Editorial: How many more security breaches should we accept before getting serious about review mechanisms?

Sajjan_Goodale_Metadata_frame_1285By Monia Mazigh – Last week, something quite unusual happened. Ralph Goodale, the Public Safety minister, alongside his colleague Harjit Sajjan, the Defence Minister, held a scrum in the presence of journalists on Parliament Hill to speak about, respectively, the Security Intelligence Review Committee (SIRC) report and the Office of the Communications Security Establishment Commissioner (OCSEC) report.

But the most unusual thing was to have an official from the OCSEC do the briefing to the journalists, an action that has never been done before. One should remember here that the CSE is a very secretive federal agency and the OCSEC, the organization supposed to watch and report on its activities to parliament, has always suffered from their work being censored by CSE itself.

Even though, we didn’t learn much from the ministers about the two agencies other than what is public knowledge, this attempt at transparency is a positive step but it is certainly not enough.

The bomb that was revealed during that media encounter was that a “software glitch” (I emphasize on how this has been described, as if to minimize the impact or the scope of the information) caused the data collected on Canadians to be unduly shared with the other Five Eyes members without taking sufficient measures to protect individual identities. This information can be email addresses, phone numbers, who knows?

The former Defence Minister, Rob Nicholson, was briefed about that security breach at the time, more than two years ago, but he kept it secret from Parliament and from the Canadian public. Is this acceptable in a democracy? How come no one has called for the resignation of Rob Nicholson yet? Didn’t he mislead the House by keeping this information secret? I am sure that he will respond that at that time he had taken the best decision based on national interest. But how can we really know? Why should we trust his judgement? Why do we have to call this an “honest mistake”? Do we have the evidence to declare so?

Today we have a greater incentive to have a parliamentary oversight that wouldn’t allow this behaviour to happen and perpetuate. And we have another reason to also create a “super SIRC” that would allow review of the work of all agencies involved in national security. So we won’t leave it up to ministers’ discretion to decide on these important files.

Inside the SIRC report, we learned that CSIS, on several occasions, obtained tax information on Canadian citizens without a warrant. SIRC discovered it and recommended to CSIS to correct the situation and follow the proper procedure. But how do we know that the Canadian Border Services Agency isn’t doing the same thing? Or that Transport Canada or Health Canada aren’t also getting information on us without following the proper procedures? Normally, we should trust our institutions but since breaches have already happened, can we still trust them? Can we just rely on the candour and honest judgement of officers and ministers?

With these additional reasons, we ask loudly and yet again for the implementation of Justice O’Connor’s recommendations and for comprehensive, integrated and robust review mechanisms that would monitor the work of all 21 federal departments and agencies that are involved in national security activities, and truly protect Canadians and our rights.