Trans Mountain Corporation (Re), 2023 OIC 01

Date: 2023-01-09
OIC file number: 5820-04082
Institution file number: ATIA.01.012.2020

Summary

The complainant alleged that Trans Mountain Corporation (TMC) improperly responded to an access request by claiming subsection 10(2) of the Access to Information Act and indicating that, if records existed, they would be withheld under subsection 16(2) (facilitating the commission of an offence) of the Act. The complaint falls within paragraph 30(1)(a) of the Act. TMC could not show that it met the requirements for invoking subsection 10(2), nor that responsive records, if they existed, would fall under subsection 16(2) of the Act. More particularly, the OIC’s investigation revealed that the existence of some records responsive to part of the request had already been confirmed by TMC through a previous response to a nearly identical request. Therefore, TMC could not show that the existence or absence of records itself is information that warrants being withheld under the Act. The Information Commissioner ordered the President and CEO of TMC to provide a new response to the complainant confirming or denying the existence of records responsive to the request within 30 days of the coming into effect of the order and, if responsive records exist, to provide access to them unless access to information contained therein, or a part thereof, may/must be refused under a specific provision(s) of Part 1 of the Act. TMC gave notice to the Commissioner that it would be implementing the order but only by May 31, 2023. The complaint is well founded.

Complaint

[1] The complainant alleged that Trans Mountain Corporation (TMC) improperly responded to an access request by claiming subsection 10(2) of the Access to Information Act and indicating that, if records existed, they would be withheld under subsection 16(2) (facilitating the commission of an offence) of the Act. The complaint falls within paragraph 30(1)(a) of the Act.

Investigation

Subsection 10(1): refusal of access

[2] Subsection 10(1) requires institutions, when refusing to provide access to requested records, or parts of requested records, to notify requesters of the following:

the records do not exist; or
the specific provision(s) under which they are refusing access; or
the specific provision(s) of the Act under which they could reasonably refuse access if the records were to exist.

[3] This notice must also state that the requester has the right to complain to the Information Commissioner about this response.

Subsection 10(2): neither deny nor confirm

[4] Subsection 10(2) allows institutions, when responding to requesters under subsection 10(1), to refuse to confirm whether records exist.

[5] To do so, institutions must show the following:

that whether records exist is itself information that warrants being withheld under the Act; and
that, if there were responsive records, they could reasonably be exempted under specific provisions of the Act.

[6] When both of these circumstances exist, institutions must then reasonably exercise their discretion to decide whether to refuse to confirm or deny the existence of the records.

Subsection 16(2): facilitating the commission of an offence

[7] Subsection 16(2) allows institutions to refuse to disclose information that, if disclosed, could reasonably be expected to facilitate the commission of an offence.

[8] To claim this exemption, institutions must show the following:

Disclosing the information (for example, information on criminal methods or techniques, or technical details of weapons, as set out in paragraphs 16(2)(a) to (c)) could facilitate the commission of an offence.
There is a reasonable expectation that this harm could occur—that is, the expectation is well beyond a mere possibility.

[9] When these requirements are met, institutions must then reasonably exercise their discretion to decide whether to disclose the information.

Preliminary Issue

[10] In response to the request, TMC invoked subsection 10(2) to neither confirm nor deny the existence of records responding to the request. TMC further indicated that, if records existed, they would warrant exemption under paragraph 16(2)(c) of the Act.

[11] In its representations, TMC argued that the Act and relevant case law do not require that TMC demonstrate that “whether records exist is itself information that warrants being withheld under the Act”. Rather, TMC characterized subsection 10(2) as a discretionary exercise and indicated that, in its view, TMC had reasonably exercised its discretion in determining that whether records exist in response to the request is itself information that should reasonably be withheld and that if there were responsive records, they could reasonably be exempted under specific provisions of the Act.

[12] I disagree with TMC’s characterization of subsection 10(2). The Federal Court of Appeal (FCA) in Ruby v. Canada (Solicitor General), [2000] 3 F.C. 589 considered the nature of subsection 16(2) of the Privacy Act (equivalent to subsection 10(2)). The FCA clarified that the use of “may” in this provision is confirmation of authority to refuse to confirm the existence of records, but did not imply a true conferral of discretion (paragraphs 50-59). Subsection 10(2) is not an exception to the right of access and unfettered use of subsection 10(2) is contrary to the quasi-constitutional right of access. It is therefore my view that the jurisprudence requires that an institution demonstrate that (1) whether records exist is itself information that warrants being withheld under the Act, and (2) that, if there were responsive records, they could reasonably be exempted under specific provisions of the Act.

[13] For the reasons that follow, I am not satisfied that TMC has demonstrated that its reliance on subsection 10(2) is justified.

[14] In the alternative, should my interpretation of subsection 10(2) be incorrect, as explained below, I am also of the opinion that TMC has failed to demonstrate that its reliance on 10(2) was a reasonable exercise of discretion.

Is the existence or absence of records itself information that warrants being withheld under the Act?

[15] Over the course of the investigation, the complainant has provided evidence that the existence of some records responsive to part of the request had already been confirmed by TMC in April 2019 through a previous response to a nearly identical request. The complainant’s evidence demonstrated that the earlier request sought the exact same type of information, but for a more limited time period (i.e., 2018 to April 2019 versus 2018 to March 2021), and resulted in disclosure of portions of investigation-type documents.

[16] Given that TMC has already acknowledged the existence of records encompassed by the request, I am not satisfied that TMC is justified in now refusing to confirm or deny the existence of any responsive records.

[17] TMC, by way of explaining its inconsistent response to the current request, stated that since April 2019 it has adopted a blanket policy of neither confirming nor denying the existence of records relating to individuals or groups created or collected as part of its security program, because otherwise TMC would reveal the extent to which it is aware of individual or group’s illegal activities – which in turn, could reasonably be expected to facilitate the commission of an offence (subsection 16(2)).

[18] The difficulty with TMC’s position is that the request, as worded, is in no way limited to records relating to its security program and, additionally, TMC’s acknowledgment of records falling within the scope of the request is already within the public domain.

[19] The situation is therefore entirely distinguishable from cases involving access and privacy requests directed at CSIS and other institutions tasked with investigating criminal activities. In these cases, the courts have accepted that blanket policies of neither confirming nor denying the existence of certain types of information is warranted if that information’s disclosure would reveal information as to what is / is not part of an investigation.

[20] In the present instance, given the breadth of the request, there is no reason to conclude that the existence / non-existence of responsive records would reveal information as to what is / is not part of an investigation so as to give rise to a reasonable expectation of a harm described in subsection 16(2).

If there were responsive records, could they reasonably be exempted under specific provisions of the Act?

[21] TMC argues that if there were responsive records, they could reasonably be exempted under subsection 16(2), as they could reasonably be expected to facilitate the commission of an offence. More specifically, TMC claims that the records, if they did exist, would consist of information on “criminal methods or techniques” employed by the named individuals and group, and that the records would also generally contain TMC’s informational sources, investigative techniques, observation tactics, analytical methods, and vulnerability assessments. This information, TMC claims, would provide a roadmap to individuals on how TMC conducts investigations and detects illegal activity. Finally, TMC asserts that because the named individuals have been convicted of offences related to TMC, there is unique and compelling historical evidence that strongly suggests the information sought would in fact be used to assist in the commission of an offence.

[22] Subsection 16(2) is a harms based exemption wherein the institution must show the likelihood of the harm coming to pass. The institution must show that the risk of harm is considerably above a mere possibility, although there is no need to establish on the balance of probabilities that the harm will in fact occur. As mentioned already, the complainant has previously been provided with redacted records of the same type as sought in this request. However, TMC, in its representations, did not draw any connection between the previous disclosure and the commission of any illegal activity. That is to say, following the disclosure of records of a similar nature, the harms envisioned in subsection 16(2) did not come to pass. In light of this, it is difficult to envision how responsive records, were they to exist, could reasonably be exempted under subsection 16(2) in their entirety.

[23] Furthermore, the request is broadly worded (i.e., “any and all files, audio recordings, text messages, security briefings, documents, reports, or correspondence in Trans Mountain Corporation’s possession which refer to [named individuals]”) and not limited to records in the possession of the security program. This undercuts the assertion that if responsive records did exist, that they would all be investigative-type records, reasonably exempted under subsection 16(2).

[24] Based on the foregoing, I find that TMC has failed to demonstrate how all responsive records, should they exist, could be used to facilitate the commission of an offence. Consequently, I conclude that the requirements of subsection 16(2) have not been met.

[25] In light of the above, I conclude that TMC’s reliance on subsection 10(2) of the Act is not justified.

Result

[26] The complaint is well founded.

Order

Under subsection 36.1(1) of the Act, I order President and CEO of TMC to:

Within 30 days of the coming into effect of this order, provide a new response to the complainant confirming or denying the existence of records responsive to the request. If responsive records exist, provide access to the responsive records, unless access to information contained therein, or a part thereof, may /must be refused under a specific provision(s) of Part 1 of the Act. If this is the case, indicate the specific provision(s) on which the refusal is based.

The President and CEO must abide by the terms of subsection 37(4) when disclosing any records in response to my order.

On November 16, 2022, I issued my initial report to the President and CEO of TMC setting out my order.

On December 22, 2022, the Vice President of TMC responded on behalf of the President and CEO, and gave me notice that he would be implementing my order but only by May 31, 2023.

When a complaint falls within the scope of paragraph 30(1)(a), (b), (c), (d), (d.1) or (e) of the Act, the complainant and institution have the right to apply to the Federal Court for a review. They must apply for this review within 35 business days after the date of this report and serve a copy of the application for review to the relevant parties, as per section 43.