Introduction

This is my second annual report as Communications Security Establishment Commissioner, and its publication occurs at the mid-point in my three-year term.

I seek assurance of compliance with the spirit of the law,and not just the letter.

The fact that I am halfway through my first mandate gives me pause for reflection. Like my predecessors, I seek assurance of compliance with the spirit of the law, and not just the letter. In this regard, I am concerned with situations where lack of compliance with the law may arise, and I tailor my recommendations to safeguard against that possibility. If I determine there may not have been compliance with the law, I must of course inform the Minister of National Defence and the Attorney General of Canada.

This leads me to contemplate one of my personal preoccupations—the role of the individual in doing the right thing. In the case of the Communications Security Establishment Canada (CSEC),[1] the people who are doing the work must have more than just technical ability. They must also have a fundamental respect for the rule of law and for democracy, which includes a reasonable expectation of privacy for all Canadians. CSEC's organizational culture must reflect these values, and CSEC must develop and follow policies and procedures that flow from the law and the values.

It is very clear to me that as a result of the terrorist acts of 2001, as well as subsequent terrorist activities, many Canadians continue to live with a heightened sense and level of risk, and there is little likelihood that these will diminish. This places a greater burden on people such as those employed at CSEC, because the government relies upon them to go beyond the mechanical aspects of information collection. They are called upon to reach for information that will support good decision making and thereby protect Canadians, but in a way that safeguards privacy.

During the past year, I may at times have been critical of certain of CSEC's practices that, in my opinion, could be strengthened. I hold the view, however, that the striking point of the last several months has been the CSEC Chief's handling of an operational issue that came to light at the end of 2006 that had the potential for non-compliance. The Chief informed me about the matter at once, and has kept me apprised on a regular basis of all corrective steps taken. CSEC management's measured response addressed the needs of the organization, and was at the same time respectful of the people who serve in it, while leaving no doubt as regards their obligations.

---

[1] The name was changed to Communications Security Establishment Canada effective September 27, 2007, in order to comply with the Government of Canada's Federal Identity Program.