Commissioner's letter to Chief of Communications Security Establishment Canada (CSEC)

Correspondence sent from Commissioner Stoddart to CSEC Chief John Forster on September 20, 2013.

Mr. John Forster, Chief
Communications Security Establishment Canada (CSEC)
PO Box 9703 Terminal
Ottawa, Canada
K1G 3Z4

Dear Mr. Forster,

Thank you for your letter of July 2013 detailing recent media coverage of CSEC activities and your progress in transitioning to independence from Department of National Defence (DND) for the purposes of Treasury Board Secretariat (TBS) policy compliance.  I am pleased to hear that you will be expediting matters and that hopefully your organization will soon have a full Personal Information Bank (PIB) listing in InfoSource.  As you do so, I would like to take this opportunity to encourage you to promote the fundamental principles of accountability and transparency in the process.  Recent events underscore how critically important this is for maintaining Canadians’ confidence in their government.   

Earlier this past summer, my Office was contacted by a dozen separate media outlets after the Globe and Mail reported on CSEC’s meta-data program.  The media had a wide-ranging set of concerns given the described scope of the program.  Given the highly classified nature of the collection and CSEC work, our commentary was but minimal at that time.    

International concerns about the various US surveillance programs and potential involvement of other countries – including Canada – continued throughout the summer and remain on-going today.  As a consequence, surveillance, data security standards and trans-national communications have become the focus of intense public debate.  This coming week I will be attending the 35th International Annual Conference for Data Protection and Privacy Commissioners and fully anticipate surveillance matters and global privacy norms will dominate discussions there.  We anticipate a joint resolution to be issued from that event underscoring the view that open and accountable government is a laudable goal in all contexts, critical for gaining and maintaining the trust of its citizens.

My primary concern, and one I believe is widespread in the privacy community here in Canada, is the lack of openness and transparency regarding the personal information collection and handling practices of some government agencies.  Openness and transparency are essential conditions for effective privacy protection and data governance.  Publishing government data sources of personal information in indexes such as InfoSource or publishing summaries of Privacy Impact Assessments (PIA) online are two obvious means of achieving greater accountability and transparency.

As consequence, we generally recommend clarity and candor to government institutions, particularly when they are engaged in invasive activities or sensitive programs that can impact public trust.  We also argue that strong oversight and a clear commitment to rigorous privacy governance are critical in the context of security and intelligence operations.  While we fully acknowledge this can be challenging, it is important for citizens, Parliamentarians and the media to better understand how surveillance measures affect them.  Even the challenging work with which CSEC is charged can benefit from such dialogue in my view.

As you know, our Office has a statutory mandate to oversee compliance with the Privacy Act.  This applies to over 250 federal departments and agencies.  With limited exceptions, those obligations also apply to government security and intelligence activities.  That said, Commissioner Décary, Commissioner of CSEC, also has a direct mandate under the National Defence Act of overseeing CSEC’s activities, including its personal information management practices. 

For this reason, I met with him this past June in order to discuss our mutual concerns around the lack of transparency with respect to CSEC’s activities.  Commissioner Décary put it most eloquently in his final report to Parliament when he wrote about the need to “demystify, within the unavoidable constraints of national security and public safety, the culture of secrecy pervading the activities of security and intelligence agencies ... the greater the transparency, the less sceptical and cynical the public will be.”  There are great benefits for government institutions in committing to a more open dialogue with industry, professionals and stakeholders. 

In conclusion, we believe that public trust is critical to any endeavour of government, including its intelligence and security mandates.  We strongly encourage CSEC to be as visible and forthright as possible in the public debate now unfolding.  To that end, if there is any opportunity for my staff to assist you as you continue to work on privacy-related issues, please do not hesitate to contact us.  In the meantime, we continue to monitor this issue closely, as mediating the privacy impact of public safety measures is a principal policy focus of my organization.


Original signed by

Jennifer Stoddart
Privacy Commissioner of Canada

c.c.: The Honourable Robert Décary, CSEC Commissioner

Related Documents

Response from Chief of Communications Security Establishment Canada (CSEC)

Date modified: