches that presented in the Commissioner’s office Report on Plans and Priorities for 2010-11. The performance results are reported below the following table, which summarizes them.

Program Activity by Strategic Outcome

Program Activity: Review Program

**2010-2011 Financial Resources** **($millions)**
Planned Spending	Total Authorities	Actual Spending
1.6	1.6	1.1

**2010-2011 Human Resources (FTEs)**
Planned	Actual	Difference
6	6	0

Expected Results	Performance Indicators	Targets	Performance Status
Recommendations resulting from the reviews conducted are accepted and implemented by CSEC	% of recommendations accepted	80%	Exceeded
Reviews are completed within targeted time frames as established by the Commissioner	% of reviews completed within time frames established by the Commissioner	80%	Met

The review program includes research, monitoring, planning, the conduct of reviews and the reporting of results. In addition, it also includes consultations and communications with CSEC officials, with other government officials, and senior representatives of the security community.

Performance Summary and Analysis of Program Activity

Program Activity: Review Program

The following logic model provides a graphic description of how the review program functions.

Review program logic model
[Description of the image]

During 2010-11, the Commissioner submitted six reports to the Minister of National Defence. One review related to disclosures of information about Canadians to Government of Canada departments and agencies; two reviews examined CSEC activities conducted under ministerial authorization; and three reviews related to foreign signals intelligence activities.

The results of these reviews indicated that CSEC activities that were reviewed were in accordance with the law and that the privacy of Canadians was protected.

These are the results that the Commissioner’s office is trying to achieve. The target established by the Commissioner’s office was to achieve 80% of recommendations implemented. During 2010-11, the Commissioner made four recommendations to the Minister. Past performance, has been very good. The Commissioners have, since 1997, submitted to the Minister of National Defence 61 classified review reports and studies. In total, these reports have contained 133 recommendations. CSEC has accepted and implemented or is working to address 122 (95%) of these recommendations. During 2010-11, CSEC completed work in response to three past recommendations and there are 18 additional recommendations that CSEC is currently working to address.

In addition, there were several reviews in process during 2010-11 that are expected to be concluded and reported upon in 2011-12.

Cooperation with CSEC, as was mentioned earlier, is one of the keys to the success of the review program. In addition to briefings on activities scheduled for review, the Commissioner’s office requests briefings from CSEC to assist in determining risk and work plan development. The Commissioner’s office also receives regular briefs on changes to management and administration of CSEC programs, including changes to policies and procedures.

The three-year work plan is updated on the results of reviews, the involvement of CSEC and an ongoing assessment of risk. Detailed criteria established by the Commissioner’s office for the identification and prioritization of CSEC activities that should be subject to review are constantly being examined to ensure that the areas of greatest risk are in fact reviewed.

The use of horizontal reviews described in the Commissioner’s Annual Report is paying benefits. Not only does it examine processes that are common within CSEC more efficiently but it allows the Commissioner’s office to modify its review approach and focus on specific elements with the review area.

One of the priorities set was to continue to look at the review process to identify opportunities to be more efficient. Last year (2009-10), the Commissioner’s office was in the process of developing a training course for review officers in the security environment that would be applicable to other intelligence review agencies as well. In November 2010, the workshop was delivered and enthusiastically received. Another workshop is scheduled for this fall.

The Commissioner’s office takes every opportunity to learn from the experience of others. Discussions with others involved in the security and intelligence community (British Intelligence and Security Committee of Parliamentarians and the Review Agencies Forum), training from CSEC on the use of a specific CSEC foreign intelligence database, participation in the annual Canadian Association of Security and Intelligence Studies conference – all with a view to exchanging ideas, learning and advancing the role of review in the security and intelligence community.

Program Activity: Internal Services Program

**2010-2011 Financial Resources ($millions)**
Planned Spending	Total Authorities	Actual Spending
.5	.7	.5

**2010-2011 Human Resources (FTEs)**
Planned	Actual	Difference
3	2	1

This year, 2010-11, is the third year of operations for the Commissioner’s office as an independent agency with its own financial authorities. Systems are in place (human resources, finance and administration) and functioning well. Service agreements have been signed to supplement internal resources in the provision of required services (informatics, security) to meet the demands of management and to comply with the requirements of the central agencies.

Policies and procedures need to be further documented, either updated or created in response to changing requirements, primarily from the central agencies.

It now appears certain that the Commissioner’s office will obtain the required additional office space and complete the necessary fit-up for security purposes next year, in 2011-12. Staffing is still required in both the review and internal services programs; however, it has been delayed by the absence of office space to accommodate new employees.

Lessons Learned

Technology, international affairs, internal and external threats are dynamic. CSEC must respond to this environment and so too must the Commissioner’s office. Resources are limited and so they must be used wisely. The need to refine the review methodology is ongoing; the Commissioner’s office must be able to respond effectively and efficiently to new and challenging review requirements.

Collaboration is essential to the success of the Commissioner's office. As always, it is by striving for a positive, professional working relationship with CSEC that opportunities to improve upon the review and reporting processes can be identified and implemented.

Section III: Supplementary Information

Financial Highlights

The following financial tables are extracted from the (unaudited) financial statements of the Commissioner’s office for the year ended March 31, 2011.

**Condensed Statement of Financial Position at March 31 ($ millions)**
	% Change	2010–11	2009–10 (restated)
Total Assets		.173	.121
TOTAL	43%	.173	.121
Total Liabilities		.327	.383
Total Equity		(.154)	(.262)
TOTAL	43%	.173	.121

**Condensed Statement of Operations for the Year Ended March 31 ($ millions)**
	% Change	2010–11	2009–10
Total Expenses	(4.8%)	1.563	1.643
Total Revenues		-	-
NET COST OF OPERATIONS	(4.8%)	1.563	1.643

The decrease of $80 thousand from 2009-10 to 2010-11 is due to the following factors:

Salaries and employee benefits are down $152 thousand in 2010-11 due to severance costs related to retirement in 2009-10 and staff turnover in 2010-11 that resulted in less than full FTE costs during the year.
Professional services costs increased $52 thousand in 2010-11 from 2009-10 due to increased costs related to informatics services and employee training.
Accommodation costs increased in 2010-11 $20 thousand.

Financial Statements

The financial statements can be found on the web site of the Office of the Communications Security Establishment Commissioner

http://www.ocsec-bccst.gc.ca/finance/2010-2011/index_e.php

Other Items of Interest

For further information on the Office of the Communications Security Establishment Commissioner (its mandate, function and history, annual reports etc.) please visit our website: http://www.ocsec-bccst.gc.ca

Contact for Further Information

The Office of the Communications Security Establishment Commissioner can be reached at the following address:

Office of the Communications Security Establishment Commissioner
P.O. Box 1984, Station “B”
Ottawa, ON K1P 5R5

The Office may also be reached:

Telephone: 613-992-3044
Facsimile: 613-992-4096
Email: info@ocsec-bccst.gc.ca

[1]. “Type” is categorized as follows: Previously committed to—committed to in the first or second fiscal year before the subject year of the report; Ongoing—committed to at least three fiscal years before the subject year of the report; and New—newly committed to in the reporting year of the Departmental Performance Report.

[2]. See Public Accounts of Canada 2010, http://www.tpsgc-pwgsc.gc.ca/recgen/txt/72-eng.html.