Public Safety Committee on Oct. 21st, 2016

That also raises the issue of losing control over what other states do with the information that we share with them, as we saw in the Arar case.

Yes, we're maintaining a strong partnership with the United States in doing so, but we also risk having that information misused once an individual has been cleared, and having no control over other states taking the same approach and accepting the clearance we've put forward.

This brings us a little to what we were talking about with encryption before. In terms of the need, one of the things that is important to remember is that encrypted information is only useful if it's in an unencrypted form. When information is in that encrypted form, it's inaccessible to law enforcement, but it's also useless to its user. Everybody has to unencrypt the information at some point.

We've seen law enforcement in the U.S. target the information when it's in that unencrypted space, as opposed to trying to crack the encryption. I guess that's a little bit roundabout, because you were speaking about police powers generally, but as to whether or not that need has been specifically demonstrated, again, I stand by the idea that intelligence agencies have a bigger tool kit than they ever had before. I think the Internet has vastly expanded their capability to monitor what people are doing, and I think the capabilities of targets have been enhanced as well, but not at the same rate.

I think our intelligence agencies are more powerful than they were 10 to 30 years ago, and I don't necessarily know that the need has advanced beyond that.

I was wondering if you could be a little more specific about part one of your question.

The short answer is yes, absolutely. The government needs to demonstrate that any action taken is reasonable and proportionate, particularly when it results in an infringement on charter rights. It must also demonstrate that the impact of more intrusive measures will result in a higher level of security.

One point I'd like to make is that there is another reason that information sharing, even with our close allies, is very problematic. My view is that these allies are not accountable to our voters, unlike our politicians here, who represent the best interests of Canadians. That is one issue.

Second, I do believe that any increase in government powers to investigate and act needs to have commensurate legal protections in place. These protections include review bodies, as well as mechanisms where individuals who are either innocent or who have faced disproportionate consequences can seek a remedy, as is required under international human rights law.

I'll just briefly add to that.

Yes, I completely agree with the statement about the privacy aspect. There's a global trend of countries tending to offer some privacy protection to just their own people. The U.S. is a really obvious example. There are some privacy protections that it offers to its people, and it offers virtually none to foreigners. This is particularly troubling when you think about intelligence-sharing arrangements. If Canada can spy on the British and on Americans, and the U.S. can spy on the British and on Canadians, and the U.K. can spy on Canadians and on Americans, and everybody's sharing information, then these sort of protections don't necessarily kick in. It kind of becomes a free-for-all.

There is one more thing I'll mention very briefly, because it's not my particular area of expertise. I referenced Roach and Forcese earlier in this meeting. I want to mention what they said about the problem of silent oversight, particularly when you have a large degree of inter-agency co-operation. If a particular oversight body is only looking at its agency and not potentially seeing the broader picture of what's going on, that can present a challenge.

You're absolutely right that a lot of our advocacy—and I'll mention this at the outset—has been on access to information within Canada. That's been our focus, but as an organization, CLD works on foundational rights for democracy. We do quite a lot of work on freedom of expression, and digital security has been part of that. Privacy is increasingly part of that, as well, and yesterday I was at the parliamentary committee on the Privacy Act reform in order to talk about that issue. It does tie into this when you talk about things like data minimization and carrying out privacy impact assessments as part of standard government operations, and a requirement that government agencies should only collect and store information if there is a necessity that you can point to for doing that.

I'm not sure about commenting more broadly about what we should be thinking about with regard to how to frame the discussion about digital security.

Yes, absolutely. My expertise is in law rather than the technical side, but that is what you'll hear from the tech people.

The cyberbullying question is an interesting one. It's an area in which we've been engaged here in Nova Scotia. As I'm sure you are aware, we had the Cyber-safety Act here, and then that was struck down, and now they're considering different solutions.

Generally speaking, the problem we had with the cyberbullying law is that it was too broadly defined. It's a similar problem to what you find here. It's a cardinal principle of freedom of expression that any restrictions on speech need to be as carefully defined as possible, first of all to avoid any potential chilling effect, so that people have a clear idea of what they can do, but more than that, to ensure that they are catered to the necessity of the restriction. It's a cardinal principle, and it is in Canadian constitutional law, as well as internationally, that restrictions need to be carefully tailored so that they don't infringe on the right more than is necessary.