Remarks by Executive Director at the 18th Annual Privacy and Security Conference

18^th Annual Privacy and Security Conference, Victoria, B.C., February 9, 2017

The Commissioner's office Executive Director moderated and spoke on a panel at the 18th Annual Privacy and Security Conference, Victoria, B.C., February 9, 2017. The panel theme was “Privacy, National Security and Accountability: How Can Public Trust Be Ensured?”

Biographical details of the panelists are available on the site.

Comments as moderator

My name is Bill Galbraith. I am the Executive Director of the Office of the Communications Security Establishment Commissioner. The Commissioner, the “watchdog” over the Communications Security Establishment (CSE), is the Honourable Jean-Pierre Plouffe.

You have read, or can quickly, the description in the programme, and I am sure you are all familiar to varying degrees with the theme. It is a critical theme.

A former senior Canadian federal public servant, Richard Fadden, gave a good distillation of the theme last Fall before a parliamentary committee – after he had retired.

In his own description, he said as “someone who has worked in national security and as someone who has worried about accountability and about machinery-of-government issues” – he had been Director of the Canadian Security Intelligence Service and National Security Advisor to the Prime Minister – he continued, “unequivocally, that substantive public confidence in the work of the national security entities is necessary if their work is to be effective.” Those “national security entities” include not only the intelligence and security agencies but also the review or oversight mechanisms.

Trust is at the core, because when we are in a realm that of necessity involves secrecy, raising concerns about privacy, at a certain point trust must enter the equation. But at what point? What can and does instill confidence and trust?

We have represented on our panel many of the key parties involved with this issue, and we welcome our American panelists, to add their perspective. Those parties involved in this issue that may not be represented on the panel I am sure are represented in the audience, and we will have a chance to engage each other in this session. Each panelist will have five minutes for opening remarks.

Remarks as panelist

The office I represent is not necessarily well-known, though certainly more than it was before Edward Snowden came on the scene. Being better known is one thing, but being better understood is quite another. So just a few words about the CSE Commissioner and his role:

• Legislation requires that he be a retired or supernumerary judge of a superior court;
• He is independent and arms-length from government;
• Mandated to review the activities of CSE to ensure it is complying with the law and protecting Canadians' privacy. If he believes CSE is not complying with the law, he is obliged to inform the Minister of National Defence and the Attorney General of Canada; and
• The Commissioner has all the powers under Part II of the Inquiries Act - including power of subpoena.

I'll focus on three points related to trust, based on our experience: the significance of numbers; factual information and detail; and, common understanding of terms in this debate.

Prior to June 2013, there was some public debate about the collection activities of the signals intelligence agencies, particularly the National Security Agency in the United States, with questions spilling over into Canada about CSE activities. But the Snowden disclosures were clearly a watershed.

They raised alarms about privacy and undermined trust, not only in the intelligence agencies but also in the effectiveness of accountability mechanisms.

The impact on the CSE Commissioner's office was significant. We were suddenly in the spotlight and had quickly to adapt to an unprecedented level of media inquiries. One of our biggest challenges was trying to educate, and correct inaccuracies about the Commissioner's mandate and role. As public debate intensified, skepticism ran high and available information low.

The first Snowden disclosures prompted the Commissioner to issue an unprecedented statement, in June 2013, and in it, for the first time, was a reference to "metadata" which up to that point was a classified term, which now seems quite absurd.

Two and a half years ago, the Commissioner's public annual report included for the first time an actual number of private communications CSE had unintentionally intercepted while collecting foreign signals intelligence, and had used and retained at the end of the Ministerial Authorizations one year period.

When the number was published, we observed a significant decline of concern and speculation. It was an object lesson in transparency. The Commissioner continues to disclose that number, as well as others now. However, we're not the only player. The Commissioner pressures CSE to disclose more information.

But criticism and skepticism continue.

We have heard that public trust in intelligence agencies, and by extension review bodies, has been irreparably damaged. If I believed that, I wouldn't be here. The Commissioner looks at how we, as a key player in accountability, can help strengthen that public trust.

Trust is built on transparency, based on factual information.

Although transparency is key, secrecy is an integral part of national security. Most parties in this debate acknowledge a need for secrecy. The question is how much.

When the public learn of mass data collection, they want to know whether it's really necessary and are there adequate privacy safeguards. Explanations would help.

Another challenge is that it's difficult to have a meaningful discussion when various parties are using the same terms but have different understandings of those terms, for example: surveillance; interception; or metadata.

The CBC's Michael Enright recently made the point, referring to his own profession, but which has broad application.

“Too often”, he said, "we media types throw around language without actually knowing what we're talking about. One of my early city editors”, he continued, “once told me: ‘Tell me what the thing is, not what it might be or what it could be, but what it is.'” It is instructive for this debate.

And it is instructive to compare what has been transpiring in the United States and the United Kingdom.

In the U.S., the response to the Snowden disclosures included de-classifying other documents, to provide context. In the U.K., there have been reports that include details and terms not yet used in the Canadian debate, which seems no longer tenable.

A final point, there is currently before our Parliament a bill to establish the National Security and Intelligence Committee of Parliamentarians. CSE Commissioner Plouffe looks forward to working with the committee when it becomes a reality, to help strengthen accountability and public trust.

Thank you.