Evidence of meeting #39 for Access to Information, Privacy and Ethics in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was agencies.
A recording is available from Parliament.
12:40 p.m.
Barrister, Kapoor Barristers
I would say that in a criminal investigation, you can't make a request. You have to....
12:40 p.m.
Liberal
12:40 p.m.
Conservative
12:40 p.m.
NDP
Daniel Blaikie NDP Elmwood—Transcona, MB
Thank you.
We know that information sharing occurred prior to SCISA. If you were to scrap this and start again, what do you think is in SCISA that would be important and should be preserved, and what do you think are some of the things...?
In the opening presentation there were some allusions to the fact that certain kinds of important information-sharing needs aren't addressed by SCISA. What would you keep, and what do you think isn't there that should be there?
12:40 p.m.
Member, Legal Advocacy Committee, Canadian Muslim Lawyers Association
When we look at Air India, we see that information wasn't shared, so I think we maybe need to look at new legislation—I mean, it's not in here—and some requirement for the agencies to work together.
Mr. Kapoor has indicated they're doing that, but that's the type of thing we need in an information-sharing law. We need to look at encouraging that information sharing where it's necessary and within the bounds of what we're talking about. It's not about harvesting a lot of information, but about keeping it very focused to the information we need that's related to national security issues.
Then I think information-sharing legislation should look at the principles that we talked about related to the thresholds. That should be laid out in law. Possibly the idea of a stickhandler in government should also be looked at. Those roles need to be laid out.
I think there is a role for law in setting up the architecture. You don't want to just have it happening out there, because if it doesn't happen properly, you'll have a problem, or if it happens in the wrong way, you'll have a problem on the other side, as we've seen with the two inquiries. A good role for law on information sharing is to set up that architecture—to set out the rules and the thresholds, and what the mandates of the agencies are.
To follow up on Mr. Erskine-Smith's point, who's overseeing this? I'm worried that interim measures may become permanent measures, and we'll say we have something. If you can recommend pushing towards coherent controls and review, that would be my suggestion.
I don't think there's much in here that I'd keep. I'd say you could use this as a basis to redraft. As I said, there are a lot of fundamental flaws, starting with the definition.
12:45 p.m.
Barrister, Kapoor Barristers
I think the concept of having regulation of information sharing is a good one. You've heard various criticisms about this particular act, but the idea of identifying agencies that are delivering information and identifying each of the recipient agencies is a good thing.
I would have a slightly different list. We said in Air India that we thought that a national security adviser is important not only for investigations that are both CSIS and RCMP investigations, but a national security adviser could also direct traffic on information. We had a section in there on how that content can be privileged so that it doesn't necessarily end up in a court case. Having a robust national security adviser goes some way of directing the traffic, not only in terms of investigations but also in terms of information sharing. There just doesn't seem to be an appetite for that on the part of the agencies.
12:45 p.m.
Conservative
The Chair Conservative Blaine Calkins
Thank you very much.
Colleagues, that brings us to the end of the official round of questioning. We have a few minutes left. The conversation is excellent today. Mr. Bratina has indicated, as a parliamentarian who has yet to be able to ask questions, his willingness to do so. If it's okay with committee members, I have several questions I'd like to ask as well, so we'll do that.
Go ahead, Mr. Bratina.
12:45 p.m.
Liberal
Bob Bratina Liberal Hamilton East—Stoney Creek, ON
Thank you.
Often structures begin innocuously enough and then grow. I've seen this at other levels of government: somebody is supposed to build a trail, but they end up running the whole waterfront. Is there anything that concerns you in terms of SCISA growing into something more than it is in terms of its operations?
12:45 p.m.
Member, Legal Advocacy Committee, Canadian Muslim Lawyers Association
This goes to the root of my concern. The target of information that would reach the threshold is so broad that it's not even broad: it's open-ended. It's already set up to become something quite amorphous.
At the lowest level, it could just be that they'll harvest all sorts of information and they won't know what to do with it. The worst-case scenario, as I've pointed out a couple of times, is that either we miss a terrorist or a national security threat because there's so much information there, or else that we make mistakes and share collected information and mined data abroad and create a disaster for individual Canadians.
If I were rewriting this, I would just start again. It's a short bill, so you just start again. As I answered to Mr. Blaikie, you'd lay out those principles. You'd start with a very tight definition. I believe Mr. Erskine-Smith mentioned the section 2 definition in the CSIS Act; I think that's a good start, because if this is a national security information sharing bill, let's tie it to national threats to the security of Canada. That's the remit of CSIS, and that's a pretty broad definition in itself. That brings us to a nice tight definition, and then of course there's laying out the protocols and safety measures. I think that would do it. That would regularize and give us some coherence in national security information sharing.
As well, though it's not for a bill, a lot of work needs to go into making the agencies work together in a coherent way and into improving that review over time.
12:45 p.m.
Liberal
Bob Bratina Liberal Hamilton East—Stoney Creek, ON
In your submission, you stated that Canadian Muslims will be disproportionately affected. Could you just expand on that comment?
12:45 p.m.
Member, Legal Advocacy Committee, Canadian Muslim Lawyers Association
I believe Commissioner O'Connor mentioned in his report that given the threats out there in the geopolitics of the world, obviously Muslims are implicated. That's not the right word, but you know what I mean. They're possibly seen as threats or whatnot, and because Muslims are on the radar, that can lead to problems. Though the national security bills are drafted neutrally and nowhere say “Muslim” or “Arab”, that's the fight we have right now in the world with terrorism. In that context, likely a lot of national security resources are going to be focused on that. We can debate whether that's right or wrong, but that's what's going to happen, and inevitably, because the security agencies are going to be looking at those communities, there's a risk that the mistakes will impact those communities disproportionately.
12:50 p.m.
Conservative
The Chair Conservative Blaine Calkins
Thank you, Mr. Bratina.
This is one of my favourite days at this committee so far. This has been an excellent conversation.
Mr. Kapoor, I have a question for you. Mr. Mia, feel free to join in at any point.
As somebody whose background is in IT, I make an important distinction in my mind between data and information. We seem to have used the words “data” and “information” interchangeably at this particular committee, so I would like to get a distinction from either of you on the difference between data and information.
12:50 p.m.
Barrister, Kapoor Barristers
Data, as you know, can be very significant, particularly metadata, which is a lot of what our service harvests these days, and a lot of agencies are trading in it. There's a big debate right now about its usefulness and its probativeness in criminal trials, for example, and whether it can be obtained without warrant. There's a whole big debate on this question, as you know.
From my perspective, it's all about content that's important for national security, so if you're sitting on a data point and you've satisfied yourself that it's necessary for the service to have it for their remit, then I think the act is engaged and the content can be passed.
From my perspective, it's about national security content, if I can put it that way, which would cover both data and information.
12:50 p.m.
Member, Legal Advocacy Committee, Canadian Muslim Lawyers Association
I concur with that. I agree that data per se, or data points—metadata and those sorts of things—can appear innocuous in some ways, but again it's the data mining. Because of the—
12:50 p.m.
Conservative
The Chair Conservative Blaine Calkins
I understand. You have to have data to run analytics on in order to synthesize information.
12:50 p.m.
Member, Legal Advocacy Committee, Canadian Muslim Lawyers Association
Exactly, and we certainly need to do that. I'm not suggesting in any way that our security agencies should not be doing that, because that's a useful way to identify threats and see patterns of criminality, but it's how we do it and how much information we're pulling.
You're an IT person. Humans still are the programmers, so whatever algorithms we design and run are not perfect, because humans are running that AI. We should be cognizant of the fact that those computer programs can make mistakes, and that's where I see the data.
12:50 p.m.
Conservative
The Chair Conservative Blaine Calkins
That's interesting. Computers never make mistakes. They will calculate the same answer every single time in exactly same way. The only errors that are ever made are human errors in the programming of that computer.
The reason I'm asking this is that when it comes to the analysis of data and as we look at the review of this legislation, I would suggest that actually it's more than information. It's not information that's being passed, but data, so I don't know if the act is actually properly named. That's a moot point.
However, if I were an analyst working on a large set of data—we can call it metadata or we can call it whatever we want—it will come in all shapes and forms. It will be shared in different varieties and different formats and different platforms, depending on the agency that shares that information, depending on whether it's domestically sourced or whether it's internationally sourced, and I would want as much data as I possibly could to run analytics on. Do you believe that we should be limiting ourselves to the amount of data that we actually have? There's a good discussion here at the table.
I'll give you an analogy. I'm a fisherman as well. Why would you want to limit me to fishing in a certain corner of the lake? Wouldn't you rather just change the nature of the hook that I use and allow me to fish everywhere?
12:50 p.m.
Barrister, Kapoor Barristers
I guess what you're asking is whether or not the standard should be more forgiving of sharing information—I'm using “information” to include data—or less forgiving of sharing. Again, it comes back to a question of balance.
From my perspective, if this is a national security piece of legislation, which I gather it is, we ought to marry up the definitions for the national security agency. They ought to be harmonized and rationalized to the service mandate. As for whether it should be based on necessity or relevancy, the service should only share it if it's necessary and should only use it if it's necessary. The service should have a necessity requirement built in. So too should the agencies that are sending information.
12:55 p.m.
Conservative
The Chair Conservative Blaine Calkins
That's the hook that I would argue for, and we should be able to cast the widest net we possibly can.
12:55 p.m.
Conservative
12:55 p.m.
Conservative
The Chair Conservative Blaine Calkins
There's been a bit of a discussion too, and a disagreement between the two of you, insofar as the retention of data is concerned.
Mr. Kapoor, I would agree more with your particular perspective.
Mr. Mia, my question is more for you in relation to the examples that you brought up about Mr. Arar. Perhaps there may be others, and I'm going to defer to your expertise on this point.
We've already had the conversation about analytics and the results of human error when it comes to programming that might result in sloppiness and we've talked about the vastness of information that led to a false positive. If we didn't keep the data on which the poorly programmed analytics were run, how would we exonerate a person if the data were no longer there to run the correct analytics on?
12:55 p.m.
Member, Legal Advocacy Committee, Canadian Muslim Lawyers Association
Fair point. It's probably different in degree rather than in kind. Mr. Kapoor, you can jump in.
I don't want to use the word “relevant”, because we're debating that, but it was information that was properly within the remit of those agencies. I have no problem with agencies keeping information properly relevant to the investigations and their work.
In the case of large-scale harvesting of information, such as checking passenger manifests from every flight against no-fly lists, presumably that does not need to be kept. We don't need the travel patterns of every Canadian. Arguably somebody could make a case that three years down the road we will see Joe Smith on our radar, and we'll want to check all of his travel patterns in the past. What I'm really concerned about is that we're getting into a pre-crime society. Now we're keeping data on everything that someone does against the possibility that Mr. Bratina may do something in the future, so we can check if in the past he's crossed the line.
I'm just using you as an example. You're the first person I saw.
