Information & Ethics Committee on Nov. 3rd, 2016

I understand the government's view, which was taken during the Bill C-51 debates, that the new act doesn't authorize new collection, but it depends how you measure collection. Sufficiently broad information sharing allows for the pooling of information within the hands of one agency. The information that would not legally have been able to accrue in one agency is now available to it. Technically that's not collection in the sense that it's not been extracted from outside of government from an individual, but rather it's the amalgamation of information in a database in the hands of an agency.

Then the question becomes what the agency can do with that new amalgamated database. Are there controls on the searches it can run through that mother of all databases? Are there provisions that guard how it can then be combined with public-source information to paint an intimate portrait of an individual?

In the world of big data, the boundaries between collection and use are beginning to blur because of the amount of information that is currently in circulation and easily extractable from the public domain. In the absence of safeguards on how information is amalgamated by an agency and then what it can do with that information, I think that we run the risk that the net result is that the government knows more about people than it would otherwise know.

I'm going to duck the first question, about why it happened, because that would require me to make a political judgment, and I'm no more qualified than anyone on the street to make that political judgment. The honest answer is that I don't know why it happened. There are probably a number of reasons.

Your second question is an important one. These are real issues. National security is an acute issue. How we grapple with it is an acute issue, both legally and operationally. One of the difficulties we have in Canada is that we're not sufficiently discursive on it; that is, the expertise in the area tends to be monopolized within government. Government tends to be close-lipped on national security issues. There is no diffusion of expertise, because we don't have a conversation, or at least up until this point we haven't had a conversation.

One of the things both Professor Roach and I said in the aftermath of Bill C-51 was that aside from whatever you think about the merits of Bill C-51, we can't have a process like this again. We need to have a more premeditated policy discussion. I think the idea of a consultation process in national security, which we've never had before, is a very valuable one.

Professor Roach and I have said that we have concerns about aspects of the green paper, and we do. We do not, however, have concerns about the existence of the green paper. We welcome the consultations that are under way across the country, which you mentioned. As private individuals trying to keep up, we welcome them, but we're finding them somewhat exhausting. That will help then encourage insight and expertise in this area and cultivate expertise outside of government.

I suppose that I would have to provide the same answer that I gave a bit earlier, which is that we asked the question when Bill C-51 came out: why was this necessary? We had existing laws in place already. We have never received an appropriate answer, and I don't know why.

I do know that it is not a mere aspiration to say that we have to ensure that we have our constitutional safeguards in place and in mind. I would urge this committee to remember that it is not a choice necessarily between security and civil liberties; to the contrary, I think that we can only have effective security when we ensure that our civil liberties are there.

Civil liberties do not prevent, in the context of SCISA, for example, relevant, necessary, and proportional information from being shared; rather, they ensure that only relevant, necessary, and proportional information is being shared.

We have a wealth of information provided from three federal commissions of inquiry that speak directly to these issues of information. I would very much urge this honourable committee to consider that and to implement it in any recommendations that you make.

I agree with what both of my colleagues have said, but I would point out that even with the green paper, one of the things that we have to guard against is siloing these different areas. We have a whole-of-government approach to security, which I think is understandable, given the threats, but we still tend to think about this in a siloed way.

Our discussion today about this piece of legislation should lead you to thinking about the adequacy of review. That has been a scene that has come up again and again. Also, any new powers that may be given in the future to any department or agency of the federal government will be subject to this information sharing act, if it is not changed. I think the green paper is a good first start, but we need to encourage thinking about this in a holisitic way.

On the Bill C-22 question, I do regret the fact that, although it's a good idea to move ahead with a parliamentary committee, it's only part of the picture. We need to look at an executive watchdog review. We don't need to be looking for perfect legal language, because all legal language is going to be subject to interpretation, and as Professor Forcese has said, it's often interpretation that the public will not have access to. We need to think of a process solution to this issue. I think part of the process solution is to have a review structure that commands the confidence of Canadians.

I'll start, and then Kent can jump in.

The Wakeling case involved information shared by the RCMP to American authorities under what's known as part VI of the Criminal Code, which is the wiretapping provision. It was a lawfully gathered wiretap that complied with the charter, and that information was then transmitted to the United States. The Supreme Court concluded that even though the information was lawfully collected, it was still subject to charter privacy protections that had to govern the manner of information sharing.

In that case the RCMP, under part VI of the Criminal Code, was successful in defending the constitutionality of that information sharing, because there was enough architecture in part VI that defined who was going to receive the information and it imposed safeguards on how that information would be transmitted. The court along the way, incidentally, made a point of noting the Arar case as an example of where things can go awry in information sharing.

Now transpose the holding in that case to the context for CSIS under the CSIS Act and for the Communications Security Establishment under the National Defence Act. There is none of the architecture that rendered the Criminal Code constitutional. None of that architecture is found in the CSIS Act or the National Defence Act, and yet those two agencies, CSIS and CSE, are elemental bodies in information sharing for the purposes of supporting Five Eyes activities and others.

I think Professor Roach and I were surprised that the government didn't take the opportunity in either Bill C-51, or before that in Bill C-44, to introduce that architecture to put this vital information sharing on sounder constitutional footing.

Generally, SIRC has not had powers to implement its recommendations. It makes recommendations, and the minister responsible responds to them. This is part of the sometimes confused distinction between review and oversight.

I think that unless an exception is made because of privacy interests, probably the power probably ultimately has to reside with the minister.

Well, I think it depends on who you ask. SIRC of course has grown in terms of its budget and staffing in response to the new CSIS powers to do threat reduction and now CSIS's operations overseas. At the end of the day, any kind of review body is going to be a partial audit. You're not going to be able, in any given year, to audit all of the activities of a service, and that's by necessity. You are not going to be able to match the scale and scope of agency activities.

On the other hand, if you put in place a triage system within the review body to decide what you're going to audit this year and decided to take into account the legal issues and the constitutional issues that might be raised by this practice, its notoriety, and how new and novel it is, then I think that a reasonably well-resourced SIRC or super-SIRC would probably put a priority on information sharing when it came up in the cycle of auditing, because of the sensitivities around it.

The consequence, of course, is that they're not necessarily reviewing other things, so at the end of the day, any review body is going to engage in triage. When you ask about resourcing, it's how much triage you are willing to pay for. Historically I think that SIRC has been underfunded relative to the growth in CSIS since 9/11. It's starting to catch up now.

There is a discussion quite often about review versus oversight. There is some confusion about the terms, but in Canadian practice, oversight means command, control, and coordination. The oversight entity authorizes or has a role in authorizing activities.

Review is looking at the performance of the agency against standards. Typically it examines whether the conduct of the agency was legal and was in accordance with ministerial directives.

Review is after the fact, in the sense that you need agency action before you can review it, but review can be close to actual in the sense that the review doesn't necessarily have to be 20 years after the fact or a year after the fact or a month after the fact. My understanding from SIRC is that increasingly their review is more approximate in time to the actual operation, so it's still after the fact, but it's not that much after the fact.

The same thing should probably be true for the parliamentary committee under Bill C-22; that is, it is competent to do review. It does not do command and control oversight, and I think it would not be proper for that body to do command and control oversight. It does review, but I don't think it should fear doing review that's approximate in time to the actual operations, as long as it doesn't impede those operations.

Where this might become controversial is the extent to which the executive branch can deny the committee the information it requires to do this more timely review.