The Year in Review
Independent Reviews of OCSEC
I was pleased to note that the findings of the administrative review were all positive.
I was pleased to note that the findings of the administrative review were all positive.
In spring 2006, two independent management reviews of my office were commissioned. One focussed on administration, including the management and control of financial, human and information resources. The other dealt with operations, by assessing whether the office carries out the Commissioner's mandated responsibilities efficiently and effectively.
The reports of these management reviews were available to me at the time of my appointment, thus providing me with an independent assessment of my new area of responsibility. I was pleased to note that the findings of the administrative review were all positive. The recommendations of the operational review were discussed in detail at a review workshop held on August 21, 2006, with the review consultants as moderators. The operational review also raised methodology issues which will be briefly referred to later in this report.
Workplan
My office's activities are guided by a regularly updated three-year workplan. To facilitate scheduling, my staff consult with CSE about the review components of this plan. Criteria that determine their selection of topics for review include: CSE activities or programs that have not previously or recently been reviewed; areas identified from briefings requested of CSE; the status of recommendations from previous reviews; and activities where privacy is most likely to be at risk. My staff, who have extensive knowledge of CSE, ask themselves fundamental questions such as: what can go wrong; what is the probability of something going wrong; and what are the consequences if they do go wrong.
Also during the year, considerable staff time and resources were devoted to work on legal interpretation issues, which I have already described in detail above in my discussion of the review environment.
Reviews undertaken of CSE
My general review mandate is set out in paragraph 273.63(2)(a) of the National Defence Act.[16] Under subsection 273.65(8) of the Act, I also have an obligation to review and report to the Minister as to whether the activities carried out under a ministerial authorization are authorized.
Ministerial authorizations for foreign intelligence collection are issued under the authority of subsection 273.65(1) of the National Defence Act, whereas ministerial authorizations for information technology security activities are issued under subsection 273.65(3) of the Act. Reviews of CSE's activities conducted under ministerial authorizations are undertaken only after the ministerial authorization has expired.
During 2006-2007, my office submitted classified reports of four reviews to the Minister. Two of the reviews dealt with CSE's activities conducted under ministerial authorization; one pertained to foreign intelligence collection, while the other concerned information technology security. The other two reviews were conducted under my general mandate, to ensure the activities were in compliance with the law.
[16] Please see Annex A for the text of the relevant sections of the National Defence Act.
- Date modified: