Sovereignty, Secrecy, and the State of Exception: How One Privacy Request Exposed a Canadian Nuclear Crisis

Editor’s Note – They Opened the File. Then They Shut Their Mouths.

This article was finalized on March 31, 2025. However, we voluntarily embargoed publication for 24 hours to give the Canadian Nuclear Safety Commission (CNSC) and six additional federal institutions—including the Privy Council Office, Treasury Board Secretariat, the Office of the Privacy Commissioner, and Public Safety Canada—an opportunity to respond.

At 00:22 EST on Monday, March 31, each department was issued a formal media request with a link to a password-protected, unindexed draft. The request included department-specific questions, statutory references, and an explicit deadline: responses received by 19:00 EST, March 31, would be included in full.

None were.

Despite this institutional silence, the record shows internal activity:

• Lisa Thiele, CNSC General Counsel, opened the media request twice on March 30 and March 31, 2025.
• Karine Leblanc, Senior Communications Advisor at CNSC, visited the author’s LinkedIn profile within hours of distribution.
• Officials at Environment and Climate Change Canada, the Privy Council Office, and Global Affairs accessed the link or email thread within hours.
• The Office of the Privacy Commissioner acknowledged the file and initiated a phone call—but offered no public statement.

No formal comment. No correction. No recusal. No law cited. No denial letter.

What we received instead was surveillance without engagement. Attention without accountability. Procedural vanishing, paired with metadata confirmation.

This is now part of the public record.

Where disclosure failed, logs endure.

Where answers were denied, questions multiply.

The following article documents the emergence of bureaucratic sovereignty through silence, and the collapse of transparency mechanisms in a federal institution with nuclear oversight.

The clock was ticking.
The system blinked.
And now, the audit begins.

—Prime Rogue Inc.
April 2, 2025
Calgary, Alberta

I. Introduction – When the Administrative State Decides Who You Are

On March 26, 2025, I filed a routine Privacy Act request with the Canadian Nuclear Safety Commission (CNSC). I asked for any personal information the Commission may have held about me. Names, date of birth, a defined date range. Nothing fancy.

What followed was a quiet bureaucratic implosion.

Instead of being handled by a neutral reviewing officer, the request was responded to directly by Philip Dubuc—the CNSC’s ATIP Coordinator and, crucially, the very official whose conduct was under active scrutiny in a related information request and Privacy Commissioner complaint. No reassignment. No recusal. No acknowledgment of conflict. Just institutional silence cloaked in boilerplate.

That silence was violated when we published The Quietest Trigger on March 29th, documenting Dubuc’s failure to recuse, his refusal to engage with clarifying context, and his departure from statutory obligations under the Privacy Act. It also detailed how his continued involvement as both actor and subject in the same file compromised the neutrality of the process—and the legitimacy of the institution.

What we’ve witnessed isn’t just procedural laziness or policy drift. It is the unambiguous emergence of a bureaucratic exception, in which delegated authority asserts sovereignty above the law.

And this is where Carl Schmitt enters the room.

Schmitt, the infamous political theorist and so-called “crown jurist of the Third Reich,” wrote that sovereign is he who decides on the exception. That is, the state reveals its true form not in law, but in its ability to suspend law. In that moment, the machinery of legality is replaced by decisionism—by will.

When a senior official at the Canadian Nuclear Safety Commission—during a caretaker period—unilaterally refuses to process a lawful request while simultaneously being the subject of that request, and does so without citing any lawful exemption under the Act, it is not just maladministration. It is sovereignty in action.

This is not about a single request.

It’s about the creeping normalization of unaccountable discretion in the Canadian administrative state.

And if you're reading this from within government: yes, this piece names names. Whether anyone raised concerns internally remains unknown. The log files will tell the truth. And yes, the system has already begun logging its own collapse.

II. The Anatomy of a Procedural Collapse

In theory, the Access to Information and Privacy (ATIP) system is designed to protect Canadians’ rights to access personal information held by federal institutions. In practice, it has become a maze of opaque processes, vague denials, and quietly compounding power.

On March 26th, I filed a legally valid request under section 12(1)(b) of the Privacy Act with the Canadian Nuclear Safety Commission (CNSC). I provided:

• My full name and variants
• My date of birth
• A defined date range
• Contextual justification for why records may exist
• A comprehensive clarification days later, breaking down affiliated domains, entities, and institutional touchpoints

This was not a scattershot filing. It met—and exceeded—both the letter and spirit of the Privacy Act. The information provided made the records “reasonably retrievable,” the key statutory requirement.

Yet the CNSC’s official response came not from a neutral intake analyst, but from Philip Dubuc, the institution’s ATIP Coordinator. Dubuc issued a de facto refusal, asserting that my request lacked sufficient specificity—despite clear identifiers and contextual detail. He cited no subsection for denial. He provided no formal notice under Section 26. He failed to initiate any meaningful scope clarification under Section 17(2). In short, the refusal was procedurally defective. Between March 26 and March 30, a series of internal decisions were made—none of them publicly explained. What should have been a standard 30-day statutory process unraveled in less than 96 hours.

Worse, Mr. Dubuc was simultaneously the subject of a parallel information request and a public oversight initiative. By issuing the response himself, he placed himself in direct conflict with federal standards for administrative neutrality and basic principles of procedural fairness.

And let’s not ignore the timing: this unfolded during a federal caretaker period, where decisions made by public servants must hew even more closely to neutrality and accountability.

Here’s what the institutional record now shows:

• The request was received on March 26
• A vague denial was issued on March 27
• A repeat of this vague denial was issued on March 28—because the original was so procedurally defective, I didn’t realize it was a denial at all.
• A public conflict was triggered on March 29.
• As of March 30, no formal reassignment, recusal, or corrective action has been confirmed. It is not known why no reassignment occurred.

This is not an isolated breakdown. It’s a structural failure of the transparency regime—one that may have significant ramifications not only for the CNSC but for ATIP units across the federal landscape.

From a legal standpoint, Dubuc’s intervention creates several possible violations:

• Section 12(1)(b) – Failing to conduct a good-faith retrieval based on provided information
• Section 17(2) – Failing to assist the requester in clarifying scope
• Section 26 – Issuing a denial without proper statutory basis or recourse language
• Conflict of Interest Act, Section 21 – Continuing to act on a file in which he is a named subject of analysis

But beyond the legal text lies the deeper problem: when the very official entrusted with protecting access rights decides that policy no longer applies to him, what we’re seeing isn’t discretion—it’s arbitrary sovereignty. The institution chose to leave the file in the hands of a conflicted official.

And in the realm of nuclear oversight, that should terrify anyone who still believes this system works.

III. The Schmittian Exception Becomes the Norm

Carl Schmitt’s concept of the exception has long haunted debates over liberal governance. In Schmitt’s formulation, the exception is not a breakdown of the rule of law — it is its essence. The sovereign, he argues, is the one who decides whether normal rules apply. In doing so, that actor reveals the true architecture of political power: not legality, but discretion; not law, but will.

What happened at the CNSC wasn’t merely a refusal to comply with an access request. It was a live demonstration of Schmittian decisionism. An official embedded within the machinery of Canadian governance decided that policy, precedent, and neutrality no longer applied — not because of law, but because of his position. The institution had multiple days to respond or reassign the file. It chose not to. No operational crisis. No surge. No pandemic. Just a decision to ignore the law.

The implications are chilling. If a senior bureaucrat can dismiss obligations under the Privacy Act by simply asserting that a requester hasn’t been specific enough — even when the requester has provided name, date of birth, date range, affiliated domains, institutional context, and multiple layers of clarification — then the right to access personal information is no longer governed by law. It is governed by discretionary will.

In other words: the law exists, but its application is optional — and that decision lies with the bureaucrat.

That’s the exception.

This isn’t hypothetical. Philip Dubuc did not just mishandle a file; he functionally declared that CNSC ATIP procedures don’t apply to himself. When confronted with a request that would expose internal communications — including potentially his own — he issued a procedurally defective denial and refused to acknowledge the conflict it created.

This is not an isolated issue of poor judgment.

It is a textbook case of institutional self-sovereignty: the act of a bureaucrat transforming legal process into discretionary power. It is, in Schmittian terms, the suspension of legal norms in favor of subjective decision-making. And it reveals a deeper, more uncomfortable truth:

The Canadian administrative state has no structural immunity to this. No formal denial. No recusal. No law applied.

There is no independent oversight mechanism that automatically triggers when an ATIP officer becomes the subject of their own decision. There is no built-in failsafe that redirects requests to a neutral third party when conflicts emerge. The only safeguards are institutional norms — and when those norms collapse, the system falls with them.

If Canada’s nuclear regulator is willing to allow a senior official to process his own file, what does that say about the rest of the federal ATIP apparatus?

What happens when the exception becomes the rule?

What happens when the rule becomes irrelevant?

IV. Bureaucratic Sovereignty During a Caretaker Period

Timing matters. And in this case, timing may be everything.

The events at the Canadian Nuclear Safety Commission unfolded during a federal caretaker period—a constitutionally delicate window in which public servants are expected to exercise maximum restraint, defer controversial decisions, and maintain strict neutrality until a new government is confirmed. While most Canadians were offline, the administrative state was online—and watching.

These periods are governed not just by custom, but by formal Treasury Board guidelines, which emphasize the duty of public institutions to avoid any action that could be seen as politically charged, procedurally irregular, or institutionally biased. In short: business as usual, tightly constrained.

What Philip Dubuc did was anything but usual.

In the midst of this caretaker period, Dubuc made an active, discretionary decision to deny a lawful privacy request that targeted his own institutional behavior, all while providing no formal denial under Section 26 and no recourse through established clarification procedures. He did so without recusal, without delegation, and without transparency.

That action may not only violate the letter of the Privacy Act, but it also defies the spirit of the caretaker convention—a body of doctrine intended to protect the Canadian public from precisely this kind of shadow governance.

What’s more: this didn’t happen in the dusty corners of a minor administrative unit. It happened at Canada’s nuclear safety regulator—an institution that plays a central role in everything from IAEA treaty compliance to national emergency response frameworks.

Let’s be clear:

• Dubuc is not a junior analyst. He’s a senior advisor to the CNSC President and the Commission’s ATIP Coordinator.
• The Privacy request came during a politically sensitive period where scrutiny of administrative conduct should have been heightened, not suspended.
• His response wasn’t a delay or a partial disclosure. It was a quiet and total rejection, masked as technical insufficiency.

And it would have stayed buried if we hadn’t published.

This is not a small bureaucratic misstep. It’s a deliberate assertion of administrative sovereignty in a moment where discretion should have yielded to law. It is, in every meaningful sense, a decision made in the dark.

Which begs the question: how many more decisions like this are being made across the federal government? How many requests have been quietly sidelined, denied, or procedurally frozen because someone decided—during a caretaker period—that accountability could wait?

That’s not bureaucracy. That’s governance without a mandate.

That’s rule by exception.

V. The Collapse of Oversight Architecture

The Canadian access-to-information ecosystem was not built to withstand this.

The Privacy Act, the Office of the Privacy Commissioner (OPC), the Treasury Board Secretariat, and internal legal services across departments form a web of procedural safeguards—an architecture designed to ensure that no single official becomes judge, jury, and gatekeeper to personal information.

But what happens when all of those systems fail at once?

Let’s tally what has already occurred:

• A lawful Privacy Act request was dismissed without proper citation, scope negotiation, or recourse language—violating Sections 12(1)(b), 17(2), and 26 of the Act.
• The response was issued by an official—Philip Dubuc—who is himself the named subject of a related request and an emerging media inquiry.
• The institution has not, as of publication, confirmed any recusal or reassignment.
• No notice was given to the Office of the Privacy Commissioner before or after the refusal.
• Internal legal counsel at CNSC has not yet intervened—or has done so behind closed doors.

In other words: the entire institutional chain of accountability has, for at least four days, remained inert. Silent. Watching.

This silence, too, is a form of decision.

It reveals how thin the fabric of transparency truly is—how easily a mid-level official, entrusted with quasi-judicial authority over information flows, can sever the connection between citizen and state simply by saying no and disappearing into institutional murk.

And here’s the deeper issue: there is no formal review before a refusal goes out. No automatic trigger that flags conflicts of interest. No emergency override by Treasury Board. The Office of the Privacy Commissioner cannot force action. It can recommend, cajole, or issue public reports—but its teeth are dulled by decades of institutional deference and legislative underreach.

VI. Echo12B and the Emergence of the Privacy Self-Audit

This is not a public watchdog. It’s a personal audit.

Echo12B is a structured, self-initiated transparency project designed to track how federal institutions respond to a citizen requesting access to their own personal information under the Privacy Act.

That citizen is me.

This isn’t an NGO. It isn’t a law firm. It isn’t an activist front. It’s a Canadian trying to see what the government knows about him—and watching what happens when he asks.

What began with a single request to the Canadian Nuclear Safety Commission has now expanded into a system-wide diagnostic. I’m filing targeted, high-sensitivity privacy requests across every relevant corner of the federal bureaucracy: national security, public safety, foreign affairs, digital infrastructure, innovation policy.

And I’m grading the responses.

What Echo12B Measures

Echo12B assigns ratings to institutions based on:

• Time-to-acknowledgment and compliance with statutory deadlines
• Willingness to assist in scope clarification
• Transparency of decision-making and delegation
• Evidence of conflict-of-interest management
• Quality of internal coordination and tasking memos
• Responsiveness to legitimate public or media scrutiny

Records are retained. Grades are published. Each file creates a benchmark—for the public, for the media, and for the bureaucrats reading this in real time.

Are We Looking for Sanctions?

Yes. But not judicial ones.

We are calling for:

• Retraining of officers and coordinators in clear breach of duty
• Institutional acknowledgment of procedural failure
• Corrective assignment protocols in conflict-of-interest situations
• Full release of internal deliberations where denials were defective

We also provide recipients with commemorative certificates, sent via media intake, as formal documentation of performance under the Privacy Act. These are formatted for lunchroom corkboards and bulletin boards. Whether institutions post them or bury them, they still exist—and they are available for public reference.

This is the point.

If you fail to meet your statutory duties under the Privacy Act, you will be marked accordingly.

Where It’s Headed

Echo12B will remain focused on Privacy Act requests—on the personal right to access one’s own data—and will continue filing across all relevant federal departments through Q2.

In Q3, the initiative will expand to include provincial institutions, beginning with key ministries in Alberta and Ontario.

A companion project, Section69.ca, is in development to monitor Access to Information Act (ATIA) performance more broadly, focusing on institutional transparency, not personal data access.

This isn’t performative.

It’s diagnostic.

If you’re reading this and you work in government, legal, media, or oversight:
you’re already part of the audit.

VII. The Schmittian Exception and the Administrative State

Carl Schmitt’s most infamous insight wasn’t just about dictatorship or sovereignty—it was about who gets to decide when the rules no longer apply.

“Sovereign is he who decides on the exception.”
– Carl Schmitt, Political Theology

In Schmitt’s model, the essence of state power isn’t found in the day-to-day operation of laws, but in the moment when law is suspended—in the exception—and the person who makes that decision reveals the true locus of power.

This is no abstract theory. It’s a mirror held up to what we just witnessed.

When a senior public servant—during a federal caretaker period—responds to a lawful Privacy Act request in which he is the subject, issues a procedurally defective denial, and continues to oversee the file despite a clear conflict of interest, we are no longer operating within the boundaries of Canadian transparency law.

We are witnessing a live Schmittian exception.

Dubuc didn’t invoke any valid statutory exemption. He didn’t deny the request in accordance with Section 26. He didn’t delegate the file to an impartial officer. He simply decided. That is the essence of exception—not as a temporary state, but as a quietly expanding institutional reflex. An instinct to preserve control by stepping outside the rules while pretending they still apply.

This isn’t just maladministration. It’s the administrative embodiment of sovereignty through discretion, cloaked in bureaucratic procedure.

And that should terrify anyone who cares about democratic legitimacy, especially in agencies tasked with nuclear oversight.

The law was not applied. It was decided away.

And in that moment, a mid-level official at a regulatory agency stood in for the sovereign—and no one stopped him.

That silence is the sound of normalization.

This is not a criticism of OPC staff. It’s a structural indictment.

The system is designed to assume good faith. But in an age of hyper-fragmented governance, political volatility, and weaponized administrative discretion, good faith isn’t enough. When ATIP coordinators become the last word, and legal services remain silent, we don’t have transparency.

We have opacity by design.

And if it can happen inside the Canadian Nuclear Safety Commission—a federal body with national security relevance, treaty obligations, and public safety mandates—it can happen anywhere.

This is how oversight collapses: not in crisis, but in process.

In silence. In the absence of alarms.

VIII. The State of Exception Becomes Permanent

If Carl Schmitt described the sovereign’s power to decide on the exception, Giorgio Agamben took it further: he warned of the permanent state of exception—where emergency logic becomes normalized, and the boundaries of legality are forever blurred.

What begins as a procedural anomaly can calcify into institutional precedent.

Agamben’s thesis in State of Exception is chilling in its simplicity: democracies, when confronted with security pressures or institutional self-interest, often grant extraordinary powers to their bureaucracies—and then forget to take them back. The exceptional becomes the routine. The unlawful becomes simply “how it’s done.”

This is exactly what we are now observing within the Canadian federal apparatus.

Mr. Dubuc’s refusal to recuse himself, despite being the subject of an active complaint and ongoing public audit, was not treated internally as a violation. It was normalized. His procedurally defective denial was not corrected. It was absorbed. No one in the system—no internal legal officer, no executive reviewer, no oversight actor—appeared to step in.

The exception became tacit policy.

This is not unique to the CNSC. Across the federal bureaucracy, ATIP offices increasingly mirror this logic: treat requests as threats, treat requesters as adversaries, and trust that no one will intervene when norms are quietly suspended. Legal compliance becomes secondary to institutional shielding.

We are no longer dealing with isolated procedural issues. We are documenting the emergence of a new bureaucratic normal, in which discretion is untethered from law, and oversight exists only in theory.

Agamben wrote that the state of exception is “not the chaos that precedes order but rather the situation that results from its suspension.” In Canada’s ATIP regime, that suspension is already underway.

The real risk isn’t that a single file was mishandled.

It’s that the next one will be, too—and no one will even notice.

IX. The Broader Implications for ATIP and Institutional Legitimacy

At its core, the Access to Information and Privacy (ATIP) regime was designed to function as a democratic check—a structured, lawful mechanism through which citizens could obtain information about themselves and the government that governs them. But when the mechanisms are subverted from within, that regime collapses not with a bang, but with a shrug.

The Dubuc affair is not a one-off. It is a case study in structural rot—a vivid example of what happens when delegated authority goes unmonitored, when statutory obligations are treated as optional, and when public institutions internalize the belief that accountability is discretionary.

The implications are systemic:

• Trust erosion: Citizens filing lawful requests—often about deeply personal matters—now face the possibility that their requests may be reviewed, denied, or delayed by conflicted officials with no recourse beyond delayed complaint pathways.
• Oversight paralysis: If officials can act as both gatekeepers and subjects of their own reviews without triggering intervention, the concept of neutral processing becomes performative.
• Institutional illegitimacy: Public bodies derive their authority from both law and perceived integrity. When conflicts of interest are ignored and lawful requests are discarded, the institution forfeits its legitimacy in the eyes of those it serves.

And these aren’t abstract philosophical concerns.

When privacy regimes fail, real harm follows: whistleblowers are exposed. Political dissidents are flagged. Investigative journalists lose trail integrity. And ordinary Canadians are gaslit into thinking they didn’t fill out the form correctly.

In a country that prides itself on due process and democratic transparency, this cannot stand.

The CNSC is not alone in facing this reckoning. But its role in nuclear oversight makes its failure especially stark. If the administrative machinery behind Canada’s nuclear regulator is incapable of following basic privacy law, it raises uncomfortable questions about what else is being mishandled behind closed doors.

Accountability isn’t a slogan. It’s a structure.

And right now, it’s collapsing.

X. What Comes Next – A Self-Audit in Real Time

We are not appealing this in isolation. We are documenting it. Publicly. Permanently.

This request, and its institutional mishandling, is part of a broader, ongoing initiative: a nationwide Privacy Act self-audit conducted by the subject of the requests—me. Across dozens of federal institutions, I am requesting access to my own personal information to test, expose, and grade each department’s compliance, responsiveness, and integrity.

Each filing is unique. Each clarification is carefully constructed. Each refusal, delay, or conflict of interest will be documented in public.

That project now has a name: Echo12B.

Every institution will be tracked. Every coordinator will be scored. Every decision will be indexed in real time.

The public will know:

• Who followed the law
• Who played games with scope and clarity
• Who issued unlawful denials
• And who simply did their jobs with professionalism

The CNSC is the first case study. It will not be the last.

By Q3 of 2025, we will begin expanding the audit to provincial institutions. In parallel, we will launch Section69.ca, a separate transparency initiative focusing on federal ATIP requests under the Access to Information Act (named, with full irony, after the federal exemption clause that swallows whole categories of records).

Together, Echo12B and Section69.ca will form a comprehensive, citizen-led transparency observatory—a public architecture of pressure, parody, and procedural rigor.

None of this is partisan. None of it is theatrical.

This is the inevitable response to a system that believed no one was watching.

XI. The Takeaway – Administrative Power Is Still Power

We tend to think of power as something exercised in public—by ministers, by premiers, by heads of state. But the real machinery of state isn’t always visible. It lives in email chains, routing memos, decision logs. It hides behind boilerplate. It’s exercised in denials, delays, and the silent prerogative of who gets to decide what moves forward—and what doesn’t.

Administrative power isn’t loud. It doesn’t march in lockstep or flash epaulets. It just quietly refuses to process a request. And then tells you, in effect: go ahead, complain.

That’s what happened here.

What Philip Dubuc exercised was not discretion. It was a quiet veto, rendered outside the formal structures of law. No justification. No delegation reassignment. No statutory reasoning. Just an email that ended the process because he said so.

And when that happens, it’s no longer a matter of whether one file was mishandled. It’s a matter of whether the law applies at all—when the bureaucrat decides it doesn't.

We can write all the statutes we want. We can draft all the frameworks, publish all the guides, hold all the consultations. But if the final gatekeeper chooses to act outside of it, and there is no consequence, then what we have is not a transparency regime.

We have a sovereign bureaucracy.

Which is to say: the law doesn’t govern them.

Only their own will does.

And that should terrify anyone who believes in democracy, transparency, or the rule of law.

XII. Conclusion – When the Exception Becomes the Rule

What happened inside the Canadian Nuclear Safety Commission was not an honest mistake. It was a procedural implosion—triggered by arrogance, protected by silence, and now fully documented.

Philip Dubuc, the CNSC’s ATIP Coordinator, responded personally to a Privacy Act request in which he was both the subject and the decision-maker. No reassignment. No formal denial. No lawful recourse language. Just a quiet attempt to kill the file—and with it, the record. No corrective action, no comment, no acknowledgement. Just silence. Until now.

On the evening of Sunday, March 30th, Prime Rogue Inc. convened an internal diagnostic review. The red-team included senior analysts and a national security journalist who studied alongside our President, Kevin J.S. Duska Jr., at McGill. The team reviewed every aspect of the file and reached only three plausible explanations:

1. ATIP policy is not followed at CNSC.
2. Mr. Dubuc presumed impunity, assuming we were unserious.
3. The Commission is concealing OSINT, metadata, or surveillance-adjacent records.

To preempt narrative control or quiet backchanneling, our Director of Strategic Communications, Margot Lanihin, will issue formal comment requests late Sunday night—before business opens Monday.

These requests are directed not only to CNSC, but also to:

• The Treasury Board Secretariat, as policy authority over ATIP;
• The Privy Council Office, given its caretaker oversight obligations;
• The Office of the Privacy Commissioner, already in possession of our complaint;
• And the relevant Legal Services branches involved in coordination or review.

They will be given until end of day Monday to respond. We will publish their replies in full.

This isn't theatrics.

It's a formal test of the Canadian transparency regime—and the bureaucratic willingness to self-correct in the face of exposure.

This is just the first node in a national Privacy Act self-audit initiated by Prime Rogue Inc. We will be requesting all personal information across every federal institution holding relevant records. In Q3, the initiative will expand to the provinces.

Parallel analysis of institutional response patterns will be published through Section69.ca, launching later this year.

They can file the metadata.

We’re keeping the receipts.

Welcome to Echo12B. The audit has already begun.