Information & Ethics Committee on Dec. 6th, 2016

Thank you.

First of all, thank you very much for the invitation. It's a pleasure to be before you.

I've had the opportunity to read the testimony from your previous witnesses and I hope not to repeat what others have said.

I want to contextualize my remarks and my evidence before you in the following way. Information is the lifeblood of all intelligence agencies. Without information, there's no intelligence. I'll repeat that: without information, there's no intelligence. In order to effectively have a proper security intelligence apparatus, you must have information.

In these times, you all know that we're swamped with information. Everywhere you go, there is information. The government collects an astounding amount of information on every one of you; on every aspect of each of your lives, the government has information. The ability to maintain all these bits and bytes of our lives poses a huge challenge for our society in the private sector and certainly for government in the public sector.

I can tell you that as commission counsel on the Air India public inquiry, I had a front-row seat to a failure of information sharing that had catastrophic consequences. When I led the evidence of the victims' family members in part 1 of our inquiry, as counsel—I do a lot of trial work and a lot of appeal work—it was amongst the most challenging evidence I've ever had to lead. The impact on those folks was real and remains so today. It remains tangible today.

Similarly, although not as commission counsel, I acted in one of the closed proceedings in the Arar matter. I was involved with some of the folks who did that. I can tell you that the failure to have a proper, regulated flow of information has had similarly catastrophic consequences for that person, but not only for Mr. Arar: it also has had catastrophic consequences for the agencies involved, and if the agencies come before you and say it didn't, I'm here to tell you that it did. No agency wants to be complicit in such a thing.

It becomes even more important now when we have a change in administration in the United States. The CIA is a vast organization that collects a tremendous amount of information and floods the intelligence community with information. If that agency begins to be more aggressive, what are our agencies going to do when the information floats into our data set? How are we going to vet it? How are we going to protect against it?

What I'm most interested in is trying to orient this committee, if I can, to take an approach to this legislation that is, for lack of a better phrase, a grown-up approach. This legislation is immature in a number of ways, and I want to underscore particularly this point. None of us wants the agencies that are charged with protecting us to be starved of important, necessary information. None of us wants that, but we all must also want a refined approach to information sharing that, in my respectful submission to you, more properly balances privacy with necessary information sharing. This legislation doesn't. You've heard from my colleagues, Professor Roach and Professor Forcese, and you've heard from the Privacy Commissioner. The evidence of all three of those folks I agree with entirely.

I want to underscore something about one of the problems with this piece of legislation. It is about a lack of accountability. I mean particularly this. As I said at the outset, lots of information is gathered on each and every one of you. Under this legislation, one of the problems is whether or not the phrase “activity that undermines the security of Canada” is constitutionally compliant. In other words, is it so vague that it would be a violation of section 7 of the Constitution?

Leaving aside esoteric notions of legal theory, the practical concern is that vagueness in that legislation is a gateway for bureaucrats to pass information. Also, it's deployed almost entirely by representatives of the executive branch, without any serious prospect that anyone outside the executive would know what's happening or how it's being applied.

For example, not one of you will know that information about you is passed from one of the 17 agencies to CSIS. You just won't know. You'll have no recourse. Even assuming that you had some information somehow, there is no place for you to go with it. There's no specialized review body. There's no court process. There's no way for you to hold the government to account.

I know we have limited time, but I want to conclude my opening remarks with this notion that I urge upon you with as much force as I can: fundamental to any democracy is the ability to hold government to account for its actions. That can mean in court, at the ballot box, at an administrative tribunal, or in a review or oversight body.

However, blind faith and trust in government is not a virtue. Blind faith in CSIS, the RCMP, and all of these other agencies is not a virtue.

Instead, each one of you must have at your disposal the ability to call government to account for its excesses. Given the ubiquitous nature of information and the extent to which it reveals our tastes, preferences, and inner thoughts and beliefs, any regime that authorizes the sharing of information must be refined to regulate sharing that is necessary to protect national security. All of this requires—in my respectful submission to you—more conservative definitions and a more conservative approach to protecting information and ensuring that information that's necessary is delivered to the agencies so that they can discharge their duties.

In closing, then, the relationship between the citizen, his or her information, and the various government agencies is something that needs to be recalibrated in this piece of legislation.

There are a number of different ways it can be done. You have heard from some witnesses who have indicated changes in definitions. Those are all useful. I appreciate, though, that it may be beyond the remit of this committee. The notion of an independent reviewer is necessary, as well, as part of the framework of oversight and review in the national security environment. A committee of parliamentarians also may be able to do some work in this area, depending on how that committee is structured and staffed.

Really, in this moment when we have such upheaval around the globe, when various intelligence agencies are forwarding information to our intelligence agency, and when information is being domestically being harvested, we cannot not take this opportunity to apply a rigorous standard. If we don't, sadly, what might happen are events like the two horrific events that have happened already: Arar for the agencies and for Mr. Arar, and Air India for all of those folks.

Those are the comments I wish to open with.

Again, I thank you very much for the opportunity to address you.

Thank you for the question.

I think the bill itself—or rather, the law now—was so fundamentally flawed that whatever redeeming qualities it might have had were outweighed by the flaws. I usually use this example. If I bought a house that had a crumbling foundation, I wouldn't throw a few coats of paint on and say, “Let's keep this.” I'd say, “Let's start again.”

Let's go through some of the essential elements of Bill C-51.

The CSIS provisions give CSIS secret disruption powers to essentially disrupt people's lives and take actions that could result in disasters, as Mr. Kapoor said. They are a non-starter in a democracy. Things could happen to people, and they would never have legal recourse. They happen in secret. They would never see the light of day.

In a criminal context, police get warrants and they do have secret wiretaps, but ultimately it sees the light of day. You have a day in court. That's essentially our system. When the state acts against you, you have the right to defend yourself. When CSIS acts against you under these disruption warrants, you will never know and you will never have the right to defend yourself. Whether you're guilty or innocent, you won't have a shot to defend yourself.

Let's talk about promoting and advocating terrorism. First of all, the definitions in there are loose to begin with. The Criminal Code already has always had counselling offences, so when you're involved in criminal activity and encouraging it, you can be caught.

The Anti-terrorism Act, 2001 introduced criminalized actions that were removed from action, such as facilitating terrorism or encouraging someone to start committing a terrorist act. I had critiques about that, but it was still close enough to the act. In criminal law, what you want is to criminalize the act. Terrorism is essentially violent acts. They want to kill someone, so let's say it's killing someone. If I facilitate you to do that by encouraging you, giving you money, talking to you, I can be caught there. As a democratic society, we want to capture the act or something close to the act. If we get far from the act, we're starting to stray from our criminal law and democratic principles and we're starting to criminalize speech. What I learned in law school is that you don't pass redundant laws.

In the Anti-terrorism Act, 2015 we already had facilitating, which is close to the act. Then this must be something further removed from that, so now we're getting very close to criminalizing speech. I'm not saying I support people who say things that encourage terrorism. Of course, we all condemn that, but we live in a society where we tolerate some of that offensive speech.

The Immigration and Refugee Protection Act amendments in Bill C-51 essentially rolled it back, and Mr. Kapoor can speak to this in more detail because he is a special advocate. The Charkaoui decision said that in the security certificate process, secret proceedings where a judge sat alone with a CSIS lawyer were essentially unconstitutional. They introduced special advocates to represent the interests of the named party on the security certificate. Bill C-51 essentially rolls that back. IRPA was amended to say that the special advocates don't have access to all the information. It kind of undoes what the Supreme Court has told us.

Those are three pieces of it.

Let's talk about the no-fly list. We can debate till the cows come home whether no-fly lists—

I'm happy to do that. I understood that Mr. Long asked me about scrapping Bill C-51, but I can stick to SCISA.

In SCISA, as I said, information sharing needs to happen. We see the extremes. We see Air India and Arar. We see both sides of it not working.

It needs to work, but as Mr. Kapoor said, it speaks of activities that undermine the security of Canada, and then it lists a number of things in the act, which I'm sure you've all seen, and that is not the list. It is an open-ended list, given content by bureaucrats across government. Those are just suggestions about what undermines the security of Canada; it could include other things.

Essentially, the definition is the heart of the bill. You start with a fundamentally flawed definition and then you start to share information. There are no controls on how that information is shared. The door is open for sharing with foreigners, and that could include Saudi Arabia, and now, with the Trump administration talking about torture, it could be there.

Then I'll point out to you section 9. Section 9 says that when someone shares information and it harms a Canadian or some person—but let's say a Canadian, as in the Arar case—they're immune from paying out compensation or being sued for it.

It's essentially a busted bill. What we need to do is say that information needs to be shared, that it needs to be reliable, that it needs to be in compliance with the charter and the rule of law, and we need to make sure that CSIS actually works with the RCMP to move intelligence into evidence and get real terrorists off the street. The CSIS amendments actually are counterproductive to that.

My reading of it is convoluted. I believe you've heard Kent Roach, and I concur with Kent and Craig Forcese in their testimony that it's a bit of a dog's breakfast. Nobody is entirely clear, because the act uses very general terms—“will comply with” laws unnamed.

Then you read the green paper. I don't want to quote it right now because I don't want to delay us, but essentially it says we can share information subject to any prohibitions in law without naming those laws.

The suggestion is that the Privacy Act is there to protect people's privacy. You read the green paper and find that it says the Privacy Act has a number of exceptions, and rightly so. One is lawful authority: the police can come.... Then the green paper says that SCISA is considered to be a lawful authority.

Essentially, the Privacy Act is nullified by that reading. If that's the legal interpretation that government lawyers and staff have of SCISA, then I'd say the Privacy Act protections are not there.

Is that to one of us or both?

Obviously we live in a globalized world on all sorts of levels, including intelligence and security, and the threats that are out there are obviously globalized threats. It is important that we have relationships, but I believe it is also important to keep in mind our values in how we interact with the Five Eyes allies.

Saudi Arabia is not a Five Eyes partner, but I've used Saudi Arabia or states like this as an example. SCISA says that activities that undermine the security of another state hit the radar here. Does that include Saudi Arabia? If we are talking about Raif Badawi or about trying to change the government in Saudi Arabia, does that get people here on the radar? That's problematic, but I'll leave it for a minute and go back to the Five Eyes.

We need to share with those allies. One real problem now is that Mr. Trump says that waterboarding is just the start, and that he will kill the families of people who are suspected terrorists. Essentially, he is negating U.S. obligations under domestic and international law. The U.S. is our biggest partner in terms of information sharing on national security. I would be worried about how we protect our values, which are to share but to comply with the charter, the Convention against Torture, and the rule of law, essentially. Canadians need to interact with the world, but we still need to be Canadian. We need to take our values with us. Those are important relationships, but we need to be careful about how we engage and what we share.

I'll give you Arar as a classic example where we were sloppy in our sharing, and that led to a problem.

That's my answer—we need to do it, but we also need to be very conscious of injecting our values, protocols, and protections into that interaction.

We have to be a robust part of the Five Eyes. Culturally, we are all connected. Broadly speaking, we have the same sort of democratic structures and geopolitical positioning. I think the Five Eyes is a crucial alliance—if I can call it that—and we have to be a player in it.

I think you asked whether it was a good thing. I think it's a good thing.