2014-2015 Report on Plans and Priorities

Commissioner's Message

I am pleased to present the 2014-2015 Report on Plans and Priorities for the Office of the Communications Security Establishment Commissioner (the office), my first as Commissioner. This report details the plans and priorities of the office over the next three years.

My mandate and my responsibilities remain virtually unchanged from year to year. As Commissioner, I am required to review the activities of the Communications Security Establishment Canada (CSEC), and, annually, to provide assurance to the Minister of National Defence, who is accountable for CSEC, and through him to Parliament and to all Canadians, that CSEC complies with the law in fulfilling its legislated mandate and in so doing protects the privacy of Canadians. Should I find an instance where I believe CSEC may not have complied with the law, I am required by legislation to inform the Minister and the Attorney General. This report on plans and priorities describes what the office will be doing to ensure the review program remains effective in response to changes in the priorities of the government and CSEC.

The office will continue to engage, develop and train its review professionals and provide them with the tools and practices necessary to conduct timely and comprehensive reviews and studies.  It will also continue to refine its review criteria in order to be able to identify areas within CSEC activities that pose the greatest risk to compliance with the laws of Canada and to safeguarding the privacy of Canadians.

The office will continue to promote and participate in exchanges with other review agencies both nationally and internationally. These exchanges present opportunities to benefit from best practices which will contribute to the quality and efficiencies of our own reviews.

The current public and media interest in the review and oversight of CSEC requires that the office increase communications to help ensure that public discourse is based on fact and on as fulsome information as possible within the confines of the Security of Information Act.

As always, the office will continue to look at how it provides its internal services program with a view to improving the quality, cost and timeliness of the services provided to the review program while respecting the compliance requirements of the central agencies.

The Honourable Jean-Pierre Plouffe

Commissioner

January 31, 2014

Section I: Organizational Expenditure Overview

Organizational Profile

Minister: The Honourable Robert Nicholson

Deputy head: The Honourable Jean-Pierre Plouffe

Ministerial portfolio: National Defence

Year established: June 19, 1996

Main legislative authorities:

National Defence Act[i] ; Inquiries Act[ii]; Security of Information Act[iii]

Other: April 1, 2008 the Commissioner's office was granted its own appropriation

Organizational Context

Raison d'être

The position of Communications Security Establishment Commissioner was created to review the activities of Communications Security Establishment Canada (CSEC) to determine whether it performs its duties and functions in accordance with the laws of Canada.  This includes having due regard for the privacy of Canadians.  The Commissioner's office exists to support the Commissioner in the effective discharge of his mandate.

Responsibilities

The duties of the Commissioner are set out under subsections 273.63(2) and (3) and 273.65(8) of the National Defence Act (NDA):

NDA 273.63(2)

1. to review the activities of the Establishment [CSEC] to ensure that they are in compliance with the law;
2. in response to a complaint, to undertake any investigation that the Commissioner considers necessary; 
3. to inform the Minister of National Defence and the Attorney General of Canada of any activity of the Establishment that the Commissioner believes may not be in compliance with the law;

NDA 273.63(3)

... within 90 days after the end of each fiscal year, submit an annual report to the Minister on the Commissioner's activities and findings ...;

NDA 273.65(8)

... review activities carried out under an [ministerial] authorization .... to ensure that they are authorized and report annually to the Minister on the review;

Additionally, under Section 15 of the Security of Information Act, the Commissioner is mandated:

to receive information from persons who are permanently bound to secrecy and who seek to defend the release of classified information about Communications Security Establishment Canada on the grounds that it is in the public interest.

Strategic Outcome and Program Alignment Architecture (PAA)

1 Strategic Outcome: TheCommunications Security Establishment Canadaperforms its duties and functions in accordance with the laws of Canada and with due regard for the privacy of Canadians.

1.1  Program: Review Program

Internal Services

Organizational Priorities

Priority	Type[1]	Strategic Outcome(s) and/or Program(s)*
Improve the effectiveness and efficiency of the review program	Ongoing	The Communications Security Establishment Canada performs its duties and functions in accordance with the laws of Canada.  This includes safeguarding the privacy of Canadians.
Description
Why is this a priority? The review program in its design and application must address two significant issues – the size of CSEC operations relative to the size of the office and the changing technology that CSEC must employ in order to be successful in the pursuit of its lawful mandate. By addressing the effectiveness and efficiency of the review program, the office can address these issues. In its design, the review program must be comprehensive, responsive, independent and reliable. The application of the review methodology, based on standard and accepted audit practices adapted to review, must provide the structure, processes and practices to be followed by review officers during the conduct of their reviews.  The review officers must maintain skill levels. Subject matter experts are employed to supplement existing review skill sets, on a part-time basis, to address specific and highly technical review areas. Reviews must be performed and completed in a timely manner and on a professional basis. The results and recommendations must be based on rigorous, balanced and comprehensive review that encourages acceptance and implementation by CSEC. Overall, the review program must be capable of generating sufficient information to enable the Commissioner to provide assurance to the Minister of National Defence, Parliamentarians and ultimately to all Canadians that the Communications Security Establishment Canada performs its duties and functions in accordance with the laws of Canada, including safeguarding the privacy of Canadians. The review program of the office must continuously review its processes and remain abreast of changes in CSEC's structure and activities. The review program does not have the resources to review all CSEC activities each year, which would not be a reasonable approach. Instead, the review program is designed to identify which CSEC activities pose the greatest risk to non-compliance with the laws of Canada and to the privacy of Canadians. Reviews must be scheduled to address the areas of greatest concern while ensuring the availability of the appropriate skill sets within the office.

Priority	Type[2]	Strategic Outcome(s) and/or Program(s)*
Improve the effectiveness and efficiency of the review program	Ongoing	The Communications Security Establishment Canada performs its duties and functions in accordance with the laws of Canada.  This includes safeguarding the privacy of Canadians.
Description
What are the plans for meeting this priority? Maintain an effective working relationship with CSEC in order to fully understand its management, operational and control frameworks and any changes being made to them; Continuously review and refine the criteria used to assess risk, to identify areas of significance and relevance, to set priorities and to develop the review work plan required to provide the appropriate coverage necessary to permit assurances to the Minister; Train and develop review resources and provide them with the necessary tools and techniques to complete their reviews in a comprehensive and efficient manner; Provides to the review professionals a career path and opportunities for advancement to the extent possible; Perform joint reviews of certain activities, where possible; Expand efforts to further educate the public on the mandate of the office and how it operates, all within the constraints of national security, and provide further opportunities for discussion and exchange of ideas with outside experts in the fields of national security and privacy; and Further promote sharing of perspectives and practices with international partners to enhance review and oversight.

Risk Analysis

Key Risks

Risk	Risk Response Strategy	Link to Program Alignment Architecture
Deterioration of working relationship with CSEC	Continue to work on a professional basis with all levels of CSEC management to increase our knowledge of CSEC priorities, legal, policy and management issues of significance. Continue to engage with management and staff of review areas on review plans, findings and recommendations to help ensure that reviews are effective and recommendations, where made, will be implemented.	The Communications Security Establishment Canada performs its duties and functions in accordance with the laws of Canada.  This includes safeguarding the privacy of Canadians.
Review coverage inadequate to provide assurance to the Minister	Continue to review and refine the criteria to identify areas of greatest risk of non-compliance with the laws of Canada. Incorporate sufficient flexibility in the work plan to allow for changing review priorities to be addressed on a timely basis. Continue to improve review methodologies and practices to ensure that reviews are well planned, conducted and reported upon. Continue to explore collaboration with other review bodies. Provide professional development opportunities to allow for review skill sets to be strengthened and expanded.	The Communications Security Establishment Canada performs its duties and functions in accordance with the laws of Canada.  This includes safeguarding the privacy of Canadians.
Loss of confidence by the public that CSEC is under rigorous review.	Increase the opportunities for more open and frank discussions with academics and professionals interested in security and intelligence on the role, responsibilities and practices of the office. Provide a more comprehensive website, with a section devoted to questions and answers further describing who we are, what we do and how we do it.	The Communications Security Establishment Canada performs its duties and functions in accordance with the laws of Canada.  This includes safeguarding the privacy of Canadians.

As always, the success of the review program depends on the effectiveness of the relationship between the office and CSEC.  This relationship must be founded on mutual respect and trust and must permeate all aspects of review planning, execution and reporting.  Failure to have such a relationship due to bad faith of either party would compromise the review process, along with the assurances the Commissioner could provide to the Minister and, ultimately, the trust of Parliament and the public that the secret agency is complying with the law.

Failure to identify the areas of greatest risk or to adequately review areas identified as significant and relevant could prevent the Commissioner from being able to provide the Minister with the assurance that CSEC is performing its duties and functions in accordance with the laws of Canada including safeguarding the privacy of Canadians.

There is a need to further inform Parliament and the public on the roles and responsibilities of Canada's security and intelligence agencies and on their respective review bodies.  While acknowledging that there are details that would be inappropriate to disclose, failure to enlighten the public may result in discussions and decisions that are not based on a knowledgeable and thoughtful consideration of all of the facts. 

Planned Expenditures

Budgetary Financial Resources (Planned Spending—dollars)

2014-15 Main Estimates	2014-15 Planned Spending	2015-16 Planned Spending	2016-17 Planned Spending
2,024,288	2,024,288	2,034,288	2,124,288

Human Resources (Full-time equivalents—FTEs)

2014-15	2015-16	2016-17
11.5	11.5	11.5

Budgetary Planning Summary for Strategic Outcome(s) and Program(s) (dollars)

Strategic Outcome, Program and Internal Services	2011-12 Expenditures	2012-13 Expenditures	2013-14 Forecast Spending	2014-15 Main Estimates	2014-15 Planned Spending	2015-16 Planned Spending	2016-17 Planned Spending
Strategic Outcome: The Communications Security Establishment Canada performs its duties and functions in accordance with the laws of Canada.  This includes safeguarding the privacy of Canadians.
Review Program	1,052,044	1,662,369	1,500,813	1,489,913	1,489,913	1,497,213	1,562,913
Internal Services	890,384	623,250	484,294	534,375	534,375	537,075	561,375
Total	1,942,428	2,285,719	1,985,107	2,024,288	2,024,288	2,034,288	2,124,288

The spending, actual, forecast and planned, has remained relatively constant since 2011-12 at approximately $2/2.1 million with the exception of 2012-13. The increase in 2012-13 expenditures was entirely attributable to the cost of the security retrofit and expansion of the physical space. The planned spending 2016-17 represents the office operating at capacity.

The forecast spending for 2013-14, the Main Estimates/planned spending for 2014-15 and the planned spending for 2015-16 are reduced ($100 thousand in both 13-14 and 14-15 and $90 thousand in 15-16) as a result of repayment of the authorities advanced to the office for construction in 2012-13 (reprofiling). 

Alignment to Government of Canada Outcomes

2014-15 Planned Spending by Whole-of-Government-Framework Spending Area^[iv] (dollars)

Strategic Outcome	Program	Spending Area	Government of Canada Outcome	2014-15 Planned Spending
The Communications Security Establishment Canada performs its duties and functions in accordance with the laws of Canada.  This includes safeguarding the privacy of Canadians.	Review Program	Social Affairs	A safe and secure Canada	2,024,288

Total Planned Spending by Spending Area (dollars)

Spending Area	Total Planned Spending
Economic Affairs
Social Affairs	2,024,288
International Affairs
Government Affairs

Departmental Spending Trend

Departmental Spending Trend Graph

The increase in actual spending in 2012-13 resulted from the cost of construction related to the expansion and security retrofit of office space. This additional office space was necessary to allow the review program to increase staff. The authorities to provide for these increased expenditures were advanced from the authorities of the next three years (reprofiling). 

For the period 2013-14 to 2015-16, the authorities available and the forecast and planned expenditures related to these authorities were reduced as the office repaid authorities advanced in 2012-13. In 2016-17, with the advanced authorities fully repaid, the planned expenditures are at $2.1 million.

Estimates by Vote

For information on the Office of the Communications Security Establishment Commissioner's organizational appropriations, please see the 2014-15 Main Estimates publication.[v]

Contribution to the Federal Sustainable Development Strategy (FSDS)

The 2013-16 Federal Sustainable Development Strategy (FSDS)[vi], tabled on November 4, 2013, guides the Government of Canada's 2013-16 sustainable development activities. The FSDS articulates Canada's federal sustainable development priorities for a period of three years, as required by the Federal Sustainable Development Act (FSDA). The Office contributes to Theme IV – Shrinking the Environment Footprint – Beginning with Government.

The Office of the Communications Security Establishment Commissioner also ensures that its decision-making process includes a consideration of the FSDS goals and targets through the strategic environmental assessment (SEA).  An SEA for policy, plan or program proposals includes an analysis of the impacts of the proposal on the environment, including on the FSDS goals and targets. The results of SEAs are made public when an initiative is announced or approved, demonstrating that environmental factors were integrated into the decision-making process.

For additional details on the Office's activities to support sustainable development please see Section II of this RPP.

For complete details on the FSDS, please see the Federal Sustainable Development Strategy[vii] website.

Section II: Analysis of Program by Strategic Outcome

Strategic Outcome: The Communications Security Establishment Canada performs its duties and functions in accordance with the laws of Canada.  This includes safeguarding the privacy of Canadians.

Program: The Communications Security Establishment Canada Review Program

Description: The review program includes research, monitoring, planning, the conduct of reviews and the reporting of results.  In addition, it also includes consultations and communications with CSEC officials, with other review bodies and other government officials, as required.

Budgetary Financial Resources (dollars)

2014−15 Main Estimates	2014-15 Planned Spending	2015-16 Planned Spending	2016-17 Planned Spending
1,489,913	1,489,913	1,497,213	1,562,913

Human Resources (FTEs)

2014-15	2015-16	2016-17
8.5	8.5	8.5

Performance Measurement

Expected Results	Performance Indicators	Targets	Date to be Achieved
Reviews are completed within targeted time frames as established by the Commissioner	% of reviews completed within targeted time frames	80%	March 31, 2015
Recommendations resulting from the reviews conducted are accepted and implemented	% of recommendations implemented	80%	March 31, 2015
Negative findings addressed	% of negative findings addressed	80%	March 31, 2015

Planning Highlights

In order to achieve the expected results, the office plans to undertake the following activities:

• work to increase the effectiveness of the review program. Briefings, presentations, information sessions and roundtables will continue between the Commissioner's office and CSEC in order that the knowledge of both parties of management and operational policies and practices are current, complete and accurate;
• continue to discuss plans, performance, findings and recommendations of individual reviews with CSEC to ensure that reviews proceed as efficiently as possible and are completed in a timely manner;
• continue to review and strengthen the risk assessment process in order to identify areas and activities that present the greatest risk to compliance and privacy; and
• continue to provide training and mentoring opportunities for the review staff to upgrade their skill sets related to the effective performance of reviews.

Internal Services

Description: Internal Services are groups of related activities and resources that are administered to support the needs of programs and other corporate obligations of an organization. These groups are: Management and Oversight Services; Communications Services; Legal Services; Human Resources Management Services; Financial Management Services; Information Management Services; Information Technology Services; Real Property Services; Materiel Services; Acquisition Services; and Other Administrative Services. Internal Services include only those activities and resources that apply across an organization and not to those provided specifically to a program.

Budgetary Financial Resources (dollars)

2014−15 Main Estimates	2014-15 Planned Spending	2015-16 Planned Spending	2016-17 Planned Spending
534,375	534,375	537,075	561,375

Human Resources (FTEs)

2014-15	2015-16	2016-17
3	3	3

Planning Highlights

The office is a micro agency with 3 planned resources devoted to internal services. Several of the internal services that are not required on a full-time basis are provided through contractual arrangements with specialized service providers – security, informatics and technical services, human resources and finance. 

The Office's internal services program must continue to effectively provide the full range of internal services to the Commissioner and to the review program while at the same time responding to the ever growing demands of the central agencies for increased transparency and accountability. 

In order to effectively meet both the internal and external demands on internal services, the office plans to undertake the following activities:

• redesign, where necessary, the delivery processes for each of the services provided to the office to ensure costs are minimized;
• provide for training programs for staff to ensure that all internal services can be delivered effectively, efficiently and in compliance with the requirements of the central agencies;
• establish formal initiatives under the Federal Sustainable Development Strategy (Theme IV Shrinking the Environmental Footprint – Beginning with Government) in areas such as green procurement, managed print, paper consumption and green meetings; and
• expand the administrative policies and procedures manual to address all internal services provided.

Section III: Supplementary Information

Future-Oriented Statement of Operations

The future-oriented condensed statement of operations presented in this subsection is intended to serve as a general overview of the Office of the Communications Security Establishment Commissioner's operations. The forecasted financial information on expenses and revenues are prepared on an accrual accounting basis to strengthen accountability and to improve transparency and financial management. 

Because the future-oriented statement of operations is prepared on an accrual accounting basis and the forecast and planned spending amounts presented in other sections of this report are prepared on an expenditure basis, amounts will differ. 

A more detailed future-oriented statement of operations and associated notes, including a reconciliation of the net costs of operations to the requested authorities, can be found on the Office of the Communications Security Establishment Commissioner's website[viii].

Future-Oriented Condensed Statement of Operations for the Year Ended March 31 (dollars)

Financial information	Estimated Results 2013−14	Planned Results 2014–15	Change
Total expenses	2,208,789	2,358,039	149,250
Total revenues	-	-	-
Net cost of operations	2,208,789	2,358,039	149,250

The overall increase is primarily due to the increase in salary and benefits.  The salary and benefits of staff engaged during fiscal year 2013-14 were not full year costs but now during 2014-15 their salary and benefit costs are for the full year.

List of Supplementary Information Tables

The Office does not have any supplementary information tables for inclusion in the 2014–15 Report on Plans and Priorities.

Tax Expenditures and Evaluations

The tax system can be used to achieve public policy objectives through the application of special measures such as low tax rates, exemptions, deductions, deferrals and credits. The Department of Finance publishes cost estimates and projections for these measures annually in the Tax Expenditures and Evaluations[ix] publication. The tax measures presented in the Tax Expenditures and Evaluations publication are the sole responsibility of the Minister of Finance.

Section IV: Organizational Contact Information

The Office of the Communications Security Establishment Commissioner can be reached at the following address:

Office of the Communications Security Establishment Commissioner
P.O. Box 1984, Station "B"
Ottawa, ON K1P 5R5

The Office may also be reached:
Telephone:  613-992-3044
Facsimile:   613-992-4096
Email:  info@ocsec-bccst.gc.ca

For further information on the Office of the Communications Security Establishment Commissioner, its mandate and function, please visit our website[x].

Endnotes

---

---