ARCHIVED - Office of the Communications Security Establishment Commissioner - Report

This page has been archived.

2012-13
Report on Plans and Priorities

Office of the Communications Security Establishment Commissioner

The original version was signed by
The Honourable Peter Gordon MacKay, P.C., M.P.
Minister of National Defence

---

Table of Contents

Message from the Commissioner

Section I: Overview of the Office

• Raison d'être
• Strategic Outcome and Program Activity Architecture
• Risk Analysis
• Planning Summary 
• Estimates by Vote

Section II: Analysis of Program Activities by Strategic Outcome

• Strategic Outcome
• Program Activity Description
• Commissioner's Office Review Program – Logic Model
• Program Activity: Internal Services
• Planning Highlights

Section III: Supplementary Information

• Financial Highlights

Section IV: Other Items of Interest

• Contact Information

Message from the Commissioner

I am pleased to present the 2012-2013 Report on Plans and Priorities for the Office of the Communications Security Establishment Commissioner (the office), my second as Commissioner. This report details the plans and priorities of my office over the next three years.

To maintain its effectiveness and to fulfill my mandate, my office must respond to many challenges, including: constantly changing technology used by Communications Security Establishment Canada (CSEC); shifting priorities of CSEC, in response to government  priorities and to global conflict and turmoil; and ongoing threats to our free and democratic society that require constant vigilance to reconcile the right to privacy and the government's obligation to protect that right and to ensure the country's security.  I will continue to assess the capacity of my office, the skill sets it possesses and its ability to perform studies and reviews to ensure I am able to adequately review the activities of CSEC whose resources continue to grow. The review results will enable me, as Commissioner, to provide assurance to the Minister of National Defence, who is accountable for CSEC, and through him to Parliament and all Canadians, that CSEC complies with the law in fulfilling its legislated mandate and does so while protecting the privacy of Canadians.  Should I find an instance where I believe CSEC may not have complied with the law, I am required by legislation to inform the Minister and the Attorney General.   

My office will continue to maintain a professional and effective working relationship with CSEC.  Essential elements to effectively fulfilling my mandate include: the determination of risk, that is determining those CSEC activities where risk to compliance and to privacy is greatest; the development of a review work plan to address the areas of greatest risk; remaining aware of changes in programs, policies, procedures and technology; the conduct of reviews, and the development of recommendations as appropriate to address shortcomings in a timely and effective manner. 

My office will also continue to play a role promoting increased contact and sharing of best practices among review agencies, both nationally and internationally.  As well, the office will further strengthen its management and administrative practices to improve its stewardship over its resources and comply with the financial and administrative policies and directives of the central agencies.    

Hounourable Robert Décary, Q.C.

Commissioner

March 27, 2012

Section I: Overview of the Office

Raison d'être

The position of Communications Security Establishment Commissioner was created to review the activities of Communications Security Establishment Canada (CSEC) to determine whether it performs its duties and functions in accordance with the laws of Canada.  This includes having due regard for the privacy of Canadians.  The Commissioner's office exists to support the Commissioner in the effective discharge of his mandate.

Responsibilities

The duties of the Commissioner are set out under subsections 273.63(2) and (3) and 273.65(8) of the National Defence Act (NDA):

NDA 273.63(2)

1. to review the activities of the Establishment [CSEC] to ensure that they are in compliance with the law;
2. in response to a complaint, to undertake any investigation that the Commissioner considers necessary; 
3. to inform the Minister of National Defence and the Attorney General of Canada of any activity of the Establishment that the Commissioner believes may not be in compliance with the law;

NDA 273.63(3)

... within 90 days after the end of each fiscal year, submit an annual report to the Minister on the Commissioner's activities and findings ...;

NDA 273.65(8)

... review activities carried out under an [ministerial] authorization .... to ensure that they are authorized and report annually to the Minister on the review; 

Additionally, under Section 15 of the Security of Information Act, the Commissioner is mandated:

to receive information from persons who are permanently bound to secrecy and who seek to defend the release of classified information about Communications Security Establishment Canada on the grounds that it is in the public interest.

Strategic Outcome and Program Activity Architecture

The strategic outcome of the Office of the Communications Security Establishment Commissioner is that the CSEC performs its duties and functions in accordance with the laws of Canada.  This includes safeguarding the privacy of Canadians. 

The office has two program activities – its review program and internal services.

Program Activity Architecture

Concerning the relationship between the two activities, the internal services program activity provides all of the administrative and operational support required by the review program.  The review program activity works towards the achievement of the strategic outcome.

Office Priority

The major priority of the office remains unchanged from the previous year:

• improve the effectiveness and efficiency of the review program.

Priority	Type[1]	Strategic Outcome(s) and/or Program Activity(ies)
Improve the effectiveness and efficiency of the review program	Ongoing	The Communications Security Establishment Canada performs its duties and functions in accordance with the laws of Canada.  This includes safeguarding the privacy of Canadians.
Status
Why is this a priority? The office does not have the resources to review all activities each year.  As a result, the review program has to be effective – identify areas of greatest risk, schedule reviews to ensure the availability of the appropriate skill sets, and deliver meaningful results that can be implemented in a timely manner.  The review program also has to be efficient – the review process must use its scarce resources in a cost-effective manner, review tools and techniques must contribute to the delivery of timely reports and internal systems must support the review program throughout the process.  By being effective and efficient, the office can address the areas of greatest risk on a timely basis and provide the necessary assurance to the Minister of National Defence, Parliamentarians and ultimately all Canadians that the Communications Security Establishment Canada performs its duties and functions in accordance with the laws of Canada, including safeguarding the privacy of Canadians. Plans for meeting the priority Continue receiving briefings from CSEC to gain further appreciation of its management monitoring and operational environments, and significant changes to them; Review and refine the criteria used to assess risk and to develop the work plan; Increase the number of review resources; and Train and develop review resources and provide them with the necessary tools and techniques to complete their reviews in a comprehensive and efficient manner.

Risk Analysis

The office has the same strategic outcome and programs as the previous year.  The plans and priorities have remained relatively unchanged.  Despite this relative constancy, the office must address a number of issues.

• Separate departmental status of CSEC
• Ambiguities in the legislation – the office continues to wait for amendments to clarify ambiguities in the National Defence Act.
• Changing technologies – communication technologies are constantly evolving.  As much as CSEC, in the acquisition and use of information, must respond to these changes, so too must my office in assessing risk, in selecting activities for review and in conducting reviews.  
• CSEC must continuously evolve its foreign intelligence collection, products and services to effectively respond to Government of Canada requirements.  My office must evolve its review methodologies to ensure that it remains able to identify areas of greatest risk and to conduct its reviews in a meaningful manner.
• The office must have and maintain the capacity to complete meaningful, relevant, reliable and timely reviews of CSEC's activities.  As a micro-agency, that is also a separate employer, it can be a challenge to attract individuals who possess the required knowledge and experience of the security and intelligence community, with requisite security clearances, and the willingness to be employed outside the Public Service proper.
• Capacity must continue to be addressed by improving the review methodology and the tools employed by the review officers.  In addition, training will continue to be used to update review skill sets to improve the effectiveness and efficiency of the review program.
• Accommodation - The office will not occupy any additional secure office space during 2011-12.  Additional review staff cannot be engaged without additional secure office space for them to work in.  It now appears that the space will be available mid 2012-13.
• Compliance - The requirements of the central agencies continue to evolve and change.  As a result, efforts must continue to ensure that the financial, administrative, information, security and human resource systems meet the needs of management as well as the requirements of the central agencies.   
• The success of the review program depends to a great extent on the cooperation of CSEC.  The office will continue to work with CSEC, including holding annual roundtable meetings, to optimize the review process while minimizing adverse impacts on CSEC's operations.  Discussions on plans, findings and recommendations of individual reviews will also continue with CSEC to ensure that reviews proceed as efficiently as possible and are completed in a timely manner.

Planning Summary

Office Resources

Financial Resources (thousands of dollars)

2012–13	2013–14	2014–15
2,105	2,105	2,105

The financial resources table above provides a summary of the total planned spending for the office for the next three fiscal years.

Human Resources

2012–13	2013–14	2014–15
10	11	11

The human resources table above provides a summary of the total planned human resources for the office for the next three fiscal years.  This includes the Commissioner and 9 staff in 2012-13 and the Commissioner and 10 staff in 2013-14 and 2014-15.

Deficit Reduction Action Plan

Please note that information on deficit reduction action plan measures is not included in this document. The information contained in this report will provide a baseline for future reporting on the impacts of the deficit reduction action plan for fiscal year 2012-13. Please reference the 2012-13 Departmental Performance Report for additional information regarding the implementation of the deficit reduction action plan.

Planning Summary Table

Program Activity	Forecast Spending 2011–12	Planned Spending			Alignment to Government of Canada Outcomes
		2012–13	2013–14	2014–15
Review Program	1,300	1,455	1,455	1,455	Safe and secure Canada
Total Planned Spending		1,455	1,455	1,455

Program  Activity	Forecast Spending 2011–12	Planned Spending
		2012–13	2013–14	2014–15
Internal Services	600	650	650	650
Total Planned Spending		650	650	650

Expenditure Profile

Departmental Spending Trend

In 2008-09, the office became an agency of government and received its first appropriation from Parliament of approximately $1.5 million.  

In 2009-10, the level of funding increased to $2.1 million.  The additional funding was to provide the office with sufficient funding to operate as a separate agency and at the same time expand the review program, acquire additional office space, and increase the administrative support necessary to support the expanded review program and the additional requirements resulting from full, independent status.  The total spending during 2009-10 was $1.5 million.  Costs related to the acquisition and set-up of additional office space and the expansion of the review program were not incurred during the 2009-10.

In 2010-11, the expenditures were $1.6 million.  However, delays not imputable to the office in the acquisition and set-up of additional office space, and the consequent delays to the expansion of the review program, may result in expenditures at a lower level. 

The forecast spending for fiscal year 2011-12 is 1.9 million.  The estimated cost of construction related to the set-up of additional office space, which started in the last quarter of 2011-12 is $300 thousand in 2011-12 and is the primary cause for the expenditure increase from the previous year. 

The planned spending for fiscal years 2012-13, 2013-14 and 2014-15 are constant at $2.1 million.  The cost to finish the construction and fit-up of the additional office space is estimated at $600 thousand in 2012-13.  In 2013-14 and 2014-15, it is anticipated that the review program and internal services will expand to "full capacity".  It should be noted that the Commissioner's mandate also includes undertaking any investigation deemed necessary in response to a complaint.  However, if a complaint is received which requires an investigation and formal hearing, it is quite likely that additional funding would have to be requested.  The Commissioner also has a duty under the Security of Information Act to receive information from persons who are permanently bound to secrecy and seek to defend the release of classified information about CSEC on the grounds that it is in the public interest.  No such matters were reported in the past three fiscal years. 

Estimates by Vote

For information on our organizational appropriations, please see the 2012–13 Main Estimates publication.

Section II: Analysis of Program Activities by Strategic Outcome

Strategic Outcome

The strategic outcome of the Office is that the Communications Security Establishment Canada performs its duties and functions in accordance with the laws of Canada.  This includes safeguarding the privacy of Canadians.

The following section describes the office's program activities and identifies the expected results, performance indicators and targets for each of them.  This section also explains how the office plans on meeting the expected results and presents the financial and non-financial resources that will be dedicated to each program activity.

This section will contain a discussion of the office's two Program Activities:

• Review Program

• Internal Services

Additional information on the office's operations, methodology and results can be found on the Commissioner's website (www.ocsec-bccst.gc.ca).

Program Activity Description

Program Activity: Review Program

The review program includes research, monitoring, planning, the conduct of reviews and the reporting of results.  In addition, it also includes consultations and communications with CSEC officials, with other review bodies and other government officials, as required.

Financial Resources ($ thousands)

2012-13	2013-14	2014-15
1,435	1,435	1,435

Human Resources (FTEs)

2012-13	2013-14	2014-15
7	8	8

Program Activity Expected Results	Performance Indicators	Targets
Reviews are completed within targeted time frames as established by the Commissioner	% of reviews completed within targeted time frames	80%
Recommendations resulting from the reviews conducted are accepted and implemented	% of recommendations implemented	80%
Negative findings addressed	% of negative findings addressed	80%

Commissioner's Office Review Program – Logic Model

The following logic model provides a graphic description of how the review program functions.

Planning Highlights

In order to achieve the expected result, the office plans to undertake the following activities:

• The Commissioner remains prepared to speak to amendments to the National Defence Act when they are introduced in Parliament.      
• The office will strengthen its review process by:
  • continuing to review and strengthen the risk assessment process for selecting and prioritizing areas and activities for review;
  • updating its operational policies and practices to improve the quality of its review process in order to ensure that its findings and recommendations are accurate, fair, complete and supportable; 
  • providing training and mentoring opportunities for the review staff to upgrade their skill sets related to the effective performance of reviews;
  • expanding the capacity of the review process by adding an additional full-time review officer.
• A pre-requisite to the effectiveness of the office's review process and the successful discharge of its mandate is a professional, tough but fair working relationship with CSEC.  Briefings, presentations, training, information sessions, roundtables will be continued between the two organizations.
• Canada is hosting in the spring of 2012 the International Intelligence Review Agencies Conference. The office will be contributing substantially to the conference, which is a major forum for the discussion of issues of mutual interest and concern, and the sharing of best practices in review methodologies.

The office's review program activity supports the Commissioner in his ability to provide assurance to the Minister and through him to Parliament and to all Canadians that the activities undertaken by CSEC are in compliance with the law and that the privacy of Canadians has been safeguarded.  If the Commissioner determines that CSEC may not have complied with the law, he is required by legislation to inform the Minister and the Attorney General.

Program Activity: Internal Services

Internal Services are those operations and resources that support the needs of the office's review program and respond to the requirements of the central agencies.  These operations include administration, human resources, finance, security, information management, and information technology.

Program Activity: Internal Services
Human Resources and Planned Spending ($ thousands) 

2012–13		2013–14		2014–15
FTE's	Planned Spending	FTE's	Planned Spending	FTE's	Planned Spending
3	650	3	650	3	650

Planning Highlights

The office is a micro agency with 3 planned resources devoted to internal services.  Several of the internal services that are not required on a full-time basis are provided through contractual arrangements with specialized service providers – security, informatics and technical services, human resources and finance. 

It is important that the office maintains a management and operational framework that ensures that all the internal services are effectively provided to the Commissioner and to the review program while at the same time is capable of responding to the ever growing demands of the central agencies for increased transparency and accountability. 

In order to effectively meet both the internal and external demands on internal services, the office plans to undertake the following activities:

• define more clearly roles and responsibilities for all internal services;
• provide for training programs for staff to ensure that all internal services can be delivered effectively, efficiently and in compliance with the requirements of the central agencies;
• create and/or update administrative policies and procedures;
• establish a performance measurement framework to adequately address the delivery of internal services;
• work closely with PWGSC to ensure that the fit-up of the additional office space is completed during 2012-13.

Section III: Supplementary Information

Financial Highlights

Additional information on the office's Future-oriented Statement of Operations can be found on the web site of the Office of the Communications Security Establishment Commissioner (www.ocsec-bccst.gc.ca).

Future-oriented Condensed Statement of Operations for the Year Ended March 31 ($ thousands)

	$ change	Future-oriented 2012–13	Future-oriented 2011–12
Expenses	238	1,752	1,514
Total Expenses	238	1,752	1,514
Cost of Operations	238	1,752	1,514

Future-oriented Condensed Statement of Financial Position for the Year Ended March 31 ($ thousands)

	$ Change	Future-Oriented 2012-13	Future-Oriented 2011-12
Total assets	440	1,149	709
Total liabilities	(26)	(214)	(188)
Equity	(414)	(935)	(521)
Total	(440)	(1,149)	(709)

Section IV: Other Items of Interest

Contact Information

The Office of the Communications Security Establishment Commissioner can be reached at the following address:

Office of the Communications Security Establishment Commissioner
P.O. Box 1984, Station "B"
Ottawa, ON
K1P 5R5

The Office may also be reached:

Telephone:  613-992-3044
Facsimile:  613-992-4096
Email:  info@ocsec-bccst.gc.ca

For further information on the Office of the Communications Security Establishment Commissioner, its mandate and function, please visit our website: www.ocsec-bccst.gc.ca

---

[1]. Type is defined as follows: previously committed to—committed to in the first or second fiscal year prior to the subject year of the report; ongoing—committed to at least three fiscal years prior to the subject year of the report; and new—newly committed to in the reporting year of the RPP or DPR.