Date: 20090326
Docket: T-1903-07
Citation: 2009 FC 321
Ottawa,
Ontario, March 26, 2009
PRESENT: The Honourable Mr. Justice Zinn
BETWEEN:
KEVIN MARK
WESTERHAUG
Applicant
and
CANADA SECURITY INTELLIGENCE SERVICE
(CSIS)
under the responsibility of
THE MINISTER OF PUBLIC SAFETY
AND EMERGENCY PREPAREDNESS
Respondent
REASONS FOR JUDGMENT AND JUDGMENT
[1]
This
is an application under section 41 of the Privacy Act, R.S.C. 1985, c.
P-21 for a review of the response provided by the Canadian Security Intelligence
Service (“CSIS”) to a request made by Mr. Westerhaug for access to personal
information in CSIS’ possession.
Background
[2]
Mr.
Westerhaug made a request on January 31, 2006,to CSIS, pursuant to subsection
12(1) of the Privacy Act (“the Act”), for the disclosure to him of his
personal information held by CSIS and contained in information banks SIS PPU
015, SIS PPU 020, and SIS PPU 045.
[3]
CSIS
responded by letter dated February 16, 2006, advising Mr. Westerhaug that
searches of the three banks had been conducted and that no personal information
concerning him had been located in either of banks SIS PPU 015 or SIS PPU 020.
With respect to bank SIS PPU 045, CSIS responded as follows:
The Governor-in-Council has
designated this information bank an exempt bank pursuant to section 18 of the Privacy
Act. If the type of information described in the bank did exist, it would
qualify for an exemption under section 21 (as it relates to the efforts of Canada towards detecting, preventing
or suppressing subversive or hostile activities, or 22(1)(a) and/or (b) of the Act.
[4]
Mr.
Westerhaug then filed a complaint with the Office of the Privacy Commissioner (OPC)
pursuant to section 29 of the Act with respect to the response received from
CSIS. Mr. Westerhaug wrote that he believed that he had been subjected to
surveillance and intrusions in his personal life over the previous 15 years,
and that he was making the request in an effort to ascertain who was
responsible for this surveillance and these intrusions and to eliminate those
who were not. Mr. Westerhaug made similar requests for his personal
information to a number of government agencies and regulated institutions.
[5]
The
OPC responded on September 14, 2007. In its response, the OPC stated that the
complaint relates to the request for disclosure of information contained in
information bank SIS PPU 045. The OPC had earlier confirmed with Mr.
Westerhaug that this was his only area of concern. At the hearing of this
application, Mr. Westerhaug attempted to raise concerns other than CSIS’
refusal to disclose any personal information in bank SIS PPU 045. These
additional concerns cannot be dealt with by the Court on this hearing. Section
41 of the Act makes it a mandatory precondition to any review by this Court
that a refusal first be considered by the OPC, and as the only matter
complained of to the OPC related to bank SIS PPU 045, that is the sole matter
that this Court may now consider. In any event, it was evident from the Mr.
Westerhaug’s oral submissions that the matter of bank SIS PPU 045 was his
principal concern.
[6]
The
OPC, in its September 14, 2007 response, stated that as a result of its inquiries
it was satisfied that the response made by CSIS on February 16, 2006, was in
accordance with the provisions of the Privacy Act. The author of the
response wrote that having reviewed the matter, he was satisfied that “if such
information does exist, it could reasonably be expected to be exempted by one
or more of sections 21 and 22(1)(a) and/or (b).” The author then goes on to
inform Mr. Westerhaug of the decision of the Federal Court of Appeal in Ruby
v. Canada (Solicitor General), [2000] 3 F.C. 589, confirming a government
institution’s right, under subsection 16(2) of the Act, to adopt a blanket
policy of never disclosing whether personal information concerning an applicant
exists in a particular personal information bank. He also references the
decisions of this Court in Ternette v. Solicitor General of Canada),
[1984] 2 F.C. 486 and Zanganeh v. Canada (Canadian Security Intelligence
Service), [1989] 1 F.C. 244, upholding the right of a government
institution to neither confirm nor deny the existence of such personal
information, and further holding that such secrecy does not contravene the Charter.
[7]
Not
satisfied with this response, on November 2, 2007, Mr. Westerhaug filed an
application in this Court pursuant to section 41 of the Act, for a review of CSIS’
decision as set out in its letter of February 16, 2006.
[8]
Following
a motion by the respondent, the Court on July 4, 2008, ordered that the
Supplementary Confidential Affidavit of Nicole Jalbert be filed with the Court
as confidential pursuant to Rule 151 of the Federal Courts Rules and
that the application, as it related to that confidential affidavit, be heard in
camera in order that the respondent be able to make representations ex
parte, on that confidential affidavit. The public affidavit of Nicole
Jalbert, sworn July 9, 2008, indicates at paragraph 19 that in her confidential
affidavit, she advises “whether such information exists and, if so, why it is
exempt from disclosure by virtue of ss. 21 or 22 of the Privacy Act.”
Pursuant to the Order of Justice Campbell, an ex parte hearing was held in
camera in Ottawa on January
27, 2009, for the sole purpose of receiving representations related to the
confidential affidavit of Nicole Jalbert.
Issue
[9]
This
application stems from Mr. Westerhaug’s desire for disclosure of personal
information held by CSIS in information bank SIS PPU 045, if indeed any such
information exists. Accordingly, the legal issue before the Court is
whether CSIS erred by refusing to confirm or deny the existence of personal
information in that bank. Mr. Westerhaug also questions whether CSIS conducted
a proper search of its information banks for his personal information.
Analysis
Whether a
proper search was conducted?
[10]
Mr.
Westerhaug relies on an apparent discrepancy in the responses of CSIS made on
February 16, 2006 and January 3, 2008, in support of his submission that it
failed to conduct a thorough and proper search for personal information.
[11]
In
its letter of February 16, 2006, with reference to bank SIS PPU 020, CSIS wrote:
“A search of this bank was conducted and no personal information concerning you
was located.” In response to a subsequent request under the Privacy Act
made on October 29, 2007, CSIS responded on January 3, 2008 as follows:
…please be advised that the
personal information bank SIS PUP 020 – Access Request Records
was searched on your behalf. Please find enclosed a copy of the information
being disclosed under subsection 12(1) of the Privacy Act. Some of the
information has been exempted from disclosure by virtue of section 21 (as it
relates to the efforts of Canada toward detecting, preventing
or suppressing subversive or hostile activities) of the Act.
[12]
Although
CSIS’ response to this subsequent request under the Privacy Act is not at
issue before the Court on this application, I am prepared to accept this
evidence solely for the purpose of determining whether or not CSIS conducted a
thorough and proper review of the applicant’s personal information prior to its
response on February 16, 2006.
[13]
The
2006-2007 edition of “Info Source,” published in accordance with section 11 of
the Privacy Act, describes Personal Information Bank SIS PUP 020 as
follows:
This bank contains personal
information on individuals who have submitted a formal request under the Privacy
Act or Access to Information Act for access to information
originally obtained or prepared for CSIS. Documents include access and
correction requests, notations, consultations, disclosures, complaints,
documents prepared for Court, and other documents pertaining to the processing
of the request.
[14]
It
is the view of this Court that there is nothing in CSIS’ responses that would
suggest that the 2006 search was not thorough or proper.
[15]
The
response of February 16, 2006, indicating that there was no personal
information of Mr. Westerhaug’s in the information bank in question, in all
likelihood reflected the fact that Mr. Westerhaug had not previously submitted
a request under either the Personal Information Act or the Access to
Information Act that may have generated a record of some sort. On
the other hand, when Mr. Westerhaug filed his second request on October 29,
2007, there had been a previous request – the request and response now under
review. It is not surprising that information generated in relation to the
first request would have been recorded in the SIS PUP 020 bank. One may speculate
that the information in that bank would include the 2006 request and response,
documents relating to the current proceedings, and notes and memoranda from
staff relating to the request. In fact, had CSIS responded in 2007 that there
was nothing in information bank, then that would have raised a strong suspicion
that it had not conducted a thorough review in 2007. In short, there is no
inconsistency in these responses, nor any basis to infer that the 2006 search
was not done properly.
Whether CSIS
erred in its response?
[16]
Justice
Kelen conducted a detailed and thorough analysis of the provisions of the Privacy
Act and exempt information banks in Cemerlic v. Canada (Solicitor
General), [2003] F.C.J. No. 191, 2003 FCT 133. Both parties referred to
that Judgment.
[17]
Section
16 of the Privacy Act permits a government institution to adopt a policy
of neither confirming nor denying the existence of information in an exempt
personal information bank. Nonetheless, the Court may review the
reasonableness of the institution’s decision to adopt such a policy: Ruby
v. Canada (Solicitor
General),
[2000] 3 F.C. 589 (F.C.A.), reversed on other grounds [2002] 4 S.C.R. 3.
[18]
The
Federal Court of Appeal in Ruby held that adopting a policy of
non-disclosure was reasonable given the nature of the information bank in
question, because merely revealing whether or not the institution had
information on an individual would disclose to him whether or not he was a
subject of investigation. I agree. If it is in the national interest not to
provide information to persons who are the subject of an investigation, then it
follows that it is also in the national interest not to advise them that they
are or are not the target of an investigation. It is one of the unfortunate consequences
of adopting such a blanket policy that persons who are not the subject of an
investigation and who have nothing to fear from the government institution will
never know that they are not the subject of an investigation. Nonetheless, and
as was noted by Justice Kelen, this policy applies to every citizen of the
country, and even judges of this Court would receive the same response as was
given to Mr. Westerhaug and would not have any right to anything further.
[19]
I
agree fully with the Reasons given by Justice Kelen in Cemerlic which
involved the same information bank here under consideration. CSIS acted
reasonably in adopting a uniform policy of neither confirming nor denying the
existence of information in bank SIS PPU 045.
[20]
For
these reasons, the application must be dismissed.
[21]
The
respondent seeks its costs of this application. While the Court is sympathetic
to the position in which the applicant finds himself – believing that he is
under surveillance but knowing there is no reason why he should be – the law
relevant to this application was previously canvassed and largely settled in Cemerlic.
Accordingly, the respondent shall be entitled to its costs, which the Court fixes
at $500.
Email this Content