2011-2012 Departmental Performance Report

Download in PDF format

Table of Contents

Commissioner's Message

I am pleased to present to Parliament and Canadians the Departmental Performance Report of the office of the Communications Security Establishment Commissioner (Commissioner's office) for the fiscal year ending March 31, 2012.

During the year, I submitted seven reports to the Minister of National Defence and I was able to report that the activities of the Communications Security Establishment Canada (CSEC) examined during the year complied with the law. Each review includes an assessment of CSEC's activities against criteria that encompass compliance with legal and ministerial requirements as well as with CSEC's own policies and procedures. There were a number of findings where I suggested CSEC could improve certain policies and practices to strengthen compliance and protection of privacy. CSEC's actions to address these findings will be monitored in 2012-13. In addition, some reviews did not receive the expected level of support from CSEC and as a result suffered excessive delays. CSEC committed to correcting the situation and I can report that it has done so in the new fiscal year.

CSEC provides, in accordance with its mandate, assistance to other members of Canada's security and intelligence community such as the Canadian Security Intelligence Service (CSIS). In this regard, I will continue to work on finding ways of making the reviews completed by my office and the Security Intelligence Review Committee more complementary in order that I may satisfy myself that the privacy of Canadians is protected and that no activities in which CSEC and CSIS are jointly involved elude review.

In mid-November 2011, CSEC became an autonomous body in the National Defence Minister's portfolio, with departmental status. The Chief now reports directly to the Minister and there is no longer a requirement to report to the National Security Advisor to the Prime Minister. I will be vigilant for any weakening of CSEC's accountability and compliance control framework that might result from its new autonomy.

Part of my mandate includes responding to complaints, by investigation if need be, that CSEC has engaged, or is engaging, in unlawful activity or is not taking measures to protect the privacy of Canadians. During fiscal year 2011-12, there were no complaints that warranted investigations.

I also have a duty under the Security of Information Act to receive information from persons who are permanently bound to secrecy seeking to defend the release of special operational information on the grounds that it is in the public interest. No such matters were reported to me during 2011-12.

As in my Annual Report, I must raise once again the matter of clarifying certain provisions of the National Defence Act, something my predecessors and I have proposed repeatedly. I concede that this is a matter of opportunity and political context. But I confess to being deeply disappointed at the time that has passed without addressing the ambiguities in the Act, a process which, to my mind, should raise no controversy.

The title I have been given, Commissioner of the Communications Security Establishment, gives the impression that I am part of CSE, whereas, on the contrary, and for reasons that led to my position being created in the first place, I am entirely independent. I have asked that this unfortunate designation be corrected.

CSEC is a highly technical organization, and my office is expected to keep pace with the rapid technological changes affecting CSEC's activities. For this reason, CSEC includes my employees in CSEC training, including introductory courses CSEC provides to new employees and training for the use of specific systems and databases. My staff also makes presentations to CSEC employees on the Commissioner's role.

In the fall of 2011, my office delivered a second review workshop to provide formalized training to staff new to the review function. Individuals participating came from my office, the Security and Intelligence Review Committee, the Office of the Inspector General of the Canadian Security Intelligence Service, and the Commission for Public Complaints Against the Royal Canadian Mounted Police.

The expansion of the physical space of the office is well underway. Once completed, I will not only be able to meet the initial space requirements resulting from the complete financial independence of my office in 2008 but also be able to accommodate an increase in the capacity of the office to meet the growth in CSEC. 

I would be remiss if I did not thank my review staff, for the professional manner in which they conducted themselves in carrying out the reviews as well as my corporate services team for excellence in provision of support services to the office. Overall efforts are a demonstration of their high level of commitment and dedication to supporting the mandate with which I am charged.

I am pleased with the results achieved by my office in 2011-12. I have been able to provide to the Minister of National Defence, and to all Canadians, assurance that CSEC is complying with the law and protecting the privacy of Canadians.

The Honourable Robert Décary, Q.C.
Commissioner
September 13, 2012

Section I: Organizational Overview

Raison d'être

My mandate is to ensure that CSEC performs its duties and functions in accordance with the laws of Canada. This includes having due regard for the privacy of Canadians. The Commissioner's office exists to support the Commissioner in the effective discharge of his mandate.

Responsibilities

The mandate of the Commissioner under the National Defence Act consists of three key functions:

There is a further responsibility under the Security of Information Act of receiving information from persons who are permanently bound to secrecy if they believe it is in the public interest to release special operational information about CSEC.

The relevant sections of the National Defence Act and the Security of Information Act relating to mandate and responsibilities are set out below:

Under the National Defence Act:

273.63(2)

a) to review the activities of the CSEC to ensure they comply with the law;

b) in response to a complaint, to undertake any investigation that the Commissioner considers necessary; 

c) to inform the Minister of National Defence and the Attorney General of Canada of any activity of Communications Security Establishment Canada that the Commissioner believes may not be in compliance with the law;

273.65(8)

to review and report to the Minister as to whether the activities carried out under a ministerial authorization are authorized;

273.63(3)

to submit an annual report to the Minister on the Commissioner's activities and findings within 90 days after the end of each fiscal year;

and under the Section 15 of the Security of Information Act:

to receive information from persons who are permanently bound to secrecy and who seek to defend the release of classified information about Communications Security Establishment Canada on the grounds that it is in the public interest.

The first Commissioner of the Communications Security Establishment was appointed by Order in Council pursuant to Part II of the Inquiries Act on June 19, 1996.  The original mandate of the Commissioner was to review the activities of the Communications Security Establishment Canada (CSEC) to ensure that they were in compliance with the law and to investigate complaints about CSEC's activities.  Following the terrorist attacks in the United States, Parliament adopted the Anti-terrorism Act, which came into force on December 24, 2001.  This Act amended the National Defence Act (NDA) by adding Part V.1 and creating legislative frameworks for both the CSEC and the Commissioner.  The Commissioner was also given a new duty pursuant to the Security of Information Act, as noted above.

The Commissioner's office can be most aptly described as a micro-agency.  Operating out of Ottawa, the office currently has 8 employees with an operating budget slightly in excess of $2 million.  It should be noted that the National Defence Act provides the Commissioner with independent hiring authority, and accordingly, the Commissioner's office functions as a separate employer.

Strategic Outcome and Program Activity Architecture (PAA)

The strategic outcome of the Office of the Communications Security Establishment Commissioner is that the CSEC performs its duties and functions in accordance with the laws of Canada.  This includes safeguarding the privacy of Canadians. The OCSEC has two program activities – its review program and internal services.

The relationship of the program activities, the priorities and the strategic outcome is illustrated in the diagram below.

Strategic Outcome and Program Activity Architecture (PAA)

Organizational Priorities

For 2011-2012, the Commissioner's office had two priorities - improving the effectiveness and efficiency of the review program and improving stewardship.

Summary of Progress Against Priorities
PriorityType[1]Strategic Outcome(s) and/or Program Activity(ies)
Progress: The effectiveness and efficiency of the review program has improved.  Horizontal reviews have been introduced increasing both the extent and depth of review. There is a need to increase review capacity.  
Improving the effectiveness and efficiency of the review program Ongoing
  • CSEC operating in accordance with the law and safeguarding the privacy of Canadians
  • Review Program
Summary of Progress Against Priorities
PriorityTypeProgram Activities
Progress: Management practices continued to improve in both activities. 
Improving stewardship Ongoing
  • Review program
  • Internal services

Risk Analysis

The need continues for legislative amendments to the National Defence Act, to eliminate ambiguities identified by my predecessors and myself.  As noted in a previous annual report of this office, "…the length of time that has passed without producing amended legislation puts at risk the integrity of the review process." 

CSEC is now autonomous, a separate department reporting directly to the Minister of National Defence.  There is no longer a requirement for CSEC to report to the National Security Advisor to the Prime Minister where CSEC operations and policies were subject to a broader government perspective on national security.  This new autonomy will need to be watched to ensure there is no weakening of accountability and the existing control framework in CSEC. 

The size and complexity of CSEC operations is a concern of the Commissioner.

The Commissioner's office must respond effectively to changes in CSEC in order to be able to provide advice to the Commissioner who in turn provides assurances to the Minister and ultimately to all Canadians that CSEC activities are in compliance with the law and that the privacy of Canadians is protected.  For the Commissioner's office, this means having sufficient review resources in place to complete the necessary reviews.  The review resources must have the appropriate skill sets to complete reviews that are becoming ever more complex. In addition, the Commissioner's office must continue to ensure that its risk management process provides adequate guidance in the selection of CSEC activities for review where the risks to compliance with the legislation and to the privacy of Canadians are most significant. Human resource planning must and will continue to address recruitment, retention, and learning.

The success of the review process depends to a great extent on the cooperation of CSEC.  In late January 2012, a new Chief was appointed to CSEC.  An intensive information session was organized in order to present him with the details and precisions on how the review mandate is discharged under the Act.  As well, CSEC includes my employees in CSEC training, including introductory courses CSEC provides to new employees and training for the use of specific systems and databases. The Commissioner's office will continue to work with CSEC to maintain an effective working relationship in order that the individual reviews proceed as efficiently as possible and that the overall review program will be as effective as possible.

The Commissioner's office will continue to work closely with Public Works and Government Services Canada to help ensure that additional secure office space is finally made available in 2012-13 in order that the planned expanded level of review activity can become a reality.

The management control framework for internal services is in place and working. However, efforts continue to address the ever-growing reporting requirements of the central agencies.  In addition, with the likelihood of one additional employee in internal services, roles, responsibilities and work allocation will need to be reviewed and adjusted with a focus on maintaining the control and overall efficiency of the process.

Summary of Performance

2011–12 Financial Resources ($ thousands)
* Excludes amount deemed appropriated to Shared Services Canada, if applicable.
Planned SpendingTotal Authorities*Actual Spending*
2,108 2,363 1,942
2011–12 Human Resources (full-time equivalents [FTEs])
PlannedActualDifference
10 8 2

Delays in construction of additional office space prevented the engagement of additional staff.

Summary of Performance Tables

Progress Toward Strategic Outcome

Strategic Outcome: The Communications Security Establishment Canada performs its duties and functions in accordance with the laws of Canada.  This includes safeguarding the privacy of Canadians
Performance IndicatorsTargets2011–12 Performance
Degree of CSEC compliance with the laws of Canada Maintain or improve the degree of compliance The activities of CSEC examined this year complied with the law.
Extent to which privacy of Canadians is safeguarded Maintain or strengthen the privacy of Canadian identity information Measures are being maintained to protect the privacy of Canadians
Performance Summary, Excluding Internal Services
* Excludes amount deemed appropriated to Shared Services Canada, if applicable.
Program Activity2010–11 Actual Spending2011–12
($ thousands)
Alignment to Government
of Canada Outcome
Main EstimatesPlanned SpendingTotal
Authorities*
Actual
Spending*
CSEC Review Program 1,075 1,358 1,358 1,559 1,052 A safe and secure Canada
Total 1,075 1,358 1,358 1,559 1,052  
Performance Summary for Internal Services
* Excludes amount deemed appropriated to Shared Services Canada, if applicable.
Program Activity2010–11
Actual Spending
2011–12
($ thousands)
Main EstimatesPlanned SpendingTotal
Authorities*
Actual Spending*
Internal Services 525 750 750 804 890

Strategic Environmental Assessment

During 2011–12 the Office of the Communications Security Establishment Commissioner was compliant with the Cabinet Directive on the Environmental Assessment of Policy, Plan and Program Proposals.

Expenditure Profile

Expenditure Profile

Transfers from Treasury Board for severance payments accounted for the difference between total authorities and planned spending.  Delays in construction related to expanded accommodation resulted in actual spending being lower than planned spending.

Estimates by Vote

For information on the Office of the Communications Security Establishment Commissioner's organizational Votes and/or statutory expenditures, please see the Public Accounts of Canada 2012 (Volume II). An electronic version of the Public Accounts 2011 is available on the Public Works and Government Services Canada's websites.

Section II: Analysis of Program Activities by Strategic Outcome

Strategic Outcome

The strategic outcome of the Office of the Communications Security Establishment Commissioner is that the Communications Security Establishment Canada performs its duties and functions in accordance with the laws of Canada.  This includes safeguarding the privacy of Canadians.  This is the sole strategic outcome for the Commissioner's office.

Each year, the Commissioner provides a statement on his findings about the lawfulness of CSEC's activities in general.  Overall, the Commissioner was able to report that the activities of CSEC examined during the year complied with the law.

Program Activity: Review Program

Program Activity Description

The review program includes research, monitoring, planning, the conduct of reviews and the reporting of results.  It also includes consultations and communications with CSEC officials, with other government officials, and senior representatives of the security and intelligence community.

A logic model describing the review program structure is included in Section III – Other Items of Interest.

2011–12 Financial Resources ($ thousands)
* Excludes amount deemed appropriated to Shared Services Canada, if applicable.
Planned SpendingTotal Authorities*Actual Spending*
1,358 1,559 1,052

Total authorities increased due to transfers from Treasury Board for the payment of severance costs.  Actual spending was down as delays in the construction of additional office space prevented the engagement of additional staff in the review program.

2011–12 Human Resources (full-time equivalents [FTEs])
PlannedActualDifference
8 6 2
Program Activity Performance Summary
Expected ResultsPerformance IndicatorsTargetsActual Results
Reviews are completed within targeted time frames as established by the Commissioner % of reviews completed within targeted time frames 80% 86%
Recommendations resulting from the reviews conducted are accepted and implemented % of recommendations implemented 80% No recommendations made
Negative findings are addressed % of negative findings addressed 80% 90%

The office regularly re-examines its performance indicators and targets in an effort to ensure meaningful measurement of its performance.  There is not a large universe of factors to consider in the establishment of a more exact performance measurement framework.  In any given fiscal year, the number of reviews may vary from 5 to 10, the time frames for completion may vary from a few weeks to many months and the number of recommendations per review may vary from zero to several.  The interpretation of results in the determination of the overall performance of the office remains with the Commissioner and whether he is satisfied that he has been able to conduct sufficient review of CSEC activities to allow him to provide assurance to the Minister and Parliament that activities of CSEC he reviews comply with the law.

Performance Summary and Analysis of Program Activity

The office planned to strengthen its review process by continuing to refine its risk assessment process for selecting and prioritizing areas and activities for review.  The refinement of the risk assessment process is ongoing.  It resulted in the development and implementation of horizontal reviews providing the office with greater coverage and more detailed review with the same level of review resources. 

Operational policies and practices were updated and revised to improve the quality of the review process and help to ensure that findings and recommendations are accurate, fair, complete and supportable.

Work on updating the performance measurement framework was deferred until the 2012-13 fiscal year.

Briefings, presentations, training and information sessions continued between the office and CSEC.  The effectiveness of the office's review process is dependent on maintaining a tough but fair relationship, built on a mutual respect of each organization for other.  Subsequent to the appointment of a new Chief at CSEC, an intensive information session was organized in order to present him with the details and precisions on how the review mandate is discharged under the Act.

The office played a significant part in the International Intelligence Review Agencies Conference (IIRAC) held in the spring.  The conference was a major forum for the discussion of issues of mutual interest and concern and the sharing of best practices in review methodologies.

Program Activity: Internal Services

Internal Services are activities and resources that support the needs of the review program as well as other corporate obligations.  They include administration, human resources, financial, information management services, and information technology services.

The office is not a participant in the Federal Sustainable Development Strategy (FSDS).  Formal contributions to the Greening Government Operations targets through the Internal Services program activity will commence in 2012-13.

2011–12 Financial Resources ($ thousands)
* Excludes amount deemed appropriated to Shared Services Canada, if applicable.
Planned SpendingTotal Authorities*Actual Spending*
750 804 890

The increase of actual spending over planned spending was related to the cost of construction for the additional office space.

2011–12 Human Resources (full-time equivalents [FTEs])
PlannedActualDifference
2 2 0

Performance Summary and Analysis of Program Activity

The office is a micro agency, with 8 staff and a budget of slightly in excess of $2 million.  With only 2 staff devoted to internal services, several of the corporate services that are not required on a full-time basis are obtained on a part-time basis through contracts or service level agreements with other government departments. These corporate services include human resources, security, and informatics.  It is important that the office maintains a management framework that ensures that all the internal services are effectively provided to the Commissioner and to the review program. 

In order to meet and keep up with the ever changing internal services environment, the office undertook the following activities:

Lessons Learned

The office must continuously evolve in order to meet the requirements for review necessary for the Commissioner to deliver on his mandate.  The growth and increasing complexity of CSEC operations force the office to seek innovative ways to plan, perform and report on its reviews.  It also forces the office to ensure it possesses the necessary skill sets to complete the required reviews.  Human resource planning must encompass the identification, acquisition and retention of review professionals and it must be executed effectively so that the office can address the complexities of the review environment. 

Section III: Supplementary Information

Financial Highlights

Condensed Statement of Financial Position (Unaudited)
As at March 31, 2012
($ thousands)
  Change
$
2011–122010–11
Total net liabilities (153) (480) (327)
Total net financial assets 225 344 119
Departmental net debt 72 (136) (208)
Total non-financial assets 305 359 54
Departmental net financial position 377 223 (154)
Condensed Statement of Operations and Departmental Net Financial Position (Unaudited)
For the Year Ended March 31, 2012
($ thousands)
  Change
%
2011–122010–11
Total expenses 5.4 1,647 1,563
Total revenues - - -
Net cost of operations before government funding and transfers 5.4 1,647 1,563
Departmental net financial position 244.8 223 (154)

The financial statements can be found on the web site of the Office of the Communications Security Establishment Commissioner.

Other Items of Interest: Logic Model of Review Program

Logic Model of Review Program

For further information on the Office of the Communications Security Establishment Commissioner (its mandate, function and history, annual reports etc.) please visit our website: http://www.ocsec-bccst.gc.ca

Organization Contact Information

The Office of the Communications Security Establishment Commissioner can be reached at the following address:

Office of the Communications Security Establishment Commissioner
P.O. Box 1984, Station "B"
Ottawa, ON  K1P 5R5

The office may also be reached:
Telephone: 613-992-3044
Facsimile: 613-992-4096
Email: info@ocsec-bccst.gc.ca


[1]. Type is defined as follows: previously committed to—committed to in the first or second fiscal year prior to the subject year of the report; ongoing—committed to at least three fiscal years prior to the subject year of the report; and new—newly committed to in the reporting year of the Report on Plans and Priorities or the Departmental Performance Report.

Date modified: